From coderman at gmail.com Wed Jan 1 03:05:26 2014 From: coderman at gmail.com (coderman) Date: Wed, 1 Jan 2014 03:05:26 -0800 Subject: Fwd: [liberationtech] Commotion Wireless source code & downloads In-Reply-To: <5bb8629df4f9bbe7127fa68a29e6d270@cryptolab.net> References: <5bb8629df4f9bbe7127fa68a29e6d270@cryptolab.net> Message-ID: ---------- Forwarded message ---------- From: Griffin Boyce Date: Tue, Dec 31, 2013 at 8:54 PM Subject: Commotion Wireless source code & downloads Hi all, Just wanted to shoot a couple of links to the source code for Commotion, since there seemed to be some confusion. The project is kind of huge ^_^;; Source for all packages on github: https://github.com/opentechinstitute Pre-built router images: https://commotionwireless.net/download/routers NOTE: signing key for images is: 0x55A525F8EFE57820BA2A40F7D3F54B1ED01D01F1 Base repo for routers: https://github.com/opentechinstitute/commotion-router (as part of the build process, it pulls in numerous other repos, so be sure to check the make files if you want to hack on it) Android apk: https://commotionwireless.net/download/android Commotion Linux (developer release): https://github.com/opentechinstitute/commotion-linux-py Documentation: https://commotionwireless.net/docs/cck (It's also on github and we accept patches!) https://github.com/opentechinstitute/commotion-docs/ This project is really important to all of us, so if there's a dead link or you find a bug, or you think usability could be improved in some way, or the documentation doesn't cover you -- LET US KNOW! We're all really friendly and are always happy to accept patches or rewrite instructions if that's what's needed. best, Griffin Boyce (Happy New Year!) From coderman at gmail.com Wed Jan 1 03:40:04 2014 From: coderman at gmail.com (coderman) Date: Wed, 1 Jan 2014 03:40:04 -0800 Subject: QUANTUMINSERT "wide stack" covert network communication In-Reply-To: References: Message-ID: it looks like this is called QFIRE / MIDDLEMAN (CovNet?) http://cryptome.org/2013/12/nsa-qfire.pdf of particular note you'll see that this unclassified (high risk side) TAO Covert Network is accessed within a NSA SCIF via a "highly constrained" *cough* VMWare ESX server instance (ala NetTop for back-end) which is then colocated at bare metal and/or directly guest bridged to the SCSnet / NSAnet / *secret networks. . . . one day i'll have more to say about this! (i encourage the leakers to beat me to it ;) --end-top-post-- On Tue, Nov 26, 2013 at 9:03 PM, coderman wrote: > in the discussion regarding well positioned injection points on the > backbone (QUANTUMINSERT) i have not yet seen discussion of using these > well positioned injection points for covert network connections. > > consider that you are eavesdropping on return path for a given > un-used, high address space of a third party (a lot of that 15.0.0.0/8 > is idle :) > > consider that you can inject arbitrary packets into the egress for > same net block (even if upstream, still sufficient to match route). > > you can now establish a covert TCP connection appearing to come from > the high space of 15.0.0.0/8, of which HP only sees the returning > (encrypted) martians. (and this assumes they're even watching!) > > this "wide stack" approach provides cover via multitudes of idle > address spaces of third parties, while the actual communicators are > hidden. > > > > anxiously awaiting the details on how this is used... > > *sacrifices chickens to the "Snowden Release Gatekeepers" (TM)* From coderman at gmail.com Wed Jan 1 03:55:27 2014 From: coderman at gmail.com (coderman) Date: Wed, 1 Jan 2014 03:55:27 -0800 Subject: peertech.org cert [was: DEF CON cell network attacks] In-Reply-To: References: Message-ID: fore notice: moving to infrastructure++ in few weeks. this will also involve new certs. also presents an opportunity for an SSL revocation experiment. see attached: https://peertech.org/dist/peertech-jan1-announce.txt On Mon, Dec 2, 2013 at 5:56 PM, coderman wrote: > ... > only 443 should be considered valid - that is, > try https://peertech.org first, plain-text must die. -------------- next part -------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 site resolution for 2014: move to better infrastructure! peertech.org will be rekeying SSL during the server move. this is expected to complete later in January 2012. ... stay tuned, -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iL4EAREKAGYFAlLD/PFfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldDQxQzEyQjhDMzA3RDdFMjE5OEFBNTc4MTY1 QTg0N0U3QzJCOTM4MEMACgkQZahH58K5OAzlmAEApFzU8s5zAByp9OEaoGQwqng4 Y8U9n6Tr2kTGCK8R9rIA+wej+fpQ9pxq+9OZsKvL427V45RtXs/7WtU8CUCv1nJ7 =gt1Y -----END PGP SIGNATURE----- From jya at pipeline.com Wed Jan 1 05:37:16 2014 From: jya at pipeline.com (John Young) Date: Wed, 01 Jan 2014 08:37:16 -0500 Subject: [cryptography] To Protect and Infect Slides In-Reply-To: References: <4dcbb04f7c2c485eb43d18e222b0f9a8@cryptolab.net> <20131231051456.GC25536@order.stressinduktion.org> <52C3257D.6000707@appelbaum.net> <52C40252.1040506@net.in.tum.de> Message-ID: Jake's, Assange's and others' emphasis at 30c3 was to pursue technological offenses rather than futile expectation of political, financial and legal controls of spying which inevitably confirm what spies do, for it is in their interest to support spyin and secrecy to maintain hegemonic, heirarchial institutions under "the rule of law." Reminder, at the origin of cypherpunks there was a crackdown on encryption as a munitions. That skirmish was thought to have been won. Now Snowden has revealed that victory was a delusion, the real one-sided battle was fought surreptiously in secret, not only by contaminating crypto but by development of bypasses, implants, backdoors, booby traps, ruses, scams, bribes, dual-hatted contracts with crypto-hackers. Can an openly avowed combat on the technologies of political control (1) work or will it be demonized, fought by secret underhanded means? Public debate deployed as a ruse in the 1990s as now. (1) An Appraisal of the Technologies of Political Control http://cryptome.org/stoa-atpc.htm This combat is about far more than crypto and coders must be supplemented with all the discplines of science and technology which are now serving industry and the "lawful" hegemons. 30c3 advocated a direct attack on these means, not wait for the public debate to be rigged in favor of the hegemon with PR, propaganda, lobbying, bribery, contracts, scare stories, terrifying incidents, the customary dirty fighting and tricks of spies and "defense" industry. Is that technological attack on the political, financial, legal hegemon likely to succeed? Or will the crackdown on armed (technological) dissent become as violent as it has in the past? There is a likelihood encryption will be restricted, by fiat, by planting weaknesses, by covert attacks, by technological bypasses, by rigged failures to create doubt of effectiveness. That was the way CryptoAG operation was run. Now the RSA ploy is operative. Is the effect of Snowden to be a series of ploys and ruses. Worse, hop on board the paranoia train, is Snowden a disinfo op for leaking gobs of ruses? Musings: A singular feature of hegemons is that they are dominated by "self-regulating organizations" which set the terms and conditions of the ruling entity, assure enforcement of the rules, and perpetuate themselves under "self-regulation." These are successors of royalty which instead of divine right, backed by military power, they invoke the "Constitution," a law which distinctively empowers "lawful" behavior according to the rules of the hegemon. No wonder the US promotes constitutional government around the planet, backed by military power, most often by denigrating other forms of government. A striking parallel is the rise of the clerics in Europe as an alternative to religious hegemons. From clerics came lawyerly self-regulating hegemons. A new religion hidden within supremacist judges' black robes. Enough of lawful self-regulation in secrecy, unpunishable by lawful means. Justice is out of control, prison populations stuffed, bloated law enforcement and spies raiding the public till, private spies, cops and mercenaries worse than the official, or indistinguishable. Back to the military which backs the hegemons. Technology controls its effectiveness, thus the need for the hegemons to control manufacture, distribution, ownership and application of military means. Concentration of wealth through government regulation, economic and tax policy, and military supremacy reifies special privileges and exculpations for the enforcers of law. Law->taxation->enforcement->informants->spying-> assassination->military action. From carimachet at gmail.com Wed Jan 1 00:58:18 2014 From: carimachet at gmail.com (Cari Machet) Date: Wed, 1 Jan 2014 09:58:18 +0100 Subject: Jim Bell comes to Cypherpunks? In-Reply-To: <1388522481.31937.YahooMailNeo@web141205.mail.bf1.yahoo.com> References: <1388522481.31937.YahooMailNeo@web141205.mail.bf1.yahoo.com> Message-ID: <8A4C733F-F4DC-4F46-95D4-8840F9AC69F0@gmail.com> I am sure eff can help you out I will connect with them and ask - till soon then Sent from my iPhone On 31.12.2013, at 21:41, Jim Bell wrote: > Since the issue was just raised about me needing a PGP key (presumably, for now, just for signing purposes), it occurred to me that the best way to get that key signed would be for me to attend a meeting of Cypherpunks. Since many such meetings occur in the Bay Area (San Francisco and environs) I could come from Vancouver Washington (Just across the Columbia river from Portland) and attend an upcoming Cypherpunks meeting. What I'd appreciate would be a local who could provide transportation (I don't do 'credit card' and they probably wouldn't rent a car to me if I did!), and possibly a place to stay for 2-3 days. Does this sound like a plan? I could bring my BOP (Bureau of Prisons) ID, smuggled out when I was released, and auction it off for bitcoins, to pay for my expenses. (It's sure to be a collector's item someday!) > Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1630 bytes Desc: not available URL: From carimachet at gmail.com Wed Jan 1 01:04:36 2014 From: carimachet at gmail.com (Cari Machet) Date: Wed, 1 Jan 2014 10:04:36 +0100 Subject: Jacob Appelbaum in Germany In-Reply-To: <1388519945.16721.YahooMailNeo@web141206.mail.bf1.yahoo.com> References: <1388445314.96784.YahooMailNeo@web141204.mail.bf1.yahoo.com> <1388473744.13334.YahooMailNeo@web141206.mail.bf1.yahoo.com> <006601cf063d$0d4e9820$27ebc860$@net> <1388519945.16721.YahooMailNeo@web141206.mail.bf1.yahoo.com> Message-ID: <06329459-63DA-45EC-A826-86EA140B65E6@gmail.com> I sincerely wish you could have helped aaron it is all beyond sad and though some of his projects are being carried out i think we have to do more - Yes I am aware you are an alumni - do u have connections with other alumni ? We think the alumni are a pressure point they cld not ignore Will connect with you further as the project progresses Thanks very very much Sent from my iPhone On 31.12.2013, at 20:59, Jim Bell wrote: > I am an alum of MIT (Class of 1980; Chemistry). I've just read the Wikipedia article on Aaron Swartz, and I am very sympathetic to him. I wish I'd been aware of his situation while he was alive; I might have been able to help, and would have tried to do so. > Jim Bell > > > From: Cari Machet > To: Silent1 > Cc: cpunks > Sent: Tuesday, December 31, 2013 8:03 AM > Subject: Re: Jacob Appelbaum in Germany > > dear sir > > we are reaching out to MIT alumni to make a public call of outrage re > among other things the aaron swartz treatment by MIT would u b willing > to b included? > > specifically we would b asking for shifts in functionality not just > complaining to the bricks > > THANKS > > On 12/31/13, Silent1 wrote: > > Ahh, Dogecoin, didn't an online wallet service of theirs get hacked last > > week and completely cleaned out of hundreds of thousands of coins? > > > > -----Original Message----- > > From: cypherpunks [mailto:cypherpunks-bounces at cpunks.org] On Behalf Of > > coderman > > Sent: Tuesday, December 31, 2013 8:51 AM > > To: Griffin Boyce > > Cc: cpunks > > Subject: Re: Jacob Appelbaum in Germany > > > > On Tue, Dec 31, 2013 at 12:32 AM, Griffin Boyce > > wrote: > >>... > >> I prefer my shared hallucinations to be in the form of Lindens [1], ... > > > > > > i'll let you cypherpunks in on a secret financial tip: > > the smart money banks in dogecoin: http://dogecoin.com/ > > > > > > > > -- > Cari Machet > NYC 646-436-7795 > carimachet at gmail.com > AIM carismachet > Skype carimachet - 646-652-6434 > Syria +963-099 277 3243 > Amman +962 077 636 9407 > Berlin +49 152 11779219 > Twitter: @carimachet > > Ruh-roh, this is now necessary: This email is intended only for the > addressee(s) and may contain confidential information. If you are not the > intended recipient, you are hereby notified that any use of this > information, dissemination, distribution, or copying of this email without > permission is strictly prohibited. > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5482 bytes Desc: not available URL: From seanl at literati.org Wed Jan 1 10:11:23 2014 From: seanl at literati.org (Sean Lynch) Date: Wed, 1 Jan 2014 10:11:23 -0800 Subject: Replacing corporate search engines with anonymous/decentralized search In-Reply-To: References: <1388305027.11664.55.camel@debian> <20131231124259.GB7003@ctrlc.hu> Message-ID: On Tue, Dec 31, 2013 at 6:37 AM, Lodewijk andré de la porte wrote: > I'd like to ask people to wonder what Search Engines really do for us. > Where is the catalog? Where is the cultivated list of good resources? > Well, in Google's case, the list is curated by those doing the linking, but Google is trading richness of metadata for coverage. > > Do search engines provide the same level of guidance to its users that a > written overview can? > No, but they cover far more of the Web than a manually curated index ever could. They can answer questions like "what was that article I read last week on this topic?" and "what other pictures exist of this person?" Nobody's going to be writing written summaries of every single news article and blog post. > Why don't we create a distributed website catalog? It's harder, as > anti-spam is the core feature. But competing with Google seems rather > foolhardy at the moment. > I think this is a good idea. Spam can be handled by just signing all the pages and having signed white and blacklists to create a web of trust/distrust. Proof-of-work could be used when creating new signing identities in order to make the blacklists useful. > Maybe the word catalog isn't right, catalogs are too static and not > discovery targeted at all. > I imagine something as simple as StumbleUpon, just "I like/dislike this", perhaps with tags. One could add a signed inverted index as well to facilitate searching by phrase. > Maybe a Yahoo! answers type of tagging/cataloging would work rather well. > > Anyway: think about it guys! I'm sure there's a better way than "this > keyword is also in this page which links to other good pages"! > Been thinking about it for a while ;-) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3041 bytes Desc: not available URL: From jamesdbell8 at yahoo.com Wed Jan 1 12:28:01 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Wed, 1 Jan 2014 12:28:01 -0800 (PST) Subject: Jacob Appelbaum in Germany In-Reply-To: <06329459-63DA-45EC-A826-86EA140B65E6@gmail.com> References: <1388445314.96784.YahooMailNeo@web141204.mail.bf1.yahoo.com> <1388473744.13334.YahooMailNeo@web141206.mail.bf1.yahoo.com> <006601cf063d$0d4e9820$27ebc860$@net> <1388519945.16721.YahooMailNeo@web141206.mail.bf1.yahoo.com> <06329459-63DA-45EC-A826-86EA140B65E6@gmail.com> Message-ID: <1388608081.23446.YahooMailNeo@web141206.mail.bf1.yahoo.com> No, I'm sorry, I have no links with other MIT alums. One big misunderstanding that would have been able to clear up with aaron swartz had I been aware of his situation, that I hope other readers will now learn, is the issue of how much time he (or other federal defendants) would have faced if convicted.  Federal criminal laws generally include with them a statement of the maximum punishment that can be applied:  They are generally even numbers, such as "5 years", "10 years", "15 years" or so.  However, such statements are basically archaic:  In 1987, the laws were changed (prisoners called it "new law") to calculate sentences based on the defendant's criminal history, the severity of the crime, and other facts.   See   http://en.wikipedia.org/wiki/United_States_Federal_Sentencing_Guidelines      The following sentencing table is part of that Wikipedia article.  I assume that Aaron Swartz would have had a "zero" "criminal history", in other words the Column labelled "I" (0 or 1) would have been used.  An offense level up to 8 would have specified a sentence between 0 and 6 months.   I would have to look up the specific charges to see what he faced, but I strongly doubt that he would have been sentenced to over 2 years, and probably under 1 year.         Jim Bell ================quote from Wikipedia begins================ Sentencing table The sentencing table is an integral part of the U.S. Sentencing Guidelines.[24] The Offense Level (1-43) forms the vertical axis of the Sentencing Table. The Criminal History Category (I-VI) forms the horizontal axis of the Table. The intersection of the Offense Level and Criminal History Category displays the Guideline Range in months of imprisonment. "Life" means life imprisonment. For example, the guideline range applicable to a defendant with an Offense Level of 15 and a Criminal History Category of III is 24–30 months of imprisonment. Sentencing Table (effective Nov. 2012) (showing months of imprisonment)[25][26] Offense  Level ↓  Criminal History Category (Criminal History Points) I (0 or 1) II (2 or 3) III (4,5,6) IV (7,8,9) V (10,11,12) VI (13+) Zone A 10-6 0-6 0-6 0-6 0-6 0-6 20-6 0-6 0-6 0-6 0-6 1-7 30-6 0-6 0-6 0-6 2-8 3-9 40-6 0-6 0-6 2-8 4-10 6-12 50-6 0-6 1-7 4-10 6-12 9-15 60-6 1-7 2-8 6-12 9-15 12-18 70-6 2-8 4-10 8-14 12-18 15-21 80-6 4-10 6-12 10-16 15-21 18-24 Zone B 94-10 6-12 8-14 12-18 18-24 21-27 106-12 8-14 10-16 15-21 21-27 24-30 118-14 10-16 12-18 18-24 24-30 27-33 Zone C 1210-16 12-18 15-21 21-27 27-33 30-37 1312-18 15-21 18-24 24-30 30-37 33-41 Zone D 1415-21 18-24 21-27 27-33 33-41 37-46 1518-24 21-27 24-30 30-37 37-46 41-51 1621-27 24-30 27-33 33-41 41-51 46-57 1724-30 27-33 30-37 37-46 46-57 51-63 1827-33 30-37 33-41 41-51 51-63 57-71 1930-37 33-41 37-46 46-57 57-71 63-78 2033-41 37-46 41-51 51-63 63-78 70-87 2137-46 41-51 46-57 57-71 70-87 77-96 2241-51 46-57 51-63 63-78 77-96 84-105 2346-57 51-63 57-71 70-87 84-105 92-115 2451-63 57-71 63-78 77-96 92-115 100-125 2557-71 63-78 70-87 84-105 100-125 110-137 2663-78 70-87 78-97 92-115 110-137 120-150 2770-87 78-97 87-108 100-125 120-150 130-162 2878-97 87-108 97-121 110-137 130-162 140-175 2987-108 97-121 108-135 121-151 140-175 151-188 3097-121 108-135 121-151 135-168 151-188 168-210 31108-135 121-151 135-168 151-188 168-210 188-235 32121-151 135-168 151-188 168-210 188-235 210-262 33135-168 151-188 168-210 188-235 210-262 235-293 34151-188 168-210 188-235 210-262 235-293 262-327 35168-210 188-235 210-262 235-293 262-327 292-365 36188-235 210-262 235-293 262-327 292-365 324-405 37210-262 235-293 262-327 292-365 324-405 360-life 38235-293 262-327 292-365 324-405 360-life 360-life 39262-327 292-365 324-405 360-life 360-life 360-life 40292-365 324-405 360-life 360-life 360-life 360-life 41324-405 360-life 360-life 360-life 360-life 360-life 42360-life 360-life 360-life 360-life 360-life 360-life 43life life life life life life   ________________________________ From: Cari Machet To: Jim Bell Cc: "cypherpunks at cpunks.org" ; "lists at silent1.net" Sent: Wednesday, January 1, 2014 1:04 AM Subject: Re: Jacob Appelbaum in Germany I sincerely wish you could have helped aaron it is all beyond sad and though some of his projects are being carried out i think we have to do more - Yes I am aware you are an alumni - do u have connections with other alumni ? We think the alumni are a pressure point they cld not ignore  Will connect with you further as the project progresses  Thanks very very much  Sent from my iPhone On 31.12.2013, at 20:59, Jim Bell wrote: I am an alum of MIT (Class of 1980; Chemistry).  I've just read the Wikipedia article on Aaron Swartz, and I am very sympathetic to him.   I wish I'd been aware of his situation while he was alive; I might have been able to help, and would have tried to do so. >          Jim Bell > > > > > > >________________________________ > From: Cari Machet >To: Silent1 >Cc: cpunks >Sent: Tuesday, December 31, 2013 8:03 AM >Subject: Re: Jacob Appelbaum in Germany > > >dear sir > >we are reaching out to MIT alumni to make a public call of outrage re >among other things the aaron swartz treatment by MIT would u b willing >to b included? > >specifically we would b asking for shifts in functionality not just >complaining to the bricks > >THANKS > > >On 12/31/13, Silent1 wrote: >> Ahh, Dogecoin, didn't an online wallet service of theirs get hacked last >> week and completely cleaned out of hundreds of thousands of coins? >> >> -----Original Message----- >> From: cypherpunks [mailto:cypherpunks-bounces at cpunks.org] On Behalf Of >> coderman >> Sent: Tuesday, December 31, 2013 8:51 AM >> To: Griffin Boyce >> Cc: cpunks >> Subject: Re: Jacob Appelbaum in Germany >> >> On Tue, Dec 31, 2013 at 12:32 AM, Griffin Boyce >> wrote: >>>... >>>  I prefer my shared hallucinations to be in the form of Lindens [1], ... >> >> >> i'll let you cypherpunks in on a secret financial tip: >>  the smart money banks in dogecoin: http://dogecoin.com/ >> >> > > >-- >Cari Machet >NYC 646-436-7795 >carimachet at gmail.com >AIM carismachet >Skype carimachet - 646-652-6434 >Syria +963-099 277 3243 >Amman +962 077 636 9407 >Berlin +49 152 11779219 >Twitter: @carimachet > >Ruh-roh, this is now necessary: This email is intended only for the >addressee(s) and may contain confidential information. If you are not the >intended recipient, you are hereby notified that any use of this >information, dissemination, distribution, or copying of this email without >permission is strictly prohibited. > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 19967 bytes Desc: not available URL: From carimachet at gmail.com Wed Jan 1 03:51:18 2014 From: carimachet at gmail.com (Cari Machet) Date: Wed, 1 Jan 2014 12:51:18 +0100 Subject: Jacob Appelbaum in Germany In-Reply-To: <06329459-63DA-45EC-A826-86EA140B65E6@gmail.com> References: <1388445314.96784.YahooMailNeo@web141204.mail.bf1.yahoo.com> <1388473744.13334.YahooMailNeo@web141206.mail.bf1.yahoo.com> <006601cf063d$0d4e9820$27ebc860$@net> <1388519945.16721.YahooMailNeo@web141206.mail.bf1.yahoo.com> <06329459-63DA-45EC-A826-86EA140B65E6@gmail.com> Message-ID: that someone sees a system > a construct (law) made by mankind and still inside of a build as infallible would believe in belief and would think they needed such things as "heros" > the greeks wrote about that pretty long ago u may want to update ur mindset intellectual rigor > and some lawyers i know figure your thought processies about as common as it gets mayb u cld bring urself to do some research On 1/1/14, Cari Machet wrote: > I sincerely wish you could have helped aaron it is all beyond sad and though > some of his projects are being carried out i think we have to do more - Yes > I am aware you are an alumni - do u have connections with other alumni ? We > think the alumni are a pressure point they cld not ignore > > Will connect with you further as the project progresses > > Thanks very very much > > Sent from my iPhone > > On 31.12.2013, at 20:59, Jim Bell wrote: > >> I am an alum of MIT (Class of 1980; Chemistry). I've just read the >> Wikipedia article on Aaron Swartz, and I am very sympathetic to him. I >> wish I'd been aware of his situation while he was alive; I might have been >> able to help, and would have tried to do so. >> Jim Bell >> >> >> From: Cari Machet >> To: Silent1 >> Cc: cpunks >> Sent: Tuesday, December 31, 2013 8:03 AM >> Subject: Re: Jacob Appelbaum in Germany >> >> dear sir >> >> we are reaching out to MIT alumni to make a public call of outrage re >> among other things the aaron swartz treatment by MIT would u b willing >> to b included? >> >> specifically we would b asking for shifts in functionality not just >> complaining to the bricks >> >> THANKS >> >> On 12/31/13, Silent1 wrote: >> > Ahh, Dogecoin, didn't an online wallet service of theirs get hacked >> > last >> > week and completely cleaned out of hundreds of thousands of coins? >> > >> > -----Original Message----- >> > From: cypherpunks [mailto:cypherpunks-bounces at cpunks.org] On Behalf Of >> > coderman >> > Sent: Tuesday, December 31, 2013 8:51 AM >> > To: Griffin Boyce >> > Cc: cpunks >> > Subject: Re: Jacob Appelbaum in Germany >> > >> > On Tue, Dec 31, 2013 at 12:32 AM, Griffin Boyce >> > wrote: >> >>... >> >> I prefer my shared hallucinations to be in the form of Lindens [1], >> >> ... >> > >> > >> > i'll let you cypherpunks in on a secret financial tip: >> > the smart money banks in dogecoin: http://dogecoin.com/ >> >> > >> > >> >> >> -- >> Cari Machet >> NYC 646-436-7795 >> carimachet at gmail.com >> AIM carismachet >> Skype carimachet - 646-652-6434 >> Syria +963-099 277 3243 >> Amman +962 077 636 9407 >> Berlin +49 152 11779219 >> Twitter: @carimachet >> >> Ruh-roh, this is now necessary: This email is intended only for the >> addressee(s) and may contain confidential information. If you are not the >> intended recipient, you are hereby notified that any use of this >> information, dissemination, distribution, or copying of this email >> without >> permission is strictly prohibited. >> >> >> > -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. From jwcase at gmail.com Wed Jan 1 10:06:03 2014 From: jwcase at gmail.com (Joshua Case) Date: Wed, 1 Jan 2014 13:06:03 -0500 Subject: [cryptography] To Protect and Infect Slides In-Reply-To: References: <4dcbb04f7c2c485eb43d18e222b0f9a8@cryptolab.net> <20131231051456.GC25536@order.stressinduktion.org> <52C3257D.6000707@appelbaum.net> <52C40252.1040506@net.in.tum.de> Message-ID: i am unable to access the slides, or any of the PDF files from cryptome’s front page using google’s chrome app for the iPad. chrome says that the site is behaving “strangely” and that i “cannot proceed” …. this is chrome’s red malware warning page, without an option to proceed at my own risk. JC On Jan 1, 2014, at 8:37 AM, John Young wrote: > Jake's, Assange's and others' emphasis at 30c3 was to pursue > technological offenses rather than futile expectation of political, > financial and legal controls of spying which inevitably confirm > what spies do, for it is in their interest to support spyin and > secrecy to maintain hegemonic, heirarchial institutions under > "the rule of law." > > Reminder, at the origin of cypherpunks there was a crackdown > on encryption as a munitions. That skirmish was thought to > have been won. Now Snowden has revealed that victory > was a delusion, the real one-sided battle was fought > surreptiously in secret, not only by contaminating crypto > but by development of bypasses, implants, backdoors, > booby traps, ruses, scams, bribes, dual-hatted contracts > with crypto-hackers. > > Can an openly avowed combat on the technologies of political > control (1) work or will it be demonized, fought by secret > underhanded means? Public debate deployed as a ruse in > the 1990s as now. > > (1) An Appraisal of the Technologies of Political Control > > http://cryptome.org/stoa-atpc.htm > > This combat is about far more than crypto and coders must > be supplemented with all the discplines of science and > technology which are now serving industry and the > "lawful" hegemons. > > 30c3 advocated a direct attack on these means, not wait for > the public debate to be rigged in favor of the hegemon with > PR, propaganda, lobbying, bribery, contracts, scare stories, > terrifying incidents, the customary dirty fighting and tricks of > spies and "defense" industry. > > Is that technological attack on the political, financial, legal > hegemon likely to succeed? Or will the crackdown on > armed (technological) dissent become as violent as it has > in the past? > > There is a likelihood encryption will be restricted, by fiat, > by planting weaknesses, by covert attacks, by technological > bypasses, by rigged failures to create doubt of effectiveness. > > That was the way CryptoAG operation was run. Now the RSA > ploy is operative. Is the effect of Snowden to be a series > of ploys and ruses. Worse, hop on board the paranoia train, > is Snowden a disinfo op for leaking gobs of ruses? > > Musings: > > A singular feature of hegemons is that they are dominated by > "self-regulating organizations" which set the terms and conditions > of the ruling entity, assure enforcement of the rules, and perpetuate > themselves under "self-regulation." > > These are successors of royalty which instead of divine right, > backed by military power, they invoke the "Constitution," a law > which distinctively empowers "lawful" behavior according to the > rules of the hegemon. > > No wonder the US promotes constitutional government around > the planet, backed by military power, most often by denigrating > other forms of government. > > A striking parallel is the rise of the clerics in Europe as an alternative > to religious hegemons. From clerics came lawyerly self-regulating > hegemons. A new religion hidden within supremacist judges' black > robes. > > Enough of lawful self-regulation in secrecy, unpunishable by > lawful means. Justice is out of control, prison populations stuffed, > bloated law enforcement and spies raiding the public till, private > spies, cops and mercenaries worse than the official, or > indistinguishable. > > Back to the military which backs the hegemons. Technology > controls its effectiveness, thus the need for the hegemons to > control manufacture, distribution, ownership and application > of military means. Concentration of wealth through government > regulation, economic and tax policy, and military supremacy > reifies special privileges and exculpations for the enforcers > of law. Law->taxation->enforcement->informants->spying-> > assassination->military action. > > > > > From electromagnetize at gmail.com Wed Jan 1 11:57:48 2014 From: electromagnetize at gmail.com (brian carroll) Date: Wed, 1 Jan 2014 13:57:48 -0600 Subject: [cryptography] To Protect and Infect Slides In-Reply-To: References: <4dcbb04f7c2c485eb43d18e222b0f9a8@cryptolab.net> <20131231051456.GC25536@order.stressinduktion.org> <52C3257D.6000707@appelbaum.net> <52C40252.1040506@net.in.tum.de> Message-ID: John Young wrote: Can an openly avowed combat on the technologies of political > control (1) work or will it be demonized, fought by secret > underhanded means? Public debate deployed as a ruse in > the 1990s as now. > > (1) An Appraisal of the Technologies of Political Control > > http://cryptome.org/stoa-atpc.htm > i was having difficulty understanding what was meant or implied by the use of 'combat _on the technologies of political control', if this is 'combat against' the technologies, or combat using the the technologies, in that they function as weapons platforms and could be leveraged this way. (perhaps it is both-and &or either-or) an example related to this, in terms of an existing interpretative gap that was referenced in relation to the 30c3 presentation, is that a category like "signals intelligence" can be understood in a confined framework reliant upon certain known technologies, and thus a context is established by standardizing this belief such that signals intelligence may relate to computers and-or conversations, encryption, and accessing various such signals i think what is missing in this default view is, again, the context of evaluation that may be predetermined to a larger extent, thus formatting views and beliefs and reasoning, the frameworks used for analysis and conversation and relation about such dynamics, underlying issues, to gauge and discern whatever truth is made accessible within those constraints and parameters. yet it may also be overly limiting, reliant upon narrow categorization that occludes or leaves out other relevant and vital information/data such that 'signals intelligence' likely also co-exists in a context of human physiology, and that those signals are highest value in terms of behavioral control and modification, via surveillance that moves into active attacks against targets (using wireless) thus, a question regarding neurology and mass surveillance is squarely located in a context of signals intelligence as it relates to hacking human physiology and psychology and "intelligence" in the literal- to include both brainwave signals and nerve paths and signals of the body, the nervous system as this platform therefore, signals intelligence without neurology is missing the major salient at the front line of this war, the context involving drugs both prescribed and 'illegal' yet managed by hegemons, and thus psychiatry and neurology and other fields/disciplines are likely structurally involved in unaccounted for dimensions of mass surveillance as these systems are weaponized and used for remote control management via secret methodology this can be related as a condition to culture, how awareness is and is not developed within certain parameters, as to how 'categories' exist, such as crypto or computer science, these separate from medical school issues in a university context, unless those specialists somehow bridge the gap within an interdisciplinary framework, which likely would be secretive, especially if it goes against rules, law, human rights, etc, in a context of war of terror, war of drugs, war by psychiatrists and war by neurologists against noncompliant citizenry, etc the issue then of 'excavating the present' in a wider or larger context than may be normalized and standardized, to make sense of known parameters that exceed existing boundaries of established ideology within a field or discipline, this very 'fixed-idea' of something then bounding/narrow interpretation, unquestioning, censored or disallowed or uninquisitiveness then becoming its own security by keeping out anomalies to attain unrealistic clean-room analysis more and more detached from reality and realistic accounting, instead more about shaping a worldview that could be inaccurate or limited or bounded to a certain interpretation that is part of the problem, an incapacity to relate to what exists in the terms it exists in, which can be both a problem of language and also of consciousness, though involves the way thinking occurs, reasoning, processing of information in given frameworks, perhaps not as accurate as believed the school system and institutions of education reinforcing this, programming or formatting ideology beliefs that then support this faulty framework, normalized, require its view for relation, exchange, debate, social dynamics, hierarchy, which instills, relies upon and defends a false perspective as if by default the most accurate view of 'reality' because it is shared, operative, used as the common language and viewpoint for further programming, as if of common value, yet this value is in pattern-matching of language (sign=sign) and does not involve grounding this language with truth itself (sign=truth). in this way, an illusion is involved that becomes 'consciousness' of shared language as if this is shared truth, simply by communicating beliefs that if matched are true. it is a fallacy, a massive self-deception of civilization itself, most individuals operating within these parameters by default and trained to do so, after being indoctrinated and formatted by the education system into the correct belief that defer and serve this false authority which ignores and denies other truth outside the prevailing opinions that serve this private reasoning i keep trying to write to this idea, yet it is difficult to access without seeming out-of-place... it is that this default condition involves the issue of context, what is perceived to already exist, though when widening this framework to include other 'hidden' or unsupported or unacknowledged or unallowed dimensions and parameters, it then _recontextualizes the situation within a wider range and realm of inquiry and interpretation that, if structural, would provide more data to test and modify given hypotheses and would allow more realistic frameworks for issues involved, such that 'computing' is not a separate realm from other disciplines, nor architecture, nor linguistics, etc. and there is this aspect, this taking account of the existing situation that is equivalent in some sense to archaeology, in that it is dealing with fragments and assemblages, structures and connections, layers and analyses across large spans of time and geographies that can include shared &or unshared cultural traits, in this way typologies such as pottery can be interpreted distinctly within a given culture yet likewise share attributes or skills with other development in other cultures, and these relations map into the artifacts, documenting the relations between peoples and beliefs and practices, as it is written within aesthetics, plans, rituals, peoples, and their organization and development. thus to delve into this realm of context and recontextualization involves opening up a wider framework or scaffolding and testing hypotheses and evaluating situations and analysing them in comparison to other cultures, times, places, to learn what attributes are common, structural, providing information in their presence within the assemblage, what this divulges about practices, from known data, modeling, other research, excavations and larger hypothesis. (this instead of just focusing upon fragments in a given context as if the universal viewpoint, and as it relates to disciplines separated into categories that may be more about signage than the truth involved). so, what if everyone is educated in 'history' that is devoid of accounts of this predominant 20th c. technology in the present day, that people are using as tools & that form the basis for employment, career, livelihoods, social relations. it is like having someone document or analyse the bronze age without mentioning the role of metals in this situation; yet that is how the school system functions in its ideology, technology is made contextless, it does not relate within a traditional model of history except as servant to 'our goals' instead of defining and determining them as its own ideology, that technical values replace human values, and thus, binary processing of computers the ideal thinking for humans in an educational system where memorization and playback of known variables and data are core skills for peoples now dumbed down to machine-functioning, trained for this as if higher evaluation, the ability to repeat others beliefs in a conformist approach to authority, hierarchical authority where 'truths' are known because of pattern matching of language, never accessing/addressing logical evaluation beyond the binary, making all thought superficial, hollow as it relates to, through, extends this systematic POV that becomes the basis for social relations, exchange, development, the ideology of culture, tools themselves -- in this way the following excerpt... "The concept of technology has many and varied interpretations. As emphasised in the interim report (Omega 1996), the definition adopted for the purposes of this work encompasses not just the 'hardware' - the tools, instruments, machines, appliances, weapons and gadgets (i.e. the apparatus of technical performance); but also the associated standard operating procedures, routines, skills, techniques (the software); and the related forms of rationalised human social organisations, arrangements, systems and networks (the liveware) of any programme of political control.2In other words, it is insufficient to describe developments in a purely technical sense, it is also necessary to consider these technologies as social and political factors.3 (1) what stands in the way of signals intelligence being related to reading minds via wi-fi and cellular towers in a weaponized infrastructure of mass surveillance, illegal, hostile to citizenry, in addition to manipulation of nervous systems for behavioral modification and brute-force training (discipline & punishment) of 'circus animals', captives of the hidden ideological oppressor what stands between signals analysis in an ordinary computer context of hacking and cracking and phreaking (still relevant...) as it relates to neurology, psychology, psychiatry, biology, and chemistry, as these combine in the same wireless infrastructure in terms of 'signals analysis' and exploitation of brain and body signaling, including to destroy equipment (read: people) via the attacks, the programming, code, routines, flaws, etc. why is it not possible to _reason within this framework if it does exist, yet is not within the ordinary domain of tools and equipment because it is illegal and secretive, what limits prevent such issues from being communicated about if not the way people think about situations, what viewpoint is used, what is or is not excavated as part of the evaluation, compared structurally signals go further than binary code and encryption goes into nature itself, DNA a major example though also systems, the natural infrastructure of life, of cells and molecular dynamics that also can be programmed, manipulated, including wirelessly and yet this viewpoint has been made illegal within the schools to consider outside a realm of expertise, from any discipline other than those involved, and if secret or hidden work, then it is especially off-limits, presumed to benefit the combined state in its highest (read: lowest) purposes, 'faith-based' zero-doubt, just conform and follow and extend the system to benefit all, those just like the self. those who fit in, do their jobs, etc. even if evil, attacking citizens, functioning against truth. the issues of morality and ethics in relation to technology, a context entirely missing from accounting for such "progress" and thus friction free, the furthered development of this ideology thinkers Lewis Mumford and Jacques Ellul both addressed this condition, the former in terms of 'technics' in civilization and the latter in terms of 'techinque' as these relate to the concept of "technology". that the fragmentary viewpoint is not inclusive of vital information and observations about how it actually exists and functions, from earliest tool use to the most advanced tools of the present-day, including those exceeding human capacities in normal contexts, whether equipment for moving/altering things or processing of data on a scale unimaginable except in terms of the omniscience of a godhead, now that becomes 'the state', yet based on flawed binary evaluation, throwing out unlikeable truth, relying on pseudo-truth, warp, skew, bias, as viewpoint, then universalizing this, it becomes the shared codebase and yet moves further and further away from truth, goodness, reality and instead substitutes it with another lesser version of artifice so the idea of context, recontextualization, the archaeological aspect of spacetime & place, considering a situation within a certain set of parameters and terms and then reinterpreting it anew in a new framework (electromagnetism and civilization) what this allows is taking an issue like 'signal analysis' and mapping it into the larger framework it actually exists within, empirically, in a larger interdisciplinary context where its truth resides in terms of known parameters for such analysis, in that 'intelligence' is more than encoded data on computers, and it is more raw in terms of brainwaves and nerve signaling in terms of what it effects, prime movers of relations instead of representative data, why capture written text if you can access thoughts within the brain directly via infrastructure, or why worry about what a person may do if you could program what they do via behavioral influence, say forcing their nerves to fire in a given way that then causes them to turn a steering wheel and drive off the road, etc. this kind of thing is going on, it is normalized, yet not 'discussed' as part of the same infrastructure, same context, in parallel with issues of breaking computer tools: breaking, destroying people, surveilling their very thoughts and actions via marionette data- attachments, highly toxic connections, abuse-based relations that can be exploited to n-degrees because they are hidden and unacknowledged in 'proper discourse', as if only "crazy" when instead a structural evil undermining all human activity, the deeper situation that exists, the dark forces involved here > Is that technological attack on the political, financial, legal > hegemon likely to succeed? Or will the crackdown on > armed (technological) dissent become as violent as it has > in the past? > a question may be: how is a person grounded in their thoughts and beliefs. do they have an accurate view of the situation and within what parameters. will an attack force a new awareness that does not fit the belief system, such that 'paranormal' must now be accommodated or grounded, yet without the ability to do so, madness and pills could be forced for those 'hearing voices' or becoming suicidal via subliminal influences, etc. those who think they have it figured out, rationalized, yet do not have their thinking straight, that is, for dealing with paradox, how empirical truth and relativism function in terms of perspective and logic, and the ability to reason and see clearly beyond own beliefs, such that the self is fallible, may not be correct in ideology or assumptions about functioning, and have to adapt or learn or question anew, loss of ego and 'superior consciousness' as if single relativistic viewpoints encompass everything accurately, in particular issues like security, crypto, computing, hacking, that only those parameters are enough to grok the situation versus requiring generalist skills, thinking skills prior to this as the foundation for awareness, relations, exchange, work the danger is not in being wrong, it is in obediently serving falsity and not recognizing it, and this can be narcissistic, as if the self alone as a fragment knows more than the integrated and combined whole of awareness, now divided, thus the task of linking views together via logic, structures, to allow empiric processing and relations, securing truth in self and with others and building from this foundation, armature, entablature, state the role of organization is not simply a rule-based formulaic that conjures higher awareness simply by organizing things, it must involve at its core the securing of truth, this accuracy, for this organization to be effective and made real as a model without truth, without advanced logical reasoning, impossible and yet instead what is mediated instead of ideas in their truth is language, the signage, as if simply performing calculations upon this signage is that truth, which is a false perspective of programming and code as ideology, as facade and illusion just like considering mass surveillance only in the accepted parameters and domains of consumer technology versus its wide-open range of influence based on research and studies into capacities in other weaponized and technical contexts, that are also active and deployed in a larger parallel situation involving covert operations, the government against its people this is not occurring within the viewable realm of PHP or some other limiting framework or dynamic. it is vastly larger than any detail or fragment or model or belief in ordinary 'legitimized' views that serve this same subverted ordering, by extending it further. it may have some aspect of code or programming or similarity in structure, yet may exist unaccounted for in the traditional or known model in the given culture of consumer technology, outside or beyond its capacities yet leveraging the skills and _techniques that exist as parameters and dimensions that can likewise involve crypto, hacking, cracking, phreaking.. (subversion of brain and body comms, inner and relational) so how do you move from not being able to talk about this in realistic terms to being able to communicate directly about such a condition, if there are few fragements to piece together a larger picture or view, or that not enough digging has occurred or not enough discoveries, or people are looking in the wrong places or analysis is not including vital data and research of these issues (cf. removing and denying electromagnetism its role within culture, civilization, & 'history', to include the state and its legal framework, the Constitution, exchange, relations of people, our organization, thinking, modeled existence, etc) the normalization of the ideology of science and pseudo-atheistic viewpoint forbid the following reasoning by regular censorship, in that such ideas are not allowed, completely disregarded as if irrelevant, and thus narrowing of context allows false view to be shared as if universal when based on warped, relativistic frame then normalized, reliant on errors, beliefs, opinion structuralized... Musings: > > A singular feature of hegemons is that they are dominated by > "self-regulating organizations" which set the terms and conditions > of the ruling entity, assure enforcement of the rules, and perpetuate > themselves under "self-regulation." > > These are successors of royalty which instead of divine right, > backed by military power, they invoke the "Constitution," a law > which distinctively empowers "lawful" behavior according to the > rules of the hegemon. > > No wonder the US promotes constitutional government around > the planet, backed by military power, most often by denigrating > other forms of government. > > A striking parallel is the rise of the clerics in Europe as an alternative > to religious hegemons. From clerics came lawyerly self-regulating > hegemons. A new religion hidden within supremacist judges' black > robes. > this pretty much says it- without naming it. what this context also involves, and perhaps some people are not aware of these dimensions, is that the Catholic church is at its core based within philosophy (as with Judaism and also Muslims). the ideas of Plato a major role in the development of institutions, including the Church. that _metaphysics are not separated from this, rituals, etc. that there could be very advanced awareness involved in a particular approach that carries over millennia and centuries, such that a local move is not just a fragment, and instead part of a larger cosmic assemblage so, the idea that truth is central to certain institutions, its core, as this relates to issues of governance, strategy, education, perhaps to include communications, moving into the ambiguity of today, a momentary instance in a larger, longer expanse of considerations thus, the role of libraries and astronomy, Moses as an electrician, Ark of the Covenant having electrostatic properties, etc. as this also relates to issues of religion, cultural development, space-time place the importance of science and technology and how it overtakes and eventually overtakes the model of the state as governor, mediator, and replaces human-tending values with machine-based values the issue of categorization seemingly involving institutionalization of Aristotelian worldview as basis for teaching via categorization, if not mistaken, versus Platonic, this also splitting with saints and others who developed the church, its teaching, organization, etc. the potential takeaway or ponderable from this is that 'reasoning' was split between what could and could not be managed within relations - and within language - for addressing these dynamic and changing conditions, as it relates to scientific awareness of a particular domain that then replaces the ideology of the church with the ideology of science & technology, as this new church of the state, its belief system, canon, dogma, ideology, and worship consider that the core of the western church is this relation with higher truth, truth itself. and that 'the metaphysics' that extend or operate beyond the limits of science or remain undefined and-or unacknowledged by them still too can exist, in their truth, even if not validated in a given framework. why this is mentioned is that religion has a foundation in philosophy, in the accuracy of ideas in terms of their evaluation and understanding for the situation that most actually exists. thus, knowledge could remain hidden yet still be active and very real, though unaccounted for within the existing models or even language, yet no less real than, say, technology or equipment or tools. in that _techniques may exist that are equivalent to this, various processes, and in this way alchemy and magic and other dimensions could also co-exist alongside that of scientific sorcery likewise what is intended to be conveyed in this is a recontextualization for issues of crypto, security, communications, 'shared truth', political power, the state, in this context that precedes existing development (and to include a wider frame than western european, including other religions and civilizations now merging into what is 'the world' or earth as realm of awareness, governance, and issues of shared organization, common order, and so on.) and thus to break it down, it would be to consider 'religions' in the framework of a 'one true religion' once mentioned, that this could involve integrating truth as it is separated, verifying and acknowledging its existence, incorporating it in a shared model of awareness, and thus 'truth' really is the core of this religion that is itself philosophy and not -private- in the traditional sense where relativistic private opinion determine moral and ethical frameworks, and instead that these are public issues and they have relevance to every individual and the larger combined whole, especially if not observed or agreed upon, as the condition today what was once whole become fragmented, yet the truth that is shared remains like an entangled connection, within relations, as consciousness and awareness of certain shared principles that map to being human, versus serving nothingness as ideal it is also to include that the Bible (bibles) themselves are known to be related to code, encoded though also cryptic, believed to have within them encrypted information and knowledge about the cosmos, that this could be occurring on many levels and in many kinds of analyses, though may likewise involve more than simply obeying the language and instead, considering it in terms of whatever truth it may hold, how this is evaluated or discerned or considered or disregarded, in what ways it could be related to or through, the book as medium, the institution and yet within it, the ideas and concepts and relations it also defines, parameters, dimensions, principles, ideals, goals, and especially with holy works, lessons, instructions, vision a way of cultivating awareness, understanding, values based on what is and is not valued and interpretation differs widely (for instance, some may believe it is all about subversion and a ploy and thus pretend to follow while reading/writing relations in that framework that is supported, as if Manicheanistic forces of darkness and light contained in its metaphysical framework, the devil of the Godfather structurally related to the Saints and a counterbalancing force, there is much to spiritual instruction that goes beyond simply following rules without questioning or understanding- it is all about questioning, testing, and learning, applying the self in relation to truth, in service to higher truth) so the idea that crypto with computers is the defining parameter for the present in a non-religious world context could itself be a limiting belief that is inaccurate for the dynamics at work & play; to include wars, massive pornography, lawlessness, criminality as this maps to forces of good/evil in service to truth that may be managing these dynamics in hidden terms, in service to the larger goals and agenda, creating cultural frameworks that allow certain development to occur via long-term strategic planning, to include say the rise of drugs and the counterculture as this relates to the CIA, or rise of bondage and alternative sexuality; it could be thoroughly invested in a covert culture operation of millennia old metaphysical processes (including programming via alchemical processes on a scale of society and civilization) and this organization could be orchestrated in that larger context, as with horror movies and other dynamics, including education where even within the rote model of ideological instruction, other principles could still be transmitted and passed on from teacher to student, and be sustained as consciousness, even while the students may be turned into robots via behavioral formatting there is more than one context to the drug war, war of terror, etc. and so how someone evaluates these situations in terms of their parameters, what is active, what is ignored as relevant, then influences the relation, communications, consciousness it seems also, as with religion, those people who observe and serve higher truth are not enemies of one another in most cases, which is perhaps the very basis for civility, scaled to civilization; how difference and similarity span across many-faceted culture all of this to then consider the split from the Catholic church via the Protestant reformation, which could have involved some dimensions not accounted for in normal views, that it may have been a deception operation at its core or served certain principles that functioned against a higher truth and was a contest of views; the result of this in centuries of development appears to be that the focus on philosophy and metaphysics, the core truth of the church, was replaced by a focus on its language, of the bible as a relativistically interpreted document whose interpretation was based on many-viewpoints that offered a variety of authorities to choose from, for how beliefs would align with given principles, themselves that may have been subtle, requiring a foundation in ideas than in simple acts of processing and communicating in this way, the truth of the sign was replaced, substituted by this sign of truth as the communication of signage itself, this matching of the pattern, even if ungrounded from its actuality and existence as truth (i.e. sign=sign replaces sign=truth). there is no quicker way to legitimizing a view that money is truth than equating its material influence or immediate effect upon the senses as this highest truth, this highest power, or supreme cause - perhaps only to those who are unbelievers, in that they do not recognize truth outside of this construct, devoid of its philosophical depth or attachment to the world and nature and values, beyond how it benefits their own self in this way, relativistic truth can trump any other, and stand-in for thinking or ideas as processing of information, parsing of data, yet remain detached from larger accountability or truth than that narrow range defined and upheld, made standard and normalized as culture. and set against human values. this same ideology is that of the education system and most all institutions in their managerial and business focus, as the issues of culture, economic/social/political become about and are defined by issues of money, primarily, first and foremost, it as value system, the basis for principles, relations, exchange prime mover, where its currency does not have truth at its core and instead 'nothing' that is maintained as a shared belief, POV thus maintaining this belief, this false universal perspective of bias and injustice, then requires censorship, not allowing other views that challenge the power of the language to control what is perceived or the terms of its evaluation- 'interpretation'. in this way, hermeneutics of today, of the corrupt state, are those of an atheistic Protestantism that governs over the population and controls the political, social, economic, and cultural domains as managers and exploiters for the benefit of that value system truth is not this singular value: money is. essentially- shit. from there, issues of sexual and other politics, as shared view, aligned with certain principles, practices, organization, & so on Enough of lawful self-regulation in secrecy, unpunishable by > lawful means. Justice is out of control, prison populations stuffed, > bloated law enforcement and spies raiding the public till, private > spies, cops and mercenaries worse than the official, or > indistinguishable. > what this leads to is 'law' or a legal framework that is defined by power over language, to enforce a given interpretation as if it is truth, yet not connected to it in terms of logical accounting where the words are related to concepts and ideas that must also be correct in their interpretation. instead this is assumed; thus 'mankind' can represent humankind, and in this way, the private relativism can function as if universal public empiricism, basis for hegemony or dictatorial empire building via rogue state the point being: law is not based within truth. it is entirely about language as the mediator of this truth, the pattern match made and believed 'equivalent' to truth (sign=sign) in binary thinking, in this way communication and language exchange replace or substitute for thinking which has no depth, no connection with philosophy or metaphysics and instead is surface-relations in and of language as signage. mediating the signage, as if truth and that is what is enforced, upheld, protected, and protects the corrupt state- that this accountability cannot take place, that law is not observant of logical accounting for truth as truth that is, truth can be brought down into a 1 and 0 framework in this same mode of binary processing, people can be proven wrong in their beliefs, yet this is not allowed, it is outlawed even within the schools so that the authority-based view always 'wins' based on control over relativistic, warped, onesided interpretation there is no truth within the legal framework, and so how could justice exist without observance and evaluation of situation in their truth, and yet that is what the legal system consists of and relies upon, a false framework to judge relations and events that preferences an already accommodated view at the expense and exploitation of others who must submit and find their place within it, or be persecuted and forced to surrender to its beliefs as the overriding or 'highest authority' as if this is highest truth when it is not, it is the opposite- there is no there there, really > Back to the military which backs the hegemons. Technology > controls its effectiveness, thus the need for the hegemons to > control manufacture, distribution, ownership and application > of military means. Concentration of wealth through government > regulation, economic and tax policy, and military supremacy > reifies special privileges and exculpations for the enforcers > of law. Law->taxation->enforcement->informants->spying-> > assassination->military action. > thus, to reframe this structural sequence accordingly... Language->Law->taxation... [signs]-->Language->Law->taxation... in other words, language is a question, how does interpretation occur, via ungrounded or semi-grounded "beliefs" or via empirical reasoning that is logically evaluated and removed of known errors.. v1. truth-->[signs]-->Language->Law->taxation... v2. pseudo-truth-->[signs]-->Language->Law->taxation... what this ultimately leads to is two realities, one grounded in truth and the other that substitutes 'language' for this truth, via shared viewpoints of matched patterns as if confirmation of 'universal truth'. in this way, 'signs' become this truth, the agreed upon POV=truth... truth <--//-- [signs]-->Language->Law->taxation... in this way, disconnection from accountable truth then references 'nothing' as this truth, the sign replaces and becomes this truth, which is to say 'language' or communication is equated with truth by mere ability to share beliefs and common universal frameworks.. (nothingness) [signs]-->Language->Law->taxation... this leads to the following condition that mediates the state and defines the status quo, at the level of ideology and daily bread... (falsity) [pT.signs]-->Language->Law->taxation->enforcement ->informants->spying->assassination->military action where all communication that is not secured in truth is tending toward increasing falsity by default of relativistic frameworks, and that 'shared belief' is equated with a universal empirical viewpoint as if higher consciousness yet warped, unreal, biased, onesided and must be conformed to as a belief, subjugating and oppressing people via the need to maintain and sustain the underlying falsity that the entire system protects, extends, believes in and _serves there is no question it is evil. it is not truth that is accessed, it is a shared lie that serves materialistic goals, greed, and relies upon behavorial conditioning and brainwashing of populations to uphold, and at the very center or core of this system is money as if truth (money) [pT.signs]-->Language->Law->taxation->enforcement ->informants->spying->assassination->military action justice, rights, freedom, knowledge, action, work, economy, governance, all are subsumed by this framework and must be interpreted within its narrow parameters, and therefore perverted to principles that function against humanity by default of this epic corruption, age-old, enshrined in institutions, people, relations and what side people are on, who they are and what is most important to them, is it truth of the cosmos as it relates to the individual and their place in existence and questions of development of civilization, or is it a narrower consideration without regard for other dimensions that allows a given bias to be extended as a way of life and 'being', which at its core could involve absence, void, loss of awareness, unknowing and wrong views yet belief they are god and all-knowing perhaps key is cybernetic feedback, the ability to evaluate and to self-correct. the absence of this or disregard indicating deeper issues with regard to how truth is managed, both internally and externally as it relates to value system. lies necessary for certain types of people, it is the basis for their entire reasoning, 'the shared hallucination' that is ungrounded, and one day will be accounted for empirically, this being the nature of the cosmos as circuit and continuum 08s00 2l0s9 45nz2 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 43909 bytes Desc: not available URL: From jamesdbell8 at yahoo.com Wed Jan 1 16:26:16 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Wed, 1 Jan 2014 16:26:16 -0800 (PST) Subject: Jim Bell comes to Cypherpunks? In-Reply-To: <5936A644-1145-4ED7-A10A-90CB4A85990E@riseup.net> References: <1388522481.31937.YahooMailNeo@web141205.mail.bf1.yahoo.com> <201401011908.s01J8Vtl016061@new.toad.com> <5936A644-1145-4ED7-A10A-90CB4A85990E@riseup.net> Message-ID: <1388622376.69491.YahooMailNeo@web141205.mail.bf1.yahoo.com> Twitter for me?  My impression is that this is more for issues where seconds, minutes, or hours count.  I don't know who I'd want to follow so closely as to monitor Twitter. As for me saying something?  Well, I don't know if I have that much to say.  It's not like I don't have opinions...I have many of them.  But, right now the world is awash in opinions, from blogs to twitter.  What would I talk about...uh...other than the obvious?   What, in general, would people want ME to talk about? Further, right now my main interest is in promoting and developing my isotope-modified fiber optic invention.    http://www.freepatentsonline.com/WO2013101261A1.html                Jim Bell ________________________________ From: cypherpunks To: John Gilmore Cc: "barlow at eff.org" ; Bell Jim ; "cypherpunks at riseup.net" Sent: Wednesday, January 1, 2014 1:45 PM Subject: Re: Jim Bell comes to Cypherpunks? I've no idea if there're any physical cpunks meetings. Living in Europe and visiting some hacker conferences and hackerspaces from time to time. Guess - it would be you Golden State guys to do some. On the other side - Jim, how about open a twitter account and be part of the social media thingy too? :) --Michael Am 01.01.2014 um 20:08 schrieb John Gilmore : > Are there physical cypherpunks meetings these days?  I don't know of any. > There are many hackerspaces in various cities that have regular meetings, > but I don't attend any and don't know which ones relate to cypherpunk > topics. > > We (or anybody) could restart such meetings, I suppose... > >    John -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4392 bytes Desc: not available URL: From electromagnetize at gmail.com Wed Jan 1 14:37:03 2014 From: electromagnetize at gmail.com (brian carroll) Date: Wed, 1 Jan 2014 16:37:03 -0600 Subject: [cryptography] To Protect and Infect Slides In-Reply-To: References: <4dcbb04f7c2c485eb43d18e222b0f9a8@cryptolab.net> <20131231051456.GC25536@order.stressinduktion.org> <52C3257D.6000707@appelbaum.net> <52C40252.1040506@net.in.tum.de> Message-ID: need to clarify this statement... > truth is not this singular value: money is. essentially- shit. > it is a view that presupposes money has become detached from truth, thus in its deteriorated or corrupted state, it is equivalent to or tends towards base ignominious relations > (money) [pT.signs]-->Language->Law->taxation->enforcement > ->informants->spying->assassination->military action > sidenote: regarding taxation, for materialists taxes = morality -whereby- money = absolute truth taxation becomes tithing for the atheistic 'church of state' that has as its communion a monetary unit separated from its truth this enforcement of taxation by ideologues is confirmation of faith in money as value, as morality, as highest framework of evaluation, money determining authority, status, 'goodness', success, "truth" it is value removed of truth, and turns the sign ($) into truth incarnate] money is not backed by truth (!!!) -- the commitment (in god we trust) is ultimately an issue of establishing shared truth as a basis for trust, instead this is replaced by a simulated or appearance or mimicry of it, yet without the social commitment to ensure fairness in the exchange instead: money is backed by 'nothing'- nothingness is the ideology that becomes the value, the shared lie is the basis for exchange that then allows onesided exploitation and entropic movement of falsity into the domain of truth, seeking to represent and replace it, while seeming or appearing to uphold its value while subverting/destroying it in this way, broken goods and corrupted items are exchanged for money that makes this exchange _legal via the shared lie, use of language (of law) to enforce and protect this exchange (via falsity that is structural, allowing onesided exploitative practices to occur) and enforced by rules and regulations, against citizens // entropy the issue of quality, of exchange that is backed by moral obligation then is short-circuited, allowing 'shit' to be exchanged, as if equal exchange when instead subverted, sabotaged, weaponized, such that equipment is sold broken, made toxic, triggered to break in or out of warranty, via planned obsolescence & other subversive tactics 'truth' has been devalued and thus unfair exchange normalized, by those who have more power and gain more in the exchange via the institutionalized RIPOFF, via currency itself, divorced from truth, where appeals can only goto nothingness as common denominator as there is no obligation beyond the private self and its power within such a totally corrupt state as defended, protected by "quasi-law" that is removed of truth, and instead uses the power of language that amounts to 'share opinions' to enforce common viewpoints and social relations, hierarchy, institutional privilege, wealth, as if of higher truth implicitly, for its benefit to the 'larger reality' that is itself based in falsity, upheld as if greater awareness, value, in these warped materialistic terms- against people, nature, life itself this becoming the state, losing its soul, replaced by nothingness at its core, then outlawing questioning of this condition as if illegal the US was not built upon this premise, it is a complete and total subversion of originating principles, absolute corruption of its cause, of relations between people, their organization in a shared situation, governance, role of fair exchange, equal rights. instead, some have more rights than others, their rights take away others peoples equal rights, and this has become normalized, this imbalanced viewpoint, belief system, as if natural, moral, basis for exchange, determination of what is true by who it benefits, etc. its ideological core: pure evil (that is, those serving falsity, attempting to extinguish truth from life) jsl0w wio1s 7s90x -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5198 bytes Desc: not available URL: From stephan.neuhaus at tik.ee.ethz.ch Wed Jan 1 08:35:21 2014 From: stephan.neuhaus at tik.ee.ethz.ch (Stephan Neuhaus) Date: Wed, 01 Jan 2014 17:35:21 +0100 Subject: Jacob Appelbaum in Germany In-Reply-To: <52C34CA8.1020308@echeque.com> References: <1388445314.96784.YahooMailNeo@web141204.mail.bf1.yahoo.com> <1388473744.13334.YahooMailNeo@web141206.mail.bf1.yahoo.com> <006601cf063d$0d4e9820$27ebc860$@net> <1388519945.16721.YahooMailNeo@web141206.mail.bf1.yahoo.com> <52C33963.1000709@echeque.com> <2AEC19568BF00DB7A5FB03CA@F74D39FA044AA309EAEA14B9> <52C34CA8.1020308@echeque.com> Message-ID: <52C443C9.4060904@tik.ee.ethz.ch> On 2014-01-01, 00:00, James A. Donald wrote: > On 2014-01-01 07:52, Juan Garofalo wrote: >> What is a sincere practitioner of civil disobedience? > > Someone who expects to suffer for his beliefs, and is willing to do > so is a sincere practitioner of civil disobedience. > > [...] > > In practice, 99% of civil disobedience is Pussy Riot tearing down > someone else's crucifix on someone else's property. The message is > "You have to obey our laws, but we do not have to obey even our own > laws". I know what you want to say (I think), but I believe that you are incorrectly referring to such people as "Pussy Riot". The three incarcerated Pussy Riot members have had immensely harsh sentences. They called the Putin amnesty that set them free a "PR gag" and convinced at least me that they were serious when they said that they would have preferred to serve their sentences until the last day. Sounds like people "who expect to suffer for their beliefs, and are willing to do so" to me. Fun, Stephan PS: If I recall (but I haven't checked), the incident in question was singing an anti-Putin song in a church, not "tearing down someone else's crucifix on someone else's property", for which they were convicted of "rowdyism". From realcr at gmail.com Wed Jan 1 08:22:20 2014 From: realcr at gmail.com (realcr) Date: Wed, 1 Jan 2014 18:22:20 +0200 Subject: Replacing corporate search engines with anonymous/decentralized search In-Reply-To: References: <1388305027.11664.55.camel@debian> <20131231124259.GB7003@ctrlc.hu> Message-ID: Some ideas I had regarding searching: - The web used to be some kind of its own index, back in the old days, where you could get from one webpage to another using links. If you get to think about it, links are not much different than a DHT: Every website has links to some sites that are similar to that site, and maybe to some sites that are a bit different. In order to find something specific you work your way through the links just like you would do in a DHT. The introduction of great search engines eliminated the need to put these kind of links in websites. So that's one solutions, links. Kind of primitive, but I think it used to work. Maybe I could put it in a less primitive way: Assume that you search for X. An example for a new search method could work like this: You are given 5 different things, and each of those you pick the one closest to X. Then again you are given 5 things, and you pick again the one closest to X. And so on. Maybe after a few iterations you get what you want. Just a strange idea, though maybe it could made practical somehow. I like it because it contains no analysis of words or phrases. - Crowdsourcing the creation of the index. I think it was mentioned in some of the messages on this thread. I believe that even the best algorithms and analysis methods are not good enough to index websites the right way. On top of that, All that SEO (Search engine optimization) that is so popular these days makes a lot of websites full of fluff show up in the top search results, which I think is really a shame. I suggest to those of you who didn't, to check out freenet, just to see what it's like to have some real content out there. It doesn't have much content, though the little it has is worth seeing. Regarding crowdsourcing the creation of the index, I suggest doing it using some kind of incentives for people to do it, and in the same time some trust mechanisms to make sure that the index crowdsourcing is not abused. I don't write here about the technological tools to do this, though I do believe we are getting close to make this kind of thing possible. Though, I still don't fully understand how to classify the websites: Maybe keywords, or some kind of similarity network/metric between websites. Anyways, These were my 50 cents. On Wed, Jan 1, 2014 at 5:00 AM, coderman wrote: > On Tue, Dec 31, 2013 at 6:37 AM, Lodewijk andré de la porte > wrote: > > I'd like to ask people to wonder what Search Engines really do for us. > Where > > is the catalog? Where is the cultivated list of good resources? > > > > Do search engines provide the same level of guidance to its users that a > > written overview can? > > what you want more than traditional search is resource discovery, > which includes recommendation and per-peer-perspective reputation. > this is an area where centralized search is incapable or untrustworthy > enough compared to fully decentralized options. > > done centrally, that central trusted party would be privy to all your > inter-peer interactions. in decentralized fashion this exposes only > limited information to each peer. (central services usually paying > the cost of the infrastructure to analyze all to all interactions by > selling your private information to third parties, or delegating to > those who do...) > > > > > Why don't we create a distributed website catalog? It's harder, as > anti-spam > > is the core feature. But competing with Google seems rather foolhardy at > the > > moment. > > public web is a small slice of all that is of interest. just put a > internet archive.org copy on a hidden Tahoe-LAFS and everyone gets a > copy of the public web for local querying. (better yet, make a PIR > LAFS ;) > ... this would need a little coding *grin* > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4439 bytes Desc: not available URL: From carimachet at gmail.com Wed Jan 1 09:51:37 2014 From: carimachet at gmail.com (Cari Machet) Date: Wed, 1 Jan 2014 18:51:37 +0100 Subject: Jacob Appelbaum in Germany In-Reply-To: <52C443C9.4060904@tik.ee.ethz.ch> References: <1388445314.96784.YahooMailNeo@web141204.mail.bf1.yahoo.com> <1388473744.13334.YahooMailNeo@web141206.mail.bf1.yahoo.com> <006601cf063d$0d4e9820$27ebc860$@net> <1388519945.16721.YahooMailNeo@web141206.mail.bf1.yahoo.com> <52C33963.1000709@echeque.com> <2AEC19568BF00DB7A5FB03CA@F74D39FA044AA309EAEA14B9> <52C34CA8.1020308@echeque.com> <52C443C9.4060904@tik.ee.ethz.ch> Message-ID: <91EDD69F-172D-4412-BEF7-DDFE7F0F6FCE@gmail.com> I honestly don't think you know enough about the pussy riot actions or Russia to talk about it let alone pass such judgements what are you a time wasting troll ? if not do some research Sent from my iPhone On 01.01.2014, at 17:35, Stephan Neuhaus wrote: > On 2014-01-01, 00:00, James A. Donald wrote: >> On 2014-01-01 07:52, Juan Garofalo wrote: >>> What is a sincere practitioner of civil disobedience? >> >> Someone who expects to suffer for his beliefs, and is willing to do >> so is a sincere practitioner of civil disobedience. >> >> [...] >> >> In practice, 99% of civil disobedience is Pussy Riot tearing down >> someone else's crucifix on someone else's property. The message is >> "You have to obey our laws, but we do not have to obey even our own >> laws". > > I know what you want to say (I think), but I believe that you are > incorrectly referring to such people as "Pussy Riot". The three > incarcerated Pussy Riot members have had immensely harsh sentences. They > called the Putin amnesty that set them free a "PR gag" and convinced at > least me that they were serious when they said that they would have > preferred to serve their sentences until the last day. > > Sounds like people "who expect to suffer for their beliefs, and are > willing to do so" to me. > > Fun, > > Stephan > > PS: If I recall (but I haven't checked), the incident in question was > singing an anti-Putin song in a church, not "tearing down someone else's > crucifix on someone else's property", for which they were convicted of > "rowdyism". From freek2023 at yahoo.de Wed Jan 1 09:57:05 2014 From: freek2023 at yahoo.de (freek2023 at yahoo.de) Date: Wed, 01 Jan 2014 18:57:05 +0100 Subject: Replacing corporate search engines with anonymous/decentralized search In-Reply-To: References: <1388305027.11664.55.camel@debian> <20131231124259.GB7003@ctrlc.hu> Message-ID: Hi there, did anyone come across yacy[0]? It's a crawling software, that creates an shared index within a defined realm. I can say that it's OSS (GPL), but I had no time to inspect the code. I'm wondering, what's this list's opinion on it. Cheers, frk [0] http://yacy.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 364 bytes Desc: not available URL: From jamesdbell8 at yahoo.com Wed Jan 1 19:13:50 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Wed, 1 Jan 2014 19:13:50 -0800 (PST) Subject: Jim Bell comes to Cypherpunks? In-Reply-To: References: <1388522481.31937.YahooMailNeo@web141205.mail.bf1.yahoo.com> <201401011908.s01J8Vtl016061@new.toad.com> <5936A644-1145-4ED7-A10A-90CB4A85990E@riseup.net> <1388622376.69491.YahooMailNeo@web141205.mail.bf1.yahoo.com> Message-ID: <1388632430.22112.YahooMailNeo@web141202.mail.bf1.yahoo.com> On my Facebook page (which I rarely access; less than once every 2 weeks) I have zero friends, by my policy.  I first heard about 'friending' on FB nearly 10 years ago.  I felt then, and I continue to feel, that this is far too 'binary' for me:  If I started classifying people as 'friends', I'd have to decide where to draw the line.   And that, I didn't want to do.  Therefore, any requests to 'friend' me, I do not activate, and I explain to the people involved why I won't.  Everybody seems to understand, and I've been told many people have a similar opinion of that.           Jim Bell ________________________________ From: Sampo Syreeni To: Jim Bell Cc: cypherpunks ; "barlow at eff.org" ; "cypherpunks at cpunks.org" ; "gnu at toad.com" Sent: Wednesday, January 1, 2014 6:34 PM Subject: Re: Jim Bell comes to Cypherpunks? On 2014-01-01, Jim Bell wrote: Jim, why is it that you aren't my FB-friend already? My friends would just love/hate you. -- Sampo Syreeni, aka decoy - decoy at iki.fi, http://decoy.iki.fi/front +358-40-3255353, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2563 bytes Desc: not available URL: From hannes at stressinduktion.org Wed Jan 1 11:33:28 2014 From: hannes at stressinduktion.org (Hannes Frederic Sowa) Date: Wed, 1 Jan 2014 20:33:28 +0100 Subject: "To Protect and Infect" - the edges of privacy-invading technology In-Reply-To: References: <4dcbb04f7c2c485eb43d18e222b0f9a8@cryptolab.net> <20131231051456.GC25536@order.stressinduktion.org> <20131231180452.GG31072@order.stressinduktion.org> <20140101040205.GJ31072@order.stressinduktion.org> Message-ID: <20140101193328.GL31072@order.stressinduktion.org> On Tue, Dec 31, 2013 at 11:04:19PM -0800, coderman wrote: > On Tue, Dec 31, 2013 at 8:02 PM, Hannes Frederic Sowa > wrote: > >... > > Most of the implants are installed without we surely know if the vendors > > did know about that or am I missing something? > > are you only considering this 30C3/catalog set of docs? I was just referring to the Snowden documents. > venally complicit to conveniently compromised to blissfully ignorant > compromise of hardware vendors goes back to CryptoAG and as recently > as the BULLRUN leaks. a bit too long and complicated a thread for > this list, i think... Ok, CryptoAG is a story of its own, I agree. But they are not that much of a major hardware vendor, either. Depends on which customer base you consider. > > I also don't count RSA as a hardware vendor in this case, as the > > backdoored RNG was included in their bSafe suite, which is purely > > software. > > sure, just another example of in scope target for a "compromise all > the things" approach. > > my point was to highlight their response as particularly deceptive and > inexcusable when observing how the various parties not only respond, > but act, in response to these leaks. (e.g. Google deploying crypto > over their internal fibers is positive action. sitting silent or > deflecting criticism not confidence inspiring...) Agreed, but in the end it is important how they act in the long term. But that needs more time to come until conclusions can be drawn. It is much more difficult for hardware vendors to strike such good PR stunts as Google did. Also, I guess, Google had this change in the works for a longer time, otherwise I don't know if they could make the switch to crypto for their internal cross-DC links so rapidly. It still seems a lot of work + testing and their services seem highly depending on good latency. Greetings, Hannes From coderman at gmail.com Wed Jan 1 21:11:49 2014 From: coderman at gmail.com (coderman) Date: Wed, 1 Jan 2014 21:11:49 -0800 Subject: The Intimidation Factor: How a Surveillance State Can Affect What You Read in Professional Publications Message-ID: attempting to obtain a copy of: "The Intimidation Factor: How a Surveillance State Can Affect What You Read in Professional Publications" https://www.computer.org/csdl/mags/co/2013/12/mco2013120091-abs.html i appear unable to download successful purchase, "There is no down-loadable article.". does anyone have details on the nature of the pressure to censor in this case? best regards, From coderman at gmail.com Wed Jan 1 21:15:39 2014 From: coderman at gmail.com (coderman) Date: Wed, 1 Jan 2014 21:15:39 -0800 Subject: The Intimidation Factor: How a Surveillance State Can Affect What You Read in Professional Publications In-Reply-To: References: Message-ID: On Wed, Jan 1, 2014 at 9:11 PM, coderman wrote: > ... > does anyone have details on the nature of the pressure to censor in this case? only other information from RISKS digest: """ Surveillance leads to censorship? [PGN retitling] Robert Schaefer Mon, 30 Dec 2013 15:40:28 -0500 In this December's IEEE *Computer* magazine, in the column titled "The Intimidation Factor: How a Surveillance State Can Affect What You Read in Professional Publications", Hal Berghel says that he was forced to pull a screenshot of a powerpoint slide Edward Snowden leaked to The Washington Post. The screenshot appeared in the his July column printed version but was removed from the IEEE digital library version. Berghel writes: "Pull up a chair and let me tell you a story..." """ From coderman at gmail.com Wed Jan 1 21:51:07 2014 From: coderman at gmail.com (coderman) Date: Wed, 1 Jan 2014 21:51:07 -0800 Subject: multi-party support for axolotl ratchet? Message-ID: per https://github.com/trevp/axolotl/wiki is there a straightforward way to make this multi-party capable, and what optimizations could be done to reduce keys/messages required? i have not looked at mpOTR in depth yet, to see what lessons might be applicable to axolotl... best regards, From juha.nurmi at ahmia.fi Wed Jan 1 12:38:32 2014 From: juha.nurmi at ahmia.fi (Juha Nurmi) Date: Wed, 01 Jan 2014 22:38:32 +0200 Subject: Replacing corporate search engines with anonymous/decentralized search Message-ID: <52C47CC8.3010601@ahmia.fi> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi! I read this post about decentralized search and I immediately subscribed this mailing list. So hello all! My name is Juha Nurmi and I am the founder of ahmia.fi (search engine for Tor) and a university researcher. Right now I am trying to get funding to design a decentralized search engine. We are proposing (me and my Adj.Prof.) a small (2-3 years) Finnish Academy project. This proposal would take place in the Finnish Academy ICT 2023 programme, first thematic call: Information security, letters of intent, which means very short project plans. Academy mostly funds (public) "pure research"; first planned applications are related to virtual Internet networks and public admin applications. The basic idea is to investigate search algorithms and engines that do not require a centralized crawler database and a central authority. This raises algorithmic, security, credibility, resourcification, etc. challenges that are interesting strategic research point of view, etc. In particular, we would like to use Tor network as a testbed for these ideas in the related case studies: we will be testing this search design by building a tor hidden service search engine :) The Finnish Academy will select most promising project candidates and the final proposal is to be submitted around April 2014. If successful, we enter detailed planning phase in early 2014, and submit more complete project plan by April 2014. Actual project (2 calendar years) would take place in 2014-2016. I really really hope I will get this funding. This is something I would love to do and have planned to do a long time. Funding = time. Greetings, Juha Nurmi -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSxHzCAAoJELGTs54GL8vASmUH/i9QP+b508y4sLAnlxRogpnX NZlOJ+s2x+i5lK7TiVxCOWm556pQBwCl8aVwAjIlmY0RtqllbpqBsOePSY7nrK+6 1L+znToW6l5LleSBxa7mK0Yd6ww08VJmkr7y5CoW5D1JWhTRiHm2iMVBOLdIU27A G1CwXTwVUzeiehrUd1frHgmHVeXeqwovInnnKKc6ndrX53Z7zau/m5ybaQnyCTlG HNVKbXLSYRK0rWjLbg2+bd7ZTXWIGCISxhmQ68/bvPIGfleW/hSqz9Cw+oou+Ufa FKxUoEmMIcBCdonIi4A7iZLlDrWX1RkPeUmSGKJU3I3ZcxtwrKbU1y9Ijg7D7kQ= =qjYG -----END PGP SIGNATURE----- From carimachet at gmail.com Wed Jan 1 13:54:36 2014 From: carimachet at gmail.com (Cari Machet) Date: Wed, 1 Jan 2014 22:54:36 +0100 Subject: Jacob Appelbaum in Germany In-Reply-To: <1388608081.23446.YahooMailNeo@web141206.mail.bf1.yahoo.com> References: <1388445314.96784.YahooMailNeo@web141204.mail.bf1.yahoo.com> <1388473744.13334.YahooMailNeo@web141206.mail.bf1.yahoo.com> <006601cf063d$0d4e9820$27ebc860$@net> <1388519945.16721.YahooMailNeo@web141206.mail.bf1.yahoo.com> <06329459-63DA-45EC-A826-86EA140B65E6@gmail.com> <1388608081.23446.YahooMailNeo@web141206.mail.bf1.yahoo.com> Message-ID: <48B55111-D4F7-4D52-90BD-7084D57D05E0@gmail.com> Thanks that is very interesting I will pass the knowledge to others I know From what I understand Aaron was profoundly unhinged by the fact that he would have to live his life as a convicted felon and that was his major issue Pure sadness ... Sent from my iPhoney On 01.01.2014, at 21:28, Jim Bell wrote: > No, I'm sorry, I have no links with other MIT alums. > > One big misunderstanding that would have been able to clear up with aaron swartz had I been aware of his situation, that I hope other readers will now learn, is the issue of how much time he (or other federal defendants) would have faced if convicted. Federal criminal laws generally include with them a statement of the maximum punishment that can be applied: They are generally even numbers, such as "5 years", "10 years", "15 years" or so. However, such statements are basically archaic: In 1987, the laws were changed (prisoners called it "new law") to calculate sentences based on the defendant's criminal history, the severity of the crime, and other facts. See http://en.wikipedia.org/wiki/United_States_Federal_Sentencing_Guidelines > > The following sentencing table is part of that Wikipedia article. I assume that Aaron Swartz would have had a "zero" "criminal history", in other words the Column labelled "I" (0 or 1) would have been used. An offense level up to 8 would have specified a sentence between 0 and 6 months. I would have to look up the specific charges to see what he faced, but I strongly doubt that he would have been sentenced to over 2 years, and probably under 1 year. > Jim Bell > > ================quote from Wikipedia begins================ > > Sentencing table > The sentencing table is an integral part of the U.S. Sentencing Guidelines.[24] > The Offense Level (1-43) forms the vertical axis of the Sentencing Table. The Criminal History Category (I-VI) forms the horizontal axis of the Table. The intersection of the Offense Level and Criminal History Category displays the Guideline Range in months of imprisonment. "Life" means life imprisonment. For example, the guideline range applicable to a defendant with an Offense Level of 15 and a Criminal History Category of III is 24–30 months of imprisonment. > Sentencing Table (effective Nov. 2012) > (showing months of imprisonment)[25][26] > Offense Level ↓ Criminal History Category > (Criminal History Points) > I > (0 or 1) II > (2 or 3) III > (4,5,6) IV > (7,8,9) V > (10,11,12) VI > (13+) > Zone A 1 0-6 0-6 0-6 0-6 0-6 0-6 > 2 0-6 0-6 0-6 0-6 0-6 1-7 > 3 0-6 0-6 0-6 0-6 2-8 3-9 > 4 0-6 0-6 0-6 2-8 4-10 6-12 > 5 0-6 0-6 1-7 4-10 6-12 9-15 > 6 0-6 1-7 2-8 6-12 9-15 12-18 > 7 0-6 2-8 4-10 8-14 12-18 15-21 > 8 0-6 4-10 6-12 10-16 15-21 18-24 > Zone B 9 4-10 6-12 8-14 12-18 18-24 21-27 > 10 6-12 8-14 10-16 15-21 21-27 24-30 > 11 8-14 10-16 12-18 18-24 24-30 27-33 > Zone C 12 10-16 12-18 15-21 21-27 27-33 30-37 > 13 12-18 15-21 18-24 24-30 30-37 33-41 > Zone D 14 15-21 18-24 21-27 27-33 33-41 37-46 > 15 18-24 21-27 24-30 30-37 37-46 41-51 > 16 21-27 24-30 27-33 33-41 41-51 46-57 > 17 24-30 27-33 30-37 37-46 46-57 51-63 > 18 27-33 30-37 33-41 41-51 51-63 57-71 > 19 30-37 33-41 37-46 46-57 57-71 63-78 > 20 33-41 37-46 41-51 51-63 63-78 70-87 > 21 37-46 41-51 46-57 57-71 70-87 77-96 > 22 41-51 46-57 51-63 63-78 77-96 84-105 > 23 46-57 51-63 57-71 70-87 84-105 92-115 > 24 51-63 57-71 63-78 77-96 92-115 100-125 > 25 57-71 63-78 70-87 84-105 100-125 110-137 > 26 63-78 70-87 78-97 92-115 110-137 120-150 > 27 70-87 78-97 87-108 100-125 120-150 130-162 > 28 78-97 87-108 97-121 110-137 130-162 140-175 > 29 87-108 97-121 108-135 121-151 140-175 151-188 > 30 97-121 108-135 121-151 135-168 151-188 168-210 > 31 108-135 121-151 135-168 151-188 168-210 188-235 > 32 121-151 135-168 151-188 168-210 188-235 210-262 > 33 135-168 151-188 168-210 188-235 210-262 235-293 > 34 151-188 168-210 188-235 210-262 235-293 262-327 > 35 168-210 188-235 210-262 235-293 262-327 292-365 > 36 188-235 210-262 235-293 262-327 292-365 324-405 > 37 210-262 235-293 262-327 292-365 324-405 360-life > 38 235-293 262-327 292-365 324-405 360-life 360-life > 39 262-327 292-365 324-405 360-life 360-life 360-life > 40 292-365 324-405 360-life 360-life 360-life 360-life > 41 324-405 360-life 360-life 360-life 360-life 360-life > 42 360-life 360-life 360-life 360-life 360-life 360-life > 43 life life life life life life > > > From: Cari Machet > To: Jim Bell > Cc: "cypherpunks at cpunks.org" ; "lists at silent1.net" > Sent: Wednesday, January 1, 2014 1:04 AM > Subject: Re: Jacob Appelbaum in Germany > > I sincerely wish you could have helped aaron it is all beyond sad and though some of his projects are being carried out i think we have to do more - Yes I am aware you are an alumni - do u have connections with other alumni ? We think the alumni are a pressure point they cld not ignore > > Will connect with you further as the project progresses > > Thanks very very much > > Sent from my iPhone > > On 31.12.2013, at 20:59, Jim Bell wrote: > >> I am an alum of MIT (Class of 1980; Chemistry). I've just read the Wikipedia article on Aaron Swartz, and I am very sympathetic to him. I wish I'd been aware of his situation while he was alive; I might have been able to help, and would have tried to do so. >> Jim Bell >> >> >> From: Cari Machet >> To: Silent1 >> Cc: cpunks >> Sent: Tuesday, December 31, 2013 8:03 AM >> Subject: Re: Jacob Appelbaum in Germany >> >> dear sir >> >> we are reaching out to MIT alumni to make a public call of outrage re >> among other things the aaron swartz treatment by MIT would u b willing >> to b included? >> >> specifically we would b asking for shifts in functionality not just >> complaining to the bricks >> >> THANKS >> >> On 12/31/13, Silent1 wrote: >> > Ahh, Dogecoin, didn't an online wallet service of theirs get hacked last >> > week and completely cleaned out of hundreds of thousands of coins? >> > >> > -----Original Message----- >> > From: cypherpunks [mailto:cypherpunks-bounces at cpunks.org] On Behalf Of >> > coderman >> > Sent: Tuesday, December 31, 2013 8:51 AM >> > To: Griffin Boyce >> > Cc: cpunks >> > Subject: Re: Jacob Appelbaum in Germany >> > >> > On Tue, Dec 31, 2013 at 12:32 AM, Griffin Boyce >> > wrote: >> >>... >> >> I prefer my shared hallucinations to be in the form of Lindens [1], ... >> > >> > >> > i'll let you cypherpunks in on a secret financial tip: >> > the smart money banks in dogecoin: http://dogecoin.com/ >> >> > >> > >> >> >> -- >> Cari Machet >> NYC 646-436-7795 >> carimachet at gmail.com >> AIM carismachet >> Skype carimachet - 646-652-6434 >> Syria +963-099 277 3243 >> Amman +962 077 636 9407 >> Berlin +49 152 11779219 >> Twitter: @carimachet >> >> Ruh-roh, this is now necessary: This email is intended only for the >> addressee(s) and may contain confidential information. If you are not the >> intended recipient, you are hereby notified that any use of this >> information, dissemination, distribution, or copying of this email without >> permission is strictly prohibited. >> >> >> > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 21188 bytes Desc: not available URL: From joe_wang at yahoo.com Thu Jan 2 00:49:35 2014 From: joe_wang at yahoo.com (Joe Wang) Date: Thu, 2 Jan 2014 00:49:35 -0800 (PST) Subject: Jim Bell comes to Cypherpunks? In-Reply-To: <1388622376.69491.YahooMailNeo@web141205.mail.bf1.yahoo.com> References: <1388522481.31937.YahooMailNeo@web141205.mail.bf1.yahoo.com> <201401011908.s01J8Vtl016061@new.toad.com> <5936A644-1145-4ED7-A10A-90CB4A85990E@riseup.net> <1388622376.69491.YahooMailNeo@web141205.mail.bf1.yahoo.com> Message-ID: <1388652575.95433.YahooMailNeo@web160704.mail.bf1.yahoo.com> Yeah stay away from Twitter Jim. Its bunch of junks and rants (including mine) follow up with more rants uh, tweets. By the way I check out your fiber invention link below.  The address on file is still back at the prison, you probably want to change that just as an fyi.   -Joe ________________________________ From: Jim Bell To: cypherpunks ; "barlow at eff.org" ; "cypherpunks at cpunks.org" ; "gnu at toad.com" Sent: Thursday, January 2, 2014 8:26 AM Subject: Re: Jim Bell comes to Cypherpunks? Twitter for me?  My impression is that this is more for issues where seconds, minutes, or hours count.  I don't know who I'd want to follow so closely as to monitor Twitter. As for me saying something?  Well, I don't know if I have that much to say.  It's not like I don't have opinions...I have many of them.  But, right now the world is awash in opinions, from blogs to twitter.  What would I talk about...uh...other than the obvious?   What, in general, would people want ME to talk about? Further, right now my main interest is in promoting and developing my isotope-modified fiber optic invention.    http://www.freepatentsonline.com/WO2013101261A1.html                Jim Bell ________________________________ From: cypherpunks To: John Gilmore Cc: "barlow at eff.org" ; Bell Jim ; "cypherpunks at riseup.net" Sent: Wednesday, January 1, 2014 1:45 PM Subject: Re: Jim Bell comes to Cypherpunks? I've no idea if there're any physical cpunks meetings. Living in Europe and visiting some hacker conferences and hackerspaces from time to time. Guess - it would be you Golden State guys to do some. On the other side - Jim, how about open a twitter account and be part of the social media thingy too? :) --Michael Am 01.01.2014 um 20:08 schrieb John Gilmore : > Are there physical cypherpunks meetings these days?  I don't know of any. > There are many hackerspaces in various cities that have regular meetings, > but I don't attend any and don't know which ones relate to cypherpunk > topics. > > We (or anybody) could restart such meetings, I suppose... > >    John -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 6609 bytes Desc: not available URL: From jamesdbell8 at yahoo.com Thu Jan 2 01:15:31 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Thu, 2 Jan 2014 01:15:31 -0800 (PST) Subject: Fw: Hi, I'm from the government and I'm here to screw you In-Reply-To: <52C4D85E.80300@pacifier.com> References: <52C4D85E.80300@pacifier.com> Message-ID: <1388654131.8008.YahooMailNeo@web141202.mail.bf1.yahoo.com>    I was subjected on a number of occasions to what should have been illegal GPS-tracker use.  This kind of tracker use was finally declared a "search" within the meaning of the 4th Amendment to the US Constitution in a January 2012 US Supreme Court case, US v. Jones.   The 9th Circuit Court case which the government would presumably try to use to justify that tracking was called U.S. v. McIver (9th Cir. 1999), where such a GPS tracking device was put on a vehicle seen at a location where a marijuana-grow was in operation.    http://www.patc.com/enewsletter/legal-answers/4-oct08.shtml    (Note:  This reference to the McIver case was written in 2008, 4 years prior to US v. Jones.)     A Third Circuit case from 2013 that addresses this matter (and comes to the correct conclusion) is US v. Katzin (3rd Cir. 2013).    www.eff.org/files/2013/10/22/katzin_opinion.pdf        The use of the McIver case to justify the placement of the tracking device on my car(s) in 1998 and 2000 should not have worked, because unlike the McIver situation, I was actually not suspected of any crime, neither in 1998 nor 2000:  I was, in effect, being stalked by Federal agents who were engaging in criminal activity against me.  (Assault by Federal informant Ryan Thomas Lund, on November 25, 1997, and promulgation of a forged, fake, fraudulent "appeals" case 99-30210 from about June 20, 1999 through April 2000, and well beyond.)     One quirk was my allegation (which due to corruption of the Tanner court as well as corrupt lawyer Robert Leen) that the Feds had actually placed a GPS tracking device on my car, shortly after my release on April 13, 2000.   Eventually, in late October, 2000, they petitioned a Federal court for a warrant to place a DIFFERENT GPS tracking device, WITHOUT alerting that court that the previous device was present.  This omission of that relevant information constituted fraud on that court, because the Feds presumably argued that they 'needed' the information to find out where I was going:  Since they already had one such device on my car, they obviously already knew what I was doing.      And, if they would have argued that placing such a device on my car was 'legal', then why would they have had to obtain a warrant in late October 2000?  Why not simply use the information they had obtained from April 2000-October 2000?   The answer, in hindsight, is simple:  The Feds had no justification at all to place a tracking device on my car during and after April 2000:  For them to use that information about October 2000, they would have had to explain why the tracking device had been placed as early as April 2000.  That they could not do, unless they admitted that they had no articulateable reason to track me during that time.       Note:  On about November 21, 2000 I told my (corrupt, appointed) lawyer Robert Leen about my suspicion that they had been tracking me from April-October 2000; I had a right to have all such information available to me at my "trial".  But, Leen wasn't really acting as my 'first line of defense':  Leen was acting as the GOVERNMENT'S 'first line of offense'.   Because Leen wouldn't act to obtain that (secret) trackig device information in 'discovery' (legal term of art, requiring government to turn over information before trial) I sent a letter about December 8, 2000 to Judge Tanner, telling him that I 'fired' Leen for his deliberate negligence.  Tanner did not allow me to fire Leen, and I was denied the ability to present this (and essentially any other) evidence at the "trial".   While you may have heard snippets about how my trial was 'fixed', the reality was far worse than that.        Any questions?                   Jim Bell http://www.infowars.com/feds-may-require-vehicle-location-tracking-in-new-cars/ Feds Consider Vehicle Location Tracking in New Cars *   Proposal may lead to more accidents, mileage taxes and tickets for “recorded traffic violations” Kit Daniels Infowars.com January 1, 2014 In a few weeks, federal officials may require new vehicles to have trackable GPS “safety” devices which could be hacked to cause automobile accidents and may even usher in mileage taxes. With the V2V device, the GPS location for all new cars could be recorded. Credit: Minesweeper via Wiki The National Highway Traffic Safety Administration is spending the next couple of weeks mulling over its decision to install vehicle-to-vehicle communications – known as V2V for short – into new vehicles which would allow them to “talk” to each other through GPS data under the guise of “accident prevention,” according to ABC News. However, one official involved with the government study of the devices admitted that hackers could abuse the system to create mass havoc on the road. “Who has access and how do you secure the data?” David Wise of the Government Accountability Office asked. He even said that the V2V would rely on GPS data that can be used to easily track a vehicle – and thus the occupants inside. “Privacy is a real challenge,” Wise said. This is refreshing honesty from a government official. The fact that the V2V system could be hacked to cause high-speed pile-ups exposes the political lie that these devices were designed to prevent accidents. In fact, bureaucrats want the V2V installed in vehicles in order to track Americans like animals in another sick extension of the domestic spy grid pioneered by the NSA. With vehicle tracking, big government politicians could also accomplish their goal of taxing drivers by every mile driven. Lawmakers could even use this sort of technology to pass laws that allow local governments to mail drivers tickets for “recorded traffic violations” as they already do with red light cameras. And to really stick it into drivers even further, the costs for the GPS technology will be tacked onto the price of new cars – forcing Americans to pay for their own enslavement. Take a look at the following articles to see for yourself the hidden agenda behind the V2V technology:=======================end of quote============================ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 14358 bytes Desc: not available URL: From jamesdbell8 at yahoo.com Thu Jan 2 01:19:26 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Thu, 2 Jan 2014 01:19:26 -0800 (PST) Subject: Jim Bell comes to Cypherpunks? In-Reply-To: <1388652575.95433.YahooMailNeo@web160704.mail.bf1.yahoo.com> References: <1388522481.31937.YahooMailNeo@web141205.mail.bf1.yahoo.com> <201401011908.s01J8Vtl016061@new.toad.com> <5936A644-1145-4ED7-A10A-90CB4A85990E@riseup.net> <1388622376.69491.YahooMailNeo@web141205.mail.bf1.yahoo.com> <1388652575.95433.YahooMailNeo@web160704.mail.bf1.yahoo.com> Message-ID: <1388654366.20212.YahooMailNeo@web141206.mail.bf1.yahoo.com> Yes, as I understand it the address on my patent application was changed about August 2013.  However, the site "freepatentsonline.com" may not have gotten the word.       Jim Bell ________________________________ From: Joe Wang To: Jim Bell ; cypherpunks ; "barlow at eff.org" ; "cypherpunks at cpunks.org" ; "gnu at toad.com" Sent: Thursday, January 2, 2014 12:49 AM Subject: Re: Jim Bell comes to Cypherpunks? Yeah stay away from Twitter Jim. Its bunch of junks and rants (including mine) follow up with more rants uh, tweets. By the way I check out your fiber invention link below.  The address on file is still back at the prison, you probably want to change that just as an fyi.   -Joe ________________________________ From: Jim Bell To: cypherpunks ; "barlow at eff.org" ; "cypherpunks at cpunks.org" ; "gnu at toad.com" Sent: Thursday, January 2, 2014 8:26 AM Subject: Re: Jim Bell comes to Cypherpunks? Twitter for me?  My impression is that this is more for issues where seconds, minutes, or hours count.  I don't know who I'd want to follow so closely as to monitor Twitter. As for me saying something?  Well, I don't know if I have that much to say.  It's not like I don't have opinions...I have many of them.  But, right now the world is awash in opinions, from blogs to twitter.  What would I talk about...uh...other than the obvious?   What, in general, would people want ME to talk about? Further, right now my main interest is in promoting and developing my isotope-modified fiber optic invention.    http://www.freepatentsonline.com/WO2013101261A1.html                Jim Bell ________________________________ From: cypherpunks To: John Gilmore Cc: "barlow at eff.org" ; Bell Jim ; "cypherpunks at riseup.net" Sent: Wednesday, January 1, 2014 1:45 PM Subject: Re: Jim Bell comes to Cypherpunks? I've no idea if there're any physical cpunks meetings. Living in Europe and visiting some hacker conferences and hackerspaces from time to time. Guess - it would be you Golden State guys to do some. On the other side - Jim, how about open a twitter account and be part of the social media thingy too? :) --Michael Am 01.01.2014 um 20:08 schrieb John Gilmore : > Are there physical cypherpunks meetings these days?  I don't know of any. > There are many hackerspaces in various cities that have regular meetings, > but I don't attend any and don't know which ones relate to cypherpunk > topics. > > We (or anybody) could restart such meetings, I suppose... > >    John -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 8167 bytes Desc: not available URL: From decoy at iki.fi Wed Jan 1 18:34:53 2014 From: decoy at iki.fi (Sampo Syreeni) Date: Thu, 2 Jan 2014 04:34:53 +0200 (EET) Subject: Jim Bell comes to Cypherpunks? In-Reply-To: <1388622376.69491.YahooMailNeo@web141205.mail.bf1.yahoo.com> References: <1388522481.31937.YahooMailNeo@web141205.mail.bf1.yahoo.com> <201401011908.s01J8Vtl016061@new.toad.com> <5936A644-1145-4ED7-A10A-90CB4A85990E@riseup.net> <1388622376.69491.YahooMailNeo@web141205.mail.bf1.yahoo.com> Message-ID: On 2014-01-01, Jim Bell wrote: Jim, why is it that you aren't my FB-friend already? My friends would just love/hate you. -- Sampo Syreeni, aka decoy - decoy at iki.fi, http://decoy.iki.fi/front +358-40-3255353, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2 From jamesd at echeque.com Wed Jan 1 15:46:11 2014 From: jamesd at echeque.com (James A. Donald) Date: Thu, 02 Jan 2014 09:46:11 +1000 Subject: Replacing corporate search engines with anonymous/decentralized search In-Reply-To: References: <1388305027.11664.55.camel@debian> <20131231124259.GB7003@ctrlc.hu> Message-ID: <52C4A8C3.9020106@echeque.com> On 2014-01-02 02:22, realcr wrote: > Some ideas I had regarding searching: > > - The web used to be some kind of its own index, back in the old days, > where you could get from one webpage to another using links. If you get > to think about it, links are not much different than a DHT: Every > website has links to some sites that are similar to that site, and maybe > to some sites that are a bit different. In order to find something > specific you work your way through the links just like you would do in a > DHT. The introduction of great search engines eliminated the need to put > these kind of links in websites. So that's one solutions, links. Kind of > primitive, but I think it used to work. Search humans, instead of search engines. Human authority instead of AI. As a matter of fact, it still does work. From coderman at gmail.com Thu Jan 2 11:01:04 2014 From: coderman at gmail.com (coderman) Date: Thu, 2 Jan 2014 11:01:04 -0800 Subject: The Intimidation Factor: How a Surveillance State Can Affect What You Read in Professional Publications In-Reply-To: References: Message-ID: On Wed, Jan 1, 2014 at 9:11 PM, coderman wrote: > attempting to obtain a copy of: > "The Intimidation Factor: How a Surveillance State Can Affect What You > Read in Professional Publications" > https://www.computer.org/csdl/mags/co/2013/12/mco2013120091-abs.html see also: http://www.berghel.net/col-edit/out-of-band/nov-13/oob_11-13.php this is disturbing in that those professionals most experienced and capable of critical discussion on these topics are also most likely to be directly or indirectly pressured into self-censorship or silence. best regards, From seanl at literati.org Thu Jan 2 12:00:08 2014 From: seanl at literati.org (Sean Lynch) Date: Thu, 2 Jan 2014 12:00:08 -0800 Subject: multi-party support for axolotl ratchet? In-Reply-To: References: Message-ID: On Wed, Jan 1, 2014 at 9:51 PM, coderman wrote: > per https://github.com/trevp/axolotl/wiki > > is there a straightforward way to make this multi-party capable, and > what optimizations could be done to reduce keys/messages required? > > i have not looked at mpOTR in depth yet, to see what lessons might be > applicable to axolotl... > Worst case, can't you just compute pairwise keys for each pair of participants? It'll add (n-2)*keylen bytes to each of your messages, but it's easy to understand and implement, and most multi-party conversations don't end up with that many participants anyway. I think the biggest problem with trying to do anything clever here is that keeping everyone in sync while simultaneously preventing DoS by one participant would be pretty difficult. You'd need something like Paxos to ensure everybody got the messages in the same order, and you'd have to keep around old keys and messages until everyone acknowledged them, otherwise participants could easily get "lost." -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1480 bytes Desc: not available URL: From electromagnetize at gmail.com Thu Jan 2 10:04:06 2014 From: electromagnetize at gmail.com (brian carroll) Date: Thu, 2 Jan 2014 12:04:06 -0600 Subject: Fw: Hi, I'm from the government and I'm here to screw you In-Reply-To: <1388654131.8008.YahooMailNeo@web141202.mail.bf1.yahoo.com> References: <52C4D85E.80300@pacifier.com> <1388654131.8008.YahooMailNeo@web141202.mail.bf1.yahoo.com> Message-ID: > Any questions? observation: with regard to illegal and fraudulent tactics used in your prosecution, court case, appeal, etc. it is wondered if the corrupt actions of individuals may go beyond a severawl government employees acting this way in isolation, and instead involve a hidden or structural approach, such as a domestic FISA-like program, where their actions are protected and so they are not concerned with issues of their own wrong doing because they are acting as part of a larger organized, coordinated effort. perhaps beyond normal processes though still 'legal' due to secret laws or secret hearings or decisions allowing this activity to occur. it seems more likely that activity like this is signed-off-on by someone with authority than not, unless there is total lawlessness within government and bureaucracy. i do not know enough to know though tend to believe the fraudulent activities must be structural not anomalous, given their coordination and purpose to convict and create endless problems with the bureaucracy. about the V2V cars- what is the likelihood that automobiles are _not tagged in some way, just like computers, given that location or other data is critically important and perhaps more easily accessible or tracked outside of a particular environment, say run-ups to meetings or whatever, the timeliness of data as it approaches a meeting point, thus ramps up in criticality, say if a cellphone conversation decides actions minutes before an encounter. or, to scan a city for someone via satellites, pinging the missing submarine from satellite. given highest priority to own every computer, how likely is it that vehicles are not already being tracked, regardless of 'known technology' that then brings this tracking into the open. even if via passive means, giant RFID in the sky/net, say serial #s that reflect back with vehicle title databases, mapping geographies this way, 100,000 vehicles return signals, as if looking at asphalt and concrete heavens using astronomy software to parse star/car-names. either installed in new vehicles by default, or when serviced if a focused customer. perhaps not advanced beyond passive ping, though are vehicles really driving around autonomously besides redlight cameras and speed traps? doubt it. From seanl at literati.org Thu Jan 2 12:59:58 2014 From: seanl at literati.org (Sean Lynch) Date: Thu, 2 Jan 2014 12:59:58 -0800 Subject: Fw: Hi, I'm from the government and I'm here to screw you In-Reply-To: References: <52C4D85E.80300@pacifier.com> <1388654131.8008.YahooMailNeo@web141202.mail.bf1.yahoo.com> Message-ID: On Thu, Jan 2, 2014 at 10:04 AM, brian carroll wrote: > > Any questions? > > about the V2V cars- what is the likelihood that automobiles are _not > tagged in some way, just like computers, given that location or other > data is critically important and perhaps more easily accessible or > tracked outside of a particular environment, say run-ups to meetings > or whatever, the timeliness of data as it approaches a meeting point, > thus ramps up in criticality, say if a cellphone conversation decides > actions minutes before an encounter. or, to scan a city for someone > via satellites, pinging the missing submarine from satellite. given > highest priority to own every computer, how likely is it that vehicles > are not already being tracked, regardless of 'known technology' that > then brings this tracking into the open. even if via passive means, > giant RFID in the sky/net, say serial #s that reflect back with > vehicle title databases, mapping geographies this way, 100,000 > vehicles return signals, as if looking at asphalt and concrete heavens > using astronomy software to parse star/car-names. either installed in > new vehicles by default, or when serviced if a focused customer. > perhaps not advanced beyond passive ping, though are vehicles really > driving around autonomously besides redlight cameras and speed traps? > doubt it. > Given that a V2V system can only warn of an impending collision with another V2V-equipped vehicle, this seems ludicrous to me. Passive systems like radar and lidar will be cheap enough to be in nearly every new car soon enough. However, even if V2V ends up being mandated, whether it's abusable is very implementation-dependent, and there are already plenty of ways to track vehicles: license plate scanners, toll transponder readers, even just plain old image processing on existing surveillance cameras to track vehicles probabilistically. Oh, and then there's that cellphone you're probably carrying with you. Some of these are easier to avoid than others, and a V2V system could probably be disabled easily. But we're already being tracked, and I doubt there's much incentive for a politician to go out on a limb to make it even easier. If we really want to avoid tracking, it's the efforts to network and database security cameras and ALPRs that we need to go after. Those are much harder to avoid, even if you don't own a cellphone and ride a bicycle or walk everywhere. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2928 bytes Desc: not available URL: From seanl at literati.org Thu Jan 2 13:04:17 2014 From: seanl at literati.org (Sean Lynch) Date: Thu, 2 Jan 2014 13:04:17 -0800 Subject: Replacing corporate search engines with anonymous/decentralized search In-Reply-To: <52C4A8C3.9020106@echeque.com> References: <1388305027.11664.55.camel@debian> <20131231124259.GB7003@ctrlc.hu> <52C4A8C3.9020106@echeque.com> Message-ID: On Wed, Jan 1, 2014 at 3:46 PM, James A. Donald wrote: > > As a matter of fact, it still does work. > It works far less, though, since most people expect others to rely on search engines, so they don't bother to link anymore. Here's a thought: browser extension that stores your "personal" web index, and gives you a typeahead menu when you write about concepts in your index, prompting you to convert phrases to links. Like the way Facebook always wants to convert the names of people and pages to tags. Even if it were just primed with Wikipedia, that would drastically reduce the amount of Google searching people need to do when reading stuff you write. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1034 bytes Desc: not available URL: From jamesdbell8 at yahoo.com Thu Jan 2 15:09:00 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Thu, 2 Jan 2014 15:09:00 -0800 (PST) Subject: Fw: Hi, I'm from the government and I'm here to screw you In-Reply-To: References: <52C4D85E.80300@pacifier.com> <1388654131.8008.YahooMailNeo@web141202.mail.bf1.yahoo.com> Message-ID: <1388704140.67119.YahooMailNeo@web141202.mail.bf1.yahoo.com>     One clue would come from my suspicion that agents of the Federal government, in March 1995, lured away the former resident of 7302 Corregidor (see  http://www.redfin.com/WA/Vancouver/7302-Corregidor-Rd-98664/home/14565030  ), the house immediately to the east of mine, and bought that house.  (In the picture provided, my house at 7214 Corregidor is just to the left of the house shown.)   The prior resident was a local school (high school?) science teacher, and he was hired at the Pacific Northwest National Laboratories in Richland Washington, a Federal government laboratory akin to Oak Ridge, Los Alamos, Lawrence Livermore, etc.  http://www.pnl.gov/       The purpose of this was to be able to acquire that house, and use it as a spying location against me. (The names ostensibly buying the house were Daniel J. and Dori J. Sabin, and they ran a remodeling operation named "Sundown Development Construction Corporation".  http://www.sundowndevelopmentconstruction.com/   )   Note that the date the house was sold is shown as March 10, 1995.  (This is odd, because school teachers' lives are oriented around the 'school year', which in most locations in America go from about September 1 to about June 1.  They sign contracts with the school to work for that year, and are bound to do so.   While I don't recall when the prior, lured occupant left, based on the sale date it appears that he sold that house months before the end of his school year.  For a school teacher, this would have been highly unusual.)       The sale price is shown as $180,000, which I think was rather high for that time. (But not unexpected if the government wanted to lure him away quickly.  Presumably he got a large raise, as well.)  They immediately began an extensive remodeling and enlargement operation on that house, including adding a second floor.  As I recall, this remodel took nearly a year; seemingly the house was unoccupied during that time.  Further, during a long period very little work was actually being done, as I recall.  (This remodeling would have dramatically increased the value of that house; the sale price in 1995 of $180,000 cannot be directly compared with the current value of the much-larger and more-up-to-date house as it exists today.)     While I don't remember precisely the date I published the first part of my AP essay, I believe that it was no more than a few weeks prior to March 10, 1995, on the 'Digitaliberty' discussion area.    http://www.skepticfiles.org/hacker/cud6105.htm   (Hence my reference to Digitaliberty in the essay; it wasn't until many weeks later that I'd heard of the 'Cypherpunks' list.)  My recollection that the person who initiated 'Digitaliberty', Bill Frezza, was interested in the use of technology for the development of 'liberty', although the first part of my AP essay apparently exceeded his tolerance for radicalism.  At some point somebody transported Part 1 of the AP essay to Cypherpunks, and informed me of the existence of CP; I acquired Internet access and joined the Cypherpunks list.     The acquisition and operation of nearby government spy locations was/is certainly not new.  Consider the case of Robert Hanssen,   http://en.wikipedia.org/wiki/Robert_Hanssen      While this Wikipedia article does not mention it, I read contemporaneously various news reports (2001) that said the government set up a spy location near Hanssen's house.  How far away that location was, those reports did not say.   Presumably, this was a standard tactic, and non-controversial. (At least in the case of actual criminality being suspected and investigated.)  The difference, in my case, was that not only did they not suspect me of any crime, they knew that I was innocent of any crime.  It is obvious, therefore, that they engaged in this activity not because of any crime (which, had it existed, would have made me a 'criminal') but because of my writing and publication of Part 1 of my Assassination Politics essay.  (Which made me 'an enemy', 'a dissident', an opponent of not merely the Federal government, but all governments everywhere.)  In other words, the government engaged in activities more appropriate for the former Soviet Union, and seemingly not for America.      One question that should be asked, is:  "What what the government did, acquiring that house at surveilling me from it, legal?"   They would presumably say, "yes".  But why wasn't that "stalking", within the meaning of the criminal statute?  After all, in November 21, 2000 I was accused of "Interstate Stalking", simply for going around, looking at various locations, not confronting (nor even seeing) anyone.  I was investigating things, because I knew that something was (and had been) happening.  Was I less entitled to do what I did, than what the government was to do what it did?  An inmate/informant named Ryan Thomas Lund (his recent activity:  http://www.localblotter.com/news/oregon/man-detained-on-multiple-counts/8340383.html  )  was instructed to attack me, which he did on November 25, 1997, because I was beginning to resist the plea agreement that I had been offered, and initially accepted.     Don't think that I didn't already suspect the house at 7302 Corregidor during that time.  In fact, I informed my (corrupt) attorney Peter Avenia  http://www.avvo.com/attorneys/98101-wa-peter-avenia-20216.html  of some of my suspicions.  (But, of course, I didn't know at that time Avenia was corrupt.)  Sometime about December 1, 1997, Avenia visited me at FDC Seatac jail and I told him of Lund's attack.  His answer?  "I don't know anything about.....that")  (Avenia was also Lund's attorney.)   And in about July 1998, after I was re-arrested, ostensibly for a 'supervised release violation', the prosecutor Robb London (who is currently the direction of communication at Harvard Law School  http://www.linkedin.com/vsearch/p?orig=SEO_SN&firstName=Robb&lastName=London&trk=SEO_SN  ) claimed that I 'said that the government was spying on him' [Jim Bell].   Which, of course, was true:  I DID suspect, and say, that the government was spying on me!   Problem is, London was using this bare assertion to justify me being sent to the Federal Medical Center at Springfield, Missouri, for a mental evaluation (!).  Another problem was, London didn't say I was _wrong_ when I said (or suspected) that.  (Without at least an allegation that I was wrong, what justification is it to claim that I asserted that the government was spying on me?!?  Is merely saying that I believed the government was spying on me enough to justify sending me to a mental evaluation?  Would an American's "suspecting" that all his telephone metadata and email was being copied by the NSA, prior to Snowden's allegations, constitute a justification to send that 'comrade' for a mental evaluation in Siberia...er...Springfield?)    And worse, I was not allowed to challenge the (implicit) allegation of falsity in my assertion that the government had been spying on me.  However, I used the situation (a hearing) to extract a promise (only partly kept) from Avenia that he would investigate my allegations.  Many months later, perhaps in February 1999, Avenia send investigator Sharon Callas to Vancouver.  Mysteriously, Callas was said to have 'disappeared' (or perhaps 'resigned') later.  I never saw the results of her investigation.  Later, in about April 1999, attorney Avenia resigned, but NOT at my request.  I suspected then, and still suspect today, that his resignation was triggered by something that Sharon Callas discovered during that investigation:  Perhaps she confirmed enough of my allegations that Avenia knew that I was correct.  http://www.shmoo.com/mail/cypherpunks/jun00/msg00154.shtml            So, what had been going on?  Presumably, the interest in me (including local spying) was NOT based on allegations of crime, or even suspected future crime, in March 1995.  In other words, no government law enforcement agency would have been legally entitled to spy on me.  Presumably, the spying that did occur was, itself, illegal:  And, had it become exposed (which it should have been if I had not been assaulted by Ryan Thomas Lund on November 25, 1997), the Federal government would have suffered an enormous hit of bad publicity.  This corruption must have been at an extremely high level:  The forgery of fake appeal case 99-30210, initiated secretly and kept from me for 10 months, with numerous forged documents filed (at least two ostensibly being from me, but they were also forged:  You can see them on PACER:   www.pacer.gov    9th circuit court.  One was docketed about November 10, 1999 and the other was docketed about March 4, 2000:   Both dates by my recollection).   That would have taken the cooperation of some very powerful people in the Ninth Circuit Court of Appeals, possibly including a few judges.   Further, every document filed in that case, from June 1999 through April 2000, was (illegally) not delivered to me when I was at FDC Seatac (until September 3, 1999) and when I was at FCI Phoenix from September 10, 1999 to my release on April 13, 2000.  Indeed, there were at least two pieces of certified mail described in the docket for case 99-30210 that were mailed to my then-correct address at FCI Phoenix, which didn't get to me, presumably they were stolen by BOP staff at FCI Phoenix.   (Not to mention my allegation that this entire docket was RE-forged once they learned that I had requested an appeal that I hadn't known was already in progress.)      Doesn't this begin to sound like the classic "government conspiracy" that people who don't like to talk about "government conspiracies" argue don't happen.  (Except rarely, say the Watergate incident in 1972).  One of the reasons that I look (way) down on a few of the doofuses around here (CP list) who don't seem to 'like' me is that they apparently take that position without taking the trouble to read my 2003 lawsuit (02-1052; Portland Federal Court) and learning what I allege the government and its minions did.  It will be interesting to see if any of them step up, apologize, and say, "Sorry, Mr. Bell, we didn't know..."      Jim Bell                      "jim btc tipjar"      1AzNPQ1NhiD9uG1hU5g5Kdaccb88Dus2Bo      ________________________________ From: brian carroll To: cypherpunks at cpunks.org Sent: Thursday, January 2, 2014 10:04 AM Subject: Re: Fw: Hi, I'm from the government and I'm here to screw you > Any questions? observation:  with regard to illegal and fraudulent tactics used in your prosecution, court case, appeal, etc. it is wondered if the corrupt actions of individuals may go beyond a severawl government employees acting this way in isolation, and instead involve a hidden or structural approach, such as a domestic FISA-like program, where their actions are protected and so they are not concerned with issues of their own wrong doing because they are acting as part of a larger organized, coordinated effort. perhaps beyond normal processes though still 'legal' due to secret laws or secret hearings or decisions allowing this activity to occur. it seems more likely that activity like this is signed-off-on by someone with authority than not, unless there is total lawlessness within government and bureaucracy. i do not know enough to know though tend to believe the fraudulent activities must be structural not anomalous, given their coordination and purpose to convict and create endless problems with the bureaucracy. about the V2V cars- what is the likelihood that automobiles are _not tagged in some way, just like computers, given that location or other data is critically important and perhaps more easily accessible or tracked outside of a particular environment, say run-ups to meetings or whatever, the timeliness of data as it approaches a meeting point, thus ramps up in criticality, say if a cellphone conversation decides actions minutes before an encounter. or, to scan a city for someone via satellites, pinging the missing submarine from satellite. given highest priority to own every computer, how likely is it that vehicles are not already being tracked, regardless of 'known technology' that then brings this tracking into the open. even if via passive means, giant RFID in the sky/net, say serial #s that reflect back with vehicle title databases, mapping geographies this way, 100,000 vehicles return signals, as if looking at asphalt and concrete heavens using astronomy software to parse star/car-names. either installed in new vehicles by default, or when serviced if a focused customer. perhaps not advanced beyond passive ping, though are vehicles really driving around autonomously besides redlight cameras and speed traps? doubt it. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 17256 bytes Desc: not available URL: From griffin at cryptolab.net Thu Jan 2 12:15:50 2014 From: griffin at cryptolab.net (Griffin Boyce) Date: Thu, 02 Jan 2014 15:15:50 -0500 Subject: [cryptography] To Protect and Infect Slides In-Reply-To: <52C5B1E4.9000205@appelbaum.net> References: <4dcbb04f7c2c485eb43d18e222b0f9a8@cryptolab.net> <20131231051456.GC25536@order.stressinduktion.org> <52C3257D.6000707@appelbaum.net> <52C5B1E4.9000205@appelbaum.net> Message-ID: <657683b1b8b8db7fc51e62c9b9199911@cryptolab.net> Il 02.01.2014 13:37 Jacob Appelbaum ha scritto: > > I'm less interested in the payload than how it is deployed - are the > Apple signing keys only controlled by Apple? Not exactly. There are more moving parts to Apple signing certificates and keys than most people realize. The process for signing an app is: 1) generate a private key, 2) use that to generate a Certificate Signing Request (which you send to Apple), 3) Apple sends you the approved certificate (automated process), 4) convert that file to (.pem/.cer), 5) generate p12 file using that cert and your private key (and its password) together, 6) generate the provisioning file to actually build the signed app in xcode. While that seems like an arduous and in-depth process, getting signed malware only requires a $99 payment to Apple and a super basic "application process" to become an Apple developer. One could probably get more mileage by distributing malware that disables signature check. > Do they fall under the business records provision of the PATRIOT act? Probably, considering that AFAIK Lavabit's SSL cert was considered such when it was ordered turned over. Open source that shit, Griffin From jamesdbell8 at yahoo.com Thu Jan 2 16:34:58 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Thu, 2 Jan 2014 16:34:58 -0800 (PST) Subject: Fwd: Fw: Hi, I'm from the government and I'm here to screw you In-Reply-To: References: <52C4D85E.80300@pacifier.com> <1388654131.8008.YahooMailNeo@web141202.mail.bf1.yahoo.com> <5ee7aa131f9abf8cb17931c6d70c2354@smtp.hushmail.com> Message-ID: <1388709298.54641.YahooMailNeo@web141204.mail.bf1.yahoo.com> From: brian carroll ---------- Forwarded message ---------- >From: CJ Knight >Date: Thu, Jan 2, 2014 at 4:08 PM >Subject: Re: Fw: Hi, I'm from the government and I'm here to screw you >To: brian carroll >Hi Brian, and happy new year. Thanks for another thought provoking post. >A few things you might not be aware of happening over here in Europe, >specifically the UK: >We have ANPR (Automatic Number Plate Recognition) cameras in place on >every motorway junction, plus all major roads. They aren't advertised, >they look like plain grey boxes, but people are slowly catching on to >what they do, and how much they see. A journey from one end of the >country to the other can be tracked in real time. About 17 years ago I first learned about "3M louvered film"  http://solutions.3m.com/wps/portal/3M/en_US/AutomotiveDisplay/Solutions/Products/ReflectionControlFilms/ , an extruded sheet product with tiny "louvers" of black plastic, separating clear plastic blocks.  The purpose of this product was to block light passing through at a greater-than-desired angle. (the limiting angle can be varied by buying different models of material.)  If a sheet was placed over a license plate, with the 'louvers' horizontal, the plate cannot be read if the camera is viewing the scene at a too-high elevation.  (alternatively, or in addition, a second sheet of vertical louvers can be placed in front or back of the horizontal louvers, which would prevent the plate from being read from a camera at a too-high azimuth:   the an angle, on the horizontal plane, from the side of the road).           Jim Bell "jim btc tipjar"      1AzNPQ1NhiD9uG1hU5g5Kdaccb88Dus2Bo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2847 bytes Desc: not available URL: From coderman at gmail.com Thu Jan 2 17:01:56 2014 From: coderman at gmail.com (coderman) Date: Thu, 2 Jan 2014 17:01:56 -0800 Subject: [liberationtech] Recent Der Spiegel coverage about the NSA and GCHQ In-Reply-To: <52C60659.2020708@appelbaum.net> References: <52C60659.2020708@appelbaum.net> Message-ID: On Thu, Jan 2, 2014 at 4:37 PM, Jacob Appelbaum wrote: > ... > I wanted to write to highlight some important documents that have > recently been released by Der Spiegel about the NSA and GCHQ. We worked > very hard and for quite some time on these stories - I hope that you'll > enjoy them. second only to BULLRUN drop; thank you! > ... > OLYMPUSFIRE: > > http://www.spiegel.de/fotostrecke/nsa-dokumente-so-knackt-der-geheimdienst-internetkonten-fotostrecke-105326-13.html off by one error; this is "VALIDATOR" the OLYMPUSFIRE doc is at: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-knackt-der-geheimdienst-internetkonten-fotostrecke-105326-14.html > ... > There are quite a few news articles and most of them have focused on the > iPhone backdoor known as DROPOUTJEEP - they largely miss the big picture > asserting that the NSA needs physical access. This is a > misunderstanding. The way that the NSA and GCHQ compromise devices with > QUANTUMNATION does not require physical access - that is merely one way > to compromise an iPhone. Generally the NSA and GCHQ compromise the phone > through the network using QUANTUM/QUANTUMNATION/QUANTUMTHEORY related > attack capabilities. thank you as well for this clarification. keep it up :) best regards, From electromagnetize at gmail.com Thu Jan 2 15:44:06 2014 From: electromagnetize at gmail.com (brian carroll) Date: Thu, 2 Jan 2014 17:44:06 -0600 Subject: phenomenologic (urls) Message-ID: // note about previous urls list ideas and concepts: copyright-free... (disclaimer: ideas and concepts in my cypherpunks posts can be put to use and extended by others, including for product improvements and product development. there is no patent, copyright or other restriction, including no requirement of monetary compensation for application of these ideas which are intended to provide constructive feedback for the improvement and refinement of involved tools, ecosystems, technologies, processes. saying this so lawyers do not prevent related experiment, exploration, innovation, advancement.) --- on search --- URL/URI as new library card catalog system, hunt & peck for data 'organization' via Google akin to this, front-end sans knowledge, structure hidden from view, no benefit - all the data relations; basically a memory-locating device, internet as disk sector R/W; no integrated ideas on the internet, all atomized, local particles ..........urls.......... [video] Volcanic lightning captured in a bottle // wild! http://www.newscientist.com/article/dn24792-volcanic-lightning-captured-in-a-bottle.html // f a s c i n a t i n g Earthquake lights linked to rift environments, subvertical faults http://phys.org/news/2014-01-earthquake-linked-rift-environments-subvertical.html "Timing and distance to the epicenter vary widely. Most EQL are seen before and/or during an earthquake, but rarely after, suggesting to the authors that the processes responsible for EQL formation are related to a rapid build-up of stress prior to fault rupture and rapid local stress changes during the propagation of the seismic waves. Stress-activated mobile electronic charge carriers, termed positive holes, flow swiftly along stress gradients. Upon reaching the surface, they ionize air molecules and generate the observed luminosities." basic info: Earthquake light http://en.wikipedia.org/wiki/Earthquake_light --- paradigms --- Welcome to the Age of the Upgrade Everyone is an early adopter now, and it is glorious http://www.theverge.com/2013/12/31/5261042/welcome-to-the-age-of-the-upgrade comment: i was reading the above article and started to disagree with the analysis perhaps not understanding its viewpoint, though it is an interesting question to consider. reminds of the role of change in establishing new cultural relations, these before software, perhaps in some way related to the idea of upgrade, though also huge cultural shifts in approach and functioning that today seem to operate in other scales or degrees. the largest shift, in terms of my research, was pre- to post-electrification. which was the ur- or uber-upgrade path for individual and civilization. this shift could be seen culture-wide as it was happening. notable was the change in watches available in catalogs, from old windups to quartz, battery-based mechanisms, and then full-on digital interfaces that visually moved from an analog dial (related to the circular day/night cycle) to digital (simple 7-segment display of LED to eventual liquid crystal display, tending towards HIOX display matrices). so that structure of 12hrs mapped to day and night becomes lost to simple views of numbers (1:24, 9:19) when a sign or indicator then says 'am/pm' as this cyclical indicator. L. Mumford had very interesting observations about the clock, its development, in how it once related to nature and then replaced it, day & night becoming lost to time of the non-stop machinery. watches are quite interesting, wonder if anthropologists might delve into this someday, where wind-up mechanism of expensive wristwatches with watch winders still are in use as status symbols of earlier value system of the art of watchmaking, commoditized, fetishized today in era of mainly electronic, mass produced versions. lots here in terms of culture, values, relations. skills, tradition, change, viewpoints. then, emerging 'smart watches' to arrive in this situation, transforming another artifact into a 'computer' (as with CRT->HDTV, refrigerators, toasters, etc). question then might be: does the transition from old watch technology, non-electric, to the electronic version constitute an upgrade. just as, old wash basin and clothes scrubber and clothing line, to washing machine and clothes dryer. i think it does. this is electrification and then a follow-on, advanced level (qua 'composite' order) of computation as further structure and detailing or pre-electric tools, techniques, technologies, artifacts, processes. in another way, more subtle, something like a horse-drawn carriage and an automobile, though it seems this is about animals and combustion engine locomotion (oil power) and not of an electrical paradigm- and yet it is the spark plug and battery that are vital to its design and that developed into support system for a/c, radio, power windows, lights, etc. yet it is an embedded system, as if electrical system is subconscious in certain technologies more than in others (who even thinks of the spark plug as electrical device, in sustaining combustive explosions to move vehicles, meaning non-experts who drive cars in general population). so perhaps there is ambiguity in that electrical subsystems are structural or even hidden away from view. do people understand their cars or watches as technology? are they literate about how they work, in the same way as how the world is fit together in its physics, etc. in most cases, no. this is not something taught to people in an educational setting. non-issue. music provides what may be a most accessible view of this situation, of a paradigm shift as it may relate to the idea of upgrade, in that the folk music tradition of acoustic guitar then was challenged by use of electric guitar by Bob Dylan, upsetting the sensibility of how music was conceived of in terms of cultural values mapping to certain instruments and their sound. or something approximating a given understanding that was then brought into question by going outside those parameters, via electrical guitar. never mind that microphones are used and amplifiers, also electric, in ordinary stage situations. so issues of audio reproduction are already in the mix (hah), including sound stage audio mixing, cables, recording performance and playback via records, magnetic tapes. and so the magnetic pickups on the electric guitar apparently was sacrilege to some, and transformed a particular relation to music, sound, song, and it seems that Dylan was at the pivot point of these various cultural forces. (so too, if not mistaken, his father was an electrician.) was this use of electric guitar over miked and amplified acoustic guitar an upgrade of sorts, in terms of music instruments. is it a choice or a necessity, in certain frameworks. is there some momentum, that changes the parameters or the consideration, solutions for pending or other scenarios, where it is an improved approach (thus, perhaps innovation). aesthetically, within a context of music, did the electric sound capture some ineffable essence otherwise out of reach of acoustic instruments to convey, perhaps harshness or technical tones or detachment or some other ephemeral quality or condition that then more readily aligned with situations and consciousness, &c. so pre-electric to electric instrument (ie. electronic to electronics-based), is this also in some sense about upgrades, or an upgrade path. pre-electric dwelling to electric dwelling...computerized-dwelling, etc. so, in terms of typologies, and types of instrument, the piano in its acoustic form then becomes the synthesizer, both analog circuits and digital eventually, with associated different sounds, aesthetic outputs. _everything, basically, existing in this context, such that while an acoustic instrument could still be used, it exists in an electrical/electronic ecosystem, as said with mics, amps, mixers, cables, recording and playback technology, today with computers that themselves become the music production tools (midi controllers, music software) though much of it in the data paradigm of calculation, the calculator, as with the computer. not advancing in thinking beyond first conception of processing, not delving further than this. and so 'language' of tools is all over the place yet incredibly shallow in terms of investigating the deeper principles and structures of music likewise, the musicological is absent from this condition of 'electrical instrumentation' which has been overtaken by dysfunctional tools and equipment, legitimated and allowed by 'computer bugs' that prevent use of instruments in the way music requires, in order to access and develop musical ideas, versus techniques of production- as if making a webpage, using music software to create songs. procedural, with switches and buttons on ~instruments, formatted to parameters to further creation of beats and rhythmic structures of hip-hop, rap, soul, r&b, etc. this finite categorization, determining what can be created, by limiting the interface and choices to already known _language, the signage replacing the truth of music, repeating previous signage as if creating new music &c. so it begins to be a downgrade, a loss of ability and capacity over time, which i think the article was getting at, as if each new gizmo and feature is an upgrade or advancement, or every new technology or option. and instead it can be a deterioration if not understood else if subverted. losing quality, losing connection, losing sound, aesthetics, communication, etc. yet having all the switches and buttons, calculate whatever you want, in those parameters. while the parameters needed do not exist, were never developed, this as invisible barrier. it seems that electrification was this massive upgrade, and then other aspects carry it further such as computation as a next-level feature set, that depending on implementation could involve real innovation (via insight, quality, economy) or loss of cohesion in the design or its purpose, making it frivolous or trivial or confused. the purpose or integrity lost with changes. and yet time moves on and things change, so does a given approach or solution survive, adapt and find its legitimacy or become outdated, out of touch, removed from what actually exists and is caught in time, the past, as antique, portal to another world, view, belief system, and values that no longer map into the present or future the same. 'upgrade' then is like pre-electronic to 'electronic' device, though with 'nano' or 'genetic' or 'laser' or 'MIDI' or ECC or any number of features or details that could be incorporated into an existing approach or design, successfully or not, extending or adapting its purpose, moving into a higher fidelity connection, access, insight, or becoming askew, warped by this march to progress that may in its being ill-defined, not understood, mismanaged, or maldeveloped then lead to a devolved functioning that can also become a basis for cultural control, the incapacitation and incapability of doing things with tools, a form of censorship even by the way things do not and cannot work or function correctly, due to such automatic upgrades that may function in hidden ideological terms, serving political, economic, social forces unseen or unacknowledged or unrecognized. therefore, potentially another realm of tyranny that could be embedded in tools, via how they are or are not developed, in what parameters, in service or denial to what values (money or truth). is all your stuff broken like mine? THE FUTURE! --- security issues --- comment: if the NSA will intercept an e-commerce package to modify it for mass surveillance or worse, to break it or cause malfunctioning to force censorship-- what would they do to food that is delivered to targets via online grocers? what restricts extreme unethical and behavioral influence to 'force confessions' as with medieval rituals for persecution, whereby any evidence is basis for conviction, even if engineered. what if it is already commonplace, and this is the context for judgement. 'law' enforcing/forcing these dynamics by default of non-accountable marionette strings involved in shaping false situations as dioramas, tableaus. --- NSA & AAPL --- Apple Denies Working With NSA on iPhone Backdoor Unaware of Alleged NSA Program Targeting its Products http://online.wsj.com/news/articles/SB10001424052702303453004579292532452727884 quote: "Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone," the company said in a statement. "Additionally, we have been unaware of this alleged NSA program targeting our products. We care deeply about our customers' privacy and security. Our team is continuously working to make our products even more secure, and we make it easy for customers to keep their software up to date with the latest advancements." (comment: only reasonable explanation for exploits is they hire NSA as programmers and engineers, thus plausible deniability. also: if blackops, how to know if a CEO is not NSA?) [quote] Fresnel zones http://en.wikipedia.org/wiki/Fresnel_zone "If unobstructed, radio waves will travel in a straight line from the transmitter to the receiver. But if there are reflective surfaces along the path, such as bodies of water or smooth terrain, the radio waves reflecting off those surfaces may arrive out of phase (by reflecting off an a surface within an even Fresnel zone) with the signals that travel directly and reduce the power of the received signal. On the other hand, the reflection (off a surface within an odd Fresnel zone) can enhance the power of the received signal if the reflection and the direct signals arrive in phase. Sometimes this results in the counter-intuitive finding that reducing the height of an antenna increases the signal-to-noise ratio." ::::: TYPO ::::: 3d printing & typography https://www.google.com/search?q=3d+printing+and+typography&client=firefox-a&hs=wqT&rls=org.mozilla:en-US:official&source=lnms&tbm=isch 4D typography http://www.dezeen.com/2012/06/30/4d-typography-by-lo-siento/ Gödel, Escher, Bach http://en.wikipedia.org/wiki/G%C3%B6del,_Escher,_Bach Make your own Mymo {monogram} with any two letters or numbers http://www.mymo.is/ other http://assets.thecreatorsproject.com/blog_article_images/images/000/023/985/arkitypo-h_detail_em.jpg?1328553000 http://assets.thecreatorsproject.com/blog_article_images/images/000/023/994/arkitypo-n_detail_em.jpg?1328553292 print http://www.google.com/imgres?client=firefox-a&sa=X&rls=org.mozilla:en-US:official&biw=1184&bih=746&tbm=isch&tbnid=zyIJNkzsYb3qRM:&imgrefurl=http://roseledgard.wordpress.com/2012/04/04/453/&docid=AgMuUVuue2UNmM&imgurl=http://roseledgard.files.wordpress.com/2012/04/3d-prints002.jpg&w=3264&h=2448&ei=_w3CUq-oPJPnkAeysoGADA&zoom=1&ved=1t:3588,r:87,s:0,i:351&iact=rc&page=5&tbnh=184&tbnw=259&start=74&ndsp=20&tx=63&ty=14 typographer http://doisminutosemeio.files.wordpress.com/2009/06/m1.jpg http://www.designersjournal.net/wp-content/uploads/2012/09/GOB_01.jpg http://istenbizony.hu/wp-content/uploads/2011/04/Gemma-OBrien-2.jpeg http://www.youshouldliketypetoo.com/wp-content/uploads/2009/06/gemma-berlin-1-400x266.jpg http://redcatblog.com/wp-content/uploads/2009/08/gemma_obrien_01.jpg http://3.bp.blogspot.com/_kHy3VMMHaFo/TNnJsh1ttGI/AAAAAAAAA40/m7xQcSEdbY8/s1600/g1.jpg http://2.bp.blogspot.com/_Ce590EA7O2M/TFARgcKi-bI/AAAAAAAAALA/vU9qAt5Wqcw/s1600/fortheloveoftype2.jpg http://allanpeters.com/blog/wp-content/uploads/lovetypo_1.jpg http://farm3.static.flickr.com/2100/3551093803_370386fdf5.jpg?v=0 http://cdnimg.visualizeus.com/thumbs/56/6c/566cecee525c6c6b8418cf27466128d0_i.jpg http://designhistorykingscliff.files.wordpress.com/2012/04/gemma-at-typo-berlin.jpg http://www.typoberlin.de/2009/img/103872_MrsEaves_headshot.jpg .-.-.-.. (note: living amongst trees of electrical forest) https://www.japlusu.com/sites/default/files/styles/news-summary/public/JAU_Venice-Biennale-Japan-Pavilion04.jpg http://www.architecture.org.au/images/stories/news/1210/1210e4.jpg http://www.pinterest.com/pin/244601823483102763/ http://jto.s3.amazonaws.com/wp-content/uploads/2013/01/fa20130117t1a-281x348.jpg http://www.bustler.net/images/news2/winners_2012_venice_biennale_16.jpg -';;/ kllyder fnkn ]\.:/ A. Vortex Polarities http://pondscienceinstitute.on-rev.com/imagesCOS/67.GIF B. https://www.google.com/search?q=spiral+rock+art&client=firefox-a&hs=26H&rls=org.mozilla:en-US:official&channel=np&tbm=isch (http://pondscienceinstitute.on-rev.com/svpwiki/tiki-index.php?page=vortex) --- Apple, Inc. --- after the announcement of the death of Steve Jobs there was a tremendous flurry of viewpoints about his contribution to computing, his fundamental role. some of the belief it amounts to marketing-only, taking others ideas and repurposing and selling them as if the originator. in some way, as if part of his unique capacity was this skill, this way of conveying and presenting the equipment, speaking to an audience. this as a cultural event. as this relates also to showmanship that is also controversial in how the claims are evaluated. i believe Steve Jobs was as aesthetician. that his was a philosophical approach to technology that results in artifacts others related to in a similar framework, in terms of their design values. that the artifact itself was his unique focus, questions of technology, not just mass production. choosing what parameters to prioritize or considering options within extended frameworks, such that tools were situated in a structural ecosystem. having control over shaping this. and having people relate viscerally to it, if it matched their values and sensibility, ease of use, joy. design excellence, etc. these words do not actually convey what i hoped to say (my computer auto-crashed due to hack attack and lost original wording of this section, cannot regenerate due to memory loss issues). though the idea that Jobs was an aesthetician is to question the view that he was a technologist as other developers of technology. something else was going on with regard to culture that was not comparable with other approaches. notably, his value for the art of calligraphy as it would translate into software and hardware tools. for media creation and playback. not so much information management or organization, though interface indeed. the problem of the file cabinet remains and thus hardware advancements while inside of the data container remains stuck at the beginning in terms of modeling of ideas. it seems Jobs likely knew this and the computers of today are a result of accommodating the combined forces at work in the culture, and maybe innovations occurred where they were possible, and there is more to the story of how computers function and cannot function than is currently known. what people cannot refute is this aesthetic contribution and insight, this value kept alive within technology and tools, within certain parameters, that map into artifacts that please its users. as if beautiful functional pottery of a given culture worldwide from 1985-2010, etc. its the design that is more than a local or fragmentary question, its the understanding and awareness brought into the questions and evaluation and shaping of the technology, the tools, processes. and this is perhaps one of the prominent and obvious examples of the role and value of aesthetics in culture, at the same time culture has been removed of this traditional structure of relations, the knowledge needed to sustain it, the education and ideas and social connections now absent, it cannot be taught by a book, it has to be lived. in this way, the uniform of jeans and turtleneck indicating an ascetic aspect to the aesthetic, a commitment to resolution of certain parameters or routines and arriving at solutions or ways of doing things or attaining desired functioning. and i think that may effectively be lost in culture, today into tomorrow. it has not been sustained as a value. even while people respond to it and value it immensely. the knowledge and awareness have been lost to other priorities and agendas. ideas have to matter. the less they do, the more the tools and artifacts reflect this, develop it, further away from truth. now what if every parameter of computing was approached at this level. and every tool and artifact were designed to optimal functioning and of highest quality and capacity, versus the ruling junk economy and ideology of planned obsolescence, all manufacturers seemingly involved. something is preventing this. limiting its ability to exist as a shared goal. until that is resolved then such situations as what exists, contributions towards, reminders of what could be possible. --- em archery --- Full Flight Technology Velocitip Electronic Archery Tuning System http://www.amazon.com/Full-Flight-Technology-Velocitip-Electronic/dp/B00BT8J2G0 [note: consider use for sending data or sensors, infiltration, etc] // plasma actuator for shaping aflow over & around vehicle... Change in geometry improves aerodynamics http://phys.org/news/2013-12-geometry-aerodynamics.html --- artworks --- Hear the sound of the Earth moving from the deepest hole on the planet http://www.theverge.com/2013/12/31/5260806/sound-of-the-earth-recording-lotte-geeven -more- http://www.cemetiarthouse.com/files.php?type=respage&id=6 http://trendbeheer.com/wp-content/uploads/2010/06/a19.jpg http://www.booooooom.com/wp-content/uploads/2009/04/lotte_geeven_02.jpg http://2.bp.blogspot.com/-KphCchD5QU4/URLa3KbNOvI/AAAAAAAAGFc/QkbhsceOK6k/s640/Lotte_geeven_4.jpg -other- http://www.moira-utrecht.nl/pictures/tonivantiel/toni-van-tiel-flyer-vk.jpg http://hotelmariakapel.nl/wp/wp-content/uploads/2013/10/tumblr_msy46hvMlX1ryremoo1_1280.jpg 'Magnetophone' sculpture turns electromagnetism into beautiful noise http://www.theverge.com/2013/12/21/5232684/magnetophone-sculpture-turns-electromagnetism-into-music --- nightsky observation --- star trails http://www.flickr.com/photos/alexandra4/11684224513/in/photostream/ animation http://www.flickr.com/photos/alexandra4/11684674826/sizes/o/ --- homologues --- Drip instabilities of continental lithosphere: acceleration and entrainment by damage http://onlinelibrary.wiley.com/doi/10.1111/j.1365-246X.2012.05398.x/abstract Keywords: Instability analysis; Dynamics of lithosphere and mantle; Mechanics, theory, and modelling; Rheology: crust and lithosphere; Rheology: mantle Pressure ridge (ice) // context: regarding icebreakers http://en.wikipedia.org/wiki/Pressure_ridge_%28ice%29 (note: the idea of different points (A-B, C) and passages, made accessible temporarily or as lanes that open and close, and then other viewpoints of this (C) that are indirect in relation, as structures or flows may influence interaction, via geography, stress, strain, phase change) Organizational behavior http://en.wikipedia.org/wiki/Organizational_behaviour "Organizational behavior is a field of study that investigates the impact that individuals, groups and structures have on behavior within an organization for the purpose of applying such knowledge towards improving an organization's effectiveness" Household archaeology http://en.wikipedia.org/wiki/Household_archaeology (note: would be interesting to examine change in routines and tasks of household since introduction and incorporation of computer into daily living environments, how activity has changed, social relations, work, shopping, etc. this in anthro/archeo analysis, in terms of artifacts, mapping relations across layers, getting into massive analysis of combined data. everything from sleep issues with blue light of screens influencing body clock rhythms to electricity use, radiation exposure levels, foci of the house (fireplace->tv-> computer), electriciation of dwelling (appliances, time, scheduling), rituals, beliefs, worldview, etc.) // galvanic corrosion, process similar to electrochemical battery Builder Blames Navy as Brand-New Warship Disintegrates / digg? http://www.wired.com/dangerroom/2011/06/shipbuilder-blames-navy-as-brand-new-warship-disintegrates/ "~Independence‘s corrosion is concentrated in her water jets — shipboard versions of airplane engines — where steel “impeller housings” come in contact with the surrounding aluminum structure. Electrical charges possibly originating in the ship’s combat systems apparently sparked the electrolysis." 'Military-Style' Raid on California Power Station Spooks U.S. http://complex.foreignpolicy.com/posts/2013/12/24/power-station-military-assault#sthash.Mwt2pG5c.dpbs Revealed: The Soviet Union’s $1 Billion ‘Psychotronic’ Arms Race with the US / via gizmodo https://medium.com/the-physics-arxiv-blog/1b0b3d97df54 ref. Unconventional research in USSR and Russia: short overview http://arxiv.org/abs/1312.1148 quote: "This work briefly surveys unconventional research in Russia from the end of the 19th until the beginning of the 21th centuries in areas related to generation and detection of a 'high-penetrating' emission of non-biological origin. The overview is based on open scientific and journalistic materials. The unique character of this research and its history, originating from governmental programs of the USSR, is shown. Relations to modern studies on biological effects of weak electromagnetic emission, several areas of bioinformatics and theories of physical vacuum are discussed." {educational fair-use of copyright, 2013} 12-8 100-360 7-170 From electromagnetize at gmail.com Thu Jan 2 15:50:48 2014 From: electromagnetize at gmail.com (brian carroll) Date: Thu, 2 Jan 2014 17:50:48 -0600 Subject: Fw: Hi, I'm from the government and I'm here to screw you In-Reply-To: References: <52C4D85E.80300@pacifier.com> <1388654131.8008.YahooMailNeo@web141202.mail.bf1.yahoo.com> Message-ID: Sean Lynch wrote: > even if you...ride a bicycle or walk everywhere. given NSA interdiction of e-commerce shipments to plant bugs and subvert functioning, you really think bicycles are not implanted with bugs of those targeted, for similar tracking, or e-commerce shipped shoes are beyond interest of tracking with implants. it seems highly probable that degree of tracking is going on for those who are targeted via infrastructure. if they can track a cellphone via, say streetlight or traffic light sensor systems, certainly rfid in shoe or other hidden sensors say in bicycles could likewise be very useful, beyond cameras, transponder- like, especially if without phone. i think things are way beyond the limits of visual surveillance, other sensing/tracking involved. From electromagnetize at gmail.com Thu Jan 2 15:55:20 2014 From: electromagnetize at gmail.com (brian carroll) Date: Thu, 2 Jan 2014 17:55:20 -0600 Subject: Fwd: Fw: Hi, I'm from the government and I'm here to screw you In-Reply-To: <5ee7aa131f9abf8cb17931c6d70c2354@smtp.hushmail.com> References: <52C4D85E.80300@pacifier.com> <1388654131.8008.YahooMailNeo@web141202.mail.bf1.yahoo.com> <5ee7aa131f9abf8cb17931c6d70c2354@smtp.hushmail.com> Message-ID: ---------- Forwarded message ---------- From albill at openbuddha.com Thu Jan 2 18:28:48 2014 From: albill at openbuddha.com (Al Billings) Date: Thu, 2 Jan 2014 18:28:48 -0800 Subject: [liberationtech] Recent Der Spiegel coverage about the NSA and GCHQ In-Reply-To: <28EC1BF3D89E2F6C5F2EB134@F74D39FA044AA309EAEA14B9> References: <52C60659.2020708@appelbaum.net> <52C60E75.9000403@appelbaum.net> <28EC1BF3D89E2F6C5F2EB134@F74D39FA044AA309EAEA14B9> Message-ID: <276ED308-4FF0-4422-8E34-0BCFFF8CC0B4@openbuddha.com> Yeah, good luck with that. On Jan 2, 2014, at 6:16 PM, Juan Garofalo wrote: > actually, that's the only useful thing do. > > 'sabotage' fucking american companies - companies that, for starters, > should never have been 'trusted', at all. Al Billings albill at openbuddha.com http://makehacklearn.org From jacob at appelbaum.net Thu Jan 2 10:37:24 2014 From: jacob at appelbaum.net (Jacob Appelbaum) Date: Thu, 02 Jan 2014 18:37:24 +0000 Subject: [cryptography] To Protect and Infect Slides In-Reply-To: References: <4dcbb04f7c2c485eb43d18e222b0f9a8@cryptolab.net> <20131231051456.GC25536@order.stressinduktion.org> <52C3257D.6000707@appelbaum.net> Message-ID: <52C5B1E4.9000205@appelbaum.net> Jeffrey Walton: > On Tue, Dec 31, 2013 at 3:13 PM, Jacob Appelbaum wrote: >> Kevin W. Wall: >>> On Tue, Dec 31, 2013 at 3:10 PM, John Young wrote: >>> >>>> 30c3 slides from Jacob Appelbaum: >>>> >>>> http://cryptome.org/2013/12/appelbaum-30c3.pdf (3.8MB) >>>> >>> >>> And you can find his actual prez here: >>> >>> >>> Worth the hour, although I'm sure your blood >>> pressure will go up a few points. >>> >> >> I'm also happy to answer questions in discussion form about the content >> of the talk and so on. I believe we've now released quite a lot of >> useful information that is deeply in the public interest. >> > It looks like some of your observations were unsettling to some folks > at Cupertino: "Apple denies working with the NSA to compromise iPhone > security", http://www.bizjournals.com/sanjose/news/2013/12/31/apple-denies-working-with-the-nsa-to.html: > > Today, Apple denied helping to create DROPOUT JEEP, > saying it had no knowledge of the exploit and remained > committed to its customer's safety. Did anyone ever claim that they helped create DROPOUT JEEP? > > Par for the course I suppose... gotta love carefully crafted press releases. I'm less interested in the payload than how it is deployed - are the Apple signing keys only controlled by Apple? Do they fall under the business records provision of the PATRIOT act? The QUANTUM documents do not sound very good for ios users: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-uebernimmt-der-geheimdienst-fremde-rechner-fotostrecke-105329-24.html http://www.spiegel.de/fotostrecke/nsa-dokumente-so-uebernimmt-der-geheimdienst-fremde-rechner-fotostrecke-105329-25.html All the best, Jacob From electromagnetize at gmail.com Thu Jan 2 17:25:16 2014 From: electromagnetize at gmail.com (brian carroll) Date: Thu, 2 Jan 2014 19:25:16 -0600 Subject: Fw: Hi, I'm from the government and I'm here to screw you In-Reply-To: <1388704140.67119.YahooMailNeo@web141202.mail.bf1.yahoo.com> References: <52C4D85E.80300@pacifier.com> <1388654131.8008.YahooMailNeo@web141202.mail.bf1.yahoo.com> <1388704140.67119.YahooMailNeo@web141202.mail.bf1.yahoo.com> Message-ID: Jim, correct me if i am wrong, what happened sounds like a criminal or conspiratorial prosecution occurring outside or beyond known law, a secret operation perhaps, that was a precursor to rolling-out this type of prosecution program at the larger scale in the present day, perhaps tied into NSA surveillance of populations- a canary in coalmine situation; same tactics, more empowered, nothing to stop it legally, and removing dissidents and unwanted viewpoints bit by bit i think you said this already though wanted to reiterate it in the expanded context, to see if it is an accurate summary (the mental illness trap ubiquitous, if not own families turning on children or each other, then teachers on students, etc. a different approach to forced censorship, silencing, and of reeducation, retraining, reprogramming. the perfect setup for takedown in unaccounted for parameters. labeled crazy without recourse to logically reason viewpoints: doomed.) From jamesdbell8 at yahoo.com Thu Jan 2 20:50:15 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Thu, 2 Jan 2014 20:50:15 -0800 (PST) Subject: Fw: Hi, I'm from the government and I'm here to screw you In-Reply-To: References: <52C4D85E.80300@pacifier.com> <1388654131.8008.YahooMailNeo@web141202.mail.bf1.yahoo.com> <5ee7aa131f9abf8cb17931c6d70c2354@smtp.hushmail.com> Message-ID: <1388724615.33793.YahooMailNeo@web141202.mail.bf1.yahoo.com> From: brian carroll [deleted] >Ford automotive, manufacturing plants of the earliest >assemblyline for car manufacturing, was based around >logistics of lining up, not only workers on the line to piece >together cars in a coordinated, orchestrated sequence, it >also involved movement of raw materials, their processing, >shaping of the steel, trains and railheads, smelters, and >electrical generation of power, such that the entire system >functioned as a gigantic machine, humans and technology >in fluid interaction and then figuring this out in total detail; >thus mass produced low-cost high-tech vehicles for sale     My father, Samuel Warren Bell Jr.,  worked for Ford between 1965-67.  One day, my mother took me and my sister on a tour of Ford's enormous River Rouge http://en.wikipedia.org/wiki/Ford_River_Rouge_Complex   plant, which was an example of those 'all in one' plants, assembling not only the cars but building the components.  At one point, the tour group came to a catwalk spanning a railroad track inside a huge building.  I, running ahead, climbed the catwalk and walked to the middle of the span, the tour following behind.  But just as I got to the middle of the catwalk, a huge metal door opened up, and a railroad flatcar came out, carrying a huge (40 feet by 8 feet by 2 feet, I'd estimate today) orange-hot ingot of steel, rolling on the railroad track.  It went directly under the middle of the catwalk, precisely below I was at the time.  Didn't Richard Pryor say, "Fire is inspirational!"  Well, it was for me! I didn't expect the updraft.       I guess I am walking in the steps of the same 'loyalty' shown by my father:  He once said that he was the only Ford employee to drive to work...in a Volkwagen car.  (not very politic in the mid-late 60's).     Incidentally, my father invented the "Dual Clutch Transmission".   Wikipedia  http://en.wikipedia.org/wiki/Dual-clutch_transmission   tells you that a Frenchman named Adolphe Kegresse invented it just before WWII, but says that he didn't make a working copy.  Neither did my father (who was unaware of Kegresse's invention), but he (as he was obligated to do) presented the design to Ford management about 1966.  Perhaps not surprisingly, in hindsight, Ford didn't want it.  (That was the era of $0.20/gallon gas, and virtually every automatic transmission had 3 forward gears.).  It wouldn't have done any good for him to patent it himself:  Had he obtained a patent in, say, 1968, that patent would have run out  17 years later, in 1985.  As stated in the Wikipedia article, "The first series production road car to be fitted with a DCT was the 2003 Volkswagen Golf Mk4 R32."           Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4137 bytes Desc: not available URL: From electromagnetize at gmail.com Thu Jan 2 18:53:47 2014 From: electromagnetize at gmail.com (brian carroll) Date: Thu, 2 Jan 2014 20:53:47 -0600 Subject: Fw: Hi, I'm from the government and I'm here to screw you In-Reply-To: <5ee7aa131f9abf8cb17931c6d70c2354@smtp.hushmail.com> References: <52C4D85E.80300@pacifier.com> <1388654131.8008.YahooMailNeo@web141202.mail.bf1.yahoo.com> <5ee7aa131f9abf8cb17931c6d70c2354@smtp.hushmail.com> Message-ID: hello CJ, i have heard the UK is the surveillance capital of the world, at least in terms of CCTV density and from what you indicate much further ahead with license plate readers at every juncture, where in this city, only a few intersections have automated license plate readers for speeding or red light ticketing, if not mistaken. perhaps this higher density is the future, then, that is attempting to be advanced as infrastructure itself, where each traffic light and eventually eventually every streetlight is a sensor base for such 'accounting tools' of the state (somewhat like voting in reverse, polling negative dynamics, ubiquitous surveillance infrastructure as new damocles sword) in the US there are radio frequency transponders for toll booths, and high-occupancy vehicle lanes (drive faster in special highway lane if multiple people in car) and black boxes for insurance. i do not have a motor vehicle though assume stickers include RFID for access and scanning, say for parking badges, etc. and then GPS and all that, cellphones, everything indicates an existing capacity to track, if these elements are active & functioning i was tending to think somewhat obliquely about this, such that, it is as if 'everything is above board' with surveillance tools, tactics, and techniques. as if it is in a catalog available as PDF, versus never on the books, that it is part of a black program or black project infrastructure. and this likely involves vehicles in some undocumented way, as would even be reasonable if the threat model involves needing to locate car Z without a person having a cellphone or transponder, who is going to detonate a nuclear suitcase, and you need to locate that car. and so under those circumstances, how do you do that, immediately compare and contrast an unequipped car, no gps, no cellphone, nothing. what is the likelihood that a car is driving around in this day without a signature that could be identified remotely, as if the car is some special autonomous platform for moving about, outside of a security context even, as if a special realm of privilege that is safe from surveillance. to me this is not very realistic as a starting point, given the larger context, and thus consider the lowly photocopier by contrast, or the basic printer used with a computer. even these devices are not autonomous. there are hidden watermarks that allow tracing and copies of any scans and printouts, that level of invisible tracking that could be activated/reviewed if need be in a security scenario so too, vehicles. with certainty. why would a piece of paper require such tracking and not a mode of individual transport. and must it require an add-on or is it a hidden functionality or parameter. must it be an overt, agreed upon, legislated device that is on the dashboard (say gps or cellphone else blackbox), or might it be invisible, built into the car itself, embedded as a hidden data parameter that can only be accessed by knowing how to access & read the output my view of this is civilizational, development of culture, in the framework of Lewis Mumford who placed technological events in a ecological context, as a series of processes in that various actions combine to result in a given artifact or tool, it is not made out of whole technological cloth, instead requires planning, logistics, assembly, and involves issues not only of design though also materials, procurement, etc in this way, mining, the going into the earth to get raw materials and resources that are refined into metals or separated into other elements, say diamonds for giant circular saw blades separated from stone, or also into geological surveying for natural gas, oil, water, steam in geophysics context for power generation, uranium. this is, like with the Bronze age, a leading, cutting edge of civilization, development, its technological advancement pre-uranium mining, post-uranium mining, consider how culture may have changed in awareness, capacity, etc. hydrogen, or other advances in science, tools, technology so, an artifact and assemblage/ecosystem of computers today are likewise tied into this process of mining, esp. of rare earth minerals, gold, silver, that make circuitboards and various transistor or other unique electrical insulator/ conductor, or magnetic properties harnessed to compute with, create screens and displays with, stronger metals Ford automotive, manufacturing plants of the earliest assemblyline for car manufacturing, was based around logistics of lining up, not only workers on the line to piece together cars in a coordinated, orchestrated sequence, it also involved movement of raw materials, their processing, shaping of the steel, trains and railheads, smelters, and electrical generation of power, such that the entire system functioned as a gigantic machine, humans and technology in fluid interaction and then figuring this out in total detail; thus mass produced low-cost high-tech vehicles for sale the economics where ecosystem-based dynamics, the calculus was figured out via Taylorist principles (related to electrical light and clocktime and machine efficiency) and so it was highly connected to this mining of material, which then flowed through this system, and eventually was output into a vehicle as product of the production process part of this issue of raw materials is that, they are valuable and oftentimes wars are fought over natural resources, so they are a leading edge of civilization or national development as they feed into the organization/organism that needs and requires that 'data' to flow into the system and be processed, as part of a transformative value chain that starts as another fragment and then combines with others into an integrated entity or design of some kind. this is somewhat like today, say where just-in-time manufacturing and FABs in Taiwan are used to limit production to only what is ordered for given computers, getting that level of control over production and use of resources, though still tied to fluctuating prices, yet also not in control of the total process, instead distributed or differentiated across various industries and geographies which is why the shipping container is perhaps so symbolic of world order, of ecosystem/ecological world-scale dynamic part of this situation is the securing of resources, which can have diplomatic or contested relations that potentially could threaten the state if lost, or benefit if more is gained so the military is likely highly connected with these realms, whether overtly or as substructure. they likely are attuned to the finest detail of parameters as it relates to state security or its planning and development. i do not believe they could feasibly be disconnected. most obvious oil. its relation to war. in other words, any natural resource that feeds into this system that sustains the state and the state requires for its security and ultimate survival is inherently in a military and defense context. these are not separate industries, in my view or understanding, because the military must have knowledge of how they function and be able to employ them in offensive and defensive scenarios, there is overlap between civilian and industrial and military, also hierarchy by law, such that these realms can be managed by the military in times of war, say for factories to produce other material such as car factories to make tanks, planes, weapons (cf. legally require PC manufacturers to install surveillance tools) so there is always the implicit relation between industries that access natural resources and develop them, that the military has a structural connection and can take over their management within certain parameters or goals aligned with war agendas, etc so imagine this as a layer that may not be overt or activated yet it is always present, always a potential variable in any given item or thing or situation to do with the state. anything. prostitution to drugs to canned soup to making placemats. it is a condition or existential situation of the state in relation to all of its dynamics, and how these could be changed in various situations and how they could be leveraged differently, for better or worse, given their management, orchestration as a single giant ecosystem now at world scale, perhaps beyond cold war boundaries and into another realm of organization, say humans vs. enemies if you take an infrastructure view (itself nearly totally military, roads and highways planned and built for military strategy, GPS, telecom) there is likewise a context in which vehicles exist and move about, that is inherently military and defense oriented, else perhaps indicates parallel or unknown systems that have priority and are related hierarchically with existing systems (spectrum allocations, for instance). so whether or not observable, ordinary spacetime & place already exist in this military context because it is managing the civilian area that has developed inside its parameters. as if nested set. or so it is assumed, based on 'security requirements' that there is another communications system, another GPS than only the consumer version, likely quantum computers existing beyond consumer technology for massive data processing, and various other hidden parameters that could suddenly begin to 'manage the chaotic situation' of the state in a defensive or war context - which is actually the legal situation that exists and has been signed off on by representatives of the state the aspect here is that it may not all be visible or need to be spoken about to exist as 'legal' in terms of defense or in a military context, especially say if the context involves that of insurgency and running counterinsurgency operations on home soil, where such dynamics cannot be acknowledged for security reasons - and yet if there was some aspect or weakness in the system as designed, that could actually in some fundamental way knowingly threaten the state in the way it exists -- it is probable some action would be required and would be taken to ensure it is dealt with, not ignored due to conventional rules, laws, consensus the military view in terms of defense and security is its own consensus, in a way that precedes voting of citizens. people and institutions who fight and die and defend are operating in different parameters than those who seek their own enjoyment or wealth firstly, as a state of mind and so, people may be obvious to this as a context, that they could be walking around in a war-zone that is passive or occurring within bureaucracy, because the situation has not been defined externally yet, the trigger has not occurred to divide the masses and so everything appears unified at the same time a real threat of terrorism exists in ambiguity my point was that, in this scenario, when there is a need to identify a given vehicle in a context of satellites and of antennas (50 yrs now), that it is probable that vehicle ID exists in some way that is a hidden parameter within the vehicle platform, some antenna or some burst transmitter that sends back a qr-code like signature if pinged, such that if need be, data could be gathered beyond having an active device requiring a battery to handshake signals if - that is, it is an actual threat to the state. having the ability to drive a car around without anyone being able to track it because a person avoids leaving a known trail, say by no use of cellphone, no gps. now this may be totally wrong. and maybe it requires a mechanic connected with special police operations to plant a bug or tracker on a targets car, yet in a context of mass surveillance and invisible antennas, given such priority to identification of items, down to paper and scans, how likely is it that a car is autonomous & not trackable? not in the context of rule of law of police. in the context of, there are no rules, a nuclear bomb is going off, the military is involved - what are the options... "you cannot find the car? WTF do you mean you cannot find the car?!" i do not believe that is going to be unthought about by the manufacturers who may have a military dimension or review of the security or defense issues involved if it were necessary or could be implemented without any legal or other issues, of use only in a layered threat model where it is legal yet hidden, for such tracking if it does not exist, it probably should exist and would be frightening if it did not, in the nuclear suitcase scenario "we could not track the car, we lost a major metropolitan city" given the QR-code signature parallel, a ping of a very large geography by satellite network could find a needle in haystack if a moving vehicle or not, potentially, as with millions of stars, say via gathering the energy and sending it backwards again as an encoded relay. if you can get the signal from Voyager out of the solar system on a fraction of a billionth of a watt, it is likely a car could reflect data though perhaps the issue of parsing or gathering it is not realistic. which is why there may be more use to cellular towers, who knows. there is artificial radiation everywhere that could be used for this type of monitoring and tracking while remaining hidden, undocumented, beyond the threshold of observation so if a photocopier has tracking of both scans & printouts, and a computer printer likewise, watermarking the paper, just to track it if need be- why would vehicle be immune from this, especially given their importance to tracking. it seems completely unlikely it is not built into vehicles as part of this total process, including a security/defense military aspect within a society of mass surveillance as the terms of relation, where friend and foe are citizens in the larger sense of ecosystem then, cars implicitly belong inside this military framework, their connection with resources, manufacturing, and tracking of people of interest or threats to the state is probably part of the military dimension that likely exists unaccounted for there would be no public legislation about such things. they would just exist, signed off in some secret committee and used only within certain parameters and not others the tell would be if such systems existed and begin to be employed or deployed in police state tactics, and this is where the NSA surveillance seems to tread such that this security and defense infrastructure is being used for political advantage, exploited, abused to consolidate power beyond the law, as if the head of the state itself in a hegemonic or dictatorial mode the military exists to crush these kinds of situations (yet it may not be the military visible on the television) From europus at gmail.com Thu Jan 2 17:53:57 2014 From: europus at gmail.com (Ulex Europae) Date: Thu, 02 Jan 2014 20:53:57 -0500 Subject: Jacob Appelbaum in Germany In-Reply-To: <52C33963.1000709@echeque.com> References: <1388445314.96784.YahooMailNeo@web141204.mail.bf1.yahoo.com> <1388473744.13334.YahooMailNeo@web141206.mail.bf1.yahoo.com> <006601cf063d$0d4e9820$27ebc860$@net> <1388519945.16721.YahooMailNeo@web141206.mail.bf1.yahoo.com> <52C33963.1000709@echeque.com> Message-ID: <52c61837.6cf5420a.55f9.ffffef24@mx.google.com> At 04:38 PM 12/31/2013, James A. Donald wrote: >In practice, it is pretty obvious that most practitioners of civil >disobedience believe they are above the law, that they usually *are* >above the law, and that in particular Swartz believed he was above >the law, and was shocked to find that he was not. You seem to be laboring under a pernicious misapprehension: that there is a legitimate mandate to obey laws that are unconstitutional and/or unjust. There is a mandate, but it is just as illegitimate as the unconstitutional or the unjust law. >There might be some sincere practitioners of civil disobedience, but >Swartz was not, and the big heroes of the civil disobedience >brigade, Ghandi and Thoreau, were not. I'm not sure I understand what you mean by that, but if you mean what I think you mean, then my money says you are wrong about it as well. --ue From europus at gmail.com Thu Jan 2 18:34:10 2014 From: europus at gmail.com (Ulex Europae) Date: Thu, 02 Jan 2014 21:34:10 -0500 Subject: Jacob Appelbaum in Germany In-Reply-To: References: <1388445314.96784.YahooMailNeo@web141204.mail.bf1.yahoo.com> <1388473744.13334.YahooMailNeo@web141206.mail.bf1.yahoo.com> <006601cf063d$0d4e9820$27ebc860$@net> <1388519945.16721.YahooMailNeo@web141206.mail.bf1.yahoo.com> <52C33963.1000709@echeque.com> <52c61837.6cf5420a.55f9.ffffef24@mx.google.com> Message-ID: <52c621a5.e68e420a.6720.fffffaa6@mx.google.com> At 09:10 PM 1/2/2014, Juan Garofalo wrote: > this list just keeps getting better. or worse. I agree. Your nitpicking and bloviating figures prominently in that. From juan.g71 at gmail.com Thu Jan 2 18:10:52 2014 From: juan.g71 at gmail.com (Juan Garofalo) Date: Thu, 02 Jan 2014 23:10:52 -0300 Subject: Jacob Appelbaum in Germany In-Reply-To: <52c61837.6cf5420a.55f9.ffffef24@mx.google.com> References: <1388445314.96784.YahooMailNeo@web141204.mail.bf1.yahoo.com> <1388473744.13334.YahooMailNeo@web141206.mail.bf1.yahoo.com> <006601cf063d$0d4e9820$27ebc860$@net> <1388519945.16721.YahooMailNeo@web141206.mail.bf1.yahoo.com> <52C33963.1000709@echeque.com> <52c61837.6cf5420a.55f9.ffffef24@mx.google.com> Message-ID: --On Thursday, January 02, 2014 8:53 PM -0500 Ulex Europae wrote: > At 04:38 PM 12/31/2013, James A. Donald wrote: >> In practice, it is pretty obvious that most practitioners of civil >> disobedience believe they are above the law, that they usually *are* >> above the law, and that in particular Swartz believed he was above >> the law, and was shocked to find that he was not. > > You seem to be laboring under a pernicious misapprehension: that there > is a legitimate mandate to obey laws that are unconstitutional and/or > unjust. There is a mandate, but it is just as illegitimate as the > unconstitutional or the unjust law. ..but youre implicitly asserting that people are supposed to obey 'laws' that are 'constitutional'?(whatever the fuck 'constitutional' means) this list just keeps getting better. or worse. From juan.g71 at gmail.com Thu Jan 2 18:16:00 2014 From: juan.g71 at gmail.com (Juan Garofalo) Date: Thu, 02 Jan 2014 23:16:00 -0300 Subject: [liberationtech] Recent Der Spiegel coverage about the NSA and GCHQ In-Reply-To: <52C60E75.9000403@appelbaum.net> References: <52C60659.2020708@appelbaum.net> <52C60E75.9000403@appelbaum.net> Message-ID: <28EC1BF3D89E2F6C5F2EB134@F74D39FA044AA309EAEA14B9> --On Friday, January 03, 2014 1:12 AM +0000 Jacob Appelbaum wrote: > coderman: >> On Thu, Jan 2, 2014 at 4:37 PM, Jacob Appelbaum >> wrote: >>> ... >>> I wanted to write to highlight some important documents that have >>> recently been released by Der Spiegel about the NSA and GCHQ. We worked >>> very hard and for quite some time on these stories - I hope that you'll >>> enjoy them. >> >> second only to BULLRUN drop; thank you! > > The BULLRUN story was good but it really needs to be expanded. I find it > frustrating that the story wasn't better supported by documents. > >> >> >> >>> ... >>> OLYMPUSFIRE: >>> >>> http://www.spiegel.de/fotostrecke/nsa-dokumente-so-knackt-der-geheimdie >>> nst-internetkonten-fotostrecke-105326-13.html >> >> off by one error; this is "VALIDATOR" > Imagine if the NSA informed Apple and helped them > to fix their products rather than sabotaging American companies? > actually, that's the only useful thing do. 'sabotage' fucking american companies - companies that, for starters, should never have been 'trusted', at all. > All the best, > Jacob > From juan.g71 at gmail.com Thu Jan 2 18:42:22 2014 From: juan.g71 at gmail.com (Juan Garofalo) Date: Thu, 02 Jan 2014 23:42:22 -0300 Subject: Jacob Appelbaum in Germany In-Reply-To: <52c621a5.e68e420a.6720.fffffaa6@mx.google.com> References: <1388445314.96784.YahooMailNeo@web141204.mail.bf1.yahoo.com> <1388473744.13334.YahooMailNeo@web141206.mail.bf1.yahoo.com> <006601cf063d$0d4e9820$27ebc860$@net> <1388519945.16721.YahooMailNeo@web141206.mail.bf1.yahoo.com> <52C33963.1000709@echeque.com> <52c61837.6cf5420a.55f9.ffffef24@mx.google.com> <52c621a5.e68e420a.6720.fffffaa6@mx.google.com> Message-ID: --On Thursday, January 02, 2014 9:34 PM -0500 Ulex Europae wrote: > At 09:10 PM 1/2/2014, Juan Garofalo wrote: > >> this list just keeps getting better. or worse. > > I agree. Your nitpicking and bloviating figures prominently in that. You mean, to highlight the garbage you post is to 'nitpick'? Oh I'm so sorry I upset yet another brain dead government worshiper! HELP, HURRY, CALL THE DEPARTMENT OF HEIMLAND-CONSTITUTION!! From jamesdbell8 at yahoo.com Fri Jan 3 00:15:00 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Fri, 3 Jan 2014 00:15:00 -0800 (PST) Subject: Fw: Hi, I'm from the government and I'm here to screw you In-Reply-To: References: <52C4D85E.80300@pacifier.com> <1388654131.8008.YahooMailNeo@web141202.mail.bf1.yahoo.com> <1388704140.67119.YahooMailNeo@web141202.mail.bf1.yahoo.com> Message-ID: <1388736900.63285.YahooMailNeo@web141202.mail.bf1.yahoo.com>     I agree with your assessment.  But, of the many mistakes they made, the big one is that they underestimated my ability to observe and deduce what was going on at the time.  Shortly after the time I was first arrested in mid-April 1997, I concluded that they must have been spying on me from 7302 Corregidor.  I had a right to have any such evidence admitted in court, and they couldn't allow that to happen.  They had to exercise the collusion of corrupt lawyer Avenia to see that stopped.  Then, when I continued to demand evidence in July 1998, they had to further use the next corrupt lawyer, Judith Mandel, to ensure that I could not have evidence entered into the record.  Then, when I demanded the appeal that I didn't know I already had (99-30210) they had to employ yet another corrupt lawyer, Jonathan Solovy, to continue to conceal facts from me.  Etc.  It was an ongoing battle that still isn't over, and won't be over until I have completely won.        A major place in the "Hall of Shame" must go to Declan McCullagh, who failed and refused to work with me to expose this material in 2001 and 2002.  Indeed, I sent a "visitor's form" to him about March 2002, as he said he was visiting San Francisco for some event, and he said that he would visit me at Atwater California.  (USP Atwater).  In fact, he lied to me:  Weeks later, when he  hadn't shown up, I called him and he said he couldn't find the time to visit.  But I pointed out that in order for him to visit me, he would have had to fill out and mail in the visitor's form at least two weeks prior to the visit.  In other words, by failing to fill out the form, that proved that he didn't intend to visit me at all:  Therefore, his claim that he "couldn't find the time to visit" wasn't really true.  At THAT point, he got really upset!  He didn't respond to any of my letters after that.       Another place in the "Hall of Shame" should go to a "60 Minutes" producer named Adam Ciralsky.  (He was ex-CIA in 1999, and in fact had a lawsuit against the CIA for religious discrimination   http://en.wikipedia.org/wiki/Adam_Ciralsky   ).  Ciralsky sent me an Express Mail letter in December 2000, claiming to want to interview me on video.  I smelled a rat, and it turned out I was right.  He tried to lure me by saying that Mike Wallace wanted to talk to me.  Ciralsky's downfall was the fact that I had been watching "60 Minutes", on and off, since its beginning in 1970.  I knew, from his failure to ask questions, that his only interest in getting video was to do a sabotage piece on me.  I took advantage of the fact that Seatac FDC had a policy apparently denying video media visits, and basically told Ciralsky, "Put as many questions as you'd like on paper; I will answer all of them".   That would appear to be a very friendly position on my part, right?  Not the typical hard-to-interview behavior usually displayed by the 'bad guys' when '60 Minutes' cameramen drop by.    But, think about it:  If they had put such questions on paper, that would have been analogous to giving them a 'Rorshach test':  That would have exposed the position from which they were coming.  I wanted to take advantage of this written communication to, in effect, force them to actually investigate the story, rather than put on a hit-piece.  Turns out that I never got as many as a single question from Ciralsky!             Jim Bell ________________________________ From: brian carroll To: cypherpunks at cpunks.org Sent: Thursday, January 2, 2014 5:25 PM Subject: Re: Fw: Hi, I'm from the government and I'm here to screw you Jim, correct me if i am wrong, what happened sounds like a criminal or conspiratorial prosecution occurring outside or beyond known law, a secret operation perhaps, that was a precursor to rolling-out this type of prosecution program at the larger scale in the present day, perhaps tied into NSA surveillance of populations- a canary in coalmine situation; same tactics, more empowered, nothing to stop it legally, and removing dissidents and unwanted viewpoints bit by bit i think you said this already though wanted to reiterate it in the expanded context, to see if it is an accurate summary (the mental illness trap ubiquitous, if not own families turning on children or each other, then teachers on students, etc. a different approach to forced censorship, silencing, and of reeducation, retraining, reprogramming. the perfect setup for takedown in unaccounted for parameters. labeled crazy without recourse to logically reason viewpoints: doomed.) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 6617 bytes Desc: not available URL: From jacob at appelbaum.net Thu Jan 2 16:37:45 2014 From: jacob at appelbaum.net (Jacob Appelbaum) Date: Fri, 03 Jan 2014 00:37:45 +0000 Subject: Recent Der Spiegel coverage about the NSA and GCHQ Message-ID: <52C60659.2020708@appelbaum.net> Hi, I wanted to write to highlight some important documents that have recently been released by Der Spiegel about the NSA and GCHQ. We worked very hard and for quite some time on these stories - I hope that you'll enjoy them. Inside TAO: Documents Reveal Top NSA Hacking Unit: http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969.html Part 1: Documents Reveal Top NSA Hacking Unit: http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969.html Part 2: Targeting Mexico: http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969-2.html Part 3: The NSA's Shadow Network: http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969-3.html NSA's Secret Toolbox: Unit Offers Spy Gadgets for Every Need: http://www.spiegel.de/international/world/nsa-secret-toolbox-ant-unit-offers-spy-gadgets-for-every-need-a-941006.html Shopping for Spy Gear: Catalog Advertises NSA Toolbox: http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html Interactive Graphic: The NSA's Spy Catalog: http://www.spiegel.de/international/world/a-941262.html Neue Dokumente: Der geheime Werkzeugkasten der NSA: http://www.spiegel.de/netzwelt/netzpolitik/neue-dokumente-der-geheime-werkzeugkasten-der-nsa-a-941153.html NSA-Programm "Quantumtheory": Wie der US-Geheimdienst weltweit Rechner knackt: http://www.spiegel.de/netzwelt/netzpolitik/quantumtheory-wie-die-nsa-weltweit-rechner-hackt-a-941149.html Der Spiegel 1 / 2014: https://magazin.spiegel.de/digital/index_SP.html#SP/2014/1/124188114 http://www.spiegel.de/spiegel/index-7629.html TAO slides: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-knackt-der-geheimdienst-internetkonten-fotostrecke-105326.html NSA QUANTUM Tasking Techniques for the R&T Analyst: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-uebernimmt-der-geheimdienst-fremde-rechner-fotostrecke-105329.html Yahoo! user targeting and attack example with QUANTUM: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-uebernimmt-der-geheimdienst-fremde-rechner-fotostrecke-105329-5.html QUANTUMTHEORY and related QUANTUM programs: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-uebernimmt-der-geheimdienst-fremde-rechner-fotostrecke-105329-24.html If you'd like to detect the QUANTUM INSERT, I suggest reading about the race condition details: http://www.spiegel.de/fotostrecke/qfire-die-vorwaertsverteidigng-der-nsa-fotostrecke-105358-15.html Details about the Man-On-The-Side with QUANTUM: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-uebernimmt-der-geheimdienst-fremde-rechner-fotostrecke-105329-3.html QFIRE (NSA-Geheimdokumente: "Vorwärtsverteidigung" mit QFIRE), TURMOIL, TURBINE, TURBULENCE: http://www.spiegel.de/fotostrecke/qfire-die-vorwaersverteidigng-der-nsa-fotostrecke-105358.html MARINA: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-uebernimmt-der-geheimdienst-fremde-rechner-fotostrecke-105329-15.html More MARINA details: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-uebernimmt-der-geheimdienst-fremde-rechner-fotostrecke-105329-21.html Catalog of equipment covering around ~50 programs: http://www.spiegel.de/netzwelt/netzpolitik/interaktive-grafik-hier-sitzen-die-spaeh-werkzeuge-der-nsa-a-941030.html Other slides covering FOXACID and more: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-knackt-der-geheimdienst-internetkonten-fotostrecke-105326-2.html NSA QUANTUMTHEORY capabilities list: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-knackt-der-geheimdienst-internetkonten-fotostrecke-105326-11.html GCHQ QUANTUMTHEORY capabilities list: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-knackt-der-geheimdienst-internetkonten-fotostrecke-105326-12.html OLYMPUSFIRE: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-knackt-der-geheimdienst-internetkonten-fotostrecke-105326-13.html An overview of all of these articles is available in German: http://www.spiegel.de/netzwelt/netzpolitik/quantumtheory-wie-die-nsa-weltweit-rechner-hackt-a-941149.html Earlier this week, I also recently gave a talk titled "To Protect and Infect: part two" at CCC's 30C3. In the talk I explain a number of these topics - the video is a reasonable complement to the above stories: https://www.youtube.com/watch?v=b0w36GAyZIA There are quite a few news articles and most of them have focused on the iPhone backdoor known as DROPOUTJEEP - they largely miss the big picture asserting that the NSA needs physical access. This is a misunderstanding. The way that the NSA and GCHQ compromise devices with QUANTUMNATION does not require physical access - that is merely one way to compromise an iPhone. Generally the NSA and GCHQ compromise the phone through the network using QUANTUM/QUANTUMNATION/QUANTUMTHEORY related attack capabilities. An example of a vulnerable Apple user is shown: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-uebernimmt-der-geheimdienst-fremde-rechner-fotostrecke-105329-24.html "note: QUANTUMNATION and standard QUANTUM tasking results in the same exploitation technique. The main difference is QUANTUNATION deploys a state 0 implant and is able to be submitted by the TOPI. Any ios device will always get VALIDATOR deployed." They're not talking about Cisco in that slide, I assure you. Details on VALIDATOR: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-knackt-der-geheimdienst-internetkonten-fotostrecke-105326-13.html Welcome to 2014! The truth is coming and it can't be stopped, Jacob From jacob at appelbaum.net Thu Jan 2 17:12:21 2014 From: jacob at appelbaum.net (Jacob Appelbaum) Date: Fri, 03 Jan 2014 01:12:21 +0000 Subject: [liberationtech] Recent Der Spiegel coverage about the NSA and GCHQ In-Reply-To: References: <52C60659.2020708@appelbaum.net> Message-ID: <52C60E75.9000403@appelbaum.net> coderman: > On Thu, Jan 2, 2014 at 4:37 PM, Jacob Appelbaum wrote: >> ... >> I wanted to write to highlight some important documents that have >> recently been released by Der Spiegel about the NSA and GCHQ. We worked >> very hard and for quite some time on these stories - I hope that you'll >> enjoy them. > > second only to BULLRUN drop; thank you! The BULLRUN story was good but it really needs to be expanded. I find it frustrating that the story wasn't better supported by documents. > > > >> ... >> OLYMPUSFIRE: >> >> http://www.spiegel.de/fotostrecke/nsa-dokumente-so-knackt-der-geheimdienst-internetkonten-fotostrecke-105326-13.html > > off by one error; this is "VALIDATOR" > > Whoops - thanks! > the OLYMPUSFIRE doc is at: > http://www.spiegel.de/fotostrecke/nsa-dokumente-so-knackt-der-geheimdienst-internetkonten-fotostrecke-105326-14.html > I'm curious if anyone has yet spotted which well known programs are tied to OLYMPUSFIRE? I'd guess you probably figured it out, if it is possible to link it? > > > >> ... >> There are quite a few news articles and most of them have focused on the >> iPhone backdoor known as DROPOUTJEEP - they largely miss the big picture >> asserting that the NSA needs physical access. This is a >> misunderstanding. The way that the NSA and GCHQ compromise devices with >> QUANTUMNATION does not require physical access - that is merely one way >> to compromise an iPhone. Generally the NSA and GCHQ compromise the phone >> through the network using QUANTUM/QUANTUMNATION/QUANTUMTHEORY related >> attack capabilities. > > thank you as well for this clarification. keep it up :) > The QUANTUM programs are extremely powerful but largely because our systems are so weak. Imagine if the NSA informed Apple and helped them to fix their products rather than sabotaging American companies? All the best, Jacob From jamesdbell8 at yahoo.com Fri Jan 3 01:41:54 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Fri, 3 Jan 2014 01:41:54 -0800 (PST) Subject: NSA and quantum computers Message-ID: <1388742114.88750.YahooMailNeo@web141206.mail.bf1.yahoo.com> http://news.yahoo.com/nsa-eyes-encryption-breaking-39-quantum-39-machine-225306575.html Washington (AFP) - The US National Security Agency is making strides toward building a "quantum computer" that could break nearly any kind of encryption, The Washington Post reported Thursday. Related Stories * The NSA Is Trying to Build a Quantum Computer The Atlantic Wire * NSA leaker: 'Mission's already accomplished' Associated Press * NSA, UK agency 'targeted Israel PM, EU officials' Associated Press * Amnesty for Edward Snowden? Might depend on what secrets he's got left Christian Science Monitor * Israel plays down importance of alleged spying by U.S. and UK Reuters The Post said leaked documents from fugitive ex-NSA contractor Edward Snowden indicate the computer would allow the secret intelligence agency to break encryption used to protect banking, medical, business and government records around the world. Quantum computing has been a goal among commercial firms such as IBM because it could harness the power of atoms and molecules, vastly increasing speed and security of computers and other devices. But experts cited by the newspaper said it was unlikely that the NSA would be close to creating such a machine without the scientific community being aware of it. "It seems improbable that the NSA could be that far ahead of the open world without anybody knowing it," Scott Aaronson of the Massachusetts Institute of Technology told the daily. The NSA declined to comment on the report. The Post said the leaked documents indicate that the agency carries out research in large, shielded rooms known as Faraday cages designed to prevent electromagnetic energy from entering or exiting. Because of its vast computing power, a working quantum computer would break the strongest encryption tools in use today for online activities, including banking and emails. Some technology firms such as Google and Yahoo have said in recent weeks that they were stepping up efforts to encrypt their communications following reports that the NSA had been able to break or circumvent many of the current encryption standards. A September report by The New York Times, ProPublica and The Guardian, also based on leaked documents, said US and British spy agencies are able to decipher data even with the supposedly secure encryption to make it private. The documents indicated that the NSA, working with its British counterpart GCHQ, accomplished the feat by using supercomputers, court orders and some cooperation from technology companies. If the reports are accurate, the highly secretive program would defeat much of what is used to keep data secure and private on the Internet, from emails to chats to communications using smartphones. IBM researchers said last year they had made advances in quantum computing that has the potential to outperform any existing supercomputer. The new type of computing uses information encoded into quantum bits or qubits, putting into use a theory that scientists have been discussing for decades. Quantum computing expands on the most basic piece of information that a typical computer understands -- a bit, and thereby can perform millions of calculations at once. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 6214 bytes Desc: not available URL: From mike at gogulski.com Thu Jan 2 19:18:28 2014 From: mike at gogulski.com (Mike Gogulski) Date: Fri, 03 Jan 2014 04:18:28 +0100 Subject: Jacob Appelbaum in Germany In-Reply-To: References: <1388445314.96784.YahooMailNeo@web141204.mail.bf1.yahoo.com> <1388473744.13334.YahooMailNeo@web141206.mail.bf1.yahoo.com> <006601cf063d$0d4e9820$27ebc860$@net> <1388519945.16721.YahooMailNeo@web141206.mail.bf1.yahoo.com> <52C33963.1000709@echeque.com> <52c61837.6cf5420a.55f9.ffffef24@mx.google.com> Message-ID: <52C62C04.2050409@gogulski.com> On 01/03/2014 03:10 AM, Juan Garofalo wrote: > --On Thursday, January 02, 2014 8:53 PM -0500 Ulex Europae > wrote: > >> At 04:38 PM 12/31/2013, James A. Donald wrote: >>> In practice, it is pretty obvious that most practitioners of civil >>> disobedience believe they are above the law, that they usually *are* >>> above the law, and that in particular Swartz believed he was above >>> the law, and was shocked to find that he was not. >> You seem to be laboring under a pernicious misapprehension: that there >> is a legitimate mandate to obey laws that are unconstitutional and/or >> unjust. There is a mandate, but it is just as illegitimate as the >> unconstitutional or the unjust law. > ..but youre implicitly asserting that people are supposed to obey 'laws' > that are 'constitutional'?(whatever the fuck 'constitutional' means) > > > this list just keeps getting better. or worse. I see what you're up to. Illegitimate =? unconstitutional | unjust As for me, I don't give a fuck about your constitutions, and in many cases I don't care about your theories of justice either. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 295 bytes Desc: OpenPGP digital signature URL: From europus at gmail.com Fri Jan 3 03:56:54 2014 From: europus at gmail.com (Ulex Europae) Date: Fri, 03 Jan 2014 06:56:54 -0500 Subject: Jacob Appelbaum in Germany In-Reply-To: References: <1388445314.96784.YahooMailNeo@web141204.mail.bf1.yahoo.com> <1388473744.13334.YahooMailNeo@web141206.mail.bf1.yahoo.com> <006601cf063d$0d4e9820$27ebc860$@net> <1388519945.16721.YahooMailNeo@web141206.mail.bf1.yahoo.com> <52C33963.1000709@echeque.com> <52c61837.6cf5420a.55f9.ffffef24@mx.google.com> <52c621a5.e68e420a.6720.fffffaa6@mx.google.com> Message-ID: <52c6a587.8ae6420a.2755.ffffaa49@mx.google.com> At 09:42 PM 1/2/2014, Juan Garofalo wrote: > >> this list just keeps getting better. or worse. > > > > I agree. Your nitpicking and bloviating figures prominently in that. > > > You mean, to highlight the garbage you post is to 'nitpick'? That _I_ post? You haven't really been paying attention, have you? > Oh I'm so sorry I upset yet another brain dead government worshiper! > > HELP, HURRY, CALL THE DEPARTMENT OF HEIMLAND-CONSTITUTION!! Yepper, nitpicking and bloviating, heavy on the bloviating. So much so that I rest my case. Goodbye. From europus at gmail.com Fri Jan 3 04:06:30 2014 From: europus at gmail.com (Ulex Europae) Date: Fri, 03 Jan 2014 07:06:30 -0500 Subject: Jacob Appelbaum in Germany In-Reply-To: <52C6A053.7080709@echeque.com> References: <1388445314.96784.YahooMailNeo@web141204.mail.bf1.yahoo.com> <1388473744.13334.YahooMailNeo@web141206.mail.bf1.yahoo.com> <006601cf063d$0d4e9820$27ebc860$@net> <1388519945.16721.YahooMailNeo@web141206.mail.bf1.yahoo.com> <52C33963.1000709@echeque.com> <52c61837.6cf5420a.55f9.ffffef24@mx.google.com> <52C6A053.7080709@echeque.com> Message-ID: <52c6a7c8.ca41420a.775b.ffffc87f@mx.google.com> At 06:34 AM 1/3/2014, James A. Donald wrote: >If someone was to hide a laptop in one of my cupboards, to steal >such large amounts of information from my home network as to disrupt >its functioning, I would take a sledgehammer to his laptop, and when >he showed up to collect his laptop, a sledgehammer to him. What I'm hearing from you is, the original malfeasance of putting publicly-funded research data the taxpaying public has already bought and paid for behind a paywall and extorting the taxpaying public for access to that data does not warrant extraordinary measures to liberate that data in the manner it should have been liberated in the first place. That there were unintended consequences of the exact method used to liberate that data is secondary, perhaps it is even inconsequential to the real central principle here. >Swartz committed a crime against people more powerful than he was, >incorrectly thinking he was more powerful than they. I seem to recall some quote about trees, blood, liberty... and patriots. Do you know it? --ue From john at johnlgrubbs.net Fri Jan 3 07:10:10 2014 From: john at johnlgrubbs.net (John Grubbs) Date: Fri, 03 Jan 2014 09:10:10 -0600 Subject: Jacob Appelbaum in Germany Message-ID: <201401031523.s03FNicj005237@antiproton.jfet.org> On Jan 3, 2014 5:34 AM, "James A. Donald" wrote: > > > At 04:38 PM 12/31/2013, James A. Donald wrote: > >> In practice, it is pretty obvious that most practitioners of civil > >> disobedience believe they are above the law, that they usually *are* > >> above the law, and that in particular Swartz believed he was above the > >> law, and was shocked to find that he was not. > > On 2014-01-03 11:53, Ulex Europae wrote: > > You seem to be laboring under a pernicious misapprehension: that there > > is a legitimate mandate to obey laws that are unconstitutional and/or > > unjust. There is a mandate, but it is just as illegitimate as the > > unconstitutional or the unjust law. > > If someone was to hide a laptop in one of my cupboards, to steal such > large amounts of information from my home network as to disrupt its > functioning, I would take a sledgehammer to his laptop, and when he > showed up to collect his laptop, a sledgehammer to him. > > Swartz committed a crime against people more powerful than he was, > incorrectly thinking he was more powerful than they. Just who did he commit the crime against, both MIT and JSTOR wanted prosecution dropped. In your example "your house" represents both MIT and JSTOR. The rest of your argument makes me think your either a deciple of Authority or here to troll, or both. From jya at pipeline.com Fri Jan 3 08:36:04 2014 From: jya at pipeline.com (John Young) Date: Fri, 03 Jan 2014 11:36:04 -0500 Subject: [cryptome] question In-Reply-To: <52C6DEE6.90200@riseup.net> References: <52C6DEE6.90200@riseup.net> Message-ID: At 11:01 AM 1/3/2014, you wrote: Friends, Given the fact that Levison states: > > This experience has taught me one very important lesson: without > congressional action or a strong judicial precedent, I would > _strongly_ recommend against anyone trusting their private data to a > company with physical ties to the United States. > > Sincerely, > Ladar Levison > Owner and Operator, Lavabit LLC >which normal website hoster friends here could recommend in which countries? Iceland may be the only one, and that may be short-lived before it is expropriated by open and/or secret undermining. Or it is likely a honey pot like so many other dropboxes, pastes, leak sites, privacy and FOI initiatives. Big business now offering ways to avoid boogie-spies, aka "cybersecurity," by govs, coms, edus, orgs, sec experts. All other countries are more intrusive than the US, and all are becoming even more intrusive thanks to the booming industry of intrusive hardware, software, programs, staffing, contracting, higher education, co-optation of comsec experts, freedom of information organizations, religious institutions and many others who are benefiting from data mining of their supporters by selling information either directly or through second and third parties, in many cases, those sales are occurring by system administrators, temporary employees and volunteers, informants, ex-employees and volunteers, Web sites, and mail lists, like this one, news outlets, leak sites, conference organizers, educational institutions and innumerable others are gathering and selling data as fast as possible before legal restrictions are enacted. These private spying entrepreneurs are fearful that the crackdown on official spies will spill over into their opportunism, their windfall, their golden goose of data exploitation. Ubiquitous log files, ostensibly required for system administration, are the gold mines which implicate every sneak-thief operator of public, private, governmental, NGO, commercial venues. >The USA, UK and Sweden are out and so are all EU countries. > >Please let me have some good recommendations with hoster and country you >would choose if you had to transfer a website and its database and >mailing list capabilities. > >Thanks >IHW From coderman at gmail.com Fri Jan 3 11:42:47 2014 From: coderman at gmail.com (coderman) Date: Fri, 3 Jan 2014 11:42:47 -0800 Subject: pie in sky suites - long lived public key pairs for persistent identity Message-ID: use case is long term (decade+) identity rather than privacy or session authorization. eternity key signs working keys tuned for speed with limited secret life span (month+). working keys are used for secret exchange and any other temporal purpose. you may use any algorithms desired; what do you pick? Curve3617+NTRU eternity key Curve25519 working keys ChaCha20+Poly1305-AES for sym./mac ? this assumes key agility by signing working keys with all eternity keys, and promoting un-broken suites to working suites as needed. you cannot retro-actively add new suites to eternity keys; these must be selected and generated extremely conservatively. other questions: - would you include another public key crypto system with the above? (if so, why?) - does GGH signature scheme avoid patent mine fields? (like NTRU patents) - is it true that NSA does not use any public key scheme, nor AES, for long term secrets? - are you relieved NSA has only a modest effort aimed at keeping an eye on quantum cryptanalysis efforts in academia and other nations? best regards, From jya at pipeline.com Fri Jan 3 09:02:55 2014 From: jya at pipeline.com (John Young) Date: Fri, 03 Jan 2014 12:02:55 -0500 Subject: Aaron Swartz, Jim Bell, Carl Johnson, Chelsea Manning, Edward Snowden In-Reply-To: <201401031523.s03FNicj005237@antiproton.jfet.org> References: <201401031523.s03FNicj005237@antiproton.jfet.org> Message-ID: The Swartz situation was more complicated than the prinicipal legal parties involved. A comprehensive legal attack implicated a slew of people and institutions in Aaron's circle, some who were frightened into pulling away from him, some of who were forced to testify much to their later shame and embarassment when that was made public. It is not unusual for supporters to run from the scene when pressure comes down through federal investigators digging into private affairs, intimidating witnesses, friends and familiies with fruits of those findings, turning poeple against each other, bamboozling journalists and publishers who pretend opposition to authority. Swartz's case parallels what happened to Jim Bell, and to Carl Johnson. Prosecutors are highly adept at creating fear in supporters with grand jury subpoenas for evidence and closed testimony, then later subpoenaed for trial. This was done with several cypherpunks, me among them. During two trials and his imprisonment not a few cypherpunks came down on Jim Bell, cowardly sorry motherfuckers, some of them once admired for courage, shown to be candyasses out to avoid risk beyond rhetoric (as with Manning and Snowden). Not a few came down on Aaron Swarz, cowardly sorry motherfuckers, some of them still lamenting the loss of a brave man while hiding their abandonment of him, stigmatizing his loss of adorableness, his loss of lovers, true friends and supporters, his lonely withdrawal from social affairs, his hiding inside his apartment pondering the rest of his life betrayed by those blaming him for their chickenshitedness. Swartz died more likely murder, enforced suicide, a killing by officials and those unable to match Aaron's bravery. Jim Bell and Carl Johnson were not so easily buffaloed. Although there continues to be bountiful cowardly motherfuckers who fucked them as was Manning, as were the Anonymous 16, and will likely be Snowden, led by the media which takes no chances beyond rhetoric and hypebole. At 10:10 AM 1/3/2014, you wrote: >On Jan 3, 2014 5:34 AM, "James A. Donald" wrote: > > > > > At 04:38 PM 12/31/2013, James A. Donald wrote: > > >> In practice, it is pretty obvious that most practitioners of civil > > >> disobedience believe they are above the law, that they usually *are* > > >> above the law, and that in particular Swartz believed he was above the > > >> law, and was shocked to find that he was not. > > > > On 2014-01-03 11:53, Ulex Europae wrote: > > > You seem to be laboring under a pernicious misapprehension: that there > > > is a legitimate mandate to obey laws that are unconstitutional and/or > > > unjust. There is a mandate, but it is just as illegitimate as the > > > unconstitutional or the unjust law. > > > > If someone was to hide a laptop in one of my cupboards, to steal such > > large amounts of information from my home network as to disrupt its > > functioning, I would take a sledgehammer to his laptop, and when he > > showed up to collect his laptop, a sledgehammer to him. > > > > Swartz committed a crime against people more powerful than he was, > > incorrectly thinking he was more powerful than they. > >Just who did he commit the crime against, both MIT and JSTOR wanted >prosecution dropped. > >In your example "your house" represents both MIT and JSTOR. > >The rest of your argument makes me think your either a deciple of >Authority or here to troll, or both. From electromagnetize at gmail.com Fri Jan 3 11:40:40 2014 From: electromagnetize at gmail.com (brian carroll) Date: Fri, 3 Jan 2014 13:40:40 -0600 Subject: Fw: Hi, I'm from the government and I'm here to screw you In-Reply-To: <1388736900.63285.YahooMailNeo@web141202.mail.bf1.yahoo.com> References: <52C4D85E.80300@pacifier.com> <1388654131.8008.YahooMailNeo@web141202.mail.bf1.yahoo.com> <1388704140.67119.YahooMailNeo@web141202.mail.bf1.yahoo.com> <1388736900.63285.YahooMailNeo@web141202.mail.bf1.yahoo.com> Message-ID: Jim Bell wrote: > I agree with your assessment. But, of the many mistakes they made, the > big one is that they underestimated my ability to observe and deduce what > was going on at the time. Shortly after the time I was first arrested in > mid-April 1997, I concluded that they must have been spying on me from 7302 > Corregidor. I had a right to have any such evidence admitted in court, and > they couldn't allow that to happen. They had to exercise the collusion of > corrupt lawyer Avenia to see that stopped. Then, when I continued to demand > evidence in July 1998, they had to further use the next corrupt lawyer, > Judith Mandel, to ensure that I could not have evidence entered into the > record. Then, when I demanded the appeal that I didn't know I already had > (99-30210) they had to employ yet another corrupt lawyer, Jonathan Solovy, > to continue to conceal facts from me. Etc. It was an ongoing battle that > still isn't over, and won't be over until I have completely won. note: all of this can happens or is allowed because of legal documents and authorizing papers - language - that legitimates this process of law yet its very truth cannot be accounted for, is beyond external accounting except for those in power who share views, agendas, and 'private values'. it is the tyranny of language that stands in for law, power of language over truth, that substitutes for truth, ego of belief replaces thought/mind, default processing of shared self-interest is ~reality via this corrupt path. the warped pseudo-truth shared by the group, as if public, universal pov, then having to submit or be aligned with it, by force or submission, etc. this is subjugation and oppression via language, truth is not basis for law, shared opinions and shared interests in hierarchic authority framework are which amounts to power determining what is true, via relativistic viewpoints, language game, reliant on onesided binary ideological presentation of facts, able to discard, edit, censor, deny, ignore anything outside private boundary (US constitution allows for this. its corruption leads to this corruption) same is true of money, legal tender: Constitution <==> currency (pT) Constitution ---> (pT) money = unfair exchange (F) Constitution ---> (F) money = unfair exchange (T) Constitution ---> (T) money = fair exchange in other words, the corruption is institutionalized, from constitution outward, where its errors then map and scale into other connected structural dynamics. it defines and legally allows these situations to exist in the given parameters, making them into citizen 'rights' (that corporations are equal to human citizens another absurdity, esp. when allowed to function in private self-interest at cost of all) From drwho at virtadpt.net Fri Jan 3 14:49:15 2014 From: drwho at virtadpt.net (The Doctor) Date: Fri, 03 Jan 2014 14:49:15 -0800 Subject: Replacing corporate search engines with anonymous/decentralized search In-Reply-To: References: <1388305027.11664.55.camel@debian> Message-ID: <52C73E6B.5090006@virtadpt.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/30/2013 11:21 PM, coderman wrote: > i have more to say later, but one effort from back in early 2000 is > alpine: What about YaCy? http://yacy.de/en/index.html > but other approaches which are not a feasible replacement include: > - the old skewl (mostly)flooding broadcasts like gnutella - > fragile, hard to defend constructs like DHTs as keyword indexes - > aggressive caching with local search (110% useful, but not > sufficient alone) - distributed (but better somehow) search engines > on darknets, etc. What aspects would constitute feasible replacements? - -- The Doctor [412/724/301/703] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "You knew the job was dangerous when you took it!" --Super Chicken -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlLHPmsACgkQO9j/K4B7F8HxgQCfamx4+RWlapLfH6iIhfvKYaAv E7IAn3Hv0zJ7PEK7yltRP0wgJboq2/YI =1ghA -----END PGP SIGNATURE----- From electromagnetize at gmail.com Fri Jan 3 13:05:27 2014 From: electromagnetize at gmail.com (brian carroll) Date: Fri, 3 Jan 2014 15:05:27 -0600 Subject: Jacob Appelbaum in Germany In-Reply-To: <52C6A053.7080709@echeque.com> References: <1388445314.96784.YahooMailNeo@web141204.mail.bf1.yahoo.com> <1388473744.13334.YahooMailNeo@web141206.mail.bf1.yahoo.com> <006601cf063d$0d4e9820$27ebc860$@net> <1388519945.16721.YahooMailNeo@web141206.mail.bf1.yahoo.com> <52C33963.1000709@echeque.com> <52c61837.6cf5420a.55f9.ffffef24@mx.google.com> <52C6A053.7080709@echeque.com> Message-ID: James A. Donald wrote: > If someone was to hide a laptop in one of my cupboards, to steal such large > amounts of information from my home network as to disrupt its functioning, I > would take a sledgehammer to his laptop, and when he showed up to collect > his laptop, a sledgehammer to him. my intent is not to offend in saying this, though i think this situation may not be the situation most would encounter with on-site surveillance, in that a barrier would exist between bugs & procurement so that the sledgehammer-effect would have to occur by a different route. if it did go as you describe, most likely evidence would be shifted and you would be framed, either immediately killed, if not via 'suicide' by helpers, and anything you would do would be evaluated in one-sided terms legally, with removal of basic situational data that makes your viewpoint impossible to corroborate with evidence or others testimony, if you would survive an encounter with violent, aggressive, onsite corruption with the intent to bring you down via evidence, real or fabricated basically whatever you do would result in your being dead or sent away to prison, and likely include severe bodily harm either short term or long term in a prison or other environment to me that is more likely than anything else, if a personal encounter outside the law was involved, such that there are no rules, no legal framework to appeal to, just brute deliverance of power onsite, which tends towards the ~hegemonic police state of a onesided political takeover, that nightmare what is scary is that a piece of signed paper or secret agreement somehow could allow such dynamics to develop, yet which are not evaluatable by external truth or accountable to truth beyond a particular (private) self-interest that can be warped, skewed, political, yet stand in for 'government' this would be tyranny then. not far from having guns removed from residents, etc. no defense, just submission, subjugation to corrupt authority, baseness as evaluation of worth - conformance or not consider a different scenario. everything is tapped, you have sledgehammer in apartment or house, and then have to interface with *bureaucracy* to try to deal with situation, smash skulls as payback. what stands between you and justice would be piles of signed paper, denials, ignoring of issues and pleas for information or rule-following, then followed up by pure corruption: your mail is tampered with and lost, you lose your job, your checks or payments go missing, accounts are hacked, there are gossip and whisper campaigns about you heard all over within earshot, people saying you are crazy, you need psychiatrist, spouse wants a divorce or requires you to get psychiatrist, go on medication. problems begin with plumbing or electrical requiring expensive fixes or repairs, car continually starts to break down and cannot be repaired successfully. noises start in your environment that keep you awake and thus you cannot get enough sleep, your health plummets, massive depression and also extreme paranoia set in, threats are delivered via phone and email about assassination and physical harm, you are robbed or things are stolen from you, documents go missing, evidence of black bag job with things amiss in environment, computer stops working, lose electronic files, records needed to prove certain information, you question your own memory, your own sanity, people stop talking to you because they are afraid or turn on you, increasingly isolated, suicidal thoughts impossible to ignore, there is no information available about what to do in such situations because it is considered unreal in 'democracy', any truth you say that is out of line threatens your survival and livelihood in surrounding system, further marginalized, your anger functions against you, you become more and more ill as the stress takes its toll, needing to internalize all the hate and violence versus project it outward, thus the condition of being peaceful is at the cost of interior violence, either denial or taming or holding back rage, any error you make can be used to prosecute you to the fullest extent by political enemies and this is going on in the background- and nothing you can do can change this basic situation. and all of it exists because of signed pieces of paper, agreements, allowing this power-situation to exist/persist, and yet no one observes 'truth' beyond their private relativistic boundary, now you are on the outside of in this way, corrupt police or TLA could set up camp in the house or apartment next door and beam hostile energy into your domain, and by privacy law, you can do nothing to stop them, even if they are attacking you, trying to kill you and influence and deteriorate your functioning - and anything you do against them is a violation of their rights (Jim Bell situation, seemingly), such that law is onesided, not observed by oppressors yet the persecuted are held accountable to it, though within warped terms such that it is a trap, a ruse, to enforce injustice and malicious authority structures over and against citizens and populations, to subjugate and control for private self interest of hegemonic group they *legally* can get away with murder, and there is nothing you can do -within language- to reason otherwise or protect yourself, words are just words, the truth is inaccessible because it is neither defined or controlled by you, they _own the interpretive rights as government connected entities of an established structural falsity, an ideological position of authority beyond all law that becomes law by fiat of action believed justifiable in private warped relativistic terms, where bias is normalized as POV parallel to this is a situation of exchange, as it relates to trust and truth and information. economics today and commerce provide direct corollary to this situation in more direct terms, of this corruption it is the past it is unlikely someone would be able to sell a rotten bushel of wheat as if it was a bushel of fine quality. and if they went around doing this to customers, the customers would likely require that their money be returned because of an unfair exchange, if not the person put out of business in other words, a merchant or other person selling shoddy goods then would have an implicit relation to the purchaser as part of the exchange -- shared truth -- that the goods are of a certain quality, and if not a ripoff would occur. and it would seemingly also involve vengeance if a swindle, such that the seller could be hanged or killed as a form of communal justice, for cheating/theft would be a crime in terms of unfair exchange. people likely have been killed throughout history for selling broken goods or misrepresenting items in terms of exchange, where this unevenness requires evening itself back out to return to civil relations or parity between the two parties on a basis for shared truth and trust, that what is sold is what is purchased. they money is for a quality bushel of wheat, not a rotten bushel unless this is otherwise noted, and the exchange rate modified accordingly to those parameters into the 20th century, say post-Crystal Palace world exhibitions of invention, tinkerers and hobbyists going to stores for supplies -- presumably if going to purchase magnets for an experiment or device, upon purchase they would be magnets and not some fraudulent non-magnetic imposter material and if this did occur, likely legal recourse or other justice would be available, via shared sensibility that a person does not do this to another person, based on shared ethics, morality, connected with law and fair exchange. the offender or cheat or crooked person could be imprisoned or worse, murdered by a vigilante group or person perhaps, as a form of justice if the law did not adequately address the unjust situation. in that morality or truth can trump what is recognized or allowed within certain parameters and a gap can develop, in particular via language that does not adequately account for or model given situations- thus requiring interpretation or external analysis and accounting to balance the dynamics and return to a shared framework of justice, based on shared truth, the basis for shared exchange somewhere approximately with computers, it became legal to make and sell shoddy goods, and this became protected by law, by legal interpretation, by signed documents that map to protected views and positiosn of authority. in this way, unequal exchange was normalized, where an item could be sold 'broken' or could be made to break, and thus this corruption has been institutionalized as its own business practice, a way to increase profit (via upgrades or fixes, repairs, replacement, new devices). in doing so, the issue of quality has vanished in exchange, so that the money that is traded for a given item is not purchasing something in proper working condition that is made to sustain itself in these parameters, and instead of a clockwork device that automatically winds down into disrepair, designed this way, requiring maintenance to upkeep- or even, allowed to be made dysfunctional via updates hidden or not, that can limit or disallow functioning of the device via a deteriorated/devolved condition, and this has become the cornerstone of 'new economy', 'communication', 'education', 'careers', 'development', 'social relations', and so on- the economy itself. what protects this process are signed pieces of paper, that prevent this abuse from being dealt with fairly in terms of its being a massive swindle that takes money via deceptive and fraudulent practices and removes power and functioning from citizens and moves this to those in positions of authority, at the top of the pyramid scheme, who 'mismanage' the entire works as a giant malfunctioning organism that they are in control of, via schemes that operate and function beyond the law, yet as the law it is not possible to 'reason' or argue with the legal documents because they are not based in truth, only in power that maps into money as the embodiment of truth-- such that the language is hollow, it is only about maintaining power and authority over interpretation, and not of observing shared truth of the situation. it is biased, onesided, ideological, and must be 'signed' to make it legal, to have or use tools and equipment on these corrupt terms, aka- user agreements. thus the unequal exchange is thus institutionalized, normalized, and becomes the foundation for a new bubble society & civilization operating within these corrupt terms -- protected and defended by ungrounded language that has its signs substitute for truth, this [signage] becoming the one-way administration and management of ideological power that is borne from the corrupt code of the US constitution as legal right of citizens, which instead due to its gender-bias, maps into both private wo|man and corporations as having their allegiance only to themselves and not public humanity, which then can be exploited to the utmost, notably within basic exchange with commerce in the everyday-- much sold is subverted, corrupted, broken by design or manufacturing via sabotage, where people are paying for something they are not receiving -- yet there is no legal recourse to this due to the shield of language devoid of truth, that is not beholden to being accounted for in its truth, outside or beyond this private framework of authority and power over it and others, institutionalized by pieces of signed paper that do not observe truth beyond those views and beliefs that benefit their own interests firstly. this is religious, yet devoid of morality and ethics beyond a context and framework of money- money is the core, yet it is 'nothing' without truth, yet stands in for it as sign, thus money verifies and legitimates the correctness of this practice as it validates beneficence of onesided profit in exchange, a warped view of capitalism this extends into issues of security. planting bugs in equipment to protect the sacristy of the state (that is, its commitment to truth) is one thing. breaking equipment so people cannot communicate or use tools to improve their situation, because it threatens self-interest and control of hidden managers is another. signed documents or language protects these activities without holding them accountable so both purposes fall under the same language, yet different in interpretation, what truth is allowed or denied, is it human or antihuman values administering the policies and attacks on privacy, etc. and language itself, disconnected and nonobservant of truth, is just communication as babble in turn, as it does not ground to the shared reality that exists, and instead falls into some lines of force of bias, of some fragmentary view or another, contained within layers and layers deep of lies and bullshit, and this is where violence and laws and intimidation are occurring, and yet cannot be mediated in terms of reason with institutions signing off on tactics via secret meetings or proceedings -- the feedback is not about 'truth', it is about maintaining power and authority, removed of accounting for external truth beyond what is beneficial to those in the shared set or committee or demographic, profiting from it you cannot get anywhere with logically reasoning truth in this environment or bureaucracy. this then is an extreme form of mental violence, emotional and psychological violence, that cannot be dealt with, and yet must be grounded by individuals- where basically people are constrained and mute, unable to communicate or reason about what is going on because they lost fundamental truth with themselves by adapting and integrating the lies into their own lies and likely benefiting along the way, until some day it goes against their interests, large or small, though will only grow the more out of phase it gets anything the person does is considered or interpretable as violence against the corrupted state that can and will and does *retaliate* in response to any slight, as if extremely petty, accounting for any error while subsisting on this state of error to rule over everyone captured within the concentration camp it creates, citizens prisoners within a state that does not represent them though also seeks their demise by systematic, manufactured means. surveillance, psychiatric or other drugs, illiteracy, toxic food, toxic air, toxic shelter, toxic social relations, sociopathic media, etc. anything you do against its wishes is prosecutable via onesided 'processing' of warped views, madness itself that is in charge and judge, surrounding jury of invaders and traitors, and active executioner, passive & active signed paper and bureaucracy beat sledgehammer every time no truth, no accountability to logical empirical reasoning of situation in constitution context, ones (T) and zeros (F) then it is _impossible to get framework for fairness mathematically impossible. insane violence, this is the state is mad and beyond any law, and functioning against citizens in dictatorial mode, purging dissenters it can legally be dealt with via original code: military takes over control of the state, martial law, constitutional convention -> new US constitution within human parameters of 3-value/N-value logic v. binary interest of private gender to represent all (first thing would be refunds for the epic PC swindle) -- this a joke of course, meant for the lawyers :) > Swartz committed a crime against people more powerful than he was, > incorrectly thinking he was more powerful than they. only more powerful on paper, in terms of money. Swartz had truth on his side, the basis for true power whereas documents devoid of it, or money without truth backing it - as a form of power - is only virtual, and may exert power only insofar as this condition is not accounted for bongo bingo ringo From drwho at virtadpt.net Fri Jan 3 15:31:31 2014 From: drwho at virtadpt.net (The Doctor) Date: Fri, 03 Jan 2014 15:31:31 -0800 Subject: Replacing corporate search engines with anonymous/decentralized search In-Reply-To: References: <1388305027.11664.55.camel@debian> <20131231124259.GB7003@ctrlc.hu> Message-ID: <52C74853.9050703@virtadpt.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/01/2014 10:11 AM, Sean Lynch wrote: > I imagine something as simple as StumbleUpon, just "I like/dislike > this", perhaps with tags. One could add a signed inverted index as > well to facilitate searching by phrase. It sounds like you're describing one of the open source clones of Delicious, with a distributed database on the back end rather than a relational database. Something like Scuttle (http://sourceforge.net/projects/scuttle/), Selficious (https://github.com/initpy/selficious) (but that uses AppEngine), or Scrumptious (https://github.com/jpmens/scrumptious) (which uses CouchDB,which can be used to build distributed databases but some extra code would have to be written to really make that happen). Users set up instances, then add and tag URLs. I don't know of any off the top of my head that would allow for rating URLs, though. - -- The Doctor [412/724/301/703] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "You're breathing him." -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlLHSFMACgkQO9j/K4B7F8GFfgCfYS6LdxuTqrgGOGkN3edY6k8T GTEAoOrnikxEnnLef8v2CavDCvgSafzm =FYcZ -----END PGP SIGNATURE----- From cpunks at martin-studio.com Fri Jan 3 16:29:21 2014 From: cpunks at martin-studio.com (Anthony Martin) Date: Fri, 3 Jan 2014 16:29:21 -0800 Subject: NSA and quantum computers In-Reply-To: <1388742114.88750.YahooMailNeo@web141206.mail.bf1.yahoo.com> References: <1388742114.88750.YahooMailNeo@web141206.mail.bf1.yahoo.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://www.phdcomics.com/comics.php?f=1622 -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSxpOBAAoJEI5Fi4bvh9Hg7FIH/j1PBPKkZxdk39E+VpDubSDw Ee3IlgkzWWecFCiWalGlIqys2jEbVE67cTFNpglE7p0UDIH56jFl8WeBk++YRbFt F++V/er+0XPxFS0Aj1VzWsRkhjzXoVaNPwyf0CmRNjF/TldLf2MMcMqcSWgQHtam +CcPMGnllu7IbCOHKPeymgcNivsckCyY9vw88FjSyYx1l6nfJEMY4L+q1vGvEo9H 3ds/S3Ds/d6YlwlzdV6u4vziIPuALPE81lBuXILt4xgzUnRFRZMPWDe1bwkoo/uS uRi5jRluM1fahoL+voQJrAR2PpLrtJ2mq1IE+MhQEZdWTX6sbCJx5YMZ9KYU9dQ= =OZSI -----END PGP SIGNATURE----- On Fri, Jan 3, 2014 at 1:41 AM, Jim Bell wrote: > > http://news.yahoo.com/nsa-eyes-encryption-breaking-39-quantum-39-machine-225306575.html > > Washington (AFP) - The US National Security Agency is making strides toward > building a "quantum computer" that could break nearly any kind of > encryption, The Washington Post reported Thursday. > > Related Stories > > The NSA Is Trying to Build a Quantum Computer The Atlantic Wire > NSA leaker: 'Mission's already accomplished' Associated Press > NSA, UK agency 'targeted Israel PM, EU officials' Associated Press > Amnesty for Edward Snowden? Might depend on what secrets he's got left > Christian Science Monitor > Israel plays down importance of alleged spying by U.S. and UK Reuters > > The Post said leaked documents from fugitive ex-NSA contractor Edward > Snowden indicate the computer would allow the secret intelligence agency to > break encryption used to protect banking, medical, business and government > records around the world. > Quantum computing has been a goal among commercial firms such as IBM because > it could harness the power of atoms and molecules, vastly increasing speed > and security of computers and other devices. > But experts cited by the newspaper said it was unlikely that the NSA would > be close to creating such a machine without the scientific community being > aware of it. > "It seems improbable that the NSA could be that far ahead of the open world > without anybody knowing it," Scott Aaronson of the Massachusetts Institute > of Technology told the daily. > The NSA declined to comment on the report. > The Post said the leaked documents indicate that the agency carries out > research in large, shielded rooms known as Faraday cages designed to prevent > electromagnetic energy from entering or exiting. > Because of its vast computing power, a working quantum computer would break > the strongest encryption tools in use today for online activities, including > banking and emails. > Some technology firms such as Google and Yahoo have said in recent weeks > that they were stepping up efforts to encrypt their communications following > reports that the NSA had been able to break or circumvent many of the > current encryption standards. > A September report by The New York Times, ProPublica and The Guardian, also > based on leaked documents, said US and British spy agencies are able to > decipher data even with the supposedly secure encryption to make it private. > The documents indicated that the NSA, working with its British counterpart > GCHQ, accomplished the feat by using supercomputers, court orders and some > cooperation from technology companies. > If the reports are accurate, the highly secretive program would defeat much > of what is used to keep data secure and private on the Internet, from emails > to chats to communications using smartphones. > IBM researchers said last year they had made advances in quantum computing > that has the potential to outperform any existing supercomputer. > The new type of computing uses information encoded into quantum bits or > qubits, putting into use a theory that scientists have been discussing for > decades. > Quantum computing expands on the most basic piece of information that a > typical computer understands -- a bit, and thereby can perform millions of > calculations at once. From bbrewer at littledystopia.net Fri Jan 3 14:25:30 2014 From: bbrewer at littledystopia.net (b. brewer) Date: Fri, 03 Jan 2014 17:25:30 -0500 Subject: Jacob Appelbaum in Germany In-Reply-To: References: <1388445314.96784.YahooMailNeo@web141204.mail.bf1.yahoo.com> <1388473744.13334.YahooMailNeo@web141206.mail.bf1.yahoo.com> <1388480287.82083.YahooMailNeo@web141205.mail.bf1.yahoo.com> <6BDC09B6-D059-449B-9B83-9E6BAA88F89F@riseup.net> Message-ID: <52C738DA.80609@littledystopia.net> On 12/31/2013 5:47 AM, coderman wrote: > also, https://peertech.org/dist/cypherpunks-199209-199812.tar.bz2 > sha256 > 579c3059e24b2d65f324053b0fed550a9d1d4fb2504a1a272940a26697ed8a33 > > > (where else is the above mirrored? i had links, they're no longer > good...) > Also mirrored now at: http://www.littledystopia.net/cypherpunks-199209-199812.tar.bz2 No links from the Maine Page (there really is no main page...) -Benjamin From juan.g71 at gmail.com Fri Jan 3 13:04:19 2014 From: juan.g71 at gmail.com (Juan Garofalo) Date: Fri, 03 Jan 2014 18:04:19 -0300 Subject: Jacob Appelbaum in Germany In-Reply-To: <52C72138.3000701@echeque.com> References: <201401031523.s03FNicj005237@antiproton.jfet.org> <52C72138.3000701@echeque.com> Message-ID: --On Saturday, January 04, 2014 6:44 AM +1000 "James A. Donald" wrote: > > > In your example "your house" represents both MIT and JSTOR. > > He was charged with breaking into someone else's network James, shouldn't you be posting in some 'tea party' right-wing american fascist mailing list, where bogus 'property rights' are used to defend government criminals and their accomplices, like you're doing here? If you believed in the typical conservative "my house, my rules" garbage, why would you post in this mailing where people are supposed to subscribe to anarchistic and anti-intelectual 'property' views? > and > disrupting it, not with making JSTOR public. "My house" > represents the buildings in which the network servers were > located, and the people operating that network. > > From europus at gmail.com Fri Jan 3 16:13:46 2014 From: europus at gmail.com (Ulex Europae) Date: Fri, 03 Jan 2014 19:13:46 -0500 Subject: Jacob Appelbaum in Germany In-Reply-To: <52C70FCF.7090102@echeque.com> References: <1388445314.96784.YahooMailNeo@web141204.mail.bf1.yahoo.com> <1388473744.13334.YahooMailNeo@web141206.mail.bf1.yahoo.com> <006601cf063d$0d4e9820$27ebc860$@net> <1388519945.16721.YahooMailNeo@web141206.mail.bf1.yahoo.com> <52C33963.1000709@echeque.com> <52c61837.6cf5420a.55f9.ffffef24@mx.google.com> <52C6A053.7080709@echeque.com> <52c6a7c8.ca41420a.775b.ffffc87f@mx.google.com> <52C70FCF.7090102@echeque.com> Message-ID: <52c7523c.c1d8420a.697b.ffffd01f@mx.google.com> At 02:30 PM 1/3/2014, James A. Donald wrote: >That he did not rate limit the download is an announcement "I am >powerful and have the correct political connections, and you do not", >which assessment turned out to be incorrect. Or it might've simply been an unintentional oversight, a mistake, a malfunction or who knows what. You're pretty heavy on the condemnations, don't read more into the facts as we know them than a fair reading allows. --ue From hettinga at gmail.com Fri Jan 3 15:19:36 2014 From: hettinga at gmail.com (Robert Hettinga) Date: Fri, 3 Jan 2014 19:19:36 -0400 Subject: Aaron Swartz, Jim Bell, Carl Johnson, Chelsea Manning, Edward Snowden In-Reply-To: <52C72580.1030503@echeque.com> References: <201401031523.s03FNicj005237@antiproton.jfet.org> <52C72580.1030503@echeque.com> Message-ID: <8BFC99EB-5135-4371-87DE-40BB04005F4B@gmail.com> On Jan 3, 2014, at 5:02 PM, James A. Donald wrote: > Carl Johnson Country singer. X-rated. :-) Cypherpunk. Kinda. AKA Toto. Xenix chainsaw massacre author. http://cryptome.org/jya/irs121098.htm http://marc.info/?l=cypherpunks&m=95279506822241&w=2 &cet. Cheers, RAH From jamesd at echeque.com Fri Jan 3 03:34:43 2014 From: jamesd at echeque.com (James A. Donald) Date: Fri, 03 Jan 2014 21:34:43 +1000 Subject: Jacob Appelbaum in Germany In-Reply-To: <52c61837.6cf5420a.55f9.ffffef24@mx.google.com> References: <1388445314.96784.YahooMailNeo@web141204.mail.bf1.yahoo.com> <1388473744.13334.YahooMailNeo@web141206.mail.bf1.yahoo.com> <006601cf063d$0d4e9820$27ebc860$@net> <1388519945.16721.YahooMailNeo@web141206.mail.bf1.yahoo.com> <52C33963.1000709@echeque.com> <52c61837.6cf5420a.55f9.ffffef24@mx.google.com> Message-ID: <52C6A053.7080709@echeque.com> > At 04:38 PM 12/31/2013, James A. Donald wrote: >> In practice, it is pretty obvious that most practitioners of civil >> disobedience believe they are above the law, that they usually *are* >> above the law, and that in particular Swartz believed he was above the >> law, and was shocked to find that he was not. On 2014-01-03 11:53, Ulex Europae wrote: > You seem to be laboring under a pernicious misapprehension: that there > is a legitimate mandate to obey laws that are unconstitutional and/or > unjust. There is a mandate, but it is just as illegitimate as the > unconstitutional or the unjust law. If someone was to hide a laptop in one of my cupboards, to steal such large amounts of information from my home network as to disrupt its functioning, I would take a sledgehammer to his laptop, and when he showed up to collect his laptop, a sledgehammer to him. Swartz committed a crime against people more powerful than he was, incorrectly thinking he was more powerful than they. From jamesd at echeque.com Fri Jan 3 11:30:23 2014 From: jamesd at echeque.com (James A. Donald) Date: Sat, 04 Jan 2014 05:30:23 +1000 Subject: Jacob Appelbaum in Germany In-Reply-To: <52c6a7c8.ca41420a.775b.ffffc87f@mx.google.com> References: <1388445314.96784.YahooMailNeo@web141204.mail.bf1.yahoo.com> <1388473744.13334.YahooMailNeo@web141206.mail.bf1.yahoo.com> <006601cf063d$0d4e9820$27ebc860$@net> <1388519945.16721.YahooMailNeo@web141206.mail.bf1.yahoo.com> <52C33963.1000709@echeque.com> <52c61837.6cf5420a.55f9.ffffef24@mx.google.com> <52C6A053.7080709@echeque.com> <52c6a7c8.ca41420a.775b.ffffc87f@mx.google.com> Message-ID: <52C70FCF.7090102@echeque.com> James A. Donald wrote: > > If someone was to hide a laptop in one of my cupboards, to steal > > such large amounts of information from my home network as to > > disrupt its functioning, I would take a sledgehammer to his > > laptop, and when he showed up to collect his laptop, a > > sledgehammer to him. On 2014-01-03 22:06, Ulex Europae wrote: > What I'm hearing from you is, the original malfeasance of putting > publicly-funded research data the taxpaying public has already > bought and paid for behind a paywall and extorting the taxpaying > public for access to that data does not warrant extraordinary > measures to liberate that data in the manner it should have been > liberated in the first place. That there were unintended > consequences of the exact method used to liberate that data is > secondary, perhaps it is even inconsequential to the real central > principle here. If he had rate limited his download so as to not be disruptive, probably would not have been detected, and would not have provoked the people operating the network to go looking for him. That he did not rate limit the download is an announcement "I am powerful and have the correct political connections, and you do not", which assessment turned out to be incorrect. From jamesd at echeque.com Fri Jan 3 12:44:40 2014 From: jamesd at echeque.com (James A. Donald) Date: Sat, 04 Jan 2014 06:44:40 +1000 Subject: Jacob Appelbaum in Germany In-Reply-To: <201401031523.s03FNicj005237@antiproton.jfet.org> References: <201401031523.s03FNicj005237@antiproton.jfet.org> Message-ID: <52C72138.3000701@echeque.com> "James A. Donald" wrote: >> Swartz committed a crime against people more powerful than he was, >> incorrectly thinking he was more powerful than they. On 2014-01-04 01:10, John Grubbs wrote: > Just who did he commit the crime against, both MIT and JSTOR wanted > prosecution dropped. You are making his argument: That he and people like him are the important powerful people, and that the people whose activities he disrupted, the people who spent a lot of time and energy figuring out what was happening and locating his laptop, the people who keep the world working, are the unimportant powerless people, who don't matter and whose lives should be ignored. You are wrong, and he was wrong. > In your example "your house" represents both MIT and JSTOR. He was charged with breaking into someone else's network and disrupting it, not with making JSTOR public. "My house" represents the buildings in which the network servers were located, and the people operating that network. From jamesd at echeque.com Fri Jan 3 13:02:56 2014 From: jamesd at echeque.com (James A. Donald) Date: Sat, 04 Jan 2014 07:02:56 +1000 Subject: Aaron Swartz, Jim Bell, Carl Johnson, Chelsea Manning, Edward Snowden In-Reply-To: References: <201401031523.s03FNicj005237@antiproton.jfet.org> Message-ID: <52C72580.1030503@echeque.com> On 2014-01-04 03:02, John Young wrote: > The Swartz situation was more complicated than the prinicipal > legal parties involved. A comprehensive legal attack implicated a > slew of people and institutions in Aaron's circle, some who were > frightened into pulling away from him, some of who were forced to > testify much to their later shame and embarassment when that was > made public. It is not unusual for supporters to run from the scene > when pressure comes down through federal investigators digging into > private affairs, intimidating witnesses, friends and familiies with > fruits of those findings, turning poeple against each other, > bamboozling journalists and publishers who pretend opposition to > authority. > > Swartz's case parallels what happened to Jim Bell, andto Carl Johnson. The difference is that Jim Bell never had delusions of grandeur, never intended to become a civil disobedience case. Eric Snowdon never thought he was part of the ruling elite trampling over those no good contemptible peons. That Eric Snowdon covered his tracks and prepared his flight shows he truly intended civil disobedience. He spoke truth to power. He correctly saw himself as powerless, and those he took action against as powerful. The civil disobedience of the Aaron Schwartz is that of Greenpeace, that says "You must obey our laws, but we do not have to obey our own laws" Aaron thought he was the powerful, and was horrified to find he was not. Bradley Manning was and is simply batshit insane. Snowden, on the other hand, genuinely committed civil disobedience. And who is Carl Johnson?. Googling for Carl Johnson prosecution, I get a string of black murderers, all of them habitual criminals, who should have been executed long before the crimes for which they eventually became notorious. From jamesd at echeque.com Fri Jan 3 16:55:26 2014 From: jamesd at echeque.com (James A. Donald) Date: Sat, 04 Jan 2014 10:55:26 +1000 Subject: Jacob Appelbaum in Germany In-Reply-To: References: <201401031523.s03FNicj005237@antiproton.jfet.org> <52C72138.3000701@echeque.com> Message-ID: <52C75BFE.8010601@echeque.com> On 2014-01-04 07:04, Juan Garofalo wrote: > If you believed in the typical conservative "my house, my rules" garbage, > why would you post in this mailing where people are supposed to subscribe > to anarchistic and anti-intelectual 'property' views? Schwarz was not charged with violating other people's intellectual property, but other people's physical property. He needed killing, just as much as Martin Trayvon did, for much the same reasons as Martin Trayvon needed killing. If an anti state protester, protest state power, not property. If you are protesting property, you are a pro state protestor Which is why Schwarz thought he was part of the powerful, and thought those he harmed were part of the powerless. Because he was striking at physical property, not intellectual property. From jamesd at echeque.com Fri Jan 3 23:42:16 2014 From: jamesd at echeque.com (James A. Donald) Date: Sat, 04 Jan 2014 17:42:16 +1000 Subject: Jacob Appelbaum in Germany In-Reply-To: <52c7523c.c1d8420a.697b.ffffd01f@mx.google.com> References: <1388445314.96784.YahooMailNeo@web141204.mail.bf1.yahoo.com> <1388473744.13334.YahooMailNeo@web141206.mail.bf1.yahoo.com> <006601cf063d$0d4e9820$27ebc860$@net> <1388519945.16721.YahooMailNeo@web141206.mail.bf1.yahoo.com> <52C33963.1000709@echeque.com> <52c61837.6cf5420a.55f9.ffffef24@mx.google.com> <52C6A053.7080709@echeque.com> <52c6a7c8.ca41420a.775b.ffffc87f@mx.google.com> <52C70FCF.7090102@echeque.com> <52c7523c.c1d8420a.697b.ffffd01f@mx.google.com> Message-ID: <52C7BB58.7020801@echeque.com> At 02:30 PM 1/3/2014, James A. Donald wrote: >> That he did not rate limit the download is an announcement "I am >> powerful and have the correct political connections, and you do not", >> which assessment turned out to be incorrect. On 2014-01-04 10:13, Ulex Europae wrote: > Or it might've simply been an unintentional oversight, a mistake, a > malfunction or who knows what. The expression on his face, and his choice of reading material, suggests deliberate intent. From jya at pipeline.com Sat Jan 4 16:01:41 2014 From: jya at pipeline.com (John Young) Date: Sat, 04 Jan 2014 19:01:41 -0500 Subject: [cryptography] To Protect and Infect Slides In-Reply-To: <52C88ED3.4010902@gmail.com> References: <4dcbb04f7c2c485eb43d18e222b0f9a8@cryptolab.net> <20131231051456.GC25536@order.stressinduktion.org> <52C3257D.6000707@appelbaum.net> <52C88ED3.4010902@gmail.com> Message-ID: If your server or ISP generates log files, as all do, you cannot be secure. If upstream servers generate log files, as all do, you cannot be secure. If local, regional, national and international servers generate log files, as all do, you cannot be secure. So long as log files are ubiquitous on the Internet, no one can be secure. Log files are the fundamental weakness of the Internet because system administrators claim the Internet cannot be managed and maintained without them. This is not true, it is merely an urban legend to conceal the interests of system administrators and their customers to exploit Internet user data. There is no fundamental need for log files, except to perpetuate the other urban legend, privacy policy, which conceals the abuse of log files by web site operators and their cooperation with "lawful" orders to reveal user data, most often by being paid to reveal that data to authorities, to sponsors, to funders, to advertisers, to scholars, to private investigators, to inside and outside lawyers, to serial cohorts, cartels and combines, to providers and purchasers of web sites, to educators of cyber employees, to courts, to cybersecurity firms, to journalists, to anybody who has the slightest justification to exploit Internet freedom of information by way of phony security, privacy and anonymizing schemes. In this way, the Internet corrupts its advocates by inducing the gathering and exploiting user data, . It is likely your organizaion is doing this ubiquitous shit by pretending to ask for advice on security. As if there is any. NSA is us. At 05:44 PM 1/4/2014, you wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA256 > >On 31/12/13 21:13, Jacob Appelbaum wrote: > > I'm also happy to answer questions in discussion form about the > > content of the talk and so on. I believe we've now released quite a > > lot of useful information that is deeply in the public interest. > > > > All the best, Jacob > >Hi people: > >As most of the people around the world, I find really troubling all >these revelations. Of course we suspected this kind of shit, we just >didn't know the gory and surprising details. > >I work in a libre-software e-voting project [0] which has been >deployed in some interesting initiatives already [1] and we strive to >make it as secure as possible [2], though our resources are currently >limited. Of course, anyone is welcome to join and help us. > >Do you have any specific recommendation for securing the servers of >the authorities who do the tallying, in light of latest revelations? >it seems really difficult to get away from the NSA if they want to get >inside the servers. > >Kind regards, >- -- >[0] https://agoravoting.com >[1] >http://www.theguardian.com/world/2013/sep/11/joan-baldovi-spain-transparency-bill?CMP=twt_gu >[2] >https://blog.agoravoting.com/index.php/2013/01/03/agora-a-virtual-parliament/ >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v2.0.22 (GNU/Linux) >Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > >iF4EAREIAAYFAlLIjtMACgkQqrnAQZhRnaqPhwEA8DWIYkdp4gyC4uo6asng0Olc >1viSsZazIcv1TC9w8S4BAN0Q+iZ7boZOconhKCBBfele9Im9/+0Dt0j/M+ySVeQ7 >=e6ab >-----END PGP SIGNATURE----- >_______________________________________________ >cryptography mailing list >cryptography at randombit.net >http://lists.randombit.net/mailman/listinfo/cryptography From jya at pipeline.com Sat Jan 4 16:26:31 2014 From: jya at pipeline.com (John Young) Date: Sat, 04 Jan 2014 19:26:31 -0500 Subject: Jacob Appelbaum in Germany In-Reply-To: <52C89B0C.8080002@echeque.com> References: <35984B0C89637DD97A87B05D@F74D39FA044AA309EAEA14B9> <52C89B0C.8080002@echeque.com> Message-ID: No offense, James, but this is the prosecutor's view, who went on to claim at a press conference, quote: "So the little fucker offed himself, saving the state bucks, fine by me," she said. Adding, "let this be a warning smartass motherfuckers at MIT, we are onto you, thanks to cooperating wits in the administration totally dependent upon government funding for invention of cruel and inhuman weapons." She paused, scratched her balls, went on, and on and on. The press drifted away, she followed, going on and on. Watching her was the Boston Marathon bombers. She was re-elected by the highly educated criminal class in Boston, that is Boston. Boston, as you know is the fountainhead of Austin's criminal class, who when not drunk as skunks at junk arts, music and TED festivals funded by NSA contractor Dell, regularly elects venal politicians same as down east Kennedy thugs. At 06:36 PM 1/4/2014, you wrote: >On 2014-01-05 08:44, Juan Garofalo wrote: >> 1) that he wasn't striking at intellectual property is >> your (false) side >>of the story. > > >> >> 2) the physical property of the state and its accomplices >> isn't legitimate >>property, or rather, it isn't *their* property. > >That >Aaron Schwarz repeatedly drew attention to himself by recklessly >disrupting the network shows he thought of himself as the state, and >those who he harmed as not the state. Much as Henry Louis Gates >obviously considered himself the state, and a mere policeman as not the state. > >Snowden knew he risked punishment for civil disobedience, and so >made his activities as normal as possible, as unobtrusive as >possible. Aaron Schwarz did not know, and was so horrified to >discover he was not part of the powerful that he followed in the >footsteps of his hero Wallace and killed himself. > >Plus, just look at the smirk on his face. That says "I am powerful >and protected, and those I have just harmed are not." > > From dal at riseup.net Sat Jan 4 17:38:33 2014 From: dal at riseup.net (Douglas Lucas) Date: Sat, 04 Jan 2014 19:38:33 -0600 Subject: Jacob Appelbaum in Germany In-Reply-To: References: <35984B0C89637DD97A87B05D@F74D39FA044AA309EAEA14B9> <52C89B0C.8080002@echeque.com> Message-ID: <52C8B799.9030406@riseup.net> NSA contractor and Stratfor client Dell. ( http://whowhatwhy.com/2013/07/17/are-mexican-drug-lords-the-next-terrorist-targets-a-who-exclusive-series-part-i-of-iii/ ) Douglas On 01/04/2014 06:26 PM, John Young wrote: > No offense, James, but this is the prosecutor's view, who went > on to claim at a press conference, quote: "So the little fucker > offed himself, saving the state bucks, fine by me," she said. > Adding, "let this be a warning smartass motherfuckers at > MIT, we are onto you, thanks to cooperating wits in the > administration totally dependent upon government funding > for invention of cruel and inhuman weapons." > > She paused, scratched her balls, went on, and on and > on. The press drifted away, she followed, going on and > on. Watching her was the Boston Marathon bombers. > > She was re-elected by the highly educated criminal class > in Boston, that is Boston. Boston, as you know is the > fountainhead of Austin's criminal class, who when not > drunk as skunks at junk arts, music and TED festivals > funded by NSA contractor Dell, regularly elects venal > politicians same as down east Kennedy thugs. From juan.g71 at gmail.com Sat Jan 4 14:44:25 2014 From: juan.g71 at gmail.com (Juan Garofalo) Date: Sat, 04 Jan 2014 19:44:25 -0300 Subject: Jacob Appelbaum in Germany Message-ID: <35984B0C89637DD97A87B05D@F74D39FA044AA309EAEA14B9> --On Saturday, January 04, 2014 10:55 AM +1000 "James A. Donald" wrote: > On 2014-01-04 07:04, Juan Garofalo wrote: >> If you believed in the typical conservative "my house, my rules" >> garbage, why would you post in this mailing where people are supposed >> to subscribe to anarchistic and anti-intelectual 'property' views? > > Schwarz was not charged with violating other people's intellectual > property, but other people's physical property. > > He needed killing, just as much as Martin Trayvon did, for much the same > reasons as Martin Trayvon needed killing. > > If an anti state protester, protest state power, not property. If you > are protesting property, you are a pro state protestor > > Which is why Schwarz thought he was part of the powerful, and thought > those he harmed were part of the powerless. Because he was striking at > physical property, not intellectual property. > 1) that he wasn't striking at intellectual property is your (false) side of the story. 2) the physical property of the state and its accomplices isn't legitimate property, or rather, it isn't *their* property. "He needed killing, just as much as Martin Trayvon did" may the one who needs killing is you. > From coderman at gmail.com Sun Jan 5 09:32:08 2014 From: coderman at gmail.com (coderman) Date: Sun, 5 Jan 2014 09:32:08 -0800 Subject: Fwd: [cryptography] ECC patent FUD revisited In-Reply-To: <20140105093629.25916.qmail@cr.yp.to> References: <3C4AAD4B5304AB44A6BA85173B4675CABA99F80C@MSMR-GH1-UEA03.corp.nsa.gov> <20140105093629.25916.qmail@cr.yp.to> Message-ID: ---------- Forwarded message ---------- From: D. J. Bernstein Date: Sun, Jan 5, 2014 at 1:36 AM Subject: [cryptography] ECC patent FUD revisited NSA's Kevin Igoe writes, on the semi-moderated cfrg at irtf.org list: > Certicom has granted permission to the IETF to use the NIST curves, > and at least two of these, P256 and P384, have p = 3 mod 4. Not > being a patent lawyer, I have no idea what impact the Certicom patents > have on the use of newer families of curves, such as Edwards curves. There are several interesting aspects to this patent FUD. Notice that the FUD is being used to argue against switching to curves that improve ECC security. Notice also the complete failure to specify any patent numbers---so the FUD doesn't have any built-in expiration date, and there's no easy way for the reader to investigate further. http://www.certicom.com/index.php/licensing/certicom-ip says that Certicom "discovered and patented many fundamental innovations" and has "more than 350 patents and patents pending worldwide". This sounds impressive until you look at what the portfolio actually contains. The reality is that Certicom has contributed essentially nothing to state-of-the-art ECC. Its patent portfolio consists of a few fringe ideas and a few obsolete ideas---nothing essential for mainstream ECC usage. Nobody needs MQV, for example: traditional DH achieves the same security goals in a much more straightforward way, and very few people notice the marginal performance benefit provided by MQV. The reason that Certicom has so many "patents and patents pending worldwide", despite having contributed so few ideas, is that it keeps splitting its patent applications. For example, the original MQV patent filings in early 1995 ended up being split into an incredibly redundant collection of US patents 5761305, 5889865, 5896455, 5933504, 6122736, 6487661, 7243232, 7334127, 7779259, 8090947, and 8209533, not to mention the corresponding non-US patents CA2237688, DE69636815, EP0873617, etc. ---Dan From jamesd at echeque.com Sat Jan 4 15:36:44 2014 From: jamesd at echeque.com (James A. Donald) Date: Sun, 05 Jan 2014 09:36:44 +1000 Subject: Jacob Appelbaum in Germany In-Reply-To: <35984B0C89637DD97A87B05D@F74D39FA044AA309EAEA14B9> References: <35984B0C89637DD97A87B05D@F74D39FA044AA309EAEA14B9> Message-ID: <52C89B0C.8080002@echeque.com> On 2014-01-05 08:44, Juan Garofalo wrote: > 1) that he wasn't striking at intellectual property is your (false) side > of the story. > > > 2) the physical property of the state and its accomplices isn't legitimate > property, or rather, it isn't *their* property. That Aaron Schwarz repeatedly drew attention to himself by recklessly disrupting the network shows he thought of himself as the state, and those who he harmed as not the state. Much as Henry Louis Gates obviously considered himself the state, and a mere policeman as not the state. Snowden knew he risked punishment for civil disobedience, and so made his activities as normal as possible, as unobtrusive as possible. Aaron Schwarz did not know, and was so horrified to discover he was not part of the powerful that he followed in the footsteps of his hero Wallace and killed himself. Plus, just look at the smirk on his face. That says "I am powerful and protected, and those I have just harmed are not." From electromagnetize at gmail.com Sun Jan 5 10:32:55 2014 From: electromagnetize at gmail.com (brian carroll) Date: Sun, 5 Jan 2014 12:32:55 -0600 Subject: >#i\&;N@:*f)o$~"|=% (urls) Message-ID: --- potential --- issue: wi-fi as distributed radar, signals monitoring as if snare traps in forest or jungle for certain parameters .... KOLLIDER FUNCTION .... A. Scientists Turn Their Gaze Toward Tiny Threats to Great Lakes http://www.nytimes.com/2013/12/15/us/scientists-turn-their-gaze-toward-tiny-threats-to-great-lakes.html "Tiny plastic beads used in hundreds of toiletries like facial scrubs and toothpastes are slipping through water treatment plants and turning up by the tens of millions in the Great Lakes. There, fish and other aquatic life eat them along with the pollutants they carry — which scientists fear could be working their way back up the food chain to humans." B. Beadist Transforms Ordinary Objects Into Ornate Treasures http://www.visualnews.com/2013/12/31/beadist-transforms-ordinary-objects-ornate-treasures/ \/.:.: OOC book ::.../\ Autonomous Technology Technics-out-of-Control as a Theme in Political Thought By Langdon Winner http://mitpress.mit.edu/books/autonomous-technology [q] The truth of the matter is that our deficiency does not lie in the want of well-verified "facts." What we lack is our bearings. The contemporary experience of things technological has repeatedly confounded our vision, our expectations, and our capacity to make intelligent judgments. Categories, arguments, conclusions, and choices that would have been entirely obvious in earlier times are obvious no longer. Patterns of perceptive thinking that were entirely reliable in the past now lead us systematically astray. Many of our standard conceptions of technology reveal a disorientation that borders on dissociation from reality. And as long as we lack the ability to make our situation intelligible, all of the "data" in the world will make no difference. —From the Introduction [/q] ^1 Amazon Customer Review http://www.amazon.com/Autonomous-Technology-Technics-out-Control-Political/product-reviews/0262730499/ Look Inside this book... http://www.amazon.com/Autonomous-Technology-Technics-out-Control-Political/dp/0262730499#reader_0262730499 searchable PDF with index / ex. 'megamachine' http://monoskop.org/images/0/00/Winner_Langdon_Autonomous_Technology_Technics-out-of-Control_as_a_Theme_in_Political_Thought.pdf [q] Lewis Mumford holds much the same view. There is, he believes, a humane tradition of science and tech­nology based on "an earth-centered, organic, and human model" to which Western civilization must return if it is to avoid the disastrous course of the "megamachine." 6 "For its effective salvation," Mumford warns, "mankind will need to undergo something like a spontaneous religious conversion: one that will replace the mechanical world picture, and give to the human personality, as the highest manifestation of life, the precedence it now gives to machines and computers." 7 [/q] -- Introduction, p.4 -- ^1. note on 'bearings' - have repeatedly been thinking about limit of compass view and of TPH's book on Elmer Sperry, never read it though on inventor of gyrocompass, related to gyroscope used in satellites, ubiquitous directional sensor (cellphones, segway, drones, vessels, other). perhaps its framework parallels certain ever-shifting conditions and parameters, staying on course. http://en.wikipedia.org/wiki/Elmer_Ambrose_Sperry http://en.wikipedia.org/wiki/Sperry_Corporation http://en.wikipedia.org/wiki/Gyrocompass http://en.wikipedia.org/wiki/Gyroscope book: Elmer Sperry: Inventor and Engineer (Johns Hopkins Studies in the History of Technology) http://www.amazon.com/Elmer-Sperry-Inventor-Engineer-Technology/dp/0801847567 "Characteristic of his various inventions were feedback controls which have made automation a fact of life." ------u--r--l--s------- // strange-read function: thought it referenced MITM... Apple, Qualcomm suffering weak yields for wearable devices http://www.digitimes.com/news/a20140102PD202.html [diagram] electric & magnetic properties of light http://phys.org/news/2013-12-peek-forgotten-component.html Research duo develop a means for people to conceptualize polarized light http://phys.org/news/2013-12-duo-people-polarized.html [q] It's a well-known fact that animals other than humans can see polarized light and that many use it as a means of navigation, terrain discrimination or even as a form of communication. Recent studies have even found that some organisms, such as shrimp, are able to communicate with one another using polarized light that is reflected off a part of their bodies, in this case, their tails. Many scientists believe that there likely exists a hidden world of communication going on in natural world, where only those who can see polarized light are able to join in. How and Marshall describe it as a secret language—one where prey are able to communicate silently, for example, unseen by a predator, without fear of being overheard. [/q] // and... why not-- Researchers find dogs sensitive to small variations in Earth's magnetic field http://phys.org/news/2014-01-dogs-sensitive-small-variations-earth.html [q] A team of researchers in the Czech Republic has found that dogs can now be added to the list of animals that are able to sense and respond to the Earth's magnetic field. In their paper published in Frontiers in Zoology, the researchers describe field experiments they conducted that indicated that dogs prefer to defecate while in a North-South stance relative to the Earth's axis, during times when the magnetic field is calm. [/q] (this research perhaps a contender for ig-noble awards) (note: relation of geophysics and patterning. of animals, though also humans. will not mention in this given context, though it is wondered if position of buildings and direction of beds likewise is this way, with humans and fields. are N-S or E-W directions preferred, what if rooms are not on cardinal access. does direction effect sleep patterns, etc. is it specific to layout of a room or larger building itself; such that position of furniture only has a few options in a given space, thus must be oriented a certain way, and how is this preferenced, may larger fields or forces be involved in determining optimal or is it irrespective of this.) ---:::: quantum! ::::--- re: NSA Quantum Computer Research at LPS 2005 http://cryptome.org/2014/01/nsa-quantum-computer-2005.pdf note: wondering if in someway e-ink display, phase changes via direction of ink color (white to black, perhaps grayscale) could in some way be analogous to spin states of atoms and rovide a conceptual framework to question dynamics within (wondering also about nesting of dynamics, spin states that have hierarchy and build up or support/buttress other states, such that a scaffolding or computational structure is created; thus perhaps 3-qbits effect 1-qbit on another level as it relates to others at its same scale. maybe these are logic gates though. it just seems an ecological or nonlinear/multinear flow dynamic would be dynamic (state machine) v. serial progression of charge) note: what if ion-trip entanglement became storage mode to establish two linked memory matrices, at a distance from one another. such that they are remotely linked, though are combined of the opposites qbits... [matrix1] <---> [matrix2] in this way, it is not necessary 'spin' for set 1 to set 2 that may be the computational process/framework, and instead spins within the matrix, that then mirror in the matched pair... [xxxxxx] <---> [xxxxxx] [xxxoxx] ----- [xxxxxx] [xxxoxx] ----> [xxxoxx] in that, due to entanglement within the set (matrix1) that the relation (x-x => x-o) via manipulation, say encoding, then mirrors in the second set, and the stringing together of these then reappears likewise in the second set (matrix2) if this is how the spin-states are matched and entanglement operates what if the matrix were considered a bitset display that is inherently linked via stored entangled pairs, perhaps even mismatched, calico, some sets are shared or not, some sets may not be entangled and thus like wires to anode/cathode or ground, create computation circuits, hierarchy or structure for data flow. what if a sequence of patterns or a problem was then set against this matrix (e.g. 1), say it is a qbit storage or memory array of 1,000 qbits, a quantum-data ecosystem, that then processes a pattern via its structuring, as linked into and out of various known structures (logic gates, functions, other) ridiculous to speculate probably, though what if some limit like 1-dimensionality or 2-dimensionality exists, and that perhaps a 3- or 4-D or N-dimensional framework is required to activate or unlock or open-up the natural, organic dynamics beyond preexisting ideological thresholds, boundaries, views, such that quantum is stuck in a paradigm of electron-tronics: (electronics (quantum bits) ) in that perhaps linear or serial time-based sequences and approaches are fundamentally different, and constrained by 'electronics circuits' as paradigm or model or approach quantum-computation (electronic computation) what if the situation is opposite, that the quantum realm is larger or defines the electronics realm (larger(smaller)) in terms of hierarchy, different principles or organization required - perhaps the model of information key to how it is conceived, where 'the bit' may not be defined just as encoded electron, and instead exists as abstracted pattern or structure (language, subsign structures perhaps) and thus the 'way of seeing' is not possible if the model or approach does not capture these dimensions need for computation and communication. perhaps quantum computation is closer to a screen-display rolling through various patterns as if a thinking-machines blinking lights, though that these patterns are the calculation going on visually, not just the representation of activity, the actual computation itself (in this way, processing would be more pattern-matched thinking, evaluation based on weighting of entangled bits that ground to truth or neutral or somewhere grayscale; the latter requires more analog than 1/3rd spin states, so resolution of q-bit perhaps is also a question, is there a potential gradient between +/- that can be achieved, in this way 'data switches' as with Hall Effect sensors, 'digital', whether on/off in 1/2s or 5ths, versus analog going from 0-1 across the entire range, say 5/200ths in one instance and 5/6.124 next, given resolution, etc. qbit as on/off switch versus strain gage in other words. It would seem the inherent 'computability' of entangled bits in terms of 'grounding to truth' via connected knowns is in the undefined state, not a false limit to weighting or resolution, thus qbit as sensor, not as finite bit measure unless as a gate or transistor function. guessing, though the nature of thinking is not about forcing things into a framework that is overly limiting or rationalized, it may remain looping or neutral, undecided, it may be contingently known (digital switch state, true or false (1,0) or tending towards t/f (+1/3, -2/3)) or else it may be weighted, as with intuition, in given looped state it is at this location or proximity on the scale from T/F, though given more processing may shift back&forth, thus undecided (1/0) though in n-degrees resolution until perhaps figured out. this is n-dimensional not linear algorithms, this is multilinear many-timings that may or may not be in phase in given situations, timing may have a million clocks that together may sync into a single clock or operate as several that may or may not align or agree. that is what such a computer would likely be involved with in terms of data, not an electronics-circuit topdown approach. this based on the way of thinking, it as entanglement based with information structures, data models, and perspectives, perhaps turing framework also a limit) also- consider transistor design of recent CPU chips, the alternative approach that accommodates errors & can use an FPGA or other device to reprogram or tune functioning, taking into account what is operational; consider in qbit context, especially if not approached In purely quantum computer context and instead hybrid, that a qbit entangled pair could be linked into a classical electronic circuit, used for remote or distance messaging for instance. some basic functionality of matched pairs, perhaps for encryption at a morse-code level as if early days of telegraphy. what seems possible if developing some integrated functionality is to build upon this, bit by bit so to speak, with continual advances, yet it would not be an independent quantum computer per se, instead it would be a hybrid electronic computer with extended quantum functionality, a new substructure or connector into future quantum systems. so perhaps an entire q-pc is not going to appear at once, and instead a bridge from existing tech, with some q-functionality, then will meet with more independent q-systems of the future, allow a range of q-systems development via diff. approaches in terms of a quantum system beyond existing electronic circuitry, another paradigm, the same approach could be relevant with transistors, such that perhaps some qbits are higher fidelity and others not, within a linked matrix, or some are 1/3rds, some are linear, some digitral 1/0, and some are unlinked or classical, within a given matrix or bitset display that is q-computational. and then from this messiness, order emerges via patterned dynamics and interactions, and develops over looped iterations. In other words, the issue of natural v. forced calculation; where a model or belief of 'perfection' exists with the 'electron as bit' approach, that presumes it is coherent, starts and operates here (TTTFTFT), ideological and also deterministic, a rationalization of the problems, sets; as If that can all be figured out or 'knowable' in advance; vs. a model of imperfection of the 'qbit as bitset' approach, which starts or remains in incoherence or decoherence, except as it may attain or align in coherent states (A=A) or others (T=2/3) that shape into patterns of calculation, emerging as structure, order, from chaos even perhaps beliefs in how people think could be part of the issue, as if 'scientific dogma' drives view of objective thinkers (A=A all the time with every observation), when this is a fragment or infinitesimal decimal condition, existing closer to near total falsity excepting whatever truth is or can be momentarily accessed, unless sustained as entangled state with truth as awareness, operating or functioning inside its dimensions vs. warped versions where bias (such as digital) throw-out anomalous, even contradictory or falsifying data. psychological loopholes that could prevent accurate modeling of q-conditions as it relates to ideas as ideas, not in terms of ideology note: why share such naive thinking outside realm of any expertise? i think 'thinking' directly correlates with quantum processes of entanglement and 'reasoning' is essentially comparable in terms of parsing patterns in a looped or ecosystem/ecological condition. so there is an issue of ideology or paradigm that could limit this to POVs, ideas, or beliefs that are inaccurate yet institutionalized yet form the framework for investigation/development, though likewise limit it. thus another view to question if this could be relevant by sharing outsider perspective. in that 'intuitive computing' or 'computers that reason' are going to be more like thinkers than calculators, which is the split between electronic computation and quantum approach, seemingly. the bit itself should be in question, how it is constructed and conceived, not the same thing or scale potentially with quantum, perhaps much more linguistic or sign-calculus (mathesis) in its framework, perhaps because it maps to information already or it is or already carries an informational dimension seemingly also, the issue of classified research so there is no room for those involved to discuss these things that would allow open research to develop them further. discussion or ideas then opens up the framework of considerations that could perhaps lead to new approaches in unclassified realm or bridge between these. of those with NDA or clearances that forbid divulging secret or classified information, it could be a way for a parallel effort to exist beyond these limits legally, especially in terms of online communities; though the limit appears to be, once inside the system no communication about anything potentially secret occurs, thus 'free speech or expression' is self-censored even tho a person or research may not be involved in quantum, or have direct relation, that they may not even consider the the thoughts due to security issues- effectively silencing the commonsense conversation about issues in the open, where security clearances take away right to participate in other domains also classified yet not related or known, for fear of reprisal, even though it would help bridge the gap and allow advancement beyond insider/outsider limits in this way, naive views like mine are situated, a person speaking into the air about these commonsense issues in extremely limited, near no knowledge condition, except whatever may exist in some minor accuracy about them. perhaps that is the threat, security bounds thinking to an existing political administration and framework that could result in violence for sharing ideas that are unwanted, etc. thus incorporation into the state is this enforced silencing, functioning within parameters assumed for the good, yet if corrupted, then trapped in an incommunicable condition where anything said could be interpreted as betrayal, etc) ~~^~~entropy^~^^^^ Maxwell's demon can use quantum information to generate work http://phys.org/news/2013-12-maxwell-demon-quantum.html [q] "It is known that classical information can be used to extract work, which is important because this saves the second law of thermodynamics!" Sang Wook Kim told Phys.org. "The mathematical expression of such work is given as the mutual information between the system and the measurement device multiplied by kT. Now for the first time we show that quantum information can also be used to extract work, and its mathematical expression is discord." [/q] How losing information can benefit quantum computing http://phys.org/news/2013-11-benefit-quantum.html#nRlv (note: noise environment, bugs as features) // perhaps difficult to lock-on to pattern recog./movement tracking? // could probably test with robot, focusing on singular shape/outline} // vs. not, then movement, trying to determine direction/speed, etc. // where parameters default to outline, thus harder to evaluate/match Computer simulation explains why zebras have stripes http://phys.org/news/2013-12-simulation-zebras-stripes.html ----(other)---- note: reference image related to recent posting on belief in money as absolute truth... https://www.dropbox.com/s/0mdzwdyd6kl2xj7/communion.jpg {educational fair-use of copyright, 2013} 960-65-45 55-63-91 43-345-939 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 23370 bytes Desc: not available URL: From rysiek at hackerspace.pl Sun Jan 5 10:16:48 2014 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 05 Jan 2014 19:16:48 +0100 Subject: Jacob Appelbaum in Germany In-Reply-To: <52C7BB58.7020801@echeque.com> References: <1388445314.96784.YahooMailNeo@web141204.mail.bf1.yahoo.com> <52c7523c.c1d8420a.697b.ffffd01f@mx.google.com> <52C7BB58.7020801@echeque.com> Message-ID: <1418520.UWGAMETuKt@lap> Dnia sobota, 4 stycznia 2014 17:42:16 James A. Donald pisze: > At 02:30 PM 1/3/2014, James A. Donald wrote: > >> That he did not rate limit the download is an announcement "I am > >> powerful and have the correct political connections, and you do not", > >> which assessment turned out to be incorrect. > > On 2014-01-04 10:13, Ulex Europae wrote: > > Or it might've simply been an unintentional oversight, a mistake, a > > malfunction or who knows what. > > The expression on his face, and his choice of reading material, suggests > deliberate intent. "I interpret an expression on a photo of a face of a person I have never met in a certain, peculiar way, hence I have the right to judge them and have the insight to understand their actions and motivations in full." There are whole articles about good that "the smirky kid" had brought in to this world. Please tell us, "James A. Donald", what good have you brought to this world and its inhabitants? Just take your time. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Sun Jan 5 10:29:23 2014 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 05 Jan 2014 19:29:23 +0100 Subject: Replacing corporate search engines with anonymous/decentralized search In-Reply-To: <20131231124259.GB7003@ctrlc.hu> References: <1388305027.11664.55.camel@debian> <20131231124259.GB7003@ctrlc.hu> Message-ID: <23544141.SR7ClUjU9t@lap> Dnia wtorek, 31 grudnia 2013 13:42:59 stef pisze: > On Sun, Dec 29, 2013 at 12:17:07AM -0800, Jesse R. Taylor wrote: > > but I've seen very little focus on the need for development of > > alternatives to corporate search engines. > > [disregarding the corporate focus] i can warmly recommend > https://searx.0x2a.tk Hummm, what is this, who runs this, is it distributed or centralised (as far as control is concerned)? -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Sun Jan 5 10:39:40 2014 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 05 Jan 2014 19:39:40 +0100 Subject: Replacing corporate search engines with anonymous/decentralized search In-Reply-To: References: <1388305027.11664.55.camel@debian> <52C4A8C3.9020106@echeque.com> Message-ID: <19029347.avvEohIsFf@lap> Dnia czwartek, 2 stycznia 2014 13:04:17 Sean Lynch pisze: > On Wed, Jan 1, 2014 at 3:46 PM, James A. Donald wrote: > > As a matter of fact, it still does work. > > It works far less, though, since most people expect others to rely on > search engines, so they don't bother to link anymore. > > Here's a thought: browser extension that stores your "personal" web index, > and gives you a typeahead menu when you write about concepts in your index, > prompting you to convert phrases to links. Like the way Facebook always > wants to convert the names of people and pages to tags. Even if it were > just primed with Wikipedia, that would drastically reduce the amount of > Google searching people need to do when reading stuff you write. In Firefox it's called "The Awesome Bar", and it sifts through your history and bookmarks (I bookmark a lot, and tag these pretty exactly, which helps immensely). The downside, of course, is that it works only for links that I have already visited. So here's the idea: sharing bookmark tags and links with each other, via some extention for example, and making "The Awesome Bar" (damn, I hate that name) sift through bookmarks/tags of people in your "network" (what that means would have to be defined, but as Mozilla Sync can already store bookmarks, the data can already be on a server, just use it). -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Sun Jan 5 10:40:42 2014 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 05 Jan 2014 19:40:42 +0100 Subject: Replacing corporate search engines with anonymous/decentralized search In-Reply-To: <52C47CC8.3010601@ahmia.fi> References: <52C47CC8.3010601@ahmia.fi> Message-ID: <2970509.vRJEYK8PFM@lap> Dnia środa, 1 stycznia 2014 22:38:32 Juha Nurmi pisze: > Hi! > > I read this post about decentralized search and I immediately > subscribed this mailing list. So hello all! My name is Juha Nurmi and > I am the founder of ahmia.fi (search engine for Tor) and a university > researcher. > > Right now I am trying to get funding to design a decentralized search > engine. We are proposing (me and my Adj.Prof.) a small (2-3 years) > Finnish Academy project. > > This proposal would take place in the Finnish Academy ICT 2023 > programme, first thematic call: Information security, letters of > intent, which means very short project plans. Academy mostly funds > (public) "pure research"; first planned applications are related to > virtual Internet networks and public admin applications. > > The basic idea is to investigate search algorithms and engines that do > not require a centralized crawler database and a central authority. > This raises algorithmic, security, credibility, resourcification, etc. > challenges that are interesting strategic research point of view, etc. > > In particular, we would like to use Tor network as a testbed for these > ideas in the related case studies: we will be testing this search > design by building a tor hidden service search engine :) > > The Finnish Academy will select most promising project candidates and > the final proposal is to be submitted around April 2014. > > If successful, we enter detailed planning phase in early 2014, and > submit more complete project plan by April 2014. Actual project (2 > calendar years) would take place in 2014-2016. > > I really really hope I will get this funding. This is something I > would love to do and have planned to do a long time. Funding = time. This sounds great. Please keep us in the loop on this. :) -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Sun Jan 5 10:41:07 2014 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 05 Jan 2014 19:41:07 +0100 Subject: Replacing corporate search engines with anonymous/decentralized search In-Reply-To: <23544141.SR7ClUjU9t@lap> References: <1388305027.11664.55.camel@debian> <20131231124259.GB7003@ctrlc.hu> <23544141.SR7ClUjU9t@lap> Message-ID: <4316174.PY4oV6PNXb@lap> Dnia niedziela, 5 stycznia 2014 19:29:23 rysiek pisze: > Dnia wtorek, 31 grudnia 2013 13:42:59 stef pisze: > > On Sun, Dec 29, 2013 at 12:17:07AM -0800, Jesse R. Taylor wrote: > > > but I've seen very little focus on the need for development of > > > alternatives to corporate search engines. > > > > [disregarding the corporate focus] i can warmly recommend > > https://searx.0x2a.tk > > Hummm, what is this, who runs this, is it distributed or centralised (as far > as control is concerned)? Disregard, I clicked the "about" link. -_-' -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Sun Jan 5 10:48:43 2014 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 05 Jan 2014 19:48:43 +0100 Subject: Fwd: Fw: Hi, I'm from the government and I'm here to screw you In-Reply-To: References: <52C4D85E.80300@pacifier.com> <5ee7aa131f9abf8cb17931c6d70c2354@smtp.hushmail.com> Message-ID: <35616718.OCa7HVmSLu@lap> Dnia czwartek, 2 stycznia 2014 17:55:20 brian carroll pisze: > (...) > Lastly, our government a few years back came up with an idea to fit > "black box" recorders in *all* cars but the public backlash was so > huge they shelved the idea. Instead, the insurance industry has > adopted the technology, so new drivers and those with a poor accident > record can opt to have one of these boxes fitted in return for a > discount on their insurance. It is now becoming a norm for young > people to take this option; when I ask them why they are prepared to > violate their own privacy they just shrug, but I guess privacy means > something different to the Facebook generation. Ah, yes, the "Facebook generation" and "privacy is dead" bullshit. It's not dead, kids haven't yet been burnt by lack of it and neither have their parents, which means there was nobody to tell the kids to watch out (like they are being told to look around while crossing a road): http://rys.io/en/67 > Conversely, it is now becoming *more* expensive to insure a car if you > do not have a black box; they have tried norming this by penalising > the law abiding (but privacy conscious). This is how it goes... -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From s at ctrlc.hu Sun Jan 5 10:52:12 2014 From: s at ctrlc.hu (stef) Date: Sun, 5 Jan 2014 19:52:12 +0100 Subject: Replacing corporate search engines with anonymous/decentralized search In-Reply-To: <19029347.avvEohIsFf@lap> References: <1388305027.11664.55.camel@debian> <52C4A8C3.9020106@echeque.com> <19029347.avvEohIsFf@lap> Message-ID: <20140105185212.GW6791@ctrlc.hu> On Sun, Jan 05, 2014 at 07:39:40PM +0100, rysiek wrote: > So here's the idea: sharing bookmark tags and links with each other, via some > extention for example, and making "The Awesome Bar" (damn, I hate that name) > sift through bookmarks/tags of people in your "network" (what that means would > have to be defined, but as Mozilla Sync can already store bookmarks, the data > can already be on a server, just use it). omnom[1] should be able to serve as the server-side, you still need to develop some kind of client-side extension though. [1] omnom https://gitorious.org/tagr/omnom/source/419b512734021b71c01500514b5ae87d0b7f3ab7:features.txt -- pgp: https://www.ctrlc.hu/~stef/stef.gpg pgp fp: FD52 DABD 5224 7F9C 63C6 3C12 FC97 D29F CA05 57EF otr fp: https://www.ctrlc.hu/~stef/otr.txt From rysiek at hackerspace.pl Sun Jan 5 11:04:16 2014 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 05 Jan 2014 20:04:16 +0100 Subject: P2P VPN In-Reply-To: <52BC459D.9060007@owca.info> References: <52BC459D.9060007@owca.info> Message-ID: <1606540.5nQMzLj5D7@lap> Dnia czwartek, 26 grudnia 2013 16:05:01 Matej Kovacic pisze: > Hi, > > this might be of interest to you: > https://code.google.com/p/badvpn/ > > Peer-to-peer VPN > > The VPN part of this project implements a Layer 2 (Ethernet) network > between the peers (VPN nodes). The peers connect to a central server > which acts as a chat server for them to establish direct connections > between each other (data connections). These connections are used for > transferring network data (Ethernet frames), and can be secured with a > multitude of mechanisms. Notable features are: > > * UDP and TCP transport > * Converges very quickly after a new peer joins > * IGMP snooping to deliver multicasts efficiently (e.g. for IPTV) > * Double SSL: if SSL is enabled, not only do peers connect to the > server with SSL, but they use an additional layer of SSL when exchanging > messages through the server > * Features related to the NAT problem: > 1. Can work with multiple layers of NAT (needs configuration) > 2. Local peers inside a NAT can communicate directly > 3. Relaying as a fallback (needs configuration) > > More info here: > https://code.google.com/p/badvpn/wiki/badvpn Very interesting project indeed! > P. S. It would be nice to see this with easy to use GUI and prepacked > binaries for all "main" systems... It would also be nice to see this hosted somewhere outside Google... -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Sun Jan 5 11:06:52 2014 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 05 Jan 2014 20:06:52 +0100 Subject: [tor-talk] Request for "Tor, king of anonymity" graphic In-Reply-To: References: <20131110052942.GB31806@moria.seul.org> <20131224221316.GF3180@nl.grid.coop> Message-ID: <2063428.O46cganD0d@lap> Dnia wtorek, 24 grudnia 2013 20:29:52 grarpamp pisze: > > Seriously? > > freedom of whatever. > > Tor is, in part, about freedom. And freedom is seriously > serious business, not some 'whatever'. Seriously. Including the freedom to say "meh". -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Sun Jan 5 11:22:51 2014 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 05 Jan 2014 20:22:51 +0100 Subject: Replacing corporate search engines with anonymous/decentralized search In-Reply-To: <20140105185212.GW6791@ctrlc.hu> References: <1388305027.11664.55.camel@debian> <19029347.avvEohIsFf@lap> <20140105185212.GW6791@ctrlc.hu> Message-ID: <2528037.4OdIiX32uo@lap> Dnia niedziela, 5 stycznia 2014 19:52:12 stef pisze: > On Sun, Jan 05, 2014 at 07:39:40PM +0100, rysiek wrote: > > So here's the idea: sharing bookmark tags and links with each other, via > > some extention for example, and making "The Awesome Bar" (damn, I hate > > that name) sift through bookmarks/tags of people in your "network" (what > > that means would have to be defined, but as Mozilla Sync can already > > store bookmarks, the data can already be on a server, just use it). > > omnom[1] should be able to serve as the server-side, you still need to > develop some kind of client-side extension though. > > [1] omnom > https://gitorious.org/tagr/omnom/source/419b512734021b71c01500514b5ae87d0b7f > 3ab7:features.txt Humm, I think I have already came across omnom some time ago. Well, I'll have to look into it. A short question: what would you say are the most important advantages of omnom over Mozilla Sync? -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From host at mailoo.org Sun Jan 5 17:48:28 2014 From: host at mailoo.org (h0ost) Date: Sun, 05 Jan 2014 20:48:28 -0500 Subject: Jacob Appelbaum in Germany In-Reply-To: <52C9FA91.9050403@echeque.com> References: <1388445314.96784.YahooMailNeo@web141204.mail.bf1.yahoo.com> <52c7523c.c1d8420a.697b.ffffd01f@mx.google.com> <52C7BB58.7020801@echeque.com> <1418520.UWGAMETuKt@lap> <52C9FA91.9050403@echeque.com> Message-ID: <52CA0B6C.4050608@mailoo.org> On 01/05/2014 07:36 PM, James A. Donald wrote: > Same principle as one can apply to Henry Louis Gates. "Do you know > who I am!", Gates tells the cop. The arrogant voice of the ruler to > the ruled. > Except, in the Gates example, Gates (as a U.S. citizen) is the ruler - at least theoretically. Remember the tale about how the U.S. political system is established through the consent - pretty important word - of those who can vote and establish the republic? So the cop, all cops, are serving those whose votes establish the police, pay their paychecks, and set the rules for their behavior. It's really simple: cops in the US think they run the show. Well they do, but their rule is not legitimate. It's an inversion of the mythology that created the US political system. We can extend this logic to the financial system, and government in general. Do you get it? The same logic applies to Aaron S.'s case. From electromagnetize at gmail.com Sun Jan 5 19:57:06 2014 From: electromagnetize at gmail.com (brian carroll) Date: Sun, 5 Jan 2014 21:57:06 -0600 Subject: drumming (urls) Message-ID: if (strcmp() > t= engine_get(t)) {?format=... --- drums & music --- In Speed Metal, Fastest Drummers Take a Beating Few Humans Can Keep Up in Battle With Drum Machines http://online.wsj.com/news/articles/SB10001424052702304591604579288531126033944 [q] When new technologies arrived, metal drumming standards entered the realm of the physically impossible. [/q] /* so i read the above article and it reminded me of some issues perhaps correlatable with computing today.... i have thought about this a lot after taking up electronic drums for music therapy, learning via self-study, to benefit from the rewiring of circuits and coordination, etc. very much like juggling actually, these two realms combining, and also extending into processing concepts in terms of looping and sequencing of patterns. first, there is so much going on that shares a fundamental limit with how music is conceived of and limited to an outdated paradigm based on perceptual awareness, that the framework of ordinary approaches normally assumes an absolute frame of one-way movement in time of a coordinated group led by a conductor, and this is how music is processed, organized, how songs are defined, relations, instruments designed, etc. like a rationalization in a given view that then may not allow other dynamics in that controlled domain, even, if not due to heresy what this leads to is a technical approach, to refinement, where virtuosity is tied to speed and dexterity and memory, repeating over and over older code performances as flawless as possible, within a range of interpretation though in a finite or contained or bounded way. this extended into radio, recordings or copies of originals, and mp3s, copies of copies, then carrying on this ~music or sound-information or patterning, people training to repeat play the code via lifelong training of authority-based instruction, yet the ideas and concepts fixed in a narrow range of thinking, as if music itself has become its own notation. music as signage. the language of music overtaking the music of music, as its truth. rote performance in a sense. so the assumption arrives at a song if successful, plays eternally, via endless concerts and furtherance by others repeating the code. instead of, perhaps a song only exists in its truth once, in a singular instance, and then it is another song, and cannot be recaptured the same. also: that there are experts or musicians, education needed to play complicated instruments whose interfaces are cryptic to the uninitiated if not musicians themselves, by technical design or engineers who make equipment, yet the _musicological questions have been removed from these same instruments, in their further development in an electronics-based context, especially with computing, where now instruments ship buggy and broken, designed to fail, and with artificial limits or constraints that prevent anything beyond existing bounds from being explored, to control and shape parameters that feed into existing industry automation, as if new music is another can of soup on assemblyline, volunteered or subsidized, paid for the ideal technical performer, to which technology itself aspires, is the robot musician who can function at speeds and with memory and dexterity and coordination humans cannot, and yet in this substitution or equivalence, the truth of music as more than repeated patterns is lost to a reductionist approach, where it is merely language as language, doing things yet at another more detached layer, perhaps even disconnected from a relational, emotional grounding via music, such that it becomes or is technique, only, music as technology, audio engineering with a pleasing aesthetic layer determined by polls and behavioral psychologists if it makes a brain wave peak or entrances a heart rhythm, therefore determining it is effective as an influence, meant to modify or control response, including salivation via music-video [video] A Mohawk Robot With Four Arms Is Playing The Drums... http://www.memecenter.com/fun/691462/a-mohawk-robot-with-four-arms-is-playing-the-drums-your-argument-is-invalid/ [video] Robot Drummer Animatronic - By: Steve Joy https://www.youtube.com/watch?v=4nUAi8kDR_4 ...thus, the future could be with a 'drummer' in a band that is a machine or automaton, a puppet or animatronic model with increased capacity to perform serial gymnastic sequences of patterns, and this could involve more than four limbs in-sync, as part of a core band-setup. (if you see a Chuck E. Cheese robot at a future concert- run!) Chuck E Cheese's Band https://www.youtube.com/watch?v=VEWiilxASZM SO-- MAYBE THINGS ARE ALREADY THIS FAR GONE... in terms of destruction of culture and robotic repetition of 'songs' as if babel, where meaning is replaced by pattern matching as a potential condition where music is a disconnect or escape or bubble condition or virtual layer of self that is sustained in the parameters of music, though this in a context of engineering and a loss of insight from music as music, or from 'new music instruments' via electronics, beyond a given conception that locks it into a realm of calculation and computation, versus a larger exploration of ideas and truth beyond previous limits of what music was conceived of, such that today music is a regression, several centuries caught in an inaccurate framework that perhaps results in its being an inward or introvertedness that is this interaction, lost to the reality of the present day, as if a dream-state yet in a negative dynamic, via detachment, as if a higher state or condition when instead perhaps ungrounded, unreal, fantasy, ego even, as if everyone wants to read eachother's diary and relate on these terms, then go buy stuff and copy one another and belong in the latest trend engineering, as if on gerbil wheel, used as engine and energy for cultural development in these devolved terms, against higher truth and greater relation than only what can be achieved within the contained, forced dynamics it doesn't need to be this way, yet that is where it is heading, seemingly without alternative, due to a status quo that is unquestioned (again, loss of culture, language, communication, and awareness to reason and agree and develop otherwise). so the ideal tends towards the future of this guy: Robot Drummer: “Spruce Deuce” http://highlyliquid.com/hl2012/blog/304 [video] Spruce Deuce v1.2 https://www.youtube.com/watch?v=IfVCmPT6l68 ...where, via archaic MIDI protocols, and further refinements, such an 'electronic drummer' or 'MIDI drummer' would be able to replace a drummer by technically playing or ~performing a score, in place of a person, yet able to do more than a person and at greater speed/accuracy if developed this way, while lacking in other parameters, like being a human, relations with others in the band on an intuitive level, (beyond those designed for intercommunication and control). for instance, if built-out of specs allowed it, perhaps such a drummer could keep up with "speed metal" genre drumming, who knows- maybe even puffs of smoke could emit from eyes and elbows, flames from ears, to bring in extra effects layers to bring the point home of what is going on- the superman as robotic emulation that surpasses functionality in a limited technical domain - minus actual awareness, musical ability, beyond repeating code if mimicry, though perhaps with AI, its own sensibility could develop, though as music it may remain ungrounded beyond its being about matched patterning, or so it seems highly likely that a gap exists between generating music off a midi-score as interpretation and someone having insight about what a song means or is about- though perhaps music is not this today or does not extend that principle into its technologicalization, where technique replaces it, thus the format, the hit song as pattern, remade over and over and over, played over and over, that level of mindwashing and brainwashing of media, commercials having more insight and truth than many songs in their at least attaining authenticity, honesty in communication than other more manipulative or hidden-profit behind fashion trends agenda of cult engineering, this multimedia spanning all of consumption, from ego to attitude to clothes to drugs to status to in-group out-group, as if everything is mediated as if a school hallway scene, that level of adolescence mainstreamed with geriatrics continuing the illusion, ultrahipcool (this is to critique music as marketing, as if a style that can be 'canned' into formatting that then contains its essential quality or value (truth) versus more superficial aspects of this that can involve mimicry or repetition of previous patterns, language as music, or music notation as if music itself, the code referencing itself for its validation and not connected or external truth, which then can become ungrounded from culture it supposed represents/describes. in this way it may not exist as general 'shared consciousness' as believed, even while marketed and profiting this way, an engine of success or business model, versus of aesthetic truth that communicates beyond these boundaries, into another realm of awareness, understanding, perhaps involving musical communication between individuals as a basis for computation or establishing social relations, a level of shared awareness based on music as foundation for literacy in its interdisciplinary depth) the gap is what, then. where. how. who (cannot ask that question). why. (probably not that either). the situation or context is... about a shift in culture, values, perception, including loss of awareness and understanding, governance, replaced by technical approaches, managers of other principles, developed into a remotely administrated and controlled framework. music. instruments. media. relations. skills. truth. consciousness. bound into this, held back by it, captured and contained with it. detached from self, group, and higher aesthetic functioning so in a pre-electric context, 'drums' once used for communication and signaling then evolve into a drum set, from marching band carrying around a bass drum and others snares, to putting these on the floor in a given arrangement and going at it within other parameters, that level of change and new consideration- big band era, then moving into mics and mixers and amplification-- and with electronics, presumably, the first drum machines, not unlike a lot of repetition-based rhythmic processes that could be programmed, yet with sound versus say telephone multiplexing via routers, etc. sound engineering and music production then having overlaps, a large electronics hobbyist dimension becoming an electronics industry in music via all the electronic gear, do-dads, extras, that help establish or create a given sound or noise, a signature, seemingly everything believed justified the resulting 'end products', or not. in that 'shaping a unique sound' may be at the expense or cost of retaining or accessing or developing music principles within instruments themselves, that functionality lost. instead turning to presets, of which add-ons then allow to be further tweaked, 'refined' as a 'unique signal', though not necessarily dealing with its production or possibilities prior to the condition of notation, as language, within those de/con-fined parameters and frameworks. (so everything is really special, though not necessarily meaningful as music, though as private communication that is capable of being modified to n-degrees, that is an effect for that, and a chain of them will be your own special sauce, as long as not sharing the electronics secrets though in these days, logfile and receipt snooping, someone will be able to piece it together and soon enough another clone of the sound will arrive out of central music formatting inc, and replace efforts with a chart-topping hypnotic hit, to selling fries at baseball games next. talk about the patriotrism, worksong. talk about the commercialism, musical careers today, infected by the celebrity worm as a basis for cultural communication within these parameters then also framing questions of music, feedback only in certain institutional views deemed ok to support the charade of one-way authority over this process, keeping questioning at bay) then things hit the wall. no progress beyond a certain point in music instruments in this 'new and improved' electronics context. like everything has been stuck in the 80s with equipment, excepting that of midi-controllers which makes the computer into the instrument, and music into a question of excel-like parameterization, and HTML-webpaged, canned production via tools and endless varieties of hot-swap software circuits, emulating plugboards & everything thus, the disemboweling of piano into keyboard controller that requires a computer to work as a sound-device, that can then be mapped to organ, synth, piano, or other sampled sounds. and somehow, via MIDI, the keyboard becomes the centerpiece and limit to further MIDI considerations, such that the piano-roll defines music in terms of its notation (sign=sign) and does not question possibilities or concepts of music beyond those so far technologized, such that dials, buttons, and switches, then map out this quasi-instrument as 'reading/writing' tool yet only in a very limited dictionary and with highly biased, warped selections to choose from and within that finite realm-- all music is allowed, yet nothing outside of its model is possible to explore. such that, sure you can play along to a preprogrammed hip-hop pattern, yet it is not possible to split a note geometrically, or move things in space-time, or program music in its code outside its being a representation - tape-recorder playback of given filtered action, in a linear, one-way, authority-based approach all based on a narrow approach to time, this embalmed in the MIDI spec, basically killing off potential for music in an electronic domain by turning it into a technical question with a given response, rationalization, set of choices; the question of music is absent in these tools, they are designed instead to produce copies of what already exists within parameters that already exist, that is the specific raison d'être the electronic drums and drumset being two different things, the ecosystem never uniting beyond the parts, then moves into a computer-based context of desktop controllers where people can play drums with their thumbs to 'set down beats' with little capacity beyond this same level of dexterity in terms of what it involves as a question of drumming, beyond say input via tapping on a desk to get a beat, than say communicating larger longer ideas than what fits into a given set of software fields for MIDI rhythms, the foundation of the music. drums are more than this. though in a digital audio workstation (DAW) context, sometimes not more than an arbitrary string needed to generate others that are output as new songs, song as information, information as communication. and perhaps that is all okay, necessary even in terms of the situation, yet music involves vastly more than this in terms of questions and shared cultural communication. though it seems to have been made trivial, as if only a technical exercise, and equated with meaning and skillls that go far beyond this and ground in a larger framework or knowledge that potentially even some of these tools do not allow it is not to suggest taking away the freedom to explore music in varieties of ways, instead it is to question the depth or shallowness of this exploration as a standardized, normalized, and mainstreamed as music produced and received as culture, dumbing-down awareness and then accepting culture at a lower level than is necessary to relate within, socially, mentally, emotionally. unless everyone is in a crib playing with shiny toys and rattles, making noise, and that is the shared condition (perhaps requiring being drugged out of your mind to not be bothered by it, especially in terms of aesthetics and lack of insight, the din of 'music noise'() so this realm completely fascinates me, there is total potential to turn this situation around via another conceptual approach, a paradigm that meets the electromagnetic situation and reframes music within a more accurate nonlinear/multilinear context, getting outside this narrow false absolutist view from classical ideology and music training, its institutionalization and into new parameters and functionality that opens up the instruments for music literacy, understanding, development of skills, interaction, relations, based on music as a shared practice tied into with literacy, social development, awareness, technological advance and refinement, and at its core, about aesthetics, thinking and ideas, truth accessed and involved for instance, take the robot drummer situation. compared to the Def Leppard drummer who lost a limb in an accident and continued to drum one-handed, via technological assistance. a similar condition exists with juggling, where some believe that you need to juggle more balls than your hands to be juggling, thus 2 hands require at least 3 balls to be 'juggling', and yet it also is implied that less than 3-balls is not juggling, when anyone who learns to juggle quickly realizes the steps it takes to get there involves being able to juggle two balls with one hand, that this is a core skill (and adept jugglers can juggle three balls if not more balls in one hand) It is this kind of false limit that may keep people away from juggling because not everyone is at the highest skill level or will achieve that virtuosity yet could still benefit from juggling at a lower level as a learning practice. and if someone only has one-hand, it could be legitimate juggling to juggle 2 balls and is in essence the same as juggling with two hands and three balls in that certain principles are involved and shaped and can be explored in those parameters, such as movement, speed, height, and so on. including with those two-handed, that learning to juggle one-handed in each hand is a core skill and necessary to be effective at juggling, as this ambidextrous condition is what is a challenge, mirroring of various patterns in different directions, thus starting with one-side or the other, as this effects brain processing, as if the pendulum is involved or something that connects both hemispheres of the brain as the side that is preferenced then moves into new relation with the other side, neutralizing out bias given the amount of practice, developing new nerve connections, brain cells, this changes memory circuits, functionality, coordination, thinking or possibility, even, opening up options instead of accepting given limits, and learning step by step how to go about this drum sticks are very much like this, one hand biased and learning to use both, coordinate, and explore basic patterns, from the most basic, single tap here, single tap there, to multiple tap sequences then mirrored across to the other side, as with changing direction in juggling a given pattern, reversing it, so too, using drumsticks to tap out rhythmic structures in reverse using opposite hands, and learning from this as a skill, process, many dimensions involved so the big failure of 'the drummer' in the intro article is that they cannot keep up with the MIDI score, and a better clock is needed or metronome so others can play in sync together 'as a band', thus the computer solves the technical problem. the drummer as instrument not good enough, supposedly, in a high-tech context. what is needed instead is a Shiva-like multiarmed character with insane speed and processing ability, then the band would look good while the drummer flails and generates smoke and heat. [image] album cover http://2.bp.blogspot.com/_npo9ydLAc3I/SEWXECn2ddI/AAAAAAAAAZU/cmS_5TjZ_S8/s400/28.jpg the thing is- as with early photography studies by Muybridge of horse hoofs on the ground- the time-lapse of a drummer is indeed this multi-armed epiphany doing what to most is physically and mentally impossible to coherently understanding in real-time, even if it is dissected, because the issues of dexterity and awareness may be so beyond what most people are capable of, that it is really a unique skillset and capacity to be able to take this functioning on at a higher level, requires special skill or talent or dedication to attain that performability, and yet, slowed down, it can also be more manageable for others at a different skill level or way of playing that does not just rely on speed or given styles of playing. drums are not just a particular sound, style, genre, or format, it could be opened up to more than is questioned today in terms of the instrument - in that instead of emulating and rationalizing a style or particular approach to drumming, it could be requestioned based on more knowledge than an extended linear progression of a given trajectory allow - such that separation of drum machine from electronic drum set may not be structural, only a choice, and likewise others so in a non-profane context of serious issues with the way equipment is and its technical limitations, consider the sculpture of Shiva in terms of its capturing this increased capacity that is some inherent limit in the given technical approach for ~electronic drumming... Multi statue armée en Thaïlande http://fr.123rf.com/photo_11044455_multi-statue-armee-en-thailande.html so consider again the issue of time. if this was a many-instanced view, most drummers would have a sequence very much of this many-armed approach. though if a score is sped up so fast, at some point only a multiarmed robot or a superfast two armed robot could feasibly drum at a certain pace, beyond human capacity, due to time, energy, ability to process information. it is perhaps a classic case of multitasking though within a group-subgroup dynamic of (drumset (drums)) where a certain limit is approached to what can be performed in terms of given parameters of functioning. multitasking -- handyman http://www.affordablehousinginstitute.org/blogs/us/handyman_small.jpg multitasking -- office work http://www.getthere-fromhere.com/wp-content/uploads/2010/12/Shiva-Image.jpg not sure if it is evident yet, though this is a condition also existing in computing, whereby there are large gaps between tasks that have no larger relation to one another beyond certain limits or parameters, incompatible or unintegrated software or frameworks or approaches, thus atomizing everything into a separate domain or task or chore, and thus losing efficiency, whereby 'speed' is the ability to coordinate in that framework, keep it coherent, and get things done simultaneously, not unlike banging out a sequence on drums where is this going? there is a physical and mental limit to what can be done and it can be reached and then hold back functioning, as a barrier, yet also people can be judged against what is an institutionalized inefficiency or false constraint, due to design, that forces these dynamics, which can then turn against efforts, such as making 'work' less productive, etc, even when home computing was sold as an efficiency device, to make things easier when instead it becomes more and more time-wasting chores and routines, upkeep, hassle, etc as if an ulterior motive designed in from the start, its dysfunction programming and formatting user dysfunction. in this way, the problem with tools shaping the user via negative influence, the dynamics set up in a devolutionary or regressive way, via detached, ungrounded, unreal, or otherwise inferior approaches that then become standardized, the norm to follow, etc so this is about time, about tools and technologies in a context that are interacted with, communication, and about intent or symbiosis between a person and technology, perhaps bridging into a larger organization of others and other technology (playback, etc) the electronic metronome is basically the keystone to electronic drumming in a band in so far as it relates to music notation, a style of playing, the shared 'music score' as code & program. that a person would have to play so fast to keep in sequence is akin to GHz and CPUs, as this relates to design parameters, is it really better or a design approach leading to other values. though the central idea is that timing and drums are structuralized in the framework of a band and a drummer performs an advanced metronome function within the band, that today for some a machine can replace and extend into other functionality that may or may not be manageable by or with a drummer at the helm. in place of a drummer, some have a PC with software tracks, hooked into mixer, controlling drums via software interface. others have drummers with triggering of additional samples or patterns, to allow this information management via sticks hitting trigger/sensors in the drum kit, to activate a given sound or sample or recorded playback. so the upper limit appears to be- a physical entity aka drummer cannot feasibly play this or play it as needed , thus some electronics equipment or tools will do it, and perhaps there is no need for a drummer in the band, they are not fast enough or cannot manage the sounds, (perhaps even there is irregular timing or something, cued other than by drums, etc). so here is a bit of clarity on this situation: no where does it say there has to be only one approach or direction with 'time' in music, and yet it is a forced perspective that has now become the structure for all electronic music instruments, in a one-way flow of time that moves into 'speed' as a view of increased or advanced processing. as if linear flow is all of it. music has no perspective, no dimensionality, it is a flattened realm of inquiry stuck within an 16-18th century notion of space-time that is pre-Einstein, perhaps pre-Copernican even, as if everyone needbe sitting at the feet of Beethoven then evolving to churn out rap songs next in endless strings of concatenation of themes, structures, values, as if 'composers of reality', eventually by way of merely saying or singing language to various melodies and tunes, as if music and song is definable in fixed parameters endlessly extendable, never stale, rotting and the ruins of culture, festering and stank in its role and importance, loss of connection with truth beyond finite beliefs shared in-group, scaled to consumerist ubiquity & for sale why could there not be 'many clocks' at once, perhaps moving in different directions within a drum set. in an acoustic context this is not possible. in an electronic drum set it is possible yet not able to be explored given the way things are designed and structured for emulation and extension of previous styles. the depth of music buried under an emptiness of its value and insight by a genre past its time, yet repeated endlessly on the radio and online as if eternal, vs. cultural tyranny of noise that seeks to mask out other views, stand in as if 'the standard' when instead this is conceit, based on power politics, control over media, enforced authority and forced perspective, that somehow everyone holds certain musical truth in common, as if aesthetics and shared awareness can be engineered for and scaled to populations via expert propaganda of repeat iconic performance, tv-specials, awards, superbowl halftime shows i have several ideas about a new approach to electronic drums as an ecosystem of various components, including mixer, looper, sequencer, sampler, metronome, and drums combined into a single instrument interface. much like a web server that spans another virtual machine or process, to manage or access another dimension, so too, why not allow a drummer to have 'multiple arms' via the tools themselves, by allowing a drum machine to capture patterns that the drummer plays, set them up as a loop in real-time, and then add and subtract and shape this information while it is live within the equipment. many clocks, different directions for the sound, starting one pattern in certain instruments and send it in a given direction and then another with different sounds in another direction, and let them go on their way while playing yet another sound, different rhythms, within this layered context. hell, who needs a band, even, if you have such a drum set. this is more like drumming as programming though in haptic or even neuro-feedback or voice-control interface, prototype for future computing even in its communicative function, if considering performance could be over the network and thus local and remote via HDTV connections. so shared work model in teleconferencing into music, new MIDI standards allowing multiple times, though far more is involved than can be sketched here in these parameters. the larger point of it is that even though it is not allowed, 'the music' of drumming exists in a context beyond the way the equipment is now designed, yet could be reconsidered, once again questioned for what is going on in musicological terms, the substance of instruments, and then open up these parameters for music to breath within versus be stifled by lack of ability to do anything other than playing as fast as possible as the innovation path available, versus multilinear and ecosystem and other dynamics that could also be possible, if these situations would be evaluated in their truth, versus just as profit for the automated machine and music-production ideology that formats these tools as formulaic, calculator-like devices that produce endless strings of self-same limited parameter computations over and over, as if equated with heightened awareness and grounding of culture by mere communication. in other words, maybe virtuosity of expertise in a given instrument is not the aim or goal and instead literacy of music via instruments and as a way of forming and shaping awareness and consciousness and forming a basis for shared communication at a greater depth than existing culture allows though has historically been achieved and held with great reverence, in that music forms the centre of shared experience, brings many together in one relation and that instruments can do likewise. (in this regard, some of my ideas include people being the performance themselves, musicians as networks of multiple timed looping patterns and interacting as ecosystem, being able to move through music at any point or path as with software models thus the song is interpretable, non-repeatable even, an environment that is navigated, this could include performance, headphones allowing positioning or moving around acoustic space, etc. software tools anyone can use to learn musical principles. musicological instruments that redevelop existing types along more fundamental musical structures and principles, such that music instruments are reading/writing instruments, gaining that level of interaction and ability to communicate beyond existing notation parameters that deter such developments) a drumset that is grounded in its electromagnetic context and can access the truth of this condition in that parameters of music allow it to be tapped into, explored, understood, and experimented with, then potentially relates to a next-level of computation of the sensor-based environment requiring orchestration from within chaos, into order, via looped patterns of tasks and routines of separate elements (whether tom-tom, sequencer, metronome, or pantry, computer, e-ink wall display). the larger dynamics involve similar principles, how to manage multilinear flows of information, shape them, program them, secure functioning while existing or starting in another framework. how to make the transition, what is the conflict in ideas or ideology, what if the difference in values, in control, management, authority, is truth driving the process or its representation that can be warped, subverted, and what if what today does not work together at all instead could be naturally, organically cohesive as an ecosystem, harmonious, due to recognizing shared principles, functionality, parameters and functionality that are symbiotic, and provide feedback in shared frameworks that benefit the whole infrastructure which is scalable, because it is based upon shared truth this truth of music is truth of life, truth of culture, truth of people, truth of society, that is the value that has been replaced by another set of principles moving in an inhuman direction that then holds people against its values as if inferior when it is the opposite- these tools need to serve people, not the other way around. they should free the imagination and open-up options, not deny or break these connections to maintain some other agenda or priority; and yet music like everything else has become trapped in this realm of falsity, held captive to mimicry and substitution of a false-view, seldom do i hear music of my own nature anymore and thus these words about future instrument design, what is needed, within these ruins of civilization and its- our- lost culture <>---- reference ---<> [q] Drum: It is an instrument frequently used in rites and rituals; its rhythmical sound is sometimes (e.g., in Buddhism) equated with the hidden sounds and powers of the cosmos. Often (e.g., among black African peoples) the drum served magically to call down heavenly powers; the war drum in particular was closely associated with the symbolism of LIGHTNING and THUNDER. -- In China the sound of the drum was related to the course of the SUN and especially to the winter solstice (i.e., that point when the yin principle exerts its greatest influence but also when the sun, and hence the yang principle, begins to increase its influence again). See YIN AND YANG. -- The drum is the symbolic heart of the universe for Native Americans. [/q] --- The Herder Dictionary of Symbols, p.62 DRUM A symbol of primordial sound, and a vehicle for the word, for tradition and for magic (60). With the aid of drums, shamans can induce a state of ecstasy. It is not only the rhythm and the timbre which are important in the symbolism of the primitive drum, but, since it is made of wood of 'the Tree of the World', the mystic sense of the latter also adheres to it (18). According to Schneider, the drum is, of all musical instruments, the most pregnant with mystic ideas. In Africa, it is associated with the heart. In the most primitive cultures, as in the most advanced, it is equated with the sacrificial altar and hence it acts as a mediator between heaven and earth. However, given its bowl-shape and its skin, it corresponds more properly to the symbolism of the Element of earth. A secondary meaning turns upon the shape of the instrument, and it should be noted that it is in this respect that there is most variation in significance. The three essential shapes are: the drum in the form of an hour-glass, symbolizing Inversion and the 'relationship between the two worlds' (the Upper and Lower) ; the round drum, as an image of the world, and the barrel-shaped, associated with thunder and lightning (50). [/q] --- A Dictionary of Symbols, j.e. cirlot. p.85 :;.:|: drummer :.|;.: [video] interview with Kenny Aronoff: Part I (27:18) http://www.theblackpage.net/interviews/kenny-aronoff-part-1 [video] interview with Kenny Aronoff Part II (22:26) http://www.theblackpage.net/interviews/kenny-aronoff-part-2 Listening... http://en.wikipedia.org/wiki/Listening --= on tuning =-- Here’s Why You Should Convert Your Music To 432 hz. http://zedie.wordpress.com/2014/01/04/heres-why-you-should-convert-your-music-to-432-hz/ the surrounding context https://www.dropbox.com/s/ov2yfxa3435wbgd/ruins.gif {educational fair-use of copyright, 2013} 411-A1A/56 413-C2B/812-NET r80,e#W9s/95x02+k -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 38288 bytes Desc: not available URL: From gfoster at entersection.org Sun Jan 5 20:47:59 2014 From: gfoster at entersection.org (Gregory Foster) Date: Sun, 05 Jan 2014 22:47:59 -0600 Subject: "Google and the World Brain" (2013) Message-ID: <52CA34CA.2030705@entersection.org> thoughtmaybe (Jan 5) - "Google and the World Brain": http://thoughtmaybe.com/google-and-the-world-brain/?lang=en > In 2002, quietly and behind closed doors, the Internet giant Google began to scan millions of books in an effort to create a privatised giant global library, containing every book in existence. Not only this, but they claimed they had an even greater purpose–to create a higher form of intelligence, something that HG Wells had predicted in his 1937 essay “World Brain”. Working with the world’s most prestigious libraries, Google was said to be reinventing the limits of copyright in the name of free access to anyone, anywhere. But what can possibly be wrong with this picture? As Google and the World Brain reveals, a whole lot. Some argue that Google’s actions represent aggressive theft on an enormous scale, others see it as an attempt to monopolise our shared cultural heritage, and still others view the project as an attempt to flatten our minds by consolidating complex ideas into searchable “extra-long tweets” for the screen. > At first slowly, and then with intensifying conviction, a diverse coalition of authors and others mobilise to stop the ambitious project. Google and the World Brain explores this high-stakes story with an important alternative voice to the technological utopianism of our age. http://www.worldbrainthefilm.com/ http://www.imdb.com/title/tt2551516/ https://twitter.com/worldbrainfilm Trailer: http://www.youtube.com/watch?v=RZkdkobK99A Thanks to Michael Allan for the pointer to thoughtmaybe.com via libtech, https://mailman.stanford.edu/pipermail/liberationtech/2013-August/010908.html HT their email announcement list: http://thoughtmaybe.com/subscribe/ gf P.S. - H.G. Wells' collection of essays and addresses, _World Brain_: http://en.wikipedia.org/wiki/World_Brain Including "The Idea of a Permanent World Encyclopaedia", his "[c]ontribution to the new Encyclopédie Française, August, 1937": https://sherlock.ischool.berkeley.edu/wells/world_brain.html > Quietly and sanely this new encyclopaedia will, not so much overcome > these archaic discords, as deprive them, steadily but imperceptibly, > of their present reality. -- Gregory Foster || gfoster at entersection.org @gregoryfoster <> http://entersection.com/ From s at ctrlc.hu Sun Jan 5 14:12:28 2014 From: s at ctrlc.hu (stef) Date: Sun, 5 Jan 2014 23:12:28 +0100 Subject: Replacing corporate search engines with anonymous/decentralized search In-Reply-To: <2528037.4OdIiX32uo@lap> References: <1388305027.11664.55.camel@debian> <19029347.avvEohIsFf@lap> <20140105185212.GW6791@ctrlc.hu> <2528037.4OdIiX32uo@lap> Message-ID: <20140105221227.GZ6791@ctrlc.hu> On Sun, Jan 05, 2014 at 08:22:51PM +0100, rysiek wrote: > Humm, I think I have already came across omnom some time ago. Well, I'll have > to look into it. A short question: what would you say are the most important > advantages of omnom over Mozilla Sync? i don't know mozilla sync. one huge advantage of omnom is, that it snapshots the pages you bookmark as they are rendered in your firefox. i guess, that could also be useful for searching bookmarked pages... also there are hooks in the code that connect multiple omnom instances and other services for the federation of tags, but that is quite dead code. -- pgp: https://www.ctrlc.hu/~stef/stef.gpg pgp fp: FD52 DABD 5224 7F9C 63C6 3C12 FC97 D29F CA05 57EF otr fp: https://www.ctrlc.hu/~stef/otr.txt From grarpamp at gmail.com Sun Jan 5 21:22:08 2014 From: grarpamp at gmail.com (grarpamp) Date: Mon, 6 Jan 2014 00:22:08 -0500 Subject: Recent Der Spiegel coverage about the NSA and GCHQ In-Reply-To: <52C60659.2020708@appelbaum.net> References: <52C60659.2020708@appelbaum.net> Message-ID: On Thu, Jan 2, 2014 at 7:37 PM, Jacob Appelbaum wrote: > We worked > very hard and for quite some time on these stories - I hope that you'll > enjoy them. Thank you Jacob, and for all your work. From europus at gmail.com Mon Jan 6 04:18:28 2014 From: europus at gmail.com (Ulex Europae) Date: Mon, 06 Jan 2014 07:18:28 -0500 Subject: Jacob Appelbaum in Germany In-Reply-To: <52C7BB58.7020801@echeque.com> References: <1388445314.96784.YahooMailNeo@web141204.mail.bf1.yahoo.com> <1388473744.13334.YahooMailNeo@web141206.mail.bf1.yahoo.com> <006601cf063d$0d4e9820$27ebc860$@net> <1388519945.16721.YahooMailNeo@web141206.mail.bf1.yahoo.com> <52C33963.1000709@echeque.com> <52c61837.6cf5420a.55f9.ffffef24@mx.google.com> <52C6A053.7080709@echeque.com> <52c6a7c8.ca41420a.775b.ffffc87f@mx.google.com> <52C70FCF.7090102@echeque.com> <52c7523c.c1d8420a.697b.ffffd01f@mx.google.com> <52C7BB58.7020801@echeque.com> Message-ID: <52ca9f18.eaee440a.7d60.ffffa0b9@mx.google.com> At 02:42 AM 1/4/2014, James A. Donald wrote: >>Or it might've simply been an unintentional oversight, a mistake, a >>malfunction or who knows what. > >The expression on his face, and his choice of reading material, >suggests deliberate intent. Oh, so sorry. I'll be watching for you on the next poker championship since you are so accurate and reliable at reading tells. Or, you could refrain from attributing motives beyond those that may be safely inferred from a fair reading of the known facts. --ue From jamesd at echeque.com Sun Jan 5 16:36:33 2014 From: jamesd at echeque.com (James A. Donald) Date: Mon, 06 Jan 2014 10:36:33 +1000 Subject: Jacob Appelbaum in Germany In-Reply-To: <1418520.UWGAMETuKt@lap> References: <1388445314.96784.YahooMailNeo@web141204.mail.bf1.yahoo.com> <52c7523c.c1d8420a.697b.ffffd01f@mx.google.com> <52C7BB58.7020801@echeque.com> <1418520.UWGAMETuKt@lap> Message-ID: <52C9FA91.9050403@echeque.com> James A. Donald wrote: > > > > That he did not rate limit the download is an announcement "I > > > > am powerful and have the correct political connections, and > > > > you do not", which assessment turned out to be incorrect. Ulex Europae wrote: >>> Or it might've simply been an unintentional oversight, a mistake, >>> a malfunction or who knows what. James A. Donald wrote: >> The expression on his face, and his choice of reading material, >> suggests deliberate intent. On 2014-01-06 04:16, rysiek wrote: > "I interpret an expression on a photo of a face of a person I have > never met in a certain, peculiar way, hence I have the right to > judge them and have the insight to understand their actions and > motivations in full." I have read his reading material. He thought himself ruling class, and those whose network he disrupted the ruled. Same principle as one can apply to Henry Louis Gates. "Do you know who I am!", Gates tells the cop. The arrogant voice of the ruler to the ruled. From rysiek at hackerspace.pl Mon Jan 6 02:25:49 2014 From: rysiek at hackerspace.pl (rysiek) Date: Mon, 06 Jan 2014 11:25:49 +0100 Subject: Replacing corporate search engines with anonymous/decentralized search In-Reply-To: <20140105221227.GZ6791@ctrlc.hu> References: <1388305027.11664.55.camel@debian> <2528037.4OdIiX32uo@lap> <20140105221227.GZ6791@ctrlc.hu> Message-ID: <1908029.0XhnnO53qH@lap> Dnia niedziela, 5 stycznia 2014 23:12:28 stef pisze: > On Sun, Jan 05, 2014 at 08:22:51PM +0100, rysiek wrote: > > Humm, I think I have already came across omnom some time ago. Well, I'll > > have to look into it. A short question: what would you say are the most > > important advantages of omnom over Mozilla Sync? > > i don't know mozilla sync. one huge advantage of omnom is, that it snapshots > the pages you bookmark as they are rendered in your firefox. i guess, that > could also be useful for searching bookmarked pages... also there are hooks > in the code that connect multiple omnom instances and other services for > the federation of tags, but that is quite dead code. I'm bought! Mozilla Sync has neither federation nor snapshotting. Me gusta mucho. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From griffin at cryptolab.net Mon Jan 6 08:28:56 2014 From: griffin at cryptolab.net (Griffin Boyce) Date: Mon, 06 Jan 2014 11:28:56 -0500 Subject: Jacob Appelbaum in Germany In-Reply-To: <52CAD4E2.5030402@owca.info> References: <52CAA24E.5060809@cathalgarvey.me> <52CAA2A0.9070507@cathalgarvey.me> <52CAD18B.9080800@echeque.com> <52CAD4E2.5030402@owca.info> Message-ID: Matej Kovacic said: >> He was still arrogant and badly behaved. > You are talking about NSA? :-) +1 It's a bit of a hollow insult to call an individual working for the public good arrogant, when there's a morass of unethical asshats who are far more deserving of that descriptor. ~Griffin From jamesd at echeque.com Sun Jan 5 18:10:12 2014 From: jamesd at echeque.com (James A. Donald) Date: Mon, 06 Jan 2014 12:10:12 +1000 Subject: Jacob Appelbaum in Germany In-Reply-To: <52CA0B6C.4050608@mailoo.org> References: <1388445314.96784.YahooMailNeo@web141204.mail.bf1.yahoo.com> <52c7523c.c1d8420a.697b.ffffd01f@mx.google.com> <52C7BB58.7020801@echeque.com> <1418520.UWGAMETuKt@lap> <52C9FA91.9050403@echeque.com> <52CA0B6C.4050608@mailoo.org> Message-ID: <52CA1084.8000304@echeque.com> James A. Donald wrote: > > Same principle as one can apply to Henry Louis Gates. "Do you > > know who I am!", Gates tells the cop. The arrogant voice of the > > ruler to the ruled. h0ost wrote: > Except, in the Gates example, Gates (as a U.S. citizen) is the ruler > - at least theoretically. If Gates was speaking as a US citizen, rather than as one of the ruling class who rules over US subjects, would not demand that the cop should know who he is. From jya at pipeline.com Mon Jan 6 09:18:18 2014 From: jya at pipeline.com (John Young) Date: Mon, 06 Jan 2014 12:18:18 -0500 Subject: Jacob Appelbaum in Germany - Aaron Swartz In-Reply-To: <52CADAB3.2040507@cathalgarvey.me> References: <52CAA24E.5060809@cathalgarvey.me> <52CAA2A0.9070507@cathalgarvey.me> <52CAD18B.9080800@echeque.com> <52CADAB3.2040507@cathalgarvey.me> Message-ID: Swartz was ratted by a sysadmin, investigated by several sysadmins, some who formerly helped him and were pressured to betray him, indicted with the essential help of sysadmins. University and JSTOR administrators could not have discovered him , aided the investigation, cooperated with the prosecutor, without sysadmins. The cops and prosecutor could not have caught, investigated, coerced witnesses, indicted and killed Swarz without sysadmins. Some of those sysadmins are under lifetime vows of secrecy for cooperating against Swartz. Many sysadmins are under lifetime secrecy for cooperation against the public, and each other. NSA, CIA, FBI, NGOs, coms, edus, entrepreneurs could not do what they do without sysadmins. Same goes for most comsec experts, crypto experts, technical experts. Experts like those used to be here but most went over to specialized fora which avoid "politics" to simulate political involvement in order to rat on the public, and each others, to maximize their income sysadmining mercilessly, amorally, without ethics, without oversight, "out of control." James Donald like others here is in a bind. He knows the villainy of sysadmins and comsec experts, but needs the dirty money. So he pretends to be hard-hearted. Forgive him succumbing to the power of economics, for double-talking fork-tongued dual-hatted dual-use palaver. Also known as Thatcher-Reaganomics in which the accumulation and concentration wealth is fundamental religion far more potent than democracy, islamicism, al-qaeda, militarism, tea partyism, leakism. Some cybertech wizards, sysadmins and comseckers, caught a wave with cybersec. Trained themselves, got help from hackers and others, got training at cybersec schools and gov agencies, got hired for impressive pay, got awards for and against the public, gradually became encrusted with cybersec layerings which involve a witch's brew of deception, pretense, fear-mongering, half-assed comsec, apologias, exculpations, blame-gaming, snot-nosed arrogance, false modesty, lurking, put-downs, all the crafts of sneak-thieves and politicians who loved their skullduggery. Some are famous for the shit they spread. And rightly so, this is the way of empires, now digital, now totally digitally spying, now doing what empires do, calling their product what the little people need, executing the few little people like Swartz who not only call their bullshit what it is but take action to replace it with much healthier than bribegivers and bribetakers will ever cut loose. At 11:32 AM 1/6/2014, you wrote: >I'd love to read through your back-catalogue to get up to speed on why >you hate Aaron so much, but I'm more of a "signal" kind of guy > >On 06/01/14 15:53, James A. Donald wrote: > > On 2014-01-06 22:33, Cathal Garvey wrote: > >> In Aaron's case, he saw copyright and privatisation of publicly funded > >> research as anathema, which of course it is. And being at that point of > >> some power and influence for his tier of political clout, he felt he > >> could use his academic ties to cover for his "Open Access Manifesto". In > >> fact, he probably could have done, if MIT stood with him and referred to > >> his work as research; I imagine he was surprised that they didn't. > > > > In which you implicitly agree he was ruling class and did not expect his > > actions to be punished. > > > > So, the ruling class ejects those who take ruling class ideals too > > seriously. Also, bears shit in the woods. > > > > He was still arrogant and badly behaved. > > > > From jya at pipeline.com Mon Jan 6 09:32:55 2014 From: jya at pipeline.com (John Young) Date: Mon, 06 Jan 2014 12:32:55 -0500 Subject: [cryptography] To Protect and Infect Slides In-Reply-To: <604410b939c2499e960a36ccbbaa2b7f@daemon.be> References: <4dcbb04f7c2c485eb43d18e222b0f9a8@cryptolab.net> <20131231051456.GC25536@order.stressinduktion.org> <52C3257D.6000707@appelbaum.net> <52C88ED3.4010902@gmail.com> <604410b939c2499e960a36ccbbaa2b7f@daemon.be> Message-ID: Logs needed run the Internet steadily, securely and cheaply are not what logs files have grown into: Bloated, malicious, exploitive and very lucrative spying on users. This is why there are thousands of firms providing log files exploitation programs and services. Every product manufacturer touts its spying capabilities through innocent sounding "log files" ostensibly serving administrative purpose but then just below that claim are the burgeoning other uses of maximizing profits. Log files are metadata of the Internet, the tip of a giant iceberg of metadata. This is the dirty secret, the family jewels, of the Internet, carefully rationalized and guarded by sysadmins. Sysadmins have become the traitors, or patriots, of the Internet. Traitors against the public, patriots for the powerful exploiters of the Internet. Exploitation of bloated little known, behind the public scene log files exceeds that of all search engines combined. Exceeds offiical spying in all nations. Indeed, facilitates spying in all nations for generous fees and to diffuse understanding of how cyber spying works, who its architects are, what is the architecture. Snowden hints are this but so far only pretty facades have been disclosed, the underlying operation apparently to threatening to "national security" to be revealed to the public. Sysadmins just adore being foundational to this architecture of deceit The argument log files are essential to run the Internet is a cover for the huge industry which goes right through that tiny aperture of access to construct an unbelievable spying operation, far more insidious than that of the official spies, which as we know merely copy the industry and buy a small number of its products. At 11:42 AM 1/6/2014, Laurens Vets wrote: >On 2014-01-05 01:01, John Young wrote: >>If your server or ISP generates log files, as all do, you cannot >>be secure. If upstream servers generate log files, as all do, >>you cannot be secure. If local, regional, national and international >>servers generate log files, as all do, you cannot be secure. >>So long as log files are ubiquitous on the Internet, no one can >>be secure. >>Log files are the fundamental weakness of the Internet >>because system administrators claim the Internet cannot >>be managed and maintained without them. >>This is not true, it is merely an urban legend to conceal >>the interests of system administrators and their customers >>to exploit Internet user data. >>There is no fundamental need for log files, except to >>perpetuate the other urban legend, privacy policy, which >>conceals the abuse of log files by web site operators >>and their cooperation with "lawful" orders to reveal >>user data, most often by being paid to reveal that >>data to authorities, to sponsors, to funders, to >>advertisers, to scholars, to private investigators, >>to inside and outside lawyers, to serial cohorts, >>cartels and combines, to providers and purchasers >>of web sites, to educators of cyber employees, >>to courts, to cybersecurity firms, to journalists, to >>anybody who has the slightest justification to exploit >>Internet freedom of information by way of phony >>security, privacy and anonymizing schemes. >>In this way, the Internet corrupts its advocates by >>inducing the gathering and exploiting user data, . >>It is likely your organizaion is doing this ubiquitous >>shit by pretending to ask for advice on security. >>As if there is any. NSA is us. > >How would you monitor, maintain & troubleshoot administration & >security issues on your servers if you do not have logs? Or are you >talking about retention of said logs? > >>At 05:44 PM 1/4/2014, you wrote: >>>-----BEGIN PGP SIGNED MESSAGE----- >>>Hash: SHA256 >>>On 31/12/13 21:13, Jacob Appelbaum wrote: >>>>I'm also happy to answer questions in discussion form about the >>>>content of the talk and so on. I believe we've now released quite a >>>>lot of useful information that is deeply in the public interest. >>>>All the best, Jacob >>>Hi people: >>>As most of the people around the world, I find really troubling all >>>these revelations. Of course we suspected this kind of shit, we just >>>didn't know the gory and surprising details. >>>I work in a libre-software e-voting project [0] which has been >>>deployed in some interesting initiatives already [1] and we strive to >>>make it as secure as possible [2], though our resources are currently >>>limited. Of course, anyone is welcome to join and help us. >>>Do you have any specific recommendation for securing the servers of >>>the authorities who do the tallying, in light of latest revelations? >>>it seems really difficult to get away from the NSA if they want to get >>>inside the servers. >>>Kind regards, >>>- -- >>>[0] https://agoravoting.com >>>[1] >>>http://www.theguardian.com/world/2013/sep/11/joan-baldovi-spain-transparency-bill?CMP=twt_gu >>>[2] >>>https://blog.agoravoting.com/index.php/2013/01/03/agora-a-virtual-parliament/ >>>-----BEGIN PGP SIGNATURE----- >>>Version: GnuPG v2.0.22 (GNU/Linux) >>>Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ >>>iF4EAREIAAYFAlLIjtMACgkQqrnAQZhRnaqPhwEA8DWIYkdp4gyC4uo6asng0Olc >>>1viSsZazIcv1TC9w8S4BAN0Q+iZ7boZOconhKCBBfele9Im9/+0Dt0j/M+ySVeQ7 >>>=e6ab >>>-----END PGP SIGNATURE----- >>>_______________________________________________ >>>cryptography mailing list >>>cryptography at randombit.net >>>http://lists.randombit.net/mailman/listinfo/cryptography From cathalgarvey at cathalgarvey.me Mon Jan 6 04:33:36 2014 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Mon, 06 Jan 2014 12:33:36 +0000 Subject: Jacob Appelbaum in Germany In-Reply-To: <52CAA24E.5060809@cathalgarvey.me> References: <52CAA24E.5060809@cathalgarvey.me> Message-ID: <52CAA2A0.9070507@cathalgarvey.me> But he'd have been a felon, then. And unable to participate meaningfully in politics from "the inside", which I gather to have been his ultimate mission. Aaron was the ultimate white-knight, he wanted to go all the way to the White House and fix things from the inside. Of course, he'd have failed; systems like this aren't constructed, they *evolve* by surviving many white knights and adapting to them. Part of the defense system (according to my pet theory of corrupt-state-evolution) of a long-lived corruption is "wayside tempatations" in the form of seemingly unbelievable illegalities that are trivially assaulted on their basis, but which in so doing permanently remove someone from the establishment. In other words, as white knights rise through the system, they are increasingly tempted to use their expanding power and influence to attack problems within their reach, but when they do so they are picked off from the ladder of power, leaving their carefree sociopathic brethren to rise to power. In Aaron's case, he saw copyright and privatisation of publicly funded research as anathema, which of course it is. And being at that point of some power and influence for his tier of political clout, he felt he could use his academic ties to cover for his "Open Access Manifesto". In fact, he probably could have done, if MIT stood with him and referred to his work as research; I imagine he was surprised that they didn't. Other "wayside temptations" are things like criminalisation of piracy, drug war, institutional racism, censorship, surveillance, tax evasion by the wealthy and overtaxation of the poor. All of these and more are issues that, if addressed directly by a rising star, can either lead to felonies or criminalities, or merely an avenue by which to strip a person of their political viability by PR assault. To read several accounts by those who knew him well, it appears to me that Aaron wasn't trying to escape a long-or-short prison term, but the loss of any chance to pursue his dream of political reform through the supposedly-legitimate, electionary route. On 01/01/14 20:28, Jim Bell wrote: > No, I'm sorry, I have no links with other MIT alums. > > One big misunderstanding that would have been able to clear up with aaron swartz had I been aware of his situation, that I hope other readers will now learn, is the issue of how much time he (or other federal defendants) would have faced if convicted. Federal criminal laws generally include with them a statement of the maximum punishment that can be applied: They are generally even numbers, such as "5 years", "10 years", "15 years" or so. However, such statements are basically archaic: In 1987, the laws were changed (prisoners called it "new law") to calculate sentences based on the defendant's criminal history, the severity of the crime, and other facts. See http://en.wikipedia.org/wiki/United_States_Federal_Sentencing_Guidelines > > > The following sentencing table is part of that Wikipedia article. I assume that Aaron Swartz would have had a "zero" "criminal history", in other words the Column labelled "I" (0 or 1) would have been used. An offense level up to 8 would have specified a sentence between 0 and 6 months. I would have to look up the specific charges to see what he faced, but I strongly doubt that he would have been sentenced to over 2 years, and probably under 1 year. > > Jim Bell > > > ================quote from Wikipedia begins================ > > > Sentencing table > The sentencing table is an integral part of the U.S. Sentencing Guidelines.[24] > The Offense Level (1-43) forms the vertical axis of the Sentencing > Table. The Criminal History Category (I-VI) forms the horizontal axis of the Table. The intersection of the Offense Level and Criminal History > Category displays the Guideline Range in months of imprisonment. "Life" > means life imprisonment. For example, the guideline range applicable to a defendant with an Offense Level of 15 and a Criminal History Category > of III is 24–30 months of imprisonment. > Sentencing Table (effective Nov. 2012) > (showing months of imprisonment)[25][26] > Offense Level ↓ > Criminal History Category > (Criminal History Points) > I > (0 or 1) > II > (2 or 3) > III > (4,5,6) > IV > (7,8,9) > V > (10,11,12) > VI > (13+) > Zone A > 10-6 0-6 0-6 0-6 0-6 0-6 > 20-6 0-6 0-6 0-6 0-6 1-7 > 30-6 0-6 0-6 0-6 2-8 3-9 > 40-6 0-6 0-6 2-8 4-10 6-12 > 50-6 0-6 1-7 4-10 6-12 9-15 > 60-6 1-7 2-8 6-12 9-15 12-18 > 70-6 2-8 4-10 8-14 12-18 15-21 > 80-6 4-10 6-12 10-16 15-21 18-24 > Zone B > 94-10 6-12 8-14 12-18 18-24 21-27 > 106-12 8-14 10-16 15-21 21-27 24-30 > 118-14 10-16 12-18 18-24 24-30 27-33 > Zone C > 1210-16 12-18 15-21 21-27 27-33 30-37 > 1312-18 15-21 18-24 24-30 30-37 33-41 > Zone D > 1415-21 18-24 21-27 27-33 33-41 37-46 > 1518-24 21-27 24-30 30-37 37-46 41-51 > 1621-27 24-30 27-33 33-41 41-51 46-57 > 1724-30 27-33 30-37 37-46 46-57 51-63 > 1827-33 30-37 33-41 41-51 51-63 57-71 > 1930-37 33-41 37-46 46-57 57-71 63-78 > 2033-41 37-46 41-51 51-63 63-78 70-87 > 2137-46 41-51 46-57 57-71 70-87 77-96 > 2241-51 46-57 51-63 63-78 77-96 84-105 > 2346-57 51-63 57-71 70-87 84-105 92-115 > 2451-63 57-71 63-78 77-96 92-115 100-125 > 2557-71 63-78 70-87 84-105 100-125 110-137 > 2663-78 70-87 78-97 92-115 110-137 120-150 > 2770-87 78-97 87-108 100-125 120-150 130-162 > 2878-97 87-108 97-121 110-137 130-162 140-175 > 2987-108 97-121 108-135 121-151 140-175 151-188 > 3097-121 108-135 121-151 135-168 151-188 168-210 > 31108-135 121-151 135-168 151-188 168-210 188-235 > 32121-151 135-168 151-188 168-210 188-235 210-262 > 33135-168 151-188 168-210 188-235 210-262 235-293 > 34151-188 168-210 188-235 210-262 235-293 262-327 > 35168-210 188-235 210-262 235-293 262-327 292-365 > 36188-235 210-262 235-293 262-327 292-365 324-405 > 37210-262 235-293 262-327 292-365 324-405 360-life > 38235-293 262-327 292-365 324-405 360-life 360-life > 39262-327 292-365 324-405 360-life 360-life 360-life > 40292-365 324-405 360-life 360-life 360-life 360-life > 41324-405 360-life 360-life 360-life 360-life 360-life > 42360-life 360-life 360-life 360-life 360-life 360-life > 43life life life life life life > > > > > ________________________________ > From: Cari Machet > To: Jim Bell > Cc: "cypherpunks at cpunks.org" ; "lists at silent1.net" > Sent: Wednesday, January 1, 2014 1:04 AM > Subject: Re: Jacob Appelbaum in Germany > > > > I sincerely wish you could have helped aaron it is all beyond sad and though some of his projects are being carried out i think we have to do more - Yes I am aware you are an alumni - do u have connections with other alumni ? We think the alumni are a pressure point they cld not ignore > > Will connect with you further as the project progresses > > Thanks very very much > > Sent from my iPhone > > On 31.12.2013, at 20:59, Jim Bell wrote: > > > I am an alum of MIT (Class of 1980; Chemistry). I've just read the Wikipedia article on Aaron Swartz, and I am very sympathetic to him. I wish I'd been aware of his situation while he was alive; I might have been able to help, and would have tried to do so. >> Jim Bell >> >> >> >> >> >> >> ________________________________ >> From: Cari Machet >> To: Silent1 >> Cc: cpunks >> Sent: Tuesday, December 31, 2013 8:03 AM >> Subject: Re: Jacob Appelbaum in Germany >> >> >> dear sir >> >> we are reaching out to MIT alumni to make a public call of outrage re >> among other things the aaron swartz treatment by MIT would u b willing >> to b included? >> >> specifically we would b asking for shifts in functionality not just >> complaining to the bricks >> >> THANKS >> >> >> On 12/31/13, Silent1 wrote: >>> Ahh, Dogecoin, didn't an online wallet service of theirs get hacked last >>> week and completely cleaned out of hundreds of thousands of coins? >>> >>> -----Original Message----- >>> From: cypherpunks [mailto:cypherpunks-bounces at cpunks.org] On Behalf Of >>> coderman >>> Sent: Tuesday, December 31, 2013 8:51 AM >>> To: Griffin Boyce >>> Cc: cpunks >>> Subject: Re: Jacob Appelbaum in Germany >>> >>> On Tue, Dec 31, 2013 at 12:32 AM, Griffin Boyce >>> wrote: >>>> ... >>>> I prefer my shared hallucinations to be in the form of Lindens [1], ... >>> >>> >>> i'll let you cypherpunks in on a secret financial tip: >>> the smart money banks in dogecoin: http://dogecoin.com/ >>> >>> >> >> >> -- >> Cari Machet >> NYC 646-436-7795 >> carimachet at gmail.com >> AIM carismachet >> Skype carimachet - 646-652-6434 >> Syria +963-099 277 3243 >> Amman +962 077 636 9407 >> Berlin +49 152 11779219 >> Twitter: @carimachet >> >> Ruh-roh, this is now necessary: This email is intended only for the >> addressee(s) and may contain confidential information. If you are not the >> intended recipient, you are hereby notified that any use of this >> information, dissemination, distribution, or copying of this email without >> permission is strictly prohibited. >> >> >> >> -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x988B9099.asc Type: application/pgp-keys Size: 6177 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x988B9099.asc Type: application/pgp-keys Size: 6176 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 901 bytes Desc: OpenPGP digital signature URL: From cathalgarvey at cathalgarvey.me Mon Jan 6 04:48:33 2014 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Mon, 06 Jan 2014 12:48:33 +0000 Subject: Replacing corporate search engines with anonymous/decentralized search In-Reply-To: References: <1388305027.11664.55.camel@debian> <20131231124259.GB7003@ctrlc.hu> <52C4A8C3.9020106@echeque.com> Message-ID: <52CAA621.4060806@cathalgarvey.me> I've been considering this. We all still link, and link richly and often. It's just that our links no longer take the form of a dedicated "link index" as they did in the nineties, and are now more often either inline or colon-ised; either "I just found a [great resource on whatever]" or "I just found a great resource on whatever: [link]". The former is more common on blogs, the latter on twitter. So, to take your idea. An index based on your web browsing habits is, I feel, not so useful, because we all often follow links to stuff that's not generally interesting to us, often by anonymous links (2 girls one kitteh). So the index would be populated with lots of spurious stuff that'd be forward-indexed and made into nonsense. You type "girls" and kitteh-scat-porn comes up. :) However, there's another type of index that at least some of us engage in that's more likely to be relevant; RSS/Atom feeds, and Microstatus feeds. The former is interest-based, the latter social-based. By scanning the stuff we explicitly subscribe to and indexing ahead, we not only get a curated source by which to infer "trusted" metadata (i.e. if we follow a medical blog and it links to viagra, we know it's not a spammer but a trusted person recommending a link), but the links themselves are likely to be related to our interests. By then publishing our indexes along with our blogs or microstatus feeds (borrow an XML callback system from the fairly Byzantine status.net standard and publish it in your post headers/about me block), we also get "trusted" access to a web of our friends, follows and favourite blogs by which to form a social search engine. This has several advantages. For one thing, the social/subscription web can be used to infer relative trust. If you follow a person who recommends a link and several people you know also follow and trust that person's links, then that link may be given more relative "trust" than an outlier that only you follow. So, that seems pretty pie in the sky, right? A standard rather than a codebase. But there's a huge advantage to this line of thought, if you'll bear with me. A two-digit fraction of the web right now is powered by Wordpress.org, who explicitly advocate open/free culture. If you can convince them to include a social search/index standard of this type, which is virtually free in terms of computer resources, then you'd have it deployed across the web in days as the next update rolled out. Indeed, even if Wordpress seemed reluctant, a wordpress plugin could probably be written quickly enough to enable such a thing and make it available for casual use. Suddenly, a bunch of PHP-powered sites around the web start committing small bits and pieces of resources to a social search engine based on human-curated attestations of trust that flow through a web, helping to confine spammers to the fringes and to users with stupid taste. Also worthy of consideration is Jekyll, though that's a static site so index compilation would be more costly per-publication (you'd have to recompile with each blogpost) and there's no scope for an active callback where readers can suggest index additions back. Thoughts welcome, I don't even code PHP so it's all speculation here. :) On 02/01/14 21:04, Sean Lynch wrote: > On Wed, Jan 1, 2014 at 3:46 PM, James A. Donald wrote: > >> >> As a matter of fact, it still does work. >> > > It works far less, though, since most people expect others to rely on > search engines, so they don't bother to link anymore. > > Here's a thought: browser extension that stores your "personal" web index, > and gives you a typeahead menu when you write about concepts in your index, > prompting you to convert phrases to links. Like the way Facebook always > wants to convert the names of people and pages to tags. Even if it were > just primed with Wikipedia, that would drastically reduce the amount of > Google searching people need to do when reading stuff you write. > -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x988B9099.asc Type: application/pgp-keys Size: 6176 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 901 bytes Desc: OpenPGP digital signature URL: From shelley at misanthropia.info Mon Jan 6 14:09:26 2014 From: shelley at misanthropia.info (shelley at misanthropia.info) Date: Mon, 6 Jan 2014 14:09:26 -0800 Subject: Jacob Appelbaum in Germany In-Reply-To: <52CB25D2.2050605@echeque.com> Message-ID: <20140106220930.DA622C00E93@frontend1.nyi.mail.srv.osa>  On Jan 6, 2014 1:58 PM, James A. Donald <jamesd at echeque.com> wrote: >>Needed killing. Good that he killed himself. You're either a shit-disturbing troll or an awful human being; possibly both.  What the fuck is wrong with you? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 870 bytes Desc: not available URL: From gwen at cypherpunks.to Mon Jan 6 14:50:19 2014 From: gwen at cypherpunks.to (gwen hastings) Date: Mon, 06 Jan 2014 14:50:19 -0800 Subject: Jacob Appelbaum in Germany In-Reply-To: <20140106220930.DA622C00E93@frontend1.nyi.mail.srv.osa> References: <20140106220930.DA622C00E93@frontend1.nyi.mail.srv.osa> Message-ID: <52CB332B.20708@cypherpunks.to> A simple google search would tell you that... ie https://www.google.com/search?q=%22james+a+donald%22+cypherpunks&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&channel=fflb#channel=fflb&q=%22james+a+donald%22+cypherpunk&rls=org.mozilla:en-US:official regards GH On 1/6/14 2:09 PM, shelley at misanthropia.info wrote: > >  On Jan 6, 2014 1:58 PM, James A. Donald <jamesd at echeque.com> wrote: > > >>Needed killing. Good that he killed himself. > > > You're either a shit-disturbing troll or an awful human being; possibly both.  What the fuck is wrong with you? > > -- Governments are instituted among men, deriving their just powers from the consent of the governed, that whenever any form of government becomes destructive of these ends, it is the right of the people to alter or abolish it, and to institute new government, laying its foundation on such principles, and organizing its powers in such form, as to them shall seem most likely to effect their safety and happiness.’ From cathalgarvey at cathalgarvey.me Mon Jan 6 08:32:51 2014 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Mon, 06 Jan 2014 16:32:51 +0000 Subject: Jacob Appelbaum in Germany In-Reply-To: <52CAD18B.9080800@echeque.com> References: <52CAA24E.5060809@cathalgarvey.me> <52CAA2A0.9070507@cathalgarvey.me> <52CAD18B.9080800@echeque.com> Message-ID: <52CADAB3.2040507@cathalgarvey.me> I'd love to read through your back-catalogue to get up to speed on why you hate Aaron so much, but I'm more of a "signal" kind of guy On 06/01/14 15:53, James A. Donald wrote: > On 2014-01-06 22:33, Cathal Garvey wrote: >> In Aaron's case, he saw copyright and privatisation of publicly funded >> research as anathema, which of course it is. And being at that point of >> some power and influence for his tier of political clout, he felt he >> could use his academic ties to cover for his "Open Access Manifesto". In >> fact, he probably could have done, if MIT stood with him and referred to >> his work as research; I imagine he was surprised that they didn't. > > In which you implicitly agree he was ruling class and did not expect his > actions to be punished. > > So, the ruling class ejects those who take ruling class ideals too > seriously. Also, bears shit in the woods. > > He was still arrogant and badly behaved. > -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x988B9099.asc Type: application/pgp-keys Size: 6176 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 901 bytes Desc: OpenPGP digital signature URL: From matej.kovacic at owca.info Mon Jan 6 08:08:02 2014 From: matej.kovacic at owca.info (Matej Kovacic) Date: Mon, 06 Jan 2014 17:08:02 +0100 Subject: Jacob Appelbaum in Germany In-Reply-To: <52CAD18B.9080800@echeque.com> References: <52CAA24E.5060809@cathalgarvey.me> <52CAA2A0.9070507@cathalgarvey.me> <52CAD18B.9080800@echeque.com> Message-ID: <52CAD4E2.5030402@owca.info> Hi, > In which you implicitly agree he was ruling class and did not expect his > actions to be punished. ... > He was still arrogant and badly behaved. You are talking about NSA? :-) Regards, M. From laurens at daemon.be Mon Jan 6 08:42:17 2014 From: laurens at daemon.be (Laurens Vets) Date: Mon, 06 Jan 2014 17:42:17 +0100 Subject: [cryptography] To Protect and Infect Slides In-Reply-To: References: <4dcbb04f7c2c485eb43d18e222b0f9a8@cryptolab.net> <20131231051456.GC25536@order.stressinduktion.org> <52C3257D.6000707@appelbaum.net> <52C88ED3.4010902@gmail.com> Message-ID: <604410b939c2499e960a36ccbbaa2b7f@daemon.be> On 2014-01-05 01:01, John Young wrote: > If your server or ISP generates log files, as all do, you cannot > be secure. If upstream servers generate log files, as all do, > you cannot be secure. If local, regional, national and international > servers generate log files, as all do, you cannot be secure. > > So long as log files are ubiquitous on the Internet, no one can > be secure. > > Log files are the fundamental weakness of the Internet > because system administrators claim the Internet cannot > be managed and maintained without them. > > This is not true, it is merely an urban legend to conceal > the interests of system administrators and their customers > to exploit Internet user data. > > There is no fundamental need for log files, except to > perpetuate the other urban legend, privacy policy, which > conceals the abuse of log files by web site operators > and their cooperation with "lawful" orders to reveal > user data, most often by being paid to reveal that > data to authorities, to sponsors, to funders, to > advertisers, to scholars, to private investigators, > to inside and outside lawyers, to serial cohorts, > cartels and combines, to providers and purchasers > of web sites, to educators of cyber employees, > to courts, to cybersecurity firms, to journalists, to > anybody who has the slightest justification to exploit > Internet freedom of information by way of phony > security, privacy and anonymizing schemes. > > In this way, the Internet corrupts its advocates by > inducing the gathering and exploiting user data, . > It is likely your organizaion is doing this ubiquitous > shit by pretending to ask for advice on security. > As if there is any. NSA is us. How would you monitor, maintain & troubleshoot administration & security issues on your servers if you do not have logs? Or are you talking about retention of said logs? > At 05:44 PM 1/4/2014, you wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> On 31/12/13 21:13, Jacob Appelbaum wrote: >>> I'm also happy to answer questions in discussion form about the >>> content of the talk and so on. I believe we've now released quite a >>> lot of useful information that is deeply in the public interest. >>> >>> All the best, Jacob >> >> Hi people: >> >> As most of the people around the world, I find really troubling all >> these revelations. Of course we suspected this kind of shit, we just >> didn't know the gory and surprising details. >> >> I work in a libre-software e-voting project [0] which has been >> deployed in some interesting initiatives already [1] and we strive to >> make it as secure as possible [2], though our resources are currently >> limited. Of course, anyone is welcome to join and help us. >> >> Do you have any specific recommendation for securing the servers of >> the authorities who do the tallying, in light of latest revelations? >> it seems really difficult to get away from the NSA if they want to >> get >> inside the servers. >> >> Kind regards, >> - -- >> [0] https://agoravoting.com >> [1] >> http://www.theguardian.com/world/2013/sep/11/joan-baldovi-spain-transparency-bill?CMP=twt_gu >> [2] >> https://blog.agoravoting.com/index.php/2013/01/03/agora-a-virtual-parliament/ >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v2.0.22 (GNU/Linux) >> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ >> >> iF4EAREIAAYFAlLIjtMACgkQqrnAQZhRnaqPhwEA8DWIYkdp4gyC4uo6asng0Olc >> 1viSsZazIcv1TC9w8S4BAN0Q+iZ7boZOconhKCBBfele9Im9/+0Dt0j/M+ySVeQ7 >> =e6ab >> -----END PGP SIGNATURE----- >> _______________________________________________ >> cryptography mailing list >> cryptography at randombit.net >> http://lists.randombit.net/mailman/listinfo/cryptography From lblissett at paranoici.org Mon Jan 6 12:06:43 2014 From: lblissett at paranoici.org (Luther Blissett) Date: Mon, 06 Jan 2014 18:06:43 -0200 Subject: Aaron Swartz, Jim Bell, Carl Johnson, Chelsea Manning, Edward Snowden In-Reply-To: <52C72580.1030503@echeque.com> References: <201401031523.s03FNicj005237@antiproton.jfet.org> <52C72580.1030503@echeque.com> Message-ID: <1389038803.10510.33.camel@tagesuhu-pc> On Sat, 2014-01-04 at 07:02 +1000, James A. Donald wrote: > The difference is that Jim Bell never had delusions of grandeur, never > intended to become a civil disobedience case. Eric Snowdon never > thought he was part of the ruling elite trampling over those no good > contemptible peons. > > That Eric Snowdon covered his tracks and prepared his flight shows he > truly intended civil disobedience. He spoke truth to power. He > correctly saw himself as powerless, and those he took action against > as powerful. > > The civil disobedience of the Aaron Schwartz is that of Greenpeace, > that says "You must obey our laws, but we do not have to obey our own > laws" > > Aaron thought he was the powerful, and was horrified to find he was > not. Bradley Manning was and is simply batshit insane. Snowden, > on the other hand, genuinely committed civil disobedience. > I'm a little unease with all these labels you use to portrait people. Our paths in life are not in our complete control neither are our conditions. These labels seem only to bring unfairness to their cases and do not help ours. The things for which they became targets are more important to us all than a moralized narrative of their public characters. Manning for me is far from insane. These kind of words I'd use to describe some pompous pricks who could never understand Hans C. Andersen. > And who is Carl Johnson?. Googling for Carl Johnson prosecution, I > get a string of black murderers, all of them habitual criminals, > who should have been executed long before the crimes for which they > eventually became notorious. -- 010 001 111 From hettinga at gmail.com Mon Jan 6 15:27:53 2014 From: hettinga at gmail.com (Robert Hettinga) Date: Mon, 6 Jan 2014 19:27:53 -0400 Subject: Jacob Appelbaum in Germany In-Reply-To: <52CB25D2.2050605@echeque.com> References: <52CAA24E.5060809@cathalgarvey.me> <52CAA2A0.9070507@cathalgarvey.me> <52CAD18B.9080800@echeque.com> <52CAD4E2.5030402@owca.info> <52CB25D2.2050605@echeque.com> Message-ID: <7CB0CB45-2311-4661-AC55-9838D54684C4@gmail.com> On Jan 6, 2014, at 5:53 PM, James A. Donald wrote: > Needed killing Fine tradition of that expression around here, or used to be, anyway… Cheers, RAH From cathalgarvey at cathalgarvey.me Mon Jan 6 14:44:03 2014 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Mon, 06 Jan 2014 22:44:03 +0000 Subject: Jacob Appelbaum in Germany In-Reply-To: <20140106220930.DA622C00E93@frontend1.nyi.mail.srv.osa> References: <20140106220930.DA622C00E93@frontend1.nyi.mail.srv.osa> Message-ID: <52CB31B3.6030504@cathalgarvey.me> Seriously; obviously a troll; that much was clear many posts ago. Move along, don't feed. Don't worry, they have shelters for unfed trolls. On 06/01/14 22:09, shelley at misanthropia.info wrote: > >  On Jan 6, 2014 1:58 PM, James A. Donald <jamesd at echeque.com> wrote: > > >>Needed killing. Good that he killed himself. > > > You're either a shit-disturbing troll or an awful human being; possibly both.  What the fuck is wrong with you? > > -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x988B9099.asc Type: application/pgp-keys Size: 6176 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 901 bytes Desc: OpenPGP digital signature URL: From cathalgarvey at cathalgarvey.me Mon Jan 6 14:48:48 2014 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Mon, 06 Jan 2014 22:48:48 +0000 Subject: [cryptography] To Protect and Infect Slides In-Reply-To: <604410b939c2499e960a36ccbbaa2b7f@daemon.be> References: <4dcbb04f7c2c485eb43d18e222b0f9a8@cryptolab.net> <20131231051456.GC25536@order.stressinduktion.org> <52C3257D.6000707@appelbaum.net> <52C88ED3.4010902@gmail.com> <604410b939c2499e960a36ccbbaa2b7f@daemon.be> Message-ID: <52CB32D0.3000608@cathalgarvey.me> > How would you monitor, maintain & troubleshoot administration & security > issues on your servers if you do not have logs? Or are you talking about > retention of said logs? I read from this that excessive logging outside of a debugging scenario, coupled with either bad security or wilful sharing of log files, is the culprit. So you're running a server, you want logs. Fine; what do you need to know? Statistical information about access, but not necessarily *who* is accessing. Perhaps you need to see if one person is accessing more than their share, but unless they exceed a certain threshold you don't want to record who they are; hash the IPs with a salt. Sure, yes, I expect you can reverse IP hashes, but at least you're trying. Point being that logs are for debug and performance monitoring, but in this era of A) spying without consent and B) wilful assistance of spies by sysadmins globally, to be a good guy you have to wear blinders and collect only what you need. To resist the urge to hoard that comes with being raised in a marketing-heavy capitalism and with seeing storage volumes growing exponentially and remembering your days of scrimping on poorly encoded mp3s. Store what you need. Ditch the rest before it's even paged. On 06/01/14 16:42, Laurens Vets wrote: > On 2014-01-05 01:01, John Young wrote: >> If your server or ISP generates log files, as all do, you cannot >> be secure. If upstream servers generate log files, as all do, >> you cannot be secure. If local, regional, national and international >> servers generate log files, as all do, you cannot be secure. >> >> So long as log files are ubiquitous on the Internet, no one can >> be secure. >> >> Log files are the fundamental weakness of the Internet >> because system administrators claim the Internet cannot >> be managed and maintained without them. >> >> This is not true, it is merely an urban legend to conceal >> the interests of system administrators and their customers >> to exploit Internet user data. >> >> There is no fundamental need for log files, except to >> perpetuate the other urban legend, privacy policy, which >> conceals the abuse of log files by web site operators >> and their cooperation with "lawful" orders to reveal >> user data, most often by being paid to reveal that >> data to authorities, to sponsors, to funders, to >> advertisers, to scholars, to private investigators, >> to inside and outside lawyers, to serial cohorts, >> cartels and combines, to providers and purchasers >> of web sites, to educators of cyber employees, >> to courts, to cybersecurity firms, to journalists, to >> anybody who has the slightest justification to exploit >> Internet freedom of information by way of phony >> security, privacy and anonymizing schemes. >> >> In this way, the Internet corrupts its advocates by >> inducing the gathering and exploiting user data, . >> It is likely your organizaion is doing this ubiquitous >> shit by pretending to ask for advice on security. >> As if there is any. NSA is us. > > How would you monitor, maintain & troubleshoot administration & security > issues on your servers if you do not have logs? Or are you talking about > retention of said logs? > >> At 05:44 PM 1/4/2014, you wrote: > On 31/12/13 21:13, Jacob Appelbaum wrote: >>>>> I'm also happy to answer questions in discussion form about the >>>>> content of the talk and so on. I believe we've now released quite a >>>>> lot of useful information that is deeply in the public interest. >>>>> >>>>> All the best, Jacob > > Hi people: > > As most of the people around the world, I find really troubling all > these revelations. Of course we suspected this kind of shit, we just > didn't know the gory and surprising details. > > I work in a libre-software e-voting project [0] which has been > deployed in some interesting initiatives already [1] and we strive to > make it as secure as possible [2], though our resources are currently > limited. Of course, anyone is welcome to join and help us. > > Do you have any specific recommendation for securing the servers of > the authorities who do the tallying, in light of latest revelations? > it seems really difficult to get away from the NSA if they want to get > inside the servers. > > Kind regards, >>> _______________________________________________ >>> cryptography mailing list >>> cryptography at randombit.net >>> http://lists.randombit.net/mailman/listinfo/cryptography -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x988B9099.asc Type: application/pgp-keys Size: 6176 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 901 bytes Desc: OpenPGP digital signature URL: From cathalgarvey at cathalgarvey.me Mon Jan 6 14:59:56 2014 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Mon, 06 Jan 2014 22:59:56 +0000 Subject: [cryptography] To Protect and Infect Slides In-Reply-To: References: <4dcbb04f7c2c485eb43d18e222b0f9a8@cryptolab.net> <20131231051456.GC25536@order.stressinduktion.org> <52C3257D.6000707@appelbaum.net> Message-ID: <52CB356C.3070808@cathalgarvey.me> [snip] > for controlling building systems -- HVAC, electrical, plumbing, > .. > are not. And few are TEMPEST-protected outside military > and governmental facilities. > .. > In short, it is fairly easy to interdict and access building > automation systems for implanting devices, injecting > packets, tampering with OSes, siphoning networks, > temporarily suspending security [/snip] I immediately thought, not of active injection of code/devices, but passive reading of data as a surveillance mechanism. If HVAC was advanced enough, for example, then you could use HVAC sensor data to infer location of individuals within a large building by the changes in airflow required to maintain temperature or humidity. Same for electrical use if they use devices. Hell, if the system is shit-hot enough, you might even be able to detect electrical fluctuations due to capacitance induced by passing foot traffic. Given that the NSA apparently don't like deploying code when passive observation will suffice, might be a fruitful avenue of investigation if anyone here knows their HVAC/other-hardware control systems.. On 31/12/13 22:43, John Young wrote: > Brian Carroll rightly expands the discussion of pervasive targeting by > ubiquitous technology. > > In architecture, for example, the increasing use of automation > for controlling building systems -- HVAC, electrical, plumbing, > security among others -- poses considerable vulnerabilities > beyond legacy analog controls. Many of the automated systems > are administered remotely over telephone, cable and > wireless networks. Others are controlled locally within > structures. Some are secured with encryption but many > are not. And few are TEMPEST-protected outside military > and governmental facilities. > > We have found that few architects and building engineers are > knowledgeable about building automated systems nor the variety > of means to secure and protect them. They are customarily designed, > operated and maintained by specialty firms not traditional > building designers. > > Moreover we have found that building management and > maintenance staff rely upon outside firms for advanced > technology, thus subjecting their facilties to unsupervised > interventions by outside personnel who may themselves > be sub-contractors, and sub-subs for each component > of automation. > > In short, it is fairly easy to interdict and access building > automation systems for implanting devices, injecting > packets, tampering with OSes, siphoning networks, > temporarily suspending security, all the things recently > revealed in the 30c3 presentations. > > Digital security and TSCM experts are familiar with many > of these vulnerabilities but there is a common practice > to specialize in services (often at client request) and > neglect comprehensive coverage. For example, to inspect > communications and security systems but not HVAC, > plumbing, electrical and automation systems which often > have far more inadvertent emitters and transceivers contained > in extensive components throughout a structure. > > NSA TAO and the joint CIA-NSA Special Collection Service > are especially capable to expoit these gaps, and usually > send teams composed of experts in each building system > to determine a comprehensive attack on vulnerabilities, > and shrewdly, planting multiple and various decoys to > mislead counterspies. > > A catalog of these full-scope operations would be quite > informative and perhaps diminish the effectiveness of > ruses and decoys, in particular the kind of solo operation > valorized in movies, books and TV. > > -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x988B9099.asc Type: application/pgp-keys Size: 6176 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 901 bytes Desc: OpenPGP digital signature URL: From bakdafu at gmail.com Mon Jan 6 17:25:53 2014 From: bakdafu at gmail.com (Johny Sarampo) Date: Tue, 7 Jan 2014 01:25:53 +0000 Subject: [cryptography] To Protect and Infect Slides In-Reply-To: References: <4dcbb04f7c2c485eb43d18e222b0f9a8@cryptolab.net> <20131231051456.GC25536@order.stressinduktion.org> <52C3257D.6000707@appelbaum.net> Message-ID: On 12/31/13, brian carroll wrote: > // someone has to be repetitious to provide proof-of-concept > > it is my belief that 'context is everything' applies to the review > of these same issues and ideas, especially: location^3 > > consider issues of mass surveillance and mass deployment > of technical means and measures, for saturation potential so > that getting to the target is a non-issue, zero cost essentially > once installed (the role of infrastructure, resolving such issues > by providing a managed platform that readily automate tasks) > > > consider 'integrated surveillance' tools and capabilities in a > blackbag context. really think a fleet of a 100 tempest vans > exist in every city, or do the economics work against this as > a scalable approach and require instead cellular towers or > wi-fi antennas as a base for such activities to occur. and if > this were possible, would it not be integrated to N-degrees > of capability? consider electronic door locks in a context of > black bag jobs. what if a remote software command could > more easily unlock a car via cellular tower than a person, > and invisibly, (this prior to them driving you off the road in > autonomous or driverless vehicles, exciting future awaits) > > so is psychological warfare and other information operations > by default assumed to involve teams on the ground or is it > potentially seamlessly integrated with existing infrastructure > and streamlined as another protocol layer that can or will be > deployed as or if needed, in terms of threat escalation and > what is legitimated in the given corrupt/illegal approach. if > assuming it involves people going from point A to B there > is little likelihood of these activities being deployed at the > scale of mass surveillance, and yet if infrastructure itself, > there is high likelihood or it is probable that they could be > made economical and exist as a potential to be used as > weapons against populations though may only target a > few individuals in the existing context, potentially, thus > 0.00001% for more extreme and oppressive measures > may be accurate, in that what is hacked becomes the > person themselves, say via forced disease triggering or > whatnot, as part of this context of hostile surveillance > that in active and passive ways could still be deadly, > just slow drip, over time, versus out-in-the-open where > such attacks could be documented, proven to exist > > > ystsp isozo bxbvi > Actually you don't need on-the ground "tempest" vans. I've noticed these strange micro-cells deployed in telephone poles, normally connected to fiber or PSTN networks. Officialy they are used to extend mobile communications range, but I've seen alot nearby giant cell antennas. Can these be used for other purposes? what type of frequencies can these type of equipment suck/spit?. Could these be used for such seamless surveillance strategy? One thing I know. These are high-powered antennas connected to fiber/pstn networks. Attached are fotos of such equipment. Microcell2.jpg is such an example. Microcell2-bridge is a closeup of what seems to be some kind of switch connected to the antenna. What do you think these could be? Maybe we should pay more attention to our telephone poles. Just a thought. -------------- next part -------------- A non-text attachment was scrubbed... Name: microcell2.JPG Type: image/jpeg Size: 155093 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: microcell2-switch.JPG Type: image/jpeg Size: 142400 bytes Desc: not available URL: From jamesd at echeque.com Mon Jan 6 07:53:47 2014 From: jamesd at echeque.com (James A. Donald) Date: Tue, 07 Jan 2014 01:53:47 +1000 Subject: Jacob Appelbaum in Germany In-Reply-To: <52CAA2A0.9070507@cathalgarvey.me> References: <52CAA24E.5060809@cathalgarvey.me> <52CAA2A0.9070507@cathalgarvey.me> Message-ID: <52CAD18B.9080800@echeque.com> On 2014-01-06 22:33, Cathal Garvey wrote: > In Aaron's case, he saw copyright and privatisation of publicly funded > research as anathema, which of course it is. And being at that point of > some power and influence for his tier of political clout, he felt he > could use his academic ties to cover for his "Open Access Manifesto". In > fact, he probably could have done, if MIT stood with him and referred to > his work as research; I imagine he was surprised that they didn't. In which you implicitly agree he was ruling class and did not expect his actions to be punished. So, the ruling class ejects those who take ruling class ideals too seriously. Also, bears shit in the woods. He was still arrogant and badly behaved. From jamesd at echeque.com Mon Jan 6 07:55:48 2014 From: jamesd at echeque.com (James A. Donald) Date: Tue, 07 Jan 2014 01:55:48 +1000 Subject: Jacob Appelbaum in Germany In-Reply-To: <52ca9f18.eaee440a.7d60.ffffa0b9@mx.google.com> References: <1388445314.96784.YahooMailNeo@web141204.mail.bf1.yahoo.com> <1388473744.13334.YahooMailNeo@web141206.mail.bf1.yahoo.com> <006601cf063d$0d4e9820$27ebc860$@net> <1388519945.16721.YahooMailNeo@web141206.mail.bf1.yahoo.com> <52C33963.1000709@echeque.com> <52c61837.6cf5420a.55f9.ffffef24@mx.google.com> <52C6A053.7080709@echeque.com> <52c6a7c8.ca41420a.775b.ffffc87f@mx.google.com> <52C70FCF.7090102@echeque.com> <52c7523c.c1d8420a.697b.ffffd01f@mx.google.com> <52C7BB58.7020801@echeque.com> <52ca9f18.eaee440a.7d60.ffffa0b9@mx.google.com> Message-ID: <52CAD204.7070204@echeque.com> > > > Or it might've simply been an unintentional oversight, a > > > mistake, a malfunction or who knows what. > > The expression on his face, and his choice of reading material, > > suggests deliberate intent. On 2014-01-06 22:18, Ulex Europae wrote: > Oh, so sorry. I'll be watching for you on the next poker > championship Schwarz was not exactly wearing a poker face. From carimachet at gmail.com Mon Jan 6 17:15:07 2014 From: carimachet at gmail.com (Cari Machet) Date: Tue, 7 Jan 2014 02:15:07 +0100 Subject: Jacob Appelbaum in Germany - Aaron Swartz In-Reply-To: <52CB22EF.8020304@echeque.com> References: <52CAA24E.5060809@cathalgarvey.me> <52CAA2A0.9070507@cathalgarvey.me> <52CAD18B.9080800@echeque.com> <52CADAB3.2040507@cathalgarvey.me> <52CB22EF.8020304@echeque.com> Message-ID: shut the fuck up who is arrogant (and simplistic)? u On 1/6/14, James A. Donald wrote: > On 2014-01-07 03:18, John Young wrote: > > Swartz was ratted by a sysadmin, investigated by several sysadmins, > > some who formerly helped him and were pressured to betray him, > > indicted with the essential help of sysadmins. University and JSTOR > > administrators could not have discovered him , aided the > > investigation, cooperated with the prosecutor, without sysadmins. > > The cops and prosecutor could not have caught, investigated, coerced > > witnesses, indicted and killed Swarz without sysadmins. Some of > > those sysadmins are under lifetime vows of secrecy for cooperating > > against Swartz. > > They were not "ratting" on him > > A sysadmin tries to keep his systems working. Aaron Swartz was > disruptively trespassing on their systems - he was arrogantly and > obnoxiously aggressing against them. > > And that, in fact, was what he was charged with, not with releasing > JSTOR IP property, but with screwing up other people's computers. > > If he had been furtive about collecting the data, the way Snowden was, > there never would have been any problem. > > The problem was that Aaron Swartz was an arrogant asshole who thought > he was ruling class and above the law, and that those he aggressed > against were menials beneath the law - the Henry Louis Gates > phenomenon. > > One of the things our ruling class filters against is conspicuous and > obnoxious arrogance. They don't want us noticing them. Aaron Swartz > failed the conspicuous arrogance filter before being granted tenure, > so suddenly found himself no longer ruling class. > > -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. From coderman at gmail.com Tue Jan 7 05:36:37 2014 From: coderman at gmail.com (coderman) Date: Tue, 7 Jan 2014 05:36:37 -0800 Subject: Omidyar influence in new Greenwald venture [was: SRF: cryptic] In-Reply-To: References: Message-ID: On Sun, Nov 17, 2013 at 7:02 PM, coderman wrote: > ... > the Omidyar buyout of Greenwald and Poitras apparently to shield the > willful, disgraceful corporate role in pervasive privacy destruction... GG refutes this premise entirely, and with conviction: http://utdocuments.blogspot.com.br/2014/01/email-exchange-with-reader-over-first.html """ (4) The claim that we are "holding back documents" for some nefarious or self-interested purpose is and always has been false. I have discussed many times before - most prominently here - why our agreement with our source, along with related legal issues, prevents any sort of mass release of documents, but I have been working endlessly, as has Laura, to continue to publish stories all around the world, including publishing many stories and documents after we formed our new venture. Not only have I published new documents in Norway, Sweden, France, Spain, and Holland after we formed our new venture, but I also published one of the most attention-generating stories yet in the Huffington Post just five weeks ago. Similarly, Laura has published numerous big articles and key NSA documents in both der Spiegel and the NYT after we formed our new venture. We're doing the exact opposite of this accusation: we're publishing documents and stories aggressively all over the world with other media outlets until our First Look site is ready. We will continue to publish aggressively with other outlets until we are up and running at First Look. In fact, I am working right now with other news outlets, including in the U.S., on big stories. I'm not "holding back" anything: of all the many entities with thousands of Snowden documents, I have published more NSA documents, in more nations around the world, than anyone. And there are many, many more that will be published in the short-term. But - and this is critical - in his Washington Post interview with Snowden last month, Bart Gellman noted "Snowden’s insistence, to this reporter and others, that he does not want the documents published in bulk." From the start, Snowden indeed repeatedly insisted on that. Anyone who demands that we "release all documents" - or even release large numbers in bulk - is demanding that we violate our agreement with our source, disregard the framework we created when he gave us the documents, jeopardize his interests in multiple ways, and subject him to far greater legal (and other) dangers. I find that demand to be unconscionable, and we will never, ever violate our agreement with him no matter how many people want us to. That said, we have published an extraordinary number of top secret NSA documents around the world in a short period of time. And our work is very far from done: there are many, many more documents and stories that we will publish. Toward that end, we have very carefully increased the number of journalists and experts who are working on these documents and who have access to them. We are now working with more experts in cryptography and hacking than ever. One of the most exciting things about our new organization is that we now have the resources to process and report these documents more quickly and efficiently than ever before, consistent with ensuring that we don't make the kinds of errors that would allow others to attack the reporting. These documents are complex. Sometimes they take a good deal of reporting to fill in some of the gaps. From the start, people have been eager for us to make serious mistakes so they can exploit them to discredit the reporting, and so we work very hard to make sure that doesn't happen. That takes time. Convincing media institutions (and their armies of risk-averse lawyers, editors and executives) to publish documents, the aggressive way we think they need to be published, also often takes a lot of time. When we began our reporting in June by publishing a new story every day, even our allies - people who work on these issues for a living - complained that the releases were coming too fast to process, understand, or keep up with, and argued that each story needs time to be processed and to allow people to react. In terms of effects, I think it's hard to argue with the strategy. Even seven months later, the story continues to dominate headlines around the world and to trigger what Chelsea Manning described in her private chat as her goal when whistleblowing: "worldwide discussion, debates, and reforms". That's why Edward Snowden made clear to Bart Gellman that he "succeeded beyond plausible ambition." For the same reason, I'm proud that we're trying to amplify the lessons and maximize the impact of these disclosures even more through things like books and films, which can reach and affect audiences that political reporting by itself never can. I've been working for many years warning of the dangers of state surveillance and the value of internet freedom and privacy, and am thrilled to now be able to have those messages heard much more loudly and clearly than ever before by using all platforms to communicate them. In sum, I know that we have been and continue to be extremely faithful and loyal to the agreement we entered into with our source, and are doing our journalism exactly as we assured him he would. As Snowden himself has said, he thinks that, too. That continues to be a critically important metric for me. """ From gwen at cypherpunks.to Tue Jan 7 07:39:51 2014 From: gwen at cypherpunks.to (gwen hastings) Date: Tue, 07 Jan 2014 07:39:51 -0800 Subject: Come to think of it where in hell is TC May? Re: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <20140107153129.GA27210@netbook.cypherspace.org> References: <52CAA24E.5060809@cathalgarvey.me> <52CAA2A0.9070507@cathalgarvey.me> <52CAD18B.9080800@echeque.com> <52CADAB3.2040507@cathalgarvey.me> <52CB22EF.8020304@echeque.com> <20140107115038.GA25434@netbook.cypherspace.org> <217F0CE4-CD11-4C63-8A45-918B8E3C7DE9@gmail.com> <2F1DF4FA-A510-4F98-8AFA-BC950B83683D@gmail.com> <20140107153129.GA27210@netbook.cypherspace.org> Message-ID: <52CC1FC7.4040606@cypherpunks.to> Subject says it all.. has he passed is he still alive??(or did they ship him off to gitmo or a "black" site etc...) encyphering minds and all that crap GH ps tentacle #99 :) -- Governments are instituted among men, deriving their just powers from the consent of the governed, that whenever any form of government becomes destructive of these ends, it is the right of the people to alter or abolish it, and to institute new government, laying its foundation on such principles, and organizing its powers in such form, as to them shall seem most likely to effect their safety and happiness.’ From jamesd at echeque.com Mon Jan 6 13:41:03 2014 From: jamesd at echeque.com (James A. Donald) Date: Tue, 07 Jan 2014 07:41:03 +1000 Subject: Jacob Appelbaum in Germany - Aaron Swartz In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <52CAA2A0.9070507@cathalgarvey.me> <52CAD18B.9080800@echeque.com> <52CADAB3.2040507@cathalgarvey.me> Message-ID: <52CB22EF.8020304@echeque.com> On 2014-01-07 03:18, John Young wrote: > Swartz was ratted by a sysadmin, investigated by several sysadmins, > some who formerly helped him and were pressured to betray him, > indicted with the essential help of sysadmins. University and JSTOR > administrators could not have discovered him , aided the > investigation, cooperated with the prosecutor, without sysadmins. > The cops and prosecutor could not have caught, investigated, coerced > witnesses, indicted and killed Swarz without sysadmins. Some of > those sysadmins are under lifetime vows of secrecy for cooperating > against Swartz. They were not "ratting" on him A sysadmin tries to keep his systems working. Aaron Swartz was disruptively trespassing on their systems - he was arrogantly and obnoxiously aggressing against them. And that, in fact, was what he was charged with, not with releasing JSTOR IP property, but with screwing up other people's computers. If he had been furtive about collecting the data, the way Snowden was, there never would have been any problem. The problem was that Aaron Swartz was an arrogant asshole who thought he was ruling class and above the law, and that those he aggressed against were menials beneath the law - the Henry Louis Gates phenomenon. One of the things our ruling class filters against is conspicuous and obnoxious arrogance. They don't want us noticing them. Aaron Swartz failed the conspicuous arrogance filter before being granted tenure, so suddenly found himself no longer ruling class. From jamesd at echeque.com Mon Jan 6 13:53:22 2014 From: jamesd at echeque.com (James A. Donald) Date: Tue, 07 Jan 2014 07:53:22 +1000 Subject: Jacob Appelbaum in Germany In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <52CAA2A0.9070507@cathalgarvey.me> <52CAD18B.9080800@echeque.com> <52CAD4E2.5030402@owca.info> Message-ID: <52CB25D2.2050605@echeque.com> On 2014-01-07 02:28, Griffin Boyce wrote: > It's a bit of a hollow insult to call an individual working for the > public good arrogant Our rulers always tell us that they are working for the public good, working for people far away that they do not know or see, when they casually and face to face disrupt the lives of people that they do know and do see. Sometimes it is even true. But it does not matter, and should not matter. Needed killing. Good that he killed himself. From gwen at cypherpunks.to Tue Jan 7 07:55:03 2014 From: gwen at cypherpunks.to (gwen hastings) Date: Tue, 07 Jan 2014 07:55:03 -0800 Subject: Bitter young men! Re: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <52CAA2A0.9070507@cathalgarvey.me> <52CAD18B.9080800@echeque.com> <52CADAB3.2040507@cathalgarvey.me> <52CB22EF.8020304@echeque.com> <20140107115038.GA25434@netbook.cypherspace.org> <217F0CE4-CD11-4C63-8A45-918B8E3C7DE9@gmail.com> Message-ID: <52CC2357.5030306@cypherpunks.to> Hmmm cypherpunks write code patrick.. ?? James has actually contributed more(code) than simply hot air and criticism. And continues to contribute in ways you cant even begin to perceive simply by continuing to show up..... Doesn't matter what age he is.. racist maybe.. doesn't matter(I am melungeon myself and tolerate purebloods and racists well..they ALL like to have sex and within a very few generation pure bloods WONT exist ) And TC May loves to spoof the gullible and journalists(hmm equivalent?) gh - who was the person standing behind the photog at the wired cypherpunk cover photo shoot. ps what the fuck have you or Carl contributed youngster? On 1/7/14 7:37 AM, Patrick Mylund Nielsen wrote: >> >> On Tue, Jan 7, 2014 at 6:50 AM, Adam Back wrote: >> >>> Dont worry about James hyperbole, he's just channeling Tim May who was one >>> of the three or four list co-founders, wrote the cyphernomicon [1], and >>> had >>> a habit of using that phrase 'needed killing' now and then, as I recall as >>> phrase to express his distaste for someone's actions. Its an expression, >>> not something literal... but James' black & white, non-PC, absolutist >>> personality precludes him saying that :) You just have to read it with a >>> USENET flame war mentality and parse for what he's actually saying. >>> >>> Apart from the refusal to bow to PC, James is actually a pretty smart guy >>> from what I recall. He implemented some simplifed UX, ECC crypto email >>> stuff called 'crypto kong' [2] way back in 1997. >>> >>> Cypherpunks write code & all that, gives James some brownie points. >> >> > History is littered with people who did remarkable things only to abuse the > trust people placed in them to do horrible things. Writing some cool ECC > crypto code does not preclude you from criticism when you show yourself to > be someone who fantasizes about killing people. (Just look at all the > creative ways he killed off people in the last thread! There was way too > much imagination involved to be channeling anyone.) > > On Tue, Jan 7, 2014 at 8:23 AM, Cari Machet wrote: > >> Thanks - yes I know who may is and I understand the libertarian head space >> - as a fucking American citizen of native American descent I often find it >> at best 'racist' - I disagree with The laziness it's thought patterns >> propagate ... More later on ur packed analysis >> > > James already proved himself a racist earlier in the discussion when he > mentioned that he could only find "a number of black felons who should have > been killed off long ago" while googling a person's name. "Black" was, of > course, completely irrelevant, but he nevertheless found it important to > add. > > If you're puzzled as to why he acts this way, his website might shine a > little light on the issue: http://jim.com/. > > Clearly, the best solution is to ignore him. But let's not try to excuse > what could best be described as the musings of a bitter old man because he > wrote some code a decade ago. > -- Governments are instituted among men, deriving their just powers from the consent of the governed, that whenever any form of government becomes destructive of these ends, it is the right of the people to alter or abolish it, and to institute new government, laying its foundation on such principles, and organizing its powers in such form, as to them shall seem most likely to effect their safety and happiness.’ From gwen at cypherpunks.to Tue Jan 7 08:03:24 2014 From: gwen at cypherpunks.to (gwen hastings) Date: Tue, 07 Jan 2014 08:03:24 -0800 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <52CAA2A0.9070507@cathalgarvey.me> <52CAD18B.9080800@echeque.com> <52CADAB3.2040507@cathalgarvey.me> <52CB22EF.8020304@echeque.com> <20140107115038.GA25434@netbook.cypherspace.org> <217F0CE4-CD11-4C63-8A45-918B8E3C7DE9@gmail.com> Message-ID: <52CC254C.7060500@cypherpunks.to> On 1/7/14 7:56 AM, John Young wrote: > Anybody with a three-letter name of a website, or more grotesquely vain, > a TLA nym, needs killing thrice as a bitter old diaper-wearing turd and > tex-mexist marxian from Odessa, oil-capitalist murder capital of the USA. > > I Love it john... keep it coming!!! GH ps who you trashing now?? :) how do we stick DARPA in the TLA basketweaving?(and the felon Admiral Poindexter(who did the Atron 86 hardware debugger as I recall.. tech people who go on to do evil things))(now being sanitized by Hollywood in the drama series (person of interest)...) -- Governments are instituted among men, deriving their just powers from the consent of the governed, that whenever any form of government becomes destructive of these ends, it is the right of the people to alter or abolish it, and to institute new government, laying its foundation on such principles, and organizing its powers in such form, as to them shall seem most likely to effect their safety and happiness.’ From gwen at cypherpunks.to Tue Jan 7 08:21:04 2014 From: gwen at cypherpunks.to (gwen hastings) Date: Tue, 07 Jan 2014 08:21:04 -0800 Subject: Bitter young men! Re: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <52CAA2A0.9070507@cathalgarvey.me> <52CAD18B.9080800@echeque.com> <52CADAB3.2040507@cathalgarvey.me> <52CB22EF.8020304@echeque.com> <20140107115038.GA25434@netbook.cypherspace.org> <217F0CE4-CD11-4C63-8A45-918B8E3C7DE9@gmail.com> <52CC2357.5030306@cypherpunks.to> Message-ID: <52CC2970.3040801@cypherpunks.to> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Again you just dont get it.. fucking contribute..something other than hot air criticizing others words other than that your reputation capital is entirely negative and you need to report to the NSA organ bank for processing fucking kids GH - -- ecc public key curve p160 ;9C~b~)3)cp0d!?C1JIVI=tI( Governments are instituted among men, deriving their just powers from the consent of the governed, that whenever any form of government becomes destructive of these ends, it is the right of the people to alter or abolish it, and to institute new government, laying its foundation on such principles, and organizing its powers in such form, as to them shall seem most likely to effect their safety and happiness.’ Tentacle #99 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSzClwAAoJEKiRFbpCqiTVnTIP/33Qy3bYCZjGS/y5Tzts9A59 p2/XlmUTddWPSX+bJF+tQToZtHzbiwDryMxWBspyX25A07SGw9MpZYNksRlcscA7 pvPu9ITkH2ZN7+lkbcWL1RMXh0l13Dgt5mhbQhpFXkoLl8lYIAvxRNLSYenL5CCx 9XqOwDWPgKOWbwQQRDcYHOx8uUgsoaua7+aCmSvt4S7Y82lk4hhtG+7nU2j0hSFQ 1HIzum13dXhqLuIWKGQnxqKLjgjLBtOREy/FSJc1Pq0/zpUdydo3WrYTXcjt8mJv 7xW1n98D5u+6MEbGp/ZalTQfMJtg/tppg0rxL8de+8lQ7mZw1vA+bpd+3knmdIF3 VF5fDiMWtVNN1THnNX8gJjxw/IjOowGqJn45UflKe0IKS7HGPBAWziZb1gF07Vyh jYc7VNL9k97WtPwNDNitXzNU9mgFDRkXPCyII716b0+mw/Ig5Sb6HTPl/EWupEe5 UA2ZhIbhjykuDMhSK7KicyCAKl/Nay1KH2YvZN2wZY65tWYT4i42rXuz8ZoPnDRl CpXs+vYsBDZsfgO64kvkg7aKfFbEUBFqR2TRU3abpTMmQIT57QaBURxSzM4Vq/l0 YuLg2Muf686D2qoDW7VHjJ3aQ9BYb1fvzPgpo0twLDILj1Bx3+P///0FPp9vb3CD p4p5qZVu+SnPITdFL4T3 =WkuB -----END PGP SIGNATURE----- From jamesd at echeque.com Mon Jan 6 14:46:54 2014 From: jamesd at echeque.com (James A. Donald) Date: Tue, 07 Jan 2014 08:46:54 +1000 Subject: Jacob Appelbaum in Germany In-Reply-To: <20140106220930.DA622C00E93@frontend1.nyi.mail.srv.osa> References: <20140106220930.DA622C00E93@frontend1.nyi.mail.srv.osa> Message-ID: <52CB325E.5030001@echeque.com> >>>Needed killing. > You're either a shit-disturbing troll or an awful human being; possibly > both. What the fuck is wrong with you? I don't like our ruling elite. I particularly and especially dislike members of our ruling elite, such as Aaron Swartz and Henry Louis Gates, who are obnoxiously arrogant about being members of the ruling elite. From jya at pipeline.com Tue Jan 7 06:31:38 2014 From: jya at pipeline.com (John Young) Date: Tue, 07 Jan 2014 09:31:38 -0500 Subject: Omidyar influence in new Greenwald venture [was: SRF: cryptic] In-Reply-To: References: Message-ID: GG is to be complimented for engaging on Twitter. That could be the most lasting of the outlets due to its free swarming and lack of wealth accumulation and concentration by hierarchical rewarding of the very top, commercial journalism (acknowledging the Twitter owners stealing the values of the free tweets). Tweets are only about self- and product promotion. Not like this grafitti billboard. Most of GG's statement comes right out of Silicon Valley playbook for acquiring hard-luck journalism. Use of "thrilling" is the clue the saved emit upon envisioning the IPO, which is what GG is PRing about as required of NGO beneficiaries of great wealth. The Snowden pact was superceded by the Omidyar pact. A buyout of a fledgling venture by a vulture continuing to prowl for rabbits. The vulture is the commercial components coutured by the non-profits. GG is disingenuous about the separation, as PGP was about Symantec takeover, as RSA was about EMC's. Many journalists aquired by Omidyar and Bezos have made similar statements of "irresistable" rescue by better endowed kingpins. And, yes, founders do appreciate the windfall, sign NDAs, relieve their desperate families, and move on to being celebrities, their brands prostituted to continue the windfall deal to keep quiet, to say nothing disparaging. Seymour Hersh and many others have told about their experinences with short-attention span of journalist publishers and their advertisers, TV producers, movie underwriters as fans move massively toward other markets. Edward Snowden should prepare to be royally screwed as Manning has been. This is the ancient tradition of brass sacrificing grunts for noble causes, the careers of generals and above. At 08:36 AM 1/7/2014, you wrote: >On Sun, Nov 17, 2013 at 7:02 PM, coderman wrote: > > ... > > the Omidyar buyout of Greenwald and Poitras apparently to shield the > > willful, disgraceful corporate role in pervasive privacy destruction... > >GG refutes this premise entirely, and with conviction: > >http://utdocuments.blogspot.com.br/2014/01/email-exchange-with-reader-over-first.html >""" >(4) The claim that we are "holding back documents" for some nefarious >or self-interested purpose is and always has been false. I have >discussed many times before - most prominently here - why our >agreement with our source, along with related legal issues, prevents >any sort of mass release of documents, but I have been working >endlessly, as has Laura, to continue to publish stories all around the >world, including publishing many stories and documents after we formed >our new venture. > >Not only have I published new documents in Norway, Sweden, France, >Spain, and Holland after we formed our new venture, but I also >published one of the most attention-generating stories yet in the >Huffington Post just five weeks ago. Similarly, Laura has published >numerous big articles and key NSA documents in both der Spiegel and >the NYT after we formed our new venture. We're doing the exact >opposite of this accusation: we're publishing documents and stories >aggressively all over the world with other media outlets until our >First Look site is ready. > >We will continue to publish aggressively with other outlets until we >are up and running at First Look. In fact, I am working right now with >other news outlets, including in the U.S., on big stories. I'm not >"holding back" anything: of all the many entities with thousands of >Snowden documents, I have published more NSA documents, in more >nations around the world, than anyone. And there are many, many more >that will be published in the short-term. > >But - and this is critical - in his Washington Post interview with >Snowden last month, Bart Gellman noted "Snowden's insistence, to this >reporter and others, that he does not want the documents published in >bulk." From the start, Snowden indeed repeatedly insisted on that. > >Anyone who demands that we "release all documents" - or even release >large numbers in bulk - is demanding that we violate our agreement >with our source, disregard the framework we created when he gave us >the documents, jeopardize his interests in multiple ways, and subject >him to far greater legal (and other) dangers. I find that demand to be >unconscionable, and we will never, ever violate our agreement with him >no matter how many people want us to. > >That said, we have published an extraordinary number of top secret NSA >documents around the world in a short period of time. And our work is >very far from done: there are many, many more documents and stories >that we will publish. > >Toward that end, we have very carefully increased the number of >journalists and experts who are working on these documents and who >have access to them. We are now working with more experts in >cryptography and hacking than ever. One of the most exciting things >about our new organization is that we now have the resources to >process and report these documents more quickly and efficiently than >ever before, consistent with ensuring that we don't make the kinds of >errors that would allow others to attack the reporting. > >These documents are complex. Sometimes they take a good deal of >reporting to fill in some of the gaps. From the start, people have >been eager for us to make serious mistakes so they can exploit them to >discredit the reporting, and so we work very hard to make sure that >doesn't happen. That takes time. Convincing media institutions (and >their armies of risk-averse lawyers, editors and executives) to >publish documents, the aggressive way we think they need to be >published, also often takes a lot of time. > >When we began our reporting in June by publishing a new story every >day, even our allies - people who work on these issues for a living - >complained that the releases were coming too fast to process, >understand, or keep up with, and argued that each story needs time to >be processed and to allow people to react. > >In terms of effects, I think it's hard to argue with the strategy. >Even seven months later, the story continues to dominate headlines >around the world and to trigger what Chelsea Manning described in her >private chat as her goal when whistleblowing: "worldwide discussion, >debates, and reforms". That's why Edward Snowden made clear to Bart >Gellman that he "succeeded beyond plausible ambition." > >For the same reason, I'm proud that we're trying to amplify the >lessons and maximize the impact of these disclosures even more through >things like books and films, which can reach and affect audiences that >political reporting by itself never can. I've been working for many >years warning of the dangers of state surveillance and the value of >internet freedom and privacy, and am thrilled to now be able to have >those messages heard much more loudly and clearly than ever before by >using all platforms to communicate them. > >In sum, I know that we have been and continue to be extremely faithful >and loyal to the agreement we entered into with our source, and are >doing our journalism exactly as we assured him he would. As Snowden >himself has said, he thinks that, too. That continues to be a >critically important metric for me. >""" From cryptography at patrickmylund.com Tue Jan 7 07:37:41 2014 From: cryptography at patrickmylund.com (Patrick Mylund Nielsen) Date: Tue, 7 Jan 2014 10:37:41 -0500 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <217F0CE4-CD11-4C63-8A45-918B8E3C7DE9@gmail.com> References: <52CAA24E.5060809@cathalgarvey.me> <52CAA2A0.9070507@cathalgarvey.me> <52CAD18B.9080800@echeque.com> <52CADAB3.2040507@cathalgarvey.me> <52CB22EF.8020304@echeque.com> <20140107115038.GA25434@netbook.cypherspace.org> <217F0CE4-CD11-4C63-8A45-918B8E3C7DE9@gmail.com> Message-ID: > > On Tue, Jan 7, 2014 at 6:50 AM, Adam Back wrote: > >> Dont worry about James hyperbole, he's just channeling Tim May who was one >> of the three or four list co-founders, wrote the cyphernomicon [1], and >> had >> a habit of using that phrase 'needed killing' now and then, as I recall as >> phrase to express his distaste for someone's actions. Its an expression, >> not something literal... but James' black & white, non-PC, absolutist >> personality precludes him saying that :) You just have to read it with a >> USENET flame war mentality and parse for what he's actually saying. >> >> Apart from the refusal to bow to PC, James is actually a pretty smart guy >> from what I recall. He implemented some simplifed UX, ECC crypto email >> stuff called 'crypto kong' [2] way back in 1997. >> >> Cypherpunks write code & all that, gives James some brownie points. > > History is littered with people who did remarkable things only to abuse the trust people placed in them to do horrible things. Writing some cool ECC crypto code does not preclude you from criticism when you show yourself to be someone who fantasizes about killing people. (Just look at all the creative ways he killed off people in the last thread! There was way too much imagination involved to be channeling anyone.) On Tue, Jan 7, 2014 at 8:23 AM, Cari Machet wrote: > Thanks - yes I know who may is and I understand the libertarian head space > - as a fucking American citizen of native American descent I often find it > at best 'racist' - I disagree with The laziness it's thought patterns > propagate ... More later on ur packed analysis > James already proved himself a racist earlier in the discussion when he mentioned that he could only find "a number of black felons who should have been killed off long ago" while googling a person's name. "Black" was, of course, completely irrelevant, but he nevertheless found it important to add. If you're puzzled as to why he acts this way, his website might shine a little light on the issue: http://jim.com/. Clearly, the best solution is to ignore him. But let's not try to excuse what could best be described as the musings of a bitter old man because he wrote some code a decade ago. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3370 bytes Desc: not available URL: From jya at pipeline.com Tue Jan 7 07:56:35 2014 From: jya at pipeline.com (John Young) Date: Tue, 07 Jan 2014 10:56:35 -0500 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <52CAA2A0.9070507@cathalgarvey.me> <52CAD18B.9080800@echeque.com> <52CADAB3.2040507@cathalgarvey.me> <52CB22EF.8020304@echeque.com> <20140107115038.GA25434@netbook.cypherspace.org> <217F0CE4-CD11-4C63-8A45-918B8E3C7DE9@gmail.com> Message-ID: Anybody with a three-letter name of a website, or more grotesquely vain, a TLA nym, needs killing thrice as a bitter old diaper-wearing turd and tex-mexist marxian from Odessa, oil-capitalist murder capital of the USA. From cryptography at patrickmylund.com Tue Jan 7 08:12:01 2014 From: cryptography at patrickmylund.com (Patrick Mylund Nielsen) Date: Tue, 7 Jan 2014 11:12:01 -0500 Subject: Bitter young men! Re: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <52CC2357.5030306@cypherpunks.to> References: <52CAA24E.5060809@cathalgarvey.me> <52CAA2A0.9070507@cathalgarvey.me> <52CAD18B.9080800@echeque.com> <52CADAB3.2040507@cathalgarvey.me> <52CB22EF.8020304@echeque.com> <20140107115038.GA25434@netbook.cypherspace.org> <217F0CE4-CD11-4C63-8A45-918B8E3C7DE9@gmail.com> <52CC2357.5030306@cypherpunks.to> Message-ID: On Tue, Jan 7, 2014 at 10:55 AM, gwen hastings wrote: > > > Hmmm cypherpunks write code patrick.. ?? > > > James has actually contributed more(code) than simply hot air and > criticism. And continues to contribute in ways you cant even begin to > perceive simply by continuing to show up..... > > Doesn't matter what age he is.. racist maybe.. doesn't matter(I am > melungeon myself and tolerate purebloods and racists well..they ALL like > to have sex and within a very few generation pure bloods WONT exist ) > > Well, my point was that it doesn't matter what you've contributed--it doesn't give you carte blanche to say whatever you want and somehow not be deserving of a reaction. "Racism doesn't matter": I don't know how to respond to that. > ps what the fuck have you or Carl contributed youngster? > > Then again, I'm not trying to rationalize why people deserve to die. In any case, I'm not interested in turning this into a pissing contest. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1752 bytes Desc: not available URL: From hettinga at gmail.com Tue Jan 7 07:18:49 2014 From: hettinga at gmail.com (Robert Hettinga) Date: Tue, 7 Jan 2014 11:18:49 -0400 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <217F0CE4-CD11-4C63-8A45-918B8E3C7DE9@gmail.com> References: <52CAA24E.5060809@cathalgarvey.me> <52CAA2A0.9070507@cathalgarvey.me> <52CAD18B.9080800@echeque.com> <52CADAB3.2040507@cathalgarvey.me> <52CB22EF.8020304@echeque.com> <20140107115038.GA25434@netbook.cypherspace.org> <217F0CE4-CD11-4C63-8A45-918B8E3C7DE9@gmail.com> Message-ID: <2F1DF4FA-A510-4F98-8AFA-BC950B83683D@gmail.com> On Jan 7, 2014, at 9:23 AM, Cari Machet wrote: > 'racist' On Jan 7, 2014, at 9:23 AM, Cari Machet wrote: > 'racist' The word ‘racist’ is racist. As a Marxist loan-word to English, it means whatever the Marxist using it means. Just like “bless your heart” in the mouth of my dear departed Aunt Cora Lee Jones, formerly of Odessa Texas used to mean “I would’t piss up your ass if your guts were on fire.” Howdy all y’all. It’s been a while... Cheers, RAH Tim was right. Some people *do* need killin’. In fact, I would presume he meant *me*, more than once or twice... From cryptography at patrickmylund.com Tue Jan 7 08:54:36 2014 From: cryptography at patrickmylund.com (Patrick Mylund Nielsen) Date: Tue, 7 Jan 2014 11:54:36 -0500 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <20140107164809.GA26421@netbook.cypherspace.org> References: <52CAA24E.5060809@cathalgarvey.me> <52CAA2A0.9070507@cathalgarvey.me> <52CAD18B.9080800@echeque.com> <52CADAB3.2040507@cathalgarvey.me> <52CB22EF.8020304@echeque.com> <20140107115038.GA25434@netbook.cypherspace.org> <217F0CE4-CD11-4C63-8A45-918B8E3C7DE9@gmail.com> <20140107164809.GA26421@netbook.cypherspace.org> Message-ID: On Tue, Jan 7, 2014 at 11:48 AM, Adam Back wrote: > On Tue, Jan 07, 2014 at 10:37:41AM -0500, Patrick Mylund Nielsen wrote: > >> James already proved himself a racist earlier in the discussion when he >> mentioned that he could only find "a number of black felons who should >> have been killed off long ago" while googling a person's name. "Black" >> was, of course, completely irrelevant, but he nevertheless found it >> important to add. >> > > Yeah but my point was James (and multiple others) were ever thus, and yet > if > you catch them focussed on something useful they are capable, even gifted > some of them. A guy can say a bunch of things on political rambling, its > not like you'd expect political uniformity or political correctness, or > mellow, nuanced balanced views out of a bunch of crypto-anarchists: the > political side of this list could always be like a USENET flame fest at its > worst. Flame-retardent underwear and 'n' button at the ready. Read the > bits that interest you, skip the rest. It just amuses me, there goes (some > person prone to such rants) again, on some pet topic or highly non-PC, or > offensive to sensitive ears diatribe, smirk, time to use the 'n' button > (next email). > > If you dont like the noise, create some signal is another concept (and dont > fan the noise). > > Point taken. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1910 bytes Desc: not available URL: From adam at cypherspace.org Tue Jan 7 03:50:38 2014 From: adam at cypherspace.org (Adam Back) Date: Tue, 7 Jan 2014 12:50:38 +0100 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <52CAA2A0.9070507@cathalgarvey.me> <52CAD18B.9080800@echeque.com> <52CADAB3.2040507@cathalgarvey.me> <52CB22EF.8020304@echeque.com> Message-ID: <20140107115038.GA25434@netbook.cypherspace.org> Dont worry about James hyperbole, he's just channeling Tim May who was one of the three or four list co-founders, wrote the cyphernomicon [1], and had a habit of using that phrase 'needed killing' now and then, as I recall as phrase to express his distaste for someone's actions. Its an expression, not something literal... but James' black & white, non-PC, absolutist personality precludes him saying that :) You just have to read it with a USENET flame war mentality and parse for what he's actually saying. Apart from the refusal to bow to PC, James is actually a pretty smart guy from what I recall. He implemented some simplifed UX, ECC crypto email stuff called 'crypto kong' [2] way back in 1997. Cypherpunks write code & all that, gives James some brownie points. About Aaron's case and suicide, it seems to me that Aaron miscalculated, and the hacking was pretty escalated, engaged in multiple escalating counter-measures when it was obvious the sysadmins were on to him as an intruder, he didnt back off but took it to the next level including physical intrusion & hiding equipment. But MIT (and to a lesser extent JSTOR) let him down badly as did some of his academic friends and its tragic that he was a victim of some extremely over reaching imbalanced law the CFAA [3], aggressively prosecuted by self-agrandizing politically motivated, and almost legally immune deeply flawed US federal prosecution and plea bargain system, which also saw Weev [4] put in jail over the most ridiculous and egregious abuse of law (noticing a defect in AT&T web site and giving the information to the media). Yes Weev enjoys trolling, but thats an art-form and since when has unpopular speech been illegal, freedom of speech means unpopular speech too. Aaron's earlier hacktivism was pretty spectacularly successful in demonstrating the stupidity of charging for access to publicly funded legal information, in a way that ultimatey they could find no legal fault with, though the feds were not doubt pretty pissed that they couldnt get him for anything. But even the legal dox hacktivism stunt was very high risk, the US legal system is hard to rely on, even when you are doing legal but politically unpopular to things to a subset of the higher echelons of office holder. It seems to me that particularly in the US the political/legal system tends to hold grudges and fail spectacularly at balance and impartiality and legal independence from political influence. Its better than Russia still, but its falling in world rankings of rule of law and political indendence for sure. There are probably some independent rankings on this aspect of the government/jurisdiction comparison. Adam [1] http://www.cypherpunks.to/faq/cyphernomicron/cyphernomicon.html [2] http://echeque.com/Kong/ [3] en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act‎ [4] http://en.wikipedia.org/wiki/Weev On Tue, Jan 07, 2014 at 02:15:07AM +0100, Cari Machet wrote: >shut the fuck up > >who is arrogant (and simplistic)? u > >On 1/6/14, James A. Donald wrote: >> On 2014-01-07 03:18, John Young wrote: >> > Swartz was ratted by a sysadmin, investigated by several sysadmins, >> > some who formerly helped him and were pressured to betray him, >> > indicted with the essential help of sysadmins. University and JSTOR >> > administrators could not have discovered him , aided the >> > investigation, cooperated with the prosecutor, without sysadmins. >> > The cops and prosecutor could not have caught, investigated, coerced >> > witnesses, indicted and killed Swarz without sysadmins. Some of >> > those sysadmins are under lifetime vows of secrecy for cooperating >> > against Swartz. >> >> They were not "ratting" on him >> >> A sysadmin tries to keep his systems working. Aaron Swartz was >> disruptively trespassing on their systems - he was arrogantly and >> obnoxiously aggressing against them. >> >> And that, in fact, was what he was charged with, not with releasing >> JSTOR IP property, but with screwing up other people's computers. >> >> If he had been furtive about collecting the data, the way Snowden was, >> there never would have been any problem. >> >> The problem was that Aaron Swartz was an arrogant asshole who thought >> he was ruling class and above the law, and that those he aggressed >> against were menials beneath the law - the Henry Louis Gates >> phenomenon. >> >> One of the things our ruling class filters against is conspicuous and >> obnoxious arrogance. They don't want us noticing them. Aaron Swartz >> failed the conspicuous arrogance filter before being granted tenure, >> so suddenly found himself no longer ruling class. >> >> > > >-- >Cari Machet >NYC 646-436-7795 >carimachet at gmail.com >AIM carismachet >Syria +963-099 277 3243 >Amman +962 077 636 9407 >Berlin +49 152 11779219 >Twitter: @carimachet > >Ruh-roh, this is now necessary: This email is intended only for the >addressee(s) and may contain confidential information. If you are not the >intended recipient, you are hereby notified that any use of this >information, dissemination, distribution, or copying of this email without >permission is strictly prohibited. From jya at pipeline.com Tue Jan 7 10:26:15 2014 From: jya at pipeline.com (John Young) Date: Tue, 07 Jan 2014 13:26:15 -0500 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <52CC396C.2010102@echeque.com> References: <52CAA24E.5060809@cathalgarvey.me> <52CAA2A0.9070507@cathalgarvey.me> <52CAD18B.9080800@echeque.com> <52CADAB3.2040507@cathalgarvey.me> <52CB22EF.8020304@echeque.com> <20140107115038.GA25434@netbook.cypherspace.org> <52CC396C.2010102@echeque.com> Message-ID: James, again thanks for alerting: As I am fond of remarking, Bill Ayers can bomb the Pentagon, but you >cannot. Swartz thought he was Bill Ayers. From jamesdbell8 at yahoo.com Tue Jan 7 13:48:38 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Tue, 7 Jan 2014 13:48:38 -0800 (PST) Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <1389131240.88246.YahooMailNeo@web141206.mail.bf1.yahoo.com> References: <52CAA24E.5060809@cathalgarvey.me> <20140107115038.GA25434@netbook.cypherspace.org> <52CC396C.2010102@echeque.com> <5109718.kinuNhY7M1@lap> <1389131240.88246.YahooMailNeo@web141206.mail.bf1.yahoo.com> Message-ID: <1389131318.1233.YahooMailNeo@web141202.mail.bf1.yahoo.com> From: Cari Machet To: rysiek Cc: cypherpunks at cpunks.org Sent: Tuesday, January 7, 2014 10:29 AM Subject: Re: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) On 1/7/14, Adam Back wrote: [deletia] >>took it to the next level including >> physical >> intrusion & hiding equipment.  But MIT (and to a lesser extent JSTOR) let >> him down badly as did some of his academic friends and its tragic that he >> was a victim of some extremely over reaching imbalanced law the CFAA [3], >> aggressively prosecuted by self-agrandizing politically motivated, and >> almost legally immune deeply flawed US federal prosecution and plea bargain >> system, >yes but i think from my understanding it wasnt the amount of prison >time or the money but the fact that he wld have to plead guilty to 13 >felony counts - he would not get to serve in the government ... vote >etc From personal experience, I can shed light on the issue of voting as a felon.  Contrary to what many people seem to think, most states seem to allow 'felons' to vote, eventually.  (Some while they are in jail or prison; some immediately when they are released; some when they are off parole.)  In my own case, the state of Washington's Constitution says that only felons guilty of "infamous crimes" lose their right to vote, and Washington state law defines an "infamous crime" as a crime punishable by one or more years incarceration in the _state_ penitentiary.  Since my 'crime' was Federal, not state, it did not satisfy this condition, so I was not even prohibited from voting while I was in prison.  (Though I never tried to vote while I was in prison; And, though, I did not learn that they didn't understand this fact until my release in late December 2009).  I sent many emails to the Secretary of State of Washington stating this obvious position in early 2010, and they responded by repeatedly stating the contrary, commonly-thought position. They were never able to openly acknowledge I was right, although by my release from prison in March 2012, I checked their website and saw that they had corrected their prior, incorrect position.            Jim "Al Capone" Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4507 bytes Desc: not available URL: From coderman at gmail.com Tue Jan 7 13:48:59 2014 From: coderman at gmail.com (coderman) Date: Tue, 7 Jan 2014 13:48:59 -0800 Subject: hacker != cracker (Re: Swartz, Weev & radical libertarian lexicon) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5DEC.7040806@echeque.com> <20140107212008.GA29441@netbook.cypherspace.org> Message-ID: On Tue, Jan 7, 2014 at 1:30 PM, demonfighter6 . wrote: > On Tue, Jan 7, 2014 at 4:20 PM, Adam Back wrote: > >> Seems like the original hackers lost that etymology battle however long >> ago. > > Yes, annoying though that may be to those of us who were called hackers > before that became a bad thing. But we're outnumbered thousands-to-one, and > we're just not going to win that language war. use the term "independent security researcher", your legal counsel will thank you! From jamesdbell8 at yahoo.com Tue Jan 7 14:10:05 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Tue, 7 Jan 2014 14:10:05 -0800 (PST) Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <1389131741.48433.YahooMailNeo@web141206.mail.bf1.yahoo.com> References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <1389131741.48433.YahooMailNeo@web141206.mail.bf1.yahoo.com> Message-ID: <1389132605.92166.YahooMailNeo@web141206.mail.bf1.yahoo.com> From: rysiek To: cypherpunks at cpunks.org Sent: Tuesday, January 7, 2014 10:51 AM Subject: Re: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) Dnia wtorek, 7 stycznia 2014 19:36:44 Cari Machet pisze: > umn i just met u at #30c3 i know who u r so... aaahhh memories... > names .... ppl... buses ... berlin...  i was making a little joke and > calling u poland sorry i happen to love poland generally so i like to > talk about it i guess AAAAHH! Now I got all the puzzles in my view. OHAI, CARI. :) /me facepalms hard/ >> how do you conclude that aaron was not "hacking" PLEASE EXPLAIN ??????? >Well... There are two ways the word "hacking" is used most often. >1. breaking into computer systems and generally doing some computery-evil stuff >2. doing some amazing technical things When I arrived at MIT in 1976, I learned that the term "hacker" meant ONLY the second definition above.   (I believe the term originated at the TMRC (Tech Model Railroad Club in the 1950's; that fact is probably in Wikipedia) There was no hint of illegality, nor was the term in any way limited to computer activities.  I would have been called a "chemistry hacker" or an "electronics hacker" at that point.  I (and many, many other people, no doubt) were peeved that the first definition above came into vogue.  The term "cracker" constituted an attempt to limit the misuse of "hacker".            Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3580 bytes Desc: not available URL: From carimachet at gmail.com Tue Jan 7 05:23:40 2014 From: carimachet at gmail.com (Cari Machet) Date: Tue, 7 Jan 2014 14:23:40 +0100 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <20140107115038.GA25434@netbook.cypherspace.org> References: <52CAA24E.5060809@cathalgarvey.me> <52CAA2A0.9070507@cathalgarvey.me> <52CAD18B.9080800@echeque.com> <52CADAB3.2040507@cathalgarvey.me> <52CB22EF.8020304@echeque.com> <20140107115038.GA25434@netbook.cypherspace.org> Message-ID: <217F0CE4-CD11-4C63-8A45-918B8E3C7DE9@gmail.com> Thanks - yes I know who may is and I understand the libertarian head space - as a fucking American citizen of native American descent I often find it at best 'racist' - I disagree with The laziness it's thought patterns propagate ... More later on ur packed analysis Sent from my iPhone On 07.01.2014, at 12:50, Adam Back wrote: > Dont worry about James hyperbole, he's just channeling Tim May who was one > of the three or four list co-founders, wrote the cyphernomicon [1], and had > a habit of using that phrase 'needed killing' now and then, as I recall as > phrase to express his distaste for someone's actions. Its an expression, > not something literal... but James' black & white, non-PC, absolutist > personality precludes him saying that :) You just have to read it with a > USENET flame war mentality and parse for what he's actually saying. > > Apart from the refusal to bow to PC, James is actually a pretty smart guy > from what I recall. He implemented some simplifed UX, ECC crypto email > stuff called 'crypto kong' [2] way back in 1997. > > Cypherpunks write code & all that, gives James some brownie points. > > About Aaron's case and suicide, it seems to me that Aaron miscalculated, and > the hacking was pretty escalated, engaged in multiple escalating > counter-measures when it was obvious the sysadmins were on to him as an > intruder, he didnt back off but took it to the next level including physical > intrusion & hiding equipment. But MIT (and to a lesser extent JSTOR) let > him down badly as did some of his academic friends and its tragic that he > was a victim of some extremely over reaching imbalanced law the CFAA [3], > aggressively prosecuted by self-agrandizing politically motivated, and > almost legally immune deeply flawed US federal prosecution and plea bargain > system, which also saw Weev [4] put in jail over the most ridiculous and > egregious abuse of law (noticing a defect in AT&T web site and giving the > information to the media). Yes Weev enjoys trolling, but thats an art-form > and since when has unpopular speech been illegal, freedom of speech means > unpopular speech too. Aaron's earlier hacktivism was pretty spectacularly > successful in demonstrating the stupidity of charging for access to publicly > funded legal information, in a way that ultimatey they could find no legal > fault with, though the feds were not doubt pretty pissed that they couldnt > get him for anything. But even the legal dox hacktivism stunt was very high > risk, the US legal system is hard to rely on, even when you are doing legal > but politically unpopular to things to a subset of the higher echelons of > office holder. It seems to me that particularly in the US the > political/legal system tends to hold grudges and fail spectacularly at > balance and impartiality and legal independence from political influence. Its better than Russia still, but its falling in world rankings of rule of > law and political indendence for sure. There are probably some independent > rankings on this aspect of the government/jurisdiction comparison. > > Adam > > [1] http://www.cypherpunks.to/faq/cyphernomicron/cyphernomicon.html > [2] http://echeque.com/Kong/ > [3] en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act‎ > [4] http://en.wikipedia.org/wiki/Weev > > On Tue, Jan 07, 2014 at 02:15:07AM +0100, Cari Machet wrote: >> shut the fuck up >> >> who is arrogant (and simplistic)? u >> >> On 1/6/14, James A. Donald wrote: >>> On 2014-01-07 03:18, John Young wrote: >>> > Swartz was ratted by a sysadmin, investigated by several sysadmins, >>> > some who formerly helped him and were pressured to betray him, >>> > indicted with the essential help of sysadmins. University and JSTOR >>> > administrators could not have discovered him , aided the >>> > investigation, cooperated with the prosecutor, without sysadmins. >>> > The cops and prosecutor could not have caught, investigated, coerced >>> > witnesses, indicted and killed Swarz without sysadmins. Some of >>> > those sysadmins are under lifetime vows of secrecy for cooperating >>> > against Swartz. >>> >>> They were not "ratting" on him >>> >>> A sysadmin tries to keep his systems working. Aaron Swartz was >>> disruptively trespassing on their systems - he was arrogantly and >>> obnoxiously aggressing against them. >>> >>> And that, in fact, was what he was charged with, not with releasing >>> JSTOR IP property, but with screwing up other people's computers. >>> >>> If he had been furtive about collecting the data, the way Snowden was, >>> there never would have been any problem. >>> >>> The problem was that Aaron Swartz was an arrogant asshole who thought >>> he was ruling class and above the law, and that those he aggressed >>> against were menials beneath the law - the Henry Louis Gates >>> phenomenon. >>> >>> One of the things our ruling class filters against is conspicuous and >>> obnoxious arrogance. They don't want us noticing them. Aaron Swartz >>> failed the conspicuous arrogance filter before being granted tenure, >>> so suddenly found himself no longer ruling class. >>> >>> >> >> >> -- >> Cari Machet >> NYC 646-436-7795 >> carimachet at gmail.com >> AIM carismachet >> Syria +963-099 277 3243 >> Amman +962 077 636 9407 >> Berlin +49 152 11779219 >> Twitter: @carimachet >> >> Ruh-roh, this is now necessary: This email is intended only for the >> addressee(s) and may contain confidential information. If you are not the >> intended recipient, you are hereby notified that any use of this >> information, dissemination, distribution, or copying of this email without >> permission is strictly prohibited. From jamesdbell8 at yahoo.com Tue Jan 7 14:42:39 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Tue, 7 Jan 2014 14:42:39 -0800 (PST) Subject: Stealing J. Edgar Hoover's secrets. Message-ID: <1389134559.77286.YahooMailNeo@web141206.mail.bf1.yahoo.com> Just saw this on Yahoo.    Seems appropriate to mention this, given Snowden, Manning, etc. http://screen.yahoo.com/new-york-times/stealing-j-edgar-hoover-secrets-130936313.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 888 bytes Desc: not available URL: From adam at cypherspace.org Tue Jan 7 07:24:20 2014 From: adam at cypherspace.org (Adam Back) Date: Tue, 7 Jan 2014 16:24:20 +0100 Subject: NSA, FBI creep & rule of law, democracy itself (Re: [cryptography] To Protect and Infect Slides) In-Reply-To: <52C996FE.3030905@iang.org> References: <4dcbb04f7c2c485eb43d18e222b0f9a8@cryptolab.net> <20131231051456.GC25536@order.stressinduktion.org> <52C3257D.6000707@appelbaum.net> <52C996FE.3030905@iang.org> Message-ID: <20140107152420.GA26992@netbook.cypherspace.org> This is indeed an interesting and scary question: On Sun, Jan 05, 2014 at 08:31:42PM +0300, ianG wrote: >What is a game changer is the relationship between the NSA and the >other USA civilian agencies. The breach of the civil/military line >is the one thing that has sent the fear level rocketing sky high, as >there is a widespread suspicion that the civil agencies cannot be >trusted to keep their fingers out of the pie. AKA systemic >corruption. If allied to national sigint capabilities, we're in a >world of pain. > >Question: Is there anything that can put some meat&metrics on how >developed and advanced this relationship is, how far the poison has >spread? How afraid should people in America be? maybe the most interesting and portenteous shift in power towards Orwellianism and totalitarianism in a century, as it affects the effectiveness of rule of law, and already weak separation of politics from law enforcement and justice system in the (current though slipping) super-power with unfortunate aspirations of extra-territorialism and international bullying. We're still a few decades from the cross over of financial dominance to Asia and BRICs, and most of those places are probably worse than the US by aspiration if thats possible, though less internet spying budget and capability. Unless something shapes up towards democracy in the super-power competitors we're in for a dismal century seemingly. That the NSA, and now seemingly FBI, see this I think maybe this FBI mission creep suggests the national security / law enforcement separation is slipping badly: http://news.slashdot.org/story/14/01/07/0015255/fbi-edits-mission-statement-removes-law-enforcement-as-primary-purpose | "Following the 9/11 attacks, the FBI picked up scores of new | responsibilities related to terrorism and counterintelligence while | maintaining a finite amount of resources. What's not in question is that | government agencies tend to benefit in numerous ways when considered | critical to national security as opposed to law enforcement. 'If you tie | yourself to national security, you get funding and you get exemptions on | disclosure cases,' said McClanahan. 'You get all the wonderful arguments | about how if you don't get your way, buildings will blow up and the | country will be less safe.'" so if even the FBI are getting their nose into the tent of unfetter access to historical data on everyone, plus informal channels and "tip-offs" on dirt on politically unpopular pepople - eg say effective security researchers like Applebaum, or effective journalists like Greenwald. (No "foreigners" dont feel very comforted, and the explict acknowledgment of tip-offs, and inforation channels to US domestic and international law enforcement, basically puts the entire planet at risk of politicaly motivated interference.) With retroactive search of your entire lifes electronic foot print including every "encrypted" IM, skype voip channel, contacts, emails, attorney client privileged and not, with no warrant or evidence presented to a judge for subpoena, the Orwell 2.0 system can probably fabricate or concoct trouble for 99% of the adult population of the planet. George Orwell 30 years late. We're pretty close to fucked as a civilization unless something pretty radical shifts in the political thinking and authorizations. And realistically it not even clear the NSA can politically be controlled anymore by the political system. Its very hard to influence something with that much skull-duggery built into its DNA, that many 10s of billions in outsourced defense contractor lobbying power, that much inertia and will to survive as an org, with military PSYOPs to turn on its own populace and political system, and black bag covert ops ties to dirty tricks in CIA, and judicial and law virtual immunity. They probably realistically went full speed ahead since the 11 Sep 2001, if not earlier on such things, and the scrapping. TIA wiki http://en.wikipedia.org/wiki/Total_Information_Awareness | Although the program was formally suspended [as of late 2003], its data | mining software was later adopted by other government agencies, with only | superficial changes being made. Probably even before since we nominally won the export regulation debacle and democractic countries were forced to admit it was inconsistent with their self-perception as open democratic countries, to be controlling and banning encryption software. The 21st century equivalent of book burning. Can we rectify this with the cypherpunks write code? Maybe as Schneier said in a discussion on this topic with Eben Moglen (at Moglen's respective university) maybe we can make it more expensive by deploying more crypto that is end to end secure, secure by default. ie more TOFU, more cert pinning, more certificate transparency distributed cert validation. Even the cert valiation maybe behind the game, perhaps NSA really do already have a lot of actual SSL private keys via hardware, software hacking and backdoors with manufacturer complicity or not, as well as just demanding them with NSL orders, gag orders as Lavabit showed finally with evidence. I wonder what proportion of SSL certs worldwide the five eyes/Orwell 2.0 shadow orwell 2.0 government have copies of? Adam From demonfighter at gmail.com Tue Jan 7 13:30:35 2014 From: demonfighter at gmail.com (demonfighter6 .) Date: Tue, 7 Jan 2014 16:30:35 -0500 Subject: hacker != cracker (Re: Swartz, Weev & radical libertarian lexicon) In-Reply-To: <20140107212008.GA29441@netbook.cypherspace.org> References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5DEC.7040806@echeque.com> <20140107212008.GA29441@netbook.cypherspace.org> Message-ID: On Tue, Jan 7, 2014 at 4:20 PM, Adam Back wrote: > Seems like the original hackers lost that etymology battle however long ago. Yes, annoying though that may be to those of us who were called hackers before that became a bad thing. But we're outnumbered thousands-to-one, and we're just not going to win that language war. ... Unless the technically adept were to bring the systems crashing down and let the technically inept freeze and starve to death. ... But that would be a Naughty Thing, and not something I'd ever condone. And just ignore the sig I've been using for over a decade. -- Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1215 bytes Desc: not available URL: From adam at cypherspace.org Tue Jan 7 07:31:29 2014 From: adam at cypherspace.org (Adam Back) Date: Tue, 7 Jan 2014 16:31:29 +0100 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <2F1DF4FA-A510-4F98-8AFA-BC950B83683D@gmail.com> References: <52CAA24E.5060809@cathalgarvey.me> <52CAA2A0.9070507@cathalgarvey.me> <52CAD18B.9080800@echeque.com> <52CADAB3.2040507@cathalgarvey.me> <52CB22EF.8020304@echeque.com> <20140107115038.GA25434@netbook.cypherspace.org> <217F0CE4-CD11-4C63-8A45-918B8E3C7DE9@gmail.com> <2F1DF4FA-A510-4F98-8AFA-BC950B83683D@gmail.com> Message-ID: <20140107153129.GA27210@netbook.cypherspace.org> On Tue, Jan 07, 2014 at 11:18:49AM -0400, Robert Hettinga wrote: >Just like “bless your heart” in the mouth of my dear departed Aunt Cora Lee > Jones, formerly of Odessa Texas used to mean “I would’t piss up your ass > if your guts were on fire.” > >Howdy all y’all. It’s been a while... Sure has. Welcome back to the party RAH :) Bitcoin aka actual digital bearer certs & mostly irrevocable but not quite blind ecash deployed, Snowden triggered NSA self-sabotage to unwind the post-911 privacy pall, mountains of evidence that the most paranoid cypherpunk imaginations are fully real and worse, US security researchers and journalists taking overseas residence to escape harrassment or worse. Interesting time for enciphering cypherpunkly minds. > Tim was right. Some people *do* need killin’. In fact, I would presume he > meant *me*, more than once or twice... Heh, thats probably true given in your own propensity to engage in fun flame wars :) Adam From hettinga at gmail.com Tue Jan 7 12:31:39 2014 From: hettinga at gmail.com (Robert Hettinga) Date: Tue, 7 Jan 2014 16:31:39 -0400 Subject: "Digital Cash", 3rd ed. Message-ID: <09D847A0-C704-42A8-98DC-1A073588C9EE@gmail.com> Peter Wayner surfaces with a third edition of "Digital Cash”: http://www.indiegogo.com/projects/digital-cash-3rd-edition Cheers, RAH Alla the old farts are crawlin’ outta the woodwork, um, aren’t we? From adam at cypherspace.org Tue Jan 7 08:48:09 2014 From: adam at cypherspace.org (Adam Back) Date: Tue, 7 Jan 2014 17:48:09 +0100 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <52CAA2A0.9070507@cathalgarvey.me> <52CAD18B.9080800@echeque.com> <52CADAB3.2040507@cathalgarvey.me> <52CB22EF.8020304@echeque.com> <20140107115038.GA25434@netbook.cypherspace.org> <217F0CE4-CD11-4C63-8A45-918B8E3C7DE9@gmail.com> Message-ID: <20140107164809.GA26421@netbook.cypherspace.org> On Tue, Jan 07, 2014 at 10:37:41AM -0500, Patrick Mylund Nielsen wrote: > James already proved himself a racist earlier in the discussion when he > mentioned that he could only find "a number of black felons who should > have been killed off long ago" while googling a person's name. "Black" > was, of course, completely irrelevant, but he nevertheless found it > important to add. Yeah but my point was James (and multiple others) were ever thus, and yet if you catch them focussed on something useful they are capable, even gifted some of them. A guy can say a bunch of things on political rambling, its not like you'd expect political uniformity or political correctness, or mellow, nuanced balanced views out of a bunch of crypto-anarchists: the political side of this list could always be like a USENET flame fest at its worst. Flame-retardent underwear and 'n' button at the ready. Read the bits that interest you, skip the rest. It just amuses me, there goes (some person prone to such rants) again, on some pet topic or highly non-PC, or offensive to sensitive ears diatribe, smirk, time to use the 'n' button (next email). If you dont like the noise, create some signal is another concept (and dont fan the noise). This kind of level of argument was however interspersed with some highly interesting technical innovations like remailers, ecash, anonymity networks, smart-contracts, pseudonymity theory and political implications thereof etc. Sometimes I think the younger generation missed out on USENET flame wars as a comparative baseline of signal/noise ratio and civilized discourse ;) Adam From adam at cypherspace.org Tue Jan 7 09:07:18 2014 From: adam at cypherspace.org (Adam Back) Date: Tue, 7 Jan 2014 18:07:18 +0100 Subject: Come to think of it where in hell is TC May? Re: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <52CC1FC7.4040606@cypherpunks.to> References: <52CAD18B.9080800@echeque.com> <52CADAB3.2040507@cathalgarvey.me> <52CB22EF.8020304@echeque.com> <20140107115038.GA25434@netbook.cypherspace.org> <217F0CE4-CD11-4C63-8A45-918B8E3C7DE9@gmail.com> <2F1DF4FA-A510-4F98-8AFA-BC950B83683D@gmail.com> <20140107153129.GA27210@netbook.cypherspace.org> <52CC1FC7.4040606@cypherpunks.to> Message-ID: <20140107170718.GA27784@netbook.cypherspace.org> Yeah I think this might be a claim by Charlie Stross to having outed T C May's blog nom-de-plume, or not; its ambiguous. http://www.antipope.org/charlie/blog-static/2013/12/why-i-want-bitcoin-to-die-in-a.html The article itself is a Charlie Stross bitcoin-hate diatribe. Amusingly bitcoin bounced back to $1000 since his doom and gloom of "$500 and falling" and I personally just bought more at the nice price of $390 and $500, having confidence in the long term value of the new digital scarcity commodity class, and its now approximately double that, put in yer pipe Strossy. (Its not like fiat doesnt have problems and having banksters eat a largely unearned big % portion of GDP doesnt exactly benefit society and isnt green either, they could be doing societally useful work instead). I happened to notice the T C May reference in the Stross replies to comments number 15: | Bitcoin to me looks more like the work of one of the scary-bright early | 1990s cypherpunks -- I've heard Nick Szabo mentioned as a possible "true | name" for "Satoshi Nakamoto". (I'm pretty sure it's not the work of he | who goes by the handle Mencius Moldbug these days -- he has his own | politically-disruptive software project on the go -- or Tim May or, or, | um, blanking on names.) not sure if that means he thinks Moldbug is May or the "or" means other person rather than other name. Take a gander at the prose style on Mencius Moldbug's political rants form your own opinion. http://unqualified-reservations.blogspot.com/ Adam On Tue, Jan 07, 2014 at 07:39:51AM -0800, gwen hastings wrote: >Subject says it all.. has he passed is he still alive??(or did they ship >him off to gitmo or a "black" site etc...) > > encyphering minds and all that crap > GH >ps tentacle #99 :) > > >-- >Governments are instituted among men, > deriving their just powers from the consent of the governed, >that whenever any form of government becomes destructive >of these ends, it is the right of the people to alter or > abolish it, and to institute new government, laying its > foundation on such principles, and organizing its powers > in such form, as to them shall seem most likely to effect > their safety and happiness.’ From rysiek at hackerspace.pl Tue Jan 7 09:35:42 2014 From: rysiek at hackerspace.pl (rysiek) Date: Tue, 07 Jan 2014 18:35:42 +0100 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> Message-ID: <1975850.1MTuBQom6F@lap> Dnia wtorek, 7 stycznia 2014 10:56:35 John Young pisze: > Anybody with a three-letter name of a website, or more grotesquely vain, > a TLA nym, needs killing thrice as a bitter old diaper-wearing turd and > tex-mexist marxian from Odessa, oil-capitalist murder capital of the USA. Bite my shiny metal arse! Sincerely, http://rys.io/ -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Tue Jan 7 09:37:15 2014 From: rysiek at hackerspace.pl (rysiek) Date: Tue, 07 Jan 2014 18:37:15 +0100 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <52CC396C.2010102@echeque.com> References: <52CAA24E.5060809@cathalgarvey.me> <20140107115038.GA25434@netbook.cypherspace.org> <52CC396C.2010102@echeque.com> Message-ID: <5109718.kinuNhY7M1@lap> Dnia środa, 8 stycznia 2014 03:29:16 James A. Donald pisze: > If an ordinary person engages in physical intrusion to hack someone > to hack someone > hack Sir, you keep using this word. I don't think it means what you think it means. -- Pozdr rysiek P.S. Yeah, yeah, why am I even feeding the troll. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From europus at gmail.com Tue Jan 7 16:03:12 2014 From: europus at gmail.com (Ulex Europae) Date: Tue, 07 Jan 2014 19:03:12 -0500 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <20140107115038.GA25434@netbook.cypherspace.org> References: <52CAA24E.5060809@cathalgarvey.me> <52CAA2A0.9070507@cathalgarvey.me> <52CAD18B.9080800@echeque.com> <52CADAB3.2040507@cathalgarvey.me> <52CB22EF.8020304@echeque.com> <20140107115038.GA25434@netbook.cypherspace.org> Message-ID: <52cc95c3.aa13450a.6ce1.ffffefc7@mx.google.com> At 06:50 AM 1/7/2014, Adam Back wrote: >Cypherpunks write code & all that, gives James some brownie points. Is it no-longer true that one "Aw shit" cancels out 1,000 Attaboys? Put another way, stopped clocks might tell the correct time twice a day but that is irrelevant. The thing to know about stopped clocks is that they are stopped. --ue From carimachet at gmail.com Tue Jan 7 10:04:56 2014 From: carimachet at gmail.com (Cari Machet) Date: Tue, 7 Jan 2014 19:04:56 +0100 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <5109718.kinuNhY7M1@lap> References: <52CAA24E.5060809@cathalgarvey.me> <20140107115038.GA25434@netbook.cypherspace.org> <52CC396C.2010102@echeque.com> <5109718.kinuNhY7M1@lap> Message-ID: Dnia środa, 8 stycznia 2014 03:29:16 James A. Donald pisze: > If an ordinary person engages in physical intrusion to hack someone > to hack someone > hack > Sir, you keep using this word. I don't think it means what you think it means hey poland - you dont think a person can b hacked? wow.... On 1/7/14, rysiek wrote: > Dnia środa, 8 stycznia 2014 03:29:16 James A. Donald pisze: >> If an ordinary person engages in physical intrusion to hack someone > >> to hack someone > >> hack > > Sir, you keep using this word. I don't think it means what you think it > means. > > -- > Pozdr > rysiek > > P.S. > Yeah, yeah, why am I even feeding the troll. -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. From rysiek at hackerspace.pl Tue Jan 7 10:20:32 2014 From: rysiek at hackerspace.pl (rysiek) Date: Tue, 07 Jan 2014 19:20:32 +0100 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <5109718.kinuNhY7M1@lap> Message-ID: <7313825.CpIBCJJG27@lap> Dnia wtorek, 7 stycznia 2014 19:04:56 Cari Machet pisze: > Dnia środa, 8 stycznia 2014 03:29:16 James A. Donald pisze: > > If an ordinary person engages in physical intrusion to hack someone > > > > to hack someone > > > > hack > > > > Sir, you keep using this word. I don't think it means what you think it > > means > hey poland - you dont think a person can b hacked? wow.... Nah, I was rather referring to Aaron Swartz' actions -- calling them "hacking" seems not fitting on so many levels... Also, I appreciate the fact that for some peculiar reason you choose to find me important enough to identify whole Poland with my person, nevertheless I assure you there are quite a few people in Poland; not sure how things look on your side of Teh Intertubes, but here we don't usually consider a single person to be solely responsible for nor identifiable with a whole country. I find it additionally interesting that you seem to assume nationality of an Internet contact based on TLD of their e-mail address. That's so cute. Had I written from rys.io domain, would you start off with "hey indian ocean territory", or "hey brit"? -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From carimachet at gmail.com Tue Jan 7 10:29:00 2014 From: carimachet at gmail.com (Cari Machet) Date: Tue, 7 Jan 2014 19:29:00 +0100 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <20140107115038.GA25434@netbook.cypherspace.org> <52CC396C.2010102@echeque.com> <5109718.kinuNhY7M1@lap> Message-ID: On 1/7/14, Adam Back wrote: > > Apart from the refusal to bow to PC, James is actually a pretty smart guy > from what I recall. He implemented some simplifed UX, ECC crypto email > stuff called 'crypto kong' [2] way back in 1997. all hail to the chiefs but happy to praise all-all but look even mass murderers are kind sometimes i am sure ie just onaccounta' you is smart in one compartmentalized section of ur life dont mean ur emotionally smart > > Cypherpunks write code & all that, gives James some brownie points. agreed!!!!! > > About Aaron's case and suicide, it seems to me that Aaron miscalculated, > and > the hacking was pretty escalated, engaged in multiple escalating > counter-measures when it was obvious the sysadmins were on to him as an > intruder, he didnt back off i have not heard this before - i had the information that he was downloading way too much at a time and doing it over a very small period of time and that tipped them off my information is that he was very careful in other work of this kind why would he b so sloppy this time - i mean how do you know he knew they were on to him? >but took it to the next level including > physical > intrusion & hiding equipment. But MIT (and to a lesser extent JSTOR) let > him down badly as did some of his academic friends and its tragic that he > was a victim of some extremely over reaching imbalanced law the CFAA [3], > aggressively prosecuted by self-agrandizing politically motivated, and > almost legally immune deeply flawed US federal prosecution and plea bargain > system, yes but i think from my understanding it wasnt the amount of prison time or the money but the fact that he wld have to plead guilty to 13 felony counts - he would not get to serve in the government ... vote etc >which also saw Weev [4] put in jail over the most ridiculous and > egregious abuse of law (noticing a defect in AT&T web site and giving the > information to the media). Yes Weev enjoys trolling, but thats an art-form > and since when has unpopular speech been illegal, freedom of speech means > unpopular speech too. AGREED - i am not sure ppl know enough about his case any ideas about how we can push it out there more????? >Aaron's earlier hacktivism was pretty spectacularly > successful in demonstrating the stupidity of charging for access to > publicly > funded legal information, in a way that ultimatey they could find no legal > fault with, though the feds were not doubt pretty pissed that they couldnt > get him for anything. But even the legal dox hacktivism stunt was very > high > risk, the US legal system is hard to rely on, even when you are doing legal > but politically unpopular to things to a subset of the higher echelons of > office holder. It seems to me that particularly in the US the > political/legal system tends to hold grudges and fail spectacularly at > balance and impartiality and legal independence from political influence. > Its better than Russia still, but its falling in world rankings of rule of > law and political indendence for sure. There are probably some independent > rankings on this aspect of the government/jurisdiction comparison. i would love to see the rankings on that too i was just going over this very thing > there is no oversight absolutely NONE like in the bureau of prisons guess who decided the fate of lynne stewart > 1 man who is the director > it is a piss poor system that has no intellectual growth in its structure for a very long time > i find it curious that u compare US judicial system to russia thats funny agreed the system is not reliably predictable EVER i think he spoke to agents without a lawyer present i think all instances are multifaceted and criticism and debate about aaron is helpful i wasnt saying that i was saying the militance was off to me i would be interested to hear more of what ppl think were the mis-steps in his work however large or small it may seem - as i am doing some work around 'reparations' and want the full picture as much as possible before i get hit in the face with it somewhere else... THANKS FOR YOUR TIME > > Adam > > [1] http://www.cypherpunks.to/faq/cyphernomicron/cyphernomicon.html > [2] http://echeque.com/Kong/ > [3] en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act > [4] http://en.wikipedia.org/wiki/Weev > > On Tue, Jan 07, 2014 at 02:15:07AM +0100, Cari Machet wrote: >>shut the fuck up >> >>who is arrogant (and simplistic)? u >> >>On 1/6/14, James A. Donald wrote: >>> On 2014-01-07 03:18, John Young wrote: >>> > Swartz was ratted by a sysadmin, investigated by several sysadmins, >>> > some who formerly helped him and were pressured to betray him, >>> > indicted with the essential help of sysadmins. University and JSTOR >>> > administrators could not have discovered him , aided the >>> > investigation, cooperated with the prosecutor, without sysadmins. >>> > The cops and prosecutor could not have caught, investigated, coerced >>> > witnesses, indicted and killed Swarz without sysadmins. Some of >>> > those sysadmins are under lifetime vows of secrecy for cooperating >>> > against Swartz. >>> >>> They were not "ratting" on him >>> >>> A sysadmin tries to keep his systems working. Aaron Swartz was >>> disruptively trespassing on their systems - he was arrogantly and >>> obnoxiously aggressing against them. >>> >>> And that, in fact, was what he was charged with, not with releasing >>> JSTOR IP property, but with screwing up other people's computers. >>> >>> If he had been furtive about collecting the data, the way Snowden was, >>> there never would have been any problem. >>> >>> The problem was that Aaron Swartz was an arrogant asshole who thought >>> he was ruling class and above the law, and that those he aggressed >>> against were menials beneath the law - the Henry Louis Gates >>> phenomenon. >>> >>> One of the things our ruling class filters against is conspicuous and >>> obnoxious arrogance. They don't want us noticing them. Aaron Swartz >>> failed the conspicuous arrogance filter before being granted tenure, >>> so suddenly found himself no longer ruling class. >>> >>> >> >> >>-- >>Cari Machet >>NYC 646-436-7795 >>carimachet at gmail.com >>AIM carismachet >>Syria +963-099 277 3243 >>Amman +962 077 636 9407 >>Berlin +49 152 11779219 >>Twitter: @carimachet >> >>Ruh-roh, this is now necessary: This email is intended only for the >>addressee(s) and may contain confidential information. If you are not the >>intended recipient, you are hereby notified that any use of this >>information, dissemination, distribution, or copying of this email without >>permission is strictly prohibited. > -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. On 1/7/14, Cari Machet wrote: > Dnia środa, 8 stycznia 2014 03:29:16 James A. Donald pisze: >> If an ordinary person engages in physical intrusion to hack someone > >> to hack someone > >> hack > >> Sir, you keep using this word. I don't think it means what you think it >> means > > hey poland - you dont think a person can b hacked? wow.... > > On 1/7/14, rysiek wrote: >> Dnia środa, 8 stycznia 2014 03:29:16 James A. Donald pisze: >>> If an ordinary person engages in physical intrusion to hack someone >> >>> to hack someone >> >>> hack >> >> Sir, you keep using this word. I don't think it means what you think it >> means. >> >> -- >> Pozdr >> rysiek >> >> P.S. >> Yeah, yeah, why am I even feeding the troll. > > > -- > Cari Machet > NYC 646-436-7795 > carimachet at gmail.com > AIM carismachet > Syria +963-099 277 3243 > Amman +962 077 636 9407 > Berlin +49 152 11779219 > Twitter: @carimachet > > Ruh-roh, this is now necessary: This email is intended only for the > addressee(s) and may contain confidential information. If you are not the > intended recipient, you are hereby notified that any use of this > information, dissemination, distribution, or copying of this email without > permission is strictly prohibited. > -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. From carimachet at gmail.com Tue Jan 7 10:36:44 2014 From: carimachet at gmail.com (Cari Machet) Date: Tue, 7 Jan 2014 19:36:44 +0100 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <20140107115038.GA25434@netbook.cypherspace.org> <52CC396C.2010102@echeque.com> <5109718.kinuNhY7M1@lap> Message-ID: umn i just met u at #30c3 i know who u r so... aaahhh memories... names .... ppl... buses ... berlin... i was making a little joke and calling u poland sorry i happen to love poland generally so i like to talk about it i guess how do you conclude that aaron was not "hacking" PLEASE EXPLAIN ??????? On 1/7/14, Cari Machet wrote: > On 1/7/14, Adam Back wrote: >> >> Apart from the refusal to bow to PC, James is actually a pretty smart guy >> from what I recall. He implemented some simplifed UX, ECC crypto email >> stuff called 'crypto kong' [2] way back in 1997. > > all hail to the chiefs but happy to praise all-all but look even mass > murderers are kind sometimes i am sure ie just onaccounta' you is > smart in one compartmentalized section of ur life dont mean ur > emotionally smart > >> >> Cypherpunks write code & all that, gives James some brownie points. > > agreed!!!!! > >> >> About Aaron's case and suicide, it seems to me that Aaron miscalculated, >> and >> the hacking was pretty escalated, engaged in multiple escalating >> counter-measures when it was obvious the sysadmins were on to him as an >> intruder, he didnt back off > > i have not heard this before - i had the information that he was > downloading way too much at a time and doing it over a very small > period of time and that tipped them off my information is that he was > very careful in other work of this kind why would he b so sloppy this > time - i mean how do you know he knew they were on to him? > >>but took it to the next level including >> physical >> intrusion & hiding equipment. But MIT (and to a lesser extent JSTOR) let >> him down badly as did some of his academic friends and its tragic that he >> was a victim of some extremely over reaching imbalanced law the CFAA [3], >> aggressively prosecuted by self-agrandizing politically motivated, and >> almost legally immune deeply flawed US federal prosecution and plea >> bargain >> system, > > yes but i think from my understanding it wasnt the amount of prison > time or the money but the fact that he wld have to plead guilty to 13 > felony counts - he would not get to serve in the government ... vote > etc > >>which also saw Weev [4] put in jail over the most ridiculous and >> egregious abuse of law (noticing a defect in AT&T web site and giving the >> information to the media). Yes Weev enjoys trolling, but thats an >> art-form >> and since when has unpopular speech been illegal, freedom of speech means >> unpopular speech too. > > AGREED - i am not sure ppl know enough about his case any ideas about > how we can push it out there more????? > >>Aaron's earlier hacktivism was pretty spectacularly >> successful in demonstrating the stupidity of charging for access to >> publicly >> funded legal information, in a way that ultimatey they could find no >> legal >> fault with, though the feds were not doubt pretty pissed that they >> couldnt >> get him for anything. But even the legal dox hacktivism stunt was very >> high >> risk, the US legal system is hard to rely on, even when you are doing >> legal >> but politically unpopular to things to a subset of the higher echelons of >> office holder. It seems to me that particularly in the US the >> political/legal system tends to hold grudges and fail spectacularly at >> balance and impartiality and legal independence from political influence. >> Its better than Russia still, but its falling in world rankings of rule >> of >> law and political indendence for sure. There are probably some >> independent >> rankings on this aspect of the government/jurisdiction comparison. > > i would love to see the rankings on that too i was just going over > this very thing > there is no oversight absolutely NONE like in the > bureau of prisons guess who decided the fate of lynne stewart > 1 man > who is the director > it is a piss poor system that has no > intellectual growth in its structure for a very long time > i find it > curious that u compare US judicial system to russia thats funny > > agreed the system is not reliably predictable EVER i think he spoke to > agents without a lawyer present > > i think all instances are multifaceted and criticism and debate about > aaron is helpful i wasnt saying that i was saying the militance was > off to me > > i would be interested to hear more of what ppl think were the > mis-steps in his work however large or small it may seem - as i am > doing some work around 'reparations' and want the full picture as much > as possible before i get hit in the face with it somewhere else... > > THANKS FOR YOUR TIME > >> >> Adam >> >> [1] http://www.cypherpunks.to/faq/cyphernomicron/cyphernomicon.html >> [2] http://echeque.com/Kong/ >> [3] en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act >> [4] http://en.wikipedia.org/wiki/Weev >> >> On Tue, Jan 07, 2014 at 02:15:07AM +0100, Cari Machet wrote: >>>shut the fuck up >>> >>>who is arrogant (and simplistic)? u >>> >>>On 1/6/14, James A. Donald wrote: >>>> On 2014-01-07 03:18, John Young wrote: >>>> > Swartz was ratted by a sysadmin, investigated by several sysadmins, >>>> > some who formerly helped him and were pressured to betray him, >>>> > indicted with the essential help of sysadmins. University and JSTOR >>>> > administrators could not have discovered him , aided the >>>> > investigation, cooperated with the prosecutor, without sysadmins. >>>> > The cops and prosecutor could not have caught, investigated, coerced >>>> > witnesses, indicted and killed Swarz without sysadmins. Some of >>>> > those sysadmins are under lifetime vows of secrecy for cooperating >>>> > against Swartz. >>>> >>>> They were not "ratting" on him >>>> >>>> A sysadmin tries to keep his systems working. Aaron Swartz was >>>> disruptively trespassing on their systems - he was arrogantly and >>>> obnoxiously aggressing against them. >>>> >>>> And that, in fact, was what he was charged with, not with releasing >>>> JSTOR IP property, but with screwing up other people's computers. >>>> >>>> If he had been furtive about collecting the data, the way Snowden was, >>>> there never would have been any problem. >>>> >>>> The problem was that Aaron Swartz was an arrogant asshole who thought >>>> he was ruling class and above the law, and that those he aggressed >>>> against were menials beneath the law - the Henry Louis Gates >>>> phenomenon. >>>> >>>> One of the things our ruling class filters against is conspicuous and >>>> obnoxious arrogance. They don't want us noticing them. Aaron Swartz >>>> failed the conspicuous arrogance filter before being granted tenure, >>>> so suddenly found himself no longer ruling class. >>>> >>>> >>> >>> >>>-- >>>Cari Machet >>>NYC 646-436-7795 >>>carimachet at gmail.com >>>AIM carismachet >>>Syria +963-099 277 3243 >>>Amman +962 077 636 9407 >>>Berlin +49 152 11779219 >>>Twitter: @carimachet >>> >>>Ruh-roh, this is now necessary: This email is intended only for the >>>addressee(s) and may contain confidential information. If you are not the >>>intended recipient, you are hereby notified that any use of this >>>information, dissemination, distribution, or copying of this email >>> without >>>permission is strictly prohibited. >> > > > -- > Cari Machet > NYC 646-436-7795 > carimachet at gmail.com > AIM carismachet > Syria +963-099 277 3243 > Amman +962 077 636 9407 > Berlin +49 152 11779219 > Twitter: @carimachet > > Ruh-roh, this is now necessary: This email is intended only for the > addressee(s) and may contain confidential information. If you are not the > intended recipient, you are hereby notified that any use of this > information, dissemination, distribution, or copying of this email without > permission is strictly prohibited. > > > > > On 1/7/14, Cari Machet wrote: >> Dnia środa, 8 stycznia 2014 03:29:16 James A. Donald pisze: >>> If an ordinary person engages in physical intrusion to hack someone >> >>> to hack someone >> >>> hack >> >>> Sir, you keep using this word. I don't think it means what you think it >>> means >> >> hey poland - you dont think a person can b hacked? wow.... >> >> On 1/7/14, rysiek wrote: >>> Dnia środa, 8 stycznia 2014 03:29:16 James A. Donald pisze: >>>> If an ordinary person engages in physical intrusion to hack someone >>> >>>> to hack someone >>> >>>> hack >>> >>> Sir, you keep using this word. I don't think it means what you think it >>> means. >>> >>> -- >>> Pozdr >>> rysiek >>> >>> P.S. >>> Yeah, yeah, why am I even feeding the troll. >> >> >> -- >> Cari Machet >> NYC 646-436-7795 >> carimachet at gmail.com >> AIM carismachet >> Syria +963-099 277 3243 >> Amman +962 077 636 9407 >> Berlin +49 152 11779219 >> Twitter: @carimachet >> >> Ruh-roh, this is now necessary: This email is intended only for the >> addressee(s) and may contain confidential information. If you are not the >> intended recipient, you are hereby notified that any use of this >> information, dissemination, distribution, or copying of this email >> without >> permission is strictly prohibited. >> > > > -- > Cari Machet > NYC 646-436-7795 > carimachet at gmail.com > AIM carismachet > Syria +963-099 277 3243 > Amman +962 077 636 9407 > Berlin +49 152 11779219 > Twitter: @carimachet > > Ruh-roh, this is now necessary: This email is intended only for the > addressee(s) and may contain confidential information. If you are not the > intended recipient, you are hereby notified that any use of this > information, dissemination, distribution, or copying of this email without > permission is strictly prohibited. > -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. From rysiek at hackerspace.pl Tue Jan 7 10:51:36 2014 From: rysiek at hackerspace.pl (rysiek) Date: Tue, 07 Jan 2014 19:51:36 +0100 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> Message-ID: <3840023.vxZcX9Ecem@lap> Dnia wtorek, 7 stycznia 2014 19:36:44 Cari Machet pisze: > umn i just met u at #30c3 i know who u r so... aaahhh memories... > names .... ppl... buses ... berlin... i was making a little joke and > calling u poland sorry i happen to love poland generally so i like to > talk about it i guess AAAAHH! Now I got all the puzzles in my view. OHAI, CARI. :) /me facepalms hard/ > how do you conclude that aaron was not "hacking" PLEASE EXPLAIN ??????? Well... There are two ways the word "hacking" is used most often. 1. breaking into computer systems and generally doing some computery-evil stuff 2. doing some amazing technical things So, what Aaron did was in no way fitting the 2., right? He just put a laptop in a closet and downloaded stuff. Neither does it fit 1. -- he did not break any kind of security systems, cracked passwords, etc., he just put a laptop on a network that had access to these documents and downloaded the documents. That's all. On a different level, it was indeed consistent with hacker ethos, esp. "information wants to be free". But that doesn't mean it was a "hack", in any meaning of the word. Also, inb4 "hacker means X - no, it means Y" shitstorm -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From carimachet at gmail.com Tue Jan 7 11:09:09 2014 From: carimachet at gmail.com (Cari Machet) Date: Tue, 7 Jan 2014 20:09:09 +0100 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <3840023.vxZcX9Ecem@lap> References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> Message-ID: hmmn i see it as a hack and his other work was similar he was breaking the user agreement as worded by lawyer types > isnt that a hack? plus they were all scuuurrred he was going to leak the docs he downloaded so.... thats kind of a hack it was presumed becasue of past predictors of behavior that he would negotiate with JSTOR to change there ways which is umn super-neoliberal-capitalistic is stealing a hack? - i think in general that the term hacking has expanded - i think he was hacking the system >>> maybe we disagree on the words expansion ??? heres some wordy words mayb u wld like to read re aarons work with others https://public.resource.org/crime ++++++++++ hope it is very cold in poland and you are incredibly unhappy > berlin is nice On 1/7/14, rysiek wrote: > Dnia wtorek, 7 stycznia 2014 19:36:44 Cari Machet pisze: >> umn i just met u at #30c3 i know who u r so... aaahhh memories... >> names .... ppl... buses ... berlin... i was making a little joke and >> calling u poland sorry i happen to love poland generally so i like to >> talk about it i guess > > AAAAHH! Now I got all the puzzles in my view. OHAI, CARI. :) > /me facepalms hard/ > >> how do you conclude that aaron was not "hacking" PLEASE EXPLAIN ??????? > > Well... There are two ways the word "hacking" is used most often. > 1. breaking into computer systems and generally doing some computery-evil > stuff > 2. doing some amazing technical things > > So, what Aaron did was in no way fitting the 2., right? He just put a laptop > > in a closet and downloaded stuff. > > Neither does it fit 1. -- he did not break any kind of security systems, > cracked passwords, etc., he just put a laptop on a network that had access > to > these documents and downloaded the documents. That's all. > > > On a different level, it was indeed consistent with hacker ethos, esp. > "information wants to be free". But that doesn't mean it was a "hack", in > any > meaning of the word. > > Also, inb4 "hacker means X - no, it means Y" shitstorm > > -- > Pozdr > rysiek -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. From rysiek at hackerspace.pl Tue Jan 7 11:44:49 2014 From: rysiek at hackerspace.pl (rysiek) Date: Tue, 07 Jan 2014 20:44:49 +0100 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> Message-ID: <18043243.X8FIBlbTOb@lap> Dnia wtorek, 7 stycznia 2014 20:09:09 Cari Machet pisze: > hmmn i see it as a hack and his other work was similar > > he was breaking the user agreement as worded by lawyer types > isnt that a > hack? Nope. One can be breaking a user agreement by being 13 and having a Twitter account -- is that a hack? > plus they were all scuuurrred he was going to leak the docs he > downloaded so.... thats kind of a hack "He was going to" != "he did". > it was presumed becasue of past predictors of behavior that he would > negotiate with JSTOR to change there ways which is umn > super-neoliberal-capitalistic I'm sorry, I am unfamiliar with the word "umn". > is stealing a hack? - i think in general that the term hacking has > expanded - i think he was hacking the system >>> maybe we disagree on > the words expansion ??? Ah, "hacking the system" is what we all do, what the whole NoisySquare thing was at 30C3, etc. Is that something evil? Is that something to be "killed" for? > heres some wordy words mayb u wld like to read re aarons work with others > > https://public.resource.org/crime Well, I couldn't have put it better myself: "Aaron didn’t break into JSTOR, he used a valid JSTOR guest account available on the MIT campus, which runs an open network. Had he downloaded 1 article every day for 4.8 million days, there would have been no problem. Had he downloaded 100 articles every day for 48,000 days, that would have been fine as well, nobody would have noticed. But he downloaded 4.8 million articles in 100 days. Somewhere between 100 articles a day and 48,000 articles a day, Aaron crossed an invisible line." > hope it is very cold in poland and you are incredibly unhappy > berlin is > nice Very warm here, increadibly warm I would say for this time of year. And no snow whatsoever. I mean, we're at +8°C during day, -1°C at night. Say "hi" to all your buddies from the States from me. ;) -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From adam at cypherspace.org Tue Jan 7 12:02:48 2014 From: adam at cypherspace.org (Adam Back) Date: Tue, 7 Jan 2014 21:02:48 +0100 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <20140107115038.GA25434@netbook.cypherspace.org> <52CC396C.2010102@echeque.com> <5109718.kinuNhY7M1@lap> Message-ID: <20140107200248.GA28851@netbook.cypherspace.org> On Tue, Jan 07, 2014 at 07:29:00PM +0100, Cari Machet wrote: >> About Aaron's case and suicide, it seems to me that Aaron miscalculated, >> and the hacking was pretty escalated, engaged in multiple escalating >> counter-measures when it was obvious the sysadmins were on to him as an >> intruder, he didnt back off > >i have not heard this before - i had the information that he was >downloading way too much at a time and doing it over a very small >period of time and that tipped them off my information is that he was >very careful in other work of this kind why would he b so sloppy this >time - i mean how do you know he knew they were on to him? I imagine its all out there on the wikis or interwebs, thats where I read it, so here I am just repeating what was written about extensively at the time. From memory there was some escalation. He was detected, blocked, reacted (mac tumble etc) blocked again, then proceed to enter presumably restricted areas, hide equipment to bypass limits the admins had placed only on wifi users, and still download the heck out of it. It was a big risk and not very smart move. What do you think a competent sysadmin would do about on on going security investigation in that situation - try to find the equipment or say "on noes the hacker is too smart for us - we capitulate". So they found the equipment, called the local cops, and found Aaron when he came to collect the equipment. Its not as if he asked their permission, nor that they knew it was someone even authorized to be on campus or to use JSTOR. Once that happened it spiraled out of control, even though several influential faculty knew Aaron, and as I recall his father also worked there; and various people caved or chickened out of supporting him from what others said on this threa, and the guy was like depressed obviously about this situation. From robin hood white knight hacktivist to soon to be felon with soulless politicaly motivated fed prosecutor trying to make an example of him by twisting the max out of some already egregious laws. So yes I am against the state subsidized "copyright" censorship of some bit strings, patents and monstrosities like CFAA, so I support Aaron's political objective of his hactivism target there (and on the previous one) but Aaron did screw up a bit also. Maybe he got the wrong message from dodging a justice system bullet on the previous succesful hactivism with the legally liberated tax payer owned legal dox. Adam From adam at cypherspace.org Tue Jan 7 13:20:08 2014 From: adam at cypherspace.org (Adam Back) Date: Tue, 7 Jan 2014 22:20:08 +0100 Subject: hacker != cracker (Re: Swartz, Weev & radical libertarian lexicon) In-Reply-To: <52CC5DEC.7040806@echeque.com> References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5DEC.7040806@echeque.com> Message-ID: <20140107212008.GA29441@netbook.cypherspace.org> On Wed, Jan 08, 2014 at 06:05:00AM +1000, James A. Donald wrote: >the original meaning [of hacking] was simply bad stuff done by computer - Not that its relevant to the Aaron discussion, but I think you got that etymology sequence wrong, the original meaning of hacker was more like doing clever but non-malicious things with computers, aka squeezing interesting things out of them that they were not intended or expected to do. And/or relatedly people were less uptight about computer access as most of them were in open collaborative university settings so using computers was less of a locked up possessive mind set. Those were the days before CFAA and Weev getting his door kicked in by a swat team for stumbling upon a broken network API. Hacker in the sense of cracker was a later and much hated co-option and perversion of the term. I expect that's what Rysiek was reacting to partly. Seems like the original hackers lost that etymology battle however long ago. Adam From juan.g71 at gmail.com Tue Jan 7 17:32:52 2014 From: juan.g71 at gmail.com (Juan Garofalo) Date: Tue, 07 Jan 2014 22:32:52 -0300 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <52CC5B79.1060801@echeque.com> References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5B79.1060801@echeque.com> Message-ID: <50CA74F4E6FD2613A83583BE@F74D39FA044AA309EAEA14B9> --On Wednesday, January 08, 2014 5:54 AM +1000 "James A. Donald" wrote: > On 2014-01-08 05:09, Cari Machet wrote: >> plus they were all scuuurrred he was going to leak the docs > > No one gave a damn about Aaron Swartz leaking the docs. That was not > what he was charged with, and not what pissed off the sysadmins. What > pissed off the sysadmins was physical intrusion, and him bringing the > network to its knees. That is bullshit. > > You are displaying the same attitude that he did, that it is just fine > for members of the ruling class to walk all over mere menials. Apparently it can indeed be argued that he wanted to become part of the ruling class. Cathal Garvey said as much, if I read him correctly. If you want to attack Swartz you can do it without laughably trying to defend the 'physical property' of the mit mafia. Your defense being doubly weird since you're supposedly a libertarian? Then again, the vast majority of self-described libertarians I now are actually conservatives... From rysiek at hackerspace.pl Tue Jan 7 13:53:27 2014 From: rysiek at hackerspace.pl (rysiek) Date: Tue, 07 Jan 2014 22:53:27 +0100 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <52CC5B79.1060801@echeque.com> References: <52CAA24E.5060809@cathalgarvey.me> <52CC5B79.1060801@echeque.com> Message-ID: <4617729.glPem0nkgg@lap> Dnia środa, 8 stycznia 2014 05:54:33 James A. Donald pisze: > On 2014-01-08 05:09, Cari Machet wrote: > > plus they were all scuuurrred he was going to leak the docs > > No one gave a damn about Aaron Swartz leaking the docs. That was not > what he was charged with, and not what pissed off the sysadmins. What > pissed off the sysadmins was physical intrusion, and him bringing the > network to its knees. Wait, what? Where the hell did you get *that* bullshit. MIT network was just fine, the pissed people were at JSTOR, and they were pissed not because "the network was brought down to its knees", but because somebody was getting a lot of articles "without paying". MIT *never even made clear* whether or not Aaron was *authorized* to access MIT network: http://ur1.ca/gd3z7 And as *every* user of MIT network had access to JSTOR, it's also hard to claim that Aaron accessed JSTOR in an "unauthorized" manner. The only problem was the amount of articles Aaron was downloading, and the manner he was doing that (a laptop in a closet). Whether or not he was authorized to access them is unclear, however there is strong evidence suggesting he was indeed authorized to access MIT network, and hence, through it, JSTOR. So please, get your facts straight. > You are displaying the same attitude that he did, that it is just fine > for members of the ruling class to walk all over mere menials. Oh, oh, right, so as long as somebody disagrees with you, they are "displaying the attitude of the ruling class". Wow, you actually took the effort to move a bit from "YOU'RE STUPID!!1!" ad hominem, but just this tiny bit. Hence, no extra credit. :) -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Tue Jan 7 13:57:16 2014 From: rysiek at hackerspace.pl (rysiek) Date: Tue, 07 Jan 2014 22:57:16 +0100 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <52CC5927.90900@echeque.com> References: <52CAA24E.5060809@cathalgarvey.me> <52CC5927.90900@echeque.com> Message-ID: <2207645.mP3PpVf0jM@lap> Dnia środa, 8 stycznia 2014 05:44:39 James A. Donald pisze: > On 2014-01-08 04:29, Cari Machet wrote: > > he was > > very careful in other work of this kind why would he b so sloppy this > > time > > Arrogance. > > Just look at his face. JUST LOOOK AT HIIIS FAAAAACE!! JUST LOOOOK AT IIIIIIT! Now there's a line of argumentation that is bound to be convincing! > Also, fan of David Foster Wallace. No one reads David Foster Wallace > except for ruling class cred, or to understand the madness of the ruling > class - usually, for ruling class cred. Is this how I get my ruling class cred? This seems simple enough. Where can I obtain works by this David Foster Wallace you refer to? :) -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Tue Jan 7 14:02:50 2014 From: rysiek at hackerspace.pl (rysiek) Date: Tue, 07 Jan 2014 23:02:50 +0100 Subject: hacker != cracker (Re: Swartz, Weev & radical libertarian lexicon) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <20140107212008.GA29441@netbook.cypherspace.org> Message-ID: <2042515.gUqMP313Ud@lap> Dnia wtorek, 7 stycznia 2014 16:30:35 demonfighter6 . pisze: > On Tue, Jan 7, 2014 at 4:20 PM, Adam Back wrote: > > Seems like the original hackers lost that etymology battle however long > > ago. > > Yes, annoying though that may be to those of us who were called hackers > before that became a bad thing. But we're outnumbered thousands-to-one, and > we're just not going to win that language war. Interestingly, in Poland we seem to be having some successes at getting our positive "hacker" term back. There had been several mainstream media bits (radio, papers) using the term correctly or even explaining the correct (i.e. positive) meaning. And I believe we need to fight for that term, as if we don't, we'll lose every otehr term just like that. Consider "hacktivism" -- a new term and already "stolen"/smeared. We need our language and we should fight for it. > ... Unless the technically adept were to bring the systems crashing down > and let the technically inept freeze and starve to death. > > ... But that would be a Naughty Thing, and not something I'd ever condone. > And just ignore the sig I've been using for over a decade. Mheh. Keep calm and neca eos omnes? ;) -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From albill at openbuddha.com Tue Jan 7 23:13:11 2014 From: albill at openbuddha.com (Al Billings) Date: Tue, 7 Jan 2014 23:13:11 -0800 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <2468912273B405E314C5CF49@F74D39FA044AA309EAEA14B9> References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5B79.1060801@echeque.com> <50CA74F4E6FD2613A83583BE@F74D39FA044AA309EAEA14B9> <52CCECB8.3080405@echeque.com> <2468912273B405E314C5CF49@F74D39FA044AA309EAEA14B9> Message-ID: What exactly is it that you believe in, Juan? From: Juan Garofalo Juan Garofalo fucking americunt fascist -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1763 bytes Desc: not available URL: From adam at cypherspace.org Tue Jan 7 14:15:52 2014 From: adam at cypherspace.org (Adam Back) Date: Tue, 7 Jan 2014 23:15:52 +0100 Subject: hacker != cracker (Re: Swartz, Weev & radical libertarian lexicon) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5DEC.7040806@echeque.com> <20140107212008.GA29441@netbook.cypherspace.org> Message-ID: <20140107221552.GA30141@netbook.cypherspace.org> On Tue, Jan 07, 2014 at 01:48:59PM -0800, coderman wrote: >> Yes, annoying though that may be to those of us who were called hackers >> before that became a bad thing. But we're outnumbered thousands-to-one, and >> we're just not going to win that language war. > >use the term "independent security researcher", > your legal counsel will thank you! A cryptographically secure pseudonym would probably work even better. Weev didnt actually do anything wrong that I could see, by any sane interpretation of even something as egregious as CFAA and he's serving 41 months. A lawyer is a last resort, step #1 is not identifying yourself even for non-malicous research I suspect. Probably the biggest risk is the incompatibility of real-space bragging rights to the discovery for people who like to speak at conferences. Adam From rysiek at hackerspace.pl Tue Jan 7 14:20:55 2014 From: rysiek at hackerspace.pl (rysiek) Date: Tue, 07 Jan 2014 23:20:55 +0100 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <1389132605.92166.YahooMailNeo@web141206.mail.bf1.yahoo.com> References: <52CAA24E.5060809@cathalgarvey.me> <1389131741.48433.YahooMailNeo@web141206.mail.bf1.yahoo.com> <1389132605.92166.YahooMailNeo@web141206.mail.bf1.yahoo.com> Message-ID: <1439213.EFUEa7ORd9@lap> Dnia wtorek, 7 stycznia 2014 14:10:05 Jim Bell pisze: > When I arrived at MIT in 1976, I learned that the term "hacker" meant ONLY > the second definition above. (I believe the term originated at the TMRC > (Tech Model Railroad Club in the 1950's; that fact is probably in > Wikipedia) There was no hint of illegality, nor was the term in any way > limited to computer activities. I would have been called a "chemistry > hacker" or an "electronics hacker" at that point. Thanks for that first-hand experience information. > I (and many, many other people, no doubt) were peeved that the first > definition above came into vogue. The term "cracker" constituted an attempt > to limit the misuse of "hacker". ...just as "hacktivist" was a later attempt at devising a "clean" term for hacking, that would not have the negative connotations. As we already know, both attempts failed, unfortunately. Hence my opinion that we should try to reclaim the term "hacker" (and "hacking", etc.) and get it to mean what it originally meant. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From jamesdbell8 at yahoo.com Tue Jan 7 23:25:30 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Tue, 7 Jan 2014 23:25:30 -0800 (PST) Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <52CCECB8.3080405@echeque.com> References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5B79.1060801@echeque.com> <50CA74F4E6FD2613A83583BE@F74D39FA044AA309EAEA14B9> <52CCECB8.3080405@echeque.com> Message-ID: <1389165930.65824.YahooMailNeo@web141202.mail.bf1.yahoo.com> From: James A. Donald To: cypherpunks at cpunks.org Sent: Tuesday, January 7, 2014 10:14 PM Subject: Re: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) "James A. Donald" > > No one gave a damn about Aaron Swartz leaking the docs.  That was not > > what he was charged with, and not what pissed off the sysadmins.  What > > pissed off the sysadmins was physical intrusion, and him bringing the > > network to its knees. On 2014-01-08 11:32, Juan Garofalo wrote: >>     That is bullshit. >That is the charges against Aaron Swartz. >http://docs.jstor.org/summary.html > If you want to attack Swartz you can do it without laughably trying to > defend the 'physical property' of the mit mafia. Your defense being doubly > weird since you're supposedly a libertarian? >Libertarians are propertarians. >Property rights are the boundaries between one man's plan and another >man's plan.  If the ruling elite casually violate property rights, then, >as with Obamacare, the result is chaos, which must be resolved by one >plan imposed on all to restore order in order to avoid collapse. Terror >follows in due course.  Should the terror ease, collapse follows. >This has been explained by Mises and Hayek, and colorfully dramatized by >Ayn Rand.     It is interesting that Ayn Rand, in Atlas Shrugged, made a plot line out of "Rearden Metal", a mostly-copper alloy said to have been developed by Henry Reardon over a period of 10 years.  I was never a Randian ("Randroid"), realizing I was a libertarian before even having heard of Rand.  Occasionally I have met libertarians who don't like the idea of "intellectual property".  It is quite true that the large majority (80%?) of US patents should be labelled as 'patent noise': patents unworthy of being granted, mostly because they are obvious to persons skilled in the area of the invention.  But I think most people, including many libertarians, are of the opinion that  _worthy_ inventors should be rewarded somehow.  The current US plan (harmonized with European laws in early 1990's) of granting a 20-year monopoly seems okay by me.     Full disclosure:  I am an inventor, having invented the "semiconductor disk" in the summer of 1980 (Google "SemiDisk")    see the "non-patent references" in  http://www.google.com/patents/US5602987, (Google "Semidisk disk emulator")  and an infrared flashing device to turn red traffic lights to green traffic lights in 1990 (popularized by other manufacturers in the early 2000's), and most recently an isotope-modified optical fiber. See  http://www.freepatentsonline.com/WO2013101261A1.html      I never attempted or intended to obtain a patent on the SemiDisk (I didn't think it was worthy of a patent:  It was 'obvious' to a person of ordinary skill in the area of computer-based electronics), nor my traffic-light changer.  In fact, in 1984 the Oregon Legislature made it illegal to possess or use a traffic light changer, and by early 2000's the Federal government made sales or use of such a device illegal.  See 18 U.S.C. 39.  http://www.law.cornell.edu/uscode/text/18/39       Of course, my 'Assassination Politics' essay may ultimately be considered my most important 'invention', although I did not fully describe how it would be implemented.  (I knew in 1995 that the invention of some form of digital cash would be necessary, and Bitcoin partly fills that bill, especially anonymized with Zerocoin;  and the TOR network has made a major advance in implementing that idea. http://www.forbes.com/sites/andygreenberg/2013/11/18/meet-the-assassination-market-creator-whos-crowdfunding-murder-with-bitcoins/    )      And, while I was unaware of Tim May's 'anonymous assassination contracts' ('abhorrent markets') at the time I wrote the first part of the AP essay, I must give him credit for thinking of that concept.  (In 1995, my only knowledge of 'Tim May' was that he had been a famous Intel employee in Santa Clara California, at the time I was a highly NON-famous Intel employee in Aloha Oregon.  (Summer of 1980 to the first week of 1982).         Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 7439 bytes Desc: not available URL: From rysiek at hackerspace.pl Tue Jan 7 14:29:58 2014 From: rysiek at hackerspace.pl (rysiek) Date: Tue, 07 Jan 2014 23:29:58 +0100 Subject: hacker != cracker (Re: Swartz, Weev & radical libertarian lexicon) In-Reply-To: <20140107221552.GA30141@netbook.cypherspace.org> References: <52CAA24E.5060809@cathalgarvey.me> <20140107221552.GA30141@netbook.cypherspace.org> Message-ID: <4963866.WpBD6rzBPb@lap> Hi there, /me has his monthly "let's reclaim the word 'hacker'" drive Dnia wtorek, 7 stycznia 2014 23:15:52 Adam Back pisze: > On Tue, Jan 07, 2014 at 01:48:59PM -0800, coderman wrote: > >> Yes, annoying though that may be to those of us who were called hackers > >> before that became a bad thing. But we're outnumbered thousands-to-one, > >> and > >> we're just not going to win that language war. > > > >use the term "independent security researcher", > > > > your legal counsel will thank you! > > A cryptographically secure pseudonym would probably work even better. Weev > didnt actually do anything wrong that I could see, by any sane > interpretation of even something as egregious as CFAA and he's serving 41 > months. A lawyer is a last resort, step #1 is not identifying yourself even > for non-malicous research I suspect. I draw different conclusion here -- people do not understand hackers (in the original, non-pejorative meaning of the term), and hence are afraid of anything "hacker-y". Weev went to jail not because he did something illegal, but because the jury was convinced he's an "evil hacker", and that they need to "send a signal". If we keep moving back, at some point we'll have nowhere to go. So instead, we should get people to understand and not be afraid. Show the value to the society (and there is a lot of value in hacking!), and always make clear distinction between hacking (which both Aaron and Weev had done quite a bit of, and I am not referring to their court cases and alleged transgressions) and committing crimes by means of a computer network or electronic device. As an added bonus, once we get to a point where everybody understands that crime is a crime, regardless of tools used in connection with it, we might finally get some *sane* laws around that topic -- instead of laws that make one get a smaller sentence if they steal stuff with a crowbar instead of downloading it via Teh Tubes. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From albill at openbuddha.com Tue Jan 7 23:32:06 2014 From: albill at openbuddha.com (Al Billings) Date: Tue, 7 Jan 2014 23:32:06 -0800 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <5E549DD0DAAFDCB954C81C1B@F74D39FA044AA309EAEA14B9> References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5B79.1060801@echeque.com> <50CA74F4E6FD2613A83583BE@F74D39FA044AA309EAEA14B9> <52CCECB8.3080405@echeque.com> <2468912273B405E314C5CF49@F74D39FA044AA309EAEA14B9> <5E549DD0DAAFDCB954C81C1B@F74D39FA044AA309EAEA14B9> Message-ID: So you’re a nihilist? Why not shoot yourself now then if life has no point? From: Juan Garofalo Juan Garofalo If you recall, I asked you what I should believe in, but you never  replied. So, I don't believe in anything. =[  -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2712 bytes Desc: not available URL: From jamesdbell8 at yahoo.com Tue Jan 7 23:35:23 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Tue, 7 Jan 2014 23:35:23 -0800 (PST) Subject: hacker != cracker (Re: Swartz, Weev & radical libertarian lexicon) In-Reply-To: <52CCF9EC.6050404@echeque.com> References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5DEC.7040806@echeque.com> <20140107212008.GA29441@netbook.cypherspace.org> <52CCF9EC.6050404@echeque.com> Message-ID: <1389166523.96619.YahooMailNeo@web141201.mail.bf1.yahoo.com> From: James A. Donald To: Adam Back Cc: cypherpunks at cpunks.org Sent: Tuesday, January 7, 2014 11:10 PM Subject: Re: hacker != cracker (Re: Swartz, Weev & radical libertarian lexicon) On 2014-01-08 07:20, Adam Back wrote: >> Hacker in the sense of cracker was a later and much hated co-option and >> perversion of the term.  I expect that's what Rysiek was reacting to >> partly. >The term hacker first appears 1975 - 1985, shortly after the start of >the information epoch, the age of information starting by convention >1972 January first. >The term was originally an epithet, but not for criminal behavior: >http://books.google.com/books?id=vpGNJfMmFswC&pg=PA32 >At that time, 1980, a hacker was someone who programs for entertainment >- badly. See    http://tmrc.mit.edu/hackers-ref.html      Tech Model Railroad Club           Jim Bell ================quote follows=================== We at TMRC use the term "hacker" only in its original meaning, someone who applies ingenuity to create a clever result, called a "hack". The essence of a "hack" is that it is done quickly, and is usually inelegant. It accomplishes the desired goal without changing the design of the system it is embedded in. Despite often being at odds with the design of the larger system, a hack is generally quite clever and effective. This original benevolent meaning stands in stark contrast to the later and more commonly used meaning of a "hacker", typically as a person who breaks into computer networks in order to steal or vandalize. Here at TMRC, where the words "hack" and "hacker" originated and have been used proudly since the late 1950s, we resent the misapplication of the word to mean the committing of illegal acts. People who do those things are better described by expressions such as "thieves", "password crackers". or "computer vandals". They are certainly not true hackers, as they do not understand the hacker ethic. Also see the definition of "hacker" in the on-line version of the New Hacker's Dictionary. Reference info related to TMRC This section lists books and other major publications that reference TMRC. The Tech Model Railroad Club is featured as the first chapter of Hackers, by Steven Levy (New York: Anchor Press/Doubleday, 1984). It is credited as one (possibly the primary) source of the Hacker Culture the book describes. Several entries in The New Hacker's Dictionary, (Second Edition, edited by Eric S. Raymond (MIT Press, 1993); ISBN 0-262-68079-3) are derived from Abridged Dictionary of the TMRC Language. There is also an online version of the book's content. The cover article in Railroad Model Craftsman, July 1986 was a preview of the club for the 1986 NMRA convention held in Boston. A converted copy of the text we submitted is available online. ________________________________ Tech Model Railroad Club of MIT Room N52-118 265 Massachusetts Avenue Cambridge, MA 02139 +1 617 253-3269 x3-3269 (on campus) Email: tmrc-web at mit.edu Generated Wed 08 Jan 2014 02:28:19 AM EST in 0.0 secs -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5745 bytes Desc: not available URL: From jens at kubieziel.de Tue Jan 7 14:56:23 2014 From: jens at kubieziel.de (Jens Kubieziel) Date: Tue, 7 Jan 2014 23:56:23 +0100 Subject: Stealing J. Edgar Hoover's secrets. In-Reply-To: <1389134559.77286.YahooMailNeo@web141206.mail.bf1.yahoo.com> References: <1389134559.77286.YahooMailNeo@web141206.mail.bf1.yahoo.com> Message-ID: <20140107225623.GQ3643@kubieziel.de> * Jim Bell schrieb am 2014-01-07 um 23:42 Uhr: > Just saw this on Yahoo.    Seems appropriate to mention this, given Snowden, Manning, etc. > http://screen.yahoo.com/new-york-times/stealing-j-edgar-hoover-secrets-130936313.html NYTimes also covered it today: http://www.nytimes.com/2014/01/07/us/burglars-who-took-on-fbi-abandon-shadows.html -- Jens Kubieziel http://www.kubieziel.de BTW: Norton Insecurity würde ich auf den Mond schießen, aber dann würde der vielleicht auch noch abstürzen. (dcsf) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From jamesd at echeque.com Tue Jan 7 09:29:16 2014 From: jamesd at echeque.com (James A. Donald) Date: Wed, 08 Jan 2014 03:29:16 +1000 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <20140107115038.GA25434@netbook.cypherspace.org> References: <52CAA24E.5060809@cathalgarvey.me> <52CAA2A0.9070507@cathalgarvey.me> <52CAD18B.9080800@echeque.com> <52CADAB3.2040507@cathalgarvey.me> <52CB22EF.8020304@echeque.com> <20140107115038.GA25434@netbook.cypherspace.org> Message-ID: <52CC396C.2010102@echeque.com> On 2014-01-07 21:50, Adam Back wrote: > the hacking was pretty escalated, engaged in multiple escalating > counter-measures when it was obvious the sysadmins were on to him as an > intruder, he didnt back off but took it to the next level including > physical > intrusion & hiding equipment. If an ordinary person engages in physical intrusion to hack someone else's network, he is going to get in trouble. Why is anyone shocked that Swartz got in trouble? Why was Swartz shocked that he got in trouble? This was not civil disobedience, it was the arrogance of ruling class mentality. Swartz did not expect that his actions would have the consequences that they would have for an ordinary person. Snowden, on the other hand, did. As I am fond of remarking, Bill Ayers can bomb the Pentagon, but you cannot. Swartz thought he was Bill Ayers. From juan.g71 at gmail.com Tue Jan 7 23:07:11 2014 From: juan.g71 at gmail.com (Juan Garofalo) Date: Wed, 08 Jan 2014 04:07:11 -0300 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <52CCECB8.3080405@echeque.com> References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5B79.1060801@echeque.com> <50CA74F4E6FD2613A83583BE@F74D39FA044AA309EAEA14B9> <52CCECB8.3080405@echeque.com> Message-ID: <2468912273B405E314C5CF49@F74D39FA044AA309EAEA14B9> --On Wednesday, January 08, 2014 4:14 PM +1000 "James A. Donald" wrote: > "James A. Donald" >> > No one gave a damn about Aaron Swartz leaking the docs. That was not >> > what he was charged with, and not what pissed off the sysadmins. What >> > pissed off the sysadmins was physical intrusion, and him bringing the >> > network to its knees. > > On 2014-01-08 11:32, Juan Garofalo wrote: >> That is bullshit. > > That is the charges against Aaron Swartz. > http://docs.jstor.org/summary.html That's a link to jstor. Irrelevant. > >> If you want to attack Swartz you can do it without laughably trying to >> defend the 'physical property' of the mit mafia. Your defense being >> doubly weird since you're supposedly a libertarian? > > Libertarians are propertarians. Only when 'private property' is subordinated to FREEDOM. > > Property rights are the boundaries between one man's plan and another > man's plan. If the ruling elite casually violate property rights, then, > as with Obamacare, the result is chaos, You're just a right winger, not a libertarian. Right wingers are always babbling about how bad democrats are while commiting the same crimes. > which must be resolved by one > plan imposed on all to restore order in order to avoid collapse. Terror > follows in due course. Should the terror ease, collapse follows. > > This has been explained by Mises and Hayek, fucking conservative statists - and lapdogs of anglo-american fascism. > and colorfully dramatized by > Ayn Rand. fucking americunt fascist. > > > From juan.g71 at gmail.com Tue Jan 7 23:21:14 2014 From: juan.g71 at gmail.com (Juan Garofalo) Date: Wed, 08 Jan 2014 04:21:14 -0300 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <2468912273B405E314C5CF49@F74D39FA044AA309EAEA14B9> References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5B79.1060801@echeque.com> <50CA74F4E6FD2613A83583BE@F74D39FA044AA309EAEA14B9> <52CCECB8.3080405@echeque.com> <2468912273B405E314C5CF49@F74D39FA044AA309EAEA14B9> Message-ID: <35D084B352F799978B2BECC4@F74D39FA044AA309EAEA14B9> >> That is the charges against Aaron Swartz. >> http://docs.jstor.org/summary.html > > > That's a link to jstor. Irrelevant. oops, sorry, I missed the title and the first paragraphs looked like institutional bullshit (well it was institutional bullshit) - I didn't see the part about 'evidence' From juan.g71 at gmail.com Tue Jan 7 23:23:09 2014 From: juan.g71 at gmail.com (Juan Garofalo) Date: Wed, 08 Jan 2014 04:23:09 -0300 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5B79.1060801@echeque.com> <50CA74F4E6FD2613A83583BE@F74D39FA044AA309EAEA14B9> <52CCECB8.3080405@echeque.com> <2468912273B405E314C5CF49@F74D39FA044AA309EAEA14B9> Message-ID: <5E549DD0DAAFDCB954C81C1B@F74D39FA044AA309EAEA14B9> --On Tuesday, January 07, 2014 11:13 PM -0800 Al Billings wrote: > What exactly is it that you believe in, Juan? Well Al, If you recall, I asked you what I should believe in, but you never replied. So, I don't believe in anything. =[ > > From: Juan Garofalo Juan Garofalo > > fucking americunt fascist > > > From juan.g71 at gmail.com Tue Jan 7 23:35:32 2014 From: juan.g71 at gmail.com (Juan Garofalo) Date: Wed, 08 Jan 2014 04:35:32 -0300 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) Message-ID: <7F68B02DFEB581436A666788@F74D39FA044AA309EAEA14B9> >> That is the charges against Aaron Swartz. >> http://docs.jstor.org/summary.html > > > That's a link to jstor. Irrelevant. Well thanks James. Of course you didn't read your own source. "Meanwhile, on October 14, we asked MIT if they could identify the person responsible because we wanted to understand the downloader's motivation, to ensure the articles already downloaded would not be distributed," >ensure the articles already downloaded would not be distributed, >ensure the articles already downloaded would not be distributed, >ensure the articles already downloaded would not be distributed, See? That's called 'intelectual property'. From juan.g71 at gmail.com Tue Jan 7 23:38:42 2014 From: juan.g71 at gmail.com (Juan Garofalo) Date: Wed, 08 Jan 2014 04:38:42 -0300 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5B79.1060801@echeque.com> <50CA74F4E6FD2613A83583BE@F74D39FA044AA309EAEA14B9> <52CCECB8.3080405@echeque.com> <2468912273B405E314C5CF49@F74D39FA044AA309EAEA14B9> <5E549DD0DAAFDCB954C81C1B@F74D39FA044AA309EAEA14B9> Message-ID: <7B7505FF70830BD36ACB8155@F74D39FA044AA309EAEA14B9> --On Tuesday, January 07, 2014 11:32 PM -0800 Al Billings wrote: > So you're a nihilist? Why not shoot yourself now then if life has no > point? That's an interesting question Al. How do you feel about chocolate cake? > > From: Juan Garofalo Juan Garofalo > > If you recall, I asked you what I should believe in, but you never  > replied. So, I don't believe in anything. =[  > > > From juan.g71 at gmail.com Tue Jan 7 23:44:44 2014 From: juan.g71 at gmail.com (Juan Garofalo) Date: Wed, 08 Jan 2014 04:44:44 -0300 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <7F68B02DFEB581436A666788@F74D39FA044AA309EAEA14B9> References: <7F68B02DFEB581436A666788@F74D39FA044AA309EAEA14B9> Message-ID: <35D5C9B80E726F952D848CCB@F74D39FA044AA309EAEA14B9> --On Wednesday, January 08, 2014 4:35 AM -0300 Juan Garofalo wrote: > >>> That is the charges against Aaron Swartz. >>> http://docs.jstor.org/summary.html >> >> >> That's a link to jstor. Irrelevant. > > And thank you again James. "Our monitoring systems did not alert us to accelerated downloading at MIT in November and most of December. By mid-December we had completed work on the redirect and, pending testing by JSTOR and by MIT, planned to implement the change in early January 2011. Later, we discovered that significant downloading had, in fact, continued during this time using a method that we did not detect. " So, the disruption was oh so bad...that they couldn't even detect it. From jamesd at echeque.com Tue Jan 7 11:44:39 2014 From: jamesd at echeque.com (James A. Donald) Date: Wed, 08 Jan 2014 05:44:39 +1000 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <20140107115038.GA25434@netbook.cypherspace.org> <52CC396C.2010102@echeque.com> <5109718.kinuNhY7M1@lap> Message-ID: <52CC5927.90900@echeque.com> On 2014-01-08 04:29, Cari Machet wrote: > he was > very careful in other work of this kind why would he b so sloppy this > time Arrogance. Just look at his face. Also, fan of David Foster Wallace. No one reads David Foster Wallace except for ruling class cred, or to understand the madness of the ruling class - usually, for ruling class cred. From jamesd at echeque.com Tue Jan 7 11:50:13 2014 From: jamesd at echeque.com (James A. Donald) Date: Wed, 08 Jan 2014 05:50:13 +1000 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> Message-ID: <52CC5A75.9050508@echeque.com> On 2014-01-08 05:09, Cari Machet wrote: > hmmn i see it as a hack and his other work was similar > > he was breaking the user agreement as worded by lawyer types > isnt that a hack? Everyone breaks the user agreement, because no one reads it. Not everyone physically brings equipment inside someone else's network. From jamesd at echeque.com Tue Jan 7 11:54:33 2014 From: jamesd at echeque.com (James A. Donald) Date: Wed, 08 Jan 2014 05:54:33 +1000 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> Message-ID: <52CC5B79.1060801@echeque.com> On 2014-01-08 05:09, Cari Machet wrote: > plus they were all scuuurrred he was going to leak the docs No one gave a damn about Aaron Swartz leaking the docs. That was not what he was charged with, and not what pissed off the sysadmins. What pissed off the sysadmins was physical intrusion, and him bringing the network to its knees. You are displaying the same attitude that he did, that it is just fine for members of the ruling class to walk all over mere menials. From jamesd at echeque.com Tue Jan 7 12:05:00 2014 From: jamesd at echeque.com (James A. Donald) Date: Wed, 08 Jan 2014 06:05:00 +1000 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <3840023.vxZcX9Ecem@lap> References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> Message-ID: <52CC5DEC.7040806@echeque.com> On 2014-01-08 04:51, rysiek wrote: > Neither does it fit 1. -- he did not break any kind of security systems, > cracked passwords, etc., he just put a laptop on a network that had access to > these documents and downloaded the documents. That's all. You are perhaps saying it frequently requires no skill, other than fraud or burglary, to muck up someone else's network. Indeed it does not. Nonetheless, mucking up someone else's network by such simple means is hacking in the first meaning of the word, hacking as an aggressive or criminal act. Because hacking from a distance requires skill, particularly if a network has some halfway competent defenses, the word "hack" has also come to mean some impressively clever stuff done with computers, but the original meaning was simply bad stuff done by computer - and, in the early days of the internet, it was possible to do bad stuff by computer with very little skill. And even today, it is possible to do bad stuff by computer with very little skill if one physically accesses a network that is not intended or expected to be accessed by outsiders. From hettinga at gmail.com Wed Jan 8 02:17:24 2014 From: hettinga at gmail.com (Robert Hettinga) Date: Wed, 8 Jan 2014 06:17:24 -0400 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <50CA74F4E6FD2613A83583BE@F74D39FA044AA309EAEA14B9> References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5B79.1060801@echeque.com> <50CA74F4E6FD2613A83583BE@F74D39FA044AA309EAEA14B9> Message-ID: <57D5F51F-6356-4D7C-BF03-6DB6E941AAAE@gmail.com> On Jan 7, 2014, at 9:32 PM, Juan Garofalo wrote: > the vast majority of self-described libertarians I now are > actually conservatives Horrors. Mass hysteria. Cats and dogs living together… Cheers, RAH -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 496 bytes Desc: Message signed with OpenPGP using GPGMail URL: From hettinga at gmail.com Wed Jan 8 02:19:20 2014 From: hettinga at gmail.com (Robert Hettinga) Date: Wed, 8 Jan 2014 06:19:20 -0400 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <2468912273B405E314C5CF49@F74D39FA044AA309EAEA14B9> References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5B79.1060801@echeque.com> <50CA74F4E6FD2613A83583BE@F74D39FA044AA309EAEA14B9> <52CCECB8.3080405@echeque.com> <2468912273B405E314C5CF49@F74D39FA044AA309EAEA14B9> Message-ID: <287F2AB4-C093-4708-9C2F-8E6B5501E4EA@gmail.com> On Jan 8, 2014, at 3:07 AM, Juan Garofalo wrote: > fascism Communist loan-word. ;-) Cheers, RAH -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 496 bytes Desc: Message signed with OpenPGP using GPGMail URL: From hettinga at gmail.com Wed Jan 8 02:23:13 2014 From: hettinga at gmail.com (Robert Hettinga) Date: Wed, 8 Jan 2014 06:23:13 -0400 Subject: hacker != cracker (Re: Swartz, Weev & radical libertarian lexicon) In-Reply-To: <52CCF9EC.6050404@echeque.com> References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5DEC.7040806@echeque.com> <20140107212008.GA29441@netbook.cypherspace.org> <52CCF9EC.6050404@echeque.com> Message-ID: On Jan 8, 2014, at 3:10 AM, James A. Donald wrote: > The term hacker first appears 1975 - 1985 I think Levy might beg to differ: http://www.amazon.com/Hackers-Computer-Revolution-Anniversary-Edition/dp/1449388396 Something about hacking the wires under the train layout at the MIT model railroad club in the 1950’s. They started to use electronic switching to move the trains around. Then they started picking locks to get at the phone junction boxes… Heh. Foo comes from about that time, too. Cheers, RHA -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 496 bytes Desc: Message signed with OpenPGP using GPGMail URL: From jamesd at echeque.com Tue Jan 7 12:33:33 2014 From: jamesd at echeque.com (James A. Donald) Date: Wed, 08 Jan 2014 06:33:33 +1000 Subject: Bitter young men! Re: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <52CAA2A0.9070507@cathalgarvey.me> <52CAD18B.9080800@echeque.com> <52CADAB3.2040507@cathalgarvey.me> <52CB22EF.8020304@echeque.com> <20140107115038.GA25434@netbook.cypherspace.org> <217F0CE4-CD11-4C63-8A45-918B8E3C7DE9@gmail.com> <52CC2357.5030306@cypherpunks.to> Message-ID: <52CC649D.4030506@echeque.com> On 2014-01-08 02:12, Patrick Mylund Nielsen wrote: > Well, my point was that it doesn't matter what you've contributed--it > doesn't give you carte blanche to say whatever you want and somehow not > be deserving of a reaction. When you use argumentum ad hominem instead of argument, indicates you have lost the argument, or are stupid, or both. Similarly "racist". Alinsky's tactics are the instrument of the overclass-underclass alliance, intended to be used by the overclass to manipulate the underclass. I doubt that there are too many underclass on this list. Alinsky's tactics are intended to be used by smart white males to manipulate people that Alinsky regarded as dumb sluts and niggers. They do not impress intelligent people. Intelligent people should be insulted by such tactics, and mostly, they are. From europus at gmail.com Wed Jan 8 03:59:34 2014 From: europus at gmail.com (Ulex Europae) Date: Wed, 08 Jan 2014 06:59:34 -0500 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <2468912273B405E314C5CF49@F74D39FA044AA309EAEA14B9> References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5B79.1060801@echeque.com> <50CA74F4E6FD2613A83583BE@F74D39FA044AA309EAEA14B9> <52CCECB8.3080405@echeque.com> <2468912273B405E314C5CF49@F74D39FA044AA309EAEA14B9> Message-ID: <52cd3daf.858a440a.6a4e.3bbf@mx.google.com> At 02:07 AM 1/8/2014, Juan Garofalo wrote: > fucking americunt fascist. Russian emigre. Yes there is a difference, and yes that is relevant. --ue From europus at gmail.com Wed Jan 8 04:19:15 2014 From: europus at gmail.com (Ulex Europae) Date: Wed, 08 Jan 2014 07:19:15 -0500 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <52CCFEC1.6080300@echeque.com> References: <52CAA24E.5060809@cathalgarvey.me> <20140107115038.GA25434@netbook.cypherspace.org> <52CC396C.2010102@echeque.com> <5109718.kinuNhY7M1@lap> <20140107200248.GA28851@netbook.cypherspace.org> <52CCFEC1.6080300@echeque.com> Message-ID: <52cd4247.43da440a.4093.62d5@mx.google.com> At 02:31 AM 1/8/2014, James A. Donald wrote: >Aaron Swartz entered the closet where the networks were all wired up >together, and wired his laptop to the network... I haven't seen anyone here dispute that he entered the physical premises and physically connected to the network. While you've been at it though, you've attributed motive and imposed a revealing lexicon on a framework that does not readily support it. Thereby casting yourself in a bad light. Some examples: At 07:36 PM 1/5/2014, James A. Donald wrote: >...He thought himself ruling class >and those whose network he disrupted the ruled. At 09:10 PM 1/5/2014, James A. Donald wrote: >...rather than as one of the ruling >class who rules over US subjects... ... At 07:29 PM 1/7/2014, James A. Donald wrote: >He wanted to smack their faces with the fact that he was ruling class >and they were mere minions, that the laws of the ruling class are >for the little people, not for members of the ruling class. That's 3 "Aw Shit"s since the 5th and there are more hidden by the ellipsis, you'd better can it and start earning some more Attaboys. --ue From gwen at cypherpunks.to Wed Jan 8 07:21:50 2014 From: gwen at cypherpunks.to (gwen hastings) Date: Wed, 08 Jan 2014 07:21:50 -0800 Subject: Welcome to Juan Garafalo our newest NET.LOON (to replace Detweiler/Sternlight) In-Reply-To: <57D5F51F-6356-4D7C-BF03-6DB6E941AAAE@gmail.com> References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5B79.1060801@echeque.com> <50CA74F4E6FD2613A83583BE@F74D39FA044AA309EAEA14B9> <57D5F51F-6356-4D7C-BF03-6DB6E941AAAE@gmail.com> Message-ID: <52CD6D0E.7020709@cypherpunks.to> Hey All, Its really exciting.. we finally have a NET.LOON on the scale of Detweiler and Sternlight... Finally this list will start moving again :) Thanx Juan for Showing up.. if you had NOT I would have had to Create/Invent you ... Illogical, disorganized mentally and emotionally .. spouts enough BS to Swamp the ist... YEP its confirmed.. another NET.LOON course this could be DETWEILER in drag... GH -- Tentacle #99 ecc public key curve p160 ;9C~b~)3)cp0d!?C1JIVI=tI( Governments are instituted among men, deriving their just powers from the consent of the governed, that whenever any form of government becomes destructive of these ends, it is the right of the people to alter or abolish it, and to institute new government, laying its foundation on such principles, and organizing its powers in such form, as to them shall seem most likely to effect their safety and happiness.’ From jya at pipeline.com Wed Jan 8 04:55:35 2014 From: jya at pipeline.com (John Young) Date: Wed, 08 Jan 2014 07:55:35 -0500 Subject: Brag About Exploits, Go to Jail In-Reply-To: <52CD0E01.5000108@echeque.com> References: <7F68B02DFEB581436A666788@F74D39FA044AA309EAEA14B9> <35D5C9B80E726F952D848CCB@F74D39FA044AA309EAEA14B9> <52CD0E01.5000108@echeque.com> Message-ID: James Donald wrote: >And if he had, like Snowden, kept a low profile, instead of flicking >a towel in their faces, they never would have detected it. Swartz bragged to a slew of people and was caught. Manning bragged to Lamo and was caught. Kiriakou bragged to a journalist and was caught. Sabu bragged to cohorts and was caught. Barrett Brown bragged to the world and was caught. Several Anonymouses bragged and were caught. And so on, dozens in just the last decade. Jim Bell bragged online and went to jail. So did Carl Johnson. Cops love braggarts, brag themselves to braggarts to keep prisons happylands. How many did not brag and remained uncaught? There are likely thousands of them. Many of those work with or emulate spies who do not brag as rule number 1. Snowden wanted to be identified, so it is alleged, and has been caught as intended. Is this nuts or what, vainglorious stupidity, or a commonplace ruse to get the enemy to expose its capabilities, or to flaunt one's own hybrid of authentic and fake to spook the enemy, to seel products, to boost budgets, to manipulate public opinion. The fundamental purpose of leaks. Keeping a non-existent profile is worth considering, along with a hundred pseudos. And putting a high-profile out there is what the Internet was intended to do, fake, sock, pseudo, anon, sucker. Not to be overlooked: the essence of comsec and crypto is deception. So laugh at the open source ruse on the way to the pokey. From jamesd at echeque.com Tue Jan 7 13:57:23 2014 From: jamesd at echeque.com (James A. Donald) Date: Wed, 08 Jan 2014 07:57:23 +1000 Subject: Bitter young men! Re: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <52CAA2A0.9070507@cathalgarvey.me> <52CAD18B.9080800@echeque.com> <52CADAB3.2040507@cathalgarvey.me> <52CB22EF.8020304@echeque.com> <20140107115038.GA25434@netbook.cypherspace.org> <217F0CE4-CD11-4C63-8A45-918B8E3C7DE9@gmail.com> <52CC2357.5030306@cypherpunks.to> Message-ID: <52CC7843.6070606@echeque.com> I wrote: > Alinsky's tactics are intended to be used by smart white males > to manipulate people that Alinsky regarded as dumb sluts and niggers This claim requires more justification than I gave it. Obviously Alinsky would never use language that demeans women or black people. His language not only implies that women and blacks are equal to white males, but that they are more equal than black males. And yet, somehow, strangely, when he gives concrete and specific examples of the use of his tactics, it is a white male doing the manipulation, and women, blacks, and poor people being manipulated. From gwen at cypherpunks.to Wed Jan 8 08:22:47 2014 From: gwen at cypherpunks.to (gwen hastings) Date: Wed, 08 Jan 2014 08:22:47 -0800 Subject: A short sad history of Lance Detweiler our first NET.LOON Re: Brag About Exploits, Go to Jail In-Reply-To: References: <7F68B02DFEB581436A666788@F74D39FA044AA309EAEA14B9> <35D5C9B80E726F952D848CCB@F74D39FA044AA309EAEA14B9> <52CD0E01.5000108@echeque.com> <52CD5D97.6040106@cathalgarvey.me> Message-ID: <52CD7B57.6000103@cypherpunks.to> Doesnt Surprise me, During the original publication cycle of PGP an effort was made to reach out to mitch kapor and john perry barlow for aid from EFF but Jim Bidsoz was already there with his lies that PGP was stolen/purloined code and thus mitch/perry washed his hands of PGP. FUCK THEM.. FUCK MITCH KAPOR, FUCK JOHN PERRY BARLOW!! and yes this list and so called movement(HAH!) was founded on Media Manipulation/Braggarts/BS if you will) of the highest order, It even got a greater push after we viewed an Inforwar Con V presentation in 1994 called Red Teaming(it was an information attack on the structures of the press(propaganda with a twist)). And given Internet Sockpuppets :) its remarkably easy to be ones one greek Chorus(and press army).. in fact Anonymous vs the rootkit.com founder was over "greek chorus" type of sockpuppet software that the firm was developing , and while javascript turing scripts did pose initial problems for same(sockpuppet software) when facebook and others tried implementing them, call outs to the "mechnical turk" and later to the Selenium plugin nowadays for the amateur efforts quickly solved that technical issue. Anonymous remailers have also been remarkably effective in hoodwinking both the press corp and the public and even members of this list to swallow both the malware nostrums(mcafee and others)(hook) and later PGP/other crypto/security crap (line and sinker). This kind treatment of the truth was drove our first list foil Detweiler stark raving bonkers and sent him raving on the list about tentacles of MEDUSA especially after list participants picked up and started remailer bombing him with a procmail script that someone thoughtfully published to the list that would email him several (n+1)slightly different copies of his own posted mail each time he posted. Detweilers final demise from his position as one of the privileged Sysadmins at the University when he carelessly replied to a type one remailer block that contained his direct supervisors spouse's(wife) email address among others(the chancellors of the university email addresses were included in that block.) thinking that he was instead replying to one of his sockpuppet harassers(I believe it was tentacle #69 who copped to this). Badda bing Badda boom,, all 83 email addresses he had been abusing from the university position where he was employed were gone in 1 hour etc...as was his job and privileged position from where he abused the rest of the list. David Sternlight was made of much stronger stuff :) ... Lance Detweiler was MUCH more careless and thought he was one of the rulers of us.. I LOVE this topic John!! GH ps more on earlier list protagonists/propagandists later...statute of limitations for all of these early list antics is of course LONG expired.. pss if Lance Detweiler had NOT stepped up we would have had to create him as a SOCKPUPPET.. more on the NOT lamented Detweilers ravings: https://www.google.com/search?q=tentacles+of+MEDUSA&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&channel=fflb#channel=fflb&q=tentacles+of+MEDUSA+lance+detweiler&rls=org.mozilla:en-US:official. On 1/8/14 7:29 AM, John Young wrote: > Did you read today (NYT) that one of the founders of EFF, Mitch > Kapor, was a first investor in a leading ubiqutious camera > spying venture to put in the hands of everybody what once was > used only by spies and cops? Everybody is TLA, TLA is everybody. > > Snowden, allegedly, gave docs to a world-class braggart, > Greenwald, and to two or three much less loud-mouthed but in > the professional bragging business, Poitras and Gellman, > documentary tout and national security tout, respectively. > > Thereafter the tout bragging industry kicked into high gear and > quickly overwhelmed whatever Snowden might have intended > by their own fabricated, doctored, hyperbolied super-touted > headlined versions of his intentions, but more so, in their own > economic interest, whipping up a frenzy about their noble > intentions to rake in the loot after years of nearing bankruptcy > (the forlorn solo journo, Greenwald and Poitras profiles too.) > > Greenwald in particular bellows excessively, as a lawyer must, > about his obligation to a pact with Snowden, and lately his much > greater jury-pandering about his pact with Omidyar. His recent > long bloviation on his blog is purely promotional bragging > characteristic of the hustler forever crowing about its prowess, > whining about attacks, disdaining critics with puerile condescension. > > Omidyar and Bezos among others, have been sucked into > the ultra-bragging game, large, inebriated with unquenchable wealth > accumulation, after years of supporting highly vainglorious and > dispensible NGO investments, not a few of which have failed > due to exaggerated brochure-toute expectations which could > not be met but were invented losers to be run into the ground > for the tax benefits of ultra-concentrated wealth. This the exact > model of the Firstlook venture, a combo of high-profit media > industry and simulated "NGO" journalism to exempt the taxable > profits. > > Would that work here. Youbetcha. The very founding of > cypherpunks employed that model and sustains it to solicit > and amass data of crypto-freedom-drunk users for marketing > peculiarly faulty products across the political spectrum from > faux privacy to faux security. Https everywhere, har, Tor, har, > WikiLeaks, har, Cryptome, spit, and what have you now, > Snowden. > > Braggarts always have noble purposes, bragging about > nobility is what sustains the illusion of superiority. And > glosses the nobility of great wealth or depthless desire > for it. > > Significant variations of braggardy, from loud to quiet. > overstatement to understatement. Chump version: > "needs killing." Chimp version: Snowden is a hero, > or traitor. Wimp version: more leaks by others, none > by me. Gimp version: this is nothing new. Limp version: > don't insult people here, don't discuss politics, message > deleted by moderator. Blimp version: this forum is > unmoderated. > > > > At 09:15 AM 1/8/2014, you wrote: >> > Snowden wanted to be identified, so it is alleged, and >> > has been caught as intended. >> >> I think the reasoning with Snowden was not so much to brag as to make >> himself a hard-to-assassinate public figure. In his case, so few people >> could have acquired the documents he did, that it was a matter of >> (little) time before he was noticed to be conveniently absent as the >> shit hit the fan. >> >> If he wasn't in the public eye by that time, he'd have been disappeared >> and/or shot in short order. >> >> > Not to be overlooked: the essence of comsec and >> > crypto is deception. So laugh at the open source ruse >> > on the way to the pokey. >> >> Funny that, I look at closed source as evidence of deception; without >> deception, there is no reason to hide the source. As long as they keys >> are secret, the protocol and code can be open, and should be if anyone's >> to trust that they're A) beneficent and B) competent. >> >> In the comparison of Cryptocat, which has tightened up radically because >> of code audits enabled by Open Sourcing it, to Bittorrent Sync (which >> used to advertise AES256 which was impossible with the keylength being >> shared, now advertises AES128, nobody knows how they implement it but a >> mistake like that screams "badly"), which is still unaudited snakeoil: >> BTSync boast massive bandwidth usage implying a significant user uptake, >> and moreso since the Snowden affair because of their snakeoil offering. >> So the Open Source guy gets all the attention, audits and improvement, >> while the closed source guys get no attention, no audits, and finally >> notice internally that they're offering AES256 when they can't >> physically accomplish it with the keylengths. >> >> I'll take Open, thanks. At least I can see what's wrong if it errs. >> >> On 08/01/14 12:55, John Young wrote: >> > James Donald wrote: >> > >> >> And if he had, like Snowden, kept a low profile, instead of flicking a >> >> towel in their faces, they never would have detected it. >> > >> > Swartz bragged to a slew of people and was caught. >> > Manning bragged to Lamo and was caught. >> > Kiriakou bragged to a journalist and was caught. >> > Sabu bragged to cohorts and was caught. >> > Barrett Brown bragged to the world and was caught. >> > Several Anonymouses bragged and were caught. >> > And so on, dozens in just the last decade. >> > >> > Jim Bell bragged online and went to jail. So did Carl >> > Johnson. Cops love braggarts, brag themselves to >> > braggarts to keep prisons happylands. >> > >> > How many did not brag and remained uncaught? There >> > are likely thousands of them. Many of those work with >> > or emulate spies who do not brag as rule number 1. >> > >> > Snowden wanted to be identified, so it is alleged, and >> > has been caught as intended. >> > >> > Is this nuts or what, vainglorious stupidity, or a commonplace >> > ruse to get the enemy to expose its capabilities, or to flaunt >> > one's own hybrid of authentic and fake to spook the enemy, >> > to seel products, to boost budgets, to manipulate public >> > opinion. The fundamental purpose of leaks. >> > >> > Keeping a non-existent profile is worth considering, along >> > with a hundred pseudos. >> > >> > And putting a high-profile out there is what the Internet >> > was intended to do, fake, sock, pseudo, anon, sucker. >> > >> > Not to be overlooked: the essence of comsec and >> > crypto is deception. So laugh at the open source ruse >> > on the way to the pokey. >> > >> > >> > >> >> > > -- Tentacle #99 ecc public key curve p160 ;9C~b~)3)cp0d!?C1JIVI=tI( Governments are instituted among men, deriving their just powers from the consent of the governed, that whenever any form of government becomes destructive of these ends, it is the right of the people to alter or abolish it, and to institute new government, laying its foundation on such principles, and organizing its powers in such form, as to them shall seem most likely to effect their safety and happiness.’ From gwen at cypherpunks.to Wed Jan 8 08:49:08 2014 From: gwen at cypherpunks.to (gwen hastings) Date: Wed, 08 Jan 2014 08:49:08 -0800 Subject: Earlier Detweiler ravings!! Message-ID: <52CD8184.5010107@cypherpunks.to> >From ld231782 Wed Dec 29 21:33:12 1993 Return-Path: ld231782 Received: from dolores.lance.colostate.edu (dolores.lance.colostate.edu [129.82.112.18]) by longs.lance.colostate.edu (8.6.4/8.6.4) with SMTP id VAA27831; Wed, 29 Dec 1993 21:32:40 -0700 Message-Id: <199312300432.VAA27831 at longs.lance.colostate.edu> to: cypherpunks at toad.com, cypherwonks at lists.eunet.fi, colorado_cypherpunks at vis.colostate.edu subject: Paranoia Strikes Deep... cc: ld231782 Date: Wed, 29 Dec 93 21:32:28 -0700 From: "L. Detweiler" X-Mts: smtp Hello, I have been hearing some rumors about the cypherpunks being `penetrated' by some spies and areas of the Internet (mailing lists, newsgroups, private mail, journal articles, etc.) being targeted with `tentacle' infiltrations. I thought this was kind of fascinating to contemplate how they would behave. It seems to me that loyalty is very hard to judge by mere email messages alone, and that these hypothetical spies might take that to their advantage. Here are some of the things that either cypherpunk loyalists (cyberanarchists) or cy{b,ph}erwonk spies might say to gain credibility and further `intelligence' from insiders: - L.Detweiler is insane, has sent death threats, is behind S.Boxx, is involved in cyberspatial guerrila warfare, is the mastermind of a spy plot, etc. He is the only person in the world who cares about pseudospoofing. (All the complete ad hominem fantasy stuff). - `T.C. May and E.Hughes and J.Gilmore are all outstanding and upstanding net citizens, have never pseudospoofed or done anything wrong, and are the target of an anonymous smear campaign by terrorists.' - `I have been to cypherpunk meetings and parties, and I have met all the people who have been accused of being tentacles, and they are all real. In fact, I saw their drivers licenses.' `Someone accused of being a tentacle actually lives with me.' - There are no conspiracies whatsoever going on inside the cypherpunks, including drug use by `leaders' or pseudospoofing or other illegitimate activities. - Lies are liberating. `We have a right to lie to the media and other people through tentacles.' One can make a game out of infecting respectable media outlets like Wired and NYT with elaborate deceptions. - Pseudospoofing is liberating. `You are only as good as the number of identities you can project on the internet; this is a feature, not a bug.' The Enders Game book (Orson Scott Card?) is an example of the liberating effect of pseudospoofing on freeing people from their arbitrary prejudices about human identity and accountability. - There's no big deal about black marketeering or tax evasion. Everyone does it. It's a survival tactic in a brutal world of corrupt governments and massive corporations out to oppress the little guy. We are entering a New World Order where anarchy will rule and all governments will crumble. - Blacknet is a harmless and visionary cyberspatial experiment done by T.C.May. - `Please take these annoying discussions about secret conspiracies elsewhere.' Of course, if any of these statements are by the spies, they are just trying to build up your trust so that they can betray you later when they have the proper opportunity. Or, sometimes, there is the dictum that `intelligence is more valuable than liquidation' and they may continue to deceive you just for the valuable intelligence indefinately. * * * Then there may be some `tentacles' out there that are being driven by the counterrevolutionaries bent on destroying the Cyberanarchist movement and interested in getting some of their own propaganda out there. These would be indistinguishable from cy{b,ph}erwonk loyalists. - L.Detweiler is brilliant, has made stellar net contributions, has never sent death threats, no evidence exists that he is behind S.Boxx, he has spoken out against cyberspatial guerrila warfare, is the mastermind of a new mailing list but talk of a spy plot is preposterous, etc. He is one of many in the world who cares very seriously about pseudospoofing as all his writing in e.g. RISKS and CUD attests. - `Very little is know about T.C. May and E.Hughes and J.Gilmore as far as their personalities, and in fact J.Gilmore has admitted publicly to drug use, and all vehemently resist making unequivocal public or private statements on pseudospoofing, although they do seem to be the target of an anonymous smear campaign by the anonymous person S.Boxx, but with some disturbing elements of truth.' - `I have never been to cypherpunk meetings and parties, and I am suspicious of the behavior of many of the `people' L.Detweiler has accused of being tentacles, because of the lack of verifiable information and a sort of `cardboard cutout' flavor to their personalities. There seems to be some desperate damage control going on.' - There seem to be some actual conspiracies going on inside the cypherpunks, including drug use by `leaders' or pseudospoofing or other illegitimate activities. - Lies are lies. `No one has a right to lie to the media or other people through tentacles.' Anyone who makes a game out of infecting respectable media outlets like Wired and NYT with elaborate deceptions is malicious, depraved, and perverted. - Pseudospoofing is perverted. Statements like `You are only as good as the number of identities you can project on the internet; this is a feature, not a bug.' are depraved and deluded. The Enders Game book (Orson Scott Card?) is an example of the very dangerous effect of pseudospoofing on manipulating people in their assumptions and presumptions about human identity and accountability, and for mind control and brainwashing. - Black marketeering and tax evasion are evil. Though many promote it, it is toxic to social harmony. Those that promote it are all hypocrites who claim that they have found new societies that are free of it, but have found only societies of poisonous distrust and paranoia. The whole purpose of governments and corporations is to serve people, and if they fail to do so they need to be adjusted but not destroyed. - `Please don't censor these fascinating discussions about secret conspiracies and cyberanarchists.' * * * It's quite a pity that in Cyberspace, to borrow a phrase that is rapidly becoming a cliche, no one knows if you are a spy. Perhaps we can work together to build systems that minimize this kind of rampant paranoia. It's really a shame that someone with a grudge against any mailing list or its leaders could so disrupt its smooth flowing operation with no repercussions. I have some ideas for preventing this, and in fact I encourage anyone else who does to join the Cy{ph,b}erwonks list and discuss these issues associated with Electronic Democracy. ``The first casualty in war is the truth.'' There is a saying in war, `shoot them all and let God sort them out.' Perhaps in these turbulent times, this message represents a `list all the rumors and let the People sort them out.' I hope the truth prevails in Cyberspace as it does in the real world. Our own controversies, such as those above, will serve as an interesting experiment. -- Tentacle #99 ecc public key curve p160 ;9C~b~)3)cp0d!?C1JIVI=tI( Governments are instituted among men, deriving their just powers from the consent of the governed, that whenever any form of government becomes destructive of these ends, it is the right of the people to alter or abolish it, and to institute new government, laying its foundation on such principles, and organizing its powers in such form, as to them shall seem most likely to effect their safety and happiness.’ From gwen at cypherpunks.to Wed Jan 8 09:23:11 2014 From: gwen at cypherpunks.to (gwen hastings) Date: Wed, 08 Jan 2014 09:23:11 -0800 Subject: FUCK GRIFFIN BOYCE And yet ANOTHER NET.LOON Candidate Re: Earlier Detweiler ravings!! In-Reply-To: <59e4767e916d2e98931f386da08cfbd3@cryptolab.net> References: <52CD8184.5010107@cypherpunks.to> <59e4767e916d2e98931f386da08cfbd3@cryptolab.net> Message-ID: <52CD897F.4030200@cypherpunks.to> Fuck You Griffin(happy now?) yes and FUCK you too!!..Who GIVES a FLYING FUCK as to what YOU CARE ABOUT... those who dont remember the past are doomed to forever repeat it.. GH idiot fuckwad kids On 1/8/14 9:02 AM, Griffin Boyce wrote: > The amount of fucks I give about this can be conveniently stored > within a thimble. If the drama is twenty years hence, maybe it's time > to move beyond it? > > ~Griffin > > > On 2014-01-08 11:49, gwen hastings wrote: >> From ld231782 Wed Dec 29 21:33:12 1993 >> Return-Path: ld231782 >> Received: from dolores.lance.colostate.edu (dolores.lance.colostate.edu >> [129.82.112.18]) by longs.lance.colostate.edu (8.6.4/8.6.4) with SMTP id >> VAA27831; Wed, 29 Dec 1993 21:32:40 -0700 >> Message-Id: <199312300432.VAA27831 at longs.lance.colostate.edu> >> to: cypherpunks at toad.com, cypherwonks at lists.eunet.fi, >> colorado_cypherpunks at vis.colostate.edu >> subject: Paranoia Strikes Deep... >> cc: ld231782 >> Date: Wed, 29 Dec 93 21:32:28 -0700 >> From: "L. Detweiler" >> X-Mts: smtp >> >> Hello, I have been hearing some rumors about the cypherpunks >> being `penetrated' by some spies and areas of the Internet >> (mailing lists, newsgroups, private mail, journal articles, etc.) >> being targeted with `tentacle' infiltrations. I thought this was >> kind of fascinating to contemplate how they would behave. It >> seems to me that loyalty is very hard to judge by mere email >> messages alone, and that these hypothetical spies might take that >> to their advantage. Here are some of the things that either >> cypherpunk loyalists (cyberanarchists) or cy{b,ph}erwonk spies >> might say to gain credibility and further `intelligence' from >> insiders: >> >> - L.Detweiler is insane, has sent death threats, is behind >> S.Boxx, is involved in cyberspatial guerrila warfare, is the >> mastermind of a spy plot, etc. He is the only person in the world >> who cares about pseudospoofing. (All the complete ad hominem >> fantasy stuff). >> >> - `T.C. May and E.Hughes and J.Gilmore are all outstanding and >> upstanding net citizens, have never pseudospoofed or done >> anything wrong, and are the target of an anonymous smear campaign >> by terrorists.' >> >> - `I have been to cypherpunk meetings and parties, and I have met >> all the people who have been accused of being tentacles, and they >> are all real. In fact, I saw their drivers licenses.' `Someone >> accused of being a tentacle actually lives with me.' >> >> - There are no conspiracies whatsoever going on inside the >> cypherpunks, including drug use by `leaders' or pseudospoofing or >> other illegitimate activities. >> >> - Lies are liberating. `We have a right to lie to the media and >> other people through tentacles.' One can make a game out of >> infecting respectable media outlets like Wired and NYT with >> elaborate deceptions. >> >> - Pseudospoofing is liberating. `You are only as good as the >> number of identities you can project on the internet; this is a >> feature, not a bug.' The Enders Game book (Orson Scott Card?) is >> an example of the liberating effect of pseudospoofing on freeing >> people from their arbitrary prejudices about human identity and >> accountability. >> >> - There's no big deal about black marketeering or tax evasion. >> Everyone does it. It's a survival tactic in a brutal world of >> corrupt governments and massive corporations out to oppress the >> little guy. We are entering a New World Order where anarchy will >> rule and all governments will crumble. >> >> - Blacknet is a harmless and visionary cyberspatial experiment >> done by T.C.May. >> >> - `Please take these annoying discussions about secret >> conspiracies elsewhere.' >> >> Of course, if any of these statements are by the spies, they are >> just trying to build up your trust so that they can betray you >> later when they have the proper opportunity. Or, sometimes, there >> is the dictum that `intelligence is more valuable than >> liquidation' and they may continue to deceive you just for the >> valuable intelligence indefinately. >> >> * * * >> >> >> Then there may be some `tentacles' out there that are being >> driven by the counterrevolutionaries bent on destroying the >> Cyberanarchist movement and interested in getting some of their >> own propaganda out there. These would be indistinguishable from >> cy{b,ph}erwonk loyalists. >> >> - L.Detweiler is brilliant, has made stellar net contributions, >> has never sent death threats, no evidence exists that he is >> behind S.Boxx, he has spoken out against cyberspatial guerrila >> warfare, is the mastermind of a new mailing list but talk of a >> spy plot is preposterous, etc. He is one of many in the world who >> cares very seriously about pseudospoofing as all his writing in >> e.g. RISKS and CUD attests. >> >> - `Very little is know about T.C. May and E.Hughes and J.Gilmore >> as far as their personalities, and in fact J.Gilmore has admitted >> publicly to drug use, and all vehemently resist making >> unequivocal public or private statements on pseudospoofing, >> although they do seem to be the target of an anonymous smear >> campaign by the anonymous person S.Boxx, but with some disturbing >> elements of truth.' >> >> - `I have never been to cypherpunk meetings and parties, and I am >> suspicious of the behavior of many of the `people' L.Detweiler >> has accused of being tentacles, because of the lack of verifiable >> information and a sort of `cardboard cutout' flavor to their >> personalities. There seems to be some desperate damage control >> going on.' >> >> - There seem to be some actual conspiracies going on inside the >> cypherpunks, including drug use by `leaders' or pseudospoofing or >> other illegitimate activities. >> >> - Lies are lies. `No one has a right to lie to the media or >> other people through tentacles.' Anyone who makes a game out of >> infecting respectable media outlets like Wired and NYT with >> elaborate deceptions is malicious, depraved, and perverted. >> >> - Pseudospoofing is perverted. Statements like `You are only as >> good as the number of identities you can project on the internet; >> this is a feature, not a bug.' are depraved and deluded. The >> Enders Game book (Orson Scott Card?) is an example of the very >> dangerous effect of pseudospoofing on manipulating people in >> their assumptions and presumptions about human identity and >> accountability, and for mind control and brainwashing. >> >> - Black marketeering and tax evasion are evil. Though many >> promote it, it is toxic to social harmony. Those that promote it >> are all hypocrites who claim that they have found new societies >> that are free of it, but have found only societies of poisonous >> distrust and paranoia. The whole purpose of governments and >> corporations is to serve people, and if they fail to do so they >> need to be adjusted but not destroyed. >> >> - `Please don't censor these fascinating discussions about secret >> conspiracies and cyberanarchists.' >> >> >> * * * >> >> It's quite a pity that in Cyberspace, to borrow a phrase that is >> rapidly becoming a cliche, no one knows if you are a spy. Perhaps >> we can work together to build systems that minimize this kind of >> rampant paranoia. It's really a shame that someone with a grudge >> against any mailing list or its leaders could so disrupt its >> smooth flowing operation with no repercussions. I have some ideas >> for preventing this, and in fact I encourage anyone else who does >> to join the Cy{ph,b}erwonks list and discuss these issues >> associated with Electronic Democracy. >> >> ``The first casualty in war is the truth.'' There is a saying in >> war, `shoot them all and let God sort them out.' Perhaps in these >> turbulent times, this message represents a `list all the rumors >> and let the People sort them out.' I hope the truth prevails in >> Cyberspace as it does in the real world. Our own controversies, >> such as those above, will serve as an interesting experiment. -- Tentacle #99 ecc public key curve p160 ;9C~b~)3)cp0d!?C1JIVI=tI( Governments are instituted among men, deriving their just powers from the consent of the governed, that whenever any form of government becomes destructive of these ends, it is the right of the people to alter or abolish it, and to institute new government, laying its foundation on such principles, and organizing its powers in such form, as to them shall seem most likely to effect their safety and happiness.’ From loki at obscura.com Wed Jan 8 09:34:08 2014 From: loki at obscura.com (Lance Cottrell) Date: Wed, 8 Jan 2014 09:34:08 -0800 Subject: FUCK GRIFFIN BOYCE And yet ANOTHER NET.LOON Candidate Re: Earlier Detweiler ravings!! In-Reply-To: <52CD897F.4030200@cypherpunks.to> References: <52CD8184.5010107@cypherpunks.to> <59e4767e916d2e98931f386da08cfbd3@cryptolab.net> <52CD897F.4030200@cypherpunks.to> Message-ID: <0FF506AC-B48D-4E12-A0BD-405D63DADC94@obscura.com> This was all really boring the first time around. -- Lance Cottrell loki at obscura.com On Jan 8, 2014, at 9:23 AM, gwen hastings wrote: > Fuck You Griffin(happy now?) > > yes and FUCK you too!!..Who GIVES a FLYING FUCK as to what YOU CARE ABOUT... > > those who dont remember the past are doomed to forever repeat it.. > GH > > idiot fuckwad kids > > > On 1/8/14 9:02 AM, Griffin Boyce wrote: >> The amount of fucks I give about this can be conveniently stored >> within a thimble. If the drama is twenty years hence, maybe it's time >> to move beyond it? >> >> ~Griffin >> >> >> On 2014-01-08 11:49, gwen hastings wrote: >>> From ld231782 Wed Dec 29 21:33:12 1993 >>> Return-Path: ld231782 >>> Received: from dolores.lance.colostate.edu (dolores.lance.colostate.edu >>> [129.82.112.18]) by longs.lance.colostate.edu (8.6.4/8.6.4) with SMTP id >>> VAA27831; Wed, 29 Dec 1993 21:32:40 -0700 >>> Message-Id: <199312300432.VAA27831 at longs.lance.colostate.edu> >>> to: cypherpunks at toad.com, cypherwonks at lists.eunet.fi, >>> colorado_cypherpunks at vis.colostate.edu >>> subject: Paranoia Strikes Deep... >>> cc: ld231782 >>> Date: Wed, 29 Dec 93 21:32:28 -0700 >>> From: "L. Detweiler" >>> X-Mts: smtp >>> >>> Hello, I have been hearing some rumors about the cypherpunks >>> being `penetrated' by some spies and areas of the Internet >>> (mailing lists, newsgroups, private mail, journal articles, etc.) >>> being targeted with `tentacle' infiltrations. I thought this was >>> kind of fascinating to contemplate how they would behave. It >>> seems to me that loyalty is very hard to judge by mere email >>> messages alone, and that these hypothetical spies might take that >>> to their advantage. Here are some of the things that either >>> cypherpunk loyalists (cyberanarchists) or cy{b,ph}erwonk spies >>> might say to gain credibility and further `intelligence' from >>> insiders: >>> >>> - L.Detweiler is insane, has sent death threats, is behind >>> S.Boxx, is involved in cyberspatial guerrila warfare, is the >>> mastermind of a spy plot, etc. He is the only person in the world >>> who cares about pseudospoofing. (All the complete ad hominem >>> fantasy stuff). >>> >>> - `T.C. May and E.Hughes and J.Gilmore are all outstanding and >>> upstanding net citizens, have never pseudospoofed or done >>> anything wrong, and are the target of an anonymous smear campaign >>> by terrorists.' >>> >>> - `I have been to cypherpunk meetings and parties, and I have met >>> all the people who have been accused of being tentacles, and they >>> are all real. In fact, I saw their drivers licenses.' `Someone >>> accused of being a tentacle actually lives with me.' >>> >>> - There are no conspiracies whatsoever going on inside the >>> cypherpunks, including drug use by `leaders' or pseudospoofing or >>> other illegitimate activities. >>> >>> - Lies are liberating. `We have a right to lie to the media and >>> other people through tentacles.' One can make a game out of >>> infecting respectable media outlets like Wired and NYT with >>> elaborate deceptions. >>> >>> - Pseudospoofing is liberating. `You are only as good as the >>> number of identities you can project on the internet; this is a >>> feature, not a bug.' The Enders Game book (Orson Scott Card?) is >>> an example of the liberating effect of pseudospoofing on freeing >>> people from their arbitrary prejudices about human identity and >>> accountability. >>> >>> - There's no big deal about black marketeering or tax evasion. >>> Everyone does it. It's a survival tactic in a brutal world of >>> corrupt governments and massive corporations out to oppress the >>> little guy. We are entering a New World Order where anarchy will >>> rule and all governments will crumble. >>> >>> - Blacknet is a harmless and visionary cyberspatial experiment >>> done by T.C.May. >>> >>> - `Please take these annoying discussions about secret >>> conspiracies elsewhere.' >>> >>> Of course, if any of these statements are by the spies, they are >>> just trying to build up your trust so that they can betray you >>> later when they have the proper opportunity. Or, sometimes, there >>> is the dictum that `intelligence is more valuable than >>> liquidation' and they may continue to deceive you just for the >>> valuable intelligence indefinately. >>> >>> * * * >>> >>> >>> Then there may be some `tentacles' out there that are being >>> driven by the counterrevolutionaries bent on destroying the >>> Cyberanarchist movement and interested in getting some of their >>> own propaganda out there. These would be indistinguishable from >>> cy{b,ph}erwonk loyalists. >>> >>> - L.Detweiler is brilliant, has made stellar net contributions, >>> has never sent death threats, no evidence exists that he is >>> behind S.Boxx, he has spoken out against cyberspatial guerrila >>> warfare, is the mastermind of a new mailing list but talk of a >>> spy plot is preposterous, etc. He is one of many in the world who >>> cares very seriously about pseudospoofing as all his writing in >>> e.g. RISKS and CUD attests. >>> >>> - `Very little is know about T.C. May and E.Hughes and J.Gilmore >>> as far as their personalities, and in fact J.Gilmore has admitted >>> publicly to drug use, and all vehemently resist making >>> unequivocal public or private statements on pseudospoofing, >>> although they do seem to be the target of an anonymous smear >>> campaign by the anonymous person S.Boxx, but with some disturbing >>> elements of truth.' >>> >>> - `I have never been to cypherpunk meetings and parties, and I am >>> suspicious of the behavior of many of the `people' L.Detweiler >>> has accused of being tentacles, because of the lack of verifiable >>> information and a sort of `cardboard cutout' flavor to their >>> personalities. There seems to be some desperate damage control >>> going on.' >>> >>> - There seem to be some actual conspiracies going on inside the >>> cypherpunks, including drug use by `leaders' or pseudospoofing or >>> other illegitimate activities. >>> >>> - Lies are lies. `No one has a right to lie to the media or >>> other people through tentacles.' Anyone who makes a game out of >>> infecting respectable media outlets like Wired and NYT with >>> elaborate deceptions is malicious, depraved, and perverted. >>> >>> - Pseudospoofing is perverted. Statements like `You are only as >>> good as the number of identities you can project on the internet; >>> this is a feature, not a bug.' are depraved and deluded. The >>> Enders Game book (Orson Scott Card?) is an example of the very >>> dangerous effect of pseudospoofing on manipulating people in >>> their assumptions and presumptions about human identity and >>> accountability, and for mind control and brainwashing. >>> >>> - Black marketeering and tax evasion are evil. Though many >>> promote it, it is toxic to social harmony. Those that promote it >>> are all hypocrites who claim that they have found new societies >>> that are free of it, but have found only societies of poisonous >>> distrust and paranoia. The whole purpose of governments and >>> corporations is to serve people, and if they fail to do so they >>> need to be adjusted but not destroyed. >>> >>> - `Please don't censor these fascinating discussions about secret >>> conspiracies and cyberanarchists.' >>> >>> >>> * * * >>> >>> It's quite a pity that in Cyberspace, to borrow a phrase that is >>> rapidly becoming a cliche, no one knows if you are a spy. Perhaps >>> we can work together to build systems that minimize this kind of >>> rampant paranoia. It's really a shame that someone with a grudge >>> against any mailing list or its leaders could so disrupt its >>> smooth flowing operation with no repercussions. I have some ideas >>> for preventing this, and in fact I encourage anyone else who does >>> to join the Cy{ph,b}erwonks list and discuss these issues >>> associated with Electronic Democracy. >>> >>> ``The first casualty in war is the truth.'' There is a saying in >>> war, `shoot them all and let God sort them out.' Perhaps in these >>> turbulent times, this message represents a `list all the rumors >>> and let the People sort them out.' I hope the truth prevails in >>> Cyberspace as it does in the real world. Our own controversies, >>> such as those above, will serve as an interesting experiment. > > > -- > Tentacle #99 > > ecc public key curve p160 > ;9C~b~)3)cp0d!?C1JIVI=tI( > > Governments are instituted among men, > deriving their just powers from the consent of the governed, > that whenever any form of government becomes destructive > of these ends, it is the right of the people to alter or > abolish it, and to institute new government, laying its > foundation on such principles, and organizing its powers > in such form, as to them shall seem most likely to effect > their safety and happiness.’ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 10431 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4877 bytes Desc: not available URL: From cathalgarvey at cathalgarvey.me Wed Jan 8 01:36:28 2014 From: cathalgarvey at cathalgarvey.me (Cathal Garvey (Phone)) Date: Wed, 08 Jan 2014 09:36:28 +0000 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <7B7505FF70830BD36ACB8155@F74D39FA044AA309EAEA14B9> References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5B79.1060801@echeque.com> <50CA74F4E6FD2613A83583BE@F74D39FA044AA309EAEA14B9> <52CCECB8.3080405@echeque.com> <2468912273B405E314C5CF49@F74D39FA044AA309EAEA14B9> <5E549DD0DAAFDCB954C81C1B@F74D39FA044AA309EAEA14B9> <7B7505FF70830BD36ACB8155@F74D39FA044AA309EAEA14B9> Message-ID: Anyone written a script yet that deletes any thread where Al and Juan start addressing one another? Juan Garofalo wrote: > > >--On Tuesday, January 07, 2014 11:32 PM -0800 Al Billings > wrote: > >> So you're a nihilist? Why not shoot yourself now then if life has no >> point? > > That's an interesting question Al. How do you feel about chocolate >cake? > > >> >> From: Juan Garofalo Juan Garofalo >> >> If you recall, I asked you what I should believe in, but you never  >> replied. So, I don't believe in anything. =[  >> >> >> -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1245 bytes Desc: not available URL: From shelley at misanthropia.info Wed Jan 8 09:59:21 2014 From: shelley at misanthropia.info (shelley at misanthropia.info) Date: Wed, 8 Jan 2014 09:59:21 -0800 Subject: FUCK GRIFFIN BOYCE And yet ANOTHER NET.LOON Candidate Re: Earlier Detweiler ravings!! In-Reply-To: Message-ID: <20140108175925.65AD3C00E83@frontend1.nyi.mail.srv.osa> On Jan 8, 2014 9:48 AM, Patrick Mylund Nielsen <cryptography at patrickmylund.com> wrote:  (snip) >>You should spend some of that energy on learning not to top-post.   Ah, there it is. *Now* it feels like authentic usenet.   Please, do let the flaming and fuckery continue! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 332 bytes Desc: not available URL: From jya at pipeline.com Wed Jan 8 07:29:26 2014 From: jya at pipeline.com (John Young) Date: Wed, 08 Jan 2014 10:29:26 -0500 Subject: Brag About Exploits, Go to Jail In-Reply-To: <52CD5D97.6040106@cathalgarvey.me> References: <7F68B02DFEB581436A666788@F74D39FA044AA309EAEA14B9> <35D5C9B80E726F952D848CCB@F74D39FA044AA309EAEA14B9> <52CD0E01.5000108@echeque.com> <52CD5D97.6040106@cathalgarvey.me> Message-ID: Did you read today (NYT) that one of the founders of EFF, Mitch Kapor, was a first investor in a leading ubiqutious camera spying venture to put in the hands of everybody what once was used only by spies and cops? Everybody is TLA, TLA is everybody. Snowden, allegedly, gave docs to a world-class braggart, Greenwald, and to two or three much less loud-mouthed but in the professional bragging business, Poitras and Gellman, documentary tout and national security tout, respectively. Thereafter the tout bragging industry kicked into high gear and quickly overwhelmed whatever Snowden might have intended by their own fabricated, doctored, hyperbolied super-touted headlined versions of his intentions, but more so, in their own economic interest, whipping up a frenzy about their noble intentions to rake in the loot after years of nearing bankruptcy (the forlorn solo journo, Greenwald and Poitras profiles too.) Greenwald in particular bellows excessively, as a lawyer must, about his obligation to a pact with Snowden, and lately his much greater jury-pandering about his pact with Omidyar. His recent long bloviation on his blog is purely promotional bragging characteristic of the hustler forever crowing about its prowess, whining about attacks, disdaining critics with puerile condescension. Omidyar and Bezos among others, have been sucked into the ultra-bragging game, large, inebriated with unquenchable wealth accumulation, after years of supporting highly vainglorious and dispensible NGO investments, not a few of which have failed due to exaggerated brochure-toute expectations which could not be met but were invented losers to be run into the ground for the tax benefits of ultra-concentrated wealth. This the exact model of the Firstlook venture, a combo of high-profit media industry and simulated "NGO" journalism to exempt the taxable profits. Would that work here. Youbetcha. The very founding of cypherpunks employed that model and sustains it to solicit and amass data of crypto-freedom-drunk users for marketing peculiarly faulty products across the political spectrum from faux privacy to faux security. Https everywhere, har, Tor, har, WikiLeaks, har, Cryptome, spit, and what have you now, Snowden. Braggarts always have noble purposes, bragging about nobility is what sustains the illusion of superiority. And glosses the nobility of great wealth or depthless desire for it. Significant variations of braggardy, from loud to quiet. overstatement to understatement. Chump version: "needs killing." Chimp version: Snowden is a hero, or traitor. Wimp version: more leaks by others, none by me. Gimp version: this is nothing new. Limp version: don't insult people here, don't discuss politics, message deleted by moderator. Blimp version: this forum is unmoderated. At 09:15 AM 1/8/2014, you wrote: > > Snowden wanted to be identified, so it is alleged, and > > has been caught as intended. > >I think the reasoning with Snowden was not so much to brag as to make >himself a hard-to-assassinate public figure. In his case, so few people >could have acquired the documents he did, that it was a matter of >(little) time before he was noticed to be conveniently absent as the >shit hit the fan. > >If he wasn't in the public eye by that time, he'd have been disappeared >and/or shot in short order. > > > Not to be overlooked: the essence of comsec and > > crypto is deception. So laugh at the open source ruse > > on the way to the pokey. > >Funny that, I look at closed source as evidence of deception; without >deception, there is no reason to hide the source. As long as they keys >are secret, the protocol and code can be open, and should be if anyone's >to trust that they're A) beneficent and B) competent. > >In the comparison of Cryptocat, which has tightened up radically because >of code audits enabled by Open Sourcing it, to Bittorrent Sync (which >used to advertise AES256 which was impossible with the keylength being >shared, now advertises AES128, nobody knows how they implement it but a >mistake like that screams "badly"), which is still unaudited snakeoil: >BTSync boast massive bandwidth usage implying a significant user uptake, >and moreso since the Snowden affair because of their snakeoil offering. >So the Open Source guy gets all the attention, audits and improvement, >while the closed source guys get no attention, no audits, and finally >notice internally that they're offering AES256 when they can't >physically accomplish it with the keylengths. > >I'll take Open, thanks. At least I can see what's wrong if it errs. > >On 08/01/14 12:55, John Young wrote: > > James Donald wrote: > > > >> And if he had, like Snowden, kept a low profile, instead of flicking a > >> towel in their faces, they never would have detected it. > > > > Swartz bragged to a slew of people and was caught. > > Manning bragged to Lamo and was caught. > > Kiriakou bragged to a journalist and was caught. > > Sabu bragged to cohorts and was caught. > > Barrett Brown bragged to the world and was caught. > > Several Anonymouses bragged and were caught. > > And so on, dozens in just the last decade. > > > > Jim Bell bragged online and went to jail. So did Carl > > Johnson. Cops love braggarts, brag themselves to > > braggarts to keep prisons happylands. > > > > How many did not brag and remained uncaught? There > > are likely thousands of them. Many of those work with > > or emulate spies who do not brag as rule number 1. > > > > Snowden wanted to be identified, so it is alleged, and > > has been caught as intended. > > > > Is this nuts or what, vainglorious stupidity, or a commonplace > > ruse to get the enemy to expose its capabilities, or to flaunt > > one's own hybrid of authentic and fake to spook the enemy, > > to seel products, to boost budgets, to manipulate public > > opinion. The fundamental purpose of leaks. > > > > Keeping a non-existent profile is worth considering, along > > with a hundred pseudos. > > > > And putting a high-profile out there is what the Internet > > was intended to do, fake, sock, pseudo, anon, sucker. > > > > Not to be overlooked: the essence of comsec and > > crypto is deception. So laugh at the open source ruse > > on the way to the pokey. > > > > > > > > From jamesd at echeque.com Tue Jan 7 16:29:45 2014 From: jamesd at echeque.com (James A. Donald) Date: Wed, 08 Jan 2014 10:29:45 +1000 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <4617729.glPem0nkgg@lap> References: <52CAA24E.5060809@cathalgarvey.me> <52CC5B79.1060801@echeque.com> <4617729.glPem0nkgg@lap> Message-ID: <52CC9BF9.1060701@echeque.com> James A. Donald pisze: > > No one gave a damn about Aaron Swartz leaking the docs. That was > > not what he was charged with, and not what pissed off the > > sysadmins. What pissed off the sysadmins was physical intrusion, > > and him bringing the network to its knees. On 2014-01-08 07:53, rysiek wrote: > Wait, what? Where the hell did you get *that* bullshit. MIT network > was just fine, the pissed people were at JSTOR, and they were pissed > not because "the network was brought down to its knees", but because > somebody was getting a lot of articles "without paying". http://docs.jstor.org/summary.html "On Saturday, October 9, we again detected rapid downloading, this time at an even faster rate. The downloading overloaded several servers, disrupting access to JSTOR for users beyond MIT." What led to his arrest was that he physically entered the building, and physically entered the closet where their network was connected up, and physically messed with their network wiring to attach his laptop http://cryptome.org/2013/01/swartz/mit-closet-swartz.htm Burglary and physical damage. Which physical damage led to network dysfunction. Tracing the network failure, the sysadmins found his alterations to their network, and left the laptop where it was, placing a camera near the closet to detect the criminal's return to pick up the laptop. In due course, Aaron Schwarz shows up on video picking up his laptop. The sysadmins never displayed much interest in the fact that he had earlier illegally downloaded huge numbers of articles. They got pissed, and he got charged, for entering the building and messing with their wiring. If he had kept his downloads non disruptive by limiting the download rate, by being furtive as Edward Snowden was furtive, no one would have bothered - and proof of this is that they did not bother. He wanted to smack their faces with the fact that he was ruling class and they were mere minions, that the laws of the ruling class are for the little people, not for members of the ruling class. From odinn.cyberguerrilla at riseup.net Wed Jan 8 10:32:35 2014 From: odinn.cyberguerrilla at riseup.net (Odinn Cyberguerrilla) Date: Wed, 8 Jan 2014 10:32:35 -0800 Subject: This In-Reply-To: <1e348d70bac6e9a1d84e86e017e67c1a@cryptolab.net> References: <52CD8184.5010107@cypherpunks.to> <59e4767e916d2e98931f386da08cfbd3@cryptolab.net> <52CD897F.4030200@cypherpunks.to> <1e348d70bac6e9a1d84e86e017e67c1a@cryptolab.net> Message-ID: <5bf2d7d9e6062e217baf2454e528fae0.squirrel@fulvetta.riseup.net> This. --> > Well that escalated quickly. > > Considering that my entire generation of hackers & cypherpunks is > being eviscerated -- surveilled, investigated, their professional lives > threatened, I don't really care about in-fighting. When people stop > being terrified of releasing their own research, maybe I will care about > drama. Life is too short and our work too important to hold grudges. > > I don't delude myself that anyone cares about my opinions, but I > reserve the right to have them. And while I too have disagreements with > people in this space, there's little point in wasting energy on shouting > about them on lists. =P Spend time doing something worthwhile. > > best, > Griffin Boyce > > > On 2014-01-08 12:23, gwen hastings wrote: >> Fuck You Griffin(happy now?) >> >> yes and FUCK you too!!..Who GIVES a FLYING FUCK as to what YOU CARE >> ABOUT... >> >> those who dont remember the past are doomed to forever repeat it.. >> GH >> >> idiot fuckwad kids >> >> >> On 1/8/14 9:02 AM, Griffin Boyce wrote: >>> The amount of fucks I give about this can be conveniently stored >>> within a thimble. If the drama is twenty years hence, maybe it's time >>> to move beyond it? >>> >>> ~Griffin >>> >>> >>> On 2014-01-08 11:49, gwen hastings wrote: >>>> [drama from twenty years ago] > From jamesd at echeque.com Tue Jan 7 17:01:55 2014 From: jamesd at echeque.com (James A. Donald) Date: Wed, 08 Jan 2014 11:01:55 +1000 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <4617729.glPem0nkgg@lap> References: <52CAA24E.5060809@cathalgarvey.me> <52CC5B79.1060801@echeque.com> <4617729.glPem0nkgg@lap> Message-ID: <52CCA383.6000405@echeque.com> On 2014-01-08 07:53, rysiek wrote: > Wait, what? Where the hell did you get *that* bullshit. MIT network > was just fine, the pissed people were at JSTOR, and they were pissed > not because "the network was brought down to its knees", but because > somebody was getting a lot of articles "without paying". http://docs.jstor.org/summary.html "It was now well into the fall semester and for several days all MIT students and faculty had been unable to access JSTOR, a resource used by hundreds of researchers and students per day at MIT during that time of year. " Aaron Swartz was not charged downloading articles without paying, but with disrupting a network on which his menial inferiors depended. Illustrating that our masters are incompetent and stupid, as well as arrogant. If I had been in the closet and screwed with the network wiring (which I would not have done since the network was wide open to competent attack from safely far away) I would have screwed with the network wiring in such a fashion as to produce no easily noticeable effects. If I had been doing what Schwarz was doing, I would have proxied through a bunch of zombies to disguise the IP, would have rate limited the download so as not to stick out and not produce an obnoxious and noticeable disruption, and would have done a pseudo random permutation on the order so that it was not obvious sequential, thus not obvious the intent was to download the entire database, so that it looked as if particular specific articles were being downloaded. And all that would have been overkill, for if no disruption of the network, no one who had the skills to detect it and do something about it would have cared. From nymble at gmail.com Wed Jan 8 11:07:25 2014 From: nymble at gmail.com (nymble) Date: Wed, 8 Jan 2014 11:07:25 -0800 Subject: FUCK GRIFFIN BOYCE And yet ANOTHER NET.LOON Candidate Re: Earlier Detweiler ravings!! In-Reply-To: <52CD897F.4030200@cypherpunks.to> References: <52CD8184.5010107@cypherpunks.to> <59e4767e916d2e98931f386da08cfbd3@cryptolab.net> <52CD897F.4030200@cypherpunks.to> Message-ID: > > ecc public key curve p160 > ;9C~b~)3)cp0d!?C1JIVI=tI( You curve is small. Get a bigger one. From jamesdbell8 at yahoo.com Wed Jan 8 11:21:33 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Wed, 8 Jan 2014 11:21:33 -0800 (PST) Subject: Jacob Appelbaum in Germany In-Reply-To: <20140108174001.B0BFD2280B6@palinka.tinho.net> References: <52C33963.1000709@echeque.com> <20140108174001.B0BFD2280B6@palinka.tinho.net> Message-ID: <1389208893.97348.YahooMailNeo@web141204.mail.bf1.yahoo.com> From: "dan at geer.org" To: James A. Donald Cc: cypherpunks at cpunks.org Sent: Wednesday, January 8, 2014 9:40 AM Subject: Re: Jacob Appelbaum in Germany | In practice, it is pretty obvious that most practitioners of civil | disobedience believe they are above the law, that they usually *are* | above the law, and that in particular Swartz believed he was above the | law, and was shocked to find that he was not. | | There might be some sincere practitioners of civil disobedience, but | Swartz was not, and the big heroes of the civil disobedience brigade, | Ghandi and Thoreau, were not. >A long time ago, I spent a couple of weeks in jail for >trespass (occupation of the site where the Seabrook reactor >now stands).  Nearly everyone eventually pled not guilty >with a notable exception: every single Quaker pleaded guilty >on the grounds that in doing so and only in so doing did they >bear witness. However, those Quakers' positions may have been erroneous, based on a misunderstanding of the relevant law.  A person may claim to be 'not guilty' based on the fact that he wasn't there, he didn't do it, etc.  But, he may also claim to be 'not guilty' because what he did didn't constitute a crime, or he was justified based on extenuating circumstances, or he was trying to prevent a bigger crime. BTW, have you considered the implications of nuclear power, today?  Getting rid of the nuclear waste is still a problem, but now the big environmental problem is claimed to be 'global warming', or 'climate change', whatever they are calling it these days.  The typical twenty-something environmentalist can claim innocence (he was not around in the 1970's), but the building and operation of nuclear power plants was and is definitely a trade-off.  How many millions of tons of CO2 released into the atmosphere would have been avoided had people not deterred the construction of a more extensive nuclear power system?           Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2897 bytes Desc: not available URL: From rich at openwatch.net Wed Jan 8 11:58:01 2014 From: rich at openwatch.net (Rich Jones) Date: Wed, 8 Jan 2014 11:58:01 -0800 Subject: Private Distributed Hash Tables Message-ID: Far too much yap yap yappin' around here lately.. cpunks write code, remember? Let's get back to business. Here's an idea for a private, censorship-resistant communication/file sharing system with integrated invitations and access control. I don't think I've ever seen this before, but it's quite possible that people have discussed this idea previously. Either way, I don't know of any implementations yet. Problem ======= The current P2P file sharing landscape is divided up into two spaces: 1) private tracker communities (what.cd // Demonoid // etc) which provide high quality network speeds and file quality through moderation, but which are often subject to outages due to centralization, and 2) the single giant BitTorrent 'peer exchange' distributed hash table, which provides universal file access and fault-tolerance, but at the cost of abuse and surveillance of those participating. Ideally, we want a peer-to-peer community which is decentralized and fault-tolerant, but with enough authority to maintain a high network quality and private enough to avoid open surveillance. Proposed Solution ======= It might be possible to combine the exclusivity and moderation of private trackers with the fault-tolerance of distributed hash tables by having each private table operate with a certificated-authority based public key infrastructure. Essentially, to participate in the DHT, peers must cryptographically prove that they have been invited to participate. Power and trust flow down a through a concentric certificate web. A client's authority in the network is a function of how far away from the root authority they are (not dissimilar to Scientology's hierarchy.) Clients should automatically respect commands coming from those higher up the cert chain or from those closer to the root than they are, and should listen to, but not automatically respect, commands from those lower down the cert chain or from "lower-ranking" clients. * Bootstrapping and Invitation The very first user of the network will have to generate a root certificate. He is then able to generate new signing certificates, which he can give to new users of a network to allow them the ability to access the network. These new users should be able to use their own certificates to do the same for their own new users. (This could be done with certificate signing requests coming from potential new users as well, but that might come at the cost of a slightly more complicated user experience). * Revocation Bannings can be performed by issuing updates to a network-wide revocation list. Clients will automatically respect revocations coming from superiors, and may or may not choose to respect revocations coming from underlings. * Implementation Everything needed to create the heart of this should exist already in Kademlia and OpenSSL. BitTorrent could serve as the basis for the file-sharing application, but vanilla BitTorrent has a content discovery problem, so I'd suggest that any implementations of BitTorrent on Private Distributed Hash Tables should have some kind of discovery BEP included as well, possibly one which uses the authority system of the PDHT to verify files. There's also a possibility there for what you might call "trusted amnesia" - the ability for a user with a high authority to publish verified documents to the whole network without having to broadly expose themselves as the source of the content by having peers in their same trust level sign their content, forget the source, then increase the availability by one access level. Anyway, that's the sketch. Any thoughts? Rich -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4049 bytes Desc: not available URL: From griffin at cryptolab.net Wed Jan 8 09:02:04 2014 From: griffin at cryptolab.net (Griffin Boyce) Date: Wed, 08 Jan 2014 12:02:04 -0500 Subject: Earlier Detweiler ravings!! In-Reply-To: <52CD8184.5010107@cypherpunks.to> References: <52CD8184.5010107@cypherpunks.to> Message-ID: <59e4767e916d2e98931f386da08cfbd3@cryptolab.net> The amount of fucks I give about this can be conveniently stored within a thimble. If the drama is twenty years hence, maybe it's time to move beyond it? ~Griffin On 2014-01-08 11:49, gwen hastings wrote: > From ld231782 Wed Dec 29 21:33:12 1993 > Return-Path: ld231782 > Received: from dolores.lance.colostate.edu (dolores.lance.colostate.edu > [129.82.112.18]) by longs.lance.colostate.edu (8.6.4/8.6.4) with SMTP > id > VAA27831; Wed, 29 Dec 1993 21:32:40 -0700 > Message-Id: <199312300432.VAA27831 at longs.lance.colostate.edu> > to: cypherpunks at toad.com, cypherwonks at lists.eunet.fi, > colorado_cypherpunks at vis.colostate.edu > subject: Paranoia Strikes Deep... > cc: ld231782 > Date: Wed, 29 Dec 93 21:32:28 -0700 > From: "L. Detweiler" > X-Mts: smtp > > Hello, I have been hearing some rumors about the cypherpunks > being `penetrated' by some spies and areas of the Internet > (mailing lists, newsgroups, private mail, journal articles, etc.) > being targeted with `tentacle' infiltrations. I thought this was > kind of fascinating to contemplate how they would behave. It > seems to me that loyalty is very hard to judge by mere email > messages alone, and that these hypothetical spies might take that > to their advantage. Here are some of the things that either > cypherpunk loyalists (cyberanarchists) or cy{b,ph}erwonk spies > might say to gain credibility and further `intelligence' from > insiders: > > - L.Detweiler is insane, has sent death threats, is behind > S.Boxx, is involved in cyberspatial guerrila warfare, is the > mastermind of a spy plot, etc. He is the only person in the world > who cares about pseudospoofing. (All the complete ad hominem > fantasy stuff). > > - `T.C. May and E.Hughes and J.Gilmore are all outstanding and > upstanding net citizens, have never pseudospoofed or done > anything wrong, and are the target of an anonymous smear campaign > by terrorists.' > > - `I have been to cypherpunk meetings and parties, and I have met > all the people who have been accused of being tentacles, and they > are all real. In fact, I saw their drivers licenses.' `Someone > accused of being a tentacle actually lives with me.' > > - There are no conspiracies whatsoever going on inside the > cypherpunks, including drug use by `leaders' or pseudospoofing or > other illegitimate activities. > > - Lies are liberating. `We have a right to lie to the media and > other people through tentacles.' One can make a game out of > infecting respectable media outlets like Wired and NYT with > elaborate deceptions. > > - Pseudospoofing is liberating. `You are only as good as the > number of identities you can project on the internet; this is a > feature, not a bug.' The Enders Game book (Orson Scott Card?) is > an example of the liberating effect of pseudospoofing on freeing > people from their arbitrary prejudices about human identity and > accountability. > > - There's no big deal about black marketeering or tax evasion. > Everyone does it. It's a survival tactic in a brutal world of > corrupt governments and massive corporations out to oppress the > little guy. We are entering a New World Order where anarchy will > rule and all governments will crumble. > > - Blacknet is a harmless and visionary cyberspatial experiment > done by T.C.May. > > - `Please take these annoying discussions about secret > conspiracies elsewhere.' > > Of course, if any of these statements are by the spies, they are > just trying to build up your trust so that they can betray you > later when they have the proper opportunity. Or, sometimes, there > is the dictum that `intelligence is more valuable than > liquidation' and they may continue to deceive you just for the > valuable intelligence indefinately. > > * * * > > > Then there may be some `tentacles' out there that are being > driven by the counterrevolutionaries bent on destroying the > Cyberanarchist movement and interested in getting some of their > own propaganda out there. These would be indistinguishable from > cy{b,ph}erwonk loyalists. > > - L.Detweiler is brilliant, has made stellar net contributions, > has never sent death threats, no evidence exists that he is > behind S.Boxx, he has spoken out against cyberspatial guerrila > warfare, is the mastermind of a new mailing list but talk of a > spy plot is preposterous, etc. He is one of many in the world who > cares very seriously about pseudospoofing as all his writing in > e.g. RISKS and CUD attests. > > - `Very little is know about T.C. May and E.Hughes and J.Gilmore > as far as their personalities, and in fact J.Gilmore has admitted > publicly to drug use, and all vehemently resist making > unequivocal public or private statements on pseudospoofing, > although they do seem to be the target of an anonymous smear > campaign by the anonymous person S.Boxx, but with some disturbing > elements of truth.' > > - `I have never been to cypherpunk meetings and parties, and I am > suspicious of the behavior of many of the `people' L.Detweiler > has accused of being tentacles, because of the lack of verifiable > information and a sort of `cardboard cutout' flavor to their > personalities. There seems to be some desperate damage control > going on.' > > - There seem to be some actual conspiracies going on inside the > cypherpunks, including drug use by `leaders' or pseudospoofing or > other illegitimate activities. > > - Lies are lies. `No one has a right to lie to the media or > other people through tentacles.' Anyone who makes a game out of > infecting respectable media outlets like Wired and NYT with > elaborate deceptions is malicious, depraved, and perverted. > > - Pseudospoofing is perverted. Statements like `You are only as > good as the number of identities you can project on the internet; > this is a feature, not a bug.' are depraved and deluded. The > Enders Game book (Orson Scott Card?) is an example of the very > dangerous effect of pseudospoofing on manipulating people in > their assumptions and presumptions about human identity and > accountability, and for mind control and brainwashing. > > - Black marketeering and tax evasion are evil. Though many > promote it, it is toxic to social harmony. Those that promote it > are all hypocrites who claim that they have found new societies > that are free of it, but have found only societies of poisonous > distrust and paranoia. The whole purpose of governments and > corporations is to serve people, and if they fail to do so they > need to be adjusted but not destroyed. > > - `Please don't censor these fascinating discussions about secret > conspiracies and cyberanarchists.' > > > * * * > > It's quite a pity that in Cyberspace, to borrow a phrase that is > rapidly becoming a cliche, no one knows if you are a spy. Perhaps > we can work together to build systems that minimize this kind of > rampant paranoia. It's really a shame that someone with a grudge > against any mailing list or its leaders could so disrupt its > smooth flowing operation with no repercussions. I have some ideas > for preventing this, and in fact I encourage anyone else who does > to join the Cy{ph,b}erwonks list and discuss these issues > associated with Electronic Democracy. > > ``The first casualty in war is the truth.'' There is a saying in > war, `shoot them all and let God sort them out.' Perhaps in these > turbulent times, this message represents a `list all the rumors > and let the People sort them out.' I hope the truth prevails in > Cyberspace as it does in the real world. Our own controversies, > such as those above, will serve as an interesting experiment. From dan at geer.org Wed Jan 8 09:40:01 2014 From: dan at geer.org (dan at geer.org) Date: Wed, 08 Jan 2014 12:40:01 -0500 Subject: Jacob Appelbaum in Germany In-Reply-To: Your message of "Wed, 01 Jan 2014 07:38:43 +1000." <52C33963.1000709@echeque.com> Message-ID: <20140108174001.B0BFD2280B6@palinka.tinho.net> | In practice, it is pretty obvious that most practitioners of civil | disobedience believe they are above the law, that they usually *are* | above the law, and that in particular Swartz believed he was above the | law, and was shocked to find that he was not. | | There might be some sincere practitioners of civil disobedience, but | Swartz was not, and the big heroes of the civil disobedience brigade, | Ghandi and Thoreau, were not. A long time ago, I spent a couple of weeks in jail for trespass (occupation of the site where the Seabrook reactor now stands). Nearly everyone eventually pled not guilty with a notable exception: every single Quaker pleaded guilty on the grounds that in doing so and only in so doing did they bear witness. +1, in other words --dan From cryptography at patrickmylund.com Wed Jan 8 09:43:50 2014 From: cryptography at patrickmylund.com (Patrick Mylund Nielsen) Date: Wed, 8 Jan 2014 12:43:50 -0500 Subject: FUCK GRIFFIN BOYCE And yet ANOTHER NET.LOON Candidate Re: Earlier Detweiler ravings!! In-Reply-To: <52CD897F.4030200@cypherpunks.to> References: <52CD8184.5010107@cypherpunks.to> <59e4767e916d2e98931f386da08cfbd3@cryptolab.net> <52CD897F.4030200@cypherpunks.to> Message-ID: On Wed, Jan 8, 2014 at 12:23 PM, gwen hastings wrote: > Fuck You Griffin(happy now?) > > yes and FUCK you too!!..Who GIVES a FLYING FUCK as to what YOU CARE > ABOUT... > > those who dont remember the past are doomed to forever repeat it.. > GH > > idiot fuckwad kids > > The burglar thinks everyone a burglar... You should spend some of that energy on learning not to top-post. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 773 bytes Desc: not available URL: From dan at geer.org Wed Jan 8 09:45:55 2014 From: dan at geer.org (dan at geer.org) Date: Wed, 08 Jan 2014 12:45:55 -0500 Subject: [cryptography] To Protect and Infect Slides In-Reply-To: Your message of "Tue, 31 Dec 2013 15:42:21 CST." Message-ID: <20140108174555.9ACF62280B6@palinka.tinho.net> > 5) another realization upon hearing the 30c3 talk of Jacob Appelbaum > was the 'earth firewall' then indicates that the NSA controls the internet, > and that it is not operating as a subset within it, and instead everything > that occurs is within its domain.... The Internet is not controlled, i.e., there is a power vacuum that will soon be filled. There are many, many players and soon to be more. The question to be contemplated, if any, is this: Do you prefer that the competing claims of control over the Internet be resolved by way of (1) dramatic Balkanization or by way of (2) making the Internet an organ of world government? A thought experiment, if needing one: is VoIP a part of the Internet or is it not, that is do you have two networks in your home/office or one? --dan From griffin at cryptolab.net Wed Jan 8 10:01:48 2014 From: griffin at cryptolab.net (Griffin Boyce) Date: Wed, 08 Jan 2014 13:01:48 -0500 Subject: The number of fucks in a thimble In-Reply-To: <52CD897F.4030200@cypherpunks.to> References: <52CD8184.5010107@cypherpunks.to> <59e4767e916d2e98931f386da08cfbd3@cryptolab.net> <52CD897F.4030200@cypherpunks.to> Message-ID: <1e348d70bac6e9a1d84e86e017e67c1a@cryptolab.net> Well that escalated quickly. Considering that my entire generation of hackers & cypherpunks is being eviscerated -- surveilled, investigated, their professional lives threatened, I don't really care about in-fighting. When people stop being terrified of releasing their own research, maybe I will care about drama. Life is too short and our work too important to hold grudges. I don't delude myself that anyone cares about my opinions, but I reserve the right to have them. And while I too have disagreements with people in this space, there's little point in wasting energy on shouting about them on lists. =P Spend time doing something worthwhile. best, Griffin Boyce On 2014-01-08 12:23, gwen hastings wrote: > Fuck You Griffin(happy now?) > > yes and FUCK you too!!..Who GIVES a FLYING FUCK as to what YOU CARE > ABOUT... > > those who dont remember the past are doomed to forever repeat it.. > GH > > idiot fuckwad kids > > > On 1/8/14 9:02 AM, Griffin Boyce wrote: >> The amount of fucks I give about this can be conveniently stored >> within a thimble. If the drama is twenty years hence, maybe it's time >> to move beyond it? >> >> ~Griffin >> >> >> On 2014-01-08 11:49, gwen hastings wrote: >>> [drama from twenty years ago] From griffin at cryptolab.net Wed Jan 8 10:03:19 2014 From: griffin at cryptolab.net (Griffin Boyce) Date: Wed, 08 Jan 2014 13:03:19 -0500 Subject: FUCK GRIFFIN BOYCE And yet ANOTHER NET.LOON Candidate Re: Earlier Detweiler ravings!! In-Reply-To: <20140108175925.65AD3C00E83@frontend1.nyi.mail.srv.osa> References: <20140108175925.65AD3C00E83@frontend1.nyi.mail.srv.osa> Message-ID: <5042f4e1e159e27c5d2030b48156ea2a@cryptolab.net> On 2014-01-08 12:59, shelley at misanthropia.info wrote: > On Jan 8, 2014 9:48 AM, Patrick Mylund Nielsen > wrote: > > (snip) > >>> You should spend some of that energy on learning not to top-post. > > Ah, there it is. > *Now* it feels like authentic usenet. Maybe we should have a hundred-message thread fighting about top vs bottom ;) From rich at openwatch.net Wed Jan 8 13:46:15 2014 From: rich at openwatch.net (Rich Jones) Date: Wed, 8 Jan 2014 13:46:15 -0800 Subject: Private Distributed Hash Tables In-Reply-To: <1894233.dKfDltdh6N@lap> References: <1894233.dKfDltdh6N@lap> Message-ID: I suppose RetroShare and GNUnet are similar in that they have 'Friend to Friend' capabilities, but as we see in practice, they don't create high-quality networks because there is no hierarchy of trust or discoverability of new users - by default, users can't interact with 'friends-of-friends', which means that what should be "Private P2P" networks degrade to "Group P2P" networks of only a few people. This proposed system should be able to accommodate thousands of users while still providing the aforementioned benefits. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 591 bytes Desc: not available URL: From cathalgarvey at cathalgarvey.me Wed Jan 8 06:00:35 2014 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Wed, 08 Jan 2014 14:00:35 +0000 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <52CAA2A0.9070507@cathalgarvey.me> <52CAD18B.9080800@echeque.com> <52CADAB3.2040507@cathalgarvey.me> <52CB22EF.8020304@echeque.com> <20140107115038.GA25434@netbook.cypherspace.org> <217F0CE4-CD11-4C63-8A45-918B8E3C7DE9@gmail.com> Message-ID: <52CD5A03.7050908@cathalgarvey.me> >>> Cypherpunks write code & all that, gives James some brownie points. The NSA wrote some great code. SELinux, hardened DES against DC (yes, yes, low keystrength). Helped standardise lots of primitives that seem to work well, too. I guess they're upstanding, awesome folk, those NSA guys. Nothing to complain about, cut 'em some slack. What's some fascism, racism and naked suicide-trolling when you've written good code ages ago, eh? A dick is still a dick, past accomplishments notwithstanding, and "don't feed the trolls" is still the first law of the 'net. Moving on. On 07/01/14 15:37, Patrick Mylund Nielsen wrote: >> >> On Tue, Jan 7, 2014 at 6:50 AM, Adam Back wrote: >> >>> Dont worry about James hyperbole, he's just channeling Tim May who was one >>> of the three or four list co-founders, wrote the cyphernomicon [1], and >>> had >>> a habit of using that phrase 'needed killing' now and then, as I recall as >>> phrase to express his distaste for someone's actions. Its an expression, >>> not something literal... but James' black & white, non-PC, absolutist >>> personality precludes him saying that :) You just have to read it with a >>> USENET flame war mentality and parse for what he's actually saying. >>> >>> Apart from the refusal to bow to PC, James is actually a pretty smart guy >>> from what I recall. He implemented some simplifed UX, ECC crypto email >>> stuff called 'crypto kong' [2] way back in 1997. >>> >>> Cypherpunks write code & all that, gives James some brownie points. >> >> > History is littered with people who did remarkable things only to abuse the > trust people placed in them to do horrible things. Writing some cool ECC > crypto code does not preclude you from criticism when you show yourself to > be someone who fantasizes about killing people. (Just look at all the > creative ways he killed off people in the last thread! There was way too > much imagination involved to be channeling anyone.) -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x988B9099.asc Type: application/pgp-keys Size: 6176 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 901 bytes Desc: OpenPGP digital signature URL: From cathalgarvey at cathalgarvey.me Wed Jan 8 06:15:51 2014 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Wed, 08 Jan 2014 14:15:51 +0000 Subject: Brag About Exploits, Go to Jail In-Reply-To: References: <7F68B02DFEB581436A666788@F74D39FA044AA309EAEA14B9> <35D5C9B80E726F952D848CCB@F74D39FA044AA309EAEA14B9> <52CD0E01.5000108@echeque.com> Message-ID: <52CD5D97.6040106@cathalgarvey.me> > Snowden wanted to be identified, so it is alleged, and > has been caught as intended. I think the reasoning with Snowden was not so much to brag as to make himself a hard-to-assassinate public figure. In his case, so few people could have acquired the documents he did, that it was a matter of (little) time before he was noticed to be conveniently absent as the shit hit the fan. If he wasn't in the public eye by that time, he'd have been disappeared and/or shot in short order. > Not to be overlooked: the essence of comsec and > crypto is deception. So laugh at the open source ruse > on the way to the pokey. Funny that, I look at closed source as evidence of deception; without deception, there is no reason to hide the source. As long as they keys are secret, the protocol and code can be open, and should be if anyone's to trust that they're A) beneficent and B) competent. In the comparison of Cryptocat, which has tightened up radically because of code audits enabled by Open Sourcing it, to Bittorrent Sync (which used to advertise AES256 which was impossible with the keylength being shared, now advertises AES128, nobody knows how they implement it but a mistake like that screams "badly"), which is still unaudited snakeoil: BTSync boast massive bandwidth usage implying a significant user uptake, and moreso since the Snowden affair because of their snakeoil offering. So the Open Source guy gets all the attention, audits and improvement, while the closed source guys get no attention, no audits, and finally notice internally that they're offering AES256 when they can't physically accomplish it with the keylengths. I'll take Open, thanks. At least I can see what's wrong if it errs. On 08/01/14 12:55, John Young wrote: > James Donald wrote: > >> And if he had, like Snowden, kept a low profile, instead of flicking a >> towel in their faces, they never would have detected it. > > Swartz bragged to a slew of people and was caught. > Manning bragged to Lamo and was caught. > Kiriakou bragged to a journalist and was caught. > Sabu bragged to cohorts and was caught. > Barrett Brown bragged to the world and was caught. > Several Anonymouses bragged and were caught. > And so on, dozens in just the last decade. > > Jim Bell bragged online and went to jail. So did Carl > Johnson. Cops love braggarts, brag themselves to > braggarts to keep prisons happylands. > > How many did not brag and remained uncaught? There > are likely thousands of them. Many of those work with > or emulate spies who do not brag as rule number 1. > > Snowden wanted to be identified, so it is alleged, and > has been caught as intended. > > Is this nuts or what, vainglorious stupidity, or a commonplace > ruse to get the enemy to expose its capabilities, or to flaunt > one's own hybrid of authentic and fake to spook the enemy, > to seel products, to boost budgets, to manipulate public > opinion. The fundamental purpose of leaks. > > Keeping a non-existent profile is worth considering, along > with a hundred pseudos. > > And putting a high-profile out there is what the Internet > was intended to do, fake, sock, pseudo, anon, sucker. > > Not to be overlooked: the essence of comsec and > crypto is deception. So laugh at the open source ruse > on the way to the pokey. > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x988B9099.asc Type: application/pgp-keys Size: 6176 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 901 bytes Desc: OpenPGP digital signature URL: From shelley at misanthropia.info Wed Jan 8 14:16:20 2014 From: shelley at misanthropia.info (shelley at misanthropia.info) Date: Wed, 8 Jan 2014 14:16:20 -0800 Subject: HTML on-list messages, top-posting In-Reply-To: <3400766.DlXAxvbig4@lap> Message-ID: <20140108221630.25C60C00E8E@frontend1.nyi.mail.srv.osa> Top-post  top-post  top-post!! Just apologizing for the off-list reply, rysiek.   Meant to post to list, forgot to change the address line (stupid mobile email client...) Regards, -Hitler  On Jan 8, 2014 2:10 PM, rysiek <rysiek at hackerspace.pl> wrote: Hi there, since we're already deep into Usenet territory, I'll just leave this message here and see what happens. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 762 bytes Desc: not available URL: From shelley at misanthropia.info Wed Jan 8 14:51:06 2014 From: shelley at misanthropia.info (shelley at misanthropia.info) Date: Wed, 08 Jan 2014 14:51:06 -0800 Subject: HTML on-list messages, top-posting In-Reply-To: <20140108223537.GB11999@debian> References: <20140108221630.25C60C00E8E@frontend1.nyi.mail.srv.osa> <3789484.B68CHrmnZb@lap> <20140108223537.GB11999@debian> Message-ID: <1389221466.18680.68350077.3800AA41@webmail.messagingengine.com> On Wed, Jan 8, 2014, at 02:35 PM, staticsafe wrote: (snip) > > Most mailing lists I've encountered do not mess with the reply-to > header. cryptome & libtech do (just two I can think of right off) Btw: yes, I hate html on lists too. Will try not to reply using my shitty mobile email client when I'm away from real email! From shelley at misanthropia.info Wed Jan 8 15:09:02 2014 From: shelley at misanthropia.info (shelley at misanthropia.info) Date: Wed, 08 Jan 2014 15:09:02 -0800 Subject: HTML on-list messages, top-posting Message-ID: <1389222542.1745.68350077.7D3E0031@webmail.messagingengine.com> On Wed, Jan 8, 2014, at 02:35 PM, staticsafe wrote: (snip) > > Most mailing lists I've encountered do not mess with the reply-to > header. cryptome & libtech do (just two I can think of right off) Btw: yes, I hate html on lists too. Will try not to reply using my shitty mobile email client when I'm away from real email! From hettinga at gmail.com Wed Jan 8 11:38:37 2014 From: hettinga at gmail.com (Robert Hettinga) Date: Wed, 8 Jan 2014 15:38:37 -0400 Subject: This In-Reply-To: <5bf2d7d9e6062e217baf2454e528fae0.squirrel@fulvetta.riseup.net> References: <52CD8184.5010107@cypherpunks.to> <59e4767e916d2e98931f386da08cfbd3@cryptolab.net> <52CD897F.4030200@cypherpunks.to> <1e348d70bac6e9a1d84e86e017e67c1a@cryptolab.net> <5bf2d7d9e6062e217baf2454e528fae0.squirrel@fulvetta.riseup.net> Message-ID: On Jan 8, 2014, at 2:32 PM, Odinn Cyberguerrilla wrote: I haven’t had > This. --> much fun since the hogs ate my little brother, I tellyawot… Cheers, RAH -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 496 bytes Desc: Message signed with OpenPGP using GPGMail URL: From demonfighter at gmail.com Wed Jan 8 12:54:28 2014 From: demonfighter at gmail.com (demonfighter6 .) Date: Wed, 8 Jan 2014 15:54:28 -0500 Subject: FUCK GRIFFIN BOYCE And yet ANOTHER NET.LOON Candidate Re: Earlier Detweiler ravings!! In-Reply-To: <20140108175925.65AD3C00E83@frontend1.nyi.mail.srv.osa> References: <20140108175925.65AD3C00E83@frontend1.nyi.mail.srv.osa> Message-ID: On Wed, Jan 8, 2014 at 12:59 PM, wrote: > Ah, there it is. > *Now* it feels like authentic usenet. No, not quite yet. People who top-post are just like ***Hitler***! There, that should do it. -- Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 661 bytes Desc: not available URL: From jamesd at echeque.com Tue Jan 7 22:14:16 2014 From: jamesd at echeque.com (James A. Donald) Date: Wed, 08 Jan 2014 16:14:16 +1000 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <50CA74F4E6FD2613A83583BE@F74D39FA044AA309EAEA14B9> References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5B79.1060801@echeque.com> <50CA74F4E6FD2613A83583BE@F74D39FA044AA309EAEA14B9> Message-ID: <52CCECB8.3080405@echeque.com> "James A. Donald" > > No one gave a damn about Aaron Swartz leaking the docs. That was not > > what he was charged with, and not what pissed off the sysadmins. What > > pissed off the sysadmins was physical intrusion, and him bringing the > > network to its knees. On 2014-01-08 11:32, Juan Garofalo wrote: > That is bullshit. That is the charges against Aaron Swartz. http://docs.jstor.org/summary.html > If you want to attack Swartz you can do it without laughably trying to > defend the 'physical property' of the mit mafia. Your defense being doubly > weird since you're supposedly a libertarian? Libertarians are propertarians. Property rights are the boundaries between one man's plan and another man's plan. If the ruling elite casually violate property rights, then, as with Obamacare, the result is chaos, which must be resolved by one plan imposed on all to restore order in order to avoid collapse. Terror follows in due course. Should the terror ease, collapse follows. This has been explained by Mises and Hayek, and colorfully dramatized by Ayn Rand. From electromagnetize at gmail.com Wed Jan 8 14:20:45 2014 From: electromagnetize at gmail.com (brian carroll) Date: Wed, 8 Jan 2014 16:20:45 -0600 Subject: [cryptography] To Protect and Infect Slides In-Reply-To: <20140108174555.9ACF62280B6@palinka.tinho.net> References: <20140108174555.9ACF62280B6@palinka.tinho.net> Message-ID: i wrote: > 5) another realization upon hearing the 30c3 talk of Jacob Appelbaum > > was the 'earth firewall' then indicates that the NSA controls the > internet, > > and that it is not operating as a subset within it, and instead > everything > > that occurs is within its domain.... > replies: > The Internet is not controlled,... my immediate reaction: this is ideology. just like internet security or anonymity, beyond a given threshold it is controlled, not anonymous, it just matters if those layers are perceptible and-or acknowledged within a given zone of observation. perhaps my view is naive, and lacks basic understanding of the situation (knowing those here are involved indepth with standards, history, designing and building of said infrastructures) will try to explain why this is my relation. most everywhere i look, much of everything i see is trapped within ideology. a condition i equate with 'answered questions'. not necessarily bad if beliefs are grounded, yet if somehow erroneous, then 'knowing' is replaced by inaccurate believing that then becomes standardized, _the_shared_view, etc. never successful at attempts to learn programming (they started with calculus problems in C++ on first day, had to drop) and while having tried Logo for fun, using for geometry, have not made it past that in terms of descriptive reading of programming ala computer software; though perhaps in some way the condition of 'ideology all around' or of a surrounding ideology, perhaps much of it ungrounded/inaccurate and thus warp/skew/bias/falsity normalized and related to and through, is that it is like having a - guessing - high level programming language reliant upon lower level assumptions that would be in error if not wrong. not sure if this would be machine code, assemblers, whatever. though that that remains unchecked while the other code views continue on as a shared perspective and develop a given worldview based on what can be done, though the underlying systems may function differently or may not be able to sustain those views if audited or error-corrected thus i do not see how observation is so readily able to be detached from its accounting in truth, at the level of processing or parsing of data, in its actual truth, grounded observation and shared circuitry, for it would be opposite how computers actually function if removing the logic gates from microchips, the billions of transistors/switches, and then just letting anything compute in any way that is believed-- yet that is actually how -language- qua communication functions in terms of untethered beliefs, this relativistic relations as if shared set though based on unshared sets and different views and frameworks, then consensus in agreeing on things (beliefs) without processing it all the way down, seeing that turtles may beat the hare in the race because they may not make errors while the hare may crash & burn though if unaccounted for it does not matter- truth becomes irrelevant given that 'random number generation' is so difficult to insure, in a crypto model, to assume a highly rationalized and deterministically (it is assumed) functioning system is operating within or as chaos seems likewise ideological, in the sense that these are constructed systems in certain parameters that can be accounted for, and yet may not be likewise, in everyday terms, so an illusion may exist or persist of 'no control' or 'wildness' while thoroughly accounted for at another level or layer, where the specs are closed by the originators and root of one level may access root of another, or those combined in a military context as origin, i do not think it likely to imagine this is not the case, when planned as a strategic infrastructure, to think all technical capacity is in books or manuals or given to consumers or detectable using normal means or parameters. also; it seems that the system was designed to be hacked, experimented with, and this is part of the myth-making and legendary hacks- is that they were open enough to accomplish these feats, even perhaps supported in doing so within a given culture, and perhaps this was a ruse and not an oversight or misstep. or perhaps it was exploited, harnessed as a way to create industries, such as computer and internet security, allowing again an illusory 'wilderness' and then 'increased controls' for the chaos or untamed environment. perhaps it is unregulated to a degree, in-line with certain philosophies, that are experimenting with the medium in terms of social or cultural engineering, etc. tho in this, what strikes so odd is that anarchists are so group- oriented, and identity-based in 'cypherpunks' as a common view, reliant on these technical systems in a given incarnation that are bringing wealth and jobs and skills and status, likely also perks, which seems a bit opposite to what some of the ideas are about, seemingly. though i do not know enough to know why i feel this or intuit some dissonance between what exists as infrastructure and views of 'liberation' or 'freedom' that may be based upon or rely upon or use or exploit distortions, even, unreal parameters that do not parse at the processing level of logic, absolute truth and instead like other 'group views' become ideologically-based and this allows friction-free beliefs of a given group versus others it seems much more of an individual condition, situation, to ponder and that the split is at this level, because the complexity is likewise, yet when 'the group identity' is invoked, it seems to presume that a given cohesiveness and understanding exists that i tend to think is a fiction or perhaps an overstatement of what can be achieved within the stated parameters - unless accuracy at the transistor level of the ideas is dealt with. this is a problem of language and history itself.. i mean, if someone brings up or references 'secrecy & history' and this is parsed in a view of private mankind, that leads to one set of assumptions and values; whereas if it is grounded in a human set of relations that is another interpretation. though any #keyword is capable of this ideological split, any given view or belief or concept; it does not inherently have 'group coherence' or scale to a group by default of its corruption at this top-most level of shared observation and agreement or verification, instead it is bounded, an upper-limit exists that is actually very low level, and thus individual processing that is not matched between people becomes this logical limit of shared observation, if one view or another warps, skews, biases at the input/output of another yet while claimed the common POV in this way: language <--> language versus: truth <--> truth when it involves ungrounded beliefs, concepts, communication that seeks to represent 'shared reality' via language, relaying ideas though that inherently contains errors, given the medium/approach that allows and requires and relies on this (serial strings without error-checking or correction, repeated over and over, ad naseum) thus something like: "what is history?" that becomes a question that some may assume exists within a given realm of accuracy, and others may not even believe in it as a representation of accurate events, in that- was the 'inside view' what was captured or translated, or an external view of events that seeks to represent what occurred via some form of approximation i believe that looking backward into situations is not necessarily to adequately discern the truth of the present, lacking access to the secret if quasi-encrypted truth of the past, in its truth, at this transistor or logic-gate level of processing. and that in terms of the state -- much of this is likely off-limits to known 'historic' events, perhaps even to include Arpanet or revolutions, in the way they are engineered from perhaps a set of parameters beyond known or written accounts, in other dynamics remaining unaccounted for this is to consider that there may actually be very large secrets that are not known or divulged even while others of lesser depth are accessible or available to a 'group scale'. somewhat like the view that an industry-wide effort to allow hackable infrastructure is only occurring on those beneficial terms in a geopolitical context, which would be incredibly naive to think people were not handed this situation and instead developed or discovered it themselves, that is, there is more on the inside going on than the outside is capable of understanding in terms or parameters that may exist the idea of hacker as revolutionary or freedom fighter, while all well and good, is also a way to be a pawn in a larger worldgame and the effects turning against people operating within a certain range of assumptions appears as if a wake-up call that this is perhaps beyond a realm understood by those operating within it; and that resources could exist that far outweigh anything that is deployed or available in the public or private realms, perhaps even making what is going on child's play by comparison. such that- sure, you think you are just going to take down the power grid because you *think* you have access to the SCADA network- "go ahead-- make my day..." some of these situations are unbelievable. they are too easy. which indicates deception and people being taken for a ride for instance, if someone threatens to turn the lights off to a population via hacking into a power system, and defines this as a 'cypherpunk' activity, because it is an offensive attack using subverted computer systems and high-level skills, it can be interpreted in different ways as a 'shared identity'- as if the hacking skills is the value or morality, a higher status as if information or computer warriors or whatnot. yet not to differentiate 'who is being attacked' then could imply that it would not matter if humans were attacked, and thus such events could be against people like myself and to me (and others, and especially the state) this would be an enemy action, if that level of consideration was not involved or was not relevant- perhaps because the ideology is not processed to that degree or level and instead relies on ego or superior- belief as a privileged class. whoever the hackers are, it is certain there are others vastly more powerful in this world, and yet this may exist in a secret undiscoverable realm until it is too late to change course or take-back actions (at least that is my belief, given evidence that cannot be shared) i mean, you could even be a malicious alien attacker with IQ of 10,000 or something & appear to have total control over surrounding populations, though again- it could be deception and with certainty there are others of higher capacity totally able to neutralize any such threats, without any question (this raises the question of what is the common context or foundation for relations and identity- is this a parallel-world simulation, part-real part-fictive woven together across both past-and-future, engineering reality in the present moment. if so is acknowledging this not critical to realism, such that clones and copies and avatars are involved in scifi identity- relations, as a standard, and not some other assumption instead quaint, that allows a warped version of relation to continue uncorrected, easy exploitation, easy lies, etc.) thing is about language, people can reference ideas and-or concepts, authors-- thus, Hayek, Keynes, Hegel, Marx, and yet what is being referenced is ideology, believed viewpoints established as shared relations --perspectives-- yet that may not be parsed in their truth, as ideas, at the transistor level, so what is shared is a social understanding or consensus or relation based upon agreed upon principles or patterns that, in their being representational, copies of belief even, can in turn substitute or stand-in for that grounded truth requiring direct observation and testing of principles and hypotheses in an unbiased, neutral framework - which does not exist in the relativistic approach to communication nor ideas Hayek, Keynes, Hegel, Marx and others had 'some truth' yet it is not absolute truth within language as language, as it is mediated. these are signs, patterns, instead that are referenced, not truth itself. it is trap, just like when i refer to an author and seek to present their views yet this is a limit or skew is inherent and perhaps even inaccurate, not only my views though their views also, potentially also in error, not absolute in correctness, yet believed to be as if biblical conveyance that is to be knelt down before and served as if higher, even, as if guiding light, when that same light may not be as bright as direct observation shared by and between people of the same phenomena modeled in parameters more accurate or beyond those of the past if considering the medium of 'the book' as including and involving 'all books'-- most of the views are tending toward falsity in some way, due to the problems with language and communication and observation, even if philosophy or work that resonates. a layer or layers of error exists as a structure, due to the approach. the assembler is wrong from the beginning. everything needs to be re- written and its truth recontextualized to neutralize the existing (historic or observational) bias, then to mine those perspectives -beyond copyright- for a larger and more inclusive shared perspective, weaving together all truth in a single model. without a certain approach to logic it is not possible. the errors are structural, needed, and then what is linked, parsed, likewise, especially in an AI context, for computation, evaluation, deliberation, decision-making, which would lead to automated tyranny if a computer that is inaccurate and faulty in reasoning then was to judge other external events, while missing that core truth or serving the higher vs. lower principles; and thank science and technologists equivalent to a new priesthood for not questioning this either, because they are inherently always right, due to sustained dogma and ideological beliefs in their own higher awareness, virtue, values, by ignoring data outside their models yet in doing so, discarding truth in 'universal calculations' there seems to be 'an escape velocity from reality' as a shared situation in online belief systems, for relation that scales from the group back into individual contexts as if believing makes it so, and this can be a deception of the highest order, a mistake so large and dangerous that before a person realizes it, they are already off the cliff and it is too late to do anything about it, the ground has shifted let's say someone is going around stealing and attacking opponents on the internet. they may not realize this is a death sentence in a new, changed context. they will be pursued and eliminated for such activity by another group. that those are the stakes. not stealing from a toy store, but taking away others lives, careers, health, tools, etc. it is not like you can try killing off a people over centuries and then when it is revealed, the situation will simply involve saying 'good game', shake hands, and then they will then be treated equally, and allowed to continue onward as citizens, even while having practiced genocide and instituted pogroms. it is much more serious than that. the stakes are as high as it gets in both mortal and illusory immortal terms. those seeming the most invincible are the very entities weakest, yet may never realize it because the illusion is sustained; so it becomes a test of power, until one day there is failure, a critical failure beyond the existing parameters and beliefs, something outside the worldview and ability to imagine it this is more the nature of what exists and is going on today so why would the present divulge such core code as master narrative out-in-the-open, for fear it may be understood and-or used by the enemy, etc. -- unless the enemy cannot parse it, because their assembler language is skewed by necessity & in doing so, forces a given perspective that can be exploited- such that things are really simple, simple as believed, look at the mastery we have, look at ourselves in the mirror, aren't we great, superior, of highest intelligence, the smartest set, etc. if people are talking about Hegel or Marx or [author/ideas] yet are not involved in truth and logic and reasoning as part of this fundamental relation, likely they are involved in the ideological dynamics of these - language computations - versus grounded truth that removes the views and langauge of their errors, which are many. you just cannot transport the past into the present without some anomalies or aberrations in view, it must also be accounted for. yet most times none of it is, assumption upon next assumption, layer upon layer of previous consensus and "group opinion" relied upon as structure - versus the concepts and ideas in their purity, as informational models, many that are skewed or warped when applied as default historic views ideas about capitalism are crazy. about communism. about money. about society. just fucking insane. nonsensical. insofar as they are detached from actual observable truth versus beliefs that are shared, copied, exchanged, exploited for instance, i believe that politics as a category or discipline likely does not need to exist except within certain conditions it would seem that a human population, if cohesive identity, would only require ~governance, to manage a representative view (say direct democracy, feedback from citizens of state) and that this internal-fracturing of the political is an effect of having an _unshared identity, or multiple identities competing group1 <---> group2 such that, each group would have its own politics, and thus the more there is subdivision, say group1 (a,b,c) , that each of these then becomes potentially oppositional within whatever those dimensions or dynamics are likewise (schizphrenica of the state, as planned, and relativism go together, enable this) (politics1a) <--> (politics1b) <--|--> (politics2) note that both 'inside a shared identity' (1) could be split and those groups 'outside' the identity (2), thus humans could be against other humans and against antihumans via politics this is what confusion gets you, and not having grounding of views and beliefs in truth, and shared observation allows this and leads to it as a condition, especially of ideology, as such ungrounded dynamics are shared via consensus, submitting or compliance with standards, norms, shared views, etc. governance, in contrast, could exist just in group 1, or so it seems, and also in relation to group 2, yet not in opposition: (governance) <---> (governance) -- note interior/exterior dynamics of shared identity... (governance <---> governance) if these were two different human groups or people, they are not necessarily inherently or necessarily opposed, given how law and relations exist, in what dimension and parameters, and this could be anything. how one individual relates to another, how an individual relates to the group. a child to their family. children with other children. states with states or individuals with a state. core code, yet trapped in a view of politics as standardized via mass media, corrupt code of constitution exploited, ~framed as if politics are "freedom" versus the basis for tyranny, difference as if liberation, etc (here i think the idea of conservation also has relevance, its relation with innovation in a more subtle if literal way) secrecy then in this context. developing of state infrastructure, if truth is at the core, issues of governance- shared identity, not of politics, division & opposition as matter of course interaction, that would be the illusion, part of the deception, the polarization yet to belong would involve allegiance to truth, not shared belief. litmus test being everything, ever action a person takes, this in the context of global surveillance state, every gear and rotation measured for and counted against, clock ticking on destinies i think this same thing holds true for patents, of unshared identity which then splits and divied the shared condition into a 'shared group relation' as an ideological impossibility: (patent1a) <--> (patent1b) <--|--> (patent2) where 'human discovery' cannot be legally allowed to benefit other humans, and instead must be a realm of 'private profit' at the expense of the group, a limit to innovation or censoring shared interactions to only monetary terms of relation, which can and have been hacked and exploited to onesided relations versus patents in a shared human identity, where basic and fair compensation would exist yet not for exploitation against the group development, via sharing knowledge versus hoarding it and preventing its shared use for wider cultural development (patent1 <---> patent2) that is, the above patents would be of the 'human' domain as a shared identity, and would have inclusiveness to this group, an inside condition, while others may exist outside this and thus the patents could protect against unlawful use, especially against human goals or principles via law and its enforcement (patent1 <---> patent2) <--|--> (antihuman) in this way the patent system would benefit humans as the shared set, and protect ideas from their antihuman exploitation or corruption by outside or external forces, who may seek to corrupt, exploit, undermine via the patent system, hacking it, or seeking to prevent spread of knowledge, discovery, invention by way of proprietarizing information and ideas, via pseudo-truths error-checking and correction are key to verification/validation of ideas, proofs required for testing statements and hypothesis as it relates or grounds to truth and falsity in logical 1s and 0s (this step and many in proximity are most oftentimes skipped, not least by scientists who have an ideological domain to patrol, protect and defend against outside truth challenging their skew) what is more, it seems this issue of group and individual ID is also inherent in masquerade, the presentation of viewpoints in a context of anonymity, and the assumption that intent is what is presented is thus a claim that may not be verifiable beyond actions that could involve mimicry or simulate 'shared views' there could be deception involved, different interpretation, of oppressors and liberators side-by-side using the same mask though for different reasons, this internal fracturing de facto yet the politics not necessarily revealed "externally" even while 'in group' (such that 1a<->1b, also: 1a<->1b<--2, etc) discard or discount truth in validating 'shared beliefs', this. then marketing-and-communications, advertising strategy, another layer of manipulation- get some photogenic models, put masks on them, represent the NSA as outsider view, etc. this is so basic to the dynamic of subversion to be expected, especially cynicism, if the very things fought against wearing same masks, hiding within multiple layers reside beside you. int his way, devilish details, uncooked eggs, anthro-implication of this incestuous manipulation of the state at the nano-level, not only of miswired chips, miswired relations, brain cells normalizing this processing as if on the level versus rigged, the whole game tilted, racking up points for the subverters for the sake of goverance and higher truth, morality implicit for sake of politics and lesser truth, immorality standardized and made relational, shared lies as if shared truth, if serving self and others of like ideological mind. that level of corruption. where it involves in the individual scaled to shared corrupt state that is the enemy of humans. that loss of control over self in its relation, service to, and observance of higher truth, not just that which serves immediate needs in limited parameters, justifiably superior because it helps self most, damn others. as language, concepts, works ideologically buttress these views, 'great works' repeated again and again, to legitimize beliefs as operational structures minus accounting for their actual truth in a wider boundary and empirical framework in this way, money as absolute truth, business philosophy is as far as it goes-- all that is needed, to determine value and morality in the ongoing destruction of civilization for the goals of few at the expense of truth, live, love of many, including of nature, the future, the past, wisdom, all that is The Internet is not controlled, i.e., there is a power vacuum > that will soon be filled. There are many, many players and soon > to be more. > i may or may not understand the implications of this view though find it interesting (as your many other observations). i correlate it with the framework above, where when nested in such a context, yields what i consider truth and accuracy of the ongoing situation in certain dimensions, given perspective or 'structural viewpoint' - what is observable and out of view. thus 'order out of chaos' may emerge via takeover even, perhaps, conquering or conquest or colonization of servers and services by a given group, imagining a scenario akin to what has occurred locally by outsiders taking over positions, management and representation, replacing populations, etc. i relate the use of 'vacuum' to a particular context, anecdote; once was given opportunity for art exhibit in gallery, in turn 'electromagnetic assemblage' display installed of artifacts & data to try to conjure up consciousness and awareness of the electromagnetic domain. somehow, amongst giant harddrive from 70s and cobra streetlight fixture and antenna, including vacuum tube radio, was a vacuum cleaner left by someone in the gallery. i noted how it would be funny to leave it there, amidst the other artifacts, as a joke. because it both belongs in the context as a device yet also is ordinary and everyday, part of the gallery maintenance and chores, and this added a missing dimension that was beyond all the seriousness of trying to convey a viewpoint that already existed within the normal parameters of the space, when hidden away when 'on display'. and thus it was revealing something in its greater depth or significance, both recontextualizing and being recontextualized by other artifacts, offering up other perspectives and relations, dimensions, parameters and i thought it was just quite funny how it exists this way, not sure if this is equivalent to a trope or something such and maybe so too, 'the vacuum' of the internet if assumed to be cleaned of other dimensions, the clean room scenario as if all that is occurring is surgical based on high-insight versus laid-out in advance, step by step, a sequence of traps set up, one to the next, at the infrastructural level, such that if it is believed a vacuum...oh my, what a joke The question to be contemplated, if any, is this: > Do you prefer that the competing claims of control over the > Internet be resolved by way of (1) dramatic Balkanization or > by way of (2) making the Internet an organ of world government? > within a certain framework of politics and identity this could indeed be valid and a basis for relations, insight, etc. though also potentially bounded by this same structure of analysis it could be parsed in wide-ranging ways depending on how these parameters are evaluated and in what terms. how is it assumed it is not already an instrument of world.gov, etc. and are 'we' privy to that level of secret information if so, etc. what is Balkanization from the inside, in its truth, versus as an external representation of events, from inside and outside in terms of language and communication. what if the Balkans are not divided from the human context, nor world government, and so human governance is shared as is empirical truth, thus some of these may not be questions at a given level of inquiry or may not be 'political' relations, divisions as may be framed by a given viewpoint or identity. can such questions even be pondered or asked within a particular set of ID boundaries or might some of it remain unspoken for security reasons another look at it would be this is the scrim of the state as movie, projecting dynamics of relativism and political discord as 'massa confusa' that is the precursor to order; it could have structural and ideological importance, truth within certain conditions and be useful for relations, etc. so perhaps a protocol layer of a higher level language or representation of programming, details there effecting & effected by, referencing or calling-up other routines and functioning from other layers, which helps shape a larger situation, in its various details and intricacies (such that, approximately: ~where there is truth there is also value) securing truth at the individual level, bridging or spanning this between individuals, individual to individual as group, and groups between groups, and various individuals and various groups likewise (nations, citizens cross pollinate in human terms, value, principles), this as shared identity where cultural difference and belief may have a spectrum of possibilities yet truth itself is observed and governs self, is the basis for value, relations, exchange, group relations such a story remains unwritten as a shared perspective, a context for this shared viewpoint has not been secured within language, it exists outside of it, communications; ideology rules over this entire domain as insane tyranny where beliefs become detached from reality, accounting in this madness, to question, to exchange ideas, views, in so far as they are not ~money, seems merely a fiction by comparison to the weight of material power needed to effect change in the world, between people, via such ideas if this way, if there is no truth, there is no proof for reason beyond that which money affords, allowing accounting for, and uses language to prevent against, via its subversion; this enronomics the basis for ideological exchange also between peoples using words as if sign-making enough; calculations bringing-into-being or conjuring what is real if only it were believed as readily as those most invested yet at their core, as with technology: nothing. such that the spirit of the cellphone viewed superior to the frog, this a realm of 'makers', mimics, who think they are in control because they copy and control things not of their own doing or understanding or origin, yet believed so by this capacity; it is a fundamental mistake in 'universal belief' that confuses position with truth. the greatest falsity rises highest prior to collapse, this part of a cosmic deception since time began > A thought experiment, if needing one: is VoIP a part of the > Internet or is it not, that is do you have two networks in your > home/office or one? > i really don't give a fuck, tbh. it is irrelevant in the parameters functioned within in my realm. its like lincoln-logs or slinky, in that they are embedded, captured within massive dynamics that inform the situations (politics, governance, identity) and within those frameworks, issues of security and insecurity, hacking, attacks, remote access to conversations breaking privacy plus surveillance, yet all of this also accounted for though not out in the open. if someone wants to take that info and attempt to blackmail individual against individual, at some point they may realize it is individual vs civilization (that is where people are assassinated in due course, even if idiot hackers who are rummaging through other peoples lives) note: also do not dismiss its relevance for others, or important technical questions or considerations or relevance, though the parameters i relate to are stated as to how it is parsed 0s & 1s (this is to perhaps attempt to apologize for psychic damage of conveying such views, harshness it involves when actually it is about seeking this common framework, friction against ideas and concepts and ideology part of the process, antagonism is natural byproduct of education system, institutional brutality against such modeling, accuracy, thus predisposed to convey views as only a limited view of single observer can do within a finite perspective, including biases, faults, errors, prejudices, though knowingly need to be corrected by others for this and thus seek to apologize for antagonism that goes along with this view, though also part of language, communication, not being able to communicate about it, thus best attempt here, while flawed, inadequate, insultive, insensitive, though also on attack against enemies, trying to dismantle false beliefs, break-through walls of labyrinth, help slay the evil minotaur) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 39705 bytes Desc: not available URL: From electromagnetize at gmail.com Wed Jan 8 14:37:34 2014 From: electromagnetize at gmail.com (brian carroll) Date: Wed, 8 Jan 2014 16:37:34 -0600 Subject: [cryptography] To Protect and Infect Slides (addenda) Message-ID: context: forgot to mention overriding hypothesis that state of insecure crypto - as with nukes - may be price of peace for cold war reunification in improved framework, thus structural duplicity has wider impact than inside states alone, could also bridge state-state secure relations in parallel with those that are insecure, allowing for advanced governing relations; in this way, broken crypto could represent deeper truth of the inside condition than what is able to be written about, yet exists as consciousness for those in the industry, etc, given what perspective, parameters, values, in the deception On Wed, Jan 8, 2014 at 11:45 AM, wrote: > > > 5) another realization upon hearing the 30c3 talk of Jacob Appelbaum > > was the 'earth firewall' then indicates that the NSA controls the > internet, > > and that it is not operating as a subset within it, and instead > everything > > that occurs is within its domain.... > > The Internet is not controlled, i.e., there is a power vacuum > that will soon be filled. There are many, many players and soon > to be more. The question to be contemplated, if any, is this: > Do you prefer that the competing claims of control over the > Internet be resolved by way of (1) dramatic Balkanization or > by way of (2) making the Internet an organ of world government? > > A thought experiment, if needing one: is VoIP a part of the > Internet or is it not, that is do you have two networks in your > home/office or one? > > --dan > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1930 bytes Desc: not available URL: From dan at geer.org Wed Jan 8 13:38:26 2014 From: dan at geer.org (dan at geer.org) Date: Wed, 08 Jan 2014 16:38:26 -0500 Subject: [cryptography] To Protect and Infect Slides In-Reply-To: Your message of "Wed, 01 Jan 2014 08:37:16 EST." Message-ID: <20140108213826.406CF228134@palinka.tinho.net> Keying off of one phrase alone, > This combat is about far more than crypto... I suggest you immediately familiarize yourself with last month's changes to the Wassenaar Agreement, perhaps starting here: http://oti.newamerica.net/blogposts/2013/international_agreement_reached_controlling_export_of_mass_and_intrusive_surveillance Precis: Two new classes of export prohibited software: Intrusion software "Software" specially designed or modified to avoid detection by 'monitoring tools', or to defeat 'protective countermeasures', of a computer or network capable device, and performing any of the following: a. The extraction of data or information, from a computer or network capable device, or the modification of system or user data; or b. The modification of the standard execution path of a program or process in order to allow the execution of externally provided instructions. IP network surveillance systems 5. A. 1. j. IP network communications surveillance systems or equipment, and specially designed components therefor, having all of the following: 1. Performing all of the following on a carrier class IP network (e.g., national grade IP backbone): a. Analysis at the application layer (e.g., Layer 7 of Open Systems Interconnection (OSI) model (ISO/IEC 7498-1)); b. Extraction of selected metadata and application content (e.g., voice, video, messages, attachments); and c. Indexing of extracted data; and 2. Being specially designed to carry out all of the following: a. Execution of searches on the basis of 'hard selectors'; and b. Mapping of the relational network of an individual or of a group of people. All the same arguments that applied exportation bans for crypto software apply here, especially that of pointlessness. --dan [ Software doesn't spy on people; people spy on people ] From coderman at gmail.com Wed Jan 8 16:51:15 2014 From: coderman at gmail.com (coderman) Date: Wed, 8 Jan 2014 16:51:15 -0800 Subject: hacker != cracker (Re: Swartz, Weev & radical libertarian lexicon) In-Reply-To: <20140108160339.GB5008@netbook.cypherspace.org> References: <52CAA24E.5060809@cathalgarvey.me> <20140107221552.GA30141@netbook.cypherspace.org> <4963866.WpBD6rzBPb@lap> <20140108160339.GB5008@netbook.cypherspace.org> Message-ID: On Wed, Jan 8, 2014 at 8:03 AM, Adam Back wrote: > ... > Independent security researcher can be risky. Get a legal signed doc from > the people you audit people say (yeah like they're gonna give you one for an > unsolicited investigation). > > Weev was an independent security researcher after all, in a team even. > Goatse security http://en.wikipedia.org/wiki/Goatse_Security. They did find > some interesting and news worthy hacking stuff, even won awards from Tech > Crunch seemingly. my comment was in reference to the prosecution of a guy for merely calling himself a hacker, e.g.: https://plus.google.com/+AndreasSchou/posts/XBhgQ72UP83 "" ... accused of: threatening national security by open-sourcing a network visualization and whitelisting tool.... "" ... and ""hacker" admission on defendants website" !!! also, http://www.techdirt.com/articles/20131022/13260324972/govt-contractor-uses-copyright-fear-hackers-to-get-restraining-order-against-open-source-developer.shtml http://nakedsecurity.sophos.com/2013/10/25/developers-computer-seized-because-he-called-himself-a-hacker/ the only reliable way to avoid retribution and arbitrary prosecution seems to be: stay off the radar! but this runs counter to the need, as you describe, for "brave canaries with squeaky clean reps". i am exploring a gambit for disclosure post-statute-of-limitations, but even this protection seems meager and risky. From adam at cypherspace.org Wed Jan 8 07:52:29 2014 From: adam at cypherspace.org (Adam Back) Date: Wed, 8 Jan 2014 16:52:29 +0100 Subject: Brag About Exploits, Go to Jail In-Reply-To: References: <7F68B02DFEB581436A666788@F74D39FA044AA309EAEA14B9> <35D5C9B80E726F952D848CCB@F74D39FA044AA309EAEA14B9> <52CD0E01.5000108@echeque.com> <52CD5D97.6040106@cathalgarvey.me> Message-ID: <20140108155229.GA5008@netbook.cypherspace.org> I love it, pure poetry :) Go JYA! (reformatted slightly) On Wed, Jan 08, 2014 at 10:29:26AM -0500, John Young wrote: > [...] > Significant variations of braggardy, from loud to quiet. > overstatement to understatement. > Chump version: "needs killing." > Chimp version: Snowden is a hero, or traitor. > Wimp version: more leaks by others, none by me. > Gimp version: this is nothing new. > Limp version: don't insult people here, don't discuss politics, message > deleted by moderator. > Blimp version: this forum is unmoderated. Adam From coderman at gmail.com Wed Jan 8 17:01:04 2014 From: coderman at gmail.com (coderman) Date: Wed, 8 Jan 2014 17:01:04 -0800 Subject: hacker != cracker (Re: Swartz, Weev & radical libertarian lexicon) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <20140107221552.GA30141@netbook.cypherspace.org> <4963866.WpBD6rzBPb@lap> <20140108160339.GB5008@netbook.cypherspace.org> Message-ID: On Wed, Jan 8, 2014 at 4:51 PM, coderman wrote: > ... > disclosure post-statute-of-limitations, but even this protection seems > meager and risky. for the permanent record: this is no admission of wrong doing, even long past. merely distance from perceived wrong doing that led to opportunities for counter surveillance. it is these technical surveillance aspects worth discussing... From adam at cypherspace.org Wed Jan 8 08:03:39 2014 From: adam at cypherspace.org (Adam Back) Date: Wed, 8 Jan 2014 17:03:39 +0100 Subject: hacker != cracker (Re: Swartz, Weev & radical libertarian lexicon) In-Reply-To: <4963866.WpBD6rzBPb@lap> References: <52CAA24E.5060809@cathalgarvey.me> <20140107221552.GA30141@netbook.cypherspace.org> <4963866.WpBD6rzBPb@lap> Message-ID: <20140108160339.GB5008@netbook.cypherspace.org> What you said is correct, that is what needs to happen (society and law needs to move out of the dark ages), and the only way for that to happen is brave canaries with squeaky clean reps, and sharp lawyers to blaze the path. My version was just to say be aware of the risks, that you would take by even putting your name to a hack, with any disclosure at all. If you dont want to be a canary. Possibly would be advisable to use a laywer for some anonmyity insulation to even sell a hack to one of the disclosure service pimping sites. (They probably are selling them to the NSA/Orwell 2.0 crew so taking their money is probably dirty money.) Independent security researcher can be risky. Get a legal signed doc from the people you audit people say (yeah like they're gonna give you one for an unsolicited investigation). Weev was an independent security researcher after all, in a team even. Goatse security http://en.wikipedia.org/wiki/Goatse_Security. They did find some interesting and news worthy hacking stuff, even won awards from Tech Crunch seemingly. Adam On Tue, Jan 07, 2014 at 11:29:58PM +0100, rysiek wrote: >Hi there, > >/me has his monthly "let's reclaim the word 'hacker'" drive > >Dnia wtorek, 7 stycznia 2014 23:15:52 Adam Back pisze: >> On Tue, Jan 07, 2014 at 01:48:59PM -0800, coderman wrote: >> >> Yes, annoying though that may be to those of us who were called hackers >> >> before that became a bad thing. But we're outnumbered thousands-to-one, >> >> and >> >> we're just not going to win that language war. >> > >> >use the term "independent security researcher", >> > >> > your legal counsel will thank you! >> >> A cryptographically secure pseudonym would probably work even better. Weev >> didnt actually do anything wrong that I could see, by any sane >> interpretation of even something as egregious as CFAA and he's serving 41 >> months. A lawyer is a last resort, step #1 is not identifying yourself even >> for non-malicous research I suspect. > >I draw different conclusion here -- people do not understand hackers (in the >original, non-pejorative meaning of the term), and hence are afraid of >anything "hacker-y". Weev went to jail not because he did something illegal, >but because the jury was convinced he's an "evil hacker", and that they need >to "send a signal". > >If we keep moving back, at some point we'll have nowhere to go. > >So instead, we should get people to understand and not be afraid. Show the >value to the society (and there is a lot of value in hacking!), and always >make clear distinction between hacking (which both Aaron and Weev had done >quite a bit of, and I am not referring to their court cases and alleged >transgressions) and committing crimes by means of a computer network or >electronic device. > >As an added bonus, once we get to a point where everybody understands that >crime is a crime, regardless of tools used in connection with it, we might >finally get some *sane* laws around that topic -- instead of laws that make >one get a smaller sentence if they steal stuff with a crowbar instead of >downloading it via Teh Tubes. > >-- >Pozdr >rysiek From coderman at gmail.com Wed Jan 8 17:10:01 2014 From: coderman at gmail.com (coderman) Date: Wed, 8 Jan 2014 17:10:01 -0800 Subject: A short sad history of Lance Detweiler our first NET.LOON Re: Brag About Exploits, Go to Jail In-Reply-To: <52CD7B57.6000103@cypherpunks.to> References: <7F68B02DFEB581436A666788@F74D39FA044AA309EAEA14B9> <35D5C9B80E726F952D848CCB@F74D39FA044AA309EAEA14B9> <52CD0E01.5000108@echeque.com> <52CD5D97.6040106@cathalgarvey.me> <52CD7B57.6000103@cypherpunks.to> Message-ID: On Wed, Jan 8, 2014 at 8:22 AM, gwen hastings wrote: > ... > This kind treatment of the truth was drove our first list foil Detweiler > stark raving bonkers and sent him raving on the list about tentacles of > MEDUSA especially after list participants picked up and started remailer > bombing him with a procmail script that someone thoughtfully published > to the list that would email him several (n+1)slightly different copies > of his own posted mail each time he posted. > > Detweilers final demise from his position as one of the privileged > Sysadmins at the University when he carelessly replied to a type one > remailer block that contained his direct supervisors spouse's(wife) > email address among others(the chancellors of the university email > addresses were included in that block.) thinking that he was instead > replying to one of his sockpuppet harassers(I believe it was tentacle > #69 who copped to this). > > Badda bing Badda boom,, all 83 email addresses he had been abusing from > the university position where he was employed were gone in 1 hour > etc...as was his job and privileged position from where he abused the > rest of the list. the best kinds of drama! ... when does cypherpunks the movie come out?? From jamesd at echeque.com Tue Jan 7 23:10:36 2014 From: jamesd at echeque.com (James A. Donald) Date: Wed, 08 Jan 2014 17:10:36 +1000 Subject: hacker != cracker (Re: Swartz, Weev & radical libertarian lexicon) In-Reply-To: <20140107212008.GA29441@netbook.cypherspace.org> References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5DEC.7040806@echeque.com> <20140107212008.GA29441@netbook.cypherspace.org> Message-ID: <52CCF9EC.6050404@echeque.com> On 2014-01-08 07:20, Adam Back wrote: > Hacker in the sense of cracker was a later and much hated co-option and > perversion of the term. I expect that's what Rysiek was reacting to > partly. The term hacker first appears 1975 - 1985, shortly after the start of the information epoch, the age of information starting by convention 1972 January first. The term was originally an epithet, but not for criminal behavior: http://books.google.com/books?id=vpGNJfMmFswC&pg=PA32 At that time, 1980, a hacker was someone who programs for entertainment - badly. In 1983, http://books.google.com/books?id=dGloQlpCO_4C&pg=PA532 a hacker is someone whose interest in programming has damaging consequences for his social life and social skills, but he is a very good programmer. Then we hear that the original hacker was the phone phreak captain crunch, implying that a hacker is someone who breaks into other people's systems to take control of other people's stuff, generally to give himself free stuff. "High noon on the electronic frontier", a 1996 book, talks about rehabilitating the term, and complains that "hacker" "carries the image of persons who are dangerous" (page 151) So, evidently, the term was in need of rehabilitation. In 1996, esr owns the term, and gives it a positive meaning. So, hackers were something bad, then something criminal, and then, in 1996, we had a hacker pride movement, with esr as the key figure. Hence, esr, for all his faults, is generally regarded as the prophet of the programming subculture. But, before he was prophet, needed his people to be in bondage so that he could lead them out of bondage. From bill.stewart at pobox.com Wed Jan 8 17:12:48 2014 From: bill.stewart at pobox.com (Bill Stewart) Date: Wed, 08 Jan 2014 17:12:48 -0800 Subject: FUCK GRIFFIN BOYCE And yet ANOTHER NET.LOON Candidate Re: Earlier Detweiler ravings!! In-Reply-To: <5042f4e1e159e27c5d2030b48156ea2a@cryptolab.net> References: <20140108175925.65AD3C00E83@frontend1.nyi.mail.srv.osa> <5042f4e1e159e27c5d2030b48156ea2a@cryptolab.net> Message-ID: <20140109011254.97F7310D65@a-pb-sasl-quonix.pobox.com> It's not a real Usenet flame war until there's been a spelling flame or two*. "UN-altered REPRODUCTION and DISSEMINATION of this IMPORTANT information is ENCOURAGED". At 10:03 AM 1/8/2014, Griffin Boyce wrote: >On 2014-01-08 12:59, shelley at misanthropia.info wrote: >>On Jan 8, 2014 9:48 AM, Patrick Mylund Nielsen >> wrote: >>(snip) >> >>>>You should spend some of that energy on learning not to top-post. >>Ah, there it is. >>*Now* it feels like authentic usenet. > > Maybe we should have a hundred-message thread fighting about top > vs bottom ;) And Detweiler and Sternlight were useful practice. Detweiler had a few serious points, but also gave us the insight that killfiles weren't just for Usenet any more; we needed to develop email filtering to deal with spammers* and other undesirable noise sources. Sternlight was one of the early advocates of building censorship into everything. They haven't gone away, and the UK's Tory-LibDem coalition just forced the major British ISPs to make heavy-duty censorship the default behaviour, though if you want to access suspicious sites like the EFF and BoingBoing you can tell the ISP to allow you to endanger your children by letting your internet access like access all the nasty internet p0rn. (* One of the few good things about spam was that "how do we stop spam" replaced "libertarians vs. socialists" as the default topic that all discussions rapidly devolve into.) From coderman at gmail.com Wed Jan 8 17:16:41 2014 From: coderman at gmail.com (coderman) Date: Wed, 8 Jan 2014 17:16:41 -0800 Subject: Jacob Appelbaum in Germany In-Reply-To: <1389208893.97348.YahooMailNeo@web141204.mail.bf1.yahoo.com> References: <52C33963.1000709@echeque.com> <20140108174001.B0BFD2280B6@palinka.tinho.net> <1389208893.97348.YahooMailNeo@web141204.mail.bf1.yahoo.com> Message-ID: On Wed, Jan 8, 2014 at 11:21 AM, Jim Bell wrote: > .... > However, those Quakers' positions may have been erroneous, based on a > misunderstanding of the relevant law. A person may claim to be 'not guilty' > based on the fact that he wasn't there, he didn't do it, etc. But, he may > also claim to be 'not guilty' because what he did didn't constitute a crime, > or he was justified based on extenuating circumstances, or he was trying to > prevent a bigger crime. in the US court system, is there an equivalent of jury nullification applied to a judicial ruling? that is to say: is it possible to plead guilty, but a judge acting to nullify a perceived unjust law, could find you not guilty? From juan.g71 at gmail.com Wed Jan 8 12:18:40 2014 From: juan.g71 at gmail.com (Juan Garofalo) Date: Wed, 08 Jan 2014 17:18:40 -0300 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <52cd3daf.858a440a.6a4e.3bbf@mx.google.com> References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5B79.1060801@echeque.com> <50CA74F4E6FD2613A83583BE@F74D39FA044AA309EAEA14B9> <52CCECB8.3080405@echeque.com> <2468912273B405E314C5CF49@F74D39FA044AA309EAEA14B9> <52cd3daf.858a440a.6a4e.3bbf@mx.google.com> Message-ID: --On Wednesday, January 08, 2014 6:59 AM -0500 Ulex Europae wrote: > At 02:07 AM 1/8/2014, Juan Garofalo wrote: > >> fucking americunt fascist. > > > Russian emigre. Yes there is a difference, and yes that is relevant. As a transplanted nationalist, she was even more rabid than home grown nationalists. That's the first(and only) difference that comes to mind... > > --ue > > From juan.g71 at gmail.com Wed Jan 8 12:23:39 2014 From: juan.g71 at gmail.com (Juan Garofalo) Date: Wed, 08 Jan 2014 17:23:39 -0300 Subject: Welcome to Juan Garafalo our newest NET.LOON (to replace Detweiler/Sternlight) In-Reply-To: <52CD6D0E.7020709@cypherpunks.to> References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5B79.1060801@echeque.com> <50CA74F4E6FD2613A83583BE@F74D39FA044AA309EAEA14B9> <57D5F51F-6356-4D7C-BF03-6DB6E941AAAE@gmail.com> <52CD6D0E.7020709@cypherpunks.to> Message-ID: <84CBDC5F57007693D04EF811@F74D39FA044AA309EAEA14B9> --On Wednesday, January 08, 2014 7:21 AM -0800 gwen hastings wrote: > Hey All, > Its really exciting.. we finally have a NET.LOON on the scale of > Detweiler and Sternlight... Finally this list will start moving again :) > > Thanx Juan for Showing up.. if you had NOT I would have had to > Create/Invent you ... > You're welcome Gwen. I see that you're the typical good meaning American who is deeply concerned with having the god-given inalienable rights of mankind defended. "Governments are instituted among men, deriving their just powers from the consent of the governed," Yes, definitively, consent. > > Illogical, disorganized mentally and emotionally .. spouts enough > BS to Swamp the ist... > > YEP its confirmed.. another NET.LOON > > > course this could be DETWEILER in drag... > > GH > > > -- > Tentacle #99 > > ecc public key curve p160 > ;9C~b~)3)cp0d!?C1JIVI=tI( > > Governments are instituted among men, > deriving their just powers from the consent of the governed, > that whenever any form of government becomes destructive > of these ends, it is the right of the people to alter or > abolish it, and to institute new government, laying its > foundation on such principles, and organizing its powers > in such form, as to them shall seem most likely to effect > their safety and happiness.' > From jamesd at echeque.com Tue Jan 7 23:31:13 2014 From: jamesd at echeque.com (James A. Donald) Date: Wed, 08 Jan 2014 17:31:13 +1000 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <20140107200248.GA28851@netbook.cypherspace.org> References: <52CAA24E.5060809@cathalgarvey.me> <20140107115038.GA25434@netbook.cypherspace.org> <52CC396C.2010102@echeque.com> <5109718.kinuNhY7M1@lap> <20140107200248.GA28851@netbook.cypherspace.org> Message-ID: <52CCFEC1.6080300@echeque.com> On 2014-01-08 06:02, Adam Back wrote: > I imagine its all out there on the wikis or interwebs, thats where I > read it, so here I am just repeating what was written about > extensively at the time. From memory there was some escalation. He > was detected, blocked, reacted (mac tumble etc) blocked again, The reason Aaron Swartz was repeatedly detected and repeatedly blocked was because of the crudity of his attack:(sequential downloads at maximum speed, disrupting JSTOR with excessive load) Had he rate limited his downloads to avoid disrupting the network, and hidden the sequential nature of his downloads through a random permutation, he would have been fine. No one competent to detect him and block him would have cared enough to do so. > then proceed to enter presumably restricted areas, hide equipment to > bypass limits the admins had placed only on wifi users Aaron Swartz entered the closet where the networks were all wired up together, and wired his laptop to the network, in the process bringing JSTOR services to MIT a sudden grinding halt and adversely affecting JSTOR services to the rest of the world. From sdw at lig.net Wed Jan 8 17:44:29 2014 From: sdw at lig.net (Stephen Williams) Date: Wed, 08 Jan 2014 17:44:29 -0800 Subject: A short sad history of Lance Detweiler our first NET.LOON Re: Brag About Exploits, Go to Jail In-Reply-To: References: <7F68B02DFEB581436A666788@F74D39FA044AA309EAEA14B9> <35D5C9B80E726F952D848CCB@F74D39FA044AA309EAEA14B9> <52CD0E01.5000108@echeque.com> <52CD5D97.6040106@cathalgarvey.me> <52CD7B57.6000103@cypherpunks.to> Message-ID: <52CDFEFD.5000006@lig.net> On 1/8/14, 5:10 PM, coderman wrote: > On Wed, Jan 8, 2014 at 8:22 AM, gwen hastings wrote: >> ... >> This kind treatment of the truth was drove our first list foil Detweiler >> stark raving bonkers and sent him raving on the list about tentacles of >> MEDUSA especially after list participants picked up and started remailer >> bombing him with a procmail script that someone thoughtfully published >> to the list that would email him several (n+1)slightly different copies >> of his own posted mail each time he posted. >> >> Detweilers final demise from his position as one of the privileged >> Sysadmins at the University when he carelessly replied to a type one >> remailer block that contained his direct supervisors spouse's(wife) >> email address among others(the chancellors of the university email >> addresses were included in that block.) thinking that he was instead >> replying to one of his sockpuppet harassers(I believe it was tentacle >> #69 who copped to this). >> >> Badda bing Badda boom,, all 83 email addresses he had been abusing from >> the university position where he was employed were gone in 1 hour >> etc...as was his job and privileged position from where he abused the >> rest of the list. > > the best kinds of drama! > > ... when does cypherpunks the movie come out?? Ah Detweiler... I mention him to Internet newbies (anyone online after 1994) once in a while to blank stares. What an implosion. But I missed the episode below, so thanks for that! We really need an FAQ on varieties of madness: Detweiler Tea Party Saturate GOPping mad Faux News Skewed Reality Tin Foiler Crystal Crank Drug Addled Nonsensical NSA Paranoid (wait, that's just reality now) Zion refugee Microsoftie (Apologies for the cross-post.) sdw From electromagnetize at gmail.com Wed Jan 8 15:45:53 2014 From: electromagnetize at gmail.com (brian carroll) Date: Wed, 8 Jan 2014 17:45:53 -0600 Subject: [cryptography] To Protect and Infect Slides (corrections) Message-ID: sorry: brain damage. correction for brain-blip misinfo... so an illusion may exist or > persist of 'no control' or 'wildness' while thoroughly accounted for at > another level or layer, where the specs are closed by the originators > and root of one level may NOT access root of another, or those combined > (correction: root of one level may not access root of another) Hayek, Keynes, Hegel, Marx and others had 'some truth' > yet it is not absolute truth within language as language, > as it is mediated. these are signs, patterns, instead that > are referenced, not truth itself. it is trap, just like when i > refer to an author and seek to present their views yet this > is a limit or skew is inherent and perhaps even inaccurate, > not only my views though their views also, potentially also > in error, not absolute in correctness, yet believed to be as > if biblical conveyance that is to be knelt down before and > served as if higher, even, as if guiding light, when that same > light may not be as bright as direct observation shared by > and between people of the same phenomena modeled in > parameters more accurate or beyond those of the past mucked this up badly- was not to imply my writing biblical, instead that 'ideas' become theology, referenced text then have faith-based aspect institutionalized, structuralized as shared belief systems. sinning against ideology if going against consensus in its inaccuracy, all of it corruptible as ideas in their errored state and within language and social relations, as it becomes or is ungrounded, etc, then having this be the basis for exchange, development i think this same thing holds true for patents, of unshared > identity which then splits and DIVIDES the shared condition > into a 'shared group relation' as an ideological impossibility: > > (patent1a) <--> (patent1b) <--|--> (patent2) > ...correction: splits and divides the shared condition. (please ignore that it does not make grammatical sense) note: gotta say it, because it is relevant- i have social skills of a 10 year old, never developed or kept pace with others due to learning/behavioral deficit; not good with groups or social relations unless about ideas or internet comms; (aspergers) and, writing skills are horrendous, subpar by far, some of it involving deteriorated brain function. lysdexia also ubiquitous issue, i blame phonics. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3394 bytes Desc: not available URL: From jya at pipeline.com Wed Jan 8 14:49:01 2014 From: jya at pipeline.com (John Young) Date: Wed, 08 Jan 2014 17:49:01 -0500 Subject: [cryptography] To Protect and Infect Slides In-Reply-To: <20140108213826.406CF228134@palinka.tinho.net> References: <20140108213826.406CF228134@palinka.tinho.net> Message-ID: Thanks. We posted the Wassenaar changes on Cryptome on December 19. http://cryptome.org/2013/12/wassenaar-intrusion.htm http://cryptome.org/2013/12/wassenaar-list-13-1204.pdf The intrusion software has received some but not sufficient attention. And beyond the sections you cite there are many covering other technologies which interrelate and affect crypto. Those have received even less attention, at least in crypto world as far as we have seen. The means to transceive crypto continue to be its Achilles heel and appear headed toward crippling the whole body -- the bubble in which crypto exists precariously dependent on sophisticated support systems which, as seen in the Snowden minimal releases, have overwhelmed public crypto security, not least by leaving the impression public crypto was highly effective. More attention to the support system presumably will be given as the Snowden releases recommence, now dead stopped. Greenwald claimed recently that cryptographers and other techies are now reviewing the material, much of which is beyond the capabilities of journalists, lawyers and politicians. The stumbling block of comprehensive Snowden disclosures is that to do so, allegedly, could severely damage national security. Uh oh, that terrible aroma of complicity to protect secrets too dangerous for the public to know. Instead a few select experts are allowed to perfomr dual-hat assessments. Which is what has led to the current imbroglio of public and expert distrust: who watches the dual-hat experts who operate under the cloak of secrecy. At 04:38 PM 1/8/2014, you wrote: >Keying off of one phrase alone, > > > This combat is about far more than crypto... > >I suggest you immediately familiarize yourself with last month's >changes to the Wassenaar Agreement, perhaps starting here: > >http://oti.newamerica.net/blogposts/2013/international_agreement_reached_controlling_export_of_mass_and_intrusive_surveillance > >Precis: Two new classes of export prohibited software: > >Intrusion software > > "Software" specially designed or modified to avoid detection > by 'monitoring tools', or to defeat 'protective countermeasures', > of a computer or network capable device, and performing any of > the following: > > a. The extraction of data or information, from a computer or > network capable device, or the modification of system or user > data; or > > b. The modification of the standard execution path of a program > or process in order to allow the execution of externally provided > instructions. > >IP network surveillance systems > > 5. A. 1. j. IP network communications surveillance systems or > equipment, and specially designed components therefor, having > all of the following: > > 1. Performing all of the following on a carrier class IP network > (e.g., national grade IP backbone): > > a. Analysis at the application layer (e.g., Layer 7 of Open > Systems Interconnection (OSI) model (ISO/IEC 7498-1)); > > b. Extraction of selected metadata and application content > (e.g., voice, video, messages, attachments); and > > c. Indexing of extracted data; and > > 2. Being specially designed to carry out all of the following: > > a. Execution of searches on the basis of 'hard selectors'; and > > b. Mapping of the relational network of an individual or of a > group of people. > > >All the same arguments that applied exportation bans for crypto >software apply here, especially that of pointlessness. > >--dan > >[ Software doesn't spy on people; people spy on people ] From jamesd at echeque.com Wed Jan 8 00:33:38 2014 From: jamesd at echeque.com (James A. Donald) Date: Wed, 08 Jan 2014 18:33:38 +1000 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <7F68B02DFEB581436A666788@F74D39FA044AA309EAEA14B9> References: <7F68B02DFEB581436A666788@F74D39FA044AA309EAEA14B9> Message-ID: <52CD0D62.1040208@echeque.com> On 2014-01-08 17:35, Juan Garofalo wrote: > "Meanwhile, on October 14, we asked MIT if they could identify the person > responsible because we wanted to understand the downloader's motivation, to > ensure the articles already downloaded would not be distributed," MIT, however. made no real effort to identify the person responsible until he brought their network to a grinding halt. Aaron Swartz was arrested for pissing off the sysadmins, and he pissed off the sysadmins by busting their wiring in their wiring closet. The cause of his arrest, and the charges against him, were damaging interference with other people's physical property. From jamesd at echeque.com Wed Jan 8 00:36:17 2014 From: jamesd at echeque.com (James A. Donald) Date: Wed, 08 Jan 2014 18:36:17 +1000 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <35D5C9B80E726F952D848CCB@F74D39FA044AA309EAEA14B9> References: <7F68B02DFEB581436A666788@F74D39FA044AA309EAEA14B9> <35D5C9B80E726F952D848CCB@F74D39FA044AA309EAEA14B9> Message-ID: <52CD0E01.5000108@echeque.com> On 2014-01-08 17:44, Juan Garofalo wrote: > "Our monitoring systems did not alert us to accelerated downloading at MIT > in November and most of December. By mid-December we had completed work on > the redirect and, pending testing by JSTOR and by MIT, planned to implement > the change in early January 2011. Later, we discovered that significant > downloading had, in fact, continued during this time using a method that we > did not detect. " And if he had, like Snowden, kept a low profile, instead of flicking a towel in their faces, they never would have detected it. From dan at geer.org Wed Jan 8 16:10:28 2014 From: dan at geer.org (dan at geer.org) Date: Wed, 08 Jan 2014 19:10:28 -0500 Subject: [cryptography] To Protect and Infect Slides In-Reply-To: Your message of "Wed, 01 Jan 2014 16:37:03 CST." Message-ID: <20140109001028.2D6CE22810E@palinka.tinho.net> > ...snip... > taxation becomes tithing for the atheistic 'church of state' that > has as its communion a monetary unit separated from its truth > > this enforcement of taxation by ideologues is confirmation of faith > in money as value, as morality, as highest framework of evaluation, > money determining authority, status, 'goodness', success, "truth" > ...snip... Yours is timeless wisdom and more, for the love of money is the root of all evil yet ours is to give unto Caesar that which is Caesar's. Hence speaking as someone who works in Washington (though I suspect any capitol would be as much), if you don't have money to dole out, then nothing in the bureaucracy will give you the time of day since you are temporary where they are not. --dan 1 Ti 6:10 Mat 22:21 From jya at pipeline.com Wed Jan 8 16:22:05 2014 From: jya at pipeline.com (John Young) Date: Wed, 08 Jan 2014 19:22:05 -0500 Subject: Omidyar-Greenwald Scam to Sell Crypto? In-Reply-To: References: Message-ID: Pierre Omidyar's Business Model for First Look is Like a Second Life or Anti-Virus Guard Scam http://3dblogger.typepad.com/wired_state/2014/01/pierre-omidyars-business-model-for-first-look-is-like-a-second-life-or-anti-virus-guard-scam.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 508 bytes Desc: not available URL: From electromagnetize at gmail.com Wed Jan 8 18:04:44 2014 From: electromagnetize at gmail.com (brian carroll) Date: Wed, 8 Jan 2014 20:04:44 -0600 Subject: hacker != cracker (Re: Swartz, Weev & radical libertarian lexicon) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <20140107221552.GA30141@netbook.cypherspace.org> <4963866.WpBD6rzBPb@lap> <20140108160339.GB5008@netbook.cypherspace.org> Message-ID: coderman wrote: > i am exploring a gambit for disclosure post-statute-of-limitations, > but even this protection seems meager and risky. > (that is a beautiful idea) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 412 bytes Desc: not available URL: From dan at geer.org Wed Jan 8 17:57:15 2014 From: dan at geer.org (dan at geer.org) Date: Wed, 08 Jan 2014 20:57:15 -0500 Subject: Fw: Hi, I'm from the government and I'm here to screw you In-Reply-To: Your message of "Thu, 02 Jan 2014 12:04:06 CST." Message-ID: <20140109015715.C986322810B@palinka.tinho.net> > about the V2V cars- what is the likelihood that automobiles are _not > tagged in some way, just like computers, given that location or other > data is critically important and perhaps more easily accessible or > tracked outside of a particular environment... If you have a newish car, it has a radio in every tire's valve stem. If I know the radio signature of your car, then my roadside bomb will only miss you if you aren't in the vehicle that day. And that is putting aside all the other wireless goo new cars come with, and the embedded systems some (many) of which can reach that wireless goo, and the fact that people pay to be tracked (OnStar), and the mountain of data that the OBDI (On Board Diagnostic Interface) holds including the VIN, and the hundred startups vying to get their plug in your OBDI and upload your data to their cloud, and the insurers who'll buy your cooperation with monitoring for a few percent off the bill, and the spot to plug your mobile into the car's on-board net, and the automated gizmo to determine if you're driving drunk and kill the engine if you are, and the LED headlamps that can quite easily be pulsing data that your eyeballs will never detect, and the electric car's battery charger that will double as a software (pun) auto-update portal, and the robot that will soon be driving for you, like it or not, because by then the State of California, et al., will know that robots drive greener than you do, etc., etc. Don't buy a model later than 1993... --dan From electromagnetize at gmail.com Wed Jan 8 19:36:29 2014 From: electromagnetize at gmail.com (brian carroll) Date: Wed, 8 Jan 2014 21:36:29 -0600 Subject: Fw: Hi, I'm from the government and I'm here to screw you In-Reply-To: <20140109015715.C986322810B@palinka.tinho.net> References: <20140109015715.C986322810B@palinka.tinho.net> Message-ID: (perhaps that is it then, if a circling c-130 electronics warfare aircraft can siphon up all signals in a given geography else satellite overhead and access all Vehicle IDs to target and track. thanks for the info) dan at geer.org> wrote: > > > about the V2V cars- what is the likelihood that automobiles are _not > > tagged in some way, just like computers, given that location or other > > data is critically important and perhaps more easily accessible or > > tracked outside of a particular environment... > > If you have a newish car, it has a radio in every tire's valve stem. > If I know the radio signature of your car, then my roadside bomb > will only miss you if you aren't in the vehicle that day. And that > is putting aside all the other wireless goo new cars come with, and > the embedded systems some (many) of which can reach that wireless > goo, and the fact that people pay to be tracked (OnStar), and the > mountain of data that the OBDI (On Board Diagnostic Interface) holds > including the VIN, and the hundred startups vying to get their plug > in your OBDI and upload your data to their cloud, and the insurers > who'll buy your cooperation with monitoring for a few percent off > the bill, and the spot to plug your mobile into the car's on-board > net, and the automated gizmo to determine if you're driving drunk > and kill the engine if you are, and the LED headlamps that can quite > easily be pulsing data that your eyeballs will never detect, and > the electric car's battery charger that will double as a software > (pun) auto-update portal, and the robot that will soon be driving > for you, like it or not, because by then the State of California, > et al., will know that robots drive greener than you do, etc., etc. > > Don't buy a model later than 1993... > > --dan > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2269 bytes Desc: not available URL: From rysiek at hackerspace.pl Wed Jan 8 13:08:12 2014 From: rysiek at hackerspace.pl (rysiek) Date: Wed, 08 Jan 2014 22:08:12 +0100 Subject: hacker != cracker (Re: Swartz, Weev & radical libertarian lexicon) In-Reply-To: <20140108160339.GB5008@netbook.cypherspace.org> References: <52CAA24E.5060809@cathalgarvey.me> <4963866.WpBD6rzBPb@lap> <20140108160339.GB5008@netbook.cypherspace.org> Message-ID: <1474213.AM8yubybad@lap> Dnia środa, 8 stycznia 2014 17:03:39 Adam Back pisze: > What you said is correct, that is what needs to happen (society and law > needs to move out of the dark ages), and the only way for that to happen > is brave canaries with squeaky clean reps, and sharp lawyers to blaze the > path. Indubitably. > My version was just to say be aware of the risks, that you would take by > even putting your name to a hack, with any disclosure at all. If you dont > want to be a canary. Sure. > Possibly would be advisable to use a laywer for some anonmyity insulation to > even sell a hack to one of the disclosure service pimping sites. (They > probably are selling them to the NSA/Orwell 2.0 crew so taking their money > is probably dirty money.) Indeed. > Independent security researcher can be risky. Get a legal signed doc from > the people you audit people say (yeah like they're gonna give you one for an > unsolicited investigation). Yeah, there's an old Soviet saying: "the more paper, the cleaner the arse." > Weev was an independent security researcher after all, in a team even. > Goatse security http://en.wikipedia.org/wiki/Goatse_Security. They did find > some interesting and news worthy hacking stuff, even won awards from Tech > Crunch seemingly. And that's what gets to me. For fucks' sake, people like Weev or Swartz discover holes left by somebody else, why are they the ones getting punished for it? If somebody made a faulty tool, they would pay, not the user exposing the problem. Maybe it's time to try to get some vendor liability/warranty going? I shudder when thinking about that, as that would pose a huge problem for Free Software, I guess, but I think it is worth exploring anyway. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Wed Jan 8 13:11:01 2014 From: rysiek at hackerspace.pl (rysiek) Date: Wed, 08 Jan 2014 22:11:01 +0100 Subject: Private Distributed Hash Tables In-Reply-To: References: Message-ID: <1894233.dKfDltdh6N@lap> Dnia środa, 8 stycznia 2014 11:58:01 Rich Jones pisze: > Far too much yap yap yappin' around here lately.. cpunks write code, > remember? Let's get back to business. > > Here's an idea for a private, censorship-resistant communication/file > sharing system with integrated invitations and access control. I don't > think I've ever seen this before, but it's quite possible that people have > discussed this idea previously. Either way, I don't know of any > implementations yet. RetroShare? > (...) Yup, all that sounds like RetroShare... Discussed here previously in: https://cpunks.org//pipermail/cypherpunks/2013-November/002125.html -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Wed Jan 8 13:14:27 2014 From: rysiek at hackerspace.pl (rysiek) Date: Wed, 08 Jan 2014 22:14:27 +0100 Subject: FUCK GRIFFIN BOYCE And yet ANOTHER NET.LOON Candidate Re: Earlier Detweiler ravings!! In-Reply-To: <5042f4e1e159e27c5d2030b48156ea2a@cryptolab.net> References: <20140108175925.65AD3C00E83@frontend1.nyi.mail.srv.osa> <5042f4e1e159e27c5d2030b48156ea2a@cryptolab.net> Message-ID: <10690418.egTzads16m@lap> Dnia środa, 8 stycznia 2014 13:03:19 Griffin Boyce pisze: > On 2014-01-08 12:59, shelley at misanthropia.info wrote: > > On Jan 8, 2014 9:48 AM, Patrick Mylund Nielsen > > wrote: > > > > (snip) > > > >>> You should spend some of that energy on learning not to top-post. > > > > Ah, there it is. > > *Now* it feels like authentic usenet. > > Maybe we should have a hundred-message thread fighting about top vs > bottom ;) Nah, why bother, we all know bottom will eventually be on top. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Wed Jan 8 13:14:47 2014 From: rysiek at hackerspace.pl (rysiek) Date: Wed, 08 Jan 2014 22:14:47 +0100 Subject: FUCK GRIFFIN BOYCE And yet ANOTHER NET.LOON Candidate Re: Earlier Detweiler ravings!! In-Reply-To: References: <20140108175925.65AD3C00E83@frontend1.nyi.mail.srv.osa> Message-ID: <1974662.gTI7KsdbHs@lap> Dnia środa, 8 stycznia 2014 15:54:28 demonfighter6 . pisze: > On Wed, Jan 8, 2014 at 12:59 PM, wrote: > > Ah, there it is. > > *Now* it feels like authentic usenet. > > No, not quite yet. > > People who top-post are just like ***Hitler***! > > There, that should do it. God, win! -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Wed Jan 8 13:16:34 2014 From: rysiek at hackerspace.pl (rysiek) Date: Wed, 08 Jan 2014 22:16:34 +0100 Subject: This In-Reply-To: References: <52CD8184.5010107@cypherpunks.to> <5bf2d7d9e6062e217baf2454e528fae0.squirrel@fulvetta.riseup.net> Message-ID: <463076075.ctVKa9lfpN@lap> Dnia środa, 8 stycznia 2014 15:38:37 Robert Hettinga pisze: > On Jan 8, 2014, at 2:32 PM, Odinn Cyberguerrilla > wrote: > > I haven’t had > > > This. --> > > much fun since the hogs ate my little brother, I tellyawot… Well, they ate my Makers and Pirate Cinema, but I ain't bitchin' 'bout it. /the number of apostrophes in this message is too damn high! -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From me at staticsafe.ca Wed Jan 8 14:23:19 2014 From: me at staticsafe.ca (staticsafe) Date: Wed, 8 Jan 2014 22:23:19 +0000 Subject: HTML on-list messages, top-posting In-Reply-To: <3400766.DlXAxvbig4@lap> References: <3400766.DlXAxvbig4@lap> Message-ID: <20140108222318.GA11999@debian> On Wed, Jan 08, 2014 at 11:05:08PM +0100, rysiek wrote: > Hi there, > > since we're already deep into Usenet territory, I'll just leave this message > here and see what happens. > > -- > Pozdr > rysiek https://wiki.debian.org/FAQsFromDebianUser#What_is_top-posting_.28and_why_shouldn.27t_I_do_it.29.3F I like to blame the popularity of gmail on the top-posting scourge but who knows? As for HTML e-mails always amusing to view the markup when reading in mutt. -- staticsafe From rysiek at hackerspace.pl Wed Jan 8 13:25:05 2014 From: rysiek at hackerspace.pl (rysiek) Date: Wed, 08 Jan 2014 22:25:05 +0100 Subject: [cryptography] To Protect and Infect Slides In-Reply-To: <20140108174555.9ACF62280B6@palinka.tinho.net> References: <20140108174555.9ACF62280B6@palinka.tinho.net> Message-ID: <1488349.BCUzEUusGK@lap> Dnia środa, 8 stycznia 2014 12:45:55 dan at geer.org pisze: > > 5) another realization upon hearing the 30c3 talk of Jacob Appelbaum > > was the 'earth firewall' then indicates that the NSA controls the > > internet, > > and that it is not operating as a subset within it, and instead > > everything > > that occurs is within its domain.... > > The Internet is not controlled, i.e., there is a power vacuum > that will soon be filled. There are many, many players and soon > to be more. The question to be contemplated, if any, is this: > Do you prefer that the competing claims of control over the > Internet be resolved by way of (1) dramatic Balkanization or > by way of (2) making the Internet an organ of world government? And the answer to the above is: no. I'll elaborate (Capt. Obvious, but whatever). The possibilities and technologies of connecting and communicating had made such strides during the last 20 years, that we really do not have to limit ourselves to these two suboptimal (to say the least) situations. We can have a decentralized and non- controllable network if we want to, and it can piggy-back on or run within any network that is controlled by the government (not sure about balkanized networks but I guess that would also be doable to some extent). Just use the current "Internet" just as Internet used the telephone system, as infrastructure. The infrastructure was controlled by the government and big telcos -- meh, whatever, we just layered a better network on top. The other way -- and a great one, but a bit harder -- is mesh networking on or as close to the physical level as possible. Just look what these smart cheese- lovers are doing: http://ur1.ca/gdcy5 Think: "we can rebuild the decentralized network, we have the technology" instead of "we're fucked". > A thought experiment, if needing one: is VoIP a part of the > Internet or is it not, that is do you have two networks in your > home/office or one? Why is it a question that needs answering? -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From me at staticsafe.ca Wed Jan 8 14:35:37 2014 From: me at staticsafe.ca (staticsafe) Date: Wed, 8 Jan 2014 22:35:37 +0000 Subject: HTML on-list messages, top-posting In-Reply-To: <3789484.B68CHrmnZb@lap> References: <20140108221630.25C60C00E8E@frontend1.nyi.mail.srv.osa> <3789484.B68CHrmnZb@lap> Message-ID: <20140108223537.GB11999@debian> On Wed, Jan 08, 2014 at 11:25:37PM +0100, rysiek wrote: > Dnia środa, 8 stycznia 2014 14:16:20 shelley at misanthropia.info pisze: > > Top-post  top-post  top-post!! > > > > Just apologizing for the off-list reply, rysiek.   Meant to post to > > list, forgot to change the address line (stupid mobile email client...) > > Maybe the list owner could change the Reply-To of this list, so that answers > get sent by default to the list? Just sayin'. ;) > > -- > Pozdr > rysiek There are issues with that as well, according to the Mailman docs. (reply_goes_to_list Option) http://www.unicom.com/pw/reply-to-harmful.html http://www.metasystema.net/essays/reply-to.html Most mailing lists I've encountered do not mess with the reply-to header. -- staticsafe From juan.g71 at gmail.com Wed Jan 8 17:44:31 2014 From: juan.g71 at gmail.com (Juan Garofalo) Date: Wed, 08 Jan 2014 22:44:31 -0300 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5B79.1060801@echeque.com> <50CA74F4E6FD2613A83583BE@F74D39FA044AA309EAEA14B9> <52CCECB8.3080405@echeque.com> <2468912273B405E314C5CF49@F74D39FA044AA309EAEA14B9> <52cd3daf.858a440a.6a4e.3bbf@mx.google.com> Message-ID: <31C43CA45701FA73B0E329DB@F74D39FA044AA309EAEA14B9> --On Wednesday, January 08, 2014 11:11 PM +0100 Cari Machet wrote: > to all the libratarians on the planet that 'believe' in ownership In case you're addressing me... =P (well, you seem to be talking to James, but replied to a post of mine, so I'm not sure) > > 'belief' and 'ownership' are idiotic arcane notions of anthropocentric > type amygdala activity > > https://archive.org/details/The_Shock_Doctrine.The_Rise_of_Disaster_Capit > alism Is Klein some kind of radical anarcho communist? If not she probably subscribes to some notion of private property... > > this means you james > with a caveat that obama is a disgusting > reflection of the system and ppl were ill informed to think he wasnt > > i offer this piece by naomi klein in dispute of your 'ideology' seen > thru your crummy/flimmsy/pathetic analysis of aaron's work > > if you have seen it then you have no excuse for your mindset > if you > have not seen it i dare you to debate its consciousness > > > > On 1/8/14, Juan Garofalo wrote: >> >> >> --On Wednesday, January 08, 2014 6:59 AM -0500 Ulex Europae >> wrote: >> >>> At 02:07 AM 1/8/2014, Juan Garofalo wrote: >>> >>>> fucking americunt fascist. >>> >>> >>> Russian emigre. Yes there is a difference, and yes that is relevant. >> >> >> As a transplanted nationalist, she was even more rabid than home grown >> nationalists. That's the first(and only) difference that comes to mind... >> >> >> >> >> >>> >>> --ue >>> >>> >> >> >> > > > -- > Cari Machet > NYC 646-436-7795 > carimachet at gmail.com > AIM carismachet > Syria +963-099 277 3243 > Amman +962 077 636 9407 > Berlin +49 152 11779219 > Twitter: @carimachet > > Ruh-roh, this is now necessary: This email is intended only for the > addressee(s) and may contain confidential information. If you are not the > intended recipient, you are hereby notified that any use of this > information, dissemination, distribution, or copying of this email without > permission is strictly prohibited. > From rysiek at hackerspace.pl Wed Jan 8 13:52:07 2014 From: rysiek at hackerspace.pl (rysiek) Date: Wed, 08 Jan 2014 22:52:07 +0100 Subject: Private Distributed Hash Tables In-Reply-To: References: <1894233.dKfDltdh6N@lap> Message-ID: <2023356.SdbFcNpTVo@lap> Dnia środa, 8 stycznia 2014 13:46:15 Rich Jones pisze: > I suppose RetroShare and GNUnet are similar in that they have 'Friend to > Friend' capabilities, but as we see in practice, they don't create > high-quality networks because there is no hierarchy of trust or > discoverability of new users - by default, users can't interact with > 'friends-of-friends', which means that what should be "Private P2P" > networks degrade to "Group P2P" networks of only a few people. This > proposed system should be able to accommodate thousands of users while > still providing the aforementioned benefits. RetroShare, from what I understand, is going to provide "friend-of-a-friend" connectivity... kind of: http://retroshare.sourceforge.net/wiki/index.php/INVITE_PROP2_SERVICE But yes, I see your point now. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Wed Jan 8 14:01:41 2014 From: rysiek at hackerspace.pl (rysiek) Date: Wed, 08 Jan 2014 23:01:41 +0100 Subject: [cryptography] To Protect and Infect Slides In-Reply-To: <20140108213826.406CF228134@palinka.tinho.net> References: <20140108213826.406CF228134@palinka.tinho.net> Message-ID: <2241210.u7Y25tyb1k@lap> OHAI, Dnia środa, 8 stycznia 2014 16:38:26 dan at geer.org pisze: > Keying off of one phrase alone, > > > This combat is about far more than crypto... It is indeed, and many of us are fighting in many more areas than crypto alone. But strong crypto helps immensely, I can assure you from my experience in debating with politicians about Internet censorship ideas. If I can use *both* arguments -- that of surveillance/censorship being unethical and unlawful in a democratic state, AND that of technical difficulties to implementing these due to crypto -- I can be much more effective in such debates: http://rys.io/en/94 http://rys.io/en/109 > I suggest you immediately familiarize yourself with last month's > changes to the Wassenaar Agreement, perhaps starting here: > > http://oti.newamerica.net/blogposts/2013/international_agreement_reached_con > trolling_export_of_mass_and_intrusive_surveillance > > Precis: Two new classes of export prohibited software: > > Intrusion software > > "Software" specially designed or modified to avoid detection > by 'monitoring tools', or to defeat 'protective countermeasures', > of a computer or network capable device, and performing any of > the following: > > a. The extraction of data or information, from a computer or > network capable device, or the modification of system or user > data; or > > b. The modification of the standard execution path of a program > or process in order to allow the execution of externally provided > instructions. > > IP network surveillance systems > > 5. A. 1. j. IP network communications surveillance systems or > equipment, and specially designed components therefor, having > all of the following: > > 1. Performing all of the following on a carrier class IP network > (e.g., national grade IP backbone): > > a. Analysis at the application layer (e.g., Layer 7 of Open > Systems Interconnection (OSI) model (ISO/IEC 7498-1)); > > b. Extraction of selected metadata and application content > (e.g., voice, video, messages, attachments); and > > c. Indexing of extracted data; and > > 2. Being specially designed to carry out all of the following: > > a. Execution of searches on the basis of 'hard selectors'; and > > b. Mapping of the relational network of an individual or of a > group of people. > > > All the same arguments that applied exportation bans for crypto > software apply here, especially that of pointlessness. I fail to see the relevance of this with regard to discussion of mesh networks and us being able to create another layer on any layer that is already controlled by the government. Such layer (i.e. TOR, I2P, FreeNet, RetroShare) does not fall into any of the categories outlined above (please note the "and performing any of the following" in the first; "having all of the following" in the second). > [ Software doesn't spy on people; people spy on people ] +1 -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Wed Jan 8 14:05:08 2014 From: rysiek at hackerspace.pl (rysiek) Date: Wed, 08 Jan 2014 23:05:08 +0100 Subject: HTML on-list messages, top-posting Message-ID: <3400766.DlXAxvbig4@lap> Hi there, since we're already deep into Usenet territory, I'll just leave this message here and see what happens. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From carimachet at gmail.com Wed Jan 8 14:11:50 2014 From: carimachet at gmail.com (Cari Machet) Date: Wed, 8 Jan 2014 23:11:50 +0100 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5B79.1060801@echeque.com> <50CA74F4E6FD2613A83583BE@F74D39FA044AA309EAEA14B9> <52CCECB8.3080405@echeque.com> <2468912273B405E314C5CF49@F74D39FA044AA309EAEA14B9> <52cd3daf.858a440a.6a4e.3bbf@mx.google.com> Message-ID: to all the libratarians on the planet that 'believe' in ownership 'belief' and 'ownership' are idiotic arcane notions of anthropocentric type amygdala activity https://archive.org/details/The_Shock_Doctrine.The_Rise_of_Disaster_Capitalism this means you james > with a caveat that obama is a disgusting reflection of the system and ppl were ill informed to think he wasnt > i offer this piece by naomi klein in dispute of your 'ideology' seen thru your crummy/flimmsy/pathetic analysis of aaron's work if you have seen it then you have no excuse for your mindset > if you have not seen it i dare you to debate its consciousness On 1/8/14, Juan Garofalo wrote: > > > --On Wednesday, January 08, 2014 6:59 AM -0500 Ulex Europae > wrote: > >> At 02:07 AM 1/8/2014, Juan Garofalo wrote: >> >>> fucking americunt fascist. >> >> >> Russian emigre. Yes there is a difference, and yes that is relevant. > > > As a transplanted nationalist, she was even more rabid than home grown > nationalists. That's the first(and only) difference that comes to mind... > > > > > >> >> --ue >> >> > > > -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. From juan.g71 at gmail.com Wed Jan 8 18:25:18 2014 From: juan.g71 at gmail.com (Juan Garofalo) Date: Wed, 08 Jan 2014 23:25:18 -0300 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5B79.1060801@echeque.com> <50CA74F4E6FD2613A83583BE@F74D39FA044AA309EAEA14B9> <52CCECB8.3080405@echeque.com> <2468912273B405E314C5CF49@F74D39FA044AA309EAEA14B9> <52cd3daf.858a440a.6a4e.3bbf@mx.google.com> <31C43CA45701FA73B0E329DB@F74D39FA044AA309EAEA14B9> Message-ID: --On Thursday, January 09, 2014 3:09 AM +0100 Cari Machet wrote: > the notion that an idea of private property as all encompassing is > banal > there are no absolutes Let's say I grow my own food. Do you think I'm the onwer of the food I grow? Or maybe some people, let's call them the 'government', have a 'right' to my food? If I'm not the 'absolute' owner of my person and what I produce, who is it? > but to parse it for you believing in > something is about religion which is smoke and mirrors + the public > sphere is waning if you havent noticed Not sure what you mean by the public sphere, but what I understand by the public sphere isn't exactly waning. > but its not so much an > emergency but an emergence of the collective ... an opportunity > your > choice to be mindful of the reality or not > > klein is an economist yeah well, so were keynes and marx. Or at least there are people who think they were 'economists'... > > On 1/9/14, Juan Garofalo wrote: >> >> >> --On Wednesday, January 08, 2014 11:11 PM +0100 Cari Machet >> wrote: >> >>> to all the libratarians on the planet that 'believe' in ownership >> >> In case you're addressing me... =P >> >> (well, you seem to be talking to James, but replied to a post of mine, >> so I'm not sure) >> >> >>> >>> 'belief' and 'ownership' are idiotic arcane notions of anthropocentric >>> type amygdala activity >>> >>> https://archive.org/details/The_Shock_Doctrine.The_Rise_of_Disaster_Cap >>> it alism >> >> >> Is Klein some kind of radical anarcho communist? If not she probably >> subscribes to some notion of private property... >> >> >>> >>> this means you james > with a caveat that obama is a disgusting >>> reflection of the system and ppl were ill informed to think he wasnt > >>> i offer this piece by naomi klein in dispute of your 'ideology' seen >>> thru your crummy/flimmsy/pathetic analysis of aaron's work >>> >>> if you have seen it then you have no excuse for your mindset > if you >>> have not seen it i dare you to debate its consciousness >>> >>> >>> >>> On 1/8/14, Juan Garofalo wrote: >>>> >>>> >>>> --On Wednesday, January 08, 2014 6:59 AM -0500 Ulex Europae >>>> wrote: >>>> >>>>> At 02:07 AM 1/8/2014, Juan Garofalo wrote: >>>>> >>>>>> fucking americunt fascist. >>>>> >>>>> >>>>> Russian emigre. Yes there is a difference, and yes that is relevant. >>>> >>>> >>>> As a transplanted nationalist, she was even more rabid than home grown >>>> nationalists. That's the first(and only) difference that comes to >>>> mind... >>>> >>>> >>>> >>>> >>>> >>>>> >>>>> --ue >>>>> >>>>> >>>> >>>> >>>> >>> >>> >>> -- >>> Cari Machet >>> NYC 646-436-7795 >>> carimachet at gmail.com >>> AIM carismachet >>> Syria +963-099 277 3243 >>> Amman +962 077 636 9407 >>> Berlin +49 152 11779219 >>> Twitter: @carimachet >>> >>> Ruh-roh, this is now necessary: This email is intended only for the >>> addressee(s) and may contain confidential information. If you are not >>> the intended recipient, you are hereby notified that any use of this >>> information, dissemination, distribution, or copying of this email >>> without >>> permission is strictly prohibited. >>> >> >> >> > > > -- > Cari Machet > NYC 646-436-7795 > carimachet at gmail.com > AIM carismachet > Syria +963-099 277 3243 > Amman +962 077 636 9407 > Berlin +49 152 11779219 > Twitter: @carimachet > > Ruh-roh, this is now necessary: This email is intended only for the > addressee(s) and may contain confidential information. If you are not the > intended recipient, you are hereby notified that any use of this > information, dissemination, distribution, or copying of this email without > permission is strictly prohibited. > From rysiek at hackerspace.pl Wed Jan 8 14:25:37 2014 From: rysiek at hackerspace.pl (rysiek) Date: Wed, 08 Jan 2014 23:25:37 +0100 Subject: HTML on-list messages, top-posting In-Reply-To: <20140108221630.25C60C00E8E@frontend1.nyi.mail.srv.osa> References: <20140108221630.25C60C00E8E@frontend1.nyi.mail.srv.osa> Message-ID: <3789484.B68CHrmnZb@lap> Dnia środa, 8 stycznia 2014 14:16:20 shelley at misanthropia.info pisze: > Top-post  top-post  top-post!! > > Just apologizing for the off-list reply, rysiek.   Meant to post to > list, forgot to change the address line (stupid mobile email client...) Maybe the list owner could change the Reply-To of this list, so that answers get sent by default to the list? Just sayin'. ;) -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From carimachet at gmail.com Wed Jan 8 14:32:59 2014 From: carimachet at gmail.com (Cari Machet) Date: Wed, 8 Jan 2014 23:32:59 +0100 Subject: hacker != cracker (Re: Swartz, Weev & radical libertarian lexicon) In-Reply-To: <1474213.AM8yubybad@lap> References: <52CAA24E.5060809@cathalgarvey.me> <4963866.WpBD6rzBPb@lap> <20140108160339.GB5008@netbook.cypherspace.org> <1474213.AM8yubybad@lap> Message-ID: On 1/8/14, rysiek wrote: > Maybe it's time to try to get some vendor liability/warranty going? FASCISM -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. From rysiek at hackerspace.pl Wed Jan 8 14:57:24 2014 From: rysiek at hackerspace.pl (rysiek) Date: Wed, 08 Jan 2014 23:57:24 +0100 Subject: HTML on-list messages, top-posting In-Reply-To: <20140108223537.GB11999@debian> References: <20140108221630.25C60C00E8E@frontend1.nyi.mail.srv.osa> <3789484.B68CHrmnZb@lap> <20140108223537.GB11999@debian> Message-ID: <3161466.Vqe86WFAdV@lap> Dnia środa, 8 stycznia 2014 22:35:37 staticsafe pisze: > On Wed, Jan 08, 2014 at 11:25:37PM +0100, rysiek wrote: > > Dnia środa, 8 stycznia 2014 14:16:20 shelley at misanthropia.info pisze: > > > Top-post  top-post  top-post!! > > > > > > Just apologizing for the off-list reply, rysiek.   Meant to post to > > > list, forgot to change the address line (stupid mobile email client...) > > > > Maybe the list owner could change the Reply-To of this list, so that > > answers get sent by default to the list? Just sayin'. ;) > > There are issues with that as well, according to the Mailman docs. > (reply_goes_to_list Option) > > http://www.unicom.com/pw/reply-to-harmful.html > http://www.metasystema.net/essays/reply-to.html > > Most mailing lists I've encountered do not mess with the reply-to > header. Interesting, thanks. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Wed Jan 8 15:00:04 2014 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 09 Jan 2014 00:00:04 +0100 Subject: hacker != cracker (Re: Swartz, Weev & radical libertarian lexicon) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <1474213.AM8yubybad@lap> Message-ID: <2972567.HYi6RcCs9h@lap> Dnia środa, 8 stycznia 2014 23:32:59 Cari Machet pisze: > On 1/8/14, rysiek wrote: > > Maybe it's time to try to get some vendor liability/warranty going? > > FASCISM Fascinating assertion. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From carimachet at gmail.com Wed Jan 8 15:23:50 2014 From: carimachet at gmail.com (Cari Machet) Date: Thu, 9 Jan 2014 00:23:50 +0100 Subject: hacker != cracker (Re: Swartz, Weev & radical libertarian lexicon) In-Reply-To: <2972567.HYi6RcCs9h@lap> References: <52CAA24E.5060809@cathalgarvey.me> <1474213.AM8yubybad@lap> <2972567.HYi6RcCs9h@lap> Message-ID: ok mayb i was a little over zealous > i am native american prone to being close to life > so if i build a road and you have a car wreck on it shld i b liable if you kill someone with your car ???? plus it opens the door for other opensource 'heretical' laws to be promulgated on the citizenry for its 'protection' On 1/9/14, rysiek wrote: > Dnia środa, 8 stycznia 2014 23:32:59 Cari Machet pisze: >> On 1/8/14, rysiek wrote: >> > Maybe it's time to try to get some vendor liability/warranty going? >> >> FASCISM > > Fascinating assertion. > > -- > Pozdr > rysiek -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. From rysiek at hackerspace.pl Wed Jan 8 15:33:46 2014 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 09 Jan 2014 00:33:46 +0100 Subject: hacker != cracker (Re: Swartz, Weev & radical libertarian lexicon) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <2972567.HYi6RcCs9h@lap> Message-ID: <1669880.i7q9MSPtrc@lap> Dnia czwartek, 9 stycznia 2014 00:23:50 Cari Machet pisze: > ok mayb i was a little over zealous > i am native american prone to > being close to life > Why do you keep bringing your native-americanness in every otehr post is beyond me. I'm a native Pole, somebody here is probably a native German, what does it have to do with anything? Just drop it already. > so if i build a road and you have a car wreck on it shld i b liable if > you kill someone with your car ???? It would also be beneficial to all parties involved if you read the e-mails you're (supposedly) answering to, and tried to choose analogies accordingly. But answering your question: if there is a demonstrable fault in the way the road was built -- for example, there is an *outward* slant at a turn on a highway/motorway -- then I would say "to some extent, yes". To what extent? That's for the jury to decide, but if the fault contributed to the tragedy, the builder of the road is (partially) responsible. By the way, I would greatly appreciate you making the effort to respect the by-laws of the (let's call that) Internet-natives of this list, and using English instead of the t33nz lulzspk tht u seem 2 b usng, kthx. If you want to encrypt your messages, use PGP instead of lulzspeak, it will work much better. > plus it opens the door for other opensource 'heretical' laws to be > promulgated on the citizenry for its 'protection' That's my problem with this idea, that's why I am floating it and asking for a discussion. Maybe there is a way to do it properly? -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From juan.g71 at gmail.com Wed Jan 8 20:09:42 2014 From: juan.g71 at gmail.com (Juan Garofalo) Date: Thu, 09 Jan 2014 01:09:42 -0300 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5B79.1060801@echeque.com> <50CA74F4E6FD2613A83583BE@F74D39FA044AA309EAEA14B9> <52CCECB8.3080405@echeque.com> <2468912273B405E314C5CF49@F74D39FA044AA309EAEA14B9> <52cd3daf.858a440a.6a4e.3bbf@mx.google.com> <31C43CA45701FA73B0E329DB@F74D39FA044AA309EAEA14B9> Message-ID: <10023B3A2CDB711652B7F0AC@F74D39FA044AA309EAEA14B9> --On Thursday, January 09, 2014 4:10 AM +0100 Cari Machet wrote: > On 1/9/14, Juan Garofalo wrote: > >> Let's say I grow my own food. Do you think I'm the onwer of the food I >> grow? Or maybe some people, let's call them the 'government', have a >> 'right' to my food? > > > if u really want to know what i think then u need to know my thought > processies are not like "white" ppl > ideas of ownership are foreign > to me i am native american and most tribes though they lived in areas > didnt consider ownership of them but a co-creative partnership - Well, but didn't they, using 'white' terminology, jointly owned the land they were living in? (and then whites came along and stole...) Anyway, ownership of natural resources is a bit more complex (or harder to define) than ownership through labor, that's why I mentioned growing food (which involves personal labor) >re: > food > when my people hunted buffalo in the plains they didnt just > indiscriminately kill buffalo they weeded the herd and were mindful to > examine how they could be of help to the herd it was only intelligent > to do so as it kept their source of food and clothing healthy and > vibrant but also it was respectful of life That's fine. My question would be : If a tribe(?) took care of certain buffalo herd, did they have the 'right' (or choose whatever word is appropiate here) to hunt it and use the products? Or would it be OK for a tribe living nearby to 'steal' the herd from them? > > so there are people that give food away for free right now today > why > would they do that? Because they want to? It's their food and they do with it whatever they please =P Now, what if some people don't want to give their food away for free, and a different group of people takes it by force? What if some people spends their labor producing something and other people come along and get the products, for free, against the will of the producers? That sonds like slavery to me, and I'd risk saying that it's been recognized as slavery since a long time ago, and in all parts of the world. > >> >> If I'm not the 'absolute' owner of my person and what I produce, who is >> it? > > well i think ideas are in the air and we build on the shoulders of > giants That is true regarding ideas and knowledge (though things need to be re-learnt at the individual level, of course...) - but I'm talking more about physical production than intelectual production. >so production is owed down thru the ages and i think there isnt > really a you basically > your first form i would say is life itself > and you are made mostly of water and some minerals (dirt) and when you > 'die' your body dissipates like a cloud - i dont think 'you' die i > think you just transform Well, maybe, but individual consciousness seems to exist. Regardless of you and budhists calling it an illusion =P > > so there is no 'you' to have ownership > would you say life owns life > ? that would be odd > i think ownership is an illusion i also think > you didnt make yourself so that would be a glitch in your argument Living things are kinda self-assembling...Though I didn't argue that I 'own myself' because I 'made myself'. I'm talking about external property. My argument is : I own this tomato plant because I took the trouble to cultivate it. > i > mean i think you had a bit to say in the matter but we are very > limited mathematical concoctions (gorgeously made and amazing but > limited) we cant presently manufacture ourselves in order to "own" > ourselves but even then we wouldnt be independent of life itself No, we wouldn't. Also, you correctly point out that 'we' didn't 'make' ourselves, but are you suggesting that we were 'made' by someone else/some kind of entity/moral agent/or? so > ... > maybe in future we will manufacture ourselves but there is > probably going to be a divisive factor in the manufacturing of life > forms (divisive as in schism - not workin so good - should be > interesting but already happening w/ monsanto actually so...) the only thing that the monsanto mafia manufactures is patents =P > > i think the idea of ownership was made by rulers (seen thru millenia > but look at the magna carta which will be 800 in 2015) i want as > little to do with rulers thought patterns and functioning as possible I think property is an extension of personal freedom, and so it's actually anathema to rulers. magna carta is as far as I can tell a document dealing with two factions of the ruling class - the 'noblemen', also known as oligarchy and the monarchic party (actually a different faction of the oligarchy) > > > >> >>> but to parse it for you believing in >>> something is about religion which is smoke and mirrors + the public >>> sphere is waning if you havent noticed >> >> >> Not sure what you mean by the public sphere, but what I understand by >> the public sphere isn't exactly waning. >> >> >> >>> but its not so much an >>> emergency but an emergence of the collective ... an opportunity > your >>> choice to be mindful of the reality or not >>> >>> klein is an economist >> >> yeah well, so were keynes and marx. Or at least there are people who >> think they were 'economists'... >> >> >> >>> >>> On 1/9/14, Juan Garofalo wrote: >>>> >>>> >>>> --On Wednesday, January 08, 2014 11:11 PM +0100 Cari Machet >>>> wrote: >>>> >>>>> to all the libratarians on the planet that 'believe' in ownership >>>> >>>> In case you're addressing me... =P >>>> >>>> (well, you seem to be talking to James, but replied to a post of mine, >>>> so I'm not sure) >>>> >>>> >>>>> >>>>> 'belief' and 'ownership' are idiotic arcane notions of anthropocentric >>>>> type amygdala activity >>>>> >>>>> https://archive.org/details/The_Shock_Doctrine.The_Rise_of_Disaster_C >>>>> ap it alism >>>> >>>> >>>> Is Klein some kind of radical anarcho communist? If not she probably >>>> subscribes to some notion of private property... >>>> >>>> >>>>> >>>>> this means you james > with a caveat that obama is a disgusting >>>>> reflection of the system and ppl were ill informed to think he wasnt > >>>>> i offer this piece by naomi klein in dispute of your 'ideology' seen >>>>> thru your crummy/flimmsy/pathetic analysis of aaron's work >>>>> >>>>> if you have seen it then you have no excuse for your mindset > if you >>>>> have not seen it i dare you to debate its consciousness >>>>> >>>>> >>>>> >>>>> On 1/8/14, Juan Garofalo wrote: >>>>>> >>>>>> >>>>>> --On Wednesday, January 08, 2014 6:59 AM -0500 Ulex Europae >>>>>> wrote: >>>>>> >>>>>>> At 02:07 AM 1/8/2014, Juan Garofalo wrote: >>>>>>> >>>>>>>> fucking americunt fascist. >>>>>>> >>>>>>> >>>>>>> Russian emigre. Yes there is a difference, and yes that is relevant. >>>>>> >>>>>> >>>>>> As a transplanted nationalist, she was even more rabid than home >>>>>> grown >>>>>> nationalists. That's the first(and only) difference that comes to >>>>>> mind... >>>>>> >>>>>> >>>>>> >>>>>> From carimachet at gmail.com Wed Jan 8 16:41:23 2014 From: carimachet at gmail.com (Cari Machet) Date: Thu, 9 Jan 2014 01:41:23 +0100 Subject: hacker != cracker (Re: Swartz, Weev & radical libertarian lexicon) In-Reply-To: <1669880.i7q9MSPtrc@lap> References: <52CAA24E.5060809@cathalgarvey.me> <2972567.HYi6RcCs9h@lap> <1669880.i7q9MSPtrc@lap> Message-ID: 1st off if someone is indigenous it is not the same as being native polish > mayb u r ignorant of indigenous information AND if an indigenous person wants to talk about it 2 times on a list i think that is interesting not something to censor > i am not interested in censoring or being censored that is one reason i am interested in opensource and you would think that if someone is interested in opensource they would b able to see how that is applicable beyond that of software and the ramifications therein otherwise i really dont need a daddy but thanks anyway - i find your comments incredibly rude and purposefully degrading and quite the contrary to your last sentence which calls for discussion > i dont think you are modeling any kind of way to be open to discussing at all as for your argument re the road i think it would not hold up in court as the road builder would never be held responsible > so in the US the state certifies roads afterwords so the state agency in the US anyway would be liable so... attacking someones form in an argument is really easy and doesnt show an expansive form from the attacker it just shows they lack a formidable argument and hence they loose credibliity and dont engage ethics which is really sad On 1/9/14, rysiek wrote: > Dnia czwartek, 9 stycznia 2014 00:23:50 Cari Machet pisze: >> ok mayb i was a little over zealous > i am native american prone to >> being close to life > > > Why do you keep bringing your native-americanness in every otehr post is > beyond me. I'm a native Pole, somebody here is probably a native German, > what > does it have to do with anything? Just drop it already. > >> so if i build a road and you have a car wreck on it shld i b liable if >> you kill someone with your car ???? > > It would also be beneficial to all parties involved if you read the e-mails > > you're (supposedly) answering to, and tried to choose analogies > accordingly. > > But answering your question: if there is a demonstrable fault in the way the > > road was built -- for example, there is an *outward* slant at a turn on a > highway/motorway -- then I would say "to some extent, yes". To what extent? > > That's for the jury to decide, but if the fault contributed to the tragedy, > > the builder of the road is (partially) responsible. > > By the way, I would greatly appreciate you making the effort to respect the > > by-laws of the (let's call that) Internet-natives of this list, and using > English instead of the t33nz lulzspk tht u seem 2 b usng, kthx. If you want > to > encrypt your messages, use PGP instead of lulzspeak, it will work much > better. > >> plus it opens the door for other opensource 'heretical' laws to be >> promulgated on the citizenry for its 'protection' > > That's my problem with this idea, that's why I am floating it and asking for > a > discussion. Maybe there is a way to do it properly? > > -- > Pozdr > rysiek -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. From carimachet at gmail.com Wed Jan 8 17:06:58 2014 From: carimachet at gmail.com (Cari Machet) Date: Thu, 9 Jan 2014 02:06:58 +0100 Subject: [cryptography] To Protect and Infect Slides In-Reply-To: <20140109001028.2D6CE22810E@palinka.tinho.net> References: <20140109001028.2D6CE22810E@palinka.tinho.net> Message-ID: On 1/9/14, dan at geer.org wrote: > > > ...snip... > > taxation becomes tithing for the atheistic 'church of state' that > > has as its communion a monetary unit separated from its truth > > > > this enforcement of taxation by ideologues is confirmation of faith > > in money as value, as morality, as highest framework of evaluation, > > money determining authority, status, 'goodness', success, "truth" > > ...snip... > > > Yours is timeless wisdom and more, for the love of money is the root > of all evil yet ours is to give unto Caesar that which is Caesar's. > > Hence speaking as someone who works in Washington (though I suspect > any capitol would be as much), if you don't have money to dole out, > then nothing in the bureaucracy will give you the time of day since > you are temporary where they are not. > i disagree > remember the covers of newspapers when the handicap woman got out of her wheelchair and was climbing on the capital steps protesting > they won many rights after the huge protest >>> the cynical idea that we are powerless is just the level the social engineering of the neo liberal fascist state wants ppl to perform on -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. From rysiek at hackerspace.pl Wed Jan 8 17:16:38 2014 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 09 Jan 2014 02:16:38 +0100 Subject: hacker != cracker (Re: Swartz, Weev & radical libertarian lexicon) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <1669880.i7q9MSPtrc@lap> Message-ID: <1535820.hEQ6okzVhs@lap> OHAI, As somebody noted in some other thread here lately, "well, that escalated quickly". Dnia czwartek, 9 stycznia 2014 01:41:23 Cari Machet pisze: > 1st off if someone is indigenous it is not the same as being native > polish > mayb u r ignorant of indigenous information AND if an > indigenous person wants to talk about it 2 times on a list i think > that is interesting not something to censor > i am not interested in censoring or being censored that is one reason i am > interested in opensource and you would think that if someone is interested > in opensource they would b able to see how that is applicable beyond that > of software and the ramifications therein 1. I am "indigenous Polish", how does that make me worse or better than you? 2. I am not censoring anything, simply noting that you have already remarked on you being a "native American" and that I think we all got that. I have no idea why you find it necessary to underline that fact so much, but hey, be my guest. You have the full right to do so -- as I have the right to remark on how unnecessary and completely unrelated to anything discussed in this thread it actually is (I'm sure there are better places to discuss this particular topic). > otherwise i really dont need a daddy but thanks anyway - i find your > comments incredibly rude and purposefully degrading and quite the > contrary to your last sentence which calls for discussion > i dont > think you are modeling any kind of way to be open to discussing at all M'kay, thanks for sharing. > as for your argument re the road i think it would not hold up in court > as the road builder would never be held responsible > so in the US the > state certifies roads afterwords so the state agency in the US anyway > would be liable so... Okay, so the party responsible for the road. Fine by me -- in the case of software that would be the party that sub-licenses/sells it further. So not the guy who wrote the code for Microsoft, but Microsoft as the vendor (at least from the end-user perspective). > attacking someones form in an argument is really easy and doesnt show > an expansive form from the attacker it just shows they lack a > formidable argument and hence they loose credibliity and dont engage > ethics which is really sad On the other hand, requiring the other party to an argument to formulate their thoughts clearly and intelligibly helps the discussion and allows for better understanding, and better argumentation. I fail to see how asking you to write in a more clear manner, especially on a list many subscribers of which are not native English speakers, is an "attack on a form". Can we now please leave the linguistics and nationalities behind us and focus on what could be more aptly considered on-topic here? -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From carimachet at gmail.com Wed Jan 8 18:09:34 2014 From: carimachet at gmail.com (Cari Machet) Date: Thu, 9 Jan 2014 03:09:34 +0100 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <31C43CA45701FA73B0E329DB@F74D39FA044AA309EAEA14B9> References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5B79.1060801@echeque.com> <50CA74F4E6FD2613A83583BE@F74D39FA044AA309EAEA14B9> <52CCECB8.3080405@echeque.com> <2468912273B405E314C5CF49@F74D39FA044AA309EAEA14B9> <52cd3daf.858a440a.6a4e.3bbf@mx.google.com> <31C43CA45701FA73B0E329DB@F74D39FA044AA309EAEA14B9> Message-ID: the notion that an idea of private property as all encompassing is banal > there are no absolutes but to parse it for you believing in something is about religion which is smoke and mirrors + the public sphere is waning if you havent noticed but its not so much an emergency but an emergence of the collective ... an opportunity > your choice to be mindful of the reality or not klein is an economist On 1/9/14, Juan Garofalo wrote: > > > --On Wednesday, January 08, 2014 11:11 PM +0100 Cari Machet > wrote: > >> to all the libratarians on the planet that 'believe' in ownership > > In case you're addressing me... =P > > (well, you seem to be talking to James, but replied to a post of mine, so > I'm not sure) > > >> >> 'belief' and 'ownership' are idiotic arcane notions of anthropocentric >> type amygdala activity >> >> https://archive.org/details/The_Shock_Doctrine.The_Rise_of_Disaster_Capit >> alism > > > Is Klein some kind of radical anarcho communist? If not she probably > subscribes to some notion of private property... > > >> >> this means you james > with a caveat that obama is a disgusting >> reflection of the system and ppl were ill informed to think he wasnt > >> i offer this piece by naomi klein in dispute of your 'ideology' seen >> thru your crummy/flimmsy/pathetic analysis of aaron's work >> >> if you have seen it then you have no excuse for your mindset > if you >> have not seen it i dare you to debate its consciousness >> >> >> >> On 1/8/14, Juan Garofalo wrote: >>> >>> >>> --On Wednesday, January 08, 2014 6:59 AM -0500 Ulex Europae >>> wrote: >>> >>>> At 02:07 AM 1/8/2014, Juan Garofalo wrote: >>>> >>>>> fucking americunt fascist. >>>> >>>> >>>> Russian emigre. Yes there is a difference, and yes that is relevant. >>> >>> >>> As a transplanted nationalist, she was even more rabid than home grown >>> nationalists. That's the first(and only) difference that comes to >>> mind... >>> >>> >>> >>> >>> >>>> >>>> --ue >>>> >>>> >>> >>> >>> >> >> >> -- >> Cari Machet >> NYC 646-436-7795 >> carimachet at gmail.com >> AIM carismachet >> Syria +963-099 277 3243 >> Amman +962 077 636 9407 >> Berlin +49 152 11779219 >> Twitter: @carimachet >> >> Ruh-roh, this is now necessary: This email is intended only for the >> addressee(s) and may contain confidential information. If you are not the >> intended recipient, you are hereby notified that any use of this >> information, dissemination, distribution, or copying of this email >> without >> permission is strictly prohibited. >> > > > -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. From carimachet at gmail.com Wed Jan 8 19:10:31 2014 From: carimachet at gmail.com (Cari Machet) Date: Thu, 9 Jan 2014 04:10:31 +0100 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5B79.1060801@echeque.com> <50CA74F4E6FD2613A83583BE@F74D39FA044AA309EAEA14B9> <52CCECB8.3080405@echeque.com> <2468912273B405E314C5CF49@F74D39FA044AA309EAEA14B9> <52cd3daf.858a440a.6a4e.3bbf@mx.google.com> <31C43CA45701FA73B0E329DB@F74D39FA044AA309EAEA14B9> Message-ID: On 1/9/14, Juan Garofalo wrote: > Let's say I grow my own food. Do you think I'm the onwer of the food I > grow? Or maybe some people, let's call them the 'government', have a > 'right' to my food? if u really want to know what i think then u need to know my thought processies are not like "white" ppl > ideas of ownership are foreign to me i am native american and most tribes though they lived in areas didnt consider ownership of them but a co-creative partnership - re: food > when my people hunted buffalo in the plains they didnt just indiscriminately kill buffalo they weeded the herd and were mindful to examine how they could be of help to the herd it was only intelligent to do so as it kept their source of food and clothing healthy and vibrant but also it was respectful of life so there are people that give food away for free right now today > why would they do that? > > If I'm not the 'absolute' owner of my person and what I produce, who is > it? well i think ideas are in the air and we build on the shoulders of giants so production is owed down thru the ages and i think there isnt really a you basically > your first form i would say is life itself and you are made mostly of water and some minerals (dirt) and when you 'die' your body dissipates like a cloud - i dont think 'you' die i think you just transform so there is no 'you' to have ownership > would you say life owns life ? that would be odd > i think ownership is an illusion i also think you didnt make yourself so that would be a glitch in your argument > i mean i think you had a bit to say in the matter but we are very limited mathematical concoctions (gorgeously made and amazing but limited) we cant presently manufacture ourselves in order to "own" ourselves but even then we wouldnt be independent of life itself so ... > maybe in future we will manufacture ourselves but there is probably going to be a divisive factor in the manufacturing of life forms (divisive as in schism - not workin so good - should be interesting but already happening w/ monsanto actually so...) i think the idea of ownership was made by rulers (seen thru millenia but look at the magna carta which will be 800 in 2015) i want as little to do with rulers thought patterns and functioning as possible > > > > >> but to parse it for you believing in >> something is about religion which is smoke and mirrors + the public >> sphere is waning if you havent noticed > > > Not sure what you mean by the public sphere, but what I understand by the > public sphere isn't exactly waning. > > > >> but its not so much an >> emergency but an emergence of the collective ... an opportunity > your >> choice to be mindful of the reality or not >> >> klein is an economist > > yeah well, so were keynes and marx. Or at least there are people who think > they were 'economists'... > > > >> >> On 1/9/14, Juan Garofalo wrote: >>> >>> >>> --On Wednesday, January 08, 2014 11:11 PM +0100 Cari Machet >>> wrote: >>> >>>> to all the libratarians on the planet that 'believe' in ownership >>> >>> In case you're addressing me... =P >>> >>> (well, you seem to be talking to James, but replied to a post of mine, >>> so I'm not sure) >>> >>> >>>> >>>> 'belief' and 'ownership' are idiotic arcane notions of anthropocentric >>>> type amygdala activity >>>> >>>> https://archive.org/details/The_Shock_Doctrine.The_Rise_of_Disaster_Cap >>>> it alism >>> >>> >>> Is Klein some kind of radical anarcho communist? If not she probably >>> subscribes to some notion of private property... >>> >>> >>>> >>>> this means you james > with a caveat that obama is a disgusting >>>> reflection of the system and ppl were ill informed to think he wasnt > >>>> i offer this piece by naomi klein in dispute of your 'ideology' seen >>>> thru your crummy/flimmsy/pathetic analysis of aaron's work >>>> >>>> if you have seen it then you have no excuse for your mindset > if you >>>> have not seen it i dare you to debate its consciousness >>>> >>>> >>>> >>>> On 1/8/14, Juan Garofalo wrote: >>>>> >>>>> >>>>> --On Wednesday, January 08, 2014 6:59 AM -0500 Ulex Europae >>>>> wrote: >>>>> >>>>>> At 02:07 AM 1/8/2014, Juan Garofalo wrote: >>>>>> >>>>>>> fucking americunt fascist. >>>>>> >>>>>> >>>>>> Russian emigre. Yes there is a difference, and yes that is relevant. >>>>> >>>>> >>>>> As a transplanted nationalist, she was even more rabid than home >>>>> grown >>>>> nationalists. That's the first(and only) difference that comes to >>>>> mind... >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>> >>>>>> --ue >>>>>> >>>>>> >>>>> >>>>> >>>>> >>>> >>>> >>>> -- >>>> Cari Machet >>>> NYC 646-436-7795 >>>> carimachet at gmail.com >>>> AIM carismachet >>>> Syria +963-099 277 3243 >>>> Amman +962 077 636 9407 >>>> Berlin +49 152 11779219 >>>> Twitter: @carimachet >>>> >>>> Ruh-roh, this is now necessary: This email is intended only for the >>>> addressee(s) and may contain confidential information. If you are not >>>> the intended recipient, you are hereby notified that any use of this >>>> information, dissemination, distribution, or copying of this email >>>> without >>>> permission is strictly prohibited. >>>> >>> >>> >>> >> >> >> -- >> Cari Machet >> NYC 646-436-7795 >> carimachet at gmail.com >> AIM carismachet >> Syria +963-099 277 3243 >> Amman +962 077 636 9407 >> Berlin +49 152 11779219 >> Twitter: @carimachet >> >> Ruh-roh, this is now necessary: This email is intended only for the >> addressee(s) and may contain confidential information. If you are not the >> intended recipient, you are hereby notified that any use of this >> information, dissemination, distribution, or copying of this email >> without >> permission is strictly prohibited. >> > > > -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. From gwen at cypherpunks.to Thu Jan 9 04:29:30 2014 From: gwen at cypherpunks.to (gwen hastings) Date: Thu, 09 Jan 2014 04:29:30 -0800 Subject: godwins law, detweiler, and anons... awesome (Re: the idiot cari machet In-Reply-To: <20140109110918.GB13016@netbook.cypherspace.org> References: <20140109110918.GB13016@netbook.cypherspace.org> Message-ID: <52CE962A.9070906@cypherpunks.to> Hi Adam, there is something to be said for NOT having the mentally unstable controlling the security and integrity of your network... :) particulary if they are in the middle of a psychotic break and acting generally unhinged, and having 86 accounts NOT as a yp spread account(remember the year) the university felt was excessive and had been looking into his activities for sometime in light of the numerous complaints they received about him it seems. The final day engineered by MEDUSA and tentacle #69 was just the straw that broke the camels back from what I heard.. gh ps the real scream of the whole sitrep is that Detweilers ravings and overactive imagination created the very monster that he feared and having been created the monster ultimately was his actual undoing. On 1/9/14 3:09 AM, Adam Back wrote: > Awesome, some anon-remailer input also :) Godwins law invocation to > boot. We've got it all now. > Well it'd be nice if T C May would come back to the party, other than that. > > Adam > > ps I never got the fascination with detweiler nor baiting, and ultimately > apparently self-destructing him. I guess I must've hit 'n' too many times > at the time because I never heard of the reply-block hack (though that is > kind of cool). Probably overly mean if he was mentally unstable though to > sabotage his job. > > On Thu, Jan 09, 2014 at 05:30:43AM +0100, Anonymous Remailer (austria) > wrote: >> On being nice/polite to fucking driveling idiots >> one word dont.. >> and those who make claims of being indigenous, pure blood etc "native >> american? >> >> JUST more FUCKING RACE NAZI(s)! what we are suppose to model for fucking >> professional "victims" like Cari Machett?? Native Amerindian?? -- Tentacle #99 ecc public key curve p256 -AW+vBIY$52KnQ8PeaVK^^;agVAU#1w< On being nice/polite to fucking driveling idiots one word dont.. and those who make claims of being indigenous, pure blood etc "native american? JUST more FUCKING RACE NAZI(s)! what we are suppose to model for fucking professional "victims" like Cari Machett?? Native Amerindian?? GIVE ME A FUCKING BREAK.. what? are we supposed to feel sorry for you mother FUCKING IDIOT.. this list goes WAY BEYOND your fucking worry about who your unknown daddy was and the socialist fucking drivel you spout.. What fucking rock did you crawl out from under with your victim protests?? Debate a obvious socialist? like arguing with Xtians about how the calculate the number of "Angels dancing on the head of a pin" And libertarians are even worse!! Dont even get me started on that bitch Rand and her follower greenspan :) ok I have insulted pure bloods, invoked godwins law made deliberate mispellings and abused various soft in the head types. Now may I have a drink of water!! fucking idiots!! From carimachet at gmail.com Wed Jan 8 21:17:18 2014 From: carimachet at gmail.com (Cari Machet) Date: Thu, 9 Jan 2014 06:17:18 +0100 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <10023B3A2CDB711652B7F0AC@F74D39FA044AA309EAEA14B9> References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5B79.1060801@echeque.com> <50CA74F4E6FD2613A83583BE@F74D39FA044AA309EAEA14B9> <52CCECB8.3080405@echeque.com> <2468912273B405E314C5CF49@F74D39FA044AA309EAEA14B9> <52cd3daf.858a440a.6a4e.3bbf@mx.google.com> <31C43CA45701FA73B0E329DB@F74D39FA044AA309EAEA14B9> <10023B3A2CDB711652B7F0AC@F74D39FA044AA309EAEA14B9> Message-ID: On 1/9/14, Juan Garofalo wrote: > > Well, but didn't they, using 'white' terminology, jointly owned the land > they were living in? (and then whites came along and stole...) this may explain a little more http://www.barefootsworld.net/seattle.html yes "white terminology" holds white CONCEPTS as do words in my tribe the blackfoot and other tribes languages i am also cherokee for instance the word "floor" does not exist because things are noted as actions so it is "flooring" because things are not stagnant they are active > everything is animated there are no inanimate and animate objects all are animate you may hear people say the whites 'stole' the land but what they did was move the people ... kill them etc they did not live in concert etc > do you know the story of lewis and clark by the way it shows how the 'indians' lived > very different > Anyway, ownership of natural resources is a bit more complex (or harder to > define) than ownership through labor, that's why I mentioned growing food > (which involves personal labor) > i am not sure mayb make an argument as to why it is different > > > > That's fine. My question would be : If a tribe(?) took care of certain > buffalo herd, did they have the 'right' (or choose whatever word is > appropiate here) to hunt it and use the products? Or would it be OK for a > tribe living nearby to 'steal' the herd from them? > i know of these instances yes but the land was vast so ... they moved on ... no i dont think they saw it as particularly 'ok' and they made confederacies and agreements regarding these issues - they had community agreements which they worked together to come to also fyi they had chiefs yes but they had different councils that made decisions they still function in this way and what your role was was what you were naturally good at - they didnt try to make people into something they were not > > Because they want to? It's their food and they do with it whatever they > please =P funny > > Now, what if some people don't want to give their food away for free, and > a different group of people takes it by force? > > What if some people spends their labor producing something and other > people come along and get the products, for free, against the will of the > producers? That sonds like slavery to me, and I'd risk saying that it's > been recognized as slavery since a long time ago, and in all parts of the > world. > thats what we have now with neo liberal capitalism > > > >> >>> >>> If I'm not the 'absolute' owner of my person and what I produce, who is >>> it? >> >> well i think ideas are in the air and we build on the shoulders of >> giants > > That is true regarding ideas and knowledge (though things need to be > re-learnt at the individual level, of course...) - but I'm talking more > about physical production than intelectual production. i meant physical production too - i mean do you understand how many hundreds of years it took life to come up with the spoon > just a spoon that took a ton of time and energy and really i see myself as no different than a spoon > >>so production is owed down thru the ages and i think there isnt >> really a you basically > your first form i would say is life itself >> and you are made mostly of water and some minerals (dirt) and when you >> 'die' your body dissipates like a cloud - i dont think 'you' die i >> think you just transform > > > Well, maybe, but individual consciousness seems to exist. Regardless of > you and budhists calling it an illusion =P i never said that i think in terms of co-creativity > > >> >> so there is no 'you' to have ownership > would you say life owns life >> ? that would be odd > i think ownership is an illusion i also think >> you didnt make yourself so that would be a glitch in your argument > > > Living things are kinda self-assembling...Though I didn't argue that I > 'own myself' because I 'made myself'. I'm talking about external property. no i was extending and making an argument > but how do you think you "own" yourself? > > My argument is : I own this tomato plant because I took the trouble to > cultivate it. BUT what about the tomato plant it took more "trouble" than u i would say - in ur world does it have "ownership" > > >> i >> mean i think you had a bit to say in the matter but we are very >> limited mathematical concoctions (gorgeously made and amazing but >> limited) we cant presently manufacture ourselves in order to "own" >> ourselves but even then we wouldnt be independent of life itself > > No, we wouldn't. > > Also, you correctly point out that 'we' didn't 'make' ourselves, but are > you suggesting that we were 'made' by someone else/some kind of > entity/moral agent/or? F no and i dont think there was a big bang either or a beginning i think life is a spiral cone time and space are - i dont think time is linear see deleuze and guattari > but native americans think like that too >> >> i think the idea of ownership was made by rulers (seen thru millenia >> but look at the magna carta which will be 800 in 2015) i want as >> little to do with rulers thought patterns and functioning as possible > > > I think property is an extension of personal freedom, and so it's > actually anathema to rulers. i think property is a coffin BUT i understand what you mean how it could be seen that way actually it really is a multidimensional issue but overall i see that history - and my own inner gut - shows that having community is a more fully effective way of living than individualism BUT also i think rulers will turn anything they can into something fucked up > > magna carta is as far as I can tell a document dealing with two factions > of the ruling class - the 'noblemen', also known as oligarchy and the > monarchic party (actually a different faction of the oligarchy) yes that was my point those are the people that are so interested in property rights > hey ya know the largest land owner in manhattan ?? catholic church... know the second largest property owner in manhattan ?? episcopal church ... what i think they have socially engineered is the protection of ruling class property rights and convinced the people it serves them - it does not !! otherwise everyone would have food and clean water and a place to live (its not that much to ask for) really it doesnt serve humanity or life force either to have such levels of separation between ppl because of who they were born to, where etc > > > > >> >> > >>> >>>> but to parse it for you believing in >>>> something is about religion which is smoke and mirrors + the public >>>> sphere is waning if you havent noticed >>> >>> >>> Not sure what you mean by the public sphere, but what I understand by >>> the public sphere isn't exactly waning. >>> >>> >>> >>>> but its not so much an >>>> emergency but an emergence of the collective ... an opportunity > your >>>> choice to be mindful of the reality or not >>>> >>>> klein is an economist >>> >>> yeah well, so were keynes and marx. Or at least there are people who >>> think they were 'economists'... >>> >>> >>> >>>> >>>> On 1/9/14, Juan Garofalo wrote: >>>>> >>>>> >>>>> --On Wednesday, January 08, 2014 11:11 PM +0100 Cari Machet >>>>> wrote: >>>>> >>>>>> to all the libratarians on the planet that 'believe' in ownership >>>>> >>>>> In case you're addressing me... =P >>>>> >>>>> (well, you seem to be talking to James, but replied to a post of >>>>> mine, >>>>> so I'm not sure) >>>>> >>>>> >>>>>> >>>>>> 'belief' and 'ownership' are idiotic arcane notions of >>>>>> anthropocentric >>>>>> type amygdala activity >>>>>> >>>>>> https://archive.org/details/The_Shock_Doctrine.The_Rise_of_Disaster_C >>>>>> ap it alism >>>>> >>>>> >>>>> Is Klein some kind of radical anarcho communist? If not she probably >>>>> subscribes to some notion of private property... >>>>> >>>>> >>>>>> >>>>>> this means you james > with a caveat that obama is a disgusting >>>>>> reflection of the system and ppl were ill informed to think he wasnt >>>>>> > >>>>>> i offer this piece by naomi klein in dispute of your 'ideology' seen >>>>>> thru your crummy/flimmsy/pathetic analysis of aaron's work >>>>>> >>>>>> if you have seen it then you have no excuse for your mindset > if you >>>>>> have not seen it i dare you to debate its consciousness >>>>>> >>>>>> >>>>>> >>>>>> On 1/8/14, Juan Garofalo wrote: >>>>>>> >>>>>>> >>>>>>> --On Wednesday, January 08, 2014 6:59 AM -0500 Ulex Europae >>>>>>> wrote: >>>>>>> >>>>>>>> At 02:07 AM 1/8/2014, Juan Garofalo wrote: >>>>>>>> >>>>>>>>> fucking americunt fascist. >>>>>>>> >>>>>>>> >>>>>>>> Russian emigre. Yes there is a difference, and yes that is >>>>>>>> relevant. >>>>>>> >>>>>>> >>>>>>> As a transplanted nationalist, she was even more rabid than home >>>>>>> grown >>>>>>> nationalists. That's the first(and only) difference that comes to >>>>>>> mind... >>>>>>> >>>>>>> >>>>>>> >>>>>>> > > -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. From hettinga at gmail.com Thu Jan 9 03:35:36 2014 From: hettinga at gmail.com (Robert Hettinga) Date: Thu, 9 Jan 2014 07:35:36 -0400 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5B79.1060801@echeque.com> <50CA74F4E6FD2613A83583BE@F74D39FA044AA309EAEA14B9> <52CCECB8.3080405@echeque.com> <2468912273B405E314C5CF49@F74D39FA044AA309EAEA14B9> <52cd3daf.858a440a.6a4e.3bbf@mx.google.com> <31C43CA45701FA73B0E329DB@F74D39FA044AA309EAEA14B9> <10023B3A2CDB711652B7F0AC@F74D39FA044AA309EAEA14B9> Message-ID: <4A1DC9FE-A9EF-402C-8108-086A16B0E3D3@gmail.com> On Jan 9, 2014, at 1:17 AM, Cari Machet wrote: > this may explain a little more > > http://www.barefootsworld.net/seattle.html I’m laughing, now. Very hard. A bunch of crypto-marxist happy horseshit from a 1972 made-for-TV movie. Cheers, RAH -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 496 bytes Desc: Message signed with OpenPGP using GPGMail URL: From adam at cypherspace.org Thu Jan 9 03:03:57 2014 From: adam at cypherspace.org (Adam Back) Date: Thu, 9 Jan 2014 12:03:57 +0100 Subject: hacker != cracker (Re: Swartz, Weev & radical libertarian lexicon) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <20140107221552.GA30141@netbook.cypherspace.org> <4963866.WpBD6rzBPb@lap> <20140108160339.GB5008@netbook.cypherspace.org> Message-ID: <20140109110357.GA13016@netbook.cypherspace.org> How about a disclosure post-mortem, cant be sued, jailed or assets frozen then. Its maybe an interesting thought if there are some quite old or life-threated medical problems people who coincidentally are subject to gags or self-imposed silence for personal safety for things they strongly feel should be in the public knowledge.. Adam On Wed, Jan 08, 2014 at 08:04:44PM -0600, brian carroll wrote: > coderman wrote: > Â > > i am exploring a gambit for disclosure post-statute-of-limitations, > but even this protection seems meager and risky. > > (that is a beautiful idea) From adam at cypherspace.org Thu Jan 9 03:09:18 2014 From: adam at cypherspace.org (Adam Back) Date: Thu, 9 Jan 2014 12:09:18 +0100 Subject: godwins law, detweiler, and anons... awesome (Re: the idiot cari machet In-Reply-To: References: Message-ID: <20140109110918.GB13016@netbook.cypherspace.org> Awesome, some anon-remailer input also :) Godwins law invocation to boot. We've got it all now. Well it'd be nice if T C May would come back to the party, other than that. Adam ps I never got the fascination with detweiler nor baiting, and ultimately apparently self-destructing him. I guess I must've hit 'n' too many times at the time because I never heard of the reply-block hack (though that is kind of cool). Probably overly mean if he was mentally unstable though to sabotage his job. On Thu, Jan 09, 2014 at 05:30:43AM +0100, Anonymous Remailer (austria) wrote: >On being nice/polite to fucking driveling idiots >one word dont.. >and those who make claims of being indigenous, pure blood etc "native american? > >JUST more FUCKING RACE NAZI(s)! what we are suppose to model for fucking >professional "victims" like Cari Machett?? Native Amerindian?? From loki at obscura.com Thu Jan 9 12:17:09 2014 From: loki at obscura.com (Lance Cottrell) Date: Thu, 9 Jan 2014 12:17:09 -0800 Subject: "Reset Safari" doesn't really clean all the cookies of Safari web browser In-Reply-To: <1978954.M916JVyCnL@lap> References: <20140109172522.GA75251@eldar.cz> <1978954.M916JVyCnL@lap> Message-ID: <582B7C0E-F21C-403B-AED5-DC30F35A20A0@obscura.com> Use a virtual machine then roll back after each session. -- Lance Cottrell Sent from my iPad > On Jan 9, 2014, at 11:38 AM, rysiek wrote: > > Dnia czwartek, 9 stycznia 2014 18:25:22 Klokanek pisze: >> http://eldar.cz/kangaroo/binarni-sxizofrenie/apple-safari-cookies-clean.html > > I think that's actually the case with all the browsers. Consider: > http://en.wikipedia.org/wiki/Evercookie > > We need to create a way to easily delete everything related to a given > website, or simply everything -- be it LocalStorage, Flash cookies and > whatnot. > > -- > Pozdr > rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2318 bytes Desc: not available URL: From carimachet at gmail.com Thu Jan 9 03:35:35 2014 From: carimachet at gmail.com (Cari Machet) Date: Thu, 9 Jan 2014 12:35:35 +0100 Subject: godwins law, detweiler, and anons... awesome (Re: the idiot cari machet In-Reply-To: <20140109110918.GB13016@netbook.cypherspace.org> References: <20140109110918.GB13016@netbook.cypherspace.org> Message-ID: aahhh i have heard this before i am racist because i talk about being native american amazing so as i was protesting in berlin and fighting with a cop i explained because of my banner that i am native american and he immediately said "heil hitler" >> cops + hackers ? On 1/9/14, Adam Back wrote: > Awesome, some anon-remailer input also :) Godwins law invocation to boot. > We've got it all now. > > Well it'd be nice if T C May would come back to the party, other than that. > > Adam > > ps I never got the fascination with detweiler nor baiting, and ultimately > apparently self-destructing him. I guess I must've hit 'n' too many times > at the time because I never heard of the reply-block hack (though that is > kind of cool). Probably overly mean if he was mentally unstable though to > sabotage his job. > > On Thu, Jan 09, 2014 at 05:30:43AM +0100, Anonymous Remailer (austria) > wrote: >>On being nice/polite to fucking driveling idiots >>one word dont.. >>and those who make claims of being indigenous, pure blood etc "native >> american? >> >>JUST more FUCKING RACE NAZI(s)! what we are suppose to model for fucking >>professional "victims" like Cari Machett?? Native Amerindian?? > -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. From carimachet at gmail.com Thu Jan 9 04:04:12 2014 From: carimachet at gmail.com (Cari Machet) Date: Thu, 9 Jan 2014 13:04:12 +0100 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <4A1DC9FE-A9EF-402C-8108-086A16B0E3D3@gmail.com> References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5B79.1060801@echeque.com> <50CA74F4E6FD2613A83583BE@F74D39FA044AA309EAEA14B9> <52CCECB8.3080405@echeque.com> <2468912273B405E314C5CF49@F74D39FA044AA309EAEA14B9> <52cd3daf.858a440a.6a4e.3bbf@mx.google.com> <31C43CA45701FA73B0E329DB@F74D39FA044AA309EAEA14B9> <10023B3A2CDB711652B7F0AC@F74D39FA044AA309EAEA14B9> <4A1DC9FE-A9EF-402C-8108-086A16B0E3D3@gmail.com> Message-ID: i am not claiming natives to b beyond perfection > my point was they had a different relationship to "owning" and i reflect that mindset two of my great grandmothers were native one blackfoot one cherokee and you are not the first to be dismissive of my blood and wont be the last i find it sad the blackfoot hunted buffalo heres what happened with that (hint: white ppl ordered them killed in mass) http://www.pbs.org/wnet/nature/episodes/american-buffalo-spirit-of-a-nation/introduction/2183/ the blackfoot moved entirely to canada where they are today trying to retain their history and memories thru retaining their language re ownership some say if the french would have confronted the issue in their revolution mankind would be a bit further down the road - it isnt an easy task by far but worth discussing re chief seattle - stories i heard while living in seattle were that natives could not even walk on the same sidewalk as a white person and their right to fish was taken from them (this is still an issue) > how does that ad up in your world of individual ownership rights? On 1/9/14, Robert Hettinga wrote: > > On Jan 9, 2014, at 1:17 AM, Cari Machet wrote: > >> this may explain a little more >> >> http://www.barefootsworld.net/seattle.html > > I’m laughing, now. > > Very hard. > > A bunch of crypto-marxist happy horseshit from a 1972 made-for-TV movie. > > > Cheers, > RAH > > -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. From rysiek at hackerspace.pl Thu Jan 9 04:18:32 2014 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 09 Jan 2014 13:18:32 +0100 Subject: hacker != cracker (Re: Swartz, Weev & radical libertarian lexicon) In-Reply-To: <20140109110357.GA13016@netbook.cypherspace.org> References: <52CAA24E.5060809@cathalgarvey.me> <20140109110357.GA13016@netbook.cypherspace.org> Message-ID: <2327337.OGRZm46h1e@lap> Dnia czwartek, 9 stycznia 2014 12:03:57 Adam Back pisze: > How about a disclosure post-mortem, cant be sued, jailed or assets frozen > then. Its maybe an interesting thought if there are some quite old or > life-threated medical problems people who coincidentally are subject to gags > or self-imposed silence for personal safety for things they strongly feel > should be in the public knowledge.. How can you ensure that: 1. the message/material will in fact get published? 2. the messenger (the person actually publishing the data) is not "shot" (jailed, etc.) 3. your family will not feel repercussions? You could try ensuring 1. and 2. with a digital dead man's switch; the problem, of course, lies with ensuring that such a scheme would in fact work, and that it would not kick in before you are really dead (as opposed to "gone off the grid for 6 months"). The 3rd point is the really tricky one, I guess -- if, of course, you have a family. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From jamesd at echeque.com Wed Jan 8 19:59:18 2014 From: jamesd at echeque.com (James A. Donald) Date: Thu, 09 Jan 2014 13:59:18 +1000 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5B79.1060801@echeque.com> <50CA74F4E6FD2613A83583BE@F74D39FA044AA309EAEA14B9> <52CCECB8.3080405@echeque.com> <2468912273B405E314C5CF49@F74D39FA044AA309EAEA14B9> <52cd3daf.858a440a.6a4e.3bbf@mx.google.com> Message-ID: <52CE1E96.1070405@echeque.com> On 2014-01-09 08:11, Cari Machet wrote: > to all the libratarians on the planet that 'believe' in ownership > > 'belief' and 'ownership' are idiotic arcane notions of anthropocentric > type amygdala activity Have you ever wondered why whenever you guys succeed in doing away with private property, you wind up having to murder a sizable proportion of the population? I don't suppose you have, but if anyone does wonder, see my explanation "Why socialism needs killing fields" http://jim.com/killingfields.html From jamesd at echeque.com Wed Jan 8 21:20:36 2014 From: jamesd at echeque.com (James A. Donald) Date: Thu, 09 Jan 2014 15:20:36 +1000 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5B79.1060801@echeque.com> <50CA74F4E6FD2613A83583BE@F74D39FA044AA309EAEA14B9> <52CCECB8.3080405@echeque.com> <2468912273B405E314C5CF49@F74D39FA044AA309EAEA14B9> <52cd3daf.858a440a.6a4e.3bbf@mx.google.com> <31C43CA45701FA73B0E329DB@F74D39FA044AA309EAEA14B9> Message-ID: <52CE31A4.60101@echeque.com> On 2014-01-09 13:10, Cari Machet wrote: > if u really want to know what i think then u need to know my thought > processies are not like "white" ppl Are you one thirty second Indian, or one sixty fourth? > ideas of ownership are foreign to me i am native american and most > tribes though they lived in areas didnt consider ownership of them > but a co-creative partnership Bunkum: The Chocktaw owned black slaves and grew cotton. The slaves, the fields, and the cotton belonged to individual Chocktaw, not to the tribe. > when my people hunted buffalo in the plains they didnt just > indiscriminately kill buffalo they weeded the herd and were mindful > to examine how they could be of help to the herd How do you think the horse became extinct in the Americas, the mammoths, and all the rest? Whites report that Indians, when they got the chance, killed a very large number of buffalo and ate only the tongues. The South American Indians had better technology than the North American Indians, and killed almost everything larger than a dog. If the North American Indians had had metal, would have killed everthing larger than a rabbit. Colonel Calloway, at the urging of Daniel Boone, purchased the south side of the Kentucky River from the Indians. They spent the money in short order, and having spent the money, wanted the land back, starting a war against the whites, a war against Daniel Boone and Colonel Calloway, which turned out to be a really bad idea. This was the general pattern, repeated over and over, with land purchases leading to extraordinarily terrible Indian wars. By and large, Indian wars resulted from the short time preference of the Indians relative to the longer time preference of the whites. Indians would make bad deals, a lot of land for a little whiskey, then after the whites arrived and had created facts on the ground, the Indians would change their minds, even though it was by then far too late to change their minds. If the Indians had had reasonable time preference, they would have been able to hold out for a fair deal, and then stick to it. Once whites started to arrive, it was a really bad time for the Indians to turn around and break the deal, but nonetheless it was usually the Indians that broke the deal, usually by abducting children, sometimes by scalping children and burning them alive. Not only would they break the deal, but break it at the worst time for themselves, in the worst way for themselves, and in the most evil and horrible possible way. From grarpamp at gmail.com Thu Jan 9 13:06:24 2014 From: grarpamp at gmail.com (grarpamp) Date: Thu, 9 Jan 2014 16:06:24 -0500 Subject: [p2p-hackers] The next gen P2P secure email solution In-Reply-To: <52BD4826.3070309@broadley.org> References: <52BD4826.3070309@broadley.org> Message-ID: On Fri, Dec 27, 2013 at 4:28 AM, Bill Broadley wrote: > On 12/24/2013 01:20 AM, grarpamp wrote: >> grarpamp... >> Bittorrent is already in the 100m node range. > > Numbers I've seen show 8-10M for users in the DHT at any one time. If > it's actually 100M all the better. I think if you load Vuze with the mlDHT plugin you'll often see 150m users online. >> That's not enough. This >> needs to replace every possible messaging user on the planet over >> the duration of their actiive lifetime. That's at least a couple billion nodes. >> Don't forget, you can always use disk to cache things. > > Considering the DHT already scales to 2^23 peers, what causes you to > think the next 2^7th is going to cause problems? Especially when router > table and traffic increases with the log(peers)? > > Current bittorrent clients often have 20 bins in use, tracking about 160 > peers per 15 minutes. That would only change toe 27 bins (216 hosts) > for 1 billion peers. Seems workable to me. Did you have some specific > concerns? If a DHT can scale to say 10B nodes while performing lookup on an unknown key in say a minute or less [1], that sounds like a great start. Are there such designs in effect? The concern is that we don't appear to have any decentralized p2p messaging network today that is anywhere near that large. When you ask the current big ones (BT, Tor, I2P, cjdns, etc) they don't seem to have a scale solution, be they filesharing, transport, messaging, etc. [1] Perhaps reasonable latency for delivery of mail across an anonymous transport (aka: circuit setup time, uncached) may be a few minutes or so. From odinn.cyberguerrilla at riseup.net Thu Jan 9 16:29:47 2014 From: odinn.cyberguerrilla at riseup.net (Odinn Cyberguerrilla) Date: Thu, 9 Jan 2014 16:29:47 -0800 Subject: [p2p-hackers] The next gen P2P secure email solution In-Reply-To: References: <52BB76A6.2000606@matthew.at> <52C105F2.6060606@iang.org> Message-ID: <9ccc605769d6bb691b7da892653f9586.squirrel@fulvetta.riseup.net> my slightly selfish plug for my recent blog post on open source / decentralization / etc. | | V "please read and share (or comment on, critique, use as virtual toilet paper, etc..." :-) https://odinn.cyberguerrilla.org/index.php/2014/01/02/opensourcebuildguide/ > On Mon, Dec 30, 2013 at 12:34 AM, ianG wrote: >> On 28/12/13 09:24 AM, grarpamp wrote: >>> >>> On Wed, Dec 25, 2013 at 7:21 PM, Matthew Kaufman >>> wrote: >>>> >>>> So there's already a system that until very recently did peer-to-peer >>>> delivery of messages over encrypted channels between hosts that >>>> participated >>>> in a peer-to-peer overlay. It was Skype. >>> >>> >>> Afaik, skype used a central lookup to get to unknown peers, not a DHT. >>> So they perhaps knew who wanted to talk to who. Of course now skype >>> is untrusted by anyone with a clue. >> >> >> So sad. I have a clue and don't trust Skype. But I can't for the life >> of >> me migrate my friends off of it. It's as addictive as crack. It's just >> better than the alternatives. >> >> As a serious business problem, if one wants to share documents on a >> frequent >> basis, which system would one choose for security? Skype, google docs >> aka >> drive, or something else? >> >> I need something that ordinary people can use. So no complicated >> "download >> this on 100 machines and ..." >> >> Also, should be free and can make a nice cup of coffee. > > There is slick, and then there is utility. I'm seeing some good utility > in a few of the listings on https://www.prism-break.org/ . When it comes > getting utility done, it's not to hard to introduce (even firmly) people > into using utilities. Slick helps, but it's not required, and will come in > time. Everyone throws up BS about adoption and thus nothing ever > gets built, or even researched, screw that, I say build it and see. > > I also question a few of those listings. > >>>> battery life... and when they're on 3G/4G, the bandwidth isn't as good >>>> and >>>> it can be very expensive, and it burns the battery up even faster. >>> >>> >>> Sure, there's a class of users that want this, a big class. They can >>> have and use their modified legacy centralized email as they wish. >>> There's another big class that want's something more than that. >>> >>> We're also going to see faster hardware, lighter code, and maybe >>> even wearable battery packs... because as you say, these users >>> want it all and are willing to go to almost any means to get it. >> >> >> I'm going to make a call here. I reckon that future phone bandwidth and >> batterywidth will be sufficient to close the gap, to the point that this >> problem goes away. >> >> So, moving away from p2p notions that are popular with the >> one-laptop-per-everyone western world would be the wrong strategy. >> >> Although it seems that the phone market is 'different' it is catching up >> fast in the things that matter. Right now, the only thing where they >> are >> arguably short is VoIP. Hell, they're happy watching utube on phones... >> >> But that's no problem because in today's world, what dominates is chat & >> apps. Lack of good VoIP over phones is just a short term issue. >> >> (It's a prediction, not a claim!) > > I agree with this hardware path, especially for the subject of p2p > secure messaging. > > I think voip is currently not a user priority on devices with a cell > stack because that > stack is already activated and paid for. With good apps and wider access > to free > wifi in particular, encrypted voip should take off. Or we will see > more use of cell > based IP plans. Another twist is going out of voiceband to get the key > material > of your peer, then with the more open phones out there, grab the cell > mic/vocoder/modem > on them and stuff your encrypted voice over that if voip doesn't work > at that moment. > But that's way off topic to p2p secure messaging... at least until > that hardware path > allows for p2p secure . > > >>>> These users want to be able to send and receive messages when their >>>> device >>>> is on, but the recipient's device isn't. Because most of the time, the >>>> recipient's device, even if they put it in their pocket 10 seconds >>>> ago, >>>> is >>>> already asleep, trying to preserve as much battery as possible. >>>> >>>> That pretty much eliminates all designs that do direct transfer from >>>> sender >>>> to receiver, irrespective of the traffic analysis risks of doing so. >>>> >>>> Additionally, it also means that nearly all the participant nodes are >>>> also >>>> unable to participate in a peer-to-peer overlay network, because they >>>> can't >>>> afford the network uptime (and consequent battery drain) necessary. >>> >>> >>> We're exploring ideas. What is to say we are able to develop into it >>> some >>> kind of automaton taho-lafs delivery storage nodes. Storing messages in >>> transit under some expiry policy is not a huge space concern. So who >>> knows. >>> >>> Maybe everyone with their uber important phones will end >>> up VPN to their home/colo servers where the horsepower is. >>> >>> Predicting mobile is hard. Throw more apps out there and your >>> $30-50/mo unlimited data plans go away. Now is everyone going >>> to pay $150+/mo for that? Where is free open wifi going to end up >>> spanning? And so many other things. >> >> >> In the market I'm in, people are very used to switching off Apps when >> they >> see the bandwidth being sucked. Just an observation... I think it's a >> problem that solves itself, a warning to developers that they have to >> think >> outside their tech box. > > Right... I think not everything has to run in RAM... we have a few GiB > to store the network state in, as a sliding tradeoff for reconnection > speed > when switching them back on. CPU is another available slider. So is > network rate/transfer limits. > > >>> What I think is clear is that there will for the far to indefinite >>> forseeable >>> future be some form of real workstation/laptop in the home and office. >>> Phones just can't replace that. Maybe we're seeing something in how >>> you see larger tablet/netbooks/laptops with headsets being carried >>> about >>> now as if it is natural. And lots of those people will want a highly >>> secure system to communicate over with their peers in this new >>> world of disgustingly gratuitous surveillance and databasing. >>> I would not underestimate the demand for that sort of a comms system. >> >> >> >> I see this as rather a rich western world observation. It probably >> works >> for Apple. It doesn't so much work in the non-rich world, where things >> are >> much more widely driven by Android, etc. > > I gather Africa does a lot of things with simple text messaging on > simple non-I/Android/MS/Unix phones. What is their path for phone tech > advancement, and when? > > Is it reasonable to expect to truly need to develop for more than the > 'West' as a userbase? Keep in mind the West now probably includes > China and many other places, so we're looking at more than 1B nodes > anyways. We probably mean 'Western class' of phones. And by the > time a p2p secure messaging platform the subject of this thread is > deployed in a handful of years, that class will be much more widespread. > So perhaps natural convergence of this software and hardware will occur. > > Yes there are West/first vs. second/third disparities, if everyone > waited we wouldn't have what 'western' tools we have today. > There are folks in the west that need them too, even to work on > solving those disparities, so it is not much of an argument to expect > to limit develop only for western class HW. > > See what you can build for intel/amd CPU's. > See what you can fit in ARM, snapdragon, android, etc. > > > >>>> ps. And then there's the other unsolved problem: If you do actually >>>> build >>>> a >>>> popular service that lets people securely exchange messages, the >>>> government >>>> comes with an order to reveal the content of the messages, and threats >>>> to >>>> lock up the principals if those demands aren't met. I wish I could >>>> tell >>>> you >>>> more stories about this, but of course I'm subject to the same sorts >>>> of >>>> non-disclosure that everyone else who's ever gotten one of those is. >>> >>> >>> That's why you should be doing the development of these new >>> protocols entirely within existing secure networks such as Tor >>> and I2P. And why you should bootstrap via peers instead of >>> clearnet authorities like Tor that can be shutdown... it's a little >>> less secure, but you can have in network authorities wrapped >>> in web of trust and then rejoin listening only to them later. And >>> if clearnet get''s that bad, it becomes a freedom of speech issue >>> which is well, SHTF time. >> >> >> >> Easy to say :) And then you meet your users, and they don't want that, >> they >> want something different. > > ie: I2P has it's main repo in .i2p and some anon developers. > > I don't see bootstrapping into the net via peers as 'unwanted', > they are your trusted real world friends for the most part. What > your app does after that with the network db it learns from that > doesn't necessarily need to involve your friend anymore. > > What don't they want? A little less initial security for a day while > the app crunches and sorts things out? Possibly selecting a trust chain > other than that introduced to them by their friend? Reading the > public consensus on that? > It sounds like the BS adoption issue people like to claim in > order to not build anything. > Granny learned to surf the net, so Johnny can learn to encrypt. > And both of them know how to read the manual. Seriously. > From carimachet at gmail.com Thu Jan 9 08:02:08 2014 From: carimachet at gmail.com (Cari Machet) Date: Thu, 9 Jan 2014 17:02:08 +0100 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5B79.1060801@echeque.com> <50CA74F4E6FD2613A83583BE@F74D39FA044AA309EAEA14B9> <52CCECB8.3080405@echeque.com> <2468912273B405E314C5CF49@F74D39FA044AA309EAEA14B9> <52cd3daf.858a440a.6a4e.3bbf@mx.google.com> <31C43CA45701FA73B0E329DB@F74D39FA044AA309EAEA14B9> <10023B3A2CDB711652B7F0AC@F74D39FA044AA309EAEA14B9> <4A1DC9FE-A9EF-402C-8108-086A16B0E3D3@gmail.com> Message-ID: heres some latest news on property rights trumps all stuff #CFAA http://hackread.com/hacker-arrested-for-exposing-rape-case-faces-more-jail-time-then-rapist/ On 1/9/14, Cari Machet wrote: > i am not claiming natives to b beyond perfection > my point was they > had a different relationship to "owning" and i reflect that mindset > two of my great grandmothers were native one blackfoot one cherokee > and you are not the first to be dismissive of my blood and wont be the > last i find it sad > > the blackfoot hunted buffalo heres what happened with that (hint: > white ppl ordered them killed in mass) > > http://www.pbs.org/wnet/nature/episodes/american-buffalo-spirit-of-a-nation/introduction/2183/ > > the blackfoot moved entirely to canada where they are today trying to > retain their history and memories thru retaining their language > > re ownership some say if the french would have confronted the issue in > their revolution mankind would be a bit further down the road - it > isnt an easy task by far but worth discussing > > re chief seattle - stories i heard while living in seattle were that > natives could not even walk on the same sidewalk as a white person and > their right to fish was taken from them (this is still an issue) > how > does that ad up in your world of individual ownership rights? > > On 1/9/14, Robert Hettinga wrote: >> >> On Jan 9, 2014, at 1:17 AM, Cari Machet wrote: >> >>> this may explain a little more >>> >>> http://www.barefootsworld.net/seattle.html >> >> I’m laughing, now. >> >> Very hard. >> >> A bunch of crypto-marxist happy horseshit from a 1972 made-for-TV movie. >> >> >> Cheers, >> RAH >> >> > > > -- > Cari Machet > NYC 646-436-7795 > carimachet at gmail.com > AIM carismachet > Syria +963-099 277 3243 > Amman +962 077 636 9407 > Berlin +49 152 11779219 > Twitter: @carimachet > > Ruh-roh, this is now necessary: This email is intended only for the > addressee(s) and may contain confidential information. If you are not the > intended recipient, you are hereby notified that any use of this > information, dissemination, distribution, or copying of this email without > permission is strictly prohibited. > -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. From grarpamp at gmail.com Thu Jan 9 14:04:42 2014 From: grarpamp at gmail.com (grarpamp) Date: Thu, 9 Jan 2014 17:04:42 -0500 Subject: [p2p-hackers] The next gen P2P secure email solution In-Reply-To: <52C105F2.6060606@iang.org> References: <52BB76A6.2000606@matthew.at> <52C105F2.6060606@iang.org> Message-ID: On Mon, Dec 30, 2013 at 12:34 AM, ianG wrote: > On 28/12/13 09:24 AM, grarpamp wrote: >> >> On Wed, Dec 25, 2013 at 7:21 PM, Matthew Kaufman >> wrote: >>> >>> So there's already a system that until very recently did peer-to-peer >>> delivery of messages over encrypted channels between hosts that >>> participated >>> in a peer-to-peer overlay. It was Skype. >> >> >> Afaik, skype used a central lookup to get to unknown peers, not a DHT. >> So they perhaps knew who wanted to talk to who. Of course now skype >> is untrusted by anyone with a clue. > > > So sad. I have a clue and don't trust Skype. But I can't for the life of > me migrate my friends off of it. It's as addictive as crack. It's just > better than the alternatives. > > As a serious business problem, if one wants to share documents on a frequent > basis, which system would one choose for security? Skype, google docs aka > drive, or something else? > > I need something that ordinary people can use. So no complicated "download > this on 100 machines and ..." > > Also, should be free and can make a nice cup of coffee. There is slick, and then there is utility. I'm seeing some good utility in a few of the listings on https://www.prism-break.org/ . When it comes getting utility done, it's not to hard to introduce (even firmly) people into using utilities. Slick helps, but it's not required, and will come in time. Everyone throws up BS about adoption and thus nothing ever gets built, or even researched, screw that, I say build it and see. I also question a few of those listings. >>> battery life... and when they're on 3G/4G, the bandwidth isn't as good >>> and >>> it can be very expensive, and it burns the battery up even faster. >> >> >> Sure, there's a class of users that want this, a big class. They can >> have and use their modified legacy centralized email as they wish. >> There's another big class that want's something more than that. >> >> We're also going to see faster hardware, lighter code, and maybe >> even wearable battery packs... because as you say, these users >> want it all and are willing to go to almost any means to get it. > > > I'm going to make a call here. I reckon that future phone bandwidth and > batterywidth will be sufficient to close the gap, to the point that this > problem goes away. > > So, moving away from p2p notions that are popular with the > one-laptop-per-everyone western world would be the wrong strategy. > > Although it seems that the phone market is 'different' it is catching up > fast in the things that matter. Right now, the only thing where they are > arguably short is VoIP. Hell, they're happy watching utube on phones... > > But that's no problem because in today's world, what dominates is chat & > apps. Lack of good VoIP over phones is just a short term issue. > > (It's a prediction, not a claim!) I agree with this hardware path, especially for the subject of p2p secure messaging. I think voip is currently not a user priority on devices with a cell stack because that stack is already activated and paid for. With good apps and wider access to free wifi in particular, encrypted voip should take off. Or we will see more use of cell based IP plans. Another twist is going out of voiceband to get the key material of your peer, then with the more open phones out there, grab the cell mic/vocoder/modem on them and stuff your encrypted voice over that if voip doesn't work at that moment. But that's way off topic to p2p secure messaging... at least until that hardware path allows for p2p secure . >>> These users want to be able to send and receive messages when their >>> device >>> is on, but the recipient's device isn't. Because most of the time, the >>> recipient's device, even if they put it in their pocket 10 seconds ago, >>> is >>> already asleep, trying to preserve as much battery as possible. >>> >>> That pretty much eliminates all designs that do direct transfer from >>> sender >>> to receiver, irrespective of the traffic analysis risks of doing so. >>> >>> Additionally, it also means that nearly all the participant nodes are >>> also >>> unable to participate in a peer-to-peer overlay network, because they >>> can't >>> afford the network uptime (and consequent battery drain) necessary. >> >> >> We're exploring ideas. What is to say we are able to develop into it some >> kind of automaton taho-lafs delivery storage nodes. Storing messages in >> transit under some expiry policy is not a huge space concern. So who >> knows. >> >> Maybe everyone with their uber important phones will end >> up VPN to their home/colo servers where the horsepower is. >> >> Predicting mobile is hard. Throw more apps out there and your >> $30-50/mo unlimited data plans go away. Now is everyone going >> to pay $150+/mo for that? Where is free open wifi going to end up >> spanning? And so many other things. > > > In the market I'm in, people are very used to switching off Apps when they > see the bandwidth being sucked. Just an observation... I think it's a > problem that solves itself, a warning to developers that they have to think > outside their tech box. Right... I think not everything has to run in RAM... we have a few GiB to store the network state in, as a sliding tradeoff for reconnection speed when switching them back on. CPU is another available slider. So is network rate/transfer limits. >> What I think is clear is that there will for the far to indefinite >> forseeable >> future be some form of real workstation/laptop in the home and office. >> Phones just can't replace that. Maybe we're seeing something in how >> you see larger tablet/netbooks/laptops with headsets being carried about >> now as if it is natural. And lots of those people will want a highly >> secure system to communicate over with their peers in this new >> world of disgustingly gratuitous surveillance and databasing. >> I would not underestimate the demand for that sort of a comms system. > > > > I see this as rather a rich western world observation. It probably works > for Apple. It doesn't so much work in the non-rich world, where things are > much more widely driven by Android, etc. I gather Africa does a lot of things with simple text messaging on simple non-I/Android/MS/Unix phones. What is their path for phone tech advancement, and when? Is it reasonable to expect to truly need to develop for more than the 'West' as a userbase? Keep in mind the West now probably includes China and many other places, so we're looking at more than 1B nodes anyways. We probably mean 'Western class' of phones. And by the time a p2p secure messaging platform the subject of this thread is deployed in a handful of years, that class will be much more widespread. So perhaps natural convergence of this software and hardware will occur. Yes there are West/first vs. second/third disparities, if everyone waited we wouldn't have what 'western' tools we have today. There are folks in the west that need them too, even to work on solving those disparities, so it is not much of an argument to expect to limit develop only for western class HW. See what you can build for intel/amd CPU's. See what you can fit in ARM, snapdragon, android, etc. >>> ps. And then there's the other unsolved problem: If you do actually build >>> a >>> popular service that lets people securely exchange messages, the >>> government >>> comes with an order to reveal the content of the messages, and threats to >>> lock up the principals if those demands aren't met. I wish I could tell >>> you >>> more stories about this, but of course I'm subject to the same sorts of >>> non-disclosure that everyone else who's ever gotten one of those is. >> >> >> That's why you should be doing the development of these new >> protocols entirely within existing secure networks such as Tor >> and I2P. And why you should bootstrap via peers instead of >> clearnet authorities like Tor that can be shutdown... it's a little >> less secure, but you can have in network authorities wrapped >> in web of trust and then rejoin listening only to them later. And >> if clearnet get''s that bad, it becomes a freedom of speech issue >> which is well, SHTF time. > > > > Easy to say :) And then you meet your users, and they don't want that, they > want something different. ie: I2P has it's main repo in .i2p and some anon developers. I don't see bootstrapping into the net via peers as 'unwanted', they are your trusted real world friends for the most part. What your app does after that with the network db it learns from that doesn't necessarily need to involve your friend anymore. What don't they want? A little less initial security for a day while the app crunches and sorts things out? Possibly selecting a trust chain other than that introduced to them by their friend? Reading the public consensus on that? It sounds like the BS adoption issue people like to claim in order to not build anything. Granny learned to surf the net, so Johnny can learn to encrypt. And both of them know how to read the manual. Seriously. From grarpamp at gmail.com Thu Jan 9 14:19:18 2014 From: grarpamp at gmail.com (grarpamp) Date: Thu, 9 Jan 2014 17:19:18 -0500 Subject: [cryptography] The next gen P2P secure email solution In-Reply-To: <20131224100911.GB20486@jack> References: <20131224100911.GB20486@jack> Message-ID: On Tue, Dec 24, 2013 at 5:09 AM, danimoth wrote: > On 24/12/13 at 04:20am, grarpamp wrote: >> This thread pertains specifically to the use of P2P/DHT models >> to replace traditional email as we know it today. There was >> a former similarly named thread on this that diverged... from the >> concept and challenge of P2P/DHT handling the transport and >> lookups... back to more traditional models. This thread does not >> care about those antique models, please do not take it there. > > A problem which could rise is the 'incentive' for peers to continuosly > providing bandwidth and disk space to store messages. I'm a simple dude, > with a mailflow of ~5 email per day. Why I should work for you, with > your ~10000 mail per day for all your mailing list? > > Somewhere on this list (or p2p-hackers?) there was a post of mine, > regardings an economic incentive between peers, which could be a > solution, but as always technical problems arose, like pricing the > services and a fair exchange between peers. There may be advantage to the security of your own traffic if you also handle the traffic of others. Economically, it's probably not right to expect 'free' transport in such a system. Though perhaps at minimum you should be expected to provide benefit to the network an equivalent of what you consume, including the extended cost to the net of your consumption. ie: in a multi-hop network your impact is not just over your own interface. And in an anonymous network it's most assuredly not right to force users to pay using non-anonymous payment methods. Though they may optionally do so if they wish. How close is the research on these issues to being codeable into actual p2p transports (whether anonymous (preferred) or not)? From klokanek at eldar.cz Thu Jan 9 09:25:22 2014 From: klokanek at eldar.cz (Klokanek) Date: Thu, 9 Jan 2014 18:25:22 +0100 Subject: "Reset Safari" doesn't really clean all the cookies of Safari web browser Message-ID: <20140109172522.GA75251@eldar.cz> http://eldar.cz/kangaroo/binarni-sxizofrenie/apple-safari-cookies-clean.html bye, k. ----- "Reset Safari" doesn't really clean all the cookies of Safari web browser ========================================================================= "Caches - This folder has the potential to be a gold mine of historical data for the examiner. The contents include information of application usage, web sites visited, buddy lists, downloaded files, etc. The best general advice that can be given regarding this directory is explore. Look in the folders here and see how the information may apply to your specific case. Keep in mind that many folders here will remain even after an application has been removed from the system" --Ryan R. Kubasiak, Investgator - New York State Police: Macintosh Forensics // http://www.appleexaminer.com/Downloads/MacForensics.pdf Apple Safari web browser version 5 and higher started to have a new "privacy option" in a main menu, "Reset Safari". It's supposed to clean all the private data saved by the browser. Instead of that it's giving the user a false sense of privacy, because many other files survive on the computer's hard drive. Let's see, how precise is Safari when cleaning cookies Reset Safari... --> Remove all cookies. Done. But something resides in ~/Library/Safari/LocalStorage still: cd ~/Library/Safari/LocalStorage ls http_www.youtube.com_0.localstorage https_www.facebook.com_0.localstorage ... [and hunderds of others] whats inside? sqlite3 http_www.youtube.com_0.localstorage .dump BEGIN TRANSACTION; CREATE TABLE ItemTable (key TEXT UNIQUE ON CONFLICT REPLACE, value TEXT NOT NULL ON CONFLICT FAIL); INSERT INTO "ItemTable" VALUES('yt-remote-device-id','{"data":"ef1e670e-d0ff-4ac2-a4ec-ea7b1f91b6f4","expiration":1396358291019,"creation":1364822291019}'); INSERT INTO "ItemTable" VALUES('cu-done','{"data":"true","expiration":1384738700399,"creation":1382060300400}'); INSERT INTO "ItemTable" VALUES('aid::oa39bdt6ZKAF5L3hdJEbOw','{"data":{"channel":"oa39bdt6ZKAF5L3hdJEbOw","aid":"P-kM2wl4AcM","origin":"AD_VIEW"},"expiration":1383696461512,"creation":1383091661512}'); INSERT INTO "ItemTable" VALUES('aid::6E_87l8TH6Q9OwX2N1ikZA','{"data":{"channel":"6E_87l8TH6Q9OwX2N1ikZA","aid":"P6Q1Jmt-VRA","origin":"AD_VIEW"},"expiration":1383698806856,"creation":1383094006856}'); INSERT INTO "ItemTable" VALUES('aid::bounded-collectable-storage','{"data":["fehakku7t4FXozPO-UPNwQ","P7o4B-EdYBRetrs-74SvkQ","SVYixA33WdNBOX_Huv89cQ","oa39bdt6ZKAF5L3hdJEbOw","6E_87l8TH6Q9OwX2N1ikZA","MAKFkooFBHOZnbF5zim-vA"],"creation":1383097633307}'); INSERT INTO "ItemTable" VALUES('history_channel_::MAKFkooFBHOZnbF5zim-vA','{"data":"20131030:a","expiration":1383702433304,"creation":1383097633304}'); INSERT INTO "ItemTable" VALUES('aid::MAKFkooFBHOZnbF5zim-vA','{"data":{"channel":"MAKFkooFBHOZnbF5zim-vA","aid":"P9jo8l6hThA","origin":"AD_VIEW"},"expiration":1383702433307,"creation":1383097633307}'); INSERT INTO "ItemTable" VALUES('history_channel_::bounded-collectable-storage','{"data":["SVYixA33WdNBOX_Huv89cQ","Ro_cfj3eVyJFMfzLAcVUOQ","MAKFkooFBHOZnbF5zim-vA"],"creation":1383097633305}'); INSERT INTO "ItemTable" VALUES('context-PSAOXkf0-oU','{"data":"{\"clickindex\":0,\"items\":[{\"type\":\"video\",\"id\":\"PSAOXkf0-oU\",\"time\":\"1:39\",\"title\":\"\\\"The Hobbit\\\" Couch Gag from \\\"4 Regrettings and A Funeral\\\" | THE SIMPSONS | ANIMATION on FOX\",\"user\":\"Animation Domination\",\"views\":\"5,283,212 views\"},{\"type\":\"video\",\"id\":\"nIsCs9_-LP8\",\"time\":\"2:13\",\"title\":\"Emotional baby! Too cute!\",\"user\":\"Alain Leroux\",\"views\":\"20,588,479 views\"},{\"type\":\"video\",\"id\":\"Ts-DW4_aSYI\",\"time\":\"1:53\",\"title\":\"Browse the web with elinks\",\"user\":\"JWAGVideo\",\"views\":\"2,277 etc.... Another place where unknown content resides is Adobe Flash's LSO cookie cache, located at: ~/Library/Caches/Adobe/Flash Player/ // https://en.wikipedia.org/wiki/Local_shared_object The most interesting is this file: ~/Library/Caches/Metadata/Safari/History/.tracked\ filenames.plist Suspicious is especially the fact, the file is hidden (starting with a dot) and saved in 'History folder', bypassing probably "Clean Cookies.." function. Some users have met this under unknown conditions. The puropose of this file is still not well known. // http://hintsforums.macworld.com/showthread.php?t=144954 If you get it, analyze! solution: setup shell script (example): #/bin/sh echo "cleaning out safari's shit..."; # initial curiousity. # if ls "~/Library/Caches/Metadata/Safari/History/.tracked\ filenames.plist"; then echo "HOOOOORRAAAY! You won a jackpot!" read -p "Press [Enter] key to delete all, [CTRL+C] to examine..." fi # using tool srm from ports instead of rm, to wipe the files in more safe # way # if you don't have srm, use rm, but be aware that the files could be # recovered # flash is keeping it's own LSO cookies, independently srm -rsv "~/Library/Caches/Adobe/Flash Player/" # cache contains Webpage previews, for example screenshots of your webmail # account you just logged out from srm -rsv "~/Library/Caches/com.apple.Safari/" # clean them all, god will sort them out # maybe you will need a more gentle setting, i'm just rough and don't need # Safari's bookmarks srm -rsv "~/Library/Safari/" # depending on the version, you also have to wipe out this folder # for sure # explore by yourself and check for opened (using 'lsof' tool) http://hintsforums.macworld.com/showthread.php?t=144954and changed files srm -rsv "~/Library/Caches/Metadata/Safari/" # official place where cookies are stored in srm -rsv "~/Library/Cookies/" # quicktime is during the Internet usage also storing some "caches" srm -rsv "~/Library/Caches/QuickTime/downloads/" # to get another false security feeling echo "...clean!"; # go through cache files of your favourite application as well. # skype is also storing quite a lot you can run this script on regular basis by cron or by hand after finishing the work and leaving the computer for example, or on logout etc.... Safer with Safari Application quit. It's like cleaning the hands. You wash them after touching something rotten. And you clean them before touching something clean. EOF Comments requested From dan at geer.org Thu Jan 9 16:01:59 2014 From: dan at geer.org (dan at geer.org) Date: Thu, 09 Jan 2014 19:01:59 -0500 Subject: Fw: Hi, I'm from the government and I'm here to screw you In-Reply-To: Your message of "Thu, 02 Jan 2014 20:53:47 CST." Message-ID: <20140110000159.694BE2280CD@palinka.tinho.net> Brian, Would you accept the following restatement of your points? When we -- the collective we -- are dependent on something, we are at risk w.r.t. its denial. When we are at risk w.r.t. its denial, preventing that denial is a military concern. When something is a military concern, the vigor of concern is calibrated by some characterization of those actors who might participate in attempts to deny us that on which we depend. The world is increasingly interdependent, hence increasingly at risk w.r.t. denial of essential things. That growing interdependence is a network phenomenon, per se, hence instrumentation of all items in the network is a military goal, per se. For the individual whose mindset of tradeoff is "I want all the goodies this modern world provides" then with that comes said individual fully participating in the instrumentation complex. For the individual whose mindset of tradeoff is "I wish to be left alone" then with that comes said individual foregoing that increasing fraction of the modern world's goodies that cannot be gotten without instrumentation. None of us here should be unwise enough to describe what we are individually doing to decouple, but given the character of this list I rather suspect that we are each and severally describable much more as "Leave me alone" than as "He who dies with the most goodies wins." Back to you, --dan From mixmaster at remailer.privacy.at Thu Jan 9 11:10:07 2014 From: mixmaster at remailer.privacy.at (Anonymous Remailer (austria)) Date: Thu, 9 Jan 2014 20:10:07 +0100 (CET) Subject: FAKE INDIANS!!(substitute fake indian war cry) Message-ID: <8683ef4a749e608927773368fc46c17a@remailer.privacy.at> "am also cherokee for instancei"... uh huh and in an earlier mail you said: "when my people hunted buffalo in the plains" what fucking plains exist in north carolina, south carolina, georgia or alabama or florida is what I would like to fucking know... Cherokees were part of the five civilized tribes originally from those states till the "trail of tears" to the oklahoma terrotiry where the remaining surviving Cherokee, Chickasaw, Choctaw, Creek, and Seminole were placed on reservation(Indian territory). (my melungugeon/choctaw father came from same). . ALL of these tribes are southeast indian tribes for the unknowledgeable.no plains near the southeastern states. NONE of these tribes inhabited the plains with buffalo. such is a complete fiction spun out of whole cloth by what is now revealed to be a LIAR... gettin JUST like usenet I would say.. fucking fakes... if your ancestors were in fact enrolled members of one of the 5 civilized tribes... why doesnt your family name appear on either the dawes(all 5 tribes) or the baker 1924 or the baker revised roll lists at http://www.accessgenealogy.com/native/final-rolls.htm Hint for fakes.. MY family name is there on card 220X..on the dawes treaty list... where the fuck is "machet" found?(it is NOT found I checked). Did you think EVERY one you meet would simply take your claim of indian ancestry without investigation? you are living in a dreamworld white girl... get off the drugs stop fantasizing and get thee to a therapist to find out why you cant seem to tell the truth. Consider this an interventon by reality and the truth... bitch ass white fucking cunt From rysiek at hackerspace.pl Thu Jan 9 11:38:50 2014 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 09 Jan 2014 20:38:50 +0100 Subject: "Reset Safari" doesn't really clean all the cookies of Safari web browser In-Reply-To: <20140109172522.GA75251@eldar.cz> References: <20140109172522.GA75251@eldar.cz> Message-ID: <1978954.M916JVyCnL@lap> Dnia czwartek, 9 stycznia 2014 18:25:22 Klokanek pisze: > http://eldar.cz/kangaroo/binarni-sxizofrenie/apple-safari-cookies-clean.html I think that's actually the case with all the browsers. Consider: http://en.wikipedia.org/wiki/Evercookie We need to create a way to easily delete everything related to a given website, or simply everything -- be it LocalStorage, Flash cookies and whatnot. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From jamesdbell8 at yahoo.com Thu Jan 9 21:04:53 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Thu, 9 Jan 2014 21:04:53 -0800 (PST) Subject: Jacob Appelbaum in Germany In-Reply-To: References: <52C33963.1000709@echeque.com> <20140108174001.B0BFD2280B6@palinka.tinho.net> <1389208893.97348.YahooMailNeo@web141204.mail.bf1.yahoo.com> Message-ID: <1389330293.92899.YahooMailNeo@web141201.mail.bf1.yahoo.com> From: coderman To: Jim Bell On Wed, Jan 8, 2014 at 11:21 AM, Jim Bell wrote: > .... > However, those Quakers' positions may have been erroneous, based on a > misunderstanding of the relevant law.  A person may claim to be 'not guilty' > based on the fact that he wasn't there, he didn't do it, etc.  But, he may > also claim to be 'not guilty' because what he did didn't constitute a crime, > or he was justified based on extenuating circumstances, or he was trying to > prevent a bigger crime. in the US court system, is there an equivalent of jury nullification applied to a judicial ruling? that is to say: is it possible to plead guilty, but a judge acting to nullify a perceived unjust law, could find you not guilty? Yes, the concept of 'jury nullification' exists in American law.   See http://en.wikipedia.org/wiki/Fully_Informed_Jury_Association  .    Unfortunately, courts generally take the position that while jurors have the right to acquit regardless of the evidence, judges are not obliged to inform the jurors of that right.  Worse, judges usually take the position that they can order defense attorneys to not inform jurors of those jurors' rights on this subject.  See  http://en.wikipedia.org/wiki/Sparf_v._United_States A judge can also declare a defendant 'not guilty', despite a guilty verdict by a jury:  This is called "Judgment notwithstanding the verdict", abbreviated (from Latin, I believe) "j.n.o.v.".  http://en.wikipedia.org/wiki/JNOV               Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2830 bytes Desc: not available URL: From mixmaster at remailer.privacy.at Thu Jan 9 12:10:46 2014 From: mixmaster at remailer.privacy.at (Anonymous Remailer (austria)) Date: Thu, 9 Jan 2014 21:10:46 +0100 (CET) Subject: FAKE INDIANS!!(substitute fake indian war cry) Message-ID: "am also cherokee for instance"... uh huh and in an earlier mail you said: "when my people hunted buffalo in the plains" what fucking plains exist in north carolina, south carolina, georgia or alabama or florida is what I would like to fucking know... Cherokees were part of the five civilized tribes originally from those states till the "trail of tears" to the oklahoma terrotiry where the remaining surviving Cherokee, Chickasaw, Choctaw, Creek, and Seminole were placed on reservation(Indian territory). (my melungugeon/choctaw father came from same). . ALL of these tribes are southeast indian tribes for the unknowledgeable.no plains near the southeastern states. NONE of these tribes inhabited the plains with buffalo. such is a complete fiction spun out of whole cloth by what is now revealed to be a LIAR... gettin JUST like usenet I would say.. fucking fakes... if your ancestors were in fact enrolled members of one of the 5 civilized tribes... why doesnt your family name appear on either the dawes(all 5 tribes) or the baker 1924 or the baker revised roll lists at http://www.accessgenealogy.com/native/final-rolls.htm Hint for fakes.. MY family name is there on card 2201..on the dawes treaty list... where the fuck is "machet" found?(it is NOT found I checked). Did you think EVERY one you meet would simply take your claim of indian ancestry without investigation? you are living in a dreamworld white girl... get off the drugs stop fantasizing and get thee to a therapist to find out why you cant seem to tell the truth. Consider this an interventon by reality and the truth... bitch ass white fucking cunt From bill.stewart at pobox.com Thu Jan 9 21:24:29 2014 From: bill.stewart at pobox.com (Bill Stewart) Date: Thu, 09 Jan 2014 21:24:29 -0800 Subject: Jacob Appelbaum in Germany In-Reply-To: References: <52C33963.1000709@echeque.com> <20140108174001.B0BFD2280B6@palinka.tinho.net> <1389208893.97348.YahooMailNeo@web141204.mail.bf1.yahoo.com> Message-ID: <20140110052433.61F3D10F85@a-pb-sasl-quonix.pobox.com> At 05:16 PM 1/8/2014, coderman wrote: >in the US court system, is there an equivalent of jury nullification >applied to a judicial ruling? > >that is to say: is it possible to plead guilty, but a judge acting to >nullify a perceived unjust law, could find you not guilty? A judge who wanted to do that could dismiss the case instead of asking for a plea. IANAL, but I suspect that a judge who allows a case to get as far as asking the defendents how they plead isn't going to reject a guilty plea. Another way to do what the Quakers wanted to do would have been to plead "no contest" instead of guilty, but I'm sure they had deeply considered what to do beforehand. From electromagnetize at gmail.com Thu Jan 9 21:25:13 2014 From: electromagnetize at gmail.com (brian carroll) Date: Thu, 9 Jan 2014 23:25:13 -0600 Subject: Fw: Hi, I'm from the government and I'm here to screw you In-Reply-To: <20140110000159.694BE2280CD@palinka.tinho.net> References: <20140110000159.694BE2280CD@palinka.tinho.net> Message-ID: Dan, thanks for the challenge. here is my feedback... wrote: > Would you accept the following restatement of your points? > i think this approach is very interesting, first off. it provides a perspective or different view into the framework of issues; my understanding and awareness of these as universals is extremely limited by lack of experience and understanding, and i thus immediately a boundary presents itself involving being able to take such a view, because of the complexity that is not sorted out within the various terms as they may split, one or many ways, into very different interpretations or even realities. i tend to think that this top-most view is subsequential to figuring out such contradictory dynamics though as a hypothesis or starting point it presents the idea of modeling the situation in these terms and given parameters, which is interesting to me because it is a view i do not readily consider and yet it also is a series of recurrent questioning oftentimes encountered as if a boundary or enigma, how is this situation constructed, how can others exist within such seemingly different frameworks yet share similar values, etc so, my sense is that -as a perspective- it is one view into this situation, which i think could be called a [model] of the stated dynamics, and people or machines existing within whatever this model contains could have different views of or into the various structures it contains, perhaps some are similar or different, shared or unshared structures yet in their truth there is universality within the modeling itself so the idea of establishing an accurate model via concepts, trying to hypothesize and capture this situation within some approximate then refined structure, ~categories, though also questioning this as a paradigm that may actually break away from known or accounted for history or challenge conceptions, perhaps most in an integrated interdisciplinary view woven of the many dimensions and dynamics as they overlap, begin to take on shape of a larger whole. and to do this, within a condition of paradox, then requires more than the prevailing and instituted binary view (2-value) in a relativistic context. thus to get at and access and 'model' [concepts], such as the various structures and links and relations and dynamics, then requires an increased diagnostic capacity able to adjust and account for individual and group views, that may begin in specificity or observations of finite observers, where bounded observations also -because of language and communication- have inherent bias, warping, skew, distortion built-into this process of exchanging ideas, information, viewpoints. thus issues of différance (0) a la de|con-struction of linguistics and other methodologies, which i propose include 3-value and N-value logic to address this issue of paradox and in this way, also establish a common empirical framework in which various views can be resolved, error-corrected via many observations of an event, in parallel, (this, panoptic) so a question pre-exists about how could such a viewpoint be established in a common frame of reference, a 'world' that is shared, even while people are separated, isolated, and perhaps exist in chaos, decoherence at every level with very few shared links or nodes in common, such that _language and _communication may not account for what is actually shared versus what is represented; like the disconnected between one-way mass media and viewers and readership which are fed a propaganda diet which becomes normalized as a viewpoint, this sustained by institutions and culture at large, including educational programs from K-12-PhD -- while also a false perspective in that the inaccurate 'shared view' held in common then is based in a distortion feeding energy into some process by its adherence, allowing the machine and people to be defined in such terms as a basis for existence, relations; even though it is hostile, against life, truth, principles, etc and so to realize and recognize this 'shared view' is false, in some fundamental way, then maps back to its structures which sustain it- and these indicate the underlying [model] itself is false in some significant and profound way yet it is also not being accounted for, and instead ignored, as if a non-issue and people are stupid and just supposed to obey their rulers, go along because it benefits those at the top of the machinery which it is killing and crushing those below thus it is necessary to consider there are different positions within the existing model, viewpoints, that may access the truth contained or embedded within it, in its accuracy and depth, perhaps hidden to many people who may never be able to escape the illusion and delusion due to brainwashing of media, and conversation and language as standardized as it relates to indoctrination into a belief system where certain ideological dogma is rewarded, and helps people to survive, as if this then defines 'fitness' within those warped terms and yet what i was trying to contribute to establishing, as others including yourself, is another modeling of events that more accurately describes 'lived reality' from within this state, and yet immediately a limit or barrier exists that divides such viewpoints - for others it may not be equated with living or with reality, it could be a simulation and they could be avatars for instance, in a given view of what is going on, and another view could equate the situation with being in a [movie], and thus an inherent and massive complexity exists where any 'universal viewpoint' is most likely not shared by default, of a given first person model of events applicable to the shared set of humans and instead any such structure must be able to account for, say in the mysterious dimensions, time-travel, aliens, or other dimensions and dynamics that may not fit the a priori 'history' that is the default view as projected by mass media as shared condition or common narrative. it may be in part true, yet not wholly accurate to account for the range of what is occurring nor the depth and breadth (scale) of what the issues involve, and the kinds of considerations that may exist within issues of identity, relations, awareness, knowledge, consciousness, exchange, organization, value, politics, governance, war, etc in that, perhaps historical modeling is significantly off-course in how the past and present-day situation exist and thus how they are represented via words, language, imagery, textbooks, video, radio-- in that 'the perspectives' may be warped or may be too limited, say only to views of private man, universalized, as if the common framework in its subjectivity, finitism, though ignoring this, such that it is beyond questioning or debate at the level of ideas (in terms of actual logical reasoning needed to refute or falsify wrong or errored views and beliefs) and thus a disconnect from 'shared reality' may occur via this relativism, which becomes peoples right, as 'independent individuals', to include any citizen who then can move through the world in terms of selfish genetics as these scale to demographics or private groups with shared self-interest, as the default model of the shared-yet-divided state, the ideology shared yet only benefiting fewer and fewer over time, as the state collapses in upon itself, having no realistic foundation across citizenry in terms of shared value, beyond that of lottery winners of $ either by class or station, circumstance or rigged privilege problem with this is an older generation had success in the false model, prior to collapse. that must have been the game, because their success was at the cost of everyone afterward, yet they view themselves superior, as if people are lazy and not interested in working, etc. 'if i was a teenager today...' thing is: when they went to school, you could still learn and be taught things. in these days, 'truth' has been removed from the education system, there is instead helplessness that is institutionalized, unless you are lucky enough to break free or break into the technology industry and have enough basic support to do, then a viable life path exists- otherwise traditional modes are failures, unless vocational though that also oftentimes is not testing the limits of how things are functioning, and exists within given parameters to some extent, versus a university model of the past that sought to develop these models and test and question them and rewarded scholars and thinkers for this pursuit instead of trying to ruin them and fail them and keep them outside, out of the feedback loop, because it benefits the machine and its tenders the most, the given technocratic governing based on machine-values, people as only behavioral-trained robots via submission and-or psychiatric and "illegal" drugs so, any given issue like [work] or [school] as a perspective is likely unshared because it does not parse the same across generations, and oftentimes an older constituency of the state, those most privileged and served by the existing corruption, seem to think their views superior and more knowing of the conditions and accurate - instead of out of touch and out of date, nostalgic and unreal to others existing in very different circumstances and parameters and dynamics, generations upon generations subsidized by handouts from the retired- class, who have all the money not inside billionaires coffers a level of unrealistic luxury exists that is subsidized by this oppression of the state over entire populations to support and sustain that illusion -- yet some of that ilk _believe that their success is due to their hard work, entrepreneurial savvy and not from advantages of structural injustice, exploitation of others, crooked operations as it were, in the day to day. instead, they are superior, the false supermen, propped up in this narcissistic illusion where they are the standard and ideal, not relating or accounting for the wasteland created so they could have all the goodies and then gloat about it in terms of caesars -by the millions- villas everywhere with lavish accoutrements, and yet none of them leaders either in this expanded domain. instead, followers of the zeitgeist within the given parameters, not questioning beyond those self-interested and defining conditions allowing this 'being', the civilization of war and ruin driven by their selfish desire in that it is not questioned, instead becoming ideological, the rule and the measurement by which others are judged and this equates with money as ultimate, absolute truth, that level of materialism then believed as if UTOPIA for the friction-free set who take on these machine values and succeed within those parameters, highly aligned w/ institutions, science and technology, professions, and the given 'economic' system as a social and political agenda (questions of its grounding or in-depth analysis of views of this, not delved into to retain ongoing sketch of relations..) so there are many who 'succeed' in this system, many of whom are 'types', such as [hackers] or [cryptologists] who may either work for businesses built-by such ideologues or partake in relations in and across the various frameworks. and yet again this is split, just because employed or in a subset relation within these structures, say directly inside ~technocratic management of automated state machinery, does not necessarily align with values or self-governing yet in some cases it does: money-money as major world axis, as it supposedly grounds into a localized fiction as if reality for others, [hackers] and [cryptologists], this state condition is dystopia, an inversion of the ideal, opposite the goal and a condition of cognitive dissonance, by a variety of means and measures- whether drug culture versus traditional values or the problems of thinking, where supplanting 'programmer- concepts' onto populations is a dangerous judgement made and foolish if not considering and accounting for implications of treating humans as binary bits, leaving out the anomalies (this a diseased view of scientific ideology as if pure religion) any category that exists, any concept within the model has differing dynamics and exists in differing contexts that then influence what is observed, related, exchanged; in this way, like the archetype, some symbolic calculus could occur or be performed that, if not accurately taking into account the differentiation or specificity (additional or unique dimensions) could then arrive at the wrong sums or viewpoints in turn a classic western example of the Church being [angels]... if someone starts to convey perceptions about 'angels' that could indicate a range of interpretations in the given category or set. such that: angels(good,bad). further, some accounts of angels have 'bad angels' as ultimately serving good and likely 'good angels' who fail to do so, so even that next level of structure is still ambiguous in terms of definite meaning 'angels' (good{good,evil}, bad{good,evil}) likewise with hackers, or cryptographers, etc. and thus this sets up a condition that in non-religious terms may reflect a certain complexity of stated versus unstated values as it may relate to how relations or exchange exists, given the context an entity exists within, how they are situated, operating in it in other words, ---deep---in---technocracy--- there are people who value 'money' and others who value 'truth' as their basis for governance and rule, of self and in relation with others the issue of dual-hats is thus contextualized within this, as it may relate in these parameters yet not be recognized via language or communication -openly-, outside an encrypted form of communication, due to secrecy, limits or thresholds that format behavior, relations, 'the common viewpoint', as it is standardized, becomes social, political, society at scale people alone, isolated, in their unlike and unrelated identity that may remain hidden, even persecuted if not following the ideological framework, even if 'alternative' or rebels or whatnot; there is basically no outside to this condition, unless somehow you dig yourself into such a strange isolated scenario that the lack of capacity to describe or account for it is a boundary for others accurate perceptions or accounting, if not as stealth; in that it cannot compute, exists beyond categories, etc the great thing about isolation and individuals who are human and live for truth, achieving grounding with all that is, cosmic circuit as consciousness, is that as with the noosphere or atmosphere of ideas, a person can be alone and still tap into this larger truth, its dimensions beyond local constraints and limits of relations of those surrounding. unlike having no money, a person cannot then enjoy the riches of money. or perhaps more accurately, whatever truth a person accesses then can be linked to a larger interconnected realm, this richness then opening up as awareness, unfolding as new consciousness which is shared by those of the past, present, future, even and especially with nature as this open-book, if finding keys to unlock various chapters, categories, concepts, dimensions so a person could exist in an organization amongst others yet their 'shared condition' could be split between [money|truth] as the parameter of value, say at the material level of work and of pursuits and life goals. and what results could then be thought about and evaluated in these terms, perhaps a range of them; the necessity & utility of money balanced by/weighed against truth and moral and ethical principles and guidelines, direction. so the simplest thing like a person having a job or career as it translates as categorical [work] then is loaded with potentials, as to how this situation grounds, into the larger empirical truth and-or into the surrounding falsity and its 'shared perspective'; noting that this 'sharing' could be at the group level or rely on a case-by-case basis, or unshared in certain dimensions, etc thus, a model, people as observers, context in which views are established, and relations, as it relates with core value it is impossibly difficult to generalize this at the top-level as this 'shared condition' is without accurate foundation, in that each _structure or concept is itself split to multiple levels & interconnected with others in ecological, nonlinear dynamics that may be as unique as N-dimensional fingerprints for each view, and then as differing or shared views relate, this further difference and connection, coherence and alignment and-or else decoherence and misalignment or detachment, isolation if considering humans may have innate capacity for modeling such empirical truth as 'shared consciousness' by default, it then could be questioned if human relations are based within a framework of quantum dynamics, where information flits in and out of various paired or entangled patterns, recognized or fragmentary constructs awaiting corresponding puzzle piece, and thus this 'reality' is computational as logical reasoning, awareness related to grounding circuits, energy/matter/truth as mentioned previously, then, a concept such as 'the military' could be split as a category and may map differently for some people than others, based on values, relations, circumstance and it seems in the superficial materialistic view that drives this madness that what is represented as [military] equates with a representation or model aligned with the values of money above all else, serving the ideology and its greed, as if the military is a toy moved around on a gameboard, even while immense suffering is involved, death, torture, all of this ignored for the lifestyle it affords, power it allows thus, it is as if there is a fantasy going on, an ideological entity called 'the military' that for some is icon of patriotism and mediated this way, as with those out-of-touch, such that it seems as if it is a movie set that events take place within, as if a CAVE simulation that is modeling devolved society, and then having avatars enter into events as mimics or actors that are also detached from 'the situation on the ground' that exists, that coldness that is machine-like if not unthinking, the brute force approach then equating violence with truth, the more powerful then defining or determining what is real at the same time not allowing this analysis to take place within civilization in terms of logic, only shared faith, belief that then becomes and is private, faith-based 'government' i imagine you and i and others relate to a different [military] that orients itself in terms of truth-- that this is its mission. and that observation alone reframes historical dynamics in a geopolitical framework, the cold war instantly remapped, and things begin to make more sense in these parameters so how could more than one [military] exist? it could be an issue of perspective, seeing something from different angles or it could involve more than this. a different military exists within different parameters, though may not be related to as such. this is to then consider, for instance, how this situation could be planned for millennia in advance, to include creating a power vacuum filled by impersonators with a hostile agenda, whereby territory or categories are ceded in order to establish an illusory perspective at scale this is the same situation as citizens, whereby any given [citizen] could be friend or foe, worldwide, in human terms. the truth is more involved than the category alone, and thus [human citizen] who aligns with truth, in shared framework is a different citizen than [antihuman] aligned with money so upon further reflection after writing and then rereading my recent previous views, it was realized this issue gets right at the heart of empirically modeling the conundrum; that this division or split between money and truth is some way of approximating a condition that is also perceptible or felt in daily and lived experience with regard to existing and immense 'categories' in conflict, such as capital, capitalism, communism, socialism, democracy, and so on. the thing is, these ideas or concepts are being mediated within language by default, not within logic beyond skewed binary viewpoints as a basis for communication and relations via language. in this way, the way they parse as 'data' is very different given what perspective an observer has- ie. where they ground.. for instance, 'capital' is a very different idea if modeled in terms of its being money, than in terms of its being truth. and thus [capital] as it is represented, mediated, related to by self and others could split based on how it is evaluated, perceived or parsed, in its money-as-truth approach, or in shared truth as a basis for money, allowing trade, exchange. the latter approach tends towards shared morals and ethics, the former towards greed and selfishness, disregard of others thus, [capitalism] where 'truth' has no value would tend then to have money be this truth, by standing in for it as the most tangible material representation, an icon even of value itself. that would be one version or interpretation, another approach to [capitalism] could value 'ideas' and 'concepts' in their truth, which then is the basis for money, trade, exchange, planning and development. where competition and cooperation ground to different circuits than money as the highest shared value "culture" in these differing approaches would likely be entirely different. the money-based approach superficial, about quick and ever-increasing profit (as morality, ethics, 'the good', etc) whereas in a truth-based culture, ~representation would have depth, connecting and situating the present within the centuries and gain value from this structural relation, refinement, sharing of principles and awareness as integral process of development; in this way, truth and virtue would be discerned within aesthetics, insight and education and learning would be cherished, and the pursuit of higher goals, principles, and ideals the common fabric [democracy] likewise splits the state along these similar lines, in which money and politics establish ungrounded relations with the communication of media and those people 'representing' us, becoming a form of detachment, isolation, division, confusion in that what is said is not what is done, what is believed is a lie. whereas if it is based in truth, another layer could co-exist that servers beyond parameters of politics and money, involving the subtleness and nuance of governance with truth at its core, as an encrypted channel that those of others value may never see nor identify nor relate to or through, this boundary unshared by 'citizens', in this difference, a pretext for civil war, for both sides; those who conform and those who do not fit in, based on values [religion] could be parsed in this money/truth context yet it is likely self-evident, the superficial versus indepth commitment to truth, as institutions and representers may be corrupted or fail or serve other beliefs - though at its core, an issue of faith and belief -- in truth, or in money as this ultimate truth, which side are you on, who do you serve, what principles, etc. (the point here being that [institutions] can become faith-based, once based on unfettered truth then falling to money as truth, via corruption of ideas, organization, relations, via ideology) [socialism] also, aligned with money or aligned with truth. and this is one of those scenarios where it is oftentimes a layer in another category- say: religion(socialism) as this parses different if truth of ideas are of value, the basis for human relations, or money determines, formats this firstly; it could co-exist or likely the materialistic money-based view could govern over the other hidden belief in truth as the basis and evaluation of these concepts in their social, economic, or governing parameters. this is the complexity likewise [communism]. say firmly situated in technocratic embrace, both as idea and ideology. in some forms it may be a method of political engineering, say shipping broken items or sabotaging processes, censoring views which is a repeated technique for managing and maintaining control. this could not just involve 'ideas' of doing these things, the goal could be to deprive others not based on greater truth and instead, on power over it, to define what is true as a result of controlling what can and cannot happen, thus the issue of freedom and bureaucracy making the decisions. it would seem at some point this extreme material view aligns perfectly with political opposition and subversion, and ultimately has its truth rendered as money as the highest shared value, in that 'the group' benefits in such monetary terms by their tactics against the opposition, to maintain a given relation via control of parameters and that deep within this is a historical viewpoint functioning as dogma, a belief system based on indoctrination that cannot be questioned in its rightness beyond a particular juncture and thus is 'closed' as a system of questioning, insofar as its economics, politics, relations are already figured out in advance, leading to oligarchy seemingly of controlling and ruling class of upper-level bureaucrats in this way 'commercial communism' and 'corporate democracy' as definers of existing dynamics moreso than any terms of alone. the ideology of "economics" as religion, the dollar as icon of 'shared value' minus the morality and ethics of "In God We Trust" then the compact between producer and consumer, or exploiter and exploited in many relations without 'shared identity' in the same subset, nor similar value as basis for relation and exchange. in this way, shipping of broken goods to those not in the shared set, these politics, while taking the money is an approach shared also by the corrupt capitalist approach-- they are virtually identical, when considered in terms of politics and money, they have the same purpose, this worldly immediate materialism that perfectly aligns with short-term politics and money as if parsing everything in terms of money as ultimate value is morality, and if it is shared by a given group it is good, or if it is not, it is threatening, must be stopped academia is very much under control of this spell, as 'ideas' themselves are forced out, censored, to maintain control over organization and management of resources, the path or assemblyline of culture and its development, as if thinking is bad for factory workers, an evil trait today in fact, it would seem all education suffers from ideology that aligns with this materialistic bias of a too-simple viewpoint, unable to be corrected- because it is religion minus its truth, instead, pure greed and nothingness is at the core, an absence, void, emptiness, non-being as if enlightened, transcendent, instead of devoid, detached, disconnected, disembodied, dumbed-down, destroyed in the past, the ideas of communism in their truth were able to be valued. there is something here that is worth considering and needs to be recognized. note also the role of philosophy in recognizing this form of governance and also religion, carrying on these structures within the various relevant parameters -- in their truth. as they are subverted or corrupt, falling again to money and politics, the great divide of culture, peoples, civilization, both its internal and external fracturing, false pangea to NWO When we -- the collective we -- are dependent on something, we are > at risk w.r.t. its denial. When we are at risk w.r.t. its denial, > preventing that denial is a military concern. When something is a > military concern, the vigor of concern is calibrated by some > characterization of [those/actors] who might participate in attempts > to deny us that on which we depend. > i believe [human] as category can encompass all variations in their truth, as a 'we' if this truth is accounted for. if in a simulation or partial-simulation in a parallel-reality being engineered or modeled in suspended- and real-time, some may be interacting in a 'movie' context, as actors or avatars, and others may know only this as their life, as citizens. though i tend to think this 'big split' exists so that there is a bifurcated [model] of everything proposed here. i would then say- yes, i think it is truth that is opposed, denied. as it is bigger than issues of capitalism, democracy, socialism, yet is embedded in these. the view of governance should allow the truth of these dynamics, their dimensions to co-exist in their relational structures, whereas politics and ideology can disallow it. thus calibration is incredibly difficult and mainly an issue of belief, if not grounded beyond language and communication of signage, that is, within logic, to parse concepts and programming in their relational code - evaluated in terms of truth, logical reasoning that addresses and neutralizes binary biasing (evil faith which is what supports and aligns with money as sacrament in church of state) not being able to account for this- while having everything defined in terms of 'economics' by priesthood with business philosophy ?! what humans require is truth, this is necessary to attain accurate relation with self, others, modeling of situation, communications, foundation for civilization and culture, basis for awareness, reality in this way, loss of truth, reality has been stolen, false viewpoint persists, defended by corrupt institutions politically managed The world is increasingly interdependent, hence increasingly at > risk w.r.t. denial of essential things. That growing interdependence > is a network phenomenon, per se, hence instrumentation of all items > in the network is a military goal, per se. > people(humans,antihumans) exist within a machine state managed in terms of technocracy, aligned both with money and truth as value. hackers, cryptographers, others, situated in these daily frameworks, relating or not within specific dimensions. what is essential varies. money (humans,antihumans,hackers,cryptographers) truth (humans,antihumans,hackers,cryptographers) relation between person and military (money|truth) likewise variable, what military, what network, what is instrumental -as dimension- interdependence is a shared set condition, can be nested, though in terms of grounded circuit, what appears relational may not be how it actually functions in truth, such that if parameters shift or framework changes, a different circuit could appear or co-exist and become operational. what is instrumentalized may be latent or non-operational, potential, like Heideggers 'standing reserve' wonderful books by Paul Shepheard, view conveyed either in What is Architecture? or The Cultivated Wilderness (1) about the military and natural and built if not virtual environment as related to observing, taking notice of what surrounds a person tactics, operations, strategy, delineated/described as concepts it is a difficult realm to communicate within unless others able to situate themselves in these parameters, perhaps inherent in the infrastructure as war model, war machine, fortress, defensive and offensive, preparing the battlefield, etc. i do not have direct knowledge or experience with these parameters, yet as ideas in their truth, they also seem pertinent in accounting for strange and anomalous characteristics that prevail as 'the status quo', perhaps the only way to make sense of the ongoing madness (in its truth, versus represented and believed normal and okay) the issue of interdependence seems miniscule from where i am whereas others are highly-connected, benefit from shared set dynamics and truth that is active, informs shared direction from this perspective in what is proposed as a 'shared model' there is a limit to what can be communicated or related to or through in terms of ideas, based on previous established and- or institutionalized consensus, that becomes a barrier to what can be shared or communicated about due to 'unshared views', experiences or beliefs that map differently, given relativism, narrowed evaluation, and bias including power-based relations instead of: signal <---> signal (signal) NOISE <---> NOISE (signal) that initial protocol and handshake usually mismatched from the very start within [category] relations and between various category-category dynamics and relations, such that the need for interdisciplinary mesh-reality cannot be established within a ruling context of authoritative relativistic truth (based on money as shared framework for legitimacy, versus analysis of ideas), in that economics often determines value and this precedes questioning of ideas beyond that initial boundary, like a stamp at the gate, PASS or FAIL, and most everything fails because grounded reasoning and logic is gone from this evaluation, in that 'binary bias' and ideology manage this interconnectivity it is thus always a fight, to share ideas, to gain access, as ideas are secondary to money as truth, to what manages the 'shared set' and its reality. perhaps a fragile situation and tentative balance, yet it is total weakness and failure of principles of democracy, freedom of ideas, expression, communication, ideals of debate, sharing of viewpoints in terms of a public commons- everything privatized in this narrowed interpersonal collegial framework of privileges & status that then define the atmosphere as an authority- based power-structure, where truth is voted on, consensus. utterly confusing to those not integrated with institutions, to see this compromise of reasoning to a lesser state of relation, managerial, ubiquitous across the internet today it is not to presume there may not be different dynamics than this, yet to 'communicate about truth' or share ideas beyond the known boundary appears to be a serious issue of personal security that limits what can occur at the group scale, as any individual could become gatekeeper or allow such gatekeeping, though email lists themselves basically have died in a larger realm of ideas and thinking, now it is social media where each person has PASS/FAIL stamp as interface to individual reality, constructing own view or relativistic perspective, perhaps largely ungrounded beyond the narrow criteria evaluated, perhaps leaving out other views that could challenge beliefs, etc. 'interdependence' in that context is quite different, the isolation or relations may not ever reach the ideas in their truth, beyond chit-chat, (thus 'Are We Amusing Ourselves to Death'? etc). it suggests there is an absence of 'truth' within communications, that it is very minimal, such that it may maintain connection yet is not involved in significant transfer of ideas or truth at the scale and complexity of the situation that exists and must be mediated, and instead it seems escapist, a fantasyland or pre-school for adults, to fuck around with seeming no consequence while others lives are absolutely brutal for taking it on and suffering alone or being taken out while others 'in group' continue doing the same. the issue of 'trying to have a conversation' is instantly met with censorship, by people themselves because it goes over their own protected viewpoints & must be controlled through distancing, filters, limitations versus - i don't know- questioning beliefs, being fallible, correcting known errors, improving modeling, observation this risk averseness then is extremely relevant to limits to sharing ideas that do not fit into the ruling ideology, because it may harm someone else economic interests and oftentimes these are people are otherwise interesting yet cannot deal with ideas, cannot handle views that go beyond their own framework. and it is crippling, and it is the basis for a conceit that people believe they know more than they actually do, and yet then cannot engage what is going on because it is over their head, own models thus communication, relation, shared views are stopped to some degree it is understandable. though at a certain point it is not acceptable to remove personal responsibility from the equation of 'societal relations' and assume that following is always going to be an option or allowed, for those that cannot think for themselves beyond sharing of beliefs that are not understood or observed in their truth (in this way, ignorance can be evil, and it is institutionalized) so this as an attempt to convey, military dimensions in their truth is a subset condition or relation few seem cognizant of and operate and evaluate in other terms, oftentimes appearing very shallow and in service to wrong values, if through ignorance. i think mass surveillance in society is such a case, where the ideology says only 'few' by default are legitimate targets when this is not the situation on the ground, though it serves the self interest of a naive and privileged set that benefit most from it, who are politically passive and benefiting from the status quo perhaps most, by following the ruling paradigm, operating within the jetstream of culture, then pronouncing morality, ethics, and culture from this position as if of higher virtue even, while taken in the more accurate context it is against security interests for any thinking person who is not bullshitting themselves in the mirror every day to maintain a false-perspective and relations, that is, things just aren't that fucking easy. they never were in the realm that things get done on the scale off civilization For the individual whose mindset of tradeoff is "I want all the > goodies this modern world provides" then with that comes said > individual fully participating in the instrumentation complex. > For the individual whose mindset of tradeoff is "I wish to be left > alone" then with that comes said individual foregoing that increasing > fraction of the modern world's goodies that cannot be gotten without > instrumentation. > makes sense, well put, it is hard to understand the different circuits and parameters others must mediate the larger shared situation within, i go by my heart oftentimes, though routinely am challenged to think another who has such insight and values truth could perhaps serve a false order than what is allowed in the shared empirical model, because it seems that is what life is about, gaining and securing that access and then beginning to live, after making it through this struggle that this is not a condition of life, that this is hell, this is the world as cemetery and prison, freedom is often not even recognizable in the day to day, when parsed at a fundamental level of relations, identity, culture, the state, etc. the description of hoarding toys is also indicator of that layer of ideology as institutionalized authority and ethos of 'businessmen' as if supermen, again. to mention that the idea of [man] as shared set is largely fictional in the present day in that [man] maps to all of these corruptions, even public man who is rationalizing events in terms of his manness, particular man-story in the epic swindle of mankind as substitute/representer for humanity i think manhood is a 1950s concept that becomes a conceit for mimics and subverts relations between people and with women, and thus 'human male' or 'human female' or 'human wo|man' then is part of this identity issue, as it relates to shared sets (human) versus unshared. in that those who gloat are also 'men' who were at the sweet-spot of this exploitation and further collapse, they are in the best position to manage, and this shared private identity of 'man' and 'men' is part of the dogma, including internal-sexuality (men-men) as a basis for defining the public, without females even yet to mention such things goes against instituted law - based on a flawed constitution - that then upholds these views as privileged and allows the exploitation to be further structuralized, continued thus limit to relations can even be within a gender-category, that as a human male i think most of these "super-men" are full of shit and this has not been accounted for beyond the rigged portrayals None of us here should be unwise enough to describe what we are > individually doing to decouple, but given the character of this > list I rather suspect that we are each and severally describable > much more as "Leave me alone" than as "He who dies with the most > goodies wins." > again, another critically important concept: the short circuit. breaking the false connections and allowing rewiring of self, with others, breaking group dynamics then reestablishing other relations based on shared dimensions, dynamics, based in truth and not serving the regime of pseudo-truth that seeks to manages or keep truth away, out of central or shared processing, scalability there is ubiquitous censorship. it seems to begin in closing of minds. Back to you, > > --dan > // funny as hell. thanks for the laugh. (0) Différance http://en.wikipedia.org/wiki/Diff%C3%A9rance (1) books by Paul Shepheard http://www.paulshepheard.com/books/195/what-is-architecture note: science and thus technocracy based on limited pseudo-truth (pT) vs (T) is how it is corrupted, turns into ideology, gains political power, not accounting for this allows an immoral priesthood to govern over us and develop and extend onesided policies aligned with machine-values where money is the objective, the determiner of ~reality, 'shared goals' note: more money does not necessarily correlate with greater truth, yet this is often the conceit of those with more money, status, power and how ideas can be shut down based on position within society as if it corresponds with greater knowing, versus other driving principles; perhaps this is why people cannot think for themselves as truth has no value in this scheme, financial punishment following if unfavored; thus forced obedience,obeyance of power over truth as if truth itself, as this cascades through individual, group, society, state relations [20.02] (8) 4Q#1!80e3Hk;&jV'7-2iZeE8qs:q97w (6) [3/4] -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 51748 bytes Desc: not available URL: From gwen at cypherpunks.to Fri Jan 10 04:13:29 2014 From: gwen at cypherpunks.to (gwen hastings) Date: Fri, 10 Jan 2014 04:13:29 -0800 Subject: Pretty Curved Privacy.. ECC Curve p25519 util(Bernstein approved curve) Message-ID: <52CFE3E9.5040400@cypherpunks.to> >From the README... DESCRIPTION Pretty Curved Privacy (pcp1) is a commandline utility which can be used to encrypt files. pcp1 uses eliptc curve cryptography for encryption (CURVE25519 by Dan J. Bernstein). While CURVE25519 is no worldwide accepted standard it hasn't been compromised by the NSA - which might be better, depending on your point of view. Caution: since CURVE25519 is no accepted standard, pcp1 has to be considered as experimental software. In fact, I wrote it just to learn about the curve and see how it works. Beside some differences it works like GNUPG. So, if you already know how to use gpg, you'll feel almost home. QUICKSTART Lets say, Alicia and Bobby want to exchange encrypted messages. Here's what the've got to do. First, both have create a secret key: Alicia Bobby pcp1 -k pcp1 -k After entering their name, email address and a passphrase to protect the key, it will be stored in their vault file (by default ~/.pcpvault). Now, both of them have to export the public key, which has to be imported by the other one. With pcp you can export the public part of your primary key, but the better solution is to export a derived public key especially for the recipient: Alicia Bobby pcp1 -p -r Bobby -O alicia.pub pcp1 -p -r Alicia -O bobby.pub They've to exchange the public key somehow (which is not my problem at the moment, use ssh, encrypted mail, whatever). Once exchanged, they have to import it: Alicia Bobby pcp1 -P -I bobby.pub pcp1 -P -I alicia.pub They will see a response as this when done: key 0x29A323A2C295D391 added to .pcpvault. Now, Alicia finally writes the secret message, encrypts it and sends it to Bobby, who in turn decrypts it: Alicia Bobby echo "Love you, honey" > letter pcp1 -e -i 0x29A323A2C295D391 -I letter -O letter.z85 cat letter.z85 | mail bobby at foo.bar pcp1 -d -I letter.z85 | less And that's it. Please note the big difference to GPG though: both Alicia AND Bobby have to enter the passphrase for their secret key! That's the way CURVE25519 works: you encrypt a message using your secret key and the recipients public key and the recipient does the opposite, he uses his secret key and your public key to actually decrypt the message. Oh - and if you're wondering why I named them Alicia and Bobby: I was just sick of Alice and Bob. We're running NSA-free, so we're using other sample names as well. INSTALLATION There are currently no packages available, so pcp has to be compiled from source. Follow these steps: First, you will need libsodium: git clone git://github.com/jedisct1/libsodium.git cd libsodium ./autogen.sh ./configure && make check sudo make install sudo ldconfig cd .. Next, pcp: git clone git://github.com/tlinden/pcp.git cd pcp ./configure sudo make install cd .. Optionally, you might run the unit tests: make test DOCUMENTATION To learn how to use pcp, read the manpage: man pcp1 7. Licensed under the GNU GENERAL PUBLIC LICENSE version 3. HOME The homepage of Pretty Curved Privacy can be found on http://www.daemon.de/PrettyCurvedPrivacy. The source is on Github: https://github.com/TLINDEN/pcp -- Tentacle #99 ecc public key curve p25519(pcp 0.15) 1l0$WoM5C8z=yeZG7?$]f^Uu8.g>4rf#t^6mfW9(rr910 Governments are instituted among men, deriving their just powers from the consent of the governed, that whenever any form of government becomes destructive of these ends, it is the right of the people to alter or abolish it, and to institute new government, laying its foundation on such principles, and organizing its powers in such form, as to them shall seem most likely to effect their safety and happiness.’ https://github.com/TLINDEN/pcp.git to get pcp(curve25519 cli) From gwen at cypherpunks.to Fri Jan 10 04:49:43 2014 From: gwen at cypherpunks.to (gwen hastings) Date: Fri, 10 Jan 2014 04:49:43 -0800 Subject: Curve p25519 Replacements for GnuPG?(x2 now) Re: Pretty Curved Privacy.. ECC Curve p25519 util(Bernstein approved curve) In-Reply-To: <20140110122133.GG7008@ctrlc.hu> References: <52CFE3E9.5040400@cypherpunks.to> <20140110122133.GG7008@ctrlc.hu> Message-ID: <52CFEC67.9090706@cypherpunks.to> Thanks Stef!! Great we have another alternative for those that prefer curve p25519 implementations in python. And for now I will be testing pcp as I prefer conventionally compiled and linked code for crypto I use in C/C++. I will have to see about static linking for pcp :) More Contenders for curve 25519 replacements to gnupg and openpgp crypto? All the best and Thanx for making us aware of PBP GH ps can you see about compatibility testing PBP with enigmail/thunderbird? On 1/10/14 4:21 AM, stef wrote: > On Fri, Jan 10, 2014 at 04:13:29AM -0800, gwen hastings wrote: >> From the README... >> >> DESCRIPTION >> >> Pretty Curved Privacy (pcp1) is a commandline utility which can be used >> to encrypt files. pcp1 uses eliptc curve cryptography for encryption >> (CURVE25519 by Dan J. Bernstein). While CURVE25519 is no worldwide >> accepted standard it hasn't been compromised by the NSA - which might be >> better, depending on your point of view. > > sounds like my pbp: > https://github.com/stef/pbp > except with a 'c' and less features, from the readme: > > v0.2 - experimental > > PBP[0] is a simple python wrapper and a command line interface around > libsodium, to provide basic functionality resembling PGP. It uses > scrypt for a KDF and a much simpler packet format, which should be > much harder to fingerprint, pbp also provides an experimental forward > secrecy mode and a multi-party DH mode. > > Installation > > pip install pbp > > you possibly need to run (or an equivalent command) sudo apt-get install git > python-virtualenv gcc python-dev libffi-dev to satisfy all basic dependencies. > > Design goals: > > 1. use modern crypto > 2. provide similar functionality to PGP > 3. be extensible > 4. difficult to identify based on fingerprinting > 5. provide extensive testing > 6. strive for security > > Crypto > > Cryptographic primitives are based on the NaCl library from > http://nacl.cr.yp.to. The KDF used is scrypt. > > PGP-like > > Provides basic public key encrypt/decrypt, sign/verify and secret key > encrypt/decrypt modes, as well as the ability to sign, verify, list, > generate, export and import keys. > > Extensibility > > using pbp and the underlying pysodium[1] library it's easy to extend > pbp. Some examples are the experimental forward secrecy mode (see > description in docs/chaining-dh.txt), the support for ECDH key > exchanges from the command-line and generation of arbitrarily large > random byte streams. > > [1] https://github.com/stef/pysodium also available on > https://pypi.python.org/pypi/pysodium > > Fingerprinting > > pbp tries to avoid to store any sensitive plaintext info, the > encrypted files all should look like random noise. for a description > of the packet formats see docs/fileformats.txt. > > Testing > > All py files come with their internal tests, unit tests are in > tests.py, and commandline functionality is tested in test.sh. > > Security > > pbp locks the process memory, so it cannot be swapped to disk. Also > pbp uses SecureString[2] to overwrite sensitive key material after > usage in memory, so keys have a short window of opportunity to leak. > > [2] https://github.com/dnet/pysecstr > > Usage > > Generate a key > > pbp -g -n alice > > sending howdy.txt using public key encryption from alice to bob > > pbp -c -S alice -r bob -i howdy.txt > > decrypt an encrypted file using public key crypto > > pbp -d -S bob -i howdy.txt.pbp > > sending howdy.txt using secret key encryption > > pbp -c -i howdy.txt > > decrypt an encrypted file using secret key crypto > > pbp -d -i howdy.txt.pbp > > sign howdy.txt > > pbp -s -S alice -i /howdy.txt > > verify howdy.txt > > pbp -v -i howdy.txt.sig > > sign bobs key > > pbp -m -S alice -n bob > > check sigs on carols key > > pbp -C -n carol > > alice encrypts howdy.txt to bob using experimental forward secret mode > > pbp -e -S alice -r bob -i howdy.txt -o ./secret-message > > bob decrypts howdy.txt from alice using experimental forward secret mode > > pbp -E -S bob -r alice -i ./secret-message > > initiate ECDH key exchange > > pbp -D1 > > respond to ECDH key exchange > > pbp -D2 -Dp 'public component from D1' > > finish ECDH key exchange > > pbp -D3 -Dp 'public component from D2' -De 'secret exponent from D1' > > random streaming 23GByte of cryptographic randomness > > pbp -R -Rs 23G -o /mnt/huge_fs/random_data > > participate in a 4-way DH exchange, 1st message > > pbp -Ds -Dp 4 -S alice -n 'friends001' -i oldkeychain -o newkeychain > > participate in a 4-way DH exchange, 2nd message > > pbp -De -S alice -n 'friends001' -i oldkeychain -o newkeychain > > this is one big pipe that creates a 3-way ECDH secret between alice, bob and carol: > > pbp -Ds -S alice -Dp 3 -n 'test-dh' -i /dev/null | > pbp -Ds -S bob -Dp 3 -n 'test-dh' | > pbp -Ds -S carol -Dp 3 -n 'test-dh' | > pbp -De -S alice -Dp 3 -n 'test-dh' | > pbp -De -S bob -Dp 3 -n 'test-dh' > > of course instead of a pipe you could use any kind of transport mechanism > > (c) 2013, stf , dnet vsza at vsza.hu, AGPLv3.0+ > > [0] also it's very funny to say pbp with a mouth full of dry cookies. > don't try this in company! > > > > -- Tentacle #99 ecc public key curve p25519(pcp 0.15) 1l0$WoM5C8z=yeZG7?$]f^Uu8.g>4rf#t^6mfW9(rr910 Governments are instituted among men, deriving their just powers from the consent of the governed, that whenever any form of government becomes destructive of these ends, it is the right of the people to alter or abolish it, and to institute new government, laying its foundation on such principles, and organizing its powers in such form, as to them shall seem most likely to effect their safety and happiness.’ https://github.com/TLINDEN/pcp.git to get pcp(curve25519 cli) From gwen at cypherpunks.to Fri Jan 10 04:57:25 2014 From: gwen at cypherpunks.to (gwen hastings) Date: Fri, 10 Jan 2014 04:57:25 -0800 Subject: gnupg vs pgp cli options Re: Curve p25519 Replacements for GnuPG?(x2 now) Re: Pretty Curved Privacy.. ECC Curve p25519 util(Bernstein approved curve) In-Reply-To: <20140110125255.GI7008@ctrlc.hu> References: <52CFE3E9.5040400@cypherpunks.to> <20140110122133.GG7008@ctrlc.hu> <52CFEC67.9090706@cypherpunks.to> <20140110125255.GI7008@ctrlc.hu> Message-ID: <52CFEE35.7080900@cypherpunks.to> Hi Stef, it seems its gnupg command line options you would want to emulate.. pgp left the command line abandoned sometime ago..:( GH On 1/10/14 4:52 AM, stef wrote: > On Fri, Jan 10, 2014 at 04:49:43AM -0800, gwen hastings wrote: >> Thanks Stef!! >> And for now I will be testing pcp as I prefer conventionally compiled >> and linked code for crypto I use in C/C++. > > sure, i prefer python as it precludes all the language class vulnerabilities > and leaves us only with application class vulns. but in hw i do this in c of > course. expect an accompanying hw device doing pbp stuff soon. > >> ps can you see about compatibility testing PBP with enigmail/thunderbird? > > never tried, on the commandline it's a bit incompatible yet with pgp > commandline args, but can be easily adapted. > -- Tentacle #99 ecc public key curve p25519(pcp 0.15) 1l0$WoM5C8z=yeZG7?$]f^Uu8.g>4rf#t^6mfW9(rr910 Governments are instituted among men, deriving their just powers from the consent of the governed, that whenever any form of government becomes destructive of these ends, it is the right of the people to alter or abolish it, and to institute new government, laying its foundation on such principles, and organizing its powers in such form, as to them shall seem most likely to effect their safety and happiness.’ https://github.com/TLINDEN/pcp.git to get pcp(curve25519 cli) From gwen at cypherpunks.to Fri Jan 10 06:43:48 2014 From: gwen at cypherpunks.to (gwen hastings) Date: Fri, 10 Jan 2014 06:43:48 -0800 Subject: Curve p25519 Replacements for GnuPG?(x2 now) Re: Pretty Curved Privacy.. ECC Curve p25519 util(Bernstein approved curve) In-Reply-To: <3153198.N6KqkV6bkD@lap> References: <52CFE3E9.5040400@cypherpunks.to> <20140110122133.GG7008@ctrlc.hu> <52CFEC67.9090706@cypherpunks.to> <3153198.N6KqkV6bkD@lap> Message-ID: <52D00724.1030302@cypherpunks.to> That seems to be a no for now.. I have been testing both and after some initial brouhaha about a __pycache__ for pysodium have both working I will have some observations later for the authors... GH On 1/10/14 6:12 AM, rysiek wrote: > Hi, > > Dnia piątek, 10 stycznia 2014 04:49:43 gwen hastings pisze: >> Great we have another alternative for those that prefer curve p25519 >> implementations in python. > > Indeed. But my question is: are these implementations compatible? As in, can > you guys encrypt and sign messages to each other using your respective > implementations, and still be able to communicate? > > Please let it be a "yes". > -- Tentacle #99 ecc public key curve p25519(pcp 0.15) 1l0$WoM5C8z=yeZG7?$]f^Uu8.g>4rf#t^6mfW9(rr910 Governments are instituted among men, deriving their just powers from the consent of the governed, that whenever any form of government becomes destructive of these ends, it is the right of the people to alter or abolish it, and to institute new government, laying its foundation on such principles, and organizing its powers in such form, as to them shall seem most likely to effect their safety and happiness.’ https://github.com/TLINDEN/pcp.git to get pcp(curve25519 cli) From gwen at cypherpunks.to Fri Jan 10 06:54:12 2014 From: gwen at cypherpunks.to (gwen hastings) Date: Fri, 10 Jan 2014 06:54:12 -0800 Subject: ECC curves that are safe safecurves.cr.yp.to Message-ID: <52D00994.1070109@cypherpunks.to> DJ Bernstein and Tanja Lange did a study on which ECC curves are safe to implement and use, found at http://safecurves.cr.yp.to/ YMMV as per the snowden releases but for now curve p25514 appears to be safe AND accessible in at least 2 cli type implementations. To be avoided at present is SECCURE-0.4 and below(no safe curves as per the bernstein document) GH -- Tentacle #99 ecc public key curve p25519(pcp 0.15) 1l0$WoM5C8z=yeZG7?$]f^Uu8.g>4rf#t^6mfW9(rr910 Governments are instituted among men, deriving their just powers from the consent of the governed, that whenever any form of government becomes destructive of these ends, it is the right of the people to alter or abolish it, and to institute new government, laying its foundation on such principles, and organizing its powers in such form, as to them shall seem most likely to effect their safety and happiness.’ https://github.com/TLINDEN/pcp.git to get pcp(curve25519 cli) From gwen at cypherpunks.to Fri Jan 10 09:35:32 2014 From: gwen at cypherpunks.to (gwen hastings) Date: Fri, 10 Jan 2014 09:35:32 -0800 Subject: Curve p25519 Replacements for GnuPG?(x2 now) Re: Pretty Curved Privacy.. ECC Curve p25519 util(Bernstein approved curve) In-Reply-To: <20140110150209.GO7008@ctrlc.hu> References: <52CFE3E9.5040400@cypherpunks.to> <20140110122133.GG7008@ctrlc.hu> <52CFEC67.9090706@cypherpunks.to> <3153198.N6KqkV6bkD@lap> <52D00724.1030302@cypherpunks.to> <20140110150209.GO7008@ctrlc.hu> Message-ID: <52D02F64.3010006@cypherpunks.to> Hi Stef, Consider this an invitation to you and Tlinden to converge on file formats and key representations in both implementation(s) if this is technically possible. It would give folks a choice at least. regards gh ps tlindens github loc at the end of sig On 1/10/14 7:02 AM, stef wrote: > On Fri, Jan 10, 2014 at 06:43:48AM -0800, gwen hastings wrote: >> That seems to be a no for now.. > > most of the basic stuff should be pretty easily convertible. > like your public key needs binary conversion and can be fed into any > nacl/sodium crypto_box right? > -- Tentacle #99 ecc public key curve p25519(pcp 0.15) 1l0$WoM5C8z=yeZG7?$]f^Uu8.g>4rf#t^6mfW9(rr910 Governments are instituted among men, deriving their just powers from the consent of the governed, that whenever any form of government becomes destructive of these ends, it is the right of the people to alter or abolish it, and to institute new government, laying its foundation on such principles, and organizing its powers in such form, as to them shall seem most likely to effect their safety and happiness.’ https://github.com/TLINDEN/pcp.git to get pcp(curve25519 cli) From loki at obscura.com Fri Jan 10 10:08:01 2014 From: loki at obscura.com (Lance Cottrell) Date: Fri, 10 Jan 2014 10:08:01 -0800 Subject: "Reset Safari" doesn't really clean all the cookies of Safari web browser In-Reply-To: <20140110143630.GH69913@eldar.cz> References: <20140109172522.GA75251@eldar.cz> <1978954.M916JVyCnL@lap> <20140110143630.GH69913@eldar.cz> Message-ID: Does the script address Flash object storage and other active content data stores? Browser fingerprint is also an issue. -Lance -- Lance Cottrell loki at obscura.com On Jan 10, 2014, at 6:36 AM, Klokanek wrote: > Thu, Jan 09, 2014 at 08:38:50PM +0100, rysiek pise: >> Dnia czwartek, 9 stycznia 2014 18:25:22 Klokanek pisze: >>> http://eldar.cz/kangaroo/binarni-sxizofrenie/apple-safari-cookies-clean.html >> >> I think that's actually the case with all the browsers. Consider: >> http://en.wikipedia.org/wiki/Evercookie > > True. > >> We need to create a way to easily delete everything related to a given >> website, or simply everything -- be it LocalStorage, Flash cookies and >> whatnot. > > My script delete simply everything. Advancing welcomed. > > Much more interesting seems to be the file: > ~/Library/Caches/Metadata/Safari/History/.tracked\ filenames.plist > No satisfactory description found and seems to resists "History clean" as > well... Unable to simulate the conditions to get the file again. Did anyone? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2504 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4877 bytes Desc: not available URL: From dan at geer.org Fri Jan 10 09:20:57 2014 From: dan at geer.org (dan at geer.org) Date: Fri, 10 Jan 2014 12:20:57 -0500 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: Your message of "Tue, 07 Jan 2014 23:20:55 +0100." <1439213.EFUEa7ORd9@lap> Message-ID: <20140110172057.310442280EA@palinka.tinho.net> > When I arrived at MIT in 1976, I learned that the term "hacker" meant ONLY > the second definition above. (I believe the term originated at the TMRC > (Tech Model Railroad Club in the 1950's; that fact is probably in > Wikipedia) There was no hint of illegality, nor was the term in any way > limited to computer activities. I would have been called a "chemistry > hacker" or an "electronics hacker" at that point. Yes to TMRC. And never forget S. Levy's book (*) --dan (*) http://en.wikipedia.org/wiki/Hackers:_Heroes_of_the_Computer_Revolution From dan at geer.org Fri Jan 10 09:54:28 2014 From: dan at geer.org (dan at geer.org) Date: Fri, 10 Jan 2014 12:54:28 -0500 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: Your message of "Wed, 08 Jan 2014 04:23:09 -0300." <5E549DD0DAAFDCB954C81C1B@F74D39FA044AA309EAEA14B9> Message-ID: <20140110175428.8F8F2228104@palinka.tinho.net> > If you recall, I asked you what I should believe in, but you never > replied. So, I don't believe in anything. =[ There are those who believe something, and therefore will tolerate nothing; and on the other hand, those who tolerate everything, because they believe nothing. -- Robert Browning From electromagnetize at gmail.com Fri Jan 10 11:02:59 2014 From: electromagnetize at gmail.com (brian carroll) Date: Fri, 10 Jan 2014 13:02:59 -0600 Subject: Fw: Hi, I'm from the government (addenda) Message-ID: (need to clarify this statement so it makes some sense...) > so, any given issue like [work] or [school] as a perspective > is likely unshared because it does not parse the same across > generations, and oftentimes an older constituency of the state, > those most privileged and served by the existing corruption, > seem to think their views superior and more knowing of the > conditions and accurate - instead of out of touch and out of > date, nostalgic and unreal to others existing in very different > circumstances and parameters and dynamics, generations > upon generations subsidized by handouts from the retired- > class, who have all the money not inside billionaires coffers i believe the "success" of the capitalist system based on money as primary value - from individual scaled up to local/global state - is an ILLUSION. a fiction that is not supported by facts evaluated in terms other than money (that is, where money equates w/truth) an earlier generation benefited by the existing system and then collapsed. such that, once upon a time a person could get a decent education, a living wage job, pay their bills, marry and have a family, own a vehicle, purchase a house (e.g. $10,000 about 40 years ago that today may be $150,000 and upwards), and then even start a business, or have a thing aka 'a career', that would be a path towards retirement, relaxation in old age those who succeeded, especially at a higher rate of profitability then could support their children and make up the gap, where school began to cost more money, house mortages needed a downpayment which parents could pay as gift, or a car would be purchased as a leg up, especially as living wage becomes few and far between, college debt balloons, the family unit collapses thus foundational social relations evaporates, and yet these weaknesses could be managed by those with such larger financial connections. and if they - the children - succeed in this system, it is viewed as the system is working and not that it is based on subsidizing it within the basic parameters, via those who have more wealth propping up those who do not the myth of 'self-made' person then, that hoary arrogant belief is not only based on a corrupt implementation that benefits a few people at the expense of the many, structurally, it also is based on a privilege utilized and extended by those who have money, as it subsidizes their staying 'within the system' as if more competitive and fit, morally superior, than those without such an additional support structure. survival then can largely depend on existing wealth in proximity to an individual who is otherwise in a situation supposedly on the level with others, and in this way, basic relations and dynamics often involve string-pulling or behind-the-scenes influence to how various situations play out, as if ~natural, based on competition or superior skills or ability, than having one person financed by a hidden investor and others not, as it whittles away people who can do more than be subsidized, follow rules, draw in the lines, not upset investors or risk the support structure; (so too, 'father figure' as if god, moral, wise, all that bullshit) it is systematic private tutelage required for the 'capitalist' system to _appear to work, as it is then represented that people are independent, pulling themselves up by their own bootstraps, versus having (really, actually, public) subsidies (via theft of the commons). so this is to say 'parents' and-or 'families' can provide this over generations, depending also on exactly how wealthy they are- such that grandparents can contribute to college via retirement funds or whatever, stock dividends for a given year- while also checking their social security because- you know, ~it is 'their money'... (in such a way that working poor are subsidizing the rich, and this pressure then increases the yearly livability gap) at the top of society and the top of this heat of madness is 'superman', the male head of household, whose spouse or wife -if not yet divorced- has likely sacrificed her goals and her freedoms to allow this illusion of mastery to develop... one person's freedoms sacrificed for freedoms of another (though this also happens on a mass scale). the 'man' is then the person who "thinks" and "knows" and "decides" and financial success is tied to his success and abilities; again, an illusion. divorce an indication this is imbalanced as a relational condition- spouse as servant or handmaid. so too entire families can prop up the narcissistic ego of 'the breadwinner' who then conquers society, hunts prey to gain survival and existence, and then this belief in his superiority based on success in these defined parameters. i am good at business- i am a warrior! etc. identity of man funneled into certain functioning that is removed of goals and views outside his own immediate need, this privilege then equated with larger social responsibility as it maps to the state at large, he is the soldier fighting the war by pursuing his own self interest, he is the competitor, the decider, the succeeder, the intellect, the champion of his own life and those who he supports around him. the problem is that it is mostly bullshit, based on lies. that this 'survival of the fittest' is highly rigged, based on special and unique privileges, corruption, not accounting for truth, and believing in inhuman values that govern over social and other relations by default, as if emancipatory, an ideal model for state functioning, best of all possible worlds, where it is his world, his ideas, his goals and beliefs, his interests first, that define, manage, evaluate the shared situation in his onesided terms and views, while errors are ignored based on higher authority as if a godhead, infallible, because 'he' is -history- effectively so some massive shithead like this then spreads the word as if simpleton business philosophy is real deal; concepts like [property] and [capital] and [work] and also [education] are brought to bear for constructing and relaying his POV... so this warped privileged, false-perspective then is shared and communicated about as if _standard, its corruption and false portrayal and non-accountability then normalized as if the measure by which other actions are held against, judged by virtue of 'what works' without calculating it beyond money [property] to this bastard fuck is having an education and degree lined up, a wife, a family, a house, vehicles, house, (probably cabin or perhaps additional real estate), career, vacations, travel, stuff beyond what any person needs (as this relates to inefficiency and hoarding of material goods) others in another generation may not even have a family structure, they may not attain an education or degree that allows career or work in field of interest, a living income is likely not available, they cannot afford a house, they have no spouse or even social relations potentially, they could not afford a vehicle, or to maintain it, or insurance, they may not have enough for food or clothing, they live within the property of another as renter, they never had a vacation, they cannot travel, and they fall outside culture due to lack of access or barriers to participation, and many view them as leeches and parasites of society for taking _away wealth from the succeeding and working class, even while systems that sustain these others or that they function within are the very cause for this incapacitation and state of degradation so the very ideology that is judging the 'failures' as immoral is the reason for this structural condition- its very -success- and yet this maps to a view that those with money are better than those without, more virtuous, by natural ability in terms of competition, versus this situation rigged to benefit some at the cost of many, while not allowing it to be accounted for because it is only evaluated in terms of money, not of its truth 'handouts' from the rich to those dependent whether legally or not, say children of these benefactors of state corruption, then create the false perspective that these 'citizens' thus subsidized are actually succeeding in the original parameters and are not propped up by those who actually benefited the most, and thus trickle-down is intergenerational from within family bloodlines, and not outside this private context, unless somehow views of philanthropy are equated with providing people with a fair and equal chance of success in competition-- that is not occurring. instead it is symbolic, to make it appear as if the system works in its functioning, that its ideological principles and beliefs are fundamentally 'true' based on continuing -subsidized- successes this is not 'a little grease in the wheel', this is requirement of having the grease canister perpetually attached to the wheel while others must go and function without, a deficit or gap which structurally and knowingly leads to their demise. this is the lie, that religious view that cannot be challenged and such heresy is quickly medicated away as rantings of crazy persons who are jealous and inferior, greedy, selfish, unkind thus, a view of [property] if evaluated in this range of potential interactions, could be a condition of power and mastery, over others and supposedly over the self (by way of narcissistic ego) and it can inherently involve subjugation of others to maintain or sustain this view which remains unaccounted for, whereas these other views of property are from the perspective of subjugation, of having these idiot superior fucks gloating about their power and supporting their weak-thinking genetic herds of monetists who think society only revolves around them and their needs, that they are the determiners of value, while truth of this is not accounted for beyond private limits and beliefs, which the corrupt US constitution allows as a warped prerogative entire professions based on this belief system, 'disciplines', modes of being, this enronomic inflation of shared ungrounded value held in common, the basis for 'mechanics of property' as this becomes economists, lawyers, businessmen, entrepreneurs who benefit from this condition and work to extend it for a limited shared set they belong to. in this way, the hypothesis that such corrupt capitalism is indistinguishable from corrupt communism, that it is entirely materialist, value is based on money, its control and 'thinking is bad' that does not conform to the belief system, and can be edited out, censored, destroyed, as if a moral action this idea of freedom at the cost of others, such that 'equal rights' are then taken away via this structural imbalance, is what then legitimizes the false view, that they are free to hold these views, it is their legal right as enshrined in signed documents and thus such activity is signed-off-on at the level of the 'unshared state' what is so absolutely totally crazy about this is that it is modeled as if a natural system, an ecosystem. though the structural bias has been normalized as if implicit in nature, such that some must be unemployed while others do the work or some must live while others must die off, so that 'the group' succeeds. the problem with this view is that it is artificial, nowhere in nature is a natural system likely allowing structural inefficiency to be normalized to subsidize the 'partial organism'. this is not the bird killing some of its young so that others can live scenario, given harsh resource conditions. it is something far beyond that, an ideological compromise that has become normalized. it is to consider a macro-organism in such a way that its 'economy' is only measured within subset relation of the whole, and not the entire entity as this economy in other words: success of the partial organism or ecosystem is isolated from its cost to sustain in those terms of functioning such that it is a false ecosystem, a fake view of involved events because its analysis is bounded to only 'what works' within the 'partial model' or subset, and not within the larger total society as organism. and thus 'the economy' that is profiting is based on the entropic removal of value (truth and money) from a larger condition, to support and sustain a smaller version inside of it, yet which is parasitic, requiring failure of the whole system so that the part can succeed, in this way it is self-cannibalistic (public.state (private state)) ===> (loss(profit)) the entropic exchange then removes value, hoards it with the few, exploits these dynamics by an enforced boundary '(' or limit, which then is based on beliefs that are beyond further accounting in their truth, such that 'shared belief' is equated with this 'truth' yet is not actually so, it is simply a 'shared view' of shared self-interest of some subset or group or identity, such as man and mankind... (human (woman (man (mankind)))) ---> 'man' (humanity) private superman and his ego as shared or unshared thus is able to rule over humanity, even if the beliefs are not based in truth or are warped, because of the power of money to force perspective, shared relations, communications, language into that framework (thank lawyers for giving the final seal of approval, courts as well) so when 'men' relate or private shared identities (i dunno, let us say antihuman homosexuals for instance) then humanity can be kept out of this 'shared public' interest, and one population or group and its interests can function against other, via economic means as normalized, streamlined, made mainstream as if shared value it is so devious it would have to be planned this way. it is just too warped to not be evaluated in more realistic terms, and yet-- and yet... that is exactly what happens. people routinely call up the iconic signage, the functions and protocols of [property] and can reference these as if standard, known, shared ideas of a common view or understanding, not accounting for the variance involved, and thus in referring to these 'views' or perspective in only partially grounded ways, it further supports and relies upon the falsity that they develop and allow, as ideological structures, such that the views of money are automatically unpacked as interpretations, foundation for analysis, that is thus friction-free in calling out or referencing such parameters, without accounting for their truth in a context beyond linear language, which is the predicament thus communication and language enforce the falsity by their continued and automatic use, continuing to repaint the views anew and afresh as if legitimate, stamps of approval to previous modeling now detached from realistic accounting for what exists and held and believed as religion, with faith in these views that then becomes and is the problem, the righteousness of viewpoint that can be ungrounded, a false perspective and framework that does not map to reality and instead sustains, aids the corruption the ideological view has been expertly engineered- rationalized, all it needs is to be used, employed and deployed, especially as if a theory - proven as physical law, versus hypothesis with error correction where the working-model is readily evaluated versus becoming dogma, an enforced belief beyond questioning or challenge. in this way, pseudo-truth replaces truth as value it gets crazy real fast- think of it, the realm of subsidy extending from a millionaire class and dependents, quasi new.royal lineage; the 'representatives' of the state and sports ~heroes alike, icons of the success of the system -- that it works -- for those like them (who the fuck would pay to watch commercials? the same people who pay to watch millionaires play sports in rigged competitions) this is the success story that supposedly validates the merits of the capitalist system in its privatization and enclavement, as it is represented by private wo|man and their demographic kind, this at the cost of humanity, earth, nature, life, love, sanity, truth itself only 'economics', 'politics', 'society' divorced from truth could allow this as a viewpoint, sustaining it as 'shared reasoning' within what is a highly protected boundary or border -- borders everywhere -- not only in physical though also mental property, gatekeepers of the mind and thinking, what modeling or viewpoints are allowed, as this aligns with institutionalized views, ideological, dogmatic, beneficial to the same expropriating flows of labor and material and value, while standing in as protesters against this, benefiting and relying upon the very thing stood against, via this ungrounded condition, 'shared belief' the delusional interconnection, dependency and literally- privilege, where conceit and hypocrisy go hand in hand those people over there making a survivable income are bad while my survivable income over here is morally superior, because belief it is all part of the same thing, just more major or minor variations- the success of the billionaires is the success of college graduates; it is the same fucking system, the same monetary values driving the interactions, bringing home the bread. to think otherwise is delusional, in so far as it partakes in language, communications, these exchanges in terms outside logical accounting for its truth- it is the very thing which sustains the ongoing development, that the terms it exists within as ideologically defined are the foundation for subsequent interactions-- that this 'history' is not challenged at the level of core ideas, and instead merely referenced, as another programming function or call or routine, more oil in the wheels, as it further fuses materialistic beliefs of capitalism/communism together as if some kind of liberation, greater freedom, via increased bondage and reliance upon structures, institutions, corrupted organizations and shared identities that can be manufactured and manipulated, subverted as a centuries-old practice, such hidden engineering 'the group' identity, some subset of private demographics, then directly equates with this oppression- difference as universalized, the fragmentary as if whole, in its warp and skew and unreality, and then to mediate situations on these 'shared terms' that are requiring of further oppression against the common human set; because people cannot get beyond themselves, they lost their own truth and identity to culture and institutions defining it for them in other terms, relations in superficial constructs as if all about freedom and 'think whatever you like' because it is easy to just believe its true, no one is going to falsify your viewpoint in a context of money as the value, the determining evidence in this way, 'ideas' and 'intellectualism' likewise a trap unless taken outside the prevailing normalized context. any reference to security or 'the economy' defaults to this corruption, this deep structural oppression and subjugation of populations supported by the false ideas and views, relations and beliefs then consider being duped, that there is an invading force of people who have a hostile agenda and are citizens standing side by side with us, as if fellow citizens yet hostile to these very 'ideas' and principles that go beyond monetary viewpoints the mainstream interactions and use of language, communication favor their agenda by default, and overtime it is the only viewpoint that can be reasoned in the faith-based system of money-as-truth that this 'historic' loss of freedom, and 'mankind' as fiction is also what is allowing this takeover and takedown of the state to occur, within these same parameters, due to lost accounting for actual truth in society, replaced by beliefs shared by benefactors of the system, the subsidization, the privilege, superiority complex as if natural ability and capacity, not gained by kneecapping others and locking the gate, ignoring all that because it benefits self first as privately defined, again, extension of private ego, ~superman though this warped view subsidized by oppression of surrounding others, spouses, the public, the future, those without resources a human viewpoint would quickly resolve this, unless there is a fight within the self disallowing it, which is thus a schizophrenic condition of fragmentary puzzlework that is not aligned correctly enough to get a new model or 'governance' in these terms, then it is a fight within the self, wo|man or human, as this can flip-flop back and forth, especially as it relates to truth and money, such that a condition of superposition exists for how interpretation and action grounds, in its accuracy, based on what motivations and structures, the circuitry of existence as mind and body relate in such a condition of [democracy] where hostile forces exist as voters and constituencies seek to fortify the corrupt state, another concept such as [dictatorship] could likewise have a range of interpretations, based on parameters it functions within and thus a 'democracy of moneymakers' may require checks- and-balances of a dictatorship of truth hidden as governance, somewhere deep within the shadows as backup structure, it is also a threat if 'dictator-of-moneymaker' was to align with this 'democracy-of-moneymakers' likewise. so even a context such as mass surveillance, hidden dictatorship, failed democracy, in their truth could still involve moral and ethical governance in terms of humans as the shared set. though if an observer is not evaluated in 'human terms' it is not possible to evaluate these situations in that larger structural viewpoint, and also evidence may be lacking to support such a view or belief until 'people' begin communicating in these more realistic frameworks, what is communicating and exchanged as views supports the failed state in its oppressive dynamics and goals. by standardizing and extending and normalizing the false, it is giving it currency as if truth, which is validated by its effects, in terms of profit and money as evidence of its reality, tangibility, as if money proves things, and also limits, defines this proof as with property, when someone has ideas for how to deal with this situation, in the past they may have had a career, a livelihood. today instead, ideas to 'fix' the corrupt state are unwanted, ignored, or abolished, instead, such people are viewed ~mentally-ill for not conforming to the worldview. is this really the foundation for freedom, and not for slavery? also, for those most invested in the status quo, they are more reliant on the lies that structure this mechanism for their own 'success' and survival. they have reason to believe because it benefits them most. in this way, the illusion that they exist in a greater realm of awareness and truth due to functioning inside the system is an illusion. there are more lies at the top of this false framework than at the bottom, where it is more readily observable the gap needed to be able to sustain the false perspective, viewpoints, beliefs that is, if truth is value. if money is the supreme value and virtue aligns with this, then 'greatest truth' would be with those with all the money, which is the cosmic setup, in that materialists then congregate together, and can then be mapped out, dealt with accordingly via future accounting in other words, the more connected a person is within the system the more reliant upon lies needed to sustain it and oppression of others, though this can be left out or removed from analysis, which is part of the hypocrisy of the privileged in this way the bane of causes, champions of issues who then function against these same parameters in human terms outside the economic model, where money determines truth it is as if the body replaces the mind as 'governer' and that physical proof that is materialistic is viewed highest evidence when instead this is actually accounted for in terms of money, in these same circuits, though within a shared 'group view' or belief system - again religion. whatever it is called, Marxist or Keynesian or Head-start or Obamacare or whateverthefuck in this way, zombies.culling of populations who do not conform or submit or shared demographics based within and upon a shared ideology, this falling into line, following, as if freedom, liberty, channeling efforts into the wrong circuits, agendas, and goals, though those which can be mechanized/realized within the existing false frameworks and parameters, though not reviewed for their integrity, which then is the basis for easy subversion, mimicry, camouflage for another hidden agenda not thinking-it-through at the level of logical analysis beyond binary then leads to this use of 'emanicpatory ideas' as a main form of oppression, via group think as institutionalized, whether alternative or countercult or not, authority-based that is again 'individual rights' scaled to society as warped universal the very problem and issue is communication, language, action in these terms- the very exchange in pseudo-truth allowing the whole edifice of lies and falsity to be maintained by not going several steps further, into the depths, to address the structures involved, the errors relied upon, and therefore these extended, becoming the basis for interactions, the basis for livelihoods, yet another brick in the wall, no matter what opinions or views held, reliant upon the very system, without self-consciousness or self-reflection or modeling skills or capacity to address and correct for errors, because society has been made _illiterate by these very same forces, interactions with self and others, relations and exchange occurring in majority falsity instead, shared beliefs as if truth when it just is not this simple and it is a shared condition, everyone exists in this, as if the cosmos has fallen in its truth, where truth was never secured and it is only getting worse and worse, more and more difficult to continue in the existing parameters, pressures increasing, and that enormous gap, within the self perhaps and also with others, every other a unique consideration of dimensionality, how relations wire or align or do not interconnect. how to go from existentialist alienation and nausea to shared human awareness, especially if 'private ego' is the standard POV a limit or boundary of observers, interpretation existing, this human view requires comprehension of true nature of self, a remodeling of relations internal and external, governance in these terms, which likely already exists yet may not be primary due to circumstance and prior decision-making if compass is misaligned or dealing in hostile force-fields to begin with, which is the default scenario, this detachment and to mention the hypocrisy of seeking to account for this, the antagonism of a lost humanity, the very people who do the most, seek the higher ideals then scrutinized for these efforts because of the way the circuitry actually functions is not as believed or perceived in private terms of identity as shared, subset, perhaps turned into careers, et cetera. this brutal awakening of the other which is humanity, in its loss of position and value of the state to the alter-ego of the self, fallen from grace, delusional and dangerous at its core there is love, in this securing of truth it is to redeem the internecine battles by a higher awareness and understanding that cannot escape tribulations of difference, opposition, disconnection, misalignment the economy, governance, social relations could be based on shared truth as a human value, instead of money. that could be how justice is determined and freedom is protected. and within this, love as a value and principle that has been removed from relations between people, except insofar as it is monetary it is to consider perspective, interpretation of observers who may view the same events yet parse them differently [evil] actions and [good] actions are variable, relative to the parameters evaluated within, based on what is of value for an antihuman materialist who believes money is truth, the basis for their objectivity, evil actions may map to those (such as the poor) who take away their money or who they must subsidize beyond their private frameworks, and thus rationalized subversion, exploitation, could be believed just and it could even become a malethical structural of the state, such that expropriation of resources to the rich set is ~divine, thus actions like these would be 'good', of highest virtue, etc whereas if this same situation was evaluated in terms of grounded truth, accurately determining what is good or evil would requires accounting for what is evil in terms of its truth, and what is good in terms of its truth, as concepts, as this maps to a shared human identity. an evil action could be viewed as taking away the ability to live from many people so that only few can live at their expense. good could be evaluated of those efforts that seek to remedy this situation though it may be limited by what is acknowledged as true, what can be recognized, and thus partialness is involved, as 'truth may not be separated from falsity' (as pT) and thus 'good intentions' could actually support evil actions unwittingly, an endless army of trojan horses in civilization, due to not establishing and securing this logical foundation beyond the binary, resulting in ideological shared beliefs that while believed 'true' and 'good' could function otherwise as the parameters are not adequately accounted for in the ways they exist beyond limits of relation as conceived or believed within the shared set, also benefiting enemies. in this way, 'monetary truth' ultimately can determine what is true, whether or not it is true, and also presume it 'good' because it is shared as a belief, as a consensus viewpoint, as if morality even if for different ends and opposed agendas; both grounding to the same shared false perspective ultimately that is how ideology has defeated ideas in their truth, its currency has more value in the working system and those who profit from it function as its prophets, extending beliefs, indoctrinating new disciplines, maintaining false frameworks at the cost of humanity, a real accurate model of what exists beyond private ID, accountable to truth as its measurement, for worth, for value, for relations, governance, exchange, etc. every human being has valuable insights into this situation, everyone who thinks and feels has details, views, observations to contribute to modeling what is going on, from their vantage. what is required to do this is 'knowing your 1s and 0s' in terms of logic and probability, this allowing shared empirical reasoning where truth befits truth as shared structure and scaffolding in a hypothetical parallel modeling of this shared human condition; likewise, the truth of the billionaire and truth of the homeless, both of value. morality likewise, the human good that those with wealth do and those without, accounting for this, valuing it, establishing it as foundation, building upon such structure. (making it possible for thinkers to have sustainable employment for instance, versus viewing such modeling as without worth to others, think how this would have decimated previous generations, think-tankers would not be employed- they would be medicated, there would be no model for what is going on, and today, this is the extending situation into the future, an outdated and warped point-of-view that is inaccurate, the only guideposts available; unless people are willing to take on the situation and change it, transform it via shared action, work, support, within these terms) 12-A1A [M] 512-C1B [4] 35-NET [8] -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 37540 bytes Desc: not available URL: From s at ctrlc.hu Fri Jan 10 04:21:34 2014 From: s at ctrlc.hu (stef) Date: Fri, 10 Jan 2014 13:21:34 +0100 Subject: Pretty Curved Privacy.. ECC Curve p25519 util(Bernstein approved curve) In-Reply-To: <52CFE3E9.5040400@cypherpunks.to> References: <52CFE3E9.5040400@cypherpunks.to> Message-ID: <20140110122133.GG7008@ctrlc.hu> On Fri, Jan 10, 2014 at 04:13:29AM -0800, gwen hastings wrote: > From the README... > > DESCRIPTION > > Pretty Curved Privacy (pcp1) is a commandline utility which can be used > to encrypt files. pcp1 uses eliptc curve cryptography for encryption > (CURVE25519 by Dan J. Bernstein). While CURVE25519 is no worldwide > accepted standard it hasn't been compromised by the NSA - which might be > better, depending on your point of view. sounds like my pbp: https://github.com/stef/pbp except with a 'c' and less features, from the readme: v0.2 - experimental PBP[0] is a simple python wrapper and a command line interface around libsodium, to provide basic functionality resembling PGP. It uses scrypt for a KDF and a much simpler packet format, which should be much harder to fingerprint, pbp also provides an experimental forward secrecy mode and a multi-party DH mode. Installation pip install pbp you possibly need to run (or an equivalent command) sudo apt-get install git python-virtualenv gcc python-dev libffi-dev to satisfy all basic dependencies. Design goals: 1. use modern crypto 2. provide similar functionality to PGP 3. be extensible 4. difficult to identify based on fingerprinting 5. provide extensive testing 6. strive for security Crypto Cryptographic primitives are based on the NaCl library from http://nacl.cr.yp.to. The KDF used is scrypt. PGP-like Provides basic public key encrypt/decrypt, sign/verify and secret key encrypt/decrypt modes, as well as the ability to sign, verify, list, generate, export and import keys. Extensibility using pbp and the underlying pysodium[1] library it's easy to extend pbp. Some examples are the experimental forward secrecy mode (see description in docs/chaining-dh.txt), the support for ECDH key exchanges from the command-line and generation of arbitrarily large random byte streams. [1] https://github.com/stef/pysodium also available on https://pypi.python.org/pypi/pysodium Fingerprinting pbp tries to avoid to store any sensitive plaintext info, the encrypted files all should look like random noise. for a description of the packet formats see docs/fileformats.txt. Testing All py files come with their internal tests, unit tests are in tests.py, and commandline functionality is tested in test.sh. Security pbp locks the process memory, so it cannot be swapped to disk. Also pbp uses SecureString[2] to overwrite sensitive key material after usage in memory, so keys have a short window of opportunity to leak. [2] https://github.com/dnet/pysecstr Usage Generate a key pbp -g -n alice sending howdy.txt using public key encryption from alice to bob pbp -c -S alice -r bob -i howdy.txt decrypt an encrypted file using public key crypto pbp -d -S bob -i howdy.txt.pbp sending howdy.txt using secret key encryption pbp -c -i howdy.txt decrypt an encrypted file using secret key crypto pbp -d -i howdy.txt.pbp sign howdy.txt pbp -s -S alice -i /howdy.txt verify howdy.txt pbp -v -i howdy.txt.sig sign bobs key pbp -m -S alice -n bob check sigs on carols key pbp -C -n carol alice encrypts howdy.txt to bob using experimental forward secret mode pbp -e -S alice -r bob -i howdy.txt -o ./secret-message bob decrypts howdy.txt from alice using experimental forward secret mode pbp -E -S bob -r alice -i ./secret-message initiate ECDH key exchange pbp -D1 respond to ECDH key exchange pbp -D2 -Dp 'public component from D1' finish ECDH key exchange pbp -D3 -Dp 'public component from D2' -De 'secret exponent from D1' random streaming 23GByte of cryptographic randomness pbp -R -Rs 23G -o /mnt/huge_fs/random_data participate in a 4-way DH exchange, 1st message pbp -Ds -Dp 4 -S alice -n 'friends001' -i oldkeychain -o newkeychain participate in a 4-way DH exchange, 2nd message pbp -De -S alice -n 'friends001' -i oldkeychain -o newkeychain this is one big pipe that creates a 3-way ECDH secret between alice, bob and carol: pbp -Ds -S alice -Dp 3 -n 'test-dh' -i /dev/null | pbp -Ds -S bob -Dp 3 -n 'test-dh' | pbp -Ds -S carol -Dp 3 -n 'test-dh' | pbp -De -S alice -Dp 3 -n 'test-dh' | pbp -De -S bob -Dp 3 -n 'test-dh' of course instead of a pipe you could use any kind of transport mechanism (c) 2013, stf , dnet vsza at vsza.hu, AGPLv3.0+ [0] also it's very funny to say pbp with a mouth full of dry cookies. don't try this in company! -- pgp: https://www.ctrlc.hu/~stef/stef.gpg pgp fp: FD52 DABD 5224 7F9C 63C6 3C12 FC97 D29F CA05 57EF otr fp: https://www.ctrlc.hu/~stef/otr.txt From s at ctrlc.hu Fri Jan 10 04:52:55 2014 From: s at ctrlc.hu (stef) Date: Fri, 10 Jan 2014 13:52:55 +0100 Subject: Curve p25519 Replacements for GnuPG?(x2 now) Re: Pretty Curved Privacy.. ECC Curve p25519 util(Bernstein approved curve) In-Reply-To: <52CFEC67.9090706@cypherpunks.to> References: <52CFE3E9.5040400@cypherpunks.to> <20140110122133.GG7008@ctrlc.hu> <52CFEC67.9090706@cypherpunks.to> Message-ID: <20140110125255.GI7008@ctrlc.hu> On Fri, Jan 10, 2014 at 04:49:43AM -0800, gwen hastings wrote: > Thanks Stef!! > And for now I will be testing pcp as I prefer conventionally compiled > and linked code for crypto I use in C/C++. sure, i prefer python as it precludes all the language class vulnerabilities and leaves us only with application class vulns. but in hw i do this in c of course. expect an accompanying hw device doing pbp stuff soon. > ps can you see about compatibility testing PBP with enigmail/thunderbird? never tried, on the commandline it's a bit incompatible yet with pgp commandline args, but can be easily adapted. -- pgp: https://www.ctrlc.hu/~stef/stef.gpg pgp fp: FD52 DABD 5224 7F9C 63C6 3C12 FC97 D29F CA05 57EF otr fp: https://www.ctrlc.hu/~stef/otr.txt From xlene at 404ed.org Thu Jan 9 19:29:49 2014 From: xlene at 404ed.org (xlene) Date: Fri, 10 Jan 2014 14:29:49 +1100 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: <52CC5DEC.7040806@echeque.com> References: <52CAA24E.5060809@cathalgarvey.me> <3840023.vxZcX9Ecem@lap> <52CC5DEC.7040806@echeque.com> Message-ID: <52CF692D.5000406@404ed.org> On 08/01/14 07:05, James A. Donald wrote: > On 2014-01-08 04:51, rysiek wrote: >> Neither does it fit 1. -- he did not break any kind of security systems, >> cracked passwords, etc., he just put a laptop on a network that had >> access to >> these documents and downloaded the documents. That's all. > > You are perhaps saying it frequently requires no skill, other than > fraud or burglary, to muck up someone else's network. Indeed it does > not. > > Nonetheless, mucking up someone else's network by such simple means is > hacking in the first meaning of the word, hacking as an aggressive or > criminal act. > > Because hacking from a distance requires skill, particularly if a > network has some halfway competent defenses, the word "hack" has also > come to mean some impressively clever stuff done with computers, but > the original meaning was simply bad stuff done by computer - and, in > the early days of the internet, it was possible to do bad stuff by > computer with very little skill. > > And even today, it is possible to do bad stuff by computer with very > little skill if one physically accesses a network that is not intended > or expected to be accessed by outsiders. im not so sure hacking ever meant simply doing bad stuff with a computer. (if you take your lexicon from the main stream media perhaps but its simply not true.) making stuff do things it was not intended to do would be much closer to the original and correct definition of the term "hacking" From carimachet at gmail.com Fri Jan 10 05:52:53 2014 From: carimachet at gmail.com (Cari Machet) Date: Fri, 10 Jan 2014 14:52:53 +0100 Subject: Jacob Appelbaum in Germany In-Reply-To: <20140110052433.61F3D10F85@a-pb-sasl-quonix.pobox.com> References: <52C33963.1000709@echeque.com> <20140108174001.B0BFD2280B6@palinka.tinho.net> <1389208893.97348.YahooMailNeo@web141204.mail.bf1.yahoo.com> <20140110052433.61F3D10F85@a-pb-sasl-quonix.pobox.com> Message-ID: i have spoken exstensively to lawyers about using this tactic they say it is very problematic > the people that sit on juries are not informed that they can in fact nullify AND if a lawyer sees a possibility in an instance of a case they can get at best reprimanded by the judge if there is any 'jury tampering' perceived the courts have nullified the jury nullification law if the citizenry were in fact knowledgable and educated that would help the issue and change a lot of things actually - the education system sucks of course so... and its such an odd thing because people put such incredible "faith" in the legal system and they know so little about how it "functions" i have done some work in the jail/court support area and there are a ton of things happening in the courts that need changing there is barely an analysis of how screwed up the system really is - some volunteers are doing great work in statistics especially regarding sexual assault cases BUT it is only a beginning on what needs to happen for anything to get better On 1/10/14, Bill Stewart wrote: > At 05:16 PM 1/8/2014, coderman wrote: >>in the US court system, is there an equivalent of jury nullification >>applied to a judicial ruling? >> >>that is to say: is it possible to plead guilty, but a judge acting to >>nullify a perceived unjust law, could find you not guilty? > > A judge who wanted to do that could dismiss the case instead of > asking for a plea. > > IANAL, but I suspect that a judge who allows a case to get as far as > asking the defendents how they plead isn't going to reject a guilty > plea. Another way to do what the Quakers wanted to do would have > been to plead "no contest" instead of guilty, but I'm sure they had > deeply considered what to do beforehand. > > -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. From rysiek at hackerspace.pl Fri Jan 10 06:12:17 2014 From: rysiek at hackerspace.pl (rysiek) Date: Fri, 10 Jan 2014 15:12:17 +0100 Subject: Curve p25519 Replacements for GnuPG?(x2 now) Re: Pretty Curved Privacy.. ECC Curve p25519 util(Bernstein approved curve) In-Reply-To: <52CFEC67.9090706@cypherpunks.to> References: <52CFE3E9.5040400@cypherpunks.to> <20140110122133.GG7008@ctrlc.hu> <52CFEC67.9090706@cypherpunks.to> Message-ID: <3153198.N6KqkV6bkD@lap> Hi, Dnia piątek, 10 stycznia 2014 04:49:43 gwen hastings pisze: > Great we have another alternative for those that prefer curve p25519 > implementations in python. Indeed. But my question is: are these implementations compatible? As in, can you guys encrypt and sign messages to each other using your respective implementations, and still be able to communicate? Please let it be a "yes". -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From carimachet at gmail.com Fri Jan 10 06:31:29 2014 From: carimachet at gmail.com (Cari Machet) Date: Fri, 10 Jan 2014 15:31:29 +0100 Subject: Omidyar-Greenwald Scam to Sell Crypto? In-Reply-To: References: Message-ID: @pierre is just a limited thinker and only seems to b acting fr experiences - he spent a lot of time in second life fr what i know he has some really bad history with micro-finance con games why not expand ur lack of ethics onto other realms i guess his own little crypto party > seems he would even sell a piece of chewed gum the "journalism" he wants to "build" is a replica of huffpo i think as again thats what he knows > partnered w/ them in hawaii ... while they are multimillion dollaring it others are doing the real work of jounalism so i am not worried about the craft its just that the gullibles will b in awe of the kings once again and that makes my stomache hurt On 1/9/14, John Young wrote: > > > Pierre Omidyar's Business Model for First Look is Like a Second Life > or Anti-Virus Guard Scam > > http://3dblogger.typepad.com/wired_state/2014/01/pierre-omidyars-business-model-for-first-look-is-like-a-second-life-or-anti-virus-guard-scam.html > > -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. From s at ctrlc.hu Fri Jan 10 07:02:09 2014 From: s at ctrlc.hu (stef) Date: Fri, 10 Jan 2014 16:02:09 +0100 Subject: Curve p25519 Replacements for GnuPG?(x2 now) Re: Pretty Curved Privacy.. ECC Curve p25519 util(Bernstein approved curve) In-Reply-To: <52D00724.1030302@cypherpunks.to> References: <52CFE3E9.5040400@cypherpunks.to> <20140110122133.GG7008@ctrlc.hu> <52CFEC67.9090706@cypherpunks.to> <3153198.N6KqkV6bkD@lap> <52D00724.1030302@cypherpunks.to> Message-ID: <20140110150209.GO7008@ctrlc.hu> On Fri, Jan 10, 2014 at 06:43:48AM -0800, gwen hastings wrote: > That seems to be a no for now.. most of the basic stuff should be pretty easily convertible. like your public key needs binary conversion and can be fed into any nacl/sodium crypto_box right? -- pgp: https://www.ctrlc.hu/~stef/stef.gpg pgp fp: FD52 DABD 5224 7F9C 63C6 3C12 FC97 D29F CA05 57EF otr fp: https://www.ctrlc.hu/~stef/otr.txt From jamesdbell8 at yahoo.com Fri Jan 10 18:08:42 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Fri, 10 Jan 2014 18:08:42 -0800 (PST) Subject: Your errors about me in your book. In-Reply-To: <39B467F8-2B03-42D8-9F2D-BD51383BD6C1@forbes.com> References: <1384474509.14308.YahooMailNeo@web141201.mail.bf1.yahoo.com> <1384480885.88737.YahooMailNeo@web141206.mail.bf1.yahoo.com> <1384550789.26301.YahooMailNeo@web141203.mail.bf1.yahoo.com> <1384815366.99303.YahooMailNeo@web141201.mail.bf1.yahoo.com> <39B467F8-2B03-42D8-9F2D-BD51383BD6C1@forbes.com> Message-ID: <1389406122.97690.YahooMailNeo@web141206.mail.bf1.yahoo.com> Dear Mr. Greenberg, Forbes Magazine      You've been mighty silent, not sending me a single email since the one (November 18, 2013) which is quoted below.    Apart from correcting your egregious error, claiming that I had fired "all" of my attorneys (when in fact I hadn't been successful at firing even a single one!), I also quote below my accusations against government employees in regard to phony, fake, forged 'appeal' case 99-30210, as well as my more recent allegations (albeit of a much older event) concerning the government sneakily commandeering the address 7302 Corregidor, in order to spy on me.  The average 'journalist', at least ones that actually consider themselves to be real journalists, would be very interested in this kind of material.  But you are not even interested enough to ask simple follow-up questions.  Why is that?  I think I know the answer:  You consider yourself, now, aligned with precisely the people who committed these crimes against me during the period of 1995 through 2013.  You yourself admitted in an article to having contacted the government:  Alone that would not necessarily be a problem, but I think you realized that if you did any effort to help expose the government guys, they would be hostile to you.   That's why you haven't investigated, and that's why nearly two months later you haven't even emailed to me,, despite the fact that I previously cc'd this material to you.  Perhaps you are terrified that some day soon, you will yourself be the center of a scandal, "What did Andy Greenberg know, and when did he know it, and why didn't he investigate further?".           Jim Bell ---- Forwarded Message ----- From: Jim Bell To: brian carroll ; Andrew Greenberg ; "cypherpunks at cpunks.org" Sent: Thursday, January 2, 2014 3:09 PM Subject: Re: Fw: Hi, I'm from the government and I'm here to screw you     One clue would come from my suspicion that agents of the Federal government, in March 1995, lured away the former resident of 7302 Corregidor (see  http://www.redfin.com/WA/Vancouver/7302-Corregidor-Rd-98664/home/14565030  ), the house immediately to the east of mine, and bought that house.  (In the picture provided, my house at 7214 Corregidor is just to the left of the house shown.)   The prior resident was a local school (high school?) science teacher, and he was hired at the Pacific Northwest National Laboratories in Richland Washington, a Federal government laboratory akin to Oak Ridge, Los Alamos, Lawrence Livermore, etc.  http://www.pnl.gov/       The purpose of this was to be able to acquire that house, and use it as a spying location against me. (The names ostensibly buying the house were Daniel J. and Dori J. Saban, and they ran a remodeling operation named "Sundown Development Construction Corporation".  http://www.sundowndevelopmentconstruction.com/   )   Note that the date the house was sold is shown as March 10, 1995.  (This is odd, because school teachers' lives are oriented around the 'school year', which in most locations in America go from about September 1 to about June 1.  They sign contracts with the school to work for that year, and are bound to do so.   While I don't recall when the prior, lured occupant left, based on the sale date it appears that he sold that house months before the end of his school year.  For a school teacher, this would have been highly unusual.)       The sale price is shown as $180,000, which I think was rather high for that time. (But not unexpected if the government wanted to lure him away quickly.  Presumably he got a large raise, as well.)  They immediately began an extensive remodeling and enlargement operation on that house, including adding a second floor.  As I recall, this remodel took nearly a year; seemingly the house was unoccupied during that time.  Further, during a long period very little work was actually being done, as I recall.  (This remodeling would have dramatically increased the value of that house; the sale price in 1995 of $180,000 cannot be directly compared with the current value of the much-larger and more-up-to-date house as it exists today.)     While I don't remember precisely the date I published the first part of my AP essay, I believe that it was no more than a few weeks prior to March 10, 1995, on the 'Digitaliberty' discussion area.    http://www.skepticfiles.org/hacker/cud6105.htm   (Hence my reference to Digitaliberty in the essay; it wasn't until many weeks later that I'd heard of the 'Cypherpunks' list.)  My recollection that the person who initiated 'Digitaliberty', Bill Frezza, was interested in the use of technology for the development of 'liberty', although the first part of my AP essay apparently exceeded his tolerance for radicalism.  At some point somebody transported Part 1 of the AP essay to Cypherpunks, and informed me of the existence of CP; I acquired Internet access and joined the Cypherpunks list.     The acquisition and operation of nearby government spy locations was/is certainly not new.  Consider the case of Robert Hanssen,   http://en.wikipedia.org/wiki/Robert_Hanssen      While this Wikipedia article does not mention it, I read contemporaneously various news reports (2001) that said the government set up a spy location near Hanssen's house.  How far away that location was, those reports did not say.   Presumably, this was a standard tactic, and non-controversial. (At least in the case of actual criminality being suspected and investigated.)  The difference, in my case, was that not only did they not suspect me of any crime, they knew that I was innocent of any crime.  It is obvious, therefore, that they engaged in this activity not because of any crime (which, had it existed, would have made me a 'criminal') but because of my writing and publication of Part 1 of my Assassination Politics essay.  (Which made me 'an enemy', 'a dissident', an opponent of not merely the Federal government, but all governments everywhere.)  In other words, the government engaged in activities more appropriate for the former Soviet Union, and seemingly not for America.      One question that should be asked, is:  "What what the government did, acquiring that house at surveilling me from it, legal?"   They would presumably say, "yes".  But why wasn't that "stalking", within the meaning of the criminal statute?  After all, in November 21, 2000 I was accused of "Interstate Stalking", simply for going around, looking at various locations, not confronting (nor even seeing) anyone.  I was investigating things, because I knew that something was (and had been) happening.  Was I less entitled to do what I did, than what the government was to do what it did?  An inmate/informant named Ryan Thomas Lund (his recent activity:  http://www.localblotter.com/news/oregon/man-detained-on-multiple-counts/8340383.html  )  was instructed to attack me, which he did on November 25, 1997, because I was beginning to resist the plea agreement that I had been offered, and initially accepted.     Don't think that I didn't already suspect the house at 7302 Corregidor during that time.  In fact, I informed my (corrupt) attorney Peter Avenia  http://www.avvo.com/attorneys/98101-wa-peter-avenia-20216.html  of some of my suspicions.  (But, of course, I didn't know at that time Avenia was corrupt.)  Sometime about December 1, 1997, Avenia visited me at FDC Seatac jail and I told him of Lund's attack.  His answer?  "I don't know anything about.....that")  (Avenia was also Lund's attorney.)   And in about July 1998, after I was re-arrested, ostensibly for a 'supervised release violation', the prosecutor Robb London (who is currently the direction of communication at Harvard Law School  http://www.linkedin.com/vsearch/p?orig=SEO_SN&firstName=Robb&lastName=London&trk=SEO_SN  ) claimed that I 'said that the government was spying on him' [Jim Bell].   Which, of course, was true:  I DID suspect, and say, that the government was spying on me!   Problem is, London was using this bare assertion to justify me being sent to the Federal Medical Center at Springfield, Missouri, for a mental evaluation (!).  Another problem was, London didn't say I was _wrong_ when I said (or suspected) that.  (Without at least an allegation that I was wrong, what justification is it to claim that I asserted that the government was spying on me?!?  Is merely saying that I believed the government was spying on me enough to justify sending me to a mental evaluation?  Would an American's "suspecting" that all his telephone metadata and email was being copied by the NSA, prior to Snowden's allegations, constitute a justification to send that 'comrade' for a mental evaluation in Siberia...er...Springfield?)    And worse, I was not allowed to challenge the (implicit) allegation of falsity in my assertion that the government had been spying on me.  However, I used the situation (a hearing) to extract a promise (only partly kept) from Avenia that he would investigate my allegations.  Many months later, perhaps in February 1999, Avenia send investigator Sharon Callas to Vancouver.  Mysteriously, Callas was said to have 'disappeared' (or perhaps 'resigned') later.  I never saw the results of her investigation.  Later, in about April 1999, attorney Avenia resigned, but NOT at my request.  I suspected then, and still suspect today, that his resignation was triggered by something that Sharon Callas discovered during that investigation:  Perhaps she confirmed enough of my allegations that Avenia knew that I was correct.  http://www.shmoo.com/mail/cypherpunks/jun00/msg00154.shtml            So, what had been going on?  Presumably, the interest in me (including local spying) was NOT based on allegations of crime, or even suspected future crime, in March 1995.  In other words, no government law enforcement agency would have been legally entitled to spy on me.  Presumably, the spying that did occur was, itself, illegal:  And, had it become exposed (which it should have been if I had not been assaulted by Ryan Thomas Lund on November 25, 1997), the Federal government would have suffered an enormous hit of bad publicity.  This corruption must have been at an extremely high level:  The forgery of fake appeal case 99-30210, initiated secretly and kept from me for 10 months, with numerous forged documents filed (at least two ostensibly being from me, but they were also forged:  You can see them on PACER:   www.pacer.gov    9th circuit court.  One was docketed about November 10, 1999 and the other was docketed about March 4, 2000:   Both dates by my recollection).   That would have taken the cooperation of some very powerful people in the Ninth Circuit Court of Appeals, possibly including a few judges.   Further, every document filed in that case, from June 1999 through April 2000, was (illegally) not delivered to me when I was at FDC Seatac (until September 3, 1999) and when I was at FCI Phoenix from September 10, 1999 to my release on April 13, 2000.  Indeed, there were at least two pieces of certified mail described in the docket for case 99-30210 that were mailed to my then-correct address at FCI Phoenix, which didn't get to me, presumably they were stolen by BOP staff at FCI Phoenix.   (Not to mention my allegation that this entire docket was RE-forged once they learned that I had requested an appeal that I hadn't known was already in progress.)      Doesn't this begin to sound like the classic "government conspiracy" that people who don't like to talk about "government conspiracies" argue don't happen.  (Except rarely, say the Watergate incident in 1972).  One of the reasons that I look (way) down on a few of the doofuses around here (CP list) who don't seem to 'like' me is that they apparently take that position without taking the trouble to read my 2003 lawsuit (02-1052; Portland Federal Court) and learning what I allege the government and its minions did.  It will be interesting to see if any of them step up, apologize, and say, "Sorry, Mr. Bell, we didn't know..."      Jim Bell                   ========================================================== To:  Andy Greenberg, Forbes I had hoped for a quicker response to my emails to you, and by that I don't mean merely my request for you to file a FOIA (Freedom of Information Act) filing with the National Archives, specifically the San Bruno facility near San Francisco.   The way I see it, you used what looked (and still looks) like a false and contrived set of excuses ('Bell fired practically every court-appointed lawyer ever assigned to him', and 'Bell had filed fifty-one lawsuits against the government while in prison',  and 'little wonder Bell had botched his appeals', to paraphrase your writing)   in order to justify not looking into my very serious set of accusations.   Well, those excuses won't wash anymore. And just a few days ago, you said that your boss wouldn't be interested in you writing a story about my numerous accusations against the Federal government and its personnel!  How believable is that?  You wrote and published that article about 'Sanjuro', and I suspect within just a few hours it seems like every other reporter in the world followed that story!  (To exaggerate only a little.)   Right now, your most recent story portrayed the Federal government as being the victims, those being offended against, the 'good guys'.   But I know that's not the case.  What happens when the public finds out that they: 1.    Had a thug snitch, Ryan Thomas Lund, assault me on November 25, 1997, in order to extort a 'guilty' plea from me? 2.    Forged a phony 'appeal', 99-30210, during the period June 1999-April 2000?  3.    And, moreover, RE-forged it in May 2000? 4.    Inflict a series of corrupt attorneys on me, the very same set of attorneys you falsely claimed I had 'fired'. 5.    Victimized me by yet more false charges November 2000. And that's just a start. Can you say with a straight face that the public won't be interested in this pile of corruption, given the extensive and virtually instantaneous publicity already given to 'Sanjuro', and indirectly to my AP essay? (Not only by you, but practically everyone else, it seems.)   Don't even try to suggest that your boss won't 'allow' it:  If he's smart he will DEMAND it from you, or he will assign someone else who doesn't have a conflict of interest.  Yes, I said it:  A conflict of interest.   You seriously mishandled your contact with me, and moreover for personal reasons:  You were writing a book.  Having written so misleadingly and negligently, when you learned about 'Sanjuro' no doubt you hesitated to cover the full, actual truth about what the government has done.    That will only _not_ reflect badly on Forbes if you either fix your own problems promptly, or you get replaced so that an unconflicted person takes up covering the story.  Since you're now well-aware that the events of my case were spectacular, and were so long before 'Sanjuro' showed up,  your failure to cover the story at those points (2011, 2012; much of 2013) is incriminating.         Jim Bell ----- Forwarded Message ----- From: Jim Bell To: Andrew Greenberg Sent: Tuesday, November 19, 2013 8:52 PM Subject: Fw: Your errors about me in your book. I want to add a comment about what you could, and SHOULD, do now.   I have explained that there was a massive forgery in appeal case 99-30210.  I have said that I believe that occurred in early May 2000.  While I do not know any details about the computer that was (or is, today) used for the docketing system for the Ninth Circuit Court of Appeals, we can presume that this computer was backed-up regularly, probably daily, and occasionally those backups were sent to a safe location.   I think that safe location was the "Federal Records Center at San Bruno California".  (This is a location of the "National Archives".)     http://www.archives.gov/frc/san-francisco/      I think you ought display your extreme apology by you and your lawyer writing a 'freedom of information act' request (FOIA) to such an organization, and demand that they obtain and provide to you (and copy to me) copies of the backups for the docketing computer, including case 99-30210, done at approximately the following dates:  March 1, 2000, April 1, 2000, May 1, 2000, June 1, 2000.   As I am sure you will be able to imagine, these sequential backups will show the existence of that case, and its status, at various times.   If, at any point, they 'faked' the appeal, manipulating the record, any backups made subsequent to that manipulation will reflect those changes, while the backups made prior to that manipulation will reflect the earlier status of the appeal.       Please note that the pre-forgery status of appeal 99-30210 WAS NOT 'correct':  In fact, it itself was a forged 'appeal', but it was whatever these government crooks wanted to fake up until their RE-forgery of appeal 99-30210.  They had to RE-forge it because, after my inquiry demanding an appeal (which I didn't know they were already purporting to give me) they felt it necessary to further manipulate the record, and they proceeded to do so.      You can do this FOIA request in much less than a day, and file it by email to avoid further unnecessary delay.  Your attorney (for Forbes) should know how to do so.  Please note that the Feds will try to make phony arguments to dissuade you:  One of them will probably be that they 'don't know how' to find the records in question in a 'box' of records provided to them by the Ninth Circuit Court.  That excuse will be a dishonest deflection from the truth, however:  The truth is that the possessor of the records (in this case, the National Archives) has an OBLIGATION to do whatever it takes to find and identify the requested information in the material given to them by the generator of the records, the Ninth Circuit Court.     http://search.archives.gov/query.html?qt=computer+backups&submit=GO&col=1arch&col=social&qc=1arch&qc=social         http://www.archives.gov/oig/pdf/2010/management-letter-oi-10-03.pdf      http://www.archives.gov/oig/pdf/2010/semiannual-congress-10-2010.pdf     I also anticipate that they will claim that 'court records' need not be provided pursuant to a FOIA request.  Such a statement will also be false:  The truth is that FOIA is addressed to any record in the possession of the Administrative branch of the Federal government.  The "National Archives" is part of the Administrative branch, NOT the judicial branch.  Since these records are possessed by the Administrative branch, the facility (the National Archives) is obliged to do anything necessary to find and to disclose these records.  http://search.archives.gov/query.html?qt=foia&col=1arch&rq=0&qs=&qc=1arch&qc=2pres&pw=100%25&ws=0&la=&qm=0&st=1&nh=10&lk=1&rf=0&oq=&rq=0&qp=         Please respond to me on this matter within a day.  Please file the FOIA request, by email, by the end of the business day this Friday, November 22. 2013.           Jim Bell ________________________________ From: "Greenberg, Andrew" To: Jim Bell Sent: Monday, November 18, 2013 9:53 PM Subject: Re: Your errors about me in your book. Jim, I appreciate all the evidence you’ve presented that those two sentences of my book were in error. I think it's an exaggeration to say that I "misrepresented virtually every fact, implication, and nuance" related to you when in fact the vast majority of what I wrote about you in my book had nothing to do with your legal case and instead focused on your Assassination Politics essay. It does seem, however, that I have made mistakes based on my reading of your legal docket with Forbes’ lawyer, describing some of your legal actions as lawsuits and confusing the resignation of a number of your lawyers or your attempts to fire them with your actually firing them. The suggestion that you had “botched” the appeal was a subjective statement that described Forbes’ lawyer’s assessment of your records and explaining her reluctance to assist you.  But for the other errors, I sincerely apologize, and I’ll talk to my publisher to see about having these details corrected in future editions, as I've said earlier. I’m afraid I can’t promise to write anything about your case for Forbes, as you request, as it doesn’t fall into my beat as a journalist (privacy/security/cryptography) and almost certainly wouldn’t be a story my editors would greenlight. I’m not sure what else I can offer, but I wish you all the best in pursuing your legal investigation. Andy On Nov 18, 2013, at 5:56 PM, Jim Bell wrote: To:  Andy Greenberg of Forbes Magazine, author of "This Machine Kills Secrets". Keep in mind that most of what I describe here will be in my 2003 lawsuit, 02-1052. cryptome.org/jdb-v-usa-106.htm     I should point out that you don't seem to be commenting about my now-numerous emails to you about these attorneys.  What's the problem?  Are you AFRAID to comment?  I think it's unfair for you to wait until I have disclosed all this material, before you comment.     I really think I have a right to learn WHY you claimed that I had tried to fire 'every' attorney I'd had.  Where did you hear this?  You certainly never tried to verify this claim with me!  I would have told you the truth;  I would have directed you to lawsuit 02-1052, which already contained the truth. Robert Leen:  (You might initially be pleased to hear that Leen was the first attorney I'd actually TRIED to 'fire'.  But don't get your hopes up!  I was entirely unsuccessful at that attempt.!)       My next attorney was assigned about November 21, 2000.  I knew 'the fix was in' because I had done NOTHING illegal.  I didn't know about the forged, fake, fraudulent appeal case (99-30210), at least the portion of which was prior to May 2000  But I had very publicly announced that I had major, major suspicions about government government corruption, especially Ryan Thomas Lund's November 25, 1997 assault on me (ordered by government employees).  And, I knew that the government had placed a tracking device on my parents' car (probably both of them) in April-June 1998.  Also, I knew that the Feds had illegally searched my house on my arrest in June 1998.  (I had been removed from my house; the house was empty of  'cops'.  They had no authority to continue to search that house, yet they did so.       Robert Leen refused to try to obtain any 'discovery'  shortly after my arrest about November 20, 2000.  Recognizing that Leen was trying to sabotage my legal case, I wrote a letter to the Judge (Tanner) in about December 8, 2000, complaining that Leen was trying to sabotage my case.  I was astonished (at least in part) that the Judge refused to have Leen fired.  I kept asking for Leen to be fired throughout January, February, March, and beyond in 2001.  No (good) answer by the Judge.  I began learning the law in mid-December 2000.  Starting about late February 2001, I began to write various legal motions, in order to document my complete unwillingness to accept Leen's 'representation'.  (If you just look at the docket entries for case 00-5731, you may not be able to easily identify which motions were written by me, and which w       To show your lawyer how corrupt the Judge (Tanner) and Leen, and the prosecutor (Robb London) were (case 00-5731), during the last week of March 2001, I filed a 'notice of interlocutory appeal'.  Your lawyer presumably understands that if a 'notice of appeal' arrives at court, of an appealable issue, that divests the jurisdiction of that court to proceed with any trial.  Wanna know what happened?  The judge PROCEEDED with a 'trial' as if nothing had happened.  I filed a SECOND notice of interlocutory appeal a few weeks before the 'sentencing', and again that filing was completely ignored.       Robert Leen was NEVER 'fired'.  In fact, in May 2010 (after being arrested for an ostensible probation violation.)  Leen actually continued to (pretend to) 'represent me'.  Even until today, I presume, he is ostensibly still 'representing' me.  At least, on the paperwork he will be listed as 'representing' me.     I should point out, also, that it was about this time (early in Leen's malicious 'representation' of me) that I first heard the wacky comment (by the prosecutor Robb London) of his resistance to having Leen replaced.  London said something LIKE "Bell fires all his attorneys".  By now, Mr. Greenberg, you are well aware that this isn't true.  You really need to find Robb London, and ask him if he ever said something like "Bell fires all his attorneys".  Perhaps London would defend himself by claiming that he looked into the court record, noticed that at various times the name of my lawyer had changed, and he decided this 'must have' meant that I succeeded (and, therefore, certainly tried) in replacing these attorneys. Annemarie Levins       I guess I'm getting tired of re-hashing what you could, and SHOULD, have read in my lawsuit, 02-1052, filed July 14, 2003.  Levins was assigned shortly after my ostensible 'conviction' in September 2001.  (The reason, as I vaguely recall, was that Robert Leen had stated, "I don't do appeals".  I responded by saying to Leen, in what was only about 25% intended as a joke, "You don't do appeals.  You merely make them necessary.")  Over the next 4-5 months I wrote Levins numerous letters, containing easily 100 pages of single-spaced text, listing HUNDREDS of very arguable appeal issues.  Levins, to my recollection, NEVER responded to even a single one of my letters!  An increasing sense of dread resulted.  I felt it was quite obvious that Levins was planning to further victimize me, in precisely the same way Avenia, Mandel, and Leen had done.  (Remember, I did not then yet know how Solovy had victimized me, by concealing the pre-May-2000 existence of appeal 99-30210.)     As I vaguely recall (not referring to any record) my appeal had to be filed on a Monday, perhaps it was in January or February 2002.  At virtually the last minute, perhaps on a Thursday before,  I finally received a copy of "the appeal".  By that time, I had learned plenty of federal criminal and appeal law.  I saw the appeal that Levins had written, the one that she had CONCEALED from me for 4 months, and it was obvious that it was intended to sabotage my case.  Which, in fact, it did.  There were at least 100 incredibly valid appeal issues which, if they had been argued properly, would have easily freed me, but Levins argued NONE of them.     Perhaps the day later, maybe it was Friday, the weekday before the appeal had to be filed, I obtained a telephone call to Levins.  In that call, I accused Levins of deliberately sabotaging my case, saying that her failure to even respond to my 100+ pages of letters proved that she was a crook.  She didn't deny it!  When it was clear that Levins wasn't going to apologize, I ORDERED her to NOT file that appeal.  I told her, "You're fired!  You must not file that appeal!  And if you're already filed it, I order you to withdraw it!!!".    Strong words, but quite appropriate under the circumstances.  The result?  She DIDN'T resign.  She filed the appeal.  She DIDN'T have it withdrawn.  The appeal lost, as I knew it would. ---     Mr. Greenberg, you should be utterly and completely ashamed for what you have done.  You have thoroughly and completely misrepresented virtually every fact, implication, and nuance relating to me and my legal cases, and virtually everything I said/wrote to you.  You LIED by claiming of your lawyer, "She read Bell's letter, then checked his legal file, which showed that he had fired practically every court-appointed lawyer ever assigned to him---little wonder that he had botched his appeals.  It also showed he had filed fifty-one lawsuits against the government while in prison---nearly all dismissed immediately.  She wanted nothing to do with it."     Mr. Greenberg, your lawyer is totally incompetent to have said ANY of these things.  I have made perfectly clear in my recent set of emails to you: 1.    You never verified any of these supposed 'facts', when in fact you had access to my 02-1052 lawsuit which would have told you the truth. 2.    I never was SUCCESSFUL at firing ANY attorney assigned to my case. 3.    I never ATTEMPTED to fire Avenia, Mandel,  Floit, Bukey, and Solovy. 4.    When, finally, I did begin to ATTEMPT to fire an attorney, Leen, I was entirely unsuccessful, indeed for a period of 9 years. 5.    When I did ATTEMPT to fire Annemarie Levins, and ordered her to NOT file that appeal, I was completely unsuccessful in that attempt. 6.      I did not file "Fifty-one lawsuits against the government".  As I have already explained to you, I DID file well over 100 "habeas corpus" actions, which your lawyer was apparently unable to distinguish from 'lawsuits'.  But since your lawyer probably didn't even bother to do anymore than read the dockets for some of these cases, it is perfectly obvious that she had no genuine idea why these habeas corpus actions were "dismissed immediately".  In other words, she (presumably) didn't know whether those dismissals were 'genuine', or whether the dismissals were entirely frivolous.  I can assure you that these dismissals were entirely frivolous.  But, you didn't check my side of the story, because YOU DIDN'T ASK ME!  That's called "bias". 7.    _I_ never "botched any appeals".  The appeals, to the extent they were 'botched', were 'botched' by the attorneys who were assigned to me, and (I claim) were actually assigned for the PURPOSE of 'botching' those appeals.     Mr. Greenberg, at this point you have an obligation, not merely to APOLOGIZE, but in fact to set the record straight.  And I mean, not only in future editions of your book, but also to investigate the reality of the facts of the case.  After all of the victimization I faced at the hands of the government and its thugs, you come along and make the situation worse!  You try to make me look like a nut, when the reality is precisely as I have long claimed:  I am the victim of the Federal government and its employees and agents.  At no time did I lie or misrepresent the truth.  At EVERY time the Federal government and its agents misrepresent the truth.     Mr. Greenberg, I have decided to publish the contents of this email in the Cypherpunks mailing list, to show that I have put you on notice as to your complicity in this matter.  You can fix part of the problem by changing your book, and by writing a long article for Forbes telling (at least) how you claim to have been hoodwinked by the Federal Government.  Morally, that will help a bit, but it won't change the fact that you were utterly unwilling to pursue the truth when it mattered most.         Jim Bell ----- Forwarded Message ----- From: Jim Bell > To: Andrew Greenberg > Sent: Friday, November 15, 2013 1:26 PM Subject: Fw: Your errors about me in your book. Mr Greenberg,       I will continue about the history of 'my' attorneys, who were 'my' attorneys in name only:  They were actually the attorneys of "The United States of America", and of their colluding employees.    While I would like to say that my 'next' attorney was Jonathan Solovy, given the paperwork I should first deal with a couple of 'asterisks', named Catherine Floit and David Bukey.     At some point after I wrote that letter to the Ninth Circuit Court, I received a letter (about June 2000?) from an attorney named Catherine Floit.  I called her by telephone, and I explained a bit about the history of prior attorneys Peter Avenia and Judith Mandel.  I further explained that I had very, very serious suspicions about government corruption by these attorneys, and the government in general.  I said that I would be suing those attorneys, and any other people who assisted the government corruption I then suspected.  (Note:  Remember, at that point, I did not know about the pre-April existence of phony, forged Ninth Circuit Court appeal 99-30210.)  I was surprised when that phone call to Catherine Floit didn't last very long after that!  (A minute?)     'What happened?', I thought!  It turns out that Floit later contacted the people who had appointed her (the Public Defenders' Office in Seattle Washington, I think.) and asked to be de-assigned to my case.  I later heard that she CLAIMED (quite falsely) that I had 'threatened' her!  But I hadn't threatened her at all!  I had no reason to do so, particularly at that early stage in her representation.  But at this point I knew very little about the law.  Eventually (a few years later, after I first saw the docket for the forged appeal case 99-30210, in late June 2003; see Jonathan Solovy's 'representation', which I will shortly write about) I realized that Floit must have been informed about the fact that the case she had been assigned to handle, 99-30210, was ALREADY a fraud, and in my phone call with her she learned that I was rather well-informed about the corruption of those two prior attorneys, Avenia and Mandel, AND that I intended to sue them, etc.  In other words, she understood that if she took that case, and if she did what the government wanted her to do, she herself was almost certainly going to get sued, and for exactly the kinds of things that Avenia and Mandel were already 'in the crosshairs' for having done in the past.     When an attorney is ASSIGNED a case (by a judge or a court) it's fairly hard to 'get out of it'.  Such an attorney has to have a rather 'good' (but not necessarily, 'valid') reason to be relieved of that responsibility.  Floit (I realized, years later) could not have simply said, "Jim Bell is on to them/us!!!  He's going to sue us!".  Floit could not have said, "The government is engaging in corruption against Bell, and I don't want to be part of it!".    So, what was she going to do?  It turns out that the easiest way for her to get out of the assignment was to (falsely) claim, "Jim Bell threatened me!!!".  Which she, apparently, did.  But I DIDN'T threaten her.  But that didn't matter:  Floit's mere allegation amounted to a "Get out of representation free" card, analogous to Monopoly's "Get out of jail free" card.  She was not obligated to actually prove I'd done anything:  No proof was required, or even requested.  The allegation itself was quite enough.  As she, no doubt, knew quite well.     A few weeks later, another attorney (David Bukey) was assigned, but I didn't hear of that.  I was not given any notification that Bukey had been assigned:  Apparently Bukey heard of his assignment, refused it, and he never contacted me.  Nor did anyone else contact me, either, on any subject, including that of Bukey or his (brief) assignment to my case.  During this time, I wrote yet another letter to the Ninth Circuit Court basically asking, "Where's my representation?". Notice, now, that the count is up to FOUR:  Avenia, Mandel, Floit, and Bukey:  None of these attorneys did I ever attempt to 'fire'.  (And I didn't even learn that Bukey was supposed to be representing me, until after he had been relieved of that.)  The closest to even 'attempting to fire' I had done was when I tried to prevent Avenia from being relieved, because I didn't want his successor (who turned out to be Mandel: I didn't want anybody assigned, because I had already gotten promises from Avenia to do investigation, which eventually he never effectively did) to be assigned.    But at that, I was unsuccessful at both, of course. Jonathan Solovy:     Eventually, Solovy was assigned to case 99-30210, as I vaguely recall in about August 2000.  Keep in mind that I STILL didn't know about the pre-May-2000 existence of case 99-30210 as of then:  I would only learn of that pre-May-2000 existence when I wrote for, and received, the docket for 99-30210 in late June 2003.     Solovy didn't do anything OBVIOUSLY wrong.  At least, I didn't recognize that in 2000.  He wrote the appeal, 99-30210, filed it, and it lost. I think he may also have written a Petition for Certiorari to the Supreme Court, which also obviously failed.  (I don't recall what they contained; I didn't learn the law until beginning December 2000).  But I can say this much:  At no time during Solovy's representation did he EVER say to me anything that would have alerted me to the pre-May-2000 existence of case 99-30210.  I may not have known much (or even 'anything') about Federal law in September, 2000, but if he had said something like "Jim, I see you've been assigned pro-se to this appeal since July 1999:  What are your theories as to appealing this case?"  I would have been alerted, with a distinct start, and I would have instantly asked him, "What do you mean?  I thought I began this case in April 2000, when I wrote a letter to the Ninth Circuit Court of Appeals?  What's this about July 1999?!?".     By the time I first saw a copy of the docket for case 99-30210, on about June 20, 2003, I knew FAR more Federal law.  I'd spent since about December 2000 in a jail/prison law library.  In fact, two of the REASONS I wrote to the Ninth Circuit Court of Appeals, in early June 2003, asking for the docket for 99-30210, were: 1.    Clearing up loose ends for my Portland Federal Court lawsuit, 02-1052, I remembered that I had (thought!) initiated that appeal (99-30210) by means of mailing a letter to the Ninth Circuit Court of Appeals, asking for an appeal.  (In case 97-5270, as I recall).  As of June 2003, I understood that the rules required that to appeal, somebody needs to file a 'Notice of Appeal' within about two weeks of the date of the order-entry.  My letter of April 2000 was, I then realized, nearly ten (10) months too late to initiate an appeal in that case.  "So why," I thought, "wasn't that letter immediately rejected?!?"  and "Why did they give me that appeal?" 2.    At some point, I recognized that the case-number of that appeal (99-30210) started with the number, "99", which stands for "1999", the date that appeal was initiated.  In other words, I eventually realized (June 2003) that that appeal had been begun in 1999, NOT in 2000.  Evidently, my letter of April 2000 DIDN'T 'start the ball rolling' on that appeal.     Therefore, and being quite suspicious, I wrote a bland, routine note in early June 2003 to the Ninth Circuit, asking for the copy of the docket for case 99-30210, which I had never seen before.  I received an envelope about June 20, 2003, containing a copy of that docket.  The most obvious thing that struck me about that docket was that case 99-30210 DIDN'T start in April 2000, as I had previously assumed.  It was quite clear, instead that it had begun in July 1999.  (Although, the 'Notice of Appeal' had actually been filed about June 20, 1999).  Something VERY VERY suspicious had been going on!  Secondly, I looked through the various docket entries, and I could see that this case had appeared to have been active:  Ostensibly, I had actually been 'pro se' (representing myself) which I knew that I hadn't been doing!  (because, of course, I hadn't even known about the existence of that case, prior to May 2000, thinking I initiated it with a letter to the Ninth Circuit in late April 2000).  In fact, I could see that there were two filings, about November 10, 1999, and March 2, 2000, which purported to have been filed by me!  (And, obviously, I knew that I hadn't filed them!)  Most importantly, I realized that I had not received ANY of these many mailings while I was at Seatac FDC (until Sept 3, 1999) nor any while I was at Phoenix FCI (From Sept 10, 1999 though April 13, 2000, when I was released; I was at the Oklahoma City Federal Transfer Center for a week from Sept 3 to Sept 10, 1999.)     Note:  I received NONE of the mailings from the Ninth Circuit Court during July 1999 through April 2000, because the Bureau of Prisons staff at both those locations hid them from me.  (Did not deliver them to me).  If I had received EVEN ONE of those mailings, I would have been alerted that an appeal existed.  I didn't receive even a single one.  Of course, I wasn't EXPECTING a single one, either, because I was not then aware that appeal 99-30210 existed.     But there was more.  I looked at the docket item numbers at the middle of the docket pages (between the dates on the left, and the descriptions of the entries on the right) and I noticed that they were not all there.  Some were out of order (I later understood that merely being out of order is not abnormal) but 29 of the first 79 docket entry numbers simply were not present!  Since I already knew there had to be a dramatic amount of corruption associated with this case, I considered that a very significant clue.  Later, weeks and months later, I showed this docket to numerous 'jailhouse lawyers', and to a person, they said they had never seen even a single 'missing' docket entry number on any dockets they had ever seen.  Over the subsequent years, I also looked at any docket I could get my hands on, and never once was I able to identify even a single 'missing' docket entry number on any docket.     An explanation is in order.  I believe that in about May 2000, some of the staff of the Ninth Circuit Court of Appeals engaged in a 'forgery party' of the docket for case 99-30210.  I think that they realized that they could not deny me an appeal in that probation-revocation case, BECAUSE THEY HAD ALREADY GIVEN ME THAT APPEAL!  But, they also realized that they couldn't simply continue on with that forgery, because they knew that I DIDN'T KNOW of the existence of appeal 99-30210 during the time of June 1999 through April 2000.  They knew that they couldn't simply initiate a new appeal, because a record of appeal 99-30210 already existed.  They also knew that they couldn't allow me to see a copy of the docket for 99-30210, because that would have alerted me (just as it eventually alerted me in June 2003) that the appeal had existed, yet had been concealed from me during the period June 1999 through April 2000.  What they had to do, I think, was to RE-forge that docket, which they did in May 2000, and then assign a colluding attorney (First Floit, then Bukey, then Solovy) who would help conceal the history of this case from me, and then write a serviceable 'appeal', so that it could lose:  Their hope, apparently, was that I would be satisfied with that.  And until June 2003, I was indeed 'satisfied'.     Perhaps a couple months after I first saw that copy of the docket for case 99-30210, I wrote a letter to Jonathan Solovy.  (He had never been 'de-assigned' to my case).  I don't recall,  precisely, what I said (It's been 10 years!), but I asked him to look into into the problem.  His response?  Well, suddenly he had developed 'carpal tunnel syndrome' (I was well aware of that condition) and he couldn't handle my case anymore!  I insisted; He wrote to the judge, asking that he be allowed to withdraw.  Actually, I think he wrote to the WRONG judge!  I think he wrote to Judge Burgess, of the District Court case, 97-5270, NOT the Ninth Circuit appeals court  (99-30210).  But it didn't matter:  he was allowed to withdraw.     Please note:  Jonathan Solovy was my FIFTH attorney, if you are counting Avenia, Mandel, Floit, and Bukey before him.  And note that I didn't try to get Solovy, either, 'fired'.  Indeed, yet again I wanted to see Solovy to continue to handle that case (99-30210) in large part BECAUSE I knew that he had committed fraud against me and, kinda-sorta, against the court as well.  But, Solovy's fraud was in league with the U.S. Attorneys (Seattle), the Federal Bureau of Prisons staff at FDC Seatac, and at FCI Phoenix, and the staff of the Ninth Circuit Court of Appeals, and possibly others.     So, where did you come up with that claim that I fired "all" of my attorneys, HMMMMMMMM?????????  Sorry if I display a little schadenfreude, but I think I've earned the right to complain.    And I still haven't yet mentioned attorney Robert Leen, and Annemarie Levins, either!!!  I'll talk about them next.     Jim Bell ----- Forwarded Message ----- On 11/14/13 7:15 PM, "Jim Bell" > wrote: Mr. Greenberg,     This is further commentary about your claim that I fired 'every' attorney I was assigned.  That, as I previously stated, was and is laughably incorrect.       Please see Claims 130 through 145, in my July 2003 Lawsuit, "James Dalton Bell et al v. District Courts of Tacoma and Seattle, et al", case number 02-1052, as amended on about July 14, 2003, for what I mentioned in my previous message, copied below.  It's available on the Web, at:    cryptome.org/jdb-v-usa-106.htm   See, further, Claims 146-161, describing how attorney Judith Mandel was forced onto me.  Strictly speaking, I didn't try to 'fire' Mandel:  More accurately, I tried to prevent Mandel from being inflicted onto me, although I was unsuccessful.  Mandel actually REQUESTED to withdraw, on about June 2, 1999  (See my Claim 158 in Lawsuit 02-1052).     You will notice very few references to forged, fraudulent 9th Circuit Court of Appeal case 99-30210 in my lawsuit.  The reason is that I was having another person edit this lawsuit, in the Portland Oregon area, and I only discovered the pre-April-2000 existence of case 99-30210 in about June 20, 2003.  That lawsuit had been originally filed in about July 2002, and there was a 1-year limitation period on my amending that lawsuit, in order to obtain the benefit of the earlier (2002) filing date.  Thus, I had very little time in which to do those edits:  I had to write a very few such edits, mail them to the person doing the edits in the Portland area, where he made those edits, and then have copies of the amendment printed up and filed at Portland Oregon Federal Court.       It was, I believe, Judith Mandel who filed the one-page "Notice of Appeal" (About June 20, 1999) for my probation-revocation case in Tacoma Federal Court. (And she resigned about June 21, 1999).  But she never sent me a copy of that notice.  Of course, I didn't know that at the time.  (And she never mailed to me a copy of her file on my case, which she should have done if she had been going to 'allow' me to defend myself in any subsequent appeal.)  Even that wouldn't have been a problem, EXCEPT that all of the mailings subsequently done by the Ninth Circuit Court of appeals (or should have been done?) were never delivered to me:  First, at my address at Seatac Federal Detention Center (FDC), until about Sept 3, 1999, and subsequently (beginning about Sept  10, 1999) at Phoenix FCI.  The only plausible explanation for this combination is that there was careful collusion between Mandel, the Tacoma Federal Court, the Ninth Circuit Court of Appeals, and the staff of Seatac FDC and (later) Phoexnix FCI.  If even ONE of the mailings that I should have gotten from the Ninth Circuit Court had actually arrived and had been delivered to me, I would have been aware of the existence of that appeal, case 99-30210.     My recollection is that in April 2000, I wrote a letter to the Ninth Circuit Court of Appeals, still unaware of the existence of case 99-30210.  I demanded an appeal on my probation-revocation case.  (I had been told, by a jailhouse-lawyer, in early 2000 that I had a right to an appeal.)  What I didn't know (because I didn't know the law at that point) that in order to obtain an appeal, I would have had to have filed a "Notice of Appeal" within two weeks after the entry of the order:  About June 1999.  So, if I had know the rules, I would not have written that letter, because I would have realized that I was about 10 months too late.  But, the reality is that the appeal ALREADY EXISTED, though I didn't know that at the time.  In fact, I only learned in June 2003 that case 99-30210 had existed as early as July 1999.     So, you can see that I DIDN'T even attempt to fire attorney Judith Mandel.  So, why did you say I fired her?  Why did you say I fired her predecessor, Peter Avenia?  I think by now you're getting a sinking feeling in the pit of your stomach, but it's going to get worse, much worse!  I will continue to show that I did not SUCCEED in firing ANY attorney, and that in all cases those attorneys continued to victimize me until the damage they could do was done.  Then, on their own initiative (and with the approval of a colluding judge), they left.         Jim Bell ----- Forwarded Message -----   From: Jim Bell > To: Andrew Greenberg > Sent: Thursday, November 14, 2013 12:21 AM Subject: Your errors about me in your book. From Page 132 of "This Machine Kills Secrets".     You commented about my "truly phenomenal discovery".  I have sent you a copy of the as-published PCT (Patent Cooperation Treaty), for my isotopically-modified optical fiber invention.  Corning says that 300 billion meters of optical fiber are made each year; If I get 10% market penetration, that's 30 billion meters.  At $0.25 per meter of  fiber royalty, that's $7.5 billion per year, or $150 billion over the patent's 20-year lifetime.     However, this is only one of a few dozen inventions I have thought of involving isotopically-modified materials, although it is the most readily doable and is like the most profitable.  In principle, however, my fiber optic inventions number far more than this:  The main problem is that isotope separation is rather expensive, and any such invention isn't worth doing unless the benefit from the material or device exceeds the cost of that separation.  The main reason my optical fiber is practical is that the isotopically-modified core of the 125-micron fiber is only about 30 microns in diameter, so that it uses very little isotopically-modified material.  My estimate of 5000 patents is still reasonable, based on what I know now, but it will require the development of ever-cheaper ways of separating isotopes. Next:     The article says (page 133) that "he had fired practically every court-appointed lawyer ever assigned to him".  Actually, that is absolutely NOT true, although the truth requires some explanation that you didn't bother to ask me.  I could say, accurately, that I "Never"  fired ANY attorney, but again that requires some explanation.  (More precisely, I never SUCCEEDED in firing ANY lawyer:  In every circumstance where I tried to fire an attorney, that attorney was continued to be forced upon me, for weeks, months, or in one case years, and if and when that attorney finally withdrew, it wasn't because _I_ wanted him to leave, it was because he (or she) had finally achieved the damage to me that he (or she) was trying to do, and he (or she) obtained the permission of the judge to withdraw.     You have a major responsibility here!  To my recollection, you NEVER asked me about me 'firing' any attorney, yet you put this material in your book as if it were true.  You have based your commentary on these false 'facts', and you didn't check with me to see if I had a correction or other explanation.     Peter Avenia was my first attorney (1997-1999).  I never even tried to fire him.  And, in fact, I tried to get the judge (Burgess) in about April 1999 to REFUSE Avenia's request to withdraw.  Why?  In 1998, I consented to an unnecessary 'mental evaluation' (in Springfield Missouri) based on Avenia's promise that he would investigate my allegations that the government had been spying on me.  In fact, the only basis for the government's request for a 'mental evaluation' was my claim that the government was spying on me!  Please note that the government didn't deny that it had been spying; the prosecutor didn't comment on that.  Can you see why this is a problem?  It turns out that the government was, indeed, spying on me, including during the period of April 1998 and June 1998, after which they arrested me for a 'supervised violation'.  In fact, they had placed a tracking device in at least one of my parents' cars (A Lincoln).     "What's wrong with that", you might ask?  Well, in 2012 the US Supreme Court ruled (U.S. v. Jones) that such a placement was a "search" under the 4th Amendment.  Indeed, in a 1999 9th Circuit Court of Appeals case (U.S. v. McIver) , that court ruled that it was legal (under certain circumstances inapplicable to me) for 'cops' (term used generically) to place a tracking device on a subject's car.  Problem was, in the McIver there was actually a CRIME being investigated (Marijuana growing) and the subject was directly linked to that crime.  In stark contrast, I was neither suspected or known to have been involved in any crime, then-past, then-present, or then-future.  In other words, these Feds actually just placed the tracking on the car without any legitimate law-enforcement reason.  They did not want, however, to have the fact of their arguably-illegal placement of the tracking devices(s) openly mentioned in any court hearing.  I, quite the opposite, DEMANDED to my attorney, Avenia, that he verify the tracking device(s) placement, and argue the matter in court.  He promised to do that, in mid 1998, but he later (April 1999) broke his promise by resigning, and his replacement also refused.  In other words, I was denied an actual defense due to the collusion of two of 'my' attorneys as well as the government.     One of the major things I wanted to do was to prove that the Feds were employing what should be illegal tactics (such as the GPS tracking device) not for any legitimate reason, but simply because they considered me to be their 'enemy', not because they thought I was going to commit any crime.  I wanted to be able to show that they were "offending" against me, because of (among other things) my allegation that they had employed a jailhouse snitch ("Ryan Thomas Lund") to attack me, which he did on November 25, 1997.  (See version 1.06 of my Portland Oregon Federal Court lawsuit, 02-1052, version filed in July of 2003.   Avenia agreed to have an investigator do that.  I went to that (useless) evaluation, but when I returned I continued to insist on the investigation that Avenia had promised.  Indeed, he eventually did send an investigator ("Sharon Callas") to do an investigation, in Vancouver Washington.  Mysteriously, she resigned very shortly after doing that investigation, and I was never given the results.     Avenia was allowed (by the Judge, Burgess, now dead) to resign in about April 1999.  I objected at a court hearing, because I had gotten Avenia to PROMISE to do an investigation, and I was afraid (correctly, as it turns out) that any replacement of him would fail or refuse to bring out the issues concerning the government's crimes and misdeeds against me.     More tomorrow.               Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 73819 bytes Desc: not available URL: From dan at geer.org Fri Jan 10 16:06:15 2014 From: dan at geer.org (dan at geer.org) Date: Fri, 10 Jan 2014 19:06:15 -0500 Subject: Swartz, Weev & radical libertarian lexicon (Re: Jacob Appelbaum in Germany - Aaron Swartz) In-Reply-To: Your message of "Wed, 08 Jan 2014 23:11:50 +0100." Message-ID: <20140111000615.82A422280D6@palinka.tinho.net> > https://archive.org/details/The_Shock_Doctrine.The_Rise_of_Disaster_Capitalism You'd doubtless enjoy Michael Rothschild's _Bionomics: Economy As Ecosystem_ --dan From rysiek at hackerspace.pl Fri Jan 10 11:46:17 2014 From: rysiek at hackerspace.pl (rysiek) Date: Fri, 10 Jan 2014 20:46:17 +0100 Subject: Curve p25519 Replacements for GnuPG?(x2 now) Re: Pretty Curved Privacy.. ECC Curve p25519 util(Bernstein approved curve) In-Reply-To: <52D02F64.3010006@cypherpunks.to> References: <52CFE3E9.5040400@cypherpunks.to> <20140110150209.GO7008@ctrlc.hu> <52D02F64.3010006@cypherpunks.to> Message-ID: <2891245.WeM4LN2ER4@lap> Dnia piątek, 10 stycznia 2014 09:35:32 gwen hastings pisze: > Hi Stef, > Consider this an invitation to you and Tlinden to converge on file > formats and key representations in both implementation(s) if this is > technically possible. > > It would give folks a choice at least. More importantly, it would remove the "so which incompatible implementation should I choose? naah, I'll stick to whatever I am using now" problem. Which is always underestimated, always important. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From s at ctrlc.hu Fri Jan 10 11:58:41 2014 From: s at ctrlc.hu (stef) Date: Fri, 10 Jan 2014 20:58:41 +0100 Subject: Curve p25519 Replacements for GnuPG?(x2 now) Re: Pretty Curved Privacy.. ECC Curve p25519 util(Bernstein approved curve) In-Reply-To: <2891245.WeM4LN2ER4@lap> References: <52CFE3E9.5040400@cypherpunks.to> <20140110150209.GO7008@ctrlc.hu> <52D02F64.3010006@cypherpunks.to> <2891245.WeM4LN2ER4@lap> Message-ID: <20140110195841.GS7008@ctrlc.hu> On Fri, Jan 10, 2014 at 08:46:17PM +0100, rysiek wrote: > Dnia piątek, 10 stycznia 2014 09:35:32 gwen hastings pisze: > > Hi Stef, > > Consider this an invitation to you and Tlinden to converge on file > > formats and key representations in both implementation(s) if this is > > technically possible. > > > > It would give folks a choice at least. > > More importantly, it would remove the "so which incompatible implementation > should I choose? naah, I'll stick to whatever I am using now" problem. Which > is always underestimated, always important. given the fact that pbp is based on python the entry barrier should not be very high to go from consulting to contributing ;) -- pgp: https://www.ctrlc.hu/~stef/stef.gpg pgp fp: FD52 DABD 5224 7F9C 63C6 3C12 FC97 D29F CA05 57EF otr fp: https://www.ctrlc.hu/~stef/otr.txt From nymble at gmail.com Fri Jan 10 22:27:41 2014 From: nymble at gmail.com (nymble) Date: Fri, 10 Jan 2014 22:27:41 -0800 Subject: Curve p25519 Replacements for GnuPG?(x2 now) Re: Pretty Curved Privacy.. ECC Curve p25519 util(Bernstein approved curve) In-Reply-To: <52D02F64.3010006@cypherpunks.to> References: <52CFE3E9.5040400@cypherpunks.to> <20140110122133.GG7008@ctrlc.hu> <52CFEC67.9090706@cypherpunks.to> <3153198.N6KqkV6bkD@lap> <52D00724.1030302@cypherpunks.to> <20140110150209.GO7008@ctrlc.hu> <52D02F64.3010006@cypherpunks.to> Message-ID: consistent key formats are critical, need to converge on: - endianness - coordinate representation x, x&y, x and sign … or bits to show which of these …. perhaps borrow ANSI method - hint / indication of cipher suite / curve - text encoding of binary format (ascii) - text encoding of binary format (utf8) - human readable format > ecc public key curve p25519(pcp 0.15) leaking crypto suite key should be usable in other contexts besides pcp 0.15 > 1l0$WoM5C8z=yeZG7?$]f^Uu8.g>4rf#t^6mfW9(rr910 one of several possible text encodings Others might include: - base 29 - base 59 - base 4096 (for UTF8 channels) From nymble at gmail.com Fri Jan 10 23:56:21 2014 From: nymble at gmail.com (nymble) Date: Fri, 10 Jan 2014 23:56:21 -0800 Subject: Curve p25519 Replacements for GnuPG?(x2 now) Re: Pretty Curved Privacy.. ECC Curve p25519 util(Bernstein approved curve) In-Reply-To: <52D0F2E2.3060407@echeque.com> References: <52CFE3E9.5040400@cypherpunks.to> <20140110122133.GG7008@ctrlc.hu> <52CFEC67.9090706@cypherpunks.to> <3153198.N6KqkV6bkD@lap> <52D00724.1030302@cypherpunks.to> <20140110150209.GO7008@ctrlc.hu> <52D02F64.3010006@cypherpunks.to> <52D0F2E2.3060407@echeque.com> Message-ID: <04DBBCAB-E49A-4393-8F11-67C97C7DB779@gmail.com> On Jan 10, 2014, at 11:29 PM, James A. Donald wrote: > On 2014-01-11 16:27, nymble wrote: >> - base 4096 (for UTF8 channels) > > How should base 4096 be expressed in UTF8, what does it look like to humans, and what happens to it when one copies and pastes it? Works really well in Twitter. Likely well in Facebook and on web pages. Looks like Hangul or Chinese depending on starting point in code space. 갇됰꼊꽦덐묻렐딉뇧뎶궄뚴뚮덺묝꿋륻긺경 > How efficient is it compared to base 60 (upper case, lower case, and numbers, with 0/O and 1/l canonicalized) Base 60 is better for ASCII channels … plain email and human transcription. From rysiek at hackerspace.pl Fri Jan 10 16:01:20 2014 From: rysiek at hackerspace.pl (rysiek) Date: Sat, 11 Jan 2014 01:01:20 +0100 Subject: MPAA joined W3C Message-ID: <1488702.2PZjE92tlV@lap> Well, that was a long time coming... https://twitter.com/w3c/status/420548145102061568 /yes, they announced on the shitter, too! -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From grarpamp at gmail.com Fri Jan 10 23:35:39 2014 From: grarpamp at gmail.com (grarpamp) Date: Sat, 11 Jan 2014 02:35:39 -0500 Subject: [Cryptography] Dumb idea: open-source hardware USB key for crypto In-Reply-To: References: Message-ID: On Fri, Jan 10, 2014 at 5:53 PM, Bill Cox wrote: > I've been noodling the idea of a USB stick designed in a way that we > can trust the crypto that goes on there. It's a hard problem, but > there seems to be some guidelines that could help: > > - Open source hardware - schematics and everything including board > layout need to be free > - No ICs that could be compromised. Any CPU would have to be a > soft-core in an FPGA, with an open-source design > - FPGA configuration memory both readable and writable over a JTAG port > - External flash program memory also read/writeable through JTAG > - Reasonable hardware RNG where every node in the circuit can be probed > - Signal isolation from the PC: solid state relays would swap a simple > memory back and forth between the PC side and USB stick side. Maybe > power draw should be randomized to obscure any processing going on. > RF shielding should cover the USB stick. No other communication > should be possible. This is similar to an air gap. > - A community supported audit trail verifying produced USB keys are secure > > The idea still has issues. Where would I be able to store secret keys > securely such that an attacker who stole my USB stick could not > recover it? Anyway, it's just a fun idea. I'd love to have such a > device in my pocket. There's a lot of applications I can think of > that could benefit from it, from electronic voting to > microtransactions. As one security expert once said in an > electronic-voting discussion I followed, no machine ever connected to > the Internet has proven secure. Could we make such a beast? I > probably don't really have time to work on it, but if a group were > building it, I'd participate. Many of these open hardware ideas come down to the fab level... can you examine (and trust) the fab process. Sure, publish all your schematics, VHDL, die masks, etc. But unless some number of random people can routinely make unannounced access-all-areas verification visits to the fab to verify those masks are the ones in use, it's moot. Or unless they can pull unannounced random samples and decap and analyse them, it's moot. That's why I've previously suggested people get together to making hardware RNG's out of discrete components... you don't have those worries then. I agree with the softcore loadable fpga and probe points ideas, they're good things. But in general, once you exceed a certain number of presupplied closed source and relatively unauditable gates [1], you should consider yourself potentially and generally fucked... and start taking a serious defense in depth approach. [1] Let's call it the number required to perform dumb leaks or take pseudo intelligent actions against you. The current lineup from Intel/AMD certainly fall in this category. As would quite a few lesser things... ARM, phones, cards, etc... firmware things. Does it not scare you that the next PC you're about to buy for your firewall is one of these systems, potentially hiding out to honor magic packets? Look at AMD's new CPU's coming out in a few weeks... besides gate count we all know about, it has embedded ARM cores. And just who is going to bring the aforesaid open model upon this class of gear? So it's +1 for spooks. From grarpamp at gmail.com Sat Jan 11 00:29:21 2014 From: grarpamp at gmail.com (grarpamp) Date: Sat, 11 Jan 2014 03:29:21 -0500 Subject: [p2p-hackers] The next gen P2P secure email solution In-Reply-To: <52CF8BFB.7090105@echeque.com> References: <52BB76A6.2000606@matthew.at> <52C105F2.6060606@iang.org> <52CF8BFB.7090105@echeque.com> Message-ID: On Fri, Jan 10, 2014 at 12:58 AM, James A. Donald wrote: > On Mon, Dec 30, 2013 at 12:34 AM, ianG wrote: >> >> So sad. I have a clue and don't trust Skype. But I can't for the life of >> me migrate my friends off of it. It's as addictive as crack. It's just >> better than the alternatives. > > > Anything that is as good as skype is going to allow contact tracing, that > this person talks to that person. No... we are specifically talking about developing decentralized solutions here, so that that centralized lookup authority context and risk goes away. Yes... a low latency non-fixed-length non-chaffed network will still have some characteristic risks... timing, etc. Yet likely nowhere near the order of the above centralized issues. > But it does not have to allow mass interception (the original skype did not > allow mass interception), and it does not have to allow undetectable > interception, which the original skype did allow. That is just designing good applied crypto in the former, which nullifies the latter. From gfoster at entersection.org Sat Jan 11 05:56:30 2014 From: gfoster at entersection.org (Gregory Foster) Date: Sat, 11 Jan 2014 07:56:30 -0600 Subject: Day of action against mass surveillance (Feb 11) Message-ID: <52D14D8E.4020404@entersection.org> The Day We Fight Back (Feb 11): https://thedaywefightback.org/ gf -- Gregory Foster || gfoster at entersection.org @gregoryfoster <> http://entersection.com/ From dan at geer.org Sat Jan 11 07:08:28 2014 From: dan at geer.org (dan at geer.org) Date: Sat, 11 Jan 2014 10:08:28 -0500 Subject: [Cryptography] Dumb idea: open-source hardware USB key for crypto In-Reply-To: Your message of "Sat, 11 Jan 2014 02:35:39 EST." Message-ID: <20140111150828.4A88A2280C8@palinka.tinho.net> > And just who is going to bring > the aforesaid open model upon this class of gear? So it's > +1 for spooks. Yes and no. Across the security parts of that government with which I am familiar, the issues of which you are speaking are deeply troubling -- they buy computers, too. There is, indeed, the strong mandate to use commercial off the self (COTS) goods rather than government-only goods which, on balance, is a Very Good Thing as perversion of the supply chain is thereby a common enemy. That all significant private firms are transnational is likewise a Very Good Thing (at least in this context). Naturally, I have no access to whether the precise discussion taking place in English here on these two lists is simultaneously taking place in and around Beijing, Brussels, London, Moscow, and Tokyo, but I would be surprised if it is not. Put differently, all airlines share a joint interest in air safety and none advertise that "our planes fall out of the sky less often than theirs." Because airplane crashes are not concealable, they are studied and thus learned from. Perhaps the policy you might want to consider is mandated disclosure of computer failures whether from attacks or from clumsiness. Public health trumps medical privacy should you turn up at hospital with smallpox or the plague. Peter Neumann's long-running RISKS digest is a small mockup of what might well be a global need. As with airlines and the (US) National Transportation Safety Board, learning from events is about all you can do once collective complexity is above that level where further refinements of design are, at best, episodic. --dan From cathalgarvey at cathalgarvey.me Sat Jan 11 02:57:41 2014 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Sat, 11 Jan 2014 10:57:41 +0000 Subject: [p2p-hackers] The next gen P2P secure email solution In-Reply-To: References: <52BB76A6.2000606@matthew.at> <52C105F2.6060606@iang.org> <52CF8BFB.7090105@echeque.com> Message-ID: <52D123A5.4050706@cathalgarvey.me> >>> So sad. I have a clue and don't trust Skype. But I can't for the life of >>> me migrate my friends off of it. It's as addictive as crack. It's just >>> better than the alternatives. >> >> >> Anything that is as good as skype is going to allow contact tracing, that >> this person talks to that person. Red herring-ish, but if you want to get your friends off Skype, don't wait for the golden solution. Pick something good-enough and use that. I've had moderate success migrating people to Jitsi. Similar ease of use once set up, and they now allow jit.si account creation within the application (under the XMPP option). Obviously not genuinely P2P. The only semi-viable alternative I can think of that *is* P2P, but have not yet tried, is VoiP in Retroshare. However, as I suggested in another thread, I'm not convinced Retroshare is up to the hard-crypto standard some people here might demand. That is, it'll block virtually everyone, but not the real fascists. Back on topic, I'm not sure that it's possible to achieve low-latency and endpoint obfuscation for something that requires streaming like VoiP. Tor is already pushing the boundaries of low-latency mixing with an asynchronous protocol that doesn't *require* perfect synchrony, such as would be required of VoiP. So you might have to sacrifice obfuscation of *who* you're talking to in order to achieve security across the wire, or trust third parties such as VPNs or friend-to-friend connections (Retroshare model) to provide lots of bandwidth. On 11/01/14 08:29, grarpamp wrote: > On Fri, Jan 10, 2014 at 12:58 AM, James A. Donald wrote: >> On Mon, Dec 30, 2013 at 12:34 AM, ianG wrote: >>> >>> So sad. I have a clue and don't trust Skype. But I can't for the life of >>> me migrate my friends off of it. It's as addictive as crack. It's just >>> better than the alternatives. >> >> >> Anything that is as good as skype is going to allow contact tracing, that >> this person talks to that person. > > No... we are specifically talking about developing decentralized solutions > here, so that that centralized lookup authority context and risk goes away. > > Yes... a low latency non-fixed-length non-chaffed network will > still have some characteristic risks... timing, etc. Yet likely nowhere > near the order of the above centralized issues. > >> But it does not have to allow mass interception (the original skype did not >> allow mass interception), and it does not have to allow undetectable >> interception, which the original skype did allow. > > That is just designing good applied crypto in the former, which nullifies > the latter. > -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x988B9099.asc Type: application/pgp-keys Size: 6176 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 901 bytes Desc: OpenPGP digital signature URL: From s at ctrlc.hu Sat Jan 11 01:58:48 2014 From: s at ctrlc.hu (stef) Date: Sat, 11 Jan 2014 10:58:48 +0100 Subject: Curve p25519 Replacements for GnuPG?(x2 now) Re: Pretty Curved Privacy.. ECC Curve p25519 util(Bernstein approved curve) In-Reply-To: References: <52CFE3E9.5040400@cypherpunks.to> <20140110122133.GG7008@ctrlc.hu> <52CFEC67.9090706@cypherpunks.to> <3153198.N6KqkV6bkD@lap> <52D00724.1030302@cypherpunks.to> <20140110150209.GO7008@ctrlc.hu> <52D02F64.3010006@cypherpunks.to> Message-ID: <20140111095848.GT7008@ctrlc.hu> On Fri, Jan 10, 2014 at 10:27:41PM -0800, nymble wrote: > > consistent key formats are critical, need to converge on: > - endianness then pls also make hw converge on endianness. > - coordinate representation x, x&y, x and sign … > or bits to show which of these …. perhaps borrow ANSI method makes no sense in case of nacl/sodium. it is const. > - hint / indication of cipher suite / curve makes no sense in case of nacl/sodium. it is const. > - text encoding of binary format (ascii) > - text encoding of binary format (utf8) > - human readable format easily convertible. > > ecc public key curve p25519(pcp 0.15) > leaking crypto suite > key should be usable in other contexts besides pcp 0.15 > > > > 1l0$WoM5C8z=yeZG7?$]f^Uu8.g>4rf#t^6mfW9(rr910 > one of several possible text encodings > Others might include: > - base 29 > - base 59 > - base 4096 (for UTF8 channels) i like base85. ;) diversity! -- pgp: https://www.ctrlc.hu/~stef/stef.gpg pgp fp: FD52 DABD 5224 7F9C 63C6 3C12 FC97 D29F CA05 57EF otr fp: https://www.ctrlc.hu/~stef/otr.txt From s at ctrlc.hu Sat Jan 11 02:37:00 2014 From: s at ctrlc.hu (stef) Date: Sat, 11 Jan 2014 11:37:00 +0100 Subject: [Cryptography] Dumb idea: open-source hardware USB key for crypto In-Reply-To: References: Message-ID: <20140111103700.GU7008@ctrlc.hu> On Sat, Jan 11, 2014 at 02:35:39AM -0500, grarpamp wrote: > On Fri, Jan 10, 2014 at 5:53 PM, Bill Cox wrote: > > I've been noodling the idea of a USB stick designed in a way that we > > can trust the crypto that goes on there. It's a hard problem, but > > there seems to be some guidelines that could help: as hinted earlier in the pcp/pbp discussion, i'm working on such a beast: https://www.ctrlc.hu/~stef/PITCHFORK.pdf > > Anyway, it's just a fun idea. I'd love to have such a > > device in my pocket. There's a lot of applications I can think of > > that could benefit from it, from electronic voting to > > microtransactions. PITCHFORK will allow you to develop your own extensions, so indeed i expect a lot of experiments and innovation if this gets off. currently some of my code has licensing problems and needs to be reimplemented before publication :/ > Many of these open hardware ideas come down to the fab level... indeed, there's a lot of trust in things we have limited resources to validate. turtles all the way down. -- pgp: https://www.ctrlc.hu/~stef/stef.gpg pgp fp: FD52 DABD 5224 7F9C 63C6 3C12 FC97 D29F CA05 57EF otr fp: https://www.ctrlc.hu/~stef/otr.txt From jessetaylor84 at riseup.net Sat Jan 11 12:24:59 2014 From: jessetaylor84 at riseup.net (Jesse Taylor) Date: Sat, 11 Jan 2014 12:24:59 -0800 Subject: Twister: P2P microblogging platform Message-ID: <52D1A89B.9090403@riseup.net> I came across this the other day: /"This paper presents a proposal of a new P2P microblogging platform that is scalable, resilient to failures and attacks, does not depend on any central authority for user registration, provides easy-to-use encrypted private communication and authenticated public posts. The architecture tries to leverage from existing and proven P2P technologies such as Bittorrent and Bitcoin as much possible. Privacy is also one of the primary design concerns, no one should be able to see the user's IP or their followers unless he explicitly shares such information. The proposed platform is comprised of three mostly independent overlay networks. The first provides distributed user registration and authentication and is based on the Bitcoin protocol. The second one is a Distributed Hash Table (DHT) overlay network providing key/value storage for user resources and tracker location for the third network. The last network is a collection of possibly disjoint "swarms" of followers, based on the Bittorrent protocol, which can be used for efficient near-instant notification delivery to many users. [...] "/ -- "twister - a P2P microblogging platform ", Miguel Freitas Personally, I'm impressed by the creative application of Bitcoin/Bitorrent/DHT protocols to the problem of private/anonymous communication ... and the software looks very clean and usable as well. I also like that it's based on P2P technology unlike solutions such as Diaspora, which still require trusting third parties with personal data ... Thoughts? --Jesse Taylor -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2129 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: twister - a p2p microblogging platform.pdf Type: application/pdf Size: 165489 bytes Desc: not available URL: From nymble at gmail.com Sat Jan 11 12:51:38 2014 From: nymble at gmail.com (nymble) Date: Sat, 11 Jan 2014 12:51:38 -0800 Subject: base58 vs alt-alpha base64? (Re: Re: Curve p25519 Replacements for GnuPG?(x2 now) Re: Pretty Curved Privacy.. ECC Curve p25519 util(Bernstein approved curve)) In-Reply-To: <20140111134738.GA8992@netbook.cypherspace.org> References: <52CFE3E9.5040400@cypherpunks.to> <20140110122133.GG7008@ctrlc.hu> <52CFEC67.9090706@cypherpunks.to> <3153198.N6KqkV6bkD@lap> <52D00724.1030302@cypherpunks.to> <20140110150209.GO7008@ctrlc.hu> <52D02F64.3010006@cypherpunks.to> <20140111095848.GT7008@ctrlc.hu> <20140111134738.GA8992@netbook.cypherspace.org> Message-ID: <569259F4-C5B2-4B5D-8DF1-FDEBE4D68807@gmail.com> On Jan 11, 2014, at 5:47 AM, Adam Back wrote: > Bitcoin base58 seemed a to have some minor unfortunate side effects to me, > the intent is good to avoid transcription error, but surely one could find > 64-chars. it could have easily been base 60 to start with (dont delete both > 0 and O, and 1 and l just make the equivalent!). Possible, but breaks string compare. Also adds human confusion in interpretation/typing. > Then you have URL encoding > ambiguity, oh … yes. same point > C/python/bash programming string quoting that rules out some more > non alphanum chars. (base 64 includes +/). Just seems some ugly code mess > and implications for vanity address etc to deal with non-power-of-2 > encoding. Yes … code is very ugly, Human usability is more important ... > > Adam > > On Sat, Jan 11, 2014 at 10:58:48AM +0100, stef wrote: >>> > 1l0$WoM5C8z=yeZG7?$]f^Uu8.g>4rf#t^6mfW9(rr910 >>> one of several possible text encodings >>> Others might include: >>> - base 29 >>> - base 59 oops intended base 58 >>> - base 4096 (for UTF8 channels) base64: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/“ compact, nice power of 2, human transcription errors likely base58: “123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz” fairly readable, relatively compact base29: “ABCDEFGHJKMNPQRTUVWXYZ2346789" base 29 assumes lower upper case equivalence, always converts to upper for decode (removes 5,S 0,O i,1,i,I ) base 29 has the best human usability/readability and is not mangled very good for license keys and short sequences … 1/2 of efficiency (losing lower versus upper) >> i like base85. ;) oh - thanks, assume you mean RFC1924 base85: “0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz!#$%&()*+-;<=>?@^_`{|}~” nice shorter encoding. Not URL or human friendly, works well for email cut/paste ‘<‘ might be problematic for web usage. Paul >> >> diversity! From bill.stewart at pobox.com Sat Jan 11 13:11:20 2014 From: bill.stewart at pobox.com (Bill Stewart) Date: Sat, 11 Jan 2014 13:11:20 -0800 Subject: Curve p25519 Replacements for GnuPG?(x2 now) Re: Pretty Curved Privacy.. ECC Curve p25519 util(Bernstein approved curve) In-Reply-To: References: <52CFE3E9.5040400@cypherpunks.to> <20140110122133.GG7008@ctrlc.hu> <52CFEC67.9090706@cypherpunks.to> <3153198.N6KqkV6bkD@lap> <52D00724.1030302@cypherpunks.to> <20140110150209.GO7008@ctrlc.hu> <52D02F64.3010006@cypherpunks.to> Message-ID: <20140111211131.9D8DCF8B1@a-pb-sasl-quonix.pobox.com> At 10:27 PM 1/10/2014, nymble wrote: >one of several possible text encodings >Others might include: >- base 29 >- base 59 >- base 4096 (for UTF8 channels) The primary reasons for text encoding were that people wanted to transmit data through channels that might modify content or had limitations on the size and type of content, such as 7-bit ASCII, special interpretations of control characters, especially \r, \n, \0, \t, conversion to/from EBCDIC or other character sets, line length limitations, case-folding, multiple space compaction, parity bits, etc. A secondary goal is to support transcription by humans or optical character readers that are likely to make mistakes on some similar-looking characters, but that's much less common. A tertiary goal is that some programmers like to "improve" programs or make them "more efficient" by twiddling bits in ways that lead to software bugs, security holes, and the wrong kinds of chaos and anarchy, and yes I'm particularly including Phil Zimmerman and the standards committees who designed ASN.1 and DNS. To give those guys some slack, most of us started programming before the 8-bit byte was really universal and saving bytes here and there was *really* *important*.* The most common encodings out there encode most of the characters in base-16 (or octal, for old DEC applications) or base-64 (uuencode and MIME), with various wrappers around them to handle line-length limitations and sometimes checksums. Sadly, base-85 didn't catch on - it used 5 characters to hold 4 bytes, vs. base-64's 6 characters for 4 bytes, but it was late to the game and required doing multiplication and division instead of just bit-shifting. I've never seen base-29 or base-59 encodings - is base-29 some attempt to fit into 5-level Baudot coding now that the deaf community have pretty much all moved off Model-28 TTY emulators to ASCII or mobile phone texting? Base-4096 in UTF-8 would be silly - it gets you 12 bits per variable-width character, requiring at least two bytes, so you could just as well use two bytes of base-64 and not risk munging by systems that don't understand UTF-8. (* My first programming environment had a printer with 132 48-character type bars and Model 026 keypunches doing Hollerith cards, which could print 56 different characters; I don't think we did any hacks using non-printer-supported punchcard fields and the card sorter, but it was possible.) From cathalgarvey at cathalgarvey.me Sat Jan 11 06:01:27 2014 From: cathalgarvey at cathalgarvey.me (Cathal Garvey (Phone)) Date: Sat, 11 Jan 2014 14:01:27 +0000 Subject: base58 vs alt-alpha base64? (Re: Re: Curve p25519 Replacements for GnuPG?(x2 now) Re: Pretty Curved Privacy.. ECC Curve p25519 util(Bernstein approved curve)) In-Reply-To: <20140111134738.GA8992@netbook.cypherspace.org> References: <52CFE3E9.5040400@cypherpunks.to> <20140110122133.GG7008@ctrlc.hu> <52CFEC67.9090706@cypherpunks.to> <3153198.N6KqkV6bkD@lap> <52D00724.1030302@cypherpunks.to> <20140110150209.GO7008@ctrlc.hu> <52D02F64.3010006@cypherpunks.to> <20140111095848.GT7008@ctrlc.hu> <20140111134738.GA8992@netbook.cypherspace.org> Message-ID: <3fdd7313-eb90-4885-8627-0dca69fd9bbe@email.android.com> Base58 presumably included the "not mangleable by intermediate servers that only speak ascii" design constraint. Adam Back wrote: >Bitcoin base58 seemed a to have some minor unfortunate side effects to >me, >the intent is good to avoid transcription error, but surely one could >find >64-chars. it could have easily been base 60 to start with (dont delete >both >0 and O, and 1 and l just make the equivalent!). Then you have URL >encoding >ambiguity, C/python/bash programming string quoting that rules out some >more >non alphanum chars. (base 64 includes +/). Just seems some ugly code >mess >and implications for vanity address etc to deal with non-power-of-2 >encoding. > >Adam > >On Sat, Jan 11, 2014 at 10:58:48AM +0100, stef wrote: >>> > 1l0$WoM5C8z=yeZG7?$]f^Uu8.g>4rf#t^6mfW9(rr910 >>> one of several possible text encodings >>> Others might include: >>> - base 29 >>> - base 59 >>> - base 4096 (for UTF8 channels) >> >>i like base85. ;) >> >>diversity! -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1781 bytes Desc: not available URL: From pgut001 at cs.auckland.ac.nz Fri Jan 10 17:38:25 2014 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Sat, 11 Jan 2014 14:38:25 +1300 Subject: ECC curves that are safe safecurves.cr.yp.to In-Reply-To: <52D00994.1070109@cypherpunks.to> Message-ID: gwen hastings writes: >DJ Bernstein and Tanja Lange did a study on which ECC curves are safe to >implement and use, found at http://safecurves.cr.yp.to/ Some of their objections seem pretty subjective though, I mean they don't like the Brainpool curves because of: Several unexplained decisions: Why SHA-1 instead of, e.g., RIPEMD-160 or SHA-256? Why use 160 bits of hash input independently of the curve size? Why pi and e instead of, e.g., sqrt(2) and sqrt(3)? Why handle separate key sizes by more digits of pi and e instead of hash derivation? Why counter mode instead of, e.g., OFB? Why use overlapping counters for A and B (producing the repeated 26DC5C6CE94A4B44F330B5D9)? Why not derive separate seeds for A and B? Is that really a big deal? SHA-1 vs. RIPEMD-160. Peter. From l at odewijk.nl Sat Jan 11 05:44:04 2014 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Sat, 11 Jan 2014 14:44:04 +0100 Subject: MPAA joined W3C In-Reply-To: <1488702.2PZjE92tlV@lap> References: <1488702.2PZjE92tlV@lap> Message-ID: Wow. www sounds dead already -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 120 bytes Desc: not available URL: From adam at cypherspace.org Sat Jan 11 05:47:38 2014 From: adam at cypherspace.org (Adam Back) Date: Sat, 11 Jan 2014 14:47:38 +0100 Subject: base58 vs alt-alpha base64? (Re: Re: Curve p25519 Replacements for GnuPG?(x2 now) Re: Pretty Curved Privacy.. ECC Curve p25519 util(Bernstein approved curve)) In-Reply-To: <20140111095848.GT7008@ctrlc.hu> References: <52CFE3E9.5040400@cypherpunks.to> <20140110122133.GG7008@ctrlc.hu> <52CFEC67.9090706@cypherpunks.to> <3153198.N6KqkV6bkD@lap> <52D00724.1030302@cypherpunks.to> <20140110150209.GO7008@ctrlc.hu> <52D02F64.3010006@cypherpunks.to> <20140111095848.GT7008@ctrlc.hu> Message-ID: <20140111134738.GA8992@netbook.cypherspace.org> Bitcoin base58 seemed a to have some minor unfortunate side effects to me, the intent is good to avoid transcription error, but surely one could find 64-chars. it could have easily been base 60 to start with (dont delete both 0 and O, and 1 and l just make the equivalent!). Then you have URL encoding ambiguity, C/python/bash programming string quoting that rules out some more non alphanum chars. (base 64 includes +/). Just seems some ugly code mess and implications for vanity address etc to deal with non-power-of-2 encoding. Adam On Sat, Jan 11, 2014 at 10:58:48AM +0100, stef wrote: >> > 1l0$WoM5C8z=yeZG7?$]f^Uu8.g>4rf#t^6mfW9(rr910 >> one of several possible text encodings >> Others might include: >> - base 29 >> - base 59 >> - base 4096 (for UTF8 channels) > >i like base85. ;) > >diversity! From cathalgarvey at cathalgarvey.me Sat Jan 11 08:02:13 2014 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Sat, 11 Jan 2014 16:02:13 +0000 Subject: Curve p25519 Replacements for GnuPG?(x2 now) Re: Pretty Curved Privacy.. ECC Curve p25519 util(Bernstein approved curve) In-Reply-To: References: <52CFE3E9.5040400@cypherpunks.to> <20140110122133.GG7008@ctrlc.hu> <52CFEC67.9090706@cypherpunks.to> <3153198.N6KqkV6bkD@lap> <52D00724.1030302@cypherpunks.to> <20140110150209.GO7008@ctrlc.hu> <52D02F64.3010006@cypherpunks.to> Message-ID: <52D16B05.9010203@cathalgarvey.me> > - base 4096 (for UTF8 channels) I may reveal some crippling ignorance, but: UTF8 is an encoding system to allow for effectively infinite character extensions in binary text data. The original forms of binary encoding for text were merely to assign characters to a large segment of the 264 possibilities of a single byte; 2^8. To account for the fact that in early data transports many of these codepoints were considered instructions and could therefore inject transport-specific commands etc. (if I understand the problem correctly)*, base64/base32 were intended to allow arbitrary binary to be encoded into a transport that accepted text without including codepoints likely to have control significance. Amusingly, the base32/64 alphabets are restricted further to remove characters that might, if accidentally rearranged, cause people to see naughty words in binary. When it comes down to it, there are only 2^8 possibilities in binary. UTF8's extensions are indicated by additional byte sequences that indicate "the following bytes should be viewed as an extension". I'm not sure how many "ensuing" bytes can be regarded as an extended encoding at a time, but I think it's only in the range of 1-3. If we assume it's 3, and further assume that, after declaring that the following 3 bytes are an extension, that any arbitrary binary sequence will be interpreted as a visible, copy/pasteable character, then you're looking at a length penalty to encode arbitrary data of 33%. For every three bytes, you're escaping them to random characters by prefixing with another byte. Yes, it's more nuanced than that; you can factor in the ascii set and use that where possible, only escaping binary values outside the ascii set, but one way or another you're adding length to the binary string by messing with it, with the aim being a character-representable set of binary data that can be copy/pasted safely and passed through diverse transports. So the question is what's more important; ability to transport strings of data without a significant length penalty, ability to transport strings of arbitrary data without affecting the transport, or ability to copy/paste (a subset of "transport" I guess). Given these, my personal feeling is that if your concern is transport-related, which implies that you can't control the transport, then stick with base64. If your concern is length, then I don't feel UTF8 will offer a significant advantage, and you're much better off using something like length-prefixing like bencoding does it. If your concern is copy-pasteability, then base58 works and probably is no worse than base-utf8, while being significantly easier to implement in code. Spurious rant over. * Take for example the way early email was sent, where headers were specified and then the server awaited the body of the message, the end of which was indicated by what amounts to a string of characters; a newline, a period, and another newline. Easily injected by accident or design, along with other commands. On 11/01/14 06:27, nymble wrote: > > consistent key formats are critical, need to converge on: > - endianness > - coordinate representation x, x&y, x and sign … > or bits to show which of these …. perhaps borrow ANSI method > - hint / indication of cipher suite / curve > - text encoding of binary format (ascii) > - text encoding of binary format (utf8) > - human readable format > >> ecc public key curve p25519(pcp 0.15) > leaking crypto suite > key should be usable in other contexts besides pcp 0.15 > > >> 1l0$WoM5C8z=yeZG7?$]f^Uu8.g>4rf#t^6mfW9(rr910 > one of several possible text encodings > Others might include: > - base 29 > - base 59 > - base 4096 (for UTF8 channels) > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x988B9099.asc Type: application/pgp-keys Size: 6176 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 901 bytes Desc: OpenPGP digital signature URL: From hozer at hozed.org Sat Jan 11 15:09:08 2014 From: hozer at hozed.org (Troy Benjegerdes) Date: Sat, 11 Jan 2014 17:09:08 -0600 Subject: [Cryptography] Dumb idea: open-source hardware USB key for crypto In-Reply-To: <20140111150828.4A88A2280C8@palinka.tinho.net> References: <20140111150828.4A88A2280C8@palinka.tinho.net> Message-ID: <20140111230908.GS3180@nl.grid.coop> On Sat, Jan 11, 2014 at 10:08:28AM -0500, dan at geer.org wrote: > > > And just who is going to bring > > the aforesaid open model upon this class of gear? So it's > > +1 for spooks. > > Yes and no. Across the security parts of that government with > which I am familiar, the issues of which you are speaking are > deeply troubling -- they buy computers, too. There is, indeed, > the strong mandate to use commercial off the self (COTS) goods > rather than government-only goods which, on balance, is a Very > Good Thing as perversion of the supply chain is thereby a common > enemy. That all significant private firms are transnational is > likewise a Very Good Thing (at least in this context). Naturally, > I have no access to whether the precise discussion taking place > in English here on these two lists is simultaneously taking place > in and around Beijing, Brussels, London, Moscow, and Tokyo, but > I would be surprised if it is not. Based on my experience at a DOE lab that let me to coin the term 'Legislative Trojan', I proposed a process called 'trusted open source', in which things like the core bios (http://coreboot.org) would be maintained by multiple different government standards agencies. Say NIST in the US, Germany, China, Japan, and Taiwan, as well as independent organizations like Wikipedia, the free software foundation, and the Debian project. So when you have VHDL, I'm very interested in looking at it, and calling up some of the people I used to work with in the Supercomputing community. They are very concerned about the integrity of open and public scientific computing, and may even be motivated to fund such a thing. The Cryptocoin community (should) also be extremely interested as well, and http://efabless.com would love to actually make the thing. Then you just randomly sample and X-ray the chips. The intelligence agencies that want to subvert this process will still have plenty of physical/humint/social engineering attacks so they will be happy. When do we start? Please upload some VHDL/verilog ASAP. -- Troy From jamesd at echeque.com Fri Jan 10 23:29:38 2014 From: jamesd at echeque.com (James A. Donald) Date: Sat, 11 Jan 2014 17:29:38 +1000 Subject: Curve p25519 Replacements for GnuPG?(x2 now) Re: Pretty Curved Privacy.. ECC Curve p25519 util(Bernstein approved curve) In-Reply-To: References: <52CFE3E9.5040400@cypherpunks.to> <20140110122133.GG7008@ctrlc.hu> <52CFEC67.9090706@cypherpunks.to> <3153198.N6KqkV6bkD@lap> <52D00724.1030302@cypherpunks.to> <20140110150209.GO7008@ctrlc.hu> <52D02F64.3010006@cypherpunks.to> Message-ID: <52D0F2E2.3060407@echeque.com> On 2014-01-11 16:27, nymble wrote: > - base 4096 (for UTF8 channels) How should base 4096 be expressed in UTF8, what does it look like to humans, and what happens to it when one copies and pastes it? How efficient is it compared to base 60 (upper case, lower case, and numbers, with 0/O and 1/l canonicalized) From juan.g71 at gmail.com Sat Jan 11 12:32:20 2014 From: juan.g71 at gmail.com (Juan Garofalo) Date: Sat, 11 Jan 2014 17:32:20 -0300 Subject: Curve p25519 Replacements for GnuPG?(x2 now) Re: Pretty Curved Privacy.. ECC Curve p25519 util(Bernstein approved curve) In-Reply-To: <52D16B05.9010203@cathalgarvey.me> References: <52CFE3E9.5040400@cypherpunks.to> <20140110122133.GG7008@ctrlc.hu> <52CFEC67.9090706@cypherpunks.to> <3153198.N6KqkV6bkD@lap> <52D00724.1030302@cypherpunks.to> <20140110150209.GO7008@ctrlc.hu> <52D02F64.3010006@cypherpunks.to> <52D16B05.9010203@cathalgarvey.me> Message-ID: <7701E107F2C8AAD0C84F8CDA@F74D39FA044AA309EAEA14B9> --On Saturday, January 11, 2014 4:02 PM +0000 Cathal Garvey wrote: > segment of the 264 > possibilities of a single byte; 2^8. How did you manage to come up with that bug/typo? =P From cathalgarvey at cathalgarvey.me Sat Jan 11 12:46:59 2014 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Sat, 11 Jan 2014 20:46:59 +0000 Subject: Curve p25519 Replacements for GnuPG?(x2 now) Re: Pretty Curved Privacy.. ECC Curve p25519 util(Bernstein approved curve) In-Reply-To: <7701E107F2C8AAD0C84F8CDA@F74D39FA044AA309EAEA14B9> References: <52CFE3E9.5040400@cypherpunks.to> <20140110122133.GG7008@ctrlc.hu> <52CFEC67.9090706@cypherpunks.to> <3153198.N6KqkV6bkD@lap> <52D00724.1030302@cypherpunks.to> <20140110150209.GO7008@ctrlc.hu> <52D02F64.3010006@cypherpunks.to> <52D16B05.9010203@cathalgarvey.me> <7701E107F2C8AAD0C84F8CDA@F74D39FA044AA309EAEA14B9> Message-ID: <52D1ADC3.9070303@cathalgarvey.me> >_< On 11/01/14 20:32, Juan Garofalo wrote: > > > --On Saturday, January 11, 2014 4:02 PM +0000 Cathal Garvey > wrote: > >> segment of the 264 >> possibilities of a single byte; 2^8. > > > How did you manage to come up with that bug/typo? =P > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x988B9099.asc Type: application/pgp-keys Size: 6176 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 901 bytes Desc: OpenPGP digital signature URL: From s at ctrlc.hu Sat Jan 11 14:02:45 2014 From: s at ctrlc.hu (stef) Date: Sat, 11 Jan 2014 23:02:45 +0100 Subject: serialization formats [formerly: Curve p25519 Replacements for GnuPG?...] In-Reply-To: <20140111211131.9D8DCF8B1@a-pb-sasl-quonix.pobox.com> References: <52CFE3E9.5040400@cypherpunks.to> <20140110122133.GG7008@ctrlc.hu> <52CFEC67.9090706@cypherpunks.to> <3153198.N6KqkV6bkD@lap> <52D00724.1030302@cypherpunks.to> <20140110150209.GO7008@ctrlc.hu> <52D02F64.3010006@cypherpunks.to> <20140111211131.9D8DCF8B1@a-pb-sasl-quonix.pobox.com> Message-ID: <20140111220245.GX7008@ctrlc.hu> On Sat, Jan 11, 2014 at 01:11:20PM -0800, Bill Stewart wrote: > bits, etc. A secondary goal is to support transcription by humans > or optical character readers that are likely to make mistakes on > some similar-looking characters, but that's much less common. A it might make sense to accommodate both camps by supporting the terse base85 and a format for transcription - number-station style, decimal digits in fiver-groups. seems to be state of the art until today apparently ;) -- pgp: https://www.ctrlc.hu/~stef/stef.gpg pgp fp: FD52 DABD 5224 7F9C 63C6 3C12 FC97 D29F CA05 57EF otr fp: https://www.ctrlc.hu/~stef/otr.txt From rysiek at hackerspace.pl Sun Jan 12 01:55:53 2014 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 12 Jan 2014 10:55:53 +0100 Subject: Twister: P2P microblogging platform In-Reply-To: <52D1A89B.9090403@riseup.net> References: <52D1A89B.9090403@riseup.net> Message-ID: <10071704.tzehX3t0pf@lap> Dnia sobota, 11 stycznia 2014 12:24:59 Jesse Taylor pisze: > I came across this the other day: > > /" [...] "/ > > -- "twister - a P2P microblogging platform > ", Miguel Freitas > > Personally, I'm impressed by the creative application of > Bitcoin/Bitorrent/DHT protocols to the problem of private/anonymous > communication ... and the software looks very clean and usable as well. > I also like that it's based on P2P technology unlike solutions such as > Diaspora, which still require trusting third parties with personal data ... Yeah, I always said Diaspora, StatusNet/GNU Social et al are just a stepping stone to get people out of walled gardens and then one day move to pure p2p services. > Thoughts? One: please tell me it would be possible to have a compatibility layer between this and Diaspora/Friendica/GNU Social, so that users don't have to choose either-or. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From jamesdbell8 at yahoo.com Sun Jan 12 12:26:46 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Sun, 12 Jan 2014 12:26:46 -0800 (PST) Subject: Tamper-Evident electronic device: (was: [Cryptography] Dumb idea: open-source hardware USB key for crypto) In-Reply-To: <1389558180.69925.YahooMailNeo@web141201.mail.bf1.yahoo.com> References: <20140111103700.GU7008@ctrlc.hu> <1389558180.69925.YahooMailNeo@web141201.mail.bf1.yahoo.com> Message-ID: <1389558406.87296.YahooMailNeo@web141202.mail.bf1.yahoo.com> From: stef On Sat, Jan 11, 2014 at 02:35:39AM -0500, grarpamp wrote: >> On Fri, Jan 10, 2014 at 5:53 PM, Bill Cox wrote: >> > I've been noodling the idea of a USB stick designed in a way that we >> > can trust the crypto that goes on there.  It's a hard problem, but > >> there seems to be some guidelines that could help: >as hinted earlier in the pcp/pbp discussion, i'm working on such a beast: >  https://www.ctrlc.hu/~stef/PITCHFORK.pdf >>> Anyway, it's just a fun idea.  I'd love to have such a >>> device in my pocket.  There's a lot of applications I can think of >>> that could benefit from it, from electronic voting to >>> microtransactions. >PITCHFORK will allow you to develop your own extensions, so indeed i expect a >lot of experiments and innovation if this gets off. >currently some of my code has licensing problems and needs to be reimplemented >before publication :/ >> Many of these open hardware ideas come down to the fab level... >indeed, there's a lot of trust in things we have limited resources to >validate. turtles all the way down. One thing that's needed is a way to determine if said device has been tampered with or replaced.  I suggest that such devices contain a pc board with a few (16 or so?) solder-bumps in a bare area (easily made using surface-mount soldering techniques) onto which would be pressed a carbon-fiber weave of cloth, itself impregnated with epoxy adhesive and held in place (over the solder bumps) until the epoxy is cured.   Each connection between a bump and the carbon-fiber weave would have an impossible (?) to replicate resistance.   Each solder bump would connect to a lead of a chip, said chip containing analog switches and an A/D convertor.  In operation, the resistance between these solder-bumps would be measured by the chip; also, perhaps two or more different solder bumps could be driven by the chip to different voltages (Vcc and Gnd), and the voltages of the rest of the solder bumps would be measured.  These as-measured values could be transmitted through the USB (possibly in encrypted or hashed form) and stored by a connected computer.    The entire device would be potted in a clear potting material, probably clear epoxy.  Any tampering would be automatically detectable electronically, and it would be exceedingly difficult to replicate the results of the large number of possible separate measurements which could be made. There would be (16x15/2)= 120 two-terminal resistance values; Each such measured value could be accompanied by measuring the voltage of the other 14 terminals, or 120 x 14 = 1680 values.        Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4786 bytes Desc: not available URL: From s at ctrlc.hu Sun Jan 12 03:33:48 2014 From: s at ctrlc.hu (stef) Date: Sun, 12 Jan 2014 12:33:48 +0100 Subject: Twister: P2P microblogging platform In-Reply-To: <10071704.tzehX3t0pf@lap> References: <52D1A89B.9090403@riseup.net> <10071704.tzehX3t0pf@lap> Message-ID: <20140112113348.GC7008@ctrlc.hu> On Sun, Jan 12, 2014 at 10:55:53AM +0100, rysiek wrote: > > Thoughts? > > One: please tell me it would be possible to have a compatibility layer between > this and Diaspora/Friendica/GNU Social, so that users don't have to choose > either-or. i'd like to encourage all (especially non-coder) contributors to the noise^Wmailing-list to actually direct their surplus energies into writing RFCs standardizing such things. -- pgp: https://www.ctrlc.hu/~stef/stef.gpg pgp fp: FD52 DABD 5224 7F9C 63C6 3C12 FC97 D29F CA05 57EF otr fp: https://www.ctrlc.hu/~stef/otr.txt From nymble at gmail.com Sun Jan 12 12:51:01 2014 From: nymble at gmail.com (nymble) Date: Sun, 12 Jan 2014 12:51:01 -0800 Subject: Curve p25519 Replacements for GnuPG?(x2 now) Re: Pretty Curved Privacy.. ECC Curve p25519 util(Bernstein approved curve) In-Reply-To: <52D16B05.9010203@cathalgarvey.me> References: <52CFE3E9.5040400@cypherpunks.to> <20140110122133.GG7008@ctrlc.hu> <52CFEC67.9090706@cypherpunks.to> <3153198.N6KqkV6bkD@lap> <52D00724.1030302@cypherpunks.to> <20140110150209.GO7008@ctrlc.hu> <52D02F64.3010006@cypherpunks.to> <52D16B05.9010203@cathalgarvey.me> Message-ID: On Jan 11, 2014, at 8:02 AM, Cathal Garvey wrote: >> - base 4096 (for UTF8 channels) > > I may reveal some crippling ignorance, but: No … but it depends whats being counted. ... > If we assume it's 3, and further assume that, after declaring that the > following 3 bytes are an extension, that any arbitrary binary sequence > will be interpreted as a visible, copy/pasteable character, then you're > looking at a length penalty to encode arbitrary data of 33%. For every > three bytes, you're escaping them to random characters by prefixing with > another byte. Twitter limits transmissions to 140 UTF8 characters. More than 140 binary characters can be encoded into 140 UTF 8 characters. In any UTF8 capabile browser/mail/whatever - the apparent length of a binary string will appear shorter even though the underlying bytes are longer. That said … such encoding tricks (base4096 or the like) might be better saved for encrypted content in Twiiter or other UTF8 limited channels. Public key representation would need to be consistent over other ASCII limited channels. > > Yes, it's more nuanced than that; you can factor in the ascii set and > use that where possible, only escaping binary values outside the ascii > set, but one way or another you're adding length to the binary string by > messing with it, with the aim being a character-representable set of > binary data that can be copy/pasted safely and passed through diverse > transports. > > So the question is what's more important; ability to transport strings > of data without a significant length penalty, ability to transport > strings of arbitrary data without affecting the transport, or ability to > copy/paste (a subset of "transport" I guess). > > Given these, my personal feeling is that if your concern is > transport-related, which implies that you can't control the transport, > then stick with base64. If your concern is length, then I don't feel > UTF8 will offer a significant advantage, and you're much better off > using something like length-prefixing like bencoding does it. If your > concern is copy-pasteability, then base58 works and probably is no worse > than base-utf8, while being significantly easier to implement in code. > > Spurious rant over. > > * Take for example the way early email was sent, where headers were > specified and then the server awaited the body of the message, the end > of which was indicated by what amounts to a string of characters; a > newline, a period, and another newline. Easily injected by accident or > design, along with other commands. > > On 11/01/14 06:27, nymble wrote: >> >> consistent key formats are critical, need to converge on: >> - endianness >> - coordinate representation x, x&y, x and sign … >> or bits to show which of these …. perhaps borrow ANSI method >> - hint / indication of cipher suite / curve >> - text encoding of binary format (ascii) >> - text encoding of binary format (utf8) >> - human readable format >> >>> ecc public key curve p25519(pcp 0.15) >> leaking crypto suite >> key should be usable in other contexts besides pcp 0.15 >> >> >>> 1l0$WoM5C8z=yeZG7?$]f^Uu8.g>4rf#t^6mfW9(rr910 >> one of several possible text encodings >> Others might include: >> - base 29 >> - base 59 >> - base 4096 (for UTF8 channels) >> >> >> > <0x988B9099.asc> From rich at openwatch.net Sun Jan 12 13:59:25 2014 From: rich at openwatch.net (Rich Jones) Date: Sun, 12 Jan 2014 13:59:25 -0800 Subject: In-Reply-To: References: <93021389548788@web19g.yandex.ru> Message-ID: Can you elaborate a bit about the panic onion? Why is reachability and not content the indicator of the service's health? On Sun, Jan 12, 2014 at 12:32 PM, John Young wrote: > Welcome back, TCM. You've been missed. > > > > > At 12:46 PM 1/12/2014, you wrote: > >> So I am organizing a lottery, I think you are all familiar with the >> concept. >> There is currently one death pool with multiple people in it. >> >> The pool accepts bitcoin and litecoin, and accurate death predictions >> will be rewarded 75% of the funds. The other 25% will stay in the pool for >> the remaining names. >> >> You can find more information at: >> http://lotteryd77nqcmtc.onion >> Or clearnet: http://lotteryd77nqcmtc.onion.lu >> > > > -- ————————————— Rich Jones *OpenWatch * is a global citizen news network. Download OpenWatch for iOSand for Android ! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2397 bytes Desc: not available URL: From john at johnlgrubbs.net Sun Jan 12 13:06:46 2014 From: john at johnlgrubbs.net (John L Grubbs) Date: Sun, 12 Jan 2014 15:06:46 -0600 Subject: Tor now built into DD-WRT Message-ID: <201401122106.s0CL6qba006666@antiproton.jfet.org> Looks like Tor is now included as of build 23220. No GUI as of yet. From jya at pipeline.com Sun Jan 12 12:32:29 2014 From: jya at pipeline.com (John Young) Date: Sun, 12 Jan 2014 15:32:29 -0500 Subject: In-Reply-To: <93021389548788@web19g.yandex.ru> References: <93021389548788@web19g.yandex.ru> Message-ID: Welcome back, TCM. You've been missed. At 12:46 PM 1/12/2014, you wrote: >So I am organizing a lottery, I think you are all familiar with the concept. >There is currently one death pool with multiple people in it. > >The pool accepts bitcoin and litecoin, and accurate death >predictions will be rewarded 75% of the funds. The other 25% will >stay in the pool for the remaining names. > >You can find more information at: >http://lotteryd77nqcmtc.onion >Or clearnet: http://lotteryd77nqcmtc.onion.lu From rich at openwatch.net Sun Jan 12 15:32:50 2014 From: rich at openwatch.net (Rich Jones) Date: Sun, 12 Jan 2014 15:32:50 -0800 Subject: In-Reply-To: <6C9A86F2-E8E3-4CBE-A3E4-3BC25DAFF8CD@gmail.com> References: <20140112230319.DCC07228082@palinka.tinho.net> <6C9A86F2-E8E3-4CBE-A3E4-3BC25DAFF8CD@gmail.com> Message-ID: Somebody was running another assassination market here: http://assmkedzgorodn7o.onion/ which got coverage from Andy Greenberg, but it appears to be currently down. Of course, for those unwilling to wait for their lottery picks, there is always the unfriendly solution .. On Sun, Jan 12, 2014 at 3:14 PM, Robert Hettinga wrote: > > On Jan 12, 2014, at 7:03 PM, dan at geer.org wrote: > > > Is this not unlike a tontine? > > Pretty much. Though Mr. Bell might have something to say about that. > > See also, “Death Pool”, viz, > > http://en.wikipedia.org/wiki/The_Howie_Carr_Show#Listener_contests > > :-) > > I don’t think it's Tim. Tim’s too cool for school here… > > > Cheers, > RAH > > "When I was your age we didn't have Tim May! We had to be paranoid > on our own! And we were grateful!" --Alan Olsen > -- ————————————— Rich Jones *OpenWatch * is a global citizen news network. Download OpenWatch for iOSand for Android ! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2518 bytes Desc: not available URL: From griffin at cryptolab.net Sun Jan 12 13:14:29 2014 From: griffin at cryptolab.net (Griffin Boyce) Date: Sun, 12 Jan 2014 16:14:29 -0500 Subject: Tor now built into DD-WRT In-Reply-To: <201401122106.s0CL6qba006666@antiproton.jfet.org> References: <201401122106.s0CL6qba006666@antiproton.jfet.org> Message-ID: <8d179fdabb4291a9e08b923be8fc28ad@cryptolab.net> On 2014-01-12 16:06, John L Grubbs wrote: > Looks like Tor is now included as of build 23220. No GUI as of yet. Any word on how well it's been tested? ~Griffin From rich at openwatch.net Sun Jan 12 16:53:14 2014 From: rich at openwatch.net (Rich Jones) Date: Sun, 12 Jan 2014 16:53:14 -0800 Subject: your death pool becomes a honeypot because of poor tradecraft In-Reply-To: <79abcbe7548d854cbf60c58528ec9b60@remailer.privacy.at> References: <79abcbe7548d854cbf60c58528ec9b60@remailer.privacy.at> Message-ID: I think the whole 'coin laundry' thing is nonsense - security through obscurity. Seems to me the only way to anonymously use BitCoin is to never tie them to your actual identity whatsoever. Has BitIodine been discussed on cpunks yet? http://miki.it/pdf/BitIodine_presentation.pdf http://miki.it/pdf/thesis.pdf R -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 535 bytes Desc: not available URL: From jamesdbell8 at yahoo.com Sun Jan 12 17:02:15 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Sun, 12 Jan 2014 17:02:15 -0800 (PST) Subject: 'Jury Booty' and Anti-prosecution tactics. (Was Re:) In-Reply-To: <6C9A86F2-E8E3-4CBE-A3E4-3BC25DAFF8CD@gmail.com> References: <20140112230319.DCC07228082@palinka.tinho.net> <6C9A86F2-E8E3-4CBE-A3E4-3BC25DAFF8CD@gmail.com> Message-ID: <1389574935.18340.YahooMailNeo@web141206.mail.bf1.yahoo.com> From: Robert Hettinga at 7:03 PM, dan at geer.org wrote: >> Is this not unlike a tontine? >Pretty much. Though Mr. Bell might have something to say about that. Oh, why not? On checking Wikipedia, I learned that "tontine" has meant different things in history.   My initial exposure to 'tontine' was to watch the movie, "The Wrong Box" in 1966, representing the kind of tontine that fictional versions usually present:  A group of donors putting money into a fund, eventually being paid to the last survivor of the group.   I recall one of the (funny!) scenes from that movie, where the two last survivors are in a room, with one tottering about the room trying to kill the other, but failing. If I understand this new operation, it's not precisely like any tontine that the Wikipedia article described.  http://en.wikipedia.org/wiki/Tontine    But each person running a system such as this will generally make new rules. I should probably take the time to say, yet again, that I am not involved in any way with either of these two efforts, nor do I know the persons or people involved with either. Some kind of inventiveness is to be expected here.  'Sanjuro's system involves names and amounts-per-name.  Quite a vanilla approach.  But on learning of that system a couple of months ago, and being aware of the fate of Silk Road 1.0, and the prompt arrival of Silk Road 2.0  http://en.wikipedia.org/wiki/Silk_Road_%28marketplace%29#Silk_Road_2.0  , it occurred to me that if the operators of Silk Road 2.0 wanted to assist their security and that of their users, they might protect themselves using an 'AM'-type of system.  After all, it is said that SR1.0 sold $1.2 billion of merchandise (mostly illegal?) over a period of two years.  Consider what would happen if the operators had dedicated a 1% "security tax" on such transactions, or ultimately a total of $12 million.  Could they dedicate that amount, targeted not to specific names, but to be targeted at 'any judge involved in a SR2.0 prosecution', 'any prosecutor involved in a SR2.0 prosecution', or 'any investigator involved in a SR2.0 prosecution'?   (For purposes of concreteness, say hypothetically $500K per judge, $250K per prosecutor, and $100K per investigator.  So, the amount of $12 million described above could, therefore, fund about 10 different SR2.0-anti-prosecution cases.) In other words, pre-authorize the 'AM'-type system operator to name the target as soon as that name becomes known.   One advantage of such a plan to the participants is that their donations would be more likely to see prompt usage, and would therefore more immediately deter anyone who was in a position to decide whether or not to investigate, prosecute, or judge such a case. There is yet another possible tactic, which I have given the humorous name, "Jury Booty".  What if this hypothetical 'AM'-type system is contracted to announce that it would pay a fixed dollar amount, for concreteness let's say $100K, to be distributed evenly to any portion of any jury who votes 'not guilty' to a Silk Road 2.0 case?  In other words, the money would be split only among those jurors who vote 'not guilty'.  This tactic would have the advantage that it would represent as much as a $100K deterrent to a conviction, to be paid to any lone hold-out juror who decides to break with the rest of the jury.  (Although, despite America's 5th Amendment double-jeopardy clause, the reality is that re-prosecution may be done if the vote to acquit is not unanimous.  Therefore, the payment might have to be repeated in a subsequent trial, etc.)  Authorities, no doubt, would want to label this 'jury tampering'.   http://en.wikipedia.org/wiki/Jury_tampering   However, it is likely that if no actual 'offer' is made to a specific juror, and  'everybody' simply KNOWS that these payments will occur (due to prior advertising and other publicity, and because other jurors have always been paid in the past), this should not run afoul of such laws.   One reason that these tactics would be particularly effective with a Silk-Road 2.0-type system is that they would likely reduce the risk of participating in such sales and purchases.  The high prices of illegal drugs is a product of the risk involved in their manufacture, distribution, sales, and purchase.  If such risks are dramatically reduced, the overall cost for such drugs could drop by a factor of 2, or much more.  A potential illegal-drug purchaser should consider a 1% 'tax' worthwhile if it drops the price of his purchase by 50%.  See Game Theory,  http://en.wikipedia.org/wiki/Game_theory              Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5825 bytes Desc: not available URL: From jya at pipeline.com Sun Jan 12 14:30:21 2014 From: jya at pipeline.com (John Young) Date: Sun, 12 Jan 2014 17:30:21 -0500 Subject: In-Reply-To: References: <93021389548788@web19g.yandex.ru> Message-ID: The joke about TCM is that this is a spoof like Tim May used to post. If not a spoof better not go there. At 04:59 PM 1/12/2014, you wrote: >Can you elaborate a bit about the panic onion? >Why is reachability and not content the indicator of the service's health? > > >On Sun, Jan 12, 2014 at 12:32 PM, John Young ><jya at pipeline.com> wrote: >Welcome back, TCM. You've been missed. > > > > >At 12:46 PM 1/12/2014, you wrote: >So I am organizing a lottery, I think you are all familiar with the concept. >There is currently one death pool with multiple people in it. > >The pool accepts bitcoin and litecoin, and >accurate death predictions will be rewarded 75% >of the funds. The other 25% will stay in the pool for the remaining names. > >You can find more information at: >http://lotteryd77nqcmtc.onion >Or clearnet: >http://lotteryd77nqcmtc.onion.lu > > > > > > >-- >————————————— > >Rich Jones > >OpenWatch is a global >citizen news network. Download OpenWatch >for >iOS and >for >Android! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1598 bytes Desc: not available URL: From bill.stewart at pobox.com Sun Jan 12 17:46:20 2014 From: bill.stewart at pobox.com (Bill Stewart) Date: Sun, 12 Jan 2014 17:46:20 -0800 Subject: 'Jury Booty' and Anti-prosecution tactics. (Was Re:) In-Reply-To: <1389574935.18340.YahooMailNeo@web141206.mail.bf1.yahoo.com > References: <20140112230319.DCC07228082@palinka.tinho.net> <6C9A86F2-E8E3-4CBE-A3E4-3BC25DAFF8CD@gmail.com> <1389574935.18340.YahooMailNeo@web141206.mail.bf1.yahoo.com> Message-ID: <20140113014624.539AF10246@a-pb-sasl-quonix.pobox.com> At 05:02 PM 1/12/2014, Jim Bell wrote: >... Authorities, no doubt, would want to label this 'jury >tampering'. http://en.wikipedia.org/wiki/Jury_tampering > However, it is likely that if no actual 'offer' is made to a >specific juror, and 'everybody' simply KNOWS that these payments >will occur (due to prior advertising and other publicity, and >because other jurors have always been paid in the past), this should >not run afoul of such laws. Of *course* they'd want to label it 'jury tampering', because it *is* jury tampering. It's an offer to bribe the jurors to acquit somebody they might otherwise convict. It directly runs afoul of jury tampering laws, and the only difference from traditional jury tampering is that it *might* be easier not to get caught. I do prefer it to some other traditional kinds of jury tampering, including the one where the government only allows prosecution-friendly jurors, and the one where the payment for acquittal is "not getting your legs broken". (The latter, btw, also has some anonymity built into the payment mechanism, since it's easy to deliver the payment anonymously to jurors who accept.) But they're all perversions of justice. From dan at geer.org Sun Jan 12 15:03:19 2014 From: dan at geer.org (dan at geer.org) Date: Sun, 12 Jan 2014 18:03:19 -0500 Subject: No subject In-Reply-To: Your message of "Sun, 12 Jan 2014 21:46:28 +0400." <93021389548788@web19g.yandex.ru> Message-ID: <20140112230319.DCC07228082@palinka.tinho.net> Is this not unlike a tontine? --dan From jamesdbell8 at yahoo.com Sun Jan 12 18:15:12 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Sun, 12 Jan 2014 18:15:12 -0800 (PST) Subject: 'Jury Booty' and Anti-prosecution tactics. (Was Re:) In-Reply-To: References: <20140112230319.DCC07228082@palinka.tinho.net> <6C9A86F2-E8E3-4CBE-A3E4-3BC25DAFF8CD@gmail.com> <1389574935.18340.YahooMailNeo@web141206.mail.bf1.yahoo.com> Message-ID: <1389579312.14369.YahooMailNeo@web141205.mail.bf1.yahoo.com> Aw c'mon John, I was writing in terms of hypotheticals.  Not making any sort of instructions, or even strong suggestions.  (I am still entitled to do that, right?)  If you doubt, I'm on Skype, and I'd be happy to set up a video skype call.  You know what I look like, since we met in April 2000 in court.  (As you probably recall, we were not even allowed to shake hands, a restriction I very much regretted at the time.)      Jim Bell ________________________________ From: John Young To: Jim Bell ; cypherpunks at cpunks.org Sent: Sunday, January 12, 2014 5:31 PM Subject: Re: 'Jury Booty' and Anti-prosecution tactics. (Was Re:) This has got to be a spoof. The real Jim Bell would never write this. Unless under pressure to ensnare the stupid and sending a coded message to stay far away. We recently got one of these stay-far-away messages from a noted ISP we had tried to contract who said three customers had been taken down. Wouldn't say why. This ISP fought against keeping an NSL secret for years and lost. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1882 bytes Desc: not available URL: From jamesdbell8 at yahoo.com Sun Jan 12 18:20:13 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Sun, 12 Jan 2014 18:20:13 -0800 (PST) Subject: 'Jury Booty' and Anti-prosecution tactics. (Was Re:) In-Reply-To: <1389579312.14369.YahooMailNeo@web141205.mail.bf1.yahoo.com> References: <20140112230319.DCC07228082@palinka.tinho.net> <6C9A86F2-E8E3-4CBE-A3E4-3BC25DAFF8CD@gmail.com> <1389574935.18340.YahooMailNeo@web141206.mail.bf1.yahoo.com> <1389579312.14369.YahooMailNeo@web141205.mail.bf1.yahoo.com> Message-ID: <1389579613.87972.YahooMailNeo@web141201.mail.bf1.yahoo.com> Oops!   April 2001.         Jim Bell ________________________________ From: Jim Bell To: John Young ; "cypherpunks at cpunks.org" Sent: Sunday, January 12, 2014 6:15 PM Subject: Re: 'Jury Booty' and Anti-prosecution tactics. (Was Re:) Aw c'mon John, I was writing in terms of hypotheticals.  Not making any sort of instructions, or even strong suggestions.  (I am still entitled to do that, right?)  If you doubt, I'm on Skype, and I'd be happy to set up a video skype call.  You know what I look like, since we met in April 2000 in court.  (As you probably recall, we were not even allowed to shake hands, a restriction I very much regretted at the time.)      Jim Bell ________________________________ From: John Young To: Jim Bell ; cypherpunks at cpunks.org Sent: Sunday, January 12, 2014 5:31 PM Subject: Re: 'Jury Booty' and Anti-prosecution tactics. (Was Re:) This has got to be a spoof. The real Jim Bell would never write this. Unless under pressure to ensnare the stupid and sending a coded message to stay far away. We recently got one of these stay-far-away messages from a noted ISP we had tried to contract who said three customers had been taken down. Wouldn't say why. This ISP fought against keeping an NSL secret for years and lost. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3401 bytes Desc: not available URL: From jessetaylor84 at riseup.net Sun Jan 12 18:53:11 2014 From: jessetaylor84 at riseup.net (Jesse Taylor) Date: Sun, 12 Jan 2014 18:53:11 -0800 Subject: Replacing corporate search engines with anonymous/decentralized search Message-ID: <52D35517.8050003@riseup.net> Thanks for your comments on this folks ... lots of food for thought. coderman at gmail.com said: /the longer discussion is how to make decentralized search useful. "Google style" search has a terrific performance advantage over decentralized designs by brute force. however, take advantage of massive endpoint / peer processing and resources combined with implicit observational metrics for reputation and recommendation, inside a well integrated framework for resource discovery in usable software, and you have something more robust and more effective than "Google style" could ever provide./ Yes, it does seem like the speed advantage of centralized search will be a barrier to adoption of decentralized search. This is analogous to the difficulty getting people adopt systems like Tor because it is slow. But I think that as more people become aware of the extent of state/corporate surveillance, they will become more inclined to accept solutions that are slower in exchange for not having their search habits monitored, and also being able to receive uncensored search results. As long as decentralized search is (a) usable/simple and (b) provides quality results, I feel like speed is somewhat of a secondary concern. The key question to me is: "How do we build a search engine that is simple enough for Grandma to use , that produces quality results without massive centralized indexing servers?" Standalone P2P search applications (e.g. Yacy) don't really make sense from a usability perspective. It's unrealistic to expect hundreds of millions of users to download a standalone Java app, and configure a P2P search node. What would make more sense, and would lead to much more rapid/widespread adoption, is to use protocols like WebSockets / WebRTC to facilitate P2P connectivity in the web browser , so that everything can be done via a simple browser plugin that can be installed by anyone with few clicks, and would then just allow people to use the browser search bar as usual. This browser integration would also have the bonus of simplifying the choice of what to index -- it could just default to indexing bookmarked and frequently-visited pages, and then be optionally customized by more advanced users to create custom indexes (i.e. all of the complexity of setting up indexing could be hidden from the user, unless they choose to look for it). To help bootstrap the WebRTC nodes into the P2P network, and to deal with some of the instability inherent in P2P networks (i.e. by creating stable "super-peer " indexing nodes), I like cathalgarvey's suggestion of utilizing something like a Wordpress//plugin that would use the same index/search standard as the WebRTC clients, but could additionally bootstrap the web-based clients. As cathalgarvey said:/ / /A standard rather than a codebase. But there's a huge advantage to this line of thought, if you'll bear with me. A two-digit fraction of the web right now is powered by Wordpress.org, who explicitly advocate open/free culture. If you can convince them to include a social search/index standard of this type, which is virtually free in terms of computer resources, then you'd have it deployed across the web in days as the next update rolled out. Indeed, even if Wordpress seemed reluctant, a wordpress plugin could probably be written quickly enough to enable such a thing and make it available for casual use. Suddenly, a bunch of PHP-powered sites around the web start committing small bits and pieces of resources to a social search engine based on human-curated attestations of trust that flow through a web, helping to confine spammers to the fringes and to users with stupid taste. / What would also be interesting is if this standard enabled some kind of "pingback" mechanism whereby WebRTC nodes could be associated with specific super-peer nodes (e.g. maybe people who have bookmarked the super-peer site in their browser, or subscribe to its feed), so that in addition to broad/random queries that target the entire P2P network, clients could also create more targeted custom searches that say something like "start the search with the nodes that are clustered around these super-peers". This would create an enormous diversity of search possibilities -- hundreds of thousands (millions) of different "search engines", each of which would return different results for the same query, depending on where you start your search ... This diversity is another reason I find P2P search interesting, in addition to the benefits re: censorship, traffic shaping, and surveillance. I've been looking around for some kind of WebRTC P2P search engine and haven't found anything yet ... maybe I've found a programming project for this summer :) -- Jesse Taylor -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5953 bytes Desc: not available URL: From hettinga at gmail.com Sun Jan 12 15:14:50 2014 From: hettinga at gmail.com (Robert Hettinga) Date: Sun, 12 Jan 2014 19:14:50 -0400 Subject: In-Reply-To: <20140112230319.DCC07228082@palinka.tinho.net> References: <20140112230319.DCC07228082@palinka.tinho.net> Message-ID: <6C9A86F2-E8E3-4CBE-A3E4-3BC25DAFF8CD@gmail.com> On Jan 12, 2014, at 7:03 PM, dan at geer.org wrote: > Is this not unlike a tontine? Pretty much. Though Mr. Bell might have something to say about that. See also, “Death Pool”, viz, http://en.wikipedia.org/wiki/The_Howie_Carr_Show#Listener_contests :-) I don’t think it's Tim. Tim’s too cool for school here… Cheers, RAH "When I was your age we didn't have Tim May! We had to be paranoid on our own! And we were grateful!" --Alan Olsen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 496 bytes Desc: Message signed with OpenPGP using GPGMail URL: From mixmaster at remailer.privacy.at Sun Jan 12 11:14:42 2014 From: mixmaster at remailer.privacy.at (Anonymous Remailer (austria)) Date: Sun, 12 Jan 2014 20:14:42 +0100 (CET) Subject: FBI trap? Message-ID: <1ca13dd9f8fc240fe40d5d0c23192fa8@remailer.privacy.at> The recent posting by david advertising both a hidden and a real world address may reflect a growing awareness of either the american FBI or of the NSA TAO of constructing digital evidence trails for conspiracy to murder public officials.. I DONT trust onion.lu nor do I trust gandi.net not to log all queries besides they DONT have a way to add to the list, the richly deserving but unamed wizards behind the curtains.. those in congress, the presidency and the judiciary who carry the NSA's water. Such as our current veep who began very visibly in 1991 to support the NSA with SB266 and finishing off with the atrocity that is bluffdale utah From rich at openwatch.net Sun Jan 12 20:21:36 2014 From: rich at openwatch.net (Rich Jones) Date: Sun, 12 Jan 2014 20:21:36 -0800 Subject: your death pool becomes a honeypot because of poor tradecraft In-Reply-To: References: <79abcbe7548d854cbf60c58528ec9b60@remailer.privacy.at> Message-ID: Haters sending anonymous death threats, did you even read the linked paper? Or would you like to see another real world example of coin tumblers failing? http://www.reddit.com/r/SheepMarketplace/comments/1rvlft/i_just_chased_him_through_a_bitcoin_tumbler_and/ Don't be so touchy! R -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 497 bytes Desc: not available URL: From jya at pipeline.com Sun Jan 12 17:31:00 2014 From: jya at pipeline.com (John Young) Date: Sun, 12 Jan 2014 20:31:00 -0500 Subject: 'Jury Booty' and Anti-prosecution tactics. (Was Re:) In-Reply-To: <1389574935.18340.YahooMailNeo@web141206.mail.bf1.yahoo.com > References: <20140112230319.DCC07228082@palinka.tinho.net> <6C9A86F2-E8E3-4CBE-A3E4-3BC25DAFF8CD@gmail.com> <1389574935.18340.YahooMailNeo@web141206.mail.bf1.yahoo.com> Message-ID: This has got to be a spoof. The real Jim Bell would never write this. Unless under pressure to ensnare the stupid and sending a coded message to stay far away. We recently got one of these stay-far-away messages from a noted ISP we had tried to contract who said three customers had been taken down. Wouldn't say why. This ISP fought against keeping an NSL secret for years and lost. From coderman at gmail.com Sun Jan 12 21:02:31 2014 From: coderman at gmail.com (coderman) Date: Sun, 12 Jan 2014 21:02:31 -0800 Subject: your death pool becomes a honeypot because of poor tradecraft In-Reply-To: <79abcbe7548d854cbf60c58528ec9b60@remailer.privacy.at> References: <79abcbe7548d854cbf60c58528ec9b60@remailer.privacy.at> Message-ID: On Sun, Jan 12, 2014 at 4:35 PM, Anonymous Remailer (austria) wrote: > ... > poor tradecraft = working for the NSA/FBI/IRS i am amused that google is showing me this ad: "Degrees for CIA Officers - www.henley-putnam.edu - Advance Your CIA Career Today. Learn from Former CIA, FBI and DoD!" on this thread. ;P > your transactions EASILY are visible at blockchain.info and walking the chain back still waiting for zerocoin to get merged into mainline ... *cough* From jamesdbell8 at yahoo.com Sun Jan 12 21:25:45 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Sun, 12 Jan 2014 21:25:45 -0800 (PST) Subject: 'Jury Booty' and Anti-prosecution tactics. (Was Re:) In-Reply-To: <20140113014624.539AF10246@a-pb-sasl-quonix.pobox.com> References: <20140112230319.DCC07228082@palinka.tinho.net> <6C9A86F2-E8E3-4CBE-A3E4-3BC25DAFF8CD@gmail.com> <1389574935.18340.YahooMailNeo@web141206.mail.bf1.yahoo.com> <20140113014624.539AF10246@a-pb-sasl-quonix.pobox.com> Message-ID: <1389590745.7344.YahooMailNeo@web141206.mail.bf1.yahoo.com> Yahoo's email editor is FUCKED!!       Jim Bell From: Bill Stewart At 05:02 PM 1/12/2014, Jim Bell wrote: >>... Authorities, no doubt, would want to label this 'jury >>tampering'.   http://en.wikipedia.org/wiki/Jury_tampering >>  However, it is likely that if no actual 'offer' is made to a >>specific juror, and  'everybody' simply KNOWS that these payments >>will occur (due to prior advertising and other publicity, and >>because other jurors have always been paid in the past), this should >>not run afoul of such laws. >Of *course* they'd want to label it 'jury tampering', because it *is* >jury tampering. The exact wording of the laws is important.  A given state's law may refer to 'during a trial', a factor which need not be present in a hypothetical case.  >It's an offer to bribe the jurors to acquit somebody they might >otherwise convict. Strictly speaking, it would be a statement that they WILL make a payment, NOT that they 'offer' to do so.  The exact wording of the laws is important.  Moreover, TIMING is important as well.  See the following case:     http://www.abajournal.com/news/article/federal_judge_tosses_tampering_charge_against_nullification_protester/ That was a jury-nullification leafletting case.     "U.S. District Judge Kimba Wood said the tampering statute was aimed at people who try to influence a decision in a specific case, the New York Times reports. The defendant, 80-year-old Julian Heicklen, was arrested for passing out brochures advocating the idea that jurors can acquit defendants if they disagree with the laws used to prosecute them.According to the Times, Wood avoided a First Amendment ruling by basing her decision on the reach of the statute. But an Associated Press story says Wood mentioned the First Amendment in her decision, saying it protects speech concerning judicial proceedings as long as the speech doesn’t prevent fair and impartial justice". http://www.criminaldefenselawyer.com/resources/criminal-defense/criminal-defense-case/jury-issues-2.htm I have read some jury tampering decisions which quote laws which prohibit such offers DURING a trial, not days, weeks, months, or even years ahead of time.  What I was referring to was a practice where it would become generally know, months or even years in advance, that such a payment would be made.  This is NOT the heartland of a 'jury tampering' case.  Also,  http://www.criminaldefenselawyer.com/resources/criminal-defense/criminal-defense-case/jury-issues-2.htm >It directly runs afoul of jury tampering laws, and the only difference from >traditional jury tampering is that it *might* be easier not to get caught. Also, see the 1969 Supreme Court case, Brandenburg v. Ohio.    http://en.wikipedia.org/wiki/Brandenburg_v._ohio The SC ruled that mere advocacy of a future criminal action (not 'imminent lawless action', as in a riot situation) is 'protected speech' under the 1st amendment to the U.S. Constitution. See also:   http://famguardian.org/Subjects/LawAndGovt/LegalEthics/JuryTampering.htm >I do prefer it to some other traditional kinds of jury tampering, >including the one where the government only allows prosecution-friendly jurors, >and the one where the payment for acquittal is "not getting your legs broken". >(The latter, btw, also has some anonymity built into the payment mechanism, >since it's easy to deliver the payment anonymously to jurors who accept.) >But they're all perversions of justice. I view existing 'justice' as being entirely perverted, already.  See   http://definitions.uslegal.com/j/jury-tampering/ In any case, I did not publicize these actions with the intent that somebody rush out and do it, without further legal research.  Obviously, individual states' laws should be checked.  And, if necessary, a lawsuit can be brought, alleging that the complainant wishes to commence a given course of action, and challenging the government to prove that this action is necessarily illegal.  I suspect that if no direct contact with individual jurors occurs, and this is part of a long-standing campaign over a period of months or years, this cannot be described as 'jury tampering' within the meaning of current laws.               Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 8409 bytes Desc: not available URL: From vfwavrwava at yandex.com Sun Jan 12 09:46:28 2014 From: vfwavrwava at yandex.com (David -) Date: Sun, 12 Jan 2014 21:46:28 +0400 Subject: No subject Message-ID: <93021389548788@web19g.yandex.ru> So I am organizing a lottery, I think you are all familiar with the concept. There is currently one death pool with multiple people in it. The pool accepts bitcoin and litecoin, and accurate death predictions will be rewarded 75% of the funds. The other 25% will stay in the pool for the remaining names. You can find more information at: http://lotteryd77nqcmtc.onion Or clearnet: http://lotteryd77nqcmtc.onion.lu From coderman at gmail.com Sun Jan 12 21:49:33 2014 From: coderman at gmail.com (coderman) Date: Sun, 12 Jan 2014 21:49:33 -0800 Subject: hacker != cracker (Re: Swartz, Weev & radical libertarian lexicon) Message-ID: On Wed, Jan 8, 2014 at 6:04 PM, brian carroll wrote: > coderman wrote: >> i am exploring a gambit for disclosure post-statute-of-limitations, >> but even this protection seems meager and risky. > > (that is a beautiful idea) it may be a very bad idea, we'll find out together these months ahead ;) there are three tales to tell: the first: wifi security interests crossed paths with power institutions lacking tact. 2003 Synopsis scanned and vulnerable, Synopsis providing licensed IP to Intel, the Oregon behemoth, who then combined a PR ruse[0] with InfraGard pull for a FBI fishing expedition trying to catch dirt... the second: monitoring from convenient location unexpectedly colocated by covert crash pad for $TLA adventure leads to lessons on mutual authentication assurances. the third: a "research experiment" widely talked about yet so few know about. in 2007 a confluence of factors collided in the perfect storm: a Tor privacy appliance actively thwarted by VMWare, a Tor summer of code proposal rejected with prejudice, and a rash of mediocre Tor vulnerability papers garnering press and pomp for posturing poseurs. under this cloud of discontent we discovered and maximized a control port vulnerability to demonstrate both the inherent strength of a virtualized transparent proxy model, but also just how bad a truly a truly bad vulnerability can be in practice. (dialed to 11, and discovered the unbelievable without getting disappeared ;) in each a discussion of the security lessons learned, perhaps an insight here or there, much rambling implicitly entwined... that will do for now, until the future, best regards 0. called for lengthy discussion as background on article for wireless security, instead used as a scaryhacker caricature in FUD piece promoting Intel Centrino security features. never talked to media since; encourage all to never talk to media as well with rare exception. specific quote behind the interest: "Netstumbling is not against the law, says special agent Mary Kimura of the Federal Bureau of Investigation (FBI), but it comes awfully close. "It's not illegal to scan for open networks," Kimura says, "but once a theft of service, denial of service, or theft of information occurs, then it becomes a federal violation." Kimura is the Infragard coordinator in the FBI's San Francisco office." From coderman at gmail.com Sun Jan 12 22:27:24 2014 From: coderman at gmail.com (coderman) Date: Sun, 12 Jan 2014 22:27:24 -0800 Subject: WebRTC for P2P [was Re: Replacing corporate search engines with anonymous/decentralized search] Message-ID: On Sun, Jan 12, 2014 at 6:53 PM, Jesse Taylor wrote: > ... > What would make more sense, and would lead to much more rapid/widespread > adoption, is to use protocols like WebSockets / WebRTC to facilitate P2P > connectivity in the web browser, so that everything can be done via a simple > browser plugin that can be installed by anyone with few clicks, and would > then just allow people to use the browser search bar as usual.... > > To help bootstrap the WebRTC nodes into the P2P network, and to deal with > some of the instability inherent in P2P networks (i.e. by creating stable > "super-peer" indexing nodes), I like cathalgarvey's suggestion of utilizing > something like a Wordpress plugin that would use the same index/search > standard as the WebRTC clients, but could additionally bootstrap the > web-based clients. > ... > I've been looking around for some kind of WebRTC P2P search engine and > haven't found anything yet ... maybe I've found a programming project for > this summer :) WebRTC sockets in browsers for P2P would be an interesting project; this has been brought up here and there for various purposes, yet I can't find many resources on this either. interop is much better than when i last checked! http://www.webrtc.org/interop and WebRTC is actually working in the browser i'm using: https://apprtc.webrtc.org widespread use given a compelling use case is feasible, and a much lower bar than third party application installs or Java apps require. i would be interested in following your progress if you do start coding on this... best regards, From vfwavrwava at yandex.com Sun Jan 12 12:12:13 2014 From: vfwavrwava at yandex.com (David -) Date: Mon, 13 Jan 2014 00:12:13 +0400 Subject: FBI trap? Message-ID: <231971389557533@web2g.yandex.ru> Not meant to be a trap, but your concerns regarding the tracability of bitcoin are correct. There is currently no way to add to the list. I intent to make a second, much larger pool which will include 'those in congress, the presidency and the judiciary who carry the NSA's water'. And a third pool containing corporate. I am open for suggestions. I will listen to opinions about who should be on the list. From jamesdbell8 at yahoo.com Mon Jan 13 01:13:52 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Mon, 13 Jan 2014 01:13:52 -0800 (PST) Subject: 'Jury Booty' and Anti-prosecution tactics. (Was Re:) In-Reply-To: <37631389597381@web11g.yandex.ru> References: <20140112230319.DCC07228082@palinka.tinho.net> <6C9A86F2-E8E3-4CBE-A3E4-3BC25DAFF8CD@gmail.com> <1389574935.18340.YahooMailNeo@web141206.mail.bf1.yahoo.com> <37631389597381@web11g.yandex.ru> Message-ID: <1389604432.87517.YahooMailNeo@web141201.mail.bf1.yahoo.com> As you might have seen from a comment of mine on the Cypherpunks list nearly two months ago, my main criticism of 'Sanjuro's system is that it is apparently limited to a minimum donation of 1.0 Bitcoin, or (currently) about 864 dollars.  I have hesitated to carefully study that system to understand why the minimum is there (for reasons that should be obvious!), but it may be because donations are totalized manually.  I predicted that this limitation would strongly deter anybody from donating, and I suspect that this phenomenon has occurred over the last 1.8 months.  People should be aware that it is possible to file a lawsuit to challenge the anticipated claim of illegality of any such system.  Although, the person or people who file that lawsuit should probably not have any connection with any currently-operating 'prediction market'.  Effectively, the lawsuit should allege that there are people who would operate such a system, believe it to be legal, but are currently deterred from running that system due to a reasonable fear that some government would label it as being 'illegal'.  (And, have a reasonable fear that the government will use illegal or fraudulent tactics to victimize such operators.)   The purpose of this lawsuit would be to force 'the government' to "put up or shut up":  To prove either that the system need not be, or alternatively must be, illegal.  The burden of the latter's proof will be on the government, presumably the Federal government of the United States.             Jim Bell ________________________________ From: David - To: "cypherpunks at cpunks.org" Sent: Sunday, January 12, 2014 11:16 PM Subject: Re: 'Jury Booty' and Anti-prosecution tactics. (Was Re:) "One advantage of such a plan to the participants is that their donations would be more likely to see prompt usage, and would therefore more immediately deter anyone who was in a position to decide whether or not to investigate, prosecute, or judge such a case." My main reason for doing this (donations for a pool of people) is that you might have 1BTC to spare, but you have multiple names to address. This way the prize money per-name becomes much higher.     13.01.2014, 05:07, "Jim Bell" : From: Robert Hettinga > >at 7:03 PM, dan at geer.org wrote: > >>> Is this not unlike a tontine? > >>Pretty much. Though Mr. Bell might have something to say about that. > >Oh, why not? >On checking Wikipedia, I learned that "tontine" has meant different things in history.   My initial exposure to 'tontine' was to watch the movie, "The Wrong Box" in 1966, representing the kind of tontine that fictional versions usually present:  A group of donors putting money into a fund, eventually being paid to the last survivor of the group.   I recall one of the (funny!) scenes from that movie, where the two last survivors are in a room, with one tottering about the room trying to kill the other, but failing. >If I understand this new operation, it's not precisely like any tontine that the Wikipedia article described.  http://en.wikipedia.org/wiki/Tontine    But each person running a system such as this will generally make new rules. > >I should probably take the time to say, yet again, that I am not involved in any way with either of these two efforts, nor do I know the persons or people involved with either. > >Some kind of inventiveness is to be expected here.  'Sanjuro's system involves names and amounts-per-name.  Quite a vanilla approach.  But on learning of that system a couple of months ago, and being aware of the fate of Silk Road 1.0, and the prompt arrival of Silk Road 2.0  http://en.wikipedia.org/wiki/Silk_Road_%28marketplace%29#Silk_Road_2.0  , it occurred to me that if the operators of Silk Road 2.0 wanted to assist their security and that of their users, they might protect themselves using an 'AM'-type of system.  After all, it is said that SR1.0 sold $1.2 billion of merchandise (mostly illegal?) over a period of two years.  Consider what would happen if the operators had dedicated a 1% "security tax" on such transactions, or ultimately a total of $12 million.  Could they dedicate that amount, targeted not to specific names, but to be targeted at 'any judge involved in a SR2.0 prosecution', 'any prosecutor involved in a SR2.0 prosecution', or 'any investigator involved in a SR2.0 prosecution'?   (For purposes of concreteness, say hypothetically $500K per judge, $250K per prosecutor, and $100K per investigator.  So, the amount of $12 million described above could, therefore, fund about 10 different SR2.0-anti-prosecution cases.) In other words, pre-authorize the 'AM'-type system operator to name the target as soon as that name becomes known.   One advantage of such a plan to the participants is that their donations would be more likely to see prompt usage, and would therefore more immediately deter anyone who was in a position to decide whether or not to investigate, prosecute, or judge such a case. > >There is yet another possible tactic, which I have given the humorous name, "Jury Booty".  What if this hypothetical 'AM'-type system is contracted to announce that it would pay a fixed dollar amount, for concreteness let's say $100K, to be distributed evenly to any portion of any jury who votes 'not guilty' to a Silk Road 2.0 case?  In other words, the money would be split only among those jurors who vote 'not guilty'.  This tactic would have the advantage that it would represent as much as a $100K deterrent to a conviction, to be paid to any lone hold-out juror who decides to break with the rest of the jury.  (Although, despite America's 5th Amendment double-jeopardy clause, the reality is that re-prosecution may be done if the vote to acquit is not unanimous.  Therefore, the payment might have to be repeated in a subsequent trial, etc.)  Authorities, no doubt, would want to label this 'jury tampering'.   http://en.wikipedia.org/wiki/Jury_tampering   However, it is likely that if no actual 'offer' is made to a specific juror, and  'everybody' simply KNOWS that these payments will occur (due to prior advertising and other publicity, and because other jurors have always been paid in the past), this should not run afoul of such laws.   > >One reason that these tactics would be particularly effective with a Silk-Road 2.0-type system is that they would likely reduce the risk of participating in such sales and purchases.  The high prices of illegal drugs is a product of the risk involved in their manufacture, distribution, sales, and purchase.  If such risks are dramatically reduced, the overall cost for such drugs could drop by a factor of 2, or much more.  A potential illegal-drug purchaser should consider a 1% 'tax' worthwhile if it drops the price of his purchase by 50%.  See Game Theory,  http://en.wikipedia.org/wiki/Game_theory    >          Jim Bell > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 9509 bytes Desc: not available URL: From mixmaster at remailer.privacy.at Sun Jan 12 16:35:30 2014 From: mixmaster at remailer.privacy.at (Anonymous Remailer (austria)) Date: Mon, 13 Jan 2014 01:35:30 +0100 (CET) Subject: your death pool becomes a honeypot because of poor tradecraft Message-ID: <79abcbe7548d854cbf60c58528ec9b60@remailer.privacy.at> as in the case of SILK ROAD and the SR2 honeypot.. poor tradecraft = working for the NSA/FBI/IRS same effect to the now busted.. your transactions EASILY are visible at blockchain.info and walking the chain back sigh again conspiracy to murder USG public officials will result in a worldwide manhunt WITH NSA assistance under EO 12333.. I am NOT saying dont do it.. I am saying be more fucking careful about where you buy your bitcoin at and make sure it goes through a coin laundry a couple of times From eric at konklone.com Sun Jan 12 22:42:19 2014 From: eric at konklone.com (Eric Mill) Date: Mon, 13 Jan 2014 01:42:19 -0500 Subject: WebRTC for P2P [was Re: Replacing corporate search engines with anonymous/decentralized search] In-Reply-To: References: Message-ID: > On Sun, Jan 12, 2014 at 6:53 PM, Jesse Taylor > wrote: > WebRTC sockets in browsers for P2P would be an interesting project; > this has been brought up here and there for various purposes, yet I > can't find many resources on this either. > > interop is much better than when i last checked! > http://www.webrtc.org/interop > and WebRTC is actually working in the browser i'm using: > https://apprtc.webrtc.org > > widespread use given a compelling use case is feasible, and a much > lower bar than third party application installs or Java apps require. > I am a huuuge fan and optimist for WebRTC. It has only just barely begun to be available in the latest stable versions of modern browsers, so we are still in the calm before the storm of experimentation. (A bit like WebSockets a few years ago, but the ramifications of P2P connections are, I think, more profound than adding real-time capabilities.) One website I use to get across the power of WebRTC is Sharefest: https://www.sharefest.me/ It's file-sharing without a cloud. The central service just assigns UUIDs and does the initial signaling, but the file transfer happens P2P. Extra neat feature: the file and associated permalink stays "alive" as long as any one person has their tab open. (It warns you if you're the last person and you try to close the tab.) As WebRTC gets mind-share and browser-share, I think you'll see a lot of effort devoted to lowering the usability and accessibility barrier to decentralized technology on the web. -- Eric -- konklone.com | @konklone -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2442 bytes Desc: not available URL: From grarpamp at gmail.com Mon Jan 13 00:50:16 2014 From: grarpamp at gmail.com (grarpamp) Date: Mon, 13 Jan 2014 03:50:16 -0500 Subject: Bitcoin washing Message-ID: On Sun, Jan 12, 2014 at 7:53 PM, Rich Jones wrote: > Seems to me the only way to anonymously use BitCoin is to never > tie them to your actual identity whatsoever. Seems that'd be about as hard as breaking your stash into possibly thousands of random sub $casual amount pots and shuffling/washing them about would be. Though both are possible does anyone bother? The problem for large balances is even more... spottable reconvergence of the amount on the other side. You'd need to close out at the thousands stage post wash instead of reconverging. It might help if there were a few large essentially free random washing machines operating in the anonymous space to encourage all transactions to be scrambled and swapped. Localbitcoin equivalents might be the only real in/out points available for such things and even that's not always perfect. > coderman: > still waiting for zerocoin to get merged into mainline ... *cough* topic related: coinjoin / coinswap https://bitcointalk.org/index.php?topic=279249.0 https://bitcointalk.org/index.php?topic=321228.0 From mixmaster at remailer.privacy.at Sun Jan 12 19:21:16 2014 From: mixmaster at remailer.privacy.at (Anonymous Remailer (austria)) Date: Mon, 13 Jan 2014 04:21:16 +0100 (CET) Subject: FUCK SVEASOFT! Who the fuck uses dd-wrt anymore? Re: Tor now built into DD-WRT Message-ID: sveasoft broke the GPL years ago.. and was FULL of security holes.. most smart folk moved to open-wrt years ago where tor is a compile away also no fees $$$(SVEASOFT) for what is free software FUCK SVEASOFT!! fucking GPL Pirates and scammers From nymble at gmail.com Mon Jan 13 10:16:54 2014 From: nymble at gmail.com (nymble) Date: Mon, 13 Jan 2014 10:16:54 -0800 Subject: serialization formats [formerly: Curve p25519 Replacements for GnuPG?...] In-Reply-To: <20140111220245.GX7008@ctrlc.hu> References: <52CFE3E9.5040400@cypherpunks.to> <20140110122133.GG7008@ctrlc.hu> <52CFEC67.9090706@cypherpunks.to> <3153198.N6KqkV6bkD@lap> <52D00724.1030302@cypherpunks.to> <20140110150209.GO7008@ctrlc.hu> <52D02F64.3010006@cypherpunks.to> <20140111211131.9D8DCF8B1@a-pb-sasl-quonix.pobox.com> <20140111220245.GX7008@ctrlc.hu> Message-ID: <8D18A4BF-8361-4AC4-93AD-AE74650A6455@gmail.com> On Jan 11, 2014, at 2:02 PM, stef wrote: > On Sat, Jan 11, 2014 at 01:11:20PM -0800, Bill Stewart wrote: >> bits, etc. A secondary goal is to support transcription by humans >> or optical character readers that are likely to make mistakes on >> some similar-looking characters, but that's much less common. A > > it might make sense to accommodate both camps by supporting the terse base85 > and a format for transcription - number-station style, decimal digits in > fiver-groups. seems to be state of the art until today apparently ;) Yes…. transcription needs to be readable … perhaps base 27 or 58. Also .. noticed that UTF8 works as a continuos map to base 52643 Base 64 might be best for QR codes ... --- x-coordinate of public key Q = d*G for 'curve25519 of len = 32 --- xQ = 37664895557658108626454777585526504736961071659807064241611508404557428053916 xQ hex = 5345934eacb5b9adb3ffb4dee98d8942539cbdc23242a4d9c65e758fc7fc579c xQ base27 = FEXME 8R64N GDX72 6EXH4 XGEPZ E3NFK CWYJE 7P2J6 249JR XNX9T GNZT xQ base58 = 6c4NZ dLBJJ XdBCD V4ivS 6eovD gEFbP euMtQ uLDkW UXTR xQ base64 = U0WTTqy1ua2z/7Te6Y2JQlOcvcIyQqTZxl51j8f8V5w= xQ base85 = Q$>?bthKqVv;VZ->5Yj(Q=GlRGD4);#$I)g$NX2E xQ base52643 = 쀋퐟쥎흇곝항렷샔썿곊삃쥠챲떨쓹봪쁍촚멆 > > -- > pgp: https://www.ctrlc.hu/~stef/stef.gpg > pgp fp: FD52 DABD 5224 7F9C 63C6 3C12 FC97 D29F CA05 57EF > otr fp: https://www.ctrlc.hu/~stef/otr.txt From vfwavrwava at yandex.com Sun Jan 12 23:16:21 2014 From: vfwavrwava at yandex.com (David -) Date: Mon, 13 Jan 2014 11:16:21 +0400 Subject: 'Jury Booty' and Anti-prosecution tactics. (Was Re:) In-Reply-To: <1389574935.18340.YahooMailNeo@web141206.mail.bf1.yahoo.com> References: <20140112230319.DCC07228082@palinka.tinho.net> <6C9A86F2-E8E3-4CBE-A3E4-3BC25DAFF8CD@gmail.com> <1389574935.18340.YahooMailNeo@web141206.mail.bf1.yahoo.com> Message-ID: <37631389597381@web11g.yandex.ru> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 6053 bytes Desc: not available URL: From gwen at cypherpunks.to Mon Jan 13 11:42:51 2014 From: gwen at cypherpunks.to (gwen hastings) Date: Mon, 13 Jan 2014 11:42:51 -0800 Subject: Bitcoin is not NEARLY safe enough for AP Re: your death pool becomes a honeypot because of poor tradecraft In-Reply-To: References: <79abcbe7548d854cbf60c58528ec9b60@remailer.privacy.at> Message-ID: <52D441BB.60001@cypherpunks.to> Wow, thats kind of an interesting read.. especially using the technique of tagging the wallets with another easily recognizable amount to make them easy to trace. It would seem the the blockchain which protects against double spending but is entirely public and unblinded(in a chaumian cryptographic blinding sense) and the fact that one can unilaterally pay a particular wallet a recognizable amount.. It would seem that one simple could leave that amount behind(since it is EASY to identify and simply transfer the rest of the funds into ever smaller wallets and exchange those face to face at buttonwood meetings etc formerly we used to classify an electronic anonymous currency by saying "its good enough for assassination politics".. Bitcoin is not NEARLY good(safe) enough for AP... sorry GH ps is lucky present? and TC MAY get your ass out of the woodwork and post damn it... On 1/12/14 8:21 PM, Rich Jones wrote: > Haters sending anonymous death threats, did you even read the linked paper? > Or would you like to see another real world example of coin tumblers > failing? > http://www.reddit.com/r/SheepMarketplace/comments/1rvlft/i_just_chased_him_through_a_bitcoin_tumbler_and/ > > Don't be so touchy! > > R > -- Tentacle #99 ecc public key curve p25519(pcp 0.15) 1l0$WoM5C8z=yeZG7?$]f^Uu8.g>4rf#t^6mfW9(rr910 Governments are instituted among men, deriving their just powers from the consent of the governed, that whenever any form of government becomes destructive of these ends, it is the right of the people to alter or abolish it, and to institute new government, laying its foundation on such principles, and organizing its powers in such form, as to them shall seem most likely to effect their safety and happiness.’ https://github.com/TLINDEN/pcp.git to get pcp(curve25519 cli) From jya at pipeline.com Mon Jan 13 09:01:13 2014 From: jya at pipeline.com (John Young) Date: Mon, 13 Jan 2014 12:01:13 -0500 Subject: Hector "Sabu" Monsegur Sentencing 2 April 2014 Message-ID: Hector "Sabu" Monsegur sentencing 2 April 2014: http://cryptome.org/2014/01/monsegur-13-0113.htm This is the latest postponement as Sabu continues assisting authorities sweep up his confederates and other cyber targets. Also helped by an undentified informant who ratted Sabu. This has netted about 16 indictments, presumably more in the pipeline, some of whom are likely pressured to name even more. Fantastic security business, shopping anonymouses. From hozer at hozed.org Mon Jan 13 11:21:27 2014 From: hozer at hozed.org (Troy Benjegerdes) Date: Mon, 13 Jan 2014 13:21:27 -0600 Subject: Transparency and the price of anonymity Message-ID: <20140113192127.GV3180@nl.grid.coop> > > > your transactions EASILY are visible at blockchain.info and walking the chain back > > still waiting for zerocoin to get merged into mainline ... *cough* Zerocoin has not been merged because it is not sufficiently funded. If I thought it actually worked, I'd merge it into a *coin client and give end-users a choice if they want to blacklist any coins touched by zerocoin, or if they wish to pay the public cost to provide private anonymity. The problem with anonymity is it's *expensive* to actually have meaningful protection from people that would lock you up or make you dead, and I have not seen any credible way for the anon community to actually pay scientists and developers to design, build, and most importantly **TEST** various types of remailers, mixers, and laundry machines. I've decided it's far less costly *for me personally* to be completely transparent, and do my best to live in a way which has nothing to hide. Yes, that is potentially dangerous, just as it was dangerous for the man who stood in front of a tank in Tiananmen square, and it was dangerous for Edward Snowden publicly leak documents. However, I think the public and onymous (having a name) demonstrations of principle in full view of the world have a far greater leverage on public opinion than acts without a face or a name. If the only secrets I have are the private keys which protect my ability to publicly and securely validate who I am, the world seems to be a far less dangerous place, and one that is much easier to live and let live. So I understand those of you who need to remain names without a face, and I want you to be able to be free as in freedom to live. But freedom is not free as in beer, and there is a cost. I'd like an open and transparent discussion about how to fund that cost, starting with whether http://en.wikipedia.org/wiki/The_Transparent_Society may be a solution. -- Troy Benjegerdes From hozer at hozed.org Mon Jan 13 12:13:23 2014 From: hozer at hozed.org (Troy Benjegerdes) Date: Mon, 13 Jan 2014 14:13:23 -0600 Subject: Bitcoin is not NEARLY safe enough for AP Re: your death pool becomes a honeypot because of poor tradecraft In-Reply-To: <52D441BB.60001@cypherpunks.to> References: <79abcbe7548d854cbf60c58528ec9b60@remailer.privacy.at> <52D441BB.60001@cypherpunks.to> Message-ID: <20140113201323.GY3180@nl.grid.coop> If the FBI is smart they will start sponsoring buttonwood meetings with the Silk Road bitcoin wallet(s). This will set off an interesting turf war between the bankers and intelligence community. On Mon, Jan 13, 2014 at 11:42:51AM -0800, gwen hastings wrote: > Wow, > thats kind of an interesting read.. especially using the technique > of tagging the wallets with another easily recognizable amount to make > them easy to trace. > > It would seem the the blockchain which protects against double spending > but is entirely public and unblinded(in a chaumian cryptographic > blinding sense) and the fact that one can unilaterally pay a particular > wallet a recognizable amount.. > > It would seem that one simple could leave that amount behind(since it is > EASY to identify and simply transfer the rest of the funds into ever > smaller wallets and exchange those face to face at buttonwood meetings etc > > formerly we used to classify an electronic anonymous currency > by saying "its good enough for assassination politics".. > > Bitcoin is not NEARLY good(safe) enough for AP... sorry > > GH > > ps is lucky present? > > and TC MAY get your ass out of the woodwork and post damn it... > > > On 1/12/14 8:21 PM, Rich Jones wrote: > > Haters sending anonymous death threats, did you even read the linked paper? > > Or would you like to see another real world example of coin tumblers > > failing? > > http://www.reddit.com/r/SheepMarketplace/comments/1rvlft/i_just_chased_him_through_a_bitcoin_tumbler_and/ > > > > Don't be so touchy! > > > > R > > > > > -- > Tentacle #99 > > ecc public key curve p25519(pcp 0.15) > > 1l0$WoM5C8z=yeZG7?$]f^Uu8.g>4rf#t^6mfW9(rr910 > > Governments are instituted among men, > deriving their just powers from the consent of the governed, > that whenever any form of government becomes destructive > of these ends, it is the right of the people to alter or > abolish it, and to institute new government, laying its > foundation on such principles, and organizing its powers > in such form, as to them shall seem most likely to effect > their safety and happiness.’ > > https://github.com/TLINDEN/pcp.git to get pcp(curve25519 cli) From hozer at hozed.org Mon Jan 13 12:37:27 2014 From: hozer at hozed.org (Troy Benjegerdes) Date: Mon, 13 Jan 2014 14:37:27 -0600 Subject: 'Jury Booty' and Anti-prosecution tactics. (Was Re:) In-Reply-To: <20140113014624.539AF10246@a-pb-sasl-quonix.pobox.com> References: <20140112230319.DCC07228082@palinka.tinho.net> <6C9A86F2-E8E3-4CBE-A3E4-3BC25DAFF8CD@gmail.com> <1389574935.18340.YahooMailNeo@web141206.mail.bf1.yahoo.com> <20140113014624.539AF10246@a-pb-sasl-quonix.pobox.com> Message-ID: <20140113203727.GZ3180@nl.grid.coop> On Sun, Jan 12, 2014 at 05:46:20PM -0800, Bill Stewart wrote: > At 05:02 PM 1/12/2014, Jim Bell wrote: > > >... Authorities, no doubt, would want to label this 'jury > >tampering'. > >http://en.wikipedia.org/wiki/Jury_tampering However, it > >is likely that if no actual 'offer' is made to a specific juror, > >and 'everybody' simply KNOWS that these payments will occur (due > >to prior advertising and other publicity, and because other jurors > >have always been paid in the past), this should not run afoul of > >such laws. > > Of *course* they'd want to label it 'jury tampering', because it > *is* jury tampering. > It's an offer to bribe the jurors to acquit somebody they might > otherwise convict. > It directly runs afoul of jury tampering laws, and the only difference from > traditional jury tampering is that it *might* be easier not to get caught. > > I do prefer it to some other traditional kinds of jury tampering, > including the one where the government only allows prosecution-friendly jurors, > and the one where the payment for acquittal is "not getting your legs broken". > (The latter, btw, also has some anonymity built into the payment mechanism, > since it's easy to deliver the payment anonymously to jurors who accept.) > But they're all perversions of justice. I think some sort of "fund the campaign of the first politician to succeed in making said illegal behavior legal" is far more likely to have the desired results. I would argue that politicians are far more predictable than jurors, and then it's pretty clear you are making a free speech/change the law payout, rather than do something most people would think is shady. (Okay, most people think buying politicians is shady, but that feels like a much easier public relations game to win than bribing jurors) Anonymity is expensive, and if you can change the game to do what you wish publicly, and transparently, I expect it will cost a heck of a lot less per successful outcome. Lots of lawyers will publicly advertise services for campaign engineering. Very few will *publicly* advertise services for jury tampering. From jamesdbell8 at yahoo.com Mon Jan 13 15:47:57 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Mon, 13 Jan 2014 15:47:57 -0800 (PST) Subject: anti-prosecution tactics. (Was Re:) In-Reply-To: References: <20140112230319.DCC07228082@palinka.tinho.net> <6C9A86F2-E8E3-4CBE-A3E4-3BC25DAFF8CD@gmail.com> <1389574935.18340.YahooMailNeo@web141206.mail.bf1.yahoo.com> <20140113014624.539AF10246@a-pb-sasl-quonix.pobox.com> <20140113203727.GZ3180@nl.grid.coop> Message-ID: <1389656877.15893.YahooMailNeo@web141204.mail.bf1.yahoo.com> John, I don't discourage your comments such as this.  Caution must always be employed.  But as Freud said, "Sometimes a cigar is just a cigar".  Cypherpunks sometimes talk about 'scary' subjects.  Imagine if, hypothetically, Phil Zimmerman (who created PGP) had been a Cypherpunk list member in, say, 1990.  (Yes, I know the list didn't exist until 1992...)  Suppose he had said, "Gee, somebody could write a program using RSA algorithms, that even the NSA couldn't crack!"     Then, another list member could say, "Well, somebody else could post it on a U.S. website, and it could be downloaded by a person in a foreign country!"    And a third listmember could chime in: "And thereby crypto could be exported, ILLEGALLY, and nobody would know who did it!" .    Similar kinds of discussions could be imagined about the development of thwarting the Clipper chip, imagining AP or (now) 'Sanjuro's 'AM',  designing Bitcoin, or about setting up a Silk Road-type website, or anything else that somebody might consider provocative.  All of the persons reading the CP list need to learn about the 1969 Supreme Court case, Brandenburg v. Ohio.  http://en.wikipedia.org/wiki/Brandenburg_v._ohio    Text of that case at:  http://supreme.justia.com/cases/federal/us/395/444/case.html      Talking about a crime, and even openly advocating its commission (with the exception of 'imminent lawless action') is generally considered protected by the 1st Amendment to the U.S. Constitution.  That said, I generally make it a rule not to "openly advocate the commission of a crime", mostly because government investigators and even prosecutors may not be aware of the rights described in the Brandenburg case:  Or, a prosecutor may PRETEND to not realize that such open advocacy is not, in itself, beyond 1st Amendment protection, at least not until he has already obtained a search warrant, investigators have planted evidence, made an arrest, etc.   But, over time, I believe that we (and all other citizens) should come to regularly use all the Constitutional protections we have, in part to ensure that some of us aren't victimized by using a seldom-used right.            Jim Bell  For a comedic take on this theme, see:    http://reason.com/blog/2013/06/12/nsa-anti-surveillance-suggestion-operati       “Operation Everyone Talk Like a Terrorist All the Time”   ---------------------- From: John Young To: cypherpunks at cpunks.org Sent: Monday, January 13, 2014 1:39 PM Subject: Re: 'Jury Booty' and Anti-prosecution tactics. (Was Re:) Maybe Tim May is channeling me, but this talk of messing with authorities on cypherpunks smells like list tampering to bait and ensare really dumb newbies. Playing games is fine, but running entrapments is against the house rules. That was encouraged in days of old and got jail sentences for susceptibles. Since then agent provocateurs, turn-coats and informants have become a nice-paying online industry and handsome budget inflators for the feds. And has bagged a wad of hackers, daring coders and alleged accomplices, among them: Jim Bell Carl Johnson Aaron Swartz Chelsea Manning Julian Assange Edward Snowden Gottfrid Warg Rop Gonggrijp Brigitta Jonsdottir Jacob Appelbaum Hector Monsegur Jake Davis Ryan Cleary Ryan Ackroyd Darren Martyn Donncha O'Cearrbhail Mustafa al-Bassam Jeremy Hammond Christopher Cooper Joshua Covelli Raynaldo Rivera Cody Kretsinger Lauri Love Neal Rauhauser Keith Downey Mercedes Haefer Donald Husband Ethan Miles James Murphy Drew Phillips Jeffrey Puglisi Daniel Sullivan Tracy Valenzuela Christopher Vo Barrett Brown Ross Ulbricht Andrew Jones Gary Davis Peter Phillip Nash Vladimir Drinkman Aleksandr Kalinin Roman Kotov Dmitriy Smilianets Mikhail Rytikov These are in last few years. Many more in the years before that, some after prison becoming security peddlers, journalists, hacker organizers and for the rest of their lives rats or sent back into the pokey. At least consider being bit more discreet, assholes, and in spare time read Gentlepersons Guide to Forum Spies: http://cryptome.org/2012/07/gent-forum-spies.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 6841 bytes Desc: not available URL: From jamesdbell8 at yahoo.com Mon Jan 13 16:00:53 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Mon, 13 Jan 2014 16:00:53 -0800 (PST) Subject: Supreme Court case: Brandenburg v. Ohio text: Message-ID: <1389657653.1212.YahooMailNeo@web141201.mail.bf1.yahoo.com> Brandenburg v. Ohio - 395 U.S. 444 (1969) * Syllabus * Case U.S. Supreme Court Brandenburg v. Ohio, 395 U.S. 444 (1969) Brandenburg v. Ohio No. 492 Argued February 27, 1969 Decided June 9, 1969 395 U.S. 444 APPEAL FROM THE SUPREME COURT OF OHIO Syllabus Appellant, a Ku Klux Klan leader, was convicted under the Ohio Criminal Syndicalism statute for "advocat[ing] . . . the duty, necessity, or propriety of crime, sabotage, violence, or unlawful methods of terrorism as a means of accomplishing industrial or political reform" and for "voluntarily assembl[ing] with any society, group or assemblage of persons formed to teach or advocate the doctrines of criminal syndicalism." Neither the indictment nor the trial judge's instructions refined the statute's definition of the crime in terms of mere advocacy not distinguished from incitement to imminent lawless action. Held: Since the statute, by its words and as applied, purports to punish mere advocacy and to forbid, on pain of criminal punishment, assembly with others merely to advocate the described type of action, it falls within the condemnation of the First and Fourteenth Amendments. Freedoms of speech and press do not permit a State to forbid advocacy of the use of force or of law violation except where such advocacy is directed to inciting or producing imminent lawless action and is likely to incite or produce such action. Whitney v. California, 274 U. S. 357, overruled. Reversed. PER CURIAM. The appellant, a leader of a Ku Klux Klan group, was convicted under the Ohio Criminal Syndicalism statute for "advocat[ing] . . . the duty, necessity, or propriety Page 395 U. S. 445 of crime, sabotage, violence, or unlawful methods of terrorism as a means of accomplishing industrial or political reform" and for "voluntarily assembl[ing] with any society, group, or assemblage of persons formed to teach or advocate the doctrines of criminal syndicalism." Ohio Rev.Code Ann. § 2923.13. He was fined $1,000 and sentenced to one to 10 years' imprisonment. The appellant challenged the constitutionality of the criminal syndicalism statute under the First and Fourteenth Amendments to the United States Constitution, but the intermediate appellate court of Ohio affirmed his conviction without opinion. The Supreme Court of Ohio dismissed his appeal sua sponte "for the reason that no substantial constitutional question exists herein." It did not file an opinion or explain its conclusions. Appeal was taken to this Court, and we noted probable jurisdiction. 393 U. S. 94 (196). We reverse. The record shows that a man, identified at trial as the appellant, telephoned an announcer-reporter on the staff of a Cincinnati television station and invited him to come to a Ku Klux Klan "rally" to be held at a farm in Hamilton County. With the cooperation of the organizers, the reporter and a cameraman attended the meeting and filmed the events. Portions of the films were later broadcast on the local station and on a national network. The prosecution's case rested on the films and on testimony identifying the appellant as the person who communicated with the reporter and who spoke at the rally. The State also introduced into evidence several articles appearing in the film, including a pistol, a rifle, a shotgun, ammunition, a Bible, and a red hood worn by the speaker in the films. One film showed 12 hooded figures, some of whom carried firearms. They were gathered around a large wooden cross, which they burned. No one was present Page 395 U. S. 446 other than the participants and the newsmen who made the film. Most of the words uttered during the scene were incomprehensible when the film was projected, but scattered phrases could be understood that were derogatory of Negroes and, in one instance, of Jews. [Footnote 1] Another scene on the same film showed the appellant, in Klan regalia, making a speech. The speech, in full, was as follows: "This is an organizers' meeting. We have had quite a few members here today which are -- we have hundreds, hundreds of members throughout the State of Ohio. I can quote from a newspaper clipping from the Columbus, Ohio, Dispatch, five weeks ago Sunday morning. The Klan has more members in the State of Ohio than does any other organization. We're not a revengent organization, but if our President, our Congress, our Supreme Court, continues to suppress the white, Caucasian race, it's possible that there might have to be some revengeance taken." "We are marching on Congress July the Fourth, four hundred thousand strong. From there, we are dividing into two groups, one group to march on St. Augustine, Florida, the other group to march into Mississippi. Thank you. " Page 395 U. S. 447 The second film showed six hooded figures one of whom, later identified as the appellant, repeated a speech very similar to that recorded on the first film. The reference to the possibility of "revengeance" was omitted, and one sentence was added: "Personally, I believe the nigger should be returned to Africa, the Jew returned to Israel." Though some of the figures in the films carried weapons, the speaker did not. The Ohio Criminal Syndicalism Statute was enacted in 1919. From 1917 to 1920, identical or quite similar laws were adopted by 20 States and two territories. E. Dowell, A History of Criminal Syndicalism Legislation in the United States 21 (1939). In 1927, this Court sustained the constitutionality of California's Criminal Syndicalism Act, Cal.Penal Code §§ 11400-11402, the text of which is quite similar to that of the laws of Ohio. Whitney v. California, 274 U. S. 357 (1927). The Court upheld the statute on the ground that, without more, "advocating" violent means to effect political and economic change involves such danger to the security of the State that the State may outlaw it. Cf. Fiske v. Kansas, 274 U. S. 380 (1927). But Whitney has been thoroughly discredited by later decisions. See Dennis v. United States, 341 U. S. 494, at 341 U. S. 507 (1951). These later decisions have fashioned the principle that the constitutional guarantees of free speech and free press do not permit a State to forbid or proscribe advocacy of the use of force or of law violation except where such advocacy is directed to inciting or producing imminent lawless action and is likely to incite or produce such action. [Footnote 2] As we Page 395 U. S. 448 said in Noto v. United States, 367 U. S. 290, 367 U. S. 297-298 (1961), "the mere abstract teaching . . . of the moral propriety or even moral necessity for a resort to force and violence is not the same as preparing a group for violent action and steeling it to such action." See also Herndon v. Lowry, 301 U. S. 242, 301 U. S. 259-261 (1937); Bond v. Floyd, 385 U. S. 116, 385 U. S. 134 (1966). A statute which fails to draw this distinction impermissibly intrudes upon the freedoms guaranteed by the First and Fourteenth Amendments. It sweeps within its condemnation speech which our Constitution has immunized from governmental control. Cf. Yates v. United States, 354 U. S. 298 (1957); De Jonge v. Oregon, 299 U. S. 353 (1937); Stromberg v. California, 283 U. S. 359 (1931). See also United States v. Robel, 389 U. S. 258 (1967); Keyishian v. Board of Regents, 385 U. S. 589 (1967); Elfbrandt v. Russell, 384 U. S. 11 (1966); Aptheker v. Secretary of State, 378 U. S. 500 (1964); Baggett v. Bullitt, 377 U. S. 360 (1964). Measured by this test, Ohio's Criminal Syndicalism Act cannot be sustained. The Act punishes persons who "advocate or teach the duty, necessity, or propriety" of violence "as a means of accomplishing industrial or political reform"; or who publish or circulate or display any book or paper containing such advocacy; or who "justify" the commission of violent acts "with intent to exemplify, spread or advocate the propriety of the doctrines of criminal syndicalism"; or who "voluntarily assemble" with a group formed "to teach or advocate the doctrines of criminal syndicalism." Neither the indictment nor the trial judge's instructions to the jury in any way refined the statute's bald definition of the crime Page 395 U. S. 449 in terms of mere advocacy not distinguished from incitement to imminent lawless action. [Footnote 3] Accordingly, we are here confronted with a statute which, by its own words and as applied, purports to punish mere advocacy and to forbid, on pain of criminal punishment, assembly with others merely to advocate the described type of action. [Footnote 4] Such a statute falls within the condemnation of the First and Fourteenth Amendments. The contrary teaching of Whitney v. California, supra, cannot be supported, and that decision is therefore overruled. Reversed. [Footnote 1] The significant portions that could be understood were: "How far is the nigger going to -- yeah." "This is what we are going to do to the niggers." "A dirty nigger." "Send the Jews back to Israel." "Let's give them back to the dark garden." "Save America." "Let's go back to constitutional betterment." "Bury the niggers." "We intend to do our part." "Give us our state rights." "Freedom for the whites." "Nigger will have to fight for every inch he gets from now on." [Footnote 2] It was on the theory that the Smith Act, 54 Stat. 670, 18 U.S.C. § 35, embodied such a principle and that it had been applied only in conformity with it that this Court sustained the Act's constitutionality. Dennis v. United States, 341 U. S. 494 (1951). That this was the basis for Dennis was emphasized in Yates v. United States, 354 U. S. 298, 354 U. S. 320-324 (1957), in which the Court overturned convictions for advocacy of the forcible overthrow of the Government under the Smith Act, because the trial judge's instructions had allowed conviction for mere advocacy, unrelated to its tendency to produce forcible action. [Footnote 3] The first count of the indictment charged that appellant "did unlawfully by word of mouth advocate the necessity, or propriety of crime, violence, or unlawful methods of terrorism as a means of accomplishing political reform. . . ." The second count charged that appellant "did unlawfully voluntarily assemble with a group or assemblage of persons formed to advocate the doctrines of criminal syndicalism. . . ." The trial judge's charge merely followed the language of the indictment. No construction of the statute by the Ohio courts has brought it within constitutionally permissible limits. The Ohio Supreme Court has considered the statute in only one previous case, State v. Kassay, 126 Ohio St. 177, 184 N.E. 521 (1932), where the constitutionality of the statute was sustained. [Footnote 4] Statutes affecting the right of assembly, like those touching on freedom of speech, must observe the established distinctions between mere advocacy and incitement to imminent lawless action, for, as Chief Justice Hughes wrote in De Jonge v. Oregon, supra, at 299 U. S. 364: "The right of peaceable assembly is a right cognate to those of free speech and free press, and is equally fundamental." See also United States v. Cruikshank, 92 U. S. 542, 92 U. S. 552 (1876); Hague v. CIO, 307 U. S. 496, 307 U. S. 513, 307 U. S. 519 (1939); NAACP v. Alabama ex rel. Patterson, 357 U. S. 449, 357 U. S. 460-461 (1958). MR. JUSTICE BLACK, concurring. I agree with the views expressed by MR. JUSTICE DOUGLAS in his concurring opinion in this case that the "clear and present danger" doctrine should have no place Page 395 U. S. 450 in the interpretation of the First Amendment. I join the Court's opinion, which, as I understand it, simply cites Dennis v. United States, 341 U. S. 494 (1951), but does not indicate any agreement on the Court's part with the "clear and present danger" doctrine on which Dennis purported to rely. MR. JUSTICE DOUGLAS, concurring. While I join the opinion of the Court, I desire to enter a caveat. The "clear and present danger" test was adumbrated by Mr. Justice Holmes in a case arising during World War I -- a war "declared" by the Congress, not by the Chief Executive. The case was Schenck v. United States, 249 U. S. 47, 249 U. S. 52, where the defendant was charged with attempts to cause insubordination in the military and obstruction of enlistment. The pamphlets that were distributed urged resistance to the draft, denounced conscription, and impugned the motives of those backing the war effort. The First Amendment was tendered as a defense. Mr. Justice Holmes, in rejecting that defense, said: "The question in every case is whether the words used are used in such circumstances and are of such a nature as to create a clear and present danger that they will bring about the substantive evils that Congress has a right to prevent. It is a question of proximity and degree." Frohwerk v. United States, 249 U. S. 204, also authored by Mr. Justice Holmes, involved prosecution and punishment for publication of articles very critical of the war effort in World War I. Schenck was referred to as a conviction for obstructing security "by words of persuasion." Id. at 249 U. S. 206. And the conviction in Frohwerk was sustained because "the circulation of the paper was Page 395 U. S. 451 in quarters where a little breath would be enough to kindle a flame." Id. at 249 U. S. 209. Debs v. United States, 249 U. S. 211, was the third of the trilogy of the 1918 Term. Debs was convicted of speaking in opposition to the war where his "opposition was so expressed that its natural and intended effect would be to obstruct recruiting." Id. at 249 U. S. 215. "If that was intended, and if, in all the circumstances, that would be its probable effect, it would not be protected by reason of its being part of a general program and expressions of a general and conscientious belief." Ibid. In the 1919 Term, the Court applied the Schenck doctrine to affirm the convictions of other dissidents in World War I. Abrams v. United States, 250 U. S. 616, was one instance. Mr. Justice Holmes, with whom Mr. Justice Brandeis concurred, dissented. While adhering to Schenck, he did not think that, on the facts, a case for overriding the First Amendment had been made out: "It is only the present danger of immediate evil or an intent to bring it about that warrants Congress in setting a limit to the expression of opinion where private rights are not concerned. Congress certainly cannot forbid all effort to change the mind of the country." Id. at 250 U. S. 628. Another instance was Schaefer v. United States, 251 U. S. 466, in which Mr. Justice Brandeis, joined by Mr. Justice Holmes, dissented. A third was Pierce v. United States, 252 U. S. 239, in which, again, Mr. Justice Brandeis, joined by Mr. Justice Holmes, dissented. Those, then, were the World War I cases that put the gloss of "clear and present danger" on the First Amendment. Whether the war power -- the greatest leveler of them all -- is adequate to sustain that doctrine is debatable. Page 395 U. S. 452 The dissents in Abrams, Schaefer, and Pierce show how easily "clear and present danger" is manipulated to crush what Brandeis called "[t]he fundamental right of free men to strive for better conditions through new legislation and new institutions" by argument and discourse (Pierce v. United States, supra, at 252 U. S. 273) even in time of war. Though I doubt if the "clear and present danger" test is congenial to the First Amendment in time of a declared war, I am certain it is not reconcilable with the First Amendment in days of peace. The Court quite properly overrules Whitney v. California, 274 U. S. 357, which involved advocacy of ideas which the majority of the Court deemed unsound and dangerous. Mr. Justice Holmes, though never formally abandoning the "clear and present danger" test, moved closer to the First Amendment ideal when he said in dissent in Gitlow v. New York, 268 U. S. 652, 268 U. S. 673: "Every idea is an incitement. It offers itself for belief, and, if believed, it is acted on unless some other belief outweighs it or some failure of energy stifles the movement at its birth. The only difference between the expression of an opinion and an incitement in the narrower sense is the speaker's enthusiasm for the result. Eloquence may set fire to reason. But whatever may be thought of the redundant discourse before us, it had no chance of starting a present conflagration. If, in the long run, the beliefs expressed in proletarian dictatorship are destined to be accepted by the dominant forces of the community, the only meaning of free speech is that they should be given their chance and have their way." We have never been faithful to the philosophy of that dissent. Page 395 U. S. 453 The Court, in Herndon v. Lowry, 301 U. S. 242, overturned a conviction for exercising First Amendment rights to incite insurrection because of lack of evidence of incitement. Id. at 301 U. S. 259-261. And see Hartzel v. United States, 322 U. S. 680. In Bridges v. California, 314 U. S. 252, 314 U. S. 261-263, we approved the "clear and present danger" test in an elaborate dictum that tightened it and confined it to a narrow category. But in Dennis v. United States, 341 U. S. 494, we opened wide the door, distorting the "clear and present danger" test beyond recognition. [Footnote 2/1] In that case, the prosecution dubbed an agreement to teach the Marxist creed a "conspiracy." The case was submitted to a jury on a charge that the jury could not convict unless it found that the defendants "intended to overthrow the Government as speedily as circumstances would permit.'" Id. at 341 U. S. 509-511. The Court sustained convictions under that charge, construing it to mean a determination of ""whether the gravity of the evil,' discounted by its improbability, justifies such invasion of free speech as is necessary to avoid the danger." [Footnote 2/2]" Id. at 341 U. S. 510, quoting from United States v. Dennis, 183 F.2d 201, 212. Out of the "clear and present danger" test came other offspring. Advocacy and teaching of forcible overthrow of government as an abstract principle is immune from prosecution. Yates v. United States, 354 U. S. 298, 354 U. S. 318. But an "active" member, who has a guilty knowledge and intent of the aim to overthrow the Government Page 395 U. S. 454 by violence, Noto v. United States, 367 U. S. 290, may be prosecuted. Scales v. United States, 367 U. S. 203, 367 U. S. 228. And the power to investigate, backed by the powerful sanction of contempt, includes the power to determine which of the two categories fits the particular witness. Barenblatt v. United States, 360 U. S. 109, 360 U. S. 130. And so the investigator roams at will through all of the beliefs of the witness, ransacking his conscience and his innermost thoughts. Judge Learned Hand, who wrote for the Court of Appeals in affirming the judgment in Dennis, coined the "not improbable" test, 183 F.2d 201, 214, which this Court adopted and which Judge Hand preferred over the "clear and present danger" test. Indeed, in his book, The Bill of Rights 59 (1958), in referring to Holmes' creation of the "clear and present danger" test, he said, "I cannot help thinking that, for once, Homer nodded." My own view is quite different. I see no place in the regime of the First Amendment for any "clear and present danger" test, whether strict and tight, as some would make it, or free-wheeling, as the Court in Dennis rephrased it. When one reads the opinions closely and sees when and how the "clear and present danger" test has been applied, great misgivings are aroused. First, the threats were often loud, but always puny, and made serious only by judges so wedded to the status quo that critical analysis made them nervous. Second, the test was so twisted and perverted in Dennis as to make the trial of those teachers of Marxism an all-out political trial which was part and parcel of the cold war that has eroded substantial parts of the First Amendment. Action is often a method of expression, and within the protection of the First Amendment. Suppose one tears up his own copy of the Constitution in eloquent protest to a decision of this Court. May he be indicted? Page 395 U. S. 455 Suppose one rips his own Bible to shreds to celebrate his departure from one "faith" and his embrace of atheism. May he be indicted? Last Term, the Court held in United States v. O'Brien, 391 U. S. 367, 391 U. S. 382, that a registrant under Selective Service who burned his draft card in protest of the war in Vietnam could be prosecuted. The First Amendment was tendered as a defense and rejected, the Court saying: "The issuance of certificates indicating the registration and eligibility classification of individuals is a legitimate and substantial administrative aid in the functioning of this system. And legislation to insure the continuing availability of issued certificates serves a legitimate and substantial purpose in the system's administration." 391 U.S. at 391 U. S. 377-378. But O'Brien was not prosecuted for not having his draft card available when asked for by a federal agent. He was indicted, tried, and convicted for burning the card. And this Court's affirmance of that conviction was not, with all respect, consistent with the First Amendment. The act of praying often involves body posture and movement, as well as utterances. It is nonetheless protected by the Free Exercise Clause. Picketing, as we have said on numerous occasions, is "free speech plus." See Bakery Drivers Local v. Wohl, 315 U. S. 769, 315 U. S. 775 (DOUGLAS, J., concurring); Giboney v. Empire Storage Co., 336 U. S. 490, 336 U. S. 501; Hughes v. Superior Court, 339 U. S. 460, 339 U. S. 465; Labor Board v. Fruit Packers, 377 U. S. 58, 377 U. S. 77 (BLACK, J., concurring), and id. at 377 U. S. 93 (HARLAN, J., dissenting); Cox v. Louisiana, 379 U. S. 559, 379 U. S. 578 (opinion of BLACK, J.); Food Employees v. Logan Plaza, 391 U. S. 308, 391 U. S. 326 (DOUGLAS, J., concurring). That means that it can be regulated when it comes to the "plus" or "action" side of the protest. It can be regulated as to Page 395 U. S. 456 the number of pickets and the place and hours (see Cox v. Louisiana, supra), because traffic and other community problems would otherwise suffer. But none of these considerations is implicated in the symbolic protest of the Vietnam war in the burning of a draft card. One's beliefs have long been thought to be sanctuaries which government could not invade. Barenblatt is one example of the ease with which that sanctuary can be violated. The lines drawn by the Court between the criminal act of being an "active" Communist and the innocent act of being a nominal or inactive Communist mark the difference only between deep and abiding belief and casual or uncertain belief. But I think that all matters of belief are beyond the reach of subpoenas or the probings of investigators. That is why the invasions of privacy made by investigating committees were notoriously unconstitutional. That is the deep-seated fault in the infamous loyalty security hearings which, since 1947, when President Truman launched them, have processed 20,000,000 men and women. Those hearings were primarily concerned with one's thoughts, ideas, beliefs, and convictions. They were the most blatant violations of the First Amendment we have ever known. The line between what is permissible and not subject to control and what may be made impermissible and subject to regulation is the line between ideas and overt acts. The example usually given by those who would punish speech is the case of one who falsely shouts fire in a crowded theatre. This is, however, a classic case where speech is brigaded with action. See Speiser v. Randall, 357 U. S. 513, 357 U. S. 536-537 (DOUGLAS, J., concurring). They are indeed inseparable, and a prosecution can be launched for the overt Page 395 U. S. 457 acts actually caused. Apart from rare instances of that kind, speech is, I think, immune from prosecution. Certainly there is no constitutional line between advocacy of abstract ideas, as in Yates, and advocacy of political action, as in Scales. The quality of advocacy turns on the depth of the conviction, and government has no power to invade that sanctuary of belief and conscience. [Footnote 2/3] [Footnote 2/1] See McKay, The Preference For Freedom, 34 N.Y.U.L.Rev. 1182, 1203-1212 (1959). [Footnote 2/2] See Feiner v. New York, 340 U. S. 315, where a speaker was arrested for arousing an audience when the only "clear and present danger" was that the hecklers in the audience would break up the meeting. [Footnote 2/3] See MR. JUSTICE BLACK, dissenting, in Communications Assn. v. Douds, 339 U. S. 382, 339 U. S. 446, 339 U. S. 449 et seq. ------------------------- Official Supreme Court caselaw is only found in the print version of the United States Reports. Justia caselaw is provided for general informational purposes only, and may not reflect current legal developments, verdicts or settlements. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or information linked to from this site. Please check official sources. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 39368 bytes Desc: not available URL: From coderman at gmail.com Mon Jan 13 16:35:45 2014 From: coderman at gmail.com (coderman) Date: Mon, 13 Jan 2014 16:35:45 -0800 Subject: anti-prosecution tactics. (Was Re:) In-Reply-To: <1389656877.15893.YahooMailNeo@web141204.mail.bf1.yahoo.com> References: <20140112230319.DCC07228082@palinka.tinho.net> <6C9A86F2-E8E3-4CBE-A3E4-3BC25DAFF8CD@gmail.com> <1389574935.18340.YahooMailNeo@web141206.mail.bf1.yahoo.com> <20140113014624.539AF10246@a-pb-sasl-quonix.pobox.com> <20140113203727.GZ3180@nl.grid.coop> <1389656877.15893.YahooMailNeo@web141204.mail.bf1.yahoo.com> Message-ID: On Mon, Jan 13, 2014 at 3:47 PM, Jim Bell wrote: > John, I don't discourage your comments such as this. Caution must always be > employed. But as Freud said, "Sometimes a cigar is just a cigar". > Cypherpunks sometimes talk about 'scary' subjects. > . > . > . > ---------------------- > From: John Young > To: cypherpunks at cpunks.org > Sent: Monday, January 13, 2014 1:39 PM > Subject: Re: 'Jury Booty' and Anti-prosecution tactics. (Was Re:) > > Maybe Tim May is channeling me, but this talk of messing > with authorities on cypherpunks smells like list tampering to > bait and ensare really dumb newbies... > > [teh dumbz] has bagged a wad of hackers, daring coders and alleged > accomplices, among them: > > [long list of your friends and [AS] neighbors] > > At least consider being bit more discreet, assholes, > and in spare time read Gentlepersons Guide to Forum > Spies: > > http://cryptome.org/2012/07/gent-forum-spies.htm using a genetic heuristic engine for pyramidal bayesian inference network classification i have determine that one of the following is likely true with respect to this thread and subject: a) JYA is being paid in laundered bitcoin for spreading FUD to cypherpunks and privacy technologists; CIA now embracing altcoins for darkops and payoffs. b) the emerging market for captured 0day is spilling over into overt baiting tactics in public places like our beloved listserv; elevated noise a signal for constructed focal points of interest tapping faux target treasures. c) because honeypots From jya at pipeline.com Mon Jan 13 13:39:04 2014 From: jya at pipeline.com (John Young) Date: Mon, 13 Jan 2014 16:39:04 -0500 Subject: 'Jury Booty' and Anti-prosecution tactics. (Was Re:) In-Reply-To: <20140113203727.GZ3180@nl.grid.coop> References: <20140112230319.DCC07228082@palinka.tinho.net> <6C9A86F2-E8E3-4CBE-A3E4-3BC25DAFF8CD@gmail.com> <1389574935.18340.YahooMailNeo@web141206.mail.bf1.yahoo.com> <20140113014624.539AF10246@a-pb-sasl-quonix.pobox.com> <20140113203727.GZ3180@nl.grid.coop> Message-ID: Maybe Tim May is channeling me, but this talk of messing with authorities on cypherpunks smells like list tampering to bait and ensare really dumb newbies. Playing games is fine, but running entrapments is against the house rules. That was encouraged in days of old and got jail sentences for susceptibles. Since then agent provocateurs, turn-coats and informants have become a nice-paying online industry and handsome budget inflators for the feds. And has bagged a wad of hackers, daring coders and alleged accomplices, among them: Jim Bell Carl Johnson Aaron Swartz Chelsea Manning Julian Assange Edward Snowden Gottfrid Warg Rop Gonggrijp Brigitta Jonsdottir Jacob Appelbaum Hector Monsegur Jake Davis Ryan Cleary Ryan Ackroyd Darren Martyn Donncha O'Cearrbhail Mustafa al-Bassam Jeremy Hammond Christopher Cooper Joshua Covelli Raynaldo Rivera Cody Kretsinger Lauri Love Neal Rauhauser Keith Downey Mercedes Haefer Donald Husband Ethan Miles James Murphy Drew Phillips Jeffrey Puglisi Daniel Sullivan Tracy Valenzuela Christopher Vo Barrett Brown Ross Ulbricht Andrew Jones Gary Davis Peter Phillip Nash Vladimir Drinkman Aleksandr Kalinin Roman Kotov Dmitriy Smilianets Mikhail Rytikov These are in last few years. Many more in the years before that, some after prison becoming security peddlers, journalists, hacker organizers and for the rest of their lives rats or sent back into the pokey. At least consider being bit more discreet, assholes, and in spare time read Gentlepersons Guide to Forum Spies: http://cryptome.org/2012/07/gent-forum-spies.htm From coderman at gmail.com Mon Jan 13 17:31:26 2014 From: coderman at gmail.com (coderman) Date: Mon, 13 Jan 2014 17:31:26 -0800 Subject: fuzzing at scale Message-ID: or, "keeping the 0day hopper full of candidates to weaponize" (you red or blue team? ;) http://googleonlinesecurity.blogspot.com/2014/01/ffmpeg-and-thousand-fixes.html """ FFmpeg and a thousand fixes Friday, January 10, 2014 9:06 AM Posted by Mateusz Jurczyk and Gynvael Coldwind, Information Security Engineers At Google, security is a top priority - not only for our own products, but across the entire Internet. That’s why members of the Google Security Team and other Googlers frequently perform audits of software and report the resulting findings to the respective vendors or maintainers, as shown in the official “Vulnerabilities - Application Security” list. We also try to employ the extensive computing power of our data centers in order to solve some of the security challenges by performing large-scale automated testing, commonly known as fuzzing. One internal fuzzing effort we have been running continuously for the past two years is the testing process of FFmpeg, a large cross-platform solution to record, convert and stream audio and video written in C. It is used in multiple applications and software libraries such as Google Chrome, MPlayer, VLC or xine. We started relatively small by making use of trivial mutation algorithms, some 500 cores and input media samples gathered from readily available sources such as the samples.mplayerhq.hu sample base and FFmpeg FATE regression testing suite. Later on, we grew to more complex and effective mutation methods, 2000 cores and an input corpus supported by sample files improving the overall code coverage. Following more than two years of work, we are happy to announce that the FFmpeg project has incorporated more than a thousand fixes to bugs (including some security issues) that we have discovered in the project so far: $ git log | grep Jurczyk | grep -c Coldwind 1120 ... we have carried out several dozen fuzzing iterations (each typically resulting in less crashes than the previous ones) over the last two years, identifying bugs of a number of different classes: NULL pointer dereferences, Invalid pointer arithmetic leading to SIGSEGV due to unmapped memory access, Out-of-bounds reads and writes to stack, heap and static-based arrays, Invalid free() calls, Double free() calls over the same pointer, Division errors, Assertion failures, Use of uninitialized memory. We have simultaneously worked with the developers of Libav, an independent fork of FFmpeg, in order to have both projects represent an equal, high level of robustness and security posture. Today, Libav is at 413 fixes and the library is slowly but surely catching up with FFmpeg. """ From konfkukor at riseup.net Mon Jan 13 09:06:09 2014 From: konfkukor at riseup.net (Gerardus Hendricks) Date: Mon, 13 Jan 2014 18:06:09 +0100 Subject: WebRTC for P2P [was Re: Replacing corporate search engines with anonymous/decentralized search] In-Reply-To: References: Message-ID: <52D41D01.1000907@riseup.net> > On Sun, Jan 12, 2014 at 6:53 PM, Jesse Taylor wrote: > ... > What would make more sense, and would lead to much more rapid/widespread > adoption, is to use protocols like WebSockets / WebRTC to facilitate P2P > connectivity in the web browser, so that everything can be done via a simple > browser plugin that can be installed by anyone with few clicks, and would > then just allow people to use the browser search bar as usual.... Thank you Jesse for your post and all the useful inline links. I've been thinking about doing a project with WebRTC as well, albeit about a simplified dining cryptographers anonymity network instead of a P2P search engine. You can read some of my rationale for wanting this in a post on Tor Talk [1]. Specifically, I'm interested in the Herbivore (proof of work) entry protocol and network topology [2], and the way in which the Dissent/Verdict system handles communication through 'servers' [3][4] to minimize bandwidth usage while maintaining a full key graph as long as at least one server is trusted (they call this the anytrust assumption). I don't intent to make a separate server and client, but to add the ability to make certain clients super nodes. The paper you linked looks interesting. I'm not currently interested in thwarting denial of service attacks (which are a plague in DC-nets), although the Verdict system presents a very elegant (but computationally expensive) solution. In any case, this could be a plug-in solution. Regarding WebRTC itself, I've been looking at the PeerJS [5] library and two different implementations of the NaCl Javascript library [6][7]. I really like the opaque Cryptobox idea of salt [8]. Do you know any other recommendable tools? I'm finishing up some remaining (dreaded) work of the last semester, but I'll start with this mid-February. Regards, Gerard [1] https://lists.torproject.org/pipermail/tor-talk/2013-December/031426.html [2] http://freehaven.net/anonbib/cache/herbivore:tr.pdf [3] http://freehaven.net/anonbib/cache/ccs10-dissent.pdf [4] http://dedis.cs.yale.edu/dissent/papers/verdict.pdf [5] http://peerjs.com [6] https://github.com/tonyg/js-nacl [7] ??? There is some native implementation of NaCL in Javascript, as opposed to the Emscripten compiled version of tonyg, but I can't find it anymore. [8] http://cr.yp.to/highspeed/coolnacl-20120725.pdf From tom at vondein.org Mon Jan 13 10:41:55 2014 From: tom at vondein.org (Thomas von Dein) Date: Mon, 13 Jan 2014 19:41:55 +0100 Subject: serialization formats [formerly: Curve p25519 Replacements for GnuPG?...] Message-ID: <20140113184155.GB3900@r4> Hi, I'm the author of pcp. Just wanted to note, that I'm not using plain base85 but Z85 (http://rfc.zeromq.org/spec:32) instead. It's fast and small. The reason is to have compatibility with ZeroMQ in the future. best regards, Tom PS: sorry for destroying the thread tree, I wasn't subscribed until now. -- PGP Key: https://www.daemon.de/txt/tom-pgp-pubkey.txt S/Mime Cert: https://www.daemon.de/txt/tom-smime-cert.pem Bitmessage: BM-2DAcYUx3xByfwbx2bYYxeXgq3zDscez8wC -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From carimachet at gmail.com Mon Jan 13 10:54:57 2014 From: carimachet at gmail.com (Cari Machet) Date: Mon, 13 Jan 2014 19:54:57 +0100 Subject: Hector "Sabu" Monsegur Sentencing 2 April 2014 In-Reply-To: References: Message-ID: <82F77248-B220-410E-AFA0-570C6236063B@gmail.com> If you got holes in ur houses you get the mouses Unidentified rat > lotsa those about Wonder what fed prison will b like for saburat On 13.01.2014, at 18:01, John Young wrote: > Hector "Sabu" Monsegur sentencing 2 April 2014: > > http://cryptome.org/2014/01/monsegur-13-0113.htm > > This is the latest postponement as Sabu continues assisting > authorities sweep up his confederates and other cyber targets. > Also helped by an undentified informant who ratted Sabu. > > This has netted about 16 indictments, presumably more in > the pipeline, some of whom are likely pressured to name > even more. > > Fantastic security business, shopping anonymouses. > > From decoy at iki.fi Mon Jan 13 13:35:34 2014 From: decoy at iki.fi (Sampo Syreeni) Date: Mon, 13 Jan 2014 23:35:34 +0200 (EET) Subject: serialization formats [formerly: Curve p25519 Replacements for GnuPG?...] In-Reply-To: <52D45230.7010509@echeque.com> References: <20140113184155.GB3900@r4> <52D45230.7010509@echeque.com> Message-ID: On 2014-01-14, James A. Donald wrote: > This specification does not address breaking the data into lines, nor > a line checksum, nor the handling of impermissible characters (such as > carriage return and line feed) In general, why does anybody do anything but binary formats in crypto, anymore? They just invite all sorts of padding trouble and what the hell not. If you have a clean proof, even against an oracle model, in something as beautiful as GF(2^8), why the *fuck* do you have to mess it up by translating to those very linefeeds and shit you usually really don't understand nor mostly can do right in the first place? Just goddamn dump the bits. Pretty much everything is 8-bit-clean nowadays. Nobody sends email anymore. TCP most _certainly_ is 8-bit-clean. Fucking dump it down the socket, guarded by a proper MAC. How difficult is that to comprehend, really? -- Sampo Syreeni, aka decoy - decoy at iki.fi, http://decoy.iki.fi/front +358-40-3255353, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2 From carimachet at gmail.com Mon Jan 13 16:05:44 2014 From: carimachet at gmail.com (Cari Machet) Date: Tue, 14 Jan 2014 01:05:44 +0100 Subject: 'Jury Booty' and Anti-prosecution tactics. (Was Re:) In-Reply-To: References: <20140112230319.DCC07228082@palinka.tinho.net> <6C9A86F2-E8E3-4CBE-A3E4-3BC25DAFF8CD@gmail.com> <1389574935.18340.YahooMailNeo@web141206.mail.bf1.yahoo.com> <20140113014624.539AF10246@a-pb-sasl-quonix.pobox.com> <20140113203727.GZ3180@nl.grid.coop> Message-ID: <2330A2CD-6FA2-4DD4-A73C-24BB38EC0C02@gmail.com> Birgitta has not been bagged whatchumean ? her twitter case + social media judgement to unseal ? She is free to roam the globe ... others besides self imposed hype are not so put upon - the JA-JA's I think it lessens the acts of others to couple them together On 13.01.2014, at 22:39, John Young wrote: > Maybe Tim May is channeling me, but this talk of messing > with authorities on cypherpunks smells like list tampering to > bait and ensare really dumb newbies. > > Playing games is fine, but running entrapments is against > the house rules. > > That was encouraged in days of old and got jail sentences > for susceptibles. Since then agent provocateurs, turn-coats > and informants have become a nice-paying online industry > and handsome budget inflators for the feds. > > And has bagged a wad of hackers, daring coders and alleged > accomplices, among them: > > Jim Bell > Carl Johnson > Aaron Swartz > Chelsea Manning > Julian Assange > Edward Snowden > Gottfrid Warg > Rop Gonggrijp > Brigitta Jonsdottir > Jacob Appelbaum > Hector Monsegur > Jake Davis > Ryan Cleary > Ryan Ackroyd > Darren Martyn > Donncha O'Cearrbhail > Mustafa al-Bassam > Jeremy Hammond > Christopher Cooper > Joshua Covelli > Raynaldo Rivera > Cody Kretsinger > Lauri Love > Neal Rauhauser > Keith Downey > Mercedes Haefer > Donald Husband > Ethan Miles > James Murphy > Drew Phillips > Jeffrey Puglisi > Daniel Sullivan > Tracy Valenzuela > Christopher Vo > Barrett Brown > Ross Ulbricht > Andrew Jones > Gary Davis > Peter Phillip Nash > Vladimir Drinkman > Aleksandr Kalinin > Roman Kotov > Dmitriy Smilianets > Mikhail Rytikov > > These are in last few years. > > Many more in the years before that, some after prison > becoming security peddlers, journalists, hacker organizers > and for the rest of their lives rats or sent back into the pokey. > > At least consider being bit more discreet, assholes, > and in spare time read Gentlepersons Guide to Forum > Spies: > > http://cryptome.org/2012/07/gent-forum-spies.htm > > From grarpamp at gmail.com Mon Jan 13 22:14:42 2014 From: grarpamp at gmail.com (grarpamp) Date: Tue, 14 Jan 2014 01:14:42 -0500 Subject: 'Jury Booty' and Anti-prosecution tactics. (Was Re:) In-Reply-To: <1389590745.7344.YahooMailNeo@web141206.mail.bf1.yahoo.com> References: <20140112230319.DCC07228082@palinka.tinho.net> <6C9A86F2-E8E3-4CBE-A3E4-3BC25DAFF8CD@gmail.com> <1389574935.18340.YahooMailNeo@web141206.mail.bf1.yahoo.com> <20140113014624.539AF10246@a-pb-sasl-quonix.pobox.com> <1389590745.7344.YahooMailNeo@web141206.mail.bf1.yahoo.com> Message-ID: On Mon, Jan 13, 2014 at 12:25 AM, Jim Bell wrote: > Yahoo's email editor is FUCKED!! So are all the big ones... gmail, yahoo, microsoft, etc. Just find a client you like and bypass the webmail part... Incoming Mail (IMAP) Server - Requires SSL Server: imap.mail.yahoo.com Port: 993 Requires SSL: Yes Outgoing Mail (SMTP) Server - Requires TLS Server: smtp.mail.yahoo.com Port: 465 or 587 Requires SSL: Yes Requires authentication: Yes Login info - Requires authentication Email address: Your full email address (name at domain.com.) Password: Your account's password. From jamesd at echeque.com Mon Jan 13 12:53:04 2014 From: jamesd at echeque.com (James A. Donald) Date: Tue, 14 Jan 2014 06:53:04 +1000 Subject: serialization formats [formerly: Curve p25519 Replacements for GnuPG?...] In-Reply-To: <20140113184155.GB3900@r4> References: <20140113184155.GB3900@r4> Message-ID: <52D45230.7010509@echeque.com> On 2014-01-14 04:41, Thomas von Dein wrote: > Hi, > > I'm the author of pcp. Just wanted to note, that I'm not using plain > base85 but Z85 (http://rfc.zeromq.org/spec:32) instead. It's fast and > small. The reason is to have compatibility with ZeroMQ in the future. This specification does not address breaking the data into lines, nor a line checksum, nor the handling of impermissible characters (such as carriage return and line feed) Nor the recognition of string boundaries. Dangerously incomplete specification. Needs to be contained within a larger specification for handling the string. From gwen at cypherpunks.to Tue Jan 14 09:02:06 2014 From: gwen at cypherpunks.to (gwen hastings) Date: Tue, 14 Jan 2014 09:02:06 -0800 Subject: quietnet - near ultrasonic chirp based chat program Message-ID: <52D56D8E.9030403@cypherpunks.to> Hi All while NOT encrypted.. this sounds apt for some encryption and use in tradecraft(ie 2 spies in a coffeeshop/restaurant what have you.. etc...) https://github.com/Katee/quietnet gh ps in python no less :) -- Tentacle #99 ecc public key curve p25519(pcp 0.15) 1l0$WoM5C8z=yeZG7?$]f^Uu8.g>4rf#t^6mfW9(rr910 Governments are instituted among men, deriving their just powers from the consent of the governed, that whenever any form of government becomes destructive of these ends, it is the right of the people to alter or abolish it, and to institute new government, laying its foundation on such principles, and organizing its powers in such form, as to them shall seem most likely to effect their safety and happiness.’ https://github.com/TLINDEN/pcp.git to get pcp(curve25519 cli) From nymble at gmail.com Tue Jan 14 09:04:29 2014 From: nymble at gmail.com (nymble) Date: Tue, 14 Jan 2014 09:04:29 -0800 Subject: consistent pcp/pbp formats (was: Curve p25519 Replacements for GnuPG?(x2 now) ..) In-Reply-To: <20140114111653.GD3900@r4> References: <20140114111653.GD3900@r4> Message-ID: <234EBEB4-F066-469A-8F49-D86DCDB30166@gmail.com> On Jan 14, 2014, at 3:16 AM, Thomas von Dein wrote: > >> - coordinate representation x, x&y, x and sign ... >> or bits to show which of these ... perhaps borrow ANSI method > > Could you please explain this further? ANSI defined (and used by NIST and others) the use of the first byte of a elliptic curve point representation to indicate if it is: - both x&y coordinates - compressed with sign in the byte - ..just x (guessing on this need to go check) bit coin may use the same … easiest doc to find would be in RFCs However … if the key is solely for an initial DH exchange you may not need anything. > >> - hint / indication of cipher suite / curve > > In pcp there's already such a hint included in exported keys, however > I'm not using it, since there's no choice of different curves in > libsodium so far. But it's on the list. OIDs suck. A simple registry would be nice. You need to know the key type when publicly introduced … but there are applications where you would want to be stealthier on indicating suite usage > >> - text encoding of binary format (ascii) > > As already stated in the other subthread, I use Z85, while stef is using > base85. Since Z85 is a subset of base85, I'm pretty sure we can agree on > something. Not familiar with Z85 … pointer please ... base85 or Z85 are a decent balance of compression and robustness for applications like email signatures > >> - human readable format > > There's a human readable version of keys in pcp, but the tool itself > doesn't use it (example attached). It uses the z85 encoded binary part > of such a file. > > pcp has some more fields stored in a key than pbp: > > - a key id (e.g. 0x54E9C62E1852EBC5) which is required to identify a key base27 would be much better for a ‘id’ that humans read base16 is really old school > - some text fields (owner, mail) > - a serial number > - key format version number > > I'm not sure, how stef solved the ed25519 issue (you can't use a > curve25519 secret key to create an ed25519 signature directly). After > some discussion on the libsodium mailinglist we came up with this: curve naming, test vectors, algorithm usage need work ... > > When the user generates a new key, the ed25519 secret key will be > generated first. The curve25519 secret will be derived from that, since > the ed25519 already contains a usable curve25519 key. In pcp I store > both of them for easier access, so the ed25519 and curve25519 secret and > public keys are stored, the secret keys are encrypted and I store the > nonce as well (see include/pcp/key.h). > > Speaking of key encryption: @stef: according to your docs you're already > using scrypt() for key derivation. I'd like to use that as well, but > it's not part of libsodium (afaik), so I use my own method for this til > scrypt() is implemented in libsodium. That's because I want to avoid > writing crypto code myself. > > Maybe we should iron out the details off-list? I’m interested … Paul > > > > bes, > Tom > > -- > PGP Key: https://www.daemon.de/txt/tom-pgp-pubkey.txt > S/Mime Cert: https://www.daemon.de/txt/tom-smime-cert.pem > Bitmessage: BM-2DAcYUx3xByfwbx2bYYxeXgq3zDscez8wC > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > From gwen at cypherpunks.to Tue Jan 14 09:25:20 2014 From: gwen at cypherpunks.to (gwen hastings) Date: Tue, 14 Jan 2014 09:25:20 -0800 Subject: Golay encoding? Re: quietnet - near ultrasonic chirp based chat program In-Reply-To: <52D56D8E.9030403@cypherpunks.to> References: <52D56D8E.9030403@cypherpunks.to> Message-ID: <52D57300.5060708@cypherpunks.to> this might benefit from a technique such as golay encoding or other ECC (error recovery encoding as from the SIK1000 project) https://github.com/tridge/SiK/blob/master/Firmware/radio/golay.c for radio telemetry from drones..) it seems ok on longer runs of bytes but gets frequent errors on shorter runs gh http://www.eccpage.com/ has most of the common ones On 1/14/14 9:02 AM, gwen hastings wrote: > Hi All > > while NOT encrypted.. this sounds apt for some encryption and use > in tradecraft(ie 2 spies in a coffeeshop/restaurant what have you.. etc...) > > https://github.com/Katee/quietnet > > > gh > ps in python no less :) > -- Tentacle #99 ecc public key curve p25519(pcp 0.15) 1l0$WoM5C8z=yeZG7?$]f^Uu8.g>4rf#t^6mfW9(rr910 Governments are instituted among men, deriving their just powers from the consent of the governed, that whenever any form of government becomes destructive of these ends, it is the right of the people to alter or abolish it, and to institute new government, laying its foundation on such principles, and organizing its powers in such form, as to them shall seem most likely to effect their safety and happiness.’ https://github.com/TLINDEN/pcp.git to get pcp(curve25519 cli) From jya at pipeline.com Tue Jan 14 08:12:06 2014 From: jya at pipeline.com (John Young) Date: Tue, 14 Jan 2014 11:12:06 -0500 Subject: [Cryptography] Boing Boing pushing an RSA Conference boycott Message-ID: Shirley Jackson, The Lottery, sacrificing a victim purges guilt of the guilty. Does anyone really believe RSA is alone in this "betrayal?" And that making an example of RSA will stop the industry practice of forked-tonguedness about working both sides of the imaginary fence of dual-use, dual-hat, duplicity of comsec? "Industry standards" were invented and are sustained for this purpose. No matter NSA, RSA, IETF, NIST, this breast-beating list of the guilty cryptographers pretending they did not know what their best customers and employers are doing. Boing Boing is being played like the crypto promotional wargame is played. From odinn.cyberguerrilla at riseup.net Tue Jan 14 11:28:08 2014 From: odinn.cyberguerrilla at riseup.net (Odinn Cyberguerrilla) Date: Tue, 14 Jan 2014 11:28:08 -0800 Subject: Net Neutrality Ruling, Internet Interprets Censorship as Damage, There are no Captains, Decentralize Everything, etc. Message-ID: Hello, As you are probably aware, there has been a net neutrality ruling from US courts and it essentially kills net neutrality. Reference (this is just one of many news outlets announcing this) http://gigaom.com/2014/01/14/breaking-court-strikes-down-fccs-net-neutrality-rules/?go_commented=1#comment-1388649 This is surely no new concept to anyone on this list (the concept that we can't rely upon laws, need to use technical solutions to bypass what passes for government/corporation-state, etc.) but I have to say this net neutrality calls into stark contrast what we are doing with what we could be doing. And by we, I mean anyone using the internet. Many people use AT&T, or Verizon. Many people use Google and Facebook. Or Weibo. Or VK. Or... you get the picture. But rather than harp about any one company (or licensing approach, or ruling, etc) I want to emphasize decentralized systems beyond what many are accustomed to hearing about / using. When people hear "open source" or "p2p" they might think of Ubuntu, or Android (regarding open source OSs) or Bittorrent, or Piratebay (in terms of things that come to mind if an ordinary human is asked what do they thing of as an example of P2P or F2F tech). Given the news about Bitcoin it's a sure bet at least some people if asked on the street might also say 'Bitcoin' (or alternately, "what's P2P?" or "Software!") So you'll get a lot of responses and responses will vary substantially, but this is my sense based on talking to people I know around my (rather small) town. But how often do you hear people talking about what is needed to literally Decentralize Everything? Well, except for posts occasionally on lists like these, or meetings / discussions with like-minded people, or hackerspaces, or development discussions, the answer is Almost Never. Anyway, this recent ruling announcement re. net neutrality (or its death) here in the USA is just one more example of how we cannot rely upon laws, at least in my view. But it also made me think some more about this and realize that if we want decentralized protocols / solutions to spread at all, we have to do a way better job at being good advocates for them and talking about them incessantly to everyone in a way that is easy, simple, and makes sense to people. As this post already exhibits I can be very wordy and windbaggish. Further evidence of that fact is presented amply in my recent post here: https://odinn.cyberguerrilla.org/index.php/2014/01/02/opensourcebuildguide/ As I reflect on this I think about the following. 1) I need to make something shorter that easily introduces people to open source stuff. Something that's even simpler than prism-break (http://prism-break.org/) - an option which is so simple that anyone (at least in primary school levels) can understand it and act on things presented in it within less than a minute. Look. Software. Click (one click, two max!) to get it. Done. 2) What are some ways to Decentralize Everything? To the DNS and beyond? Stuff that comes to mind (remember, there is no one thing, there are no captains, there is no one solution, these are just examples of possible partial solutions being thrown out here): 2)a. https://github.com/bitcoin/bitcoin/ 2)b. https://github.com/namecoin 2)c. https://nameid.org/ 2)d. concepts like this http://torrentfreak.com/how-the-pirate-bay-plans-to-beat-censorship-for-good-140105/ 2)e. Convergence for namecoin https://github.com/JeremyRand/Convergence/tree/namecoin 2)f. Convergence (a different one) https://github.com/moxie0/Convergence 2)g. Tack.io - for pinning (it's my understading that moxie0 prefers this direction, but I haven't been tracking it closely enough to say what is going on with it right now) --> http://tack.io/ 2)g.1. See also the Tack internet draft(!) at http://tack.io/draft.html 2)g.2. See also reference TACK implementations https://github.com/tack So... As I read through this, and similar stuff, I think to myself, something about this needs to be broadcast in a way that it is so easy to do, so simple to accept, that it meets the "everybody sees it (or it's in the news) and they click and download it" I know it's never really that simple. But I am throwing this out there because even more censorship is coming. And there are no captains, and we do need to decentralize everything. We must get A Lot more people on board with decentralization, open source, and as close to p2p as possible, we need to make it so easy to defeat censorship of anything that those who propose allowing it to happen will just throw up their hands in frustration. So the question (one of many!) is how to present this in a way that makes sense to a lot of people. A lot more than currently. OK I am done for now. your thoughts please From bmanning at isi.edu Tue Jan 14 12:03:36 2014 From: bmanning at isi.edu (manning bill) Date: Tue, 14 Jan 2014 12:03:36 -0800 Subject: Net Neutrality Ruling, Internet Interprets Censorship as Damage, There are no Captains, Decentralize Everything, etc. In-Reply-To: <1471773.ibDKBLxbjY@lap> References: <1471773.ibDKBLxbjY@lap> Message-ID: <1BA4F66E-6A4D-4898-9BCE-84EB31DE5C31@isi.edu> decentralization is (imho) a very poor characterization - what is wanted is target diffusion. in California-speak, “It’s all about me!” I could care less if my access to AT&T, Twitter, etc. are broken, I DON’T use them - I do have some folks hanging off AT&T that I do care about so access to them is important. To borrow from the subject line - there are -millions- of Captains /bill Neca eos omnes. Deus suos agnoscet. On 14January2014Tuesday, at 11:48, rysiek wrote: > Hi there, > > Dnia wtorek, 14 stycznia 2014 11:28:08 Odinn Cyberguerrilla pisze: >> (...) >> But how often do you hear people talking about what is needed to literally >> Decentralize Everything? >> >> Well, except for posts occasionally on lists like these, or meetings / >> discussions with like-minded people, or hackerspaces, or development >> discussions, the answer is Almost Never. > > Yes, because people do not understand why it is important. And it is not > limited to the (let's call it) "digital domain", look what's happening in > retail. Just try *not* buying Unilever, for example... > >> Anyway, this recent ruling announcement re. net neutrality (or its death) >> here in the USA is just one more example of how we cannot rely upon laws, >> at least in my view. But it also made me think some more about this and >> realize that if we want decentralized protocols / solutions to spread at >> all, we have to do a way better job at being good advocates for them and >> talking about them incessantly to everyone in a way that is easy, simple, >> and makes sense to people. > > We need more than that. We need to understand -- yes, us, the tech community > -- that for people to use decentralised services, these services must, > absolutely must!, be compatible and interoperable. > > Case in point: you can talk till you're blue in the mouth about federated > social web, but even once you get a person convinced to ditch Facebook for it, > you get The Question -- "So, which one should I use? Diaspora? Friendica? > StatusNet? Pump.io?" > > The proper answer, the answer we *have to* be able to give, is: > "use any of these, they talk to each other". > > This is, sadly, not the case. The Not Invented Here syndrome is killing us. > Look at what moving identi.ca from StatusNet to pump.io did to the federated > microblogging community... > >> As this post already exhibits I can be very wordy and windbaggish. >> Further evidence of that fact is presented amply in my recent post here: >> https://odinn.cyberguerrilla.org/index.php/2014/01/02/opensourcebuildguide/ >> >> As I reflect on this I think about the following. >> >> 1) I need to make something shorter that easily introduces people to open >> source stuff. Something that's even simpler than prism-break >> (http://prism-break.org/) - an option which is so simple that anyone (at >> least in primary school levels) can understand it and act on things >> presented in it within less than a minute. Look. Software. Click (one >> click, two max!) to get it. Done. >> >> 2) What are some ways to Decentralize Everything? To the DNS and beyond? >> Stuff that comes to mind (remember, there is no one thing, there are no >> captains, there is no one solution, these are just examples of possible >> partial solutions being thrown out here): >> 2)a. https://github.com/bitcoin/bitcoin/ >> 2)b. https://github.com/namecoin >> 2)c. https://nameid.org/ >> 2)d. concepts like this >> http://torrentfreak.com/how-the-pirate-bay-plans-to-beat-censorship-for-good >> -140105/ 2)e. Convergence for namecoin >> https://github.com/JeremyRand/Convergence/tree/namecoin >> 2)f. Convergence (a different one) https://github.com/moxie0/Convergence >> 2)g. Tack.io - for pinning (it's my understading that moxie0 prefers >> this direction, but I haven't been tracking it closely enough to say >> what is going on with it right now) --> http://tack.io/ >> 2)g.1. See also the Tack internet draft(!) at http://tack.io/draft.html >> 2)g.2. See also reference TACK implementations https://github.com/tack >> >> So... >> >> As I read through this, and similar stuff, I think to myself, something >> about this needs to be broadcast in a way that it is so easy to do, so >> simple to accept, that it meets the "everybody sees it (or it's in the >> news) and they click and download it" >> >> I know it's never really that simple. But I am throwing this out there >> because even more censorship is coming. And there are no captains, and we >> do need to decentralize everything. We must get A Lot more people on board >> with decentralization, open source, and as close to p2p as possible, we >> need to make it so easy to defeat censorship of anything that those who >> propose allowing it to happen will just throw up their hands in >> frustration. So the question (one of many!) is how to present this in a >> way that makes sense to a lot of people. >> >> A lot more than currently. >> >> OK I am done for now. >> >> your thoughts please > > Consider one idea for getting people to use decentralised social networks > instead of failbook: > http://rys.io/en/88 > > -- > Pozdr > rysiek From tom at vondein.org Tue Jan 14 03:16:53 2014 From: tom at vondein.org (Thomas von Dein) Date: Tue, 14 Jan 2014 12:16:53 +0100 Subject: consistent pcp/pbp formats (was: Curve p25519 Replacements for GnuPG?(x2 now) ..) Message-ID: <20140114111653.GD3900@r4> > consistent key formats are critical more than fine with me. > need to converge on: > - endianness I'm currently using big endian for multibyte values whereever they appear. It's already verified to work on little and big endian platforms (e.g. tested on aix/ppc) > - coordinate representation x, x&y, x and sign ... > or bits to show which of these ... perhaps borrow ANSI method Could you please explain this further? > - hint / indication of cipher suite / curve In pcp there's already such a hint included in exported keys, however I'm not using it, since there's no choice of different curves in libsodium so far. But it's on the list. > - text encoding of binary format (ascii) As already stated in the other subthread, I use Z85, while stef is using base85. Since Z85 is a subset of base85, I'm pretty sure we can agree on something. > - human readable format There's a human readable version of keys in pcp, but the tool itself doesn't use it (example attached). It uses the z85 encoded binary part of such a file. pcp has some more fields stored in a key than pbp: - a key id (e.g. 0x54E9C62E1852EBC5) which is required to identify a key - some text fields (owner, mail) - a serial number - key format version number I'm not sure, how stef solved the ed25519 issue (you can't use a curve25519 secret key to create an ed25519 signature directly). After some discussion on the libsodium mailinglist we came up with this: When the user generates a new key, the ed25519 secret key will be generated first. The curve25519 secret will be derived from that, since the ed25519 already contains a usable curve25519 key. In pcp I store both of them for easier access, so the ed25519 and curve25519 secret and public keys are stored, the secret keys are encrypted and I store the nonce as well (see include/pcp/key.h). Speaking of key encryption: @stef: according to your docs you're already using scrypt() for key derivation. I'd like to use that as well, but it's not part of libsodium (afaik), so I use my own method for this til scrypt() is implemented in libsodium. That's because I want to avoid writing crypto code myself. Maybe we should iron out the details off-list? bes, Tom -- PGP Key: https://www.daemon.de/txt/tom-pgp-pubkey.txt S/Mime Cert: https://www.daemon.de/txt/tom-smime-cert.pem Bitmessage: BM-2DAcYUx3xByfwbx2bYYxeXgq3zDscez8wC -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- ----- BEGIN PCP PUBLIC KEY ----- Generated by: Pretty Curved Privacy Version 0.1.5 Cipher: CURVE25519-ED25519-SALSA20-POLY1305 Owner: Alicia Mail: alicia at local Key-ID: 0x518602BB8F2D8C7F Public-Key: 1eRhFt(S$Aj[MWvNqYUgL(Mfpe86usIa9bvMwFc/7YTKo Creation Time: 2013-11-24T19:38:59 Checksum: 12:FE:CA:AD:09:3E:9F:2D:3D:3A:E8:8C:86:D5:75:58 C3:9C:5C:51:96:F7:1E:FA:0F:6D:75:1C:20:87:53:2D Serial Number: 0x49B690C5 Key Version: 0x00000004 Random Art ID: +----------------+ | . | | . . . | | o o | | . + . .| | . = . +o| | . . o +| | . | | | +----------------+ 1eRhFt(S$Aj[MWvNqYUgL(Mfpe86usIa9bvMwFc/7^R<>]u#!:jIb>^+HObot$n)mmc+r:n }14[Zcddn*^b::? %SZKTmRJYshko/&>x<*o77i[XM3W^-(OEt>6IvJkr]D<&D4cN?z.&Gl//X/D[KsAOUwlMLz fCSdcJ at a>wDHDFwj at M!RyQo.OT5jB0C5^&1J[>}d5bBR}lYwK+rlZfP&yme.D}}vxg6SW^U U$(/JeTC(w6t.*v9LxYl>7kQ^W)!sN5pBP+P(eVO)5Wu7vqGT/x<4zpJbh{}Smh5R?}42cWM at YOy+P2$/+Z#d=11b)8u]L[rh]7!DJglxt=- E=o)OI1s)g(rbpa8I{AJKG[nkxhVzf(j}!tgtaLm7t]B-3=tBMsTL$Q27$%n+wm 72F):2ctn)*?IOe64&^>h={:UX7fKdj{myaS[o l>o*<]dLqBf/R6Bgd1q!mLWv>lPmEm0@@r308!$I.VfVp1wc4--q/(r ------ END PCP PUBLICKEY ------ From gwen at cypherpunks.to Tue Jan 14 13:58:31 2014 From: gwen at cypherpunks.to (gwen hastings) Date: Tue, 14 Jan 2014 13:58:31 -0800 Subject: mixminion Message-ID: <52D5B307.6040104@cypherpunks.to> Hi ll Anyone know the current status.. any mixminion remailers still running?? seems like 4 servers only at present not near enough and ALL relay only.. adamas:relay (ok) cypher:mbox relay frag (ok) hermetix:mbox relay (ok) khjk:relay (ok) sigh gh - rebuilding the technology of dissent one software package at a time -- Tentacle #99 ecc public key curve p25519(pcp 0.15) 1l0$WoM5C8z=yeZG7?$]f^Uu8.g>4rf#t^6mfW9(rr910 Governments are instituted among men, deriving their just powers from the consent of the governed, that whenever any form of government becomes destructive of these ends, it is the right of the people to alter or abolish it, and to institute new government, laying its foundation on such principles, and organizing its powers in such form, as to them shall seem most likely to effect their safety and happiness.’ https://github.com/TLINDEN/pcp.git to get pcp(curve25519 cli) -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x42AA24D5.asc Type: application/pgp-keys Size: 70878 bytes Desc: not available URL: From gwen at cypherpunks.to Tue Jan 14 14:14:16 2014 From: gwen at cypherpunks.to (gwen hastings) Date: Tue, 14 Jan 2014 14:14:16 -0800 Subject: using Curve p25519 cryptography for type 2(Mixmaster) and type 3(mixminion) remailer blocks Message-ID: <52D5B6B8.2050107@cypherpunks.to> So it seems because we are using a decades old technology(email) that another 2 decade old technology is still useful for anonymous dissent where email based lists are concerned. I am looking at resurrecting mixmaster, mixminion and nym.alias.net nymserver designs from the various code wastebaskets and retrofit them with some newer encryption technology based on curve25519 and poly-1305 libsodium based algorithms and routines. Do these ideas sound interesting and viable to the coders on the list and of course worthwhile? or are they best left to the trashbin of history being mostly used by trolls and those damn pesky voices of dissent? gh -- Tentacle #99 ecc public key curve p25519(pcp 0.15) 1l0$WoM5C8z=yeZG7?$]f^Uu8.g>4rf#t^6mfW9(rr910 Governments are instituted among men, deriving their just powers from the consent of the governed, that whenever any form of government becomes destructive of these ends, it is the right of the people to alter or abolish it, and to institute new government, laying its foundation on such principles, and organizing its powers in such form, as to them shall seem most likely to effect their safety and happiness.’ https://github.com/TLINDEN/pcp.git to get pcp(curve25519 cli) https://github.com/stef/pbp.git (curve 25519 python based cli) -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x42AA24D5.asc Type: application/pgp-keys Size: 70878 bytes Desc: not available URL: From coderman at gmail.com Tue Jan 14 14:30:41 2014 From: coderman at gmail.com (coderman) Date: Tue, 14 Jan 2014 14:30:41 -0800 Subject: using Curve p25519 cryptography for type 2(Mixmaster) and type 3(mixminion) remailer blocks In-Reply-To: <52D5B6B8.2050107@cypherpunks.to> References: <52D5B6B8.2050107@cypherpunks.to> Message-ID: On Tue, Jan 14, 2014 at 2:14 PM, gwen hastings wrote: > ... > I am looking at resurrecting > > mixmaster, mixminion and nym.alias.net nymserver designs from the > various code wastebaskets and retrofit them with some newer encryption > technology based on curve25519 and poly-1305 libsodium based algorithms > and routines. email for private communication is a Bad Idea (TM) as has been thrashed over again and again,... lack of adoption implies remailer anonymity in practice denied. instead i would focus on designing and building low latency anonymous protocols resistant to traffic analysis and confirmation attacks. latency kills effective privacy! $0.02 From rich at openwatch.net Tue Jan 14 16:18:01 2014 From: rich at openwatch.net (Rich Jones) Date: Tue, 14 Jan 2014 16:18:01 -0800 Subject: BitCoin Stealth Addresses Message-ID: In response to the earlier chatter about BitCoin privacy.. http://sourceforge.net/mailarchive/message.php?msg_id=31813471 Apparently gaining some traction, implementation running on the testbed. Haven't looked over the details, but it at least seems like a small improvement. I don't know if it will actually defend against BitIodine type clustering analysis. R Full text: * Abstract A Stealth Address is a new type of Bitcoin address and related scriptPubKey/transaction generation scheme that allowers payees to publish a single, fixed, address that payors can send funds efficiently, privately, reliably and non-interactively. Payors do not learn what other payments have been made to the stealth address, and third-parties learn nothing at all. (both subject to an adjustable anonymity set) * Acknowledgments Credit goes to ByteCoin for the original idea.(1) Gregory Maxwell, Adam Back, and others on #bitcoin-wizards contributed valuable input on the implementation. Finally thanks goes to Amir Taaki for input on the general idea of stealth addresses and use-cases. * Background Viewed generally a Bitcoin address is a mechanism by which a payee instructs a payor to create a transaction such that the payee can spend one or more of the transaction outputs. Of course, typically the address is simply the hash of a pubkey, and the mechanism by which the funds are made available to the payee is to simply create a scriptPubKey of the following form: DUP HASH160 EQUALVERIFY CHECKSIG The problem however is address reuse: it is convenient for payees to give one or more payor a single address and use it multiple times for various purposes. This results in all those payments becoming trivially linkable to each other by an attacker - a threat not only to the privacy of the user, but also to all users of Bitcoin.(2) BIP32 hierarchical deterministic wallets are frequently proposed as a solution. Now an address is a chain code and the mechanism by which a scriptPubKey is generated is to derive a one-time-use pubkey from that chain code and some index i. However, this quickly runs into two main problems: 1) Lack of privacy: While someone not in possession of the address can't link payments together, someone who is can. 2) State: If the index is not to be re-used wallets must either maintain per-address state, or somehow query for already used indexes, or somehow generate them in a sufficiently small range that the payee can recover the indexes. All these solutions are problematic. A good example of where the BIP32-derivation solutions fails come up at the Dark Wallet Hackathon where it was suggested by the author that for the purpose of securing person-to-person payments OpenPGP public keys and X.509 certificates be extended with a new user-id field containing a Bitcoin address. Wallet software could then use either certificate system to ensure funds were being sent to the intended recipients - essentially a non-interactive way of solving what the BIP70 payment protocol solves interactively. Of course, without stealth addresses the scheme would likely have little or no privacy. * Requirements 1) Generated scriptPubKey must be globally unique 2) Must be only spendable by payee 3) scriptPubKey and associated transaction must be indistinguishable to third-parties from other transactions in some anonymity set. 4) Method must be fully deterministic and funds recoverable from a wallet seed and blockchain data for both payee and payor. 5) Funds must be efficiently recoverable by payee with reasonable, and configurable, computation and bandwidth costs. 6) Must be compatible with CoinJoin/Must not leak information to payee about what txins were used to pay them. 7) Must be compatible with multisig-protected wallets. 8) Must not make assumptions about txin scriptSig form. 9) Must be possible to prove to third parties that payment was made in accordance to instructions without revealing any other information. ** Payment Reliability Schemes for making payments by transmitting nonces to the recipient through some other medium, such as Bitmessage, were discussed at the Dark Wallet Hackathon. However using any medium but the blockchain itself for the communication means that the reliability of the payment getting to the recipient is less than that of a standard transaction. For instance Bitmessage nodes only keep messages for two weeks. We decided that anything less than reliable atomic transactions was unacceptable. * Applying encryption to payments, simple explanation Using Elliptic curve Diffie-Hellman (ECDH) we can generate a shared secret that the payee can use to recover their funds. Let the payee have keypair Q=dG. The payor generates nonce keypair P=eG and uses ECDH to arrive at shared secret c=H(eQ)=H(dP). This secret could be used to derive a ECC secret key, and from that a scriptPubKey, however that would allow both payor and payee the ability to spend the funds. So instead we use BIP32-style derivation to create Q'=(Q+c)G and associated scriptPubKey. As for the nonce keypair, that is included in the transaction in an additional zero-valued output: RETURN

The payee recovers the funds by scanning the blockchain for candiate P's in transactions, regenerating the scriptPubKey, and finally checking if any txouts in the transactions match. Note the close similarity of this technique to how the Bitmessage network functions - an initial implementation of the idea will find the Bitmessage code a suitable starting point. * Trading off anonymity set size for decreased bandwidth/CPU By taking advantage of prefix filters(3) we can choose a tradeoff between anonymity set size and bandwidth/CPU usage if the payee specifies that payments to them are to match some short prefix k. There are a few possibilities for how the prefix is to the applied - the most simple is if per-block indexes of scriptPubKeys are available: RETURN

Alternatively if per-block indexes of H(scriptPubKeys) are only available the wallet software can grind the scriptPubKey with nonce i until it matches the specified prefix: RETURN

Furthermore as symmetric ciphers are quite cheap we might as well hide the purpose of the OP_RETURN txout and encrypt the pubkey P using H(Q) as a symmetric key. This gives us a slightly larger anonymity set. * Advantages of using a separate output An alternative would be to either re-use a pubkey or signature nonce value from a transaction input, saving about 45 bytes per txout. An absolute minimum sized Bitcoin transaction is 166 bytes(4) so at best we have a 27% savings in tx fees, and more typically around ~15%. (modulo mass-payments from a single txin) However using an explicit prunable OP_RETURN output to store the pubkey rather than re-using one from a txin or txin signature has a number of advantages: 1) The txin's owned by the payor are not revealed to the payee. In fact, they could be held by a third-party who simply makes a transaction with the appropriate txouts on behalf of the payee. 2) Less information about the txouts is leaked. The statistical distribution of txouts remains unchanged - not possible in re-use schemes because they need to grind the payee scriptPubKey's for the sake of the prefix filters. 3) If required the nonce secret can be revealed to prove that a payment was made to a third-party, e.g. for dispute resolution. * Bare CHECK(MULTI)SIG output alternative An alternative with better efficiency could be to use bare OP_CHECK(MULTI)SIG outputs to hold the nonce pubkey - generally a second output is needed anyway for change. The most simple would be to use Jeff Garzik's OP_DROP proposal(5) for the prefix: DROP n ... m CHECKMULTISIG or DROP CHECKSIG The payor pubkey is in the *change* txout, and the payee's ECDH-derived pubkey in the other txout. By setting the prefix to be the same on both txouts and using the same basic scriptPubKey form the relationship of change and payment is still hidden; CoinJoin-using implementations can adopt even more sophisticated approaches. If IsStandard() rules remain the same and using OP_DROP is impractical, we can also grind the change pubkey to match the prefix in a deterministic manner so the wallet can still be recovered from a seed. More costly, but maybe still acceptable for reasonably short prefixes. Either way the result is transactions that are actually smaller and cheaper than standard transactions, although without the advantage of pushing scriptPubKey size payment to the receiver. (a pity we didn't spend the extra time to adopt OP_EVAL) A disadvantage is that revealing the nonce secret to prove a payment was made is more problematic - either the txout needs to be spent first, or we need a CHECKMULTISIG. * Address format To be decided. To support mulisig we probably want the ability to specify n-of-m master pubkeys, using the nonce to generate derived ones. For the single pubkey case the addresses will be a little longer than standard Bitcoin addresses: s9KND3vfXjs3YqfZp86Acce3bM7Mhuptwh6mjeDnThsDei9Z2ZZcU vs. 1LZn91ynrA6BCmoUKwnV3Ygk4FQMfPxLbg 1) ByteCoin, Untraceable transactions which can contain a secure message are inevitable, https://bitcointalk.org/index.php?topic=5965.0 2) Gregory Maxwell, Dark Wallet Certification discussions, also http://snowdenandthefuture.info/PartIII.html 3) Peter Todd, [Bitcoin-development] Privacy and blockchain data, http://www.mail-archive.com/bitcoin-development at ...> 4) Bitcoin Wiki, Maximum transaction rate, https://en.bitcoin.it/w/index.php?title=Maximum_transaction_rate&oldid=36983 5) Jeff Garzik, Add small-data OP_DROP transactions as standard transactions, https://github.com/bitcoin/bitcoin/pull/1809 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 10597 bytes Desc: not available URL: From jya at pipeline.com Tue Jan 14 14:34:26 2014 From: jya at pipeline.com (John Young) Date: Tue, 14 Jan 2014 17:34:26 -0500 Subject: [Cryptography] Boing Boing pushing an RSA Conference boycott Message-ID: If courageous, Rivest, Shamir and Adelson can be burnt in effigy. Their initials once were rightly world famous, and to smear these distinguished gentlemen by vulgar opportunistic protest instigated by noobs with less than zero comprehension of cryptography should be condemned not debated. James Bidzos raped the three once, twice, thrice, then hid his corporatorizing crime under skirts of EMC. Don't ravage his victims. Protest, sure, but demonstrate what to protest for effectiveness, not idiotic sloganeering of a logo. Hell, long-time duplicitous IBM deserves deeper anger than RSA. DES and much more. Go big and really bold. Protest the Waasenaar Arrangement, the greatest rigging of the dual-use technology market ever, and the world's greatest gang of cheaters, bribers, underhanded dealers of contraband, most of it lethal, far deadlier than crypto. Greenwald blogs there are cryptographers and comsec experts reviewing Snowden's material for future releases. Presumably the highly ethical reviewers have a clear shot at avoiding release of their own names and firms. They will cheat, that's certain. From gwen at cypherpunks.to Tue Jan 14 18:17:50 2014 From: gwen at cypherpunks.to (gwen hastings) Date: Tue, 14 Jan 2014 18:17:50 -0800 Subject: using Curve p25519 cryptography for type 2(Mixmaster) and type 3(mixminion) remailer blocks In-Reply-To: References: <52D5B6B8.2050107@cypherpunks.to> Message-ID: <52D5EFCE.5010008@cypherpunks.to> On 1/14/14 2:30 PM, coderman wrote: > On Tue, Jan 14, 2014 at 2:14 PM, gwen hastings wrote: >> ... >> I am looking at resurrecting >> >> mixmaster, mixminion and nym.alias.net nymserver designs from the >> various code wastebaskets and retrofit them with some newer encryption >> technology based on curve25519 and poly-1305 libsodium based algorithms >> and routines. > > > email for private communication is a Bad Idea (TM) > as has been thrashed over again and again,... Actually except for map all inputs and outputs types of adversaries.. I wont tend to agree with you. Thing is as long as there are mailing lists and email, remailers and nymservers will continues to be effective for personal and political usage. Just with rabbi(len sassman) dead(the last maintainer of the mixmaster code) there is no one to champion same(mixmaster) or even those left alive(nick matheson and few others(lucky,noise etc) who understand the tech well enough to make competent changes. The type 2 remailer network is still alive and working and new code will attract new operators and I plan the mods to support either old format or new format(once this is designed) type 2 and type especially in the face of the NSA monitoring...if nothing else than as a "FUCK YOU" gesture... The other problem is the by far and large disappearance of private email servers where one can experiment without the upstream complaining.. mostly this is confined to university or to elderly holdouts like moi who actually own long term persistant servers and fund their operation privately , comcast tries very hard to block port 25 and other email ports to force one to use only their outgoing email servers And again anonymous type 2 and hopefully type 3 remailers and nymservers again are useful in politics and other skulduggery(outing politicians etc) their safety or non safety depends on ones activities and ones tradecraft... > > lack of adoption implies remailer anonymity in practice denied. > > instead i would focus on designing and building low latency anonymous > protocols resistant to traffic analysis and confirmation attacks. > latency kills effective privacy! nah been there done that for past 24 years etc.. even was one of the first 2 "persons of interest" in the cypherpunks "movement". anonymous remailers are much more fun and mischievous than helping one handed morons view the latest porn at low latency. > > > $0.02 > bah humbug my .000265 btc -- Tentacle #99 ecc public key curve p25519(pcp 0.15) 1l0$WoM5C8z=yeZG7?$]f^Uu8.g>4rf#t^6mfW9(rr910 Governments are instituted among men, deriving their just powers from the consent of the governed, that whenever any form of government becomes destructive of these ends, it is the right of the people to alter or abolish it, and to institute new government, laying its foundation on such principles, and organizing its powers in such form, as to them shall seem most likely to effect their safety and happiness.’ https://github.com/TLINDEN/pcp.git to get pcp(curve25519 cli) https://github.com/stef/pbp.git (curve 25519 python based cli) -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x42AA24D5.asc Type: application/pgp-keys Size: 70878 bytes Desc: not available URL: From rysiek at hackerspace.pl Tue Jan 14 11:48:24 2014 From: rysiek at hackerspace.pl (rysiek) Date: Tue, 14 Jan 2014 20:48:24 +0100 Subject: Net Neutrality Ruling, Internet Interprets Censorship as Damage, There are no Captains, Decentralize Everything, etc. In-Reply-To: References: Message-ID: <1471773.ibDKBLxbjY@lap> Hi there, Dnia wtorek, 14 stycznia 2014 11:28:08 Odinn Cyberguerrilla pisze: > (...) > But how often do you hear people talking about what is needed to literally > Decentralize Everything? > > Well, except for posts occasionally on lists like these, or meetings / > discussions with like-minded people, or hackerspaces, or development > discussions, the answer is Almost Never. Yes, because people do not understand why it is important. And it is not limited to the (let's call it) "digital domain", look what's happening in retail. Just try *not* buying Unilever, for example... > Anyway, this recent ruling announcement re. net neutrality (or its death) > here in the USA is just one more example of how we cannot rely upon laws, > at least in my view. But it also made me think some more about this and > realize that if we want decentralized protocols / solutions to spread at > all, we have to do a way better job at being good advocates for them and > talking about them incessantly to everyone in a way that is easy, simple, > and makes sense to people. We need more than that. We need to understand -- yes, us, the tech community -- that for people to use decentralised services, these services must, absolutely must!, be compatible and interoperable. Case in point: you can talk till you're blue in the mouth about federated social web, but even once you get a person convinced to ditch Facebook for it, you get The Question -- "So, which one should I use? Diaspora? Friendica? StatusNet? Pump.io?" The proper answer, the answer we *have to* be able to give, is: "use any of these, they talk to each other". This is, sadly, not the case. The Not Invented Here syndrome is killing us. Look at what moving identi.ca from StatusNet to pump.io did to the federated microblogging community... > As this post already exhibits I can be very wordy and windbaggish. > Further evidence of that fact is presented amply in my recent post here: > https://odinn.cyberguerrilla.org/index.php/2014/01/02/opensourcebuildguide/ > > As I reflect on this I think about the following. > > 1) I need to make something shorter that easily introduces people to open > source stuff. Something that's even simpler than prism-break > (http://prism-break.org/) - an option which is so simple that anyone (at > least in primary school levels) can understand it and act on things > presented in it within less than a minute. Look. Software. Click (one > click, two max!) to get it. Done. > > 2) What are some ways to Decentralize Everything? To the DNS and beyond? > Stuff that comes to mind (remember, there is no one thing, there are no > captains, there is no one solution, these are just examples of possible > partial solutions being thrown out here): > 2)a. https://github.com/bitcoin/bitcoin/ > 2)b. https://github.com/namecoin > 2)c. https://nameid.org/ > 2)d. concepts like this > http://torrentfreak.com/how-the-pirate-bay-plans-to-beat-censorship-for-good > -140105/ 2)e. Convergence for namecoin > https://github.com/JeremyRand/Convergence/tree/namecoin > 2)f. Convergence (a different one) https://github.com/moxie0/Convergence > 2)g. Tack.io - for pinning (it's my understading that moxie0 prefers > this direction, but I haven't been tracking it closely enough to say > what is going on with it right now) --> http://tack.io/ > 2)g.1. See also the Tack internet draft(!) at http://tack.io/draft.html > 2)g.2. See also reference TACK implementations https://github.com/tack > > So... > > As I read through this, and similar stuff, I think to myself, something > about this needs to be broadcast in a way that it is so easy to do, so > simple to accept, that it meets the "everybody sees it (or it's in the > news) and they click and download it" > > I know it's never really that simple. But I am throwing this out there > because even more censorship is coming. And there are no captains, and we > do need to decentralize everything. We must get A Lot more people on board > with decentralization, open source, and as close to p2p as possible, we > need to make it so easy to defeat censorship of anything that those who > propose allowing it to happen will just throw up their hands in > frustration. So the question (one of many!) is how to present this in a > way that makes sense to a lot of people. > > A lot more than currently. > > OK I am done for now. > > your thoughts please Consider one idea for getting people to use decentralised social networks instead of failbook: http://rys.io/en/88 -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Tue Jan 14 11:54:23 2014 From: rysiek at hackerspace.pl (rysiek) Date: Tue, 14 Jan 2014 20:54:23 +0100 Subject: Net Neutrality Ruling, Internet Interprets Censorship as Damage, There are no Captains, Decentralize Everything, etc. In-Reply-To: References: Message-ID: <2453736.TbUznlt4Hs@lap> Also, Dnia wtorek, 14 stycznia 2014 11:28:08 Odinn Cyberguerrilla pisze: > But how often do you hear people talking about what is needed to literally > Decentralize Everything? > (...) > 2) What are some ways to Decentralize Everything? > (...) > 2)a. https://github.com/bitcoin/bitcoin/ > 2)b. https://github.com/namecoin > (...) > https://github.com/JeremyRand/Convergence/tree/namecoin > 2)f. Convergence (a different one) https://github.com/moxie0/Convergence > (...) > 2)g.2. See also reference TACK implementations https://github.com/tack We're trying to "decentralize everything" and yet we're using centralized GitHub for everything. inb4 "nah, it's fine, git lets me keep my repo at home, it's not that bad" - Let's ask ourselves if we can delete our GitHub accounts, right now, today. If not, QED. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From electromagnetize at gmail.com Tue Jan 14 19:46:49 2014 From: electromagnetize at gmail.com (brian carroll) Date: Tue, 14 Jan 2014 21:46:49 -0600 Subject: panoptic archive (urls) Message-ID: -:=/ kollider_function /=:-- A. Reversing the Panopticon http://cartome.org/reverse-panopticon.htm "The reconnaissance capabilities of (San Gimignano's) massive masonry observation towers, with their intelligence-gathering and defensive overview of strategic landscape and crucial traffic, had been supplanted by a more lightweight, mobile structure: a technology of administrative compartmentalization, classification and policing, underpinned by technologies of authoritarian inspection, data collection and databanking." B. [video] MICROWAVE WEAPONRY'S USE ON PEOPLE /via cryptome https://www.youtube.com/watch?v=aMMEQNnSZIo -- observation towers -- a. towers of San Gimignano http://www.contemporarynomad.com/wp-content/uploads/2012/11/san-gimignano.jpg b. cellular towers https://www.google.com/search?q=cellular+towers&tbm=isch The ocean's hidden waves show their power / stratification... http://phys.org/news/2014-01-ocean-hidden-power.html [q] Their effect on the surface of the ocean is negligible, producing a rise of just inches that is virtually imperceptible on a turbulent sea. But internal waves, which are hidden entirely within the ocean, can tower hundreds of feet, with profound effects on the Earth's climate and on ocean ecosystems. (...) These waves are potentially "the key mechanism for transferring heat from the upper ocean to the depths," Peacock says, so the focus of the research was to determine exactly how the largest of these waves, as revealed through satellite imagery of the Luzon Strait region, are generated.[/q] ))(()(( food science ()(())(( though my previous discovery of fried baloney & hummus with slice of red onion^1 as being strangely equivalent to an eggsalad sandwich (?!) was as far as it went; though just now realized in a lightly _toasted 7-grain bread, with mayo on one side, then thin sliced hard salami, thin slice of colby-jack, and other piece of bread, that-- (bread/mayo/salami/cheese/bread) the sandwich is so minimal and boring, works best with lettuce (arugula!) and slice of red onion, though without such ingredients, left to ponder on the delicious the crispy thin plain kettle potato chips, and decided to place them then squish them onto/into the sandwich as a new layer, somewhat panini flattened to get the chips to become more level... (bread/mayo/potato-chips/salami/cheese/bread) and oh my goodness is it a delicious sandwich. so figured to do a search and found others who have realized likewise, perhaps due to necessity... Squishing potato chips in your sandwich...anyone else do this? http://chowhound.chow.com/topics/763996 testing123... sprintf('onward... ^1: (bread/mayo/fried-balony/fresh-hummus/red-onion/bread) Is Your Refrigerator Running? / ~resiliency. via digg http://modernfarmer.com/2014/01/refrigerator-running/ [q] Refrigeration is the invisible backbone on which the world’s food supply depends — and given our climate-changed forecast of more extreme weather events, it may yet prove to be its Achilles’ heel. Currently, 70 percent of America’s food supply is refrigerated at some point in its journey from farm to table, and without refrigeration, meat, chicken, seafood and dairy last just two hours before they’re unsafe to eat. Perishable fruits and vegetables often have only a day or two at room temperature before they turn to mush.[/q] \\----- programming -----// [book review] Period Piece The theory and meaning of our own hieroglyphics. http://www.weeklystandard.com/articles/period-piece_773244.html?nopager=1# [q] Unlike the interrobang, whose conception, creation, rise, and fall were all observable within a decade, the @ symbol has been around for centuries and is now enjoying widespread resurgence thanks to the Internet. While its exact origins are unknown, the earliest recorded use of the @ symbol is in a letter sent from Seville to Rome, dated May 4, 1536. [/q] octothorpe = # pilcrow mark = ¶ interrobang = ‽ manicule = ☞ diple = ‹ guillemets = « » ligatures e.g. = æ dagger = † amphora = @ >>> cartoon <<< http://www.gapingvoid.com/when%20a-listers%20start%20losing%20the%20plot.jpg http://images.sodahead.com/polls/0/0/1/8/5/8/9/2/5/58451459_now_what.jpeg :::=====television=====::: re: POV--> Nobody Needs a New TV Anymore /via digg http://nymag.com/daily/intelligencer/2014/01/nobody-needs-a-new-tv-anymore.html [q] Unless the TV industry can find a way to force obsolescence on its old products — like making new models of devices like the Roku incompatible with TVs made before 2011 — the appeal of new models will be limited to TV addicts and people with too much disposable income.[/q] comments: i think the viewpoint in the above article demonstrates a certain narrowed conceptualization or myopia even, of technological systems as being more than the end-use tools that are interfaced with, say on the screen of a 'smart tv' or its hardware configurations and options. these are indicators of functionality, though they map into larger, extended systems - infrastructures, and various industries and buildings that have been effectively rationalized under an earlier broadcast, then cable model, now importing 'internet' content such as youtube videos and streaming movies (redbox, amazon video, etc) as additional layers or services. [note- still at CRT here, not sure how it functions exactly in these terms.] what is happening is one way to analyze the situation. what could be happening- the *potential* for network-based television, is a larger question and consideration. such a large enigma that Steve Jobs of Apple, Inc. claimed to have cracked the idea of television open, and realized or discovered resolution for a future model of television, likely involving the issue of its content ecosystem in addition to interface. a missing parameter in referencing [tv] without distinguishing past and future conceptual differences is that the cathode-ray-tubes of the past and liquid crystal displays (LCD) of the present HDTVs are of different parameters of functionality. it is not about connecting a CRT display to the global network as if 'Internet TV', another channel to tune into via airwaves. instead it is a television display (LCD) screen that has become a computer, and thus is more like having a personal computer becoming a television, though it can also tune into airwaves and network protocols as its channel spectrum. so while it is true perhaps that there is a limit to innovation in the hardware interfaces due to a limit reached in the given model, within certain constraints -- including content ownership via media conglomerates based on DRM and copyright restrictions, redistribution rights, and royalties -- which is basically the entire media industry, from radio to television to movies to music (and publishing even), this viewpoint is based on the idea that this situation is fixed in its given functioning and cannot be surpassed or radically changed, within those parameters. so part of the larger consideration would be to consider HDTV beyond the local tool or artifact - the television set - and consider the ecosystem it functions within and potentially could function within, interface with. first off: the TV set is recontextualized in the realm of the global computer network, and thus it is at least in part an issue of an 'internet television' set as HDTV device, interface, functionality, hardware, software, programming, content, display. likely curved screens, touch interfaces, wireless, menus/UI, refresh speed, resolution, these kinds of parameters have tangible effects on functionality, ease of use, enjoyment, if the design is effective. though -what- is accessible is a fundamental issue; and for many, this likely involves a cultural wasteland of commercial content chock full of advertisements , where the experience of seamless channel surfing has become bureaucratized, as IP and broadcast frequencies are different systems, and content exists in multiple formats in several locations (say media server, internet services, movie streaming, over-the-air) and thus begins to be unmanageable at the level of interface, requiring much effort to access and view content that is not preprogrammed and formatted (a guess, reading feedback of others) in that there are multiple systems, formats, menus, issues of having to type or input data, difficulty in doing so, etc. time, energy, frustration, when pre-computer TV was simple. basic. and always worked except for transmission glitches or interruptions. prior to being made obsolete by a new 'digital standard', making old sets no longer functional in the 'new system' which turns out to be CHAOS, a difficult to mediate or resolve cultural question, unless it is not in question- which then only involves extending the existing model, parameters further. and then it is only about dollars, selling units of HDTV, per capita consumption of mass media dressed-up as internet content, via extension of the same systems, one-way media delivery. except- youtube, memes, perhaps TED Conferences, etc. then also, videoteleconferencing. the larger question of infrastructure involves parallel video content that could be made accessible or available to these networked HDTVs. imagine community television, anywhere in the world. or special access to a school video archive of a children's play, requiring private login to view years later. though also, ideas and debates recorded on video, theater and plays as performance videos, music concerts and recitals, educational programming, lectures, etc. this was the earlier model or potential that was passed over, never allowed to develop by the existing rationalization, within its controlling interest and technical parameters. instead such 'civic content' is locked out, or made into a proprietary channel or service, oftentimes content requiring additional payment for access, instead of offering it as a public service, say for sustaining and improving cultural awareness, cultural literacy. instead, the bane of pledge drives for 'public TV' interrupts such content with commercials, advertisements that demand tithing in order to keep the awful content-system moving in the same backwards direction, a charade of educational programming, a heist of 'public airwaves' and spectrum, for what thus amounts to a private ideological approach to mass media, everywhere colonized the same. just consider - and certainly fortunate you are if not familiar with this television content - how destructive a show like "Friends" is to programming behavior of populations who then mimic and extend adult adolescence as 'shared consciousness' via brainwashed young people who congregate and behave similarly, as if adulthood involves preschool for shared groups. as if this dumbing-down is an education in ignorance, condoning and developing it (said show is show cynical perhaps it is covert-based military propaganda even, to promote such decline) so instead of communicating about meaningful ideas via television or video, having debates about ideas, the content is trivial and stupid. demeaning, debasing, idiotic, and formulaic for the very antihuman principles ruling over and oppressing populations in daily environments. what kind of relation does Hollywood have with human citizens exactly? why is mass media programming hostile to ideas of freedom, intelligence, beyond their narrow self-interest? what kind of public trust is that which seeks to eliminate other perspectives, public goals, ideals, principles, and instead actively dismantles, destroys, prevents, censors such views? and everyone who *purchases* their television content, pays or buys into this services. VOTES for it via participating in the onesided delivery model of ungrounded perspective, warped beliefs, antihuman agendas, normalized and standardized as if 'shared culture' and not unshared cult exploiting humans via oneway, entropic expropriation of human power, decision-making, relations, intelligence, via- most likely- endless signed ~legal documents now that is dark humor. so dark that the laugh track and non-funny comediennes provide a diorama-like span of artifice in which to place the malaise of being lost in such false POVs. this one-way formatting of culture in hostile terms and dynamics... then leading to adult preschoolers as the constituency, filling up the void in mass media as its representatives and participants. the state as mass media production, then waging war against terrorists, turning against its own citizenry and constitution. the script turned into a government prescription that then formats and 'owns' the development (and decline) of culture via its representation. political engineering, social engineering, behavioral engineering - marcom & advertising. public issues and interests then are a pay-per-access approach. parallel to this, timepiece, the SPOT watch by Microsoft, which could have indicated an innovative approach to content, except for a monthly or yearly fee to access radio-broadcast content for the 'smart watch', such that to get the weather report required tithing. any blip of news, more dimes and quarters. and thus content-limited, dies out. maximal payment via cellular data services-- requiring payment of full cellphone plan prior to access data or services are extra fees, such that actual *information* and data is rare, unless people live to SMS and that is their lifework the model of content distribution, ownership, approaches to 'profit'- removed of a vital and fundamental civic dimension and component that is absent from these devices and tools. essentially boxed-in by a limited privatized approach that relies on _censoring outside views and content from a given platform or industry or media, because that constraint becomes the basis for moneymaking instead of- i don't know- doing something worthwhile for humanity, in an innovative and ingenious way that still makes money, and does not falsely constrain or limit or confine the device or its future media development out of selfish private interest at the expense of larger human goals and needs. again- i don't know... like knowing when the bus is going to arrive at a bus stop via a watch or PDA or phone- as a public service. and having such data available and accessible for populations - and then developing more based on such public services and infrastructures, including media libraries accessible via HDTVs, schools or university resources and classes as part of public outreach, etc. in a coherent approach and model based on shared goals, principles, incentives, reflecting a value in truth and honoring content as more than private moneymaking ventures that turn culture into a fool's paradise the civic versus commercial footprint, not just for profit or even non-profit, also no-profit, a model of the commons and public human sphere that could be developed outside the given approaches, in parallel to it, and then made accessible via these tools, as another channel or interface, though likely a million times larger and full of all the best resources of culture. and being a citizen provides access, instead of having to pay for it through a third-party always so the issue of this existing development of idiocy as the basis for social relations (antisocial) if not promoting xenophobia via such group dynamics that become standard, 'the measure' by which others are judged, in these devolved terms and conditions. including in thinking, such that the ignorant become the masses who then single out unique individuals are the problem, the very opposite of democratic potentials, that ideas matter, not just shared views and beliefs in a larger louder physically more strong group who are superficial, shallow, and by most indications, incredibly stupid and extremely proud of it- because this ignorance is the very basis for social power, engineering consensus and compliance with such lowered viewpoints as if ideal, enlightened by conformity, by fitting in, submission, cultic bliss. it is difficult to write beyond this condition because it is the culture, it is the televised content, it has taken over 'online programming' and forms the basis for substitute discourse via idiotic memes and 'dialogue' about meaningless events as structure for shared relations and reality, making trivial the everyday, into issues of consumption, co-media/commodities that participation then validates as a process, sustaining and building false perspectives, structures, frameworks that can further be exploited, oppress, via these same means/memes high-brow, high art, intellectualism and theory-speak and social affairs to low brow to the realm of the debased and disgusting, all on the same cultural level, ungrounded, headed in an antihuman direction with an actively hostile agenda, and yet nonsensical or immune from 'reason' beyond opinion, due to loss of logic beyond binary ideology & its quick judgements. in this way mass media - networked or not - becoming channel surfing, there is always yet another choice to tune into, ignore the others, even while it persists, keeps on developing, though these 'other choices' are still the same thing, annihilating all hope of any change in principles and goals and ideals- because they are against human culture, implicitly, by design a question of platforms and tools and devices to access a parallel content system would need to investigate how to establish a framework for what exists as a latent yet unused resource, of video or recordings, and then model a way to integrate this public content into a common model that could scale from local to state to global interconnectivity, then to standardize this and establish a common interface that is of highest use and function and usability versus the oft encountered lowest functionality for such resources, set at odds with basic searches or categorization, for lack of coherent modeling of concepts and ideas, beyond unique strings reading about CES recently, the recent yearly Consumer Electronics Show, a quote from the Sony CEO reminded me of some of the unique potentials built into existing tools for access that could co-exist in traditional models and offer potentially an interface into this world beyond the private-only model, where cultural media resources could someday be accessed. reference: Sony CEO says cloud TV won't compete with cable http://www.theverge.com/2014/1/7/5285310/sony-ceo-kaz-hirai-says-cloud-tv-wont-compete-with-cable-4k-adoption [q] Unlike Microsoft's push, Hirai focused on the installed user base of the PS3, suggesting that when the service does come to customers it will be modular and will allow TV viewing across several of the company's products. "I know Intel was in this space as well, but from my perspective, when you look at the installed base of the PS3 — 25 million in the US — when we're talking to a lot of the broadcasters, it's a compelling number." [/q] the Sony Playstation (PS3/PS4) has its own gaming network and streaming services, though i am not familiar with how these function- it would seem that streaming video games as well as movie content is part of its ecosystem approach, perhaps also external services in some way. though what has intrigued me for years is that the device includes a Blu-Ray disk player as part of its videogame console, and can be used as a dvd player to watch HD movies, which the Blu-Ray disk format exists for- to match higher screen resolution of HDTVs, while earlier DVDs are more the cathode-ray-tube resolutions and screen ratios (4:3 versus 16:9). so there is an interesting overlap or crossover in content and media delivery, interface, interaction with the videogame consoles (presumably Microsoft X-Box One likewise), in that they not only can play videogames with an HDTV device, though can also play movies on disk, matched to that high definition resolution, and also access streaming content from the internet within some framework or given parameters. the potential then, in this particular videogame console as media access platform, is that it could open a portal to the 'public commons' of another world of content, say media archives of hundreds of thousands of films, lectures, videos of events, educational resources, and that if it were coherently organized and presented as public service, could likely be integrated into such a content delivery infrastructure - though connected with a different system of values than those that otherwise dominate what is on offer, as an 'online commons' or 'public space' beyond a realm of juvenilia or existing commercialism that is so highly saturated in the given model that it is like toxic content, as if ideological residue imparts itself from mere proximity to the detritus of the mainstream in its devolved, ungrounded warped worldview so what if the question of television extended into its infrastructure - what services are on offer, in the private model, and what content exists that could potentially be accessed, if it were coherently and effectively organized and accessed via these same tools and devices what if the problem involves information, modeling of a view that is not trapped within a too small consideration of what this involves, and requires a librarian-like cataloging of resources and an information architecture that unifies and scales distributed resources into a common model and intelligible framework, while not existing in the 'same place' or location, or within a central repository except insofar as it can be interfaced and accurately account for content perhaps issues of streaming are too involved and that a large effort and resources would be required to gain access to high definition content or quality media resources, yet the content itself already exists in archives around the world and locally, and would provide an immense value to those newly able to connect with what is otherwise absent and out of bounds within media and culture, if as memory, knowledge, communication, relation, awareness, value what if ideas were debated on the internet, like they were in past eras as part of the process of reasoning, and really got into the issues of information and intelligence in a shared model and multiple views. the incapacitation by one-way media prevents this, and a lack of quality in existing online resources, else media archives that remain unshared or still undeveloped, such as video of a dance performance or one act play, bound or limit what is possible now and also what could potentially occur, by neutralizing the possibility by going along with the standard model and approach that does not question or function outside its own parameters in terms of content development in profit-based scenarios what if knowledge was of value. shared awareness. education. insight. clear communication of ideas. debates that shape improved understanding and promotes civic involvement and engagement with the present day and its issues and situations. beyond the one-way panel and the presentations, and into other forms and dynamics of relation, sharing of ideas. this too could populate the content offerings within media devices. it would be interesting to know what the difficulties are, what attempts have been made, by those most engaged in these dynamics and dimensions- and what actually may be possible as human content within networked media devices beyond the WWW model for websites and apps, and TV channels. in this way, what about the media archive and networked library, access to the cultural assemblage of resources, stratigraphic layering, interconnections across frameworks --- quotes from Henry Ford --- http://www.secretsofthefed.com/wp-content/uploads/2013/01/Henry-Ford-Banking-and-monetary-system.jpg http://firm-guide.com/wp-content/uploads/2012/10/Quote-of-the-day-Henry-Ford.jpg .:.:-.-: URLS -:-..::. [experiment] String Crossing -- What do you see? http://www.exo.net/~pauld/activities/perception/stringcrossing.htm [video] George Lucas' First Film ('liberty and political freedom') http://gizmodo.com/freiheit-george-lucas-very-first-very-worst-film-1497187532 about: Freiheit (film) 1966 - 3 minutes http://en.wikipedia.org/wiki/Freiheit_%28film%29 // audio interview, tomorrow (1/15/2014) @ noon PST... Quantum Leap: The moment we transform potential into reality http://www.blogtalkradio.com/the-art-of-film-funding/2014/01/15/quantum-leap-the-moment-we-transform-potential-into-reality [q] Our guest, Fred Alan Wolf Ph.D., “teaches that quantum physics is the most useful, immediate, and relevant kind of science you can learn to profoundly affect your day-to-day life.[/q] New cyber-attack model helps hackers time the next Stuxnet http://phys.org/news/2014-01-cyber-attack-hackers-nextstuxnet.html [q] As Robert Axelrod and Rumen Iliev at the University of Michigan write in a paper just published in the Proceedings of the National Academy of Sciences, "The question of timing is analogous to the question of when to use a double agent to mislead the enemy, where it may be worth waiting for an important event but waiting too long may mean the double agent has been discovered."[/q] Coral chemical warfare: Suppressing a competitor enhances susceptibility to a predator http://phys.org/news/2014-01-coral-chemical-warfare-suppressing-competitor.html [q]The researchers don't know all the factors that may have made the chemically noxious seaweed more palatable to the fish. However, those seaweed portions that had been competing with coral had less effective chemical defenses against fish. When the researchers took extracts from treatment seaweed and control seaweed and applied them to a palatable seaweed species not previously used in the experiment, fish preferred the seaweed coated with extracts from the portions that had been competing with corals, indicating that competition had compromised the seaweed's chemical defenses against herbivores. [/q] ===== outer.limits ===== [video] 'Aliens Exist' Says Canada's Former Defense Minister¹ http://fusion.net/modern_life/story/aliens-exist-canadas-defense-minister-358002 ¹/via drudge :::::::::: muzak :::::::::: //cf.bitsets,logic,circuits,nestedsets,dimensions,numberline,aesthetics The Divine Music of Mathematics /via hh http://www.firstthings.com/article/2012/03/the-divine-music-of-mathematics [q] "The various attempts to impose mathematics on music (or music on mathematics) produced, respectively, bad music and bad mathematics." ... "Not until the nineteenth century did mathematicians arrive at a rigorous definition of irrational numbers, as the limit of an infinite converging sequence of rational numbers. [/q] ^ (this could be interdimensional,nested sets,thresholds, as with nested platonic solids, vertices/edges meeting, &c. note also: music seems to have no concept of ~perspective. perhaps why musicology is incoherent if not nonsensical; midi notevalues makes fineprint legalize look like poetry) (note: 'most simple number' (1), infinity can exist between zero & one, in bounded condition,given approach/dynamics) (rel. what is missing/big conceptual gap: laser monochord; analog-digital, modeling+sampling(&classical/quantum), simplest 'vibrating string' instrument to model emp.ideas; harmonics,split,multiplex beams,tuning,ratios,plus signals) (musical frameworks are flat. Timaeus not flat,nested and hierarchy, implicit. problems related to time,metronome- approach,numberline. makes no sense as space-time/order whereby natural rhythm,movement as if artificial,unnatural; ideological snap to fit. framework is conceptually backwards, like rationalizing everything in a given consensus, false-view) [note:the world (15c.onward) this article describes is madness] [also: 1 symbolically equates w/infinity in n-value logic model] (issue:basically,trying to work expanded,fragmented,diluted cosmic bitset back to core truth (1), in multiple frameworks, nested,disconnected permutations full of noise,tiny signals; patterns,circuits,ecology,forms/concepts,archetypes,structures) more... problem with music: model of the world does not accurately map to experience (of reality) thus problem of communication/langue, viewpoints & sharing of false perspective, beliefs, rationalizations. (future: music visualization displays, tracking, order, structure, cf. videogames (rockband,etc), also n-dimensional, geometric space, drumming in virtual reality, inside 12-sided polygon mile wide, &c) --note also, this summarizing quote from the essay... [q] In light of the extraordinary influence of Augustine’s idea, we might think about the problem this way: Even if the ultimate foundations of reality remain hidden from us, we nonetheless possess a creative faculty that gives us insight into the infinite. We employ the same faculty at play in music as we do in probing reality through mathematics. And this faculty whose workings we observe in the laboratory of music offers an intimation of our role as junior partners in creation.[/q] (i think this is dead wrong. there is infinitesimal truth, not maximal in music today, 'junior partners' only if neuro/audio/signal engineering programming audiences via entrainment,hypnosis, brain-wave mods; otherwise this kind of connection is an illusion and a cultural conceit) <---| ¿¿¿ |---> future Google as information bank, leasing data/info or access ----------------------------------------------------------------- [video] The Game of Wiffleball https://www.youtube.com/watch?v=5y_Wa21qjNs ', $nym, $curveball); {educational fair-use of copyright, 2013} 13C/27-C1 112-B2B/57-A2A 613-A2A/54-B2A -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 33572 bytes Desc: not available URL: From grarpamp at gmail.com Tue Jan 14 20:57:12 2014 From: grarpamp at gmail.com (grarpamp) Date: Tue, 14 Jan 2014 23:57:12 -0500 Subject: using Curve p25519 cryptography for type 2(Mixmaster) and type 3(mixminion) remailer blocks In-Reply-To: <52D5EFCE.5010008@cypherpunks.to> References: <52D5B6B8.2050107@cypherpunks.to> <52D5EFCE.5010008@cypherpunks.to> Message-ID: >> On Tue, Jan 14, 2014 at 2:14 PM, gwen hastings wrote: >>> ... >>> I am looking at resurrecting >>> >>> mixmaster, mixminion and nym.alias.net nymserver designs from the >>> various code wastebaskets and retrofit them with some newer encryption >>> technology based on curve25519 and poly-1305 libsodium based algorithms >>> and routines. I believe there is sufficient demand to merit deployment of a good mix network. As well as perhaps web/other intake frontends due to the now prevalent a) dwindling free email b) demand by mail providers for phone authentication. As for operators, I'd reach out to the Tor, I2P, Bitcoin, etc operators. It's a shame that one of the hardest things to find these days is anonymous free speech in the simple form of the written word. From coderman at gmail.com Wed Jan 15 01:55:40 2014 From: coderman at gmail.com (coderman) Date: Wed, 15 Jan 2014 01:55:40 -0800 Subject: panoptic archive (urls) In-Reply-To: References: Message-ID: On Tue, Jan 14, 2014 at 7:46 PM, brian carroll wrote: >... > Squishing potato chips in your sandwich...anyone else do this? Brian: the little things make me recognize the distinct-ness of your id. like this, on the cypherpunks list. ... and yes . . . :) From coderman at gmail.com Wed Jan 15 02:03:16 2014 From: coderman at gmail.com (coderman) Date: Wed, 15 Jan 2014 02:03:16 -0800 Subject: using Curve p25519 cryptography for type 2(Mixmaster) and type 3(mixminion) remailer blocks In-Reply-To: <52D5EFCE.5010008@cypherpunks.to> References: <52D5B6B8.2050107@cypherpunks.to> <52D5EFCE.5010008@cypherpunks.to> Message-ID: On Tue, Jan 14, 2014 at 6:17 PM, gwen hastings wrote: > ... > Just with rabbi(len sassman) dead(the last maintainer of the mixmaster > code) there is no one to champion same(mixmaster) or even those left > alive(nick matheson and few others(lucky,noise etc) who understand the > tech well enough to make competent changes. The type 2 remailer network > is still alive and working and new code will attract new operators and > I plan the mods to support either old format or new format(once this is > designed) type 2 and type especially in the face of the NSA > monitoring...if nothing else than as a "FUCK YOU" gesture... i'm nostalgic for 5MB MFM full height drives in an 8088 with turbo button. i'm nostalgic for NeXT Step slabs and connection machines. i'm nostalgic for the NSA that strengthened public cryptosystems against future attacks. ... but that doesn't make those days any less dead. > nah been there done that for past 24 years etc.. > even was one of the first 2 "persons of interest" in the cypherpunks > "movement". > > anonymous remailers are much more fun and mischievous than helping one > handed morons view the latest porn at low latency. fuck mate, this is about mischief!? ... ... hold up, time to off list before JYA calls us FBI shills ;P From yumkam at gmail.com Tue Jan 14 14:46:08 2014 From: yumkam at gmail.com (Yuriy Kaminskiy) Date: Wed, 15 Jan 2014 02:46:08 +0400 Subject: consistent pcp/pbp formats (was: Curve p25519 Replacements for GnuPG?(x2 now) ..) In-Reply-To: <20140114111653.GD3900@r4> References: <20140114111653.GD3900@r4> Message-ID: Thomas von Dein wrote: >> consistent key formats are critical > > more than fine with me. > >> need to converge on: >> - endianness > > I'm currently using big endian for multibyte values whereever they > appear. It's already verified to work on little and big endian platforms > (e.g. tested on aix/ppc) > >> - coordinate representation x, x&y, x and sign ... >> or bits to show which of these ... perhaps borrow ANSI method > > Could you please explain this further? > >> - hint / indication of cipher suite / curve > > In pcp there's already such a hint included in exported keys, however > I'm not using it, since there's no choice of different curves in > libsodium so far. But it's on the list. > >> - text encoding of binary format (ascii) > > As already stated in the other subthread, I use Z85, while stef is using > base85. Since Z85 is a subset of base85, I'm pretty sure we can agree on > something. > >> - human readable format > > There's a human readable version of keys in pcp, but the tool itself > doesn't use it (example attached). It uses the z85 encoded binary part > of such a file. > > pcp has some more fields stored in a key than pbp: > > - a key id (e.g. 0x54E9C62E1852EBC5) which is required to identify a key > - some text fields (owner, mail) > - a serial number > - key format version number > > I'm not sure, how stef solved the ed25519 issue (you can't use a > curve25519 secret key to create an ed25519 signature directly). After > some discussion on the libsodium mailinglist we came up with this: > > When the user generates a new key, the ed25519 secret key will be > generated first. The curve25519 secret will be derived from that, since In general, reusing keys for different purposes (signing and encryption) considered bad idea, even through it is possible (RSA signing and RSA encryption, DSA signing and ElGamal/DH encryption [fwiw, this one considered *very* bad idea]). > the ed25519 already contains a usable curve25519 key. In pcp I store > both of them for easier access, so the ed25519 and curve25519 secret and > public keys are stored, the secret keys are encrypted and I store the > nonce as well (see include/pcp/key.h). > > Speaking of key encryption: @stef: according to your docs you're already > using scrypt() for key derivation. I'd like to use that as well, but > it's not part of libsodium (afaik), so I use my own method for this til > scrypt() is implemented in libsodium. That's because I want to avoid > writing crypto code myself. > Maybe we should iron out the details off-list? PS If I'm not mistaken, pcp is using longtime curve25519 secret key for message encryption. 1) Recipient needs to know sender public key. Bad. 2) Message remains decipherable by sender. Very bad. 3) Sender public key/identity leaks with each message. Very bad. 4) Sender needs access to her secret key. Bad. 5)6)7)... Wut? WTF? WHY????? Just generate single-use keypair, send public part with message, throw away secret part right after encryption. PPS gnupg devs are currently working on adding support for curve25519/​ed25519; though, it's on very early development stage. Oh, well, NIH-NIH-NIH, let's invent our own square-wheel bycicle. From grarpamp at gmail.com Wed Jan 15 04:35:49 2014 From: grarpamp at gmail.com (grarpamp) Date: Wed, 15 Jan 2014 07:35:49 -0500 Subject: [p2p-hackers] The next gen P2P secure email solution In-Reply-To: <52D123A5.4050706@cathalgarvey.me> References: <52BB76A6.2000606@matthew.at> <52C105F2.6060606@iang.org> <52CF8BFB.7090105@echeque.com> <52D123A5.4050706@cathalgarvey.me> Message-ID: On Sat, Jan 11, 2014 at 5:57 AM, Cathal Garvey wrote: > Red herring-ish, but if you want to get your friends off Skype, don't > wait for the golden solution. Pick something good-enough and use that. > I've had moderate success migrating people to Jitsi. Similar ease of use For any app really, ditto on success, especially if there's a windows port. Various approaches usually work: - "I need someone to test with" - "This is what I use a) your thing doesn't work for me b) this is better or c) tough" - Etc If you're willing to put in the time to show people, they will use it. > Back on topic, I'm not sure that it's possible to achieve low-latency > and endpoint obfuscation for something that requires streaming like > VoiP. Tor is already pushing the boundaries of low-latency mixing with > an asynchronous protocol that doesn't *require* perfect synchrony, such > as would be required of VoiP. So you might have to sacrifice obfuscation > of *who* you're talking to in order to achieve security across the wire, > or trust third parties such as VPNs or friend-to-friend connections > (Retroshare model) to provide lots of bandwidth. There are people reporting that voice over Tor hidden services is at least barely to actually useable, there is a lot of variance though. Streaming low bitrate music is no problem. Latency is about a second, setup can be a few+ seconds. Again, variance rules. Regarding attacks, low latency and bulk data streams present different surfaces. It would be interesting to see an anonymous network that fills the entire banwidth you allocate to your node with chaff during the time in which you do not otherwise need it. The anonbib probably has something to say about that. The subject is regarding large scale P2P secure messaging,(email) not particularly the subthread of voice / general data transport.. I can see some advantage to using/modifying/merging ideas from say Tor, cjdns and similar general transports for messaging. Is there possibly a grand unification transport here? From electromagnetize at gmail.com Wed Jan 15 08:24:57 2014 From: electromagnetize at gmail.com (brian carroll) Date: Wed, 15 Jan 2014 10:24:57 -0600 Subject: panoptic archive (urls) In-Reply-To: References: Message-ID: is sharing potato chip discovery worth retaliatory bombardment by constant infrasound noise tones - difficult to say... > Squishing potato chips in your sandwich...anyone else do this? > > > Brian: the little things make me recognize the distinct-ness of your > id. like this, on the cypherpunks list. > > ... and yes > . > . > . > > > :) > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 636 bytes Desc: not available URL: From tom at vondein.org Wed Jan 15 01:34:43 2014 From: tom at vondein.org (Thomas von Dein) Date: Wed, 15 Jan 2014 10:34:43 +0100 Subject: consistent pcp/pbp formats (was: Curve p25519 Replacements for GnuPG?(x2 now) ..) In-Reply-To: References: <20140114111653.GD3900@r4> Message-ID: <20140115093443.GE3900@r4> On Wed, Jan 15, 2014 at 02:46:08AM +0400, Yuriy Kaminskiy wrote: > > When the user generates a new key, the ed25519 secret key will be > > generated first. The curve25519 secret will be derived from that, since > > In general, reusing keys for different purposes (signing and encryption) > considered bad idea, even through it is possible (RSA signing and RSA > encryption, DSA signing and ElGamal/DH encryption [fwiw, this one considered > *very* bad idea]). Well, the libsodium developers not only told me how to do it, it was their idea. However, it's of course very simple to generate them separate. > 1) Recipient needs to know sender public key. Bad. That's the way curve25519 works. It would be possible to use one time keys but for this there has to be some kind of key exchange process before. But since pcp runs in offline mode, I'm not sure how to do this in a user friendly way. > 2) Message remains decipherable by sender. Very bad. No, it doesn't. In order to decrypt a message one needs the recipient secret key and the sender public key. > 3) Sender public key/identity leaks with each message. Very bad. Because? While I don't know how stef does it in pbp, I only add the key id to the cipher so that the recipient knows which key has to be used to decrypt. I'm not sure how it is bad to publish a key id. That's daily business with pgp as well. > 4) Sender needs access to her secret key. Bad. Again, this is how curve25519 is designed. > Just generate single-use keypair, send public part with message, throw away > secret part right after encryption. The sender needs a public key from the recipient anyways. And to be able to decrypt the message, the recipient has to retain her secret key. > Oh, well, NIH-NIH-NIH, let's invent our own square-wheel bycicle. Funny, but neither I nor stef invented anything. DJB did. - Tom -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From carimachet at gmail.com Wed Jan 15 03:38:14 2014 From: carimachet at gmail.com (Cari Machet) Date: Wed, 15 Jan 2014 12:38:14 +0100 Subject: [Cryptography] Boing Boing pushing an RSA Conference boycott In-Reply-To: References: Message-ID: well one of the problems is they dont know as much as you do we try not to berate the others for their work - yes 'reformists' suck but at least they are not sitting on their potato asses maybe you can post something on cryptome to wake them up those boingos :::::: tweet it at them after you post it so the community can see the criticism - maybe it can spark a debate and some knowledge can b had Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. On Tue, Jan 14, 2014 at 11:34 PM, John Young wrote: > If courageous, Rivest, Shamir and Adelson can be burnt in effigy. > > Their initials once were rightly world famous, and to smear these > distinguished gentlemen by vulgar opportunistic protest instigated > by noobs with less than zero comprehension of cryptography > should be condemned not debated. > > James Bidzos raped the three once, twice, thrice, then hid his > corporatorizing crime under skirts of EMC. Don't ravage his > victims. > > Protest, sure, but demonstrate what to protest for effectiveness, > not idiotic sloganeering of a logo. Hell, long-time duplicitous > IBM deserves deeper anger than RSA. DES and much more. > > Go big and really bold. Protest the Waasenaar Arrangement, > the greatest rigging of the dual-use technology market ever, and > the world's greatest gang of cheaters, bribers, underhanded > dealers of contraband, most of it lethal, far deadlier than crypto. > > Greenwald blogs there are cryptographers and comsec experts > reviewing Snowden's material for future releases. Presumably > the highly ethical reviewers have a clear shot at avoiding release > of their own names and firms. They will cheat, that's certain. > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2750 bytes Desc: not available URL: From tom at vondein.org Wed Jan 15 05:41:45 2014 From: tom at vondein.org (Thomas von Dein) Date: Wed, 15 Jan 2014 14:41:45 +0100 Subject: consistent pcp/pbp formats (was: Curve p25519 Replacements for GnuPG?(x2 now) ..) In-Reply-To: References: <20140114111653.GD3900@r4> <20140115093443.GE3900@r4> Message-ID: <20140115134145.GF3900@r4> On Wed, Jan 15, 2014 at 04:29:44PM +0400, Yuriy Kaminskiy wrote: > > Well, the libsodium developers not only told me how to do it, it was > > their idea. However, it's of course very simple to generate them > > separate. > > It is *possible* to use same RSA keypair for encryption and signing (and earlier > pgp versions used to that). Does not mean it is *good idea* (and newer > openpgp/gnupg switched to use separate keys for signing/encryption/certificate > signing purposes, by subkeys mechanism). We're not talking about RSA, do we? > (For DH/DSA it is even worse, you *can* reuse same keypair, but this leads to > leak of secret key material. I'm not sure if same leak scenario apply to > ECDH[curve25519]/EdDSA[ed25519], but better safe than sorry. And keypair reuse > is bad from operational security pov anyway). As I alredy said, it's no problem to have separate keyspairs for signing and encrypting, just a couple of lines to change. > >> 1) Recipient needs to know sender public key. Bad. > > [clarification: sender *long-term* public key; of course, receiver needs to know > public key that was used for message encryption; but this key need not be same > with sender *long-term* key] > > > That's the way curve25519 works. It would be possible to use one time > > keys but for this there has to be some kind of key exchange process > > before. But since pcp runs in offline mode, I'm not sure how to do this > > in a user friendly way. > > I explained: include (single-use) public key in message, in place of "hash of > sender key id"). Ok, let me formulate it better: I can use a single-use keypair on the sender's side and include the public part in the message. Cool. But the sender would nevertheless need a public key from the recipient. This one has to be from a long-term key, since we're operating in a store-and-forward environment. But it doesn't make sense to use a single-use key only on one side of the communication, does it? As a sidenote, in pcp it's possible to generate a keypair for one recipient (it's derived from the long-term keypair), so you'd at least have one keypair per peer. But it's unclear to me, how to use single-use keys on both sides of a communication in a store-and-forward environment. Any hints? > >> 2) Message remains decipherable by sender. Very bad. > > > > No, it doesn't. In order to decrypt a message one needs the recipient > > secret key and the sender public key. > > Yes, it does. With your protocol, message can be alternatively deciphered with > crypto_open_box(c, n, sender_public_key, receiver_secret_key); > (by receiver, good) or, alternatively, with > crypto_open_box(c, n, receiver_public_key, sender_secret_key); > (by sender, *BAD*). Really? I'll try it, but if this is the case, then it's bad indeed. > With openpgp (and with my suggested change), sender does not retain secret key > used for message encryption, and thus cannot decipher his own message. Yea, I see. > Incorrect. This is NOT daily business with pgp. Openpgp does not use long-term > sender keypair when it encrypt message (otherwise, how could you encrypt message > without using passphrase?) and does not leak sender keyid (/by default/ gnupg > leaks /recipient/ keyid, but it can be disabled with --hidden-recipient). ok, got it. > DJB has nothing to do with your self-invented protocol. > DJB invented bending tool. *You* decided to use it to make square wheels. Come on, have a heart. The only thing I "invented", was how to store keys and encrypted files. It's just a fun project in it's early stages and everything can be changed. And I'm really glad when someone points out some errors I made. > P.S. there were thing that openpgp did horrible wrong: keyids (they are harmful > and useless crap). Funnily, you repeated their misdesign. ok, really got it. - Tom -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From coderman at gmail.com Wed Jan 15 15:30:22 2014 From: coderman at gmail.com (coderman) Date: Wed, 15 Jan 2014 15:30:22 -0800 Subject: weasel words: "no evidence that the N.S.A. has implanted its software or used its radio frequency technology inside the United States" Message-ID: note the misdirection and switcharoo here: """ “N.S.A.'s activities are focused and specifically deployed against — and only against — valid foreign intelligence targets in response to intelligence requirements,” Vanee Vines, an agency spokeswoman, said in a statement. “We do not use foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of — or give intelligence we collect to — U.S. companies to enhance their international competitiveness or increase their bottom line.” """ these systems have been deployed domestically, albeit under the guise of "valid foreign intelligence targets"... and those a suspiciously close number of hops from same. --- http://cryptome.org/2014/01/nsa-quantum-radio.htm . . . But the program, code-named Quantum, has also been successful in inserting software into Russian military networks and systems used by the Mexican police and drug cartels, trade institutions inside the European Union, and sometime partners against terrorism like Saudi Arabia, India and Pakistan, according to officials and an N.S.A. map that indicates sites of what the agency calls “computer network exploitation.” “What’s new here is the scale and the sophistication of the intelligence agency’s ability to get into computers and networks to which no one has ever had access before,” said James Andrew Lewis, the cybersecurity expert at the Center for Strategic and International Studies in Washington. “Some of these capabilities have been around for a while, but the combination of learning how to penetrate systems to insert software and learning how to do that using radio frequencies has given the U.S. a window it’s never had before.”... There is no evidence that the N.S.A. has implanted its software or used its radio frequency technology inside the United States. While refusing to comment on the scope of the Quantum program, the N.S.A. said its actions were not comparable to China’s. “N.S.A.'s activities are focused and specifically deployed against — and only against — valid foreign intelligence targets in response to intelligence requirements,” Vanee Vines, an agency spokeswoman, said in a statement. “We do not use foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of — or give intelligence we collect to — U.S. companies to enhance their international competitiveness or increase their bottom line.” Over the past two months, parts of the program have been disclosed in documents from the trove leaked by Edward J. Snowden, the former N.S.A. contractor. A Dutch newspaper published the map of areas where the United States has inserted spy software, sometimes in cooperation with local authorities, often covertly. Der Spiegel, a German newsmagazine, published the N.S.A.'s catalog of hardware products that can secretly transmit and receive digital signals from computers, a program called ANT. The New York Times withheld some of those details, at the request of American intelligence officials, when it reported, in the summer of 2012, on American cyberattacks on Iran. . . . From measl at mfn.org Wed Jan 15 13:54:33 2014 From: measl at mfn.org (J.A. Terranson) Date: Wed, 15 Jan 2014 15:54:33 -0600 (CST) Subject: A90-217 the beginnings of the NSA-TAO in 1990s In-Reply-To: <03c9a93618410d8db1cdd5ac573511ff@remailer.privacy.at> References: <03c9a93618410d8db1cdd5ac573511ff@remailer.privacy.at> Message-ID: On Wed, 15 Jan 2014, Anonymous Remailer (austria) wrote: > tracking down the bastards > > http://www.nytimes.com/2014/01/15/us/nsa-effort-pries-open-computers-not-connected-to-internet.html?hp&_r=0 > > How it started... > Sophisticated Virus, Parasite and Resource Management systems are to be > constructed to alter or report on the operation of a designated target. > Specific systems include the Tape Worm, a low profile smart Parasite > featuring comprehensive resource management operations, the Stealth > Striker, an ultra low profile targeting virus, the Transport, an ultra > low profile utility virus used to transport, load and excecute large > programs and various surveillance and maintenance systems. > Virus/Parasite objectives include securing a stable base, fixing, > relocating and reproducing in teh target system, the ability to find and > infect other systems, alter/record/monitor/recall computer operations, > and alter/record/monitor/recall data and output. The effort will also > produce a Code miniaturization strategy and apply the principals to the > EMC programs. compact Task Oriented Routines are designed to create code > to perform assigned tasks. > > another winner of the Phase 1 grant was > Sparta, Inc. > 23041 Avenida De La Carlota,, Suite 325 > Laguna Hills, CA 92653 > Principal Investigator > DOUG PRICE Afraid this was a late follow-on to the 1987 program out of Ft. Monmouth (via Battelle/DARPA at USAF request). The RFP outlined above is nearly a word for word copy of the one I saw in 1987 (right around the time of the Morris Worm). The company I worked for at the time actually bid on it (and lost, thank god!). //Alif -- Those who make peaceful change impossible, make violent revolution inevitable. An American Spring is coming: one way or another. From coderman at gmail.com Wed Jan 15 16:08:19 2014 From: coderman at gmail.com (coderman) Date: Wed, 15 Jan 2014 16:08:19 -0800 Subject: [cryptography] [Cryptography] Boing Boing pushing an RSA Conference boycott In-Reply-To: References: <20140115030007.E2AC022809C@palinka.tinho.net> <52D67025.40304@iang.org> <2A0EFB9C05D0164E98F19BB0AF3708C711E91F9D3C@USMBX1.msg.corp.akamai.com> <52D6C1F1.2060904@iang.org> Message-ID: On Wed, Jan 15, 2014 at 10:31 AM, John Young wrote: > With a $67B security market heading to $87B by 2016 why > would any security firm settle for RSA piddling racketerring? > ... > Not saying the RSA bashers are diverting attention from their > venality, that would be contrary to industry ethics to hide and > be hidden, by that I mean journalism and advertising, publicity > and campaign bribery, donations to computer education and > conferences, dark web sales to rogues and spies, plagiarism > and huffy indignation, sabotage and thievery, copyright and > DMCA takedowns, well, why preach in this smokey chapel to > the stogie-sucking porkies, don't they pay minimum taxes to > betray the privacy of ordinary taxpayers who pay the most. information security as a discipline or specialization should not exist. that systems, code, protocols, *, are built without "security" priorities, and without end-user privacy and availability paramount, is the dereliction of basic duty. we could try a different approach as complementary: security by self evident existence.[0] > FatSec Preacher bellows: Is there any industry more corrupt > than the fatuous security industry? > > FatSec Believers yell back: Nope, and newcomers are flocking in. > > And so, the sated toads toddle out to fancy chariots stashing > drunken investor bedmates, croaking, > > "And we bloated firms are getting much fatter on hackers. > and we pay them shady bitcoins them to boost the flab." "bloated [.. and] fatter [...] hackers [paid in] shady bitcoins [...] to boost the flab [and excesses]" - sounds exactly like DEF CON 21 point in fact! :P P.S. i have discovered a chain of black ops infowar payments to JYA as proxy pressure against corporate players not sufficiently cow towing to powers as deemed fit. the list of disclosures on cryptome.org a persistent store of targeted retaliation as paid for by covert coin wallets https://blockchain.info/address/1P11b3Xkgagzex3fYusVcJ3ZTVsNwwnrBZ 0.0666 BTC from 1JM2M2n246Ug3niz4X1YxTsivM8JxuXahJ, 1NEwWKEYtewMYmUzSc11CTUEUj4XSUhoGy 0.1 BTC from mix 13cgGBPRzdoBLWdkcjkBufeKJkS7t7EMmt,1JdHacTEKzKNu22thGkR3QoAqJEgixs9xD,1LxrugsC8hRWbAoNDU3QJAmUbwUGovnDB3,1NoJRdptNeQ7xB16p4kV1hXk1sKqfv1qs4,1LybLfgmtp2nC2toY8kR3vmSzBzQsxyreR,1ALfEcdd6Sdr77shtjAynia98orGrZEkN5,1BtFpAnqqaYBxy4CJG8NZkygz5YkQ8rnTa,16zeB2RLRV7BR1pjG4K1cNptDaUwTzDRm4,1CjAT7be3uhq5FXphJr1bZQ9TCe8hN18yr,1Bcsf8AWvhb8k3dsa52f9wEfdGq4JFC7cB,1LwwzPvcJC28JTitvAQ76PzukEZzTc4Hr2,155cq3FNNDyr3inrrKKFR2z2dEQHs1UARY,1HpJ54pzy36rredY6ArSzmK4HLADgN4yBi,1HAZzEeawHNyy9vtKrTz1iuVYiDAN8JXYw,1Nb8N1BMANUStTz3k2ajcjyW2g17FHCnXq,115WXPRm3o4gE3wnKWPQGC4i6f5XGM2sJY,1J6jEAUQtnCd4mJpuBkXRy4KH1rKuP42ze,12Tuo695poGwkzCpPnTctt2kVC6NkG3iyG,17WeGSpZBRuJ1FbU9CDj2dvZuf4nsFGasY,1HUsEBRFnMgi77KATEdtJhUhPp8D1K1dm2,1K2Try6bipWvin517XaP3eHTQkKD7vRdRA,16kx8bvc9bmSaLGraUbp5verErFz8EoWGw,147A9ysb1MKY75ECGj3XiiiDKpomJgzZs1,1KyXSwxFjdjCc4gRdTJu2kora3Li2suWdx,14xjUyxRkH1Fa55UGUXf3RzgjbpbVsGfPn 0.10101 from mix 1DktVLeDwuQNBR5GhCDyZGcS4hBVLdiV7Y,1HMXV3RbWvkqT348yci7AEF57GYRZrPEwf,1A5sHDrGtEvyMPC51pcCKN2VcCyj6PpKfA,18E6VwKbHTcns5tzB8VFTei8RDG4f12DsN,1BxRMpZmjrBcDKvccgLbAa8CYrmNZSzP8v,1MCTZnt9ZC8wmFtRcfxFzGikAqdsUu1NXi,1HehKV16aioxoDFmRypVFbHt7Nj4yE21K6,18yxEFyKWU7k4SN8H6SA7cxey3f6CrDJd3,1AFuP17AaGnn7EukjKYQoKf8qHqcut4jEA,19DNCpRYZLvmvBRHFH9CQoeArgaXXaXqP6,12TiNxaaF12nJR9pKyYZk4X7HCKuVCh1FM,1dXS2dwDsT29h7gvRnUyjHK2ViWArcDfH,1HYXCHgACh9cat2tHJsFAUHTYkqtU6SPj7,15XsYmWSb2tk2BbFsusyqodQTmWzdU1SBx,1NCCrGZTvECaxPVsJW8FG2k3ez1FJrHFcv,16qYQB4mKBvN5w7pB4NnPR7AXUMG4wLA7H,19XRN2CeiRK4xn2B5bcHBjWkXdjTHKXoNr,18XKyXcMfLcsPyspx1M5TLfzvv7QuoNi12,1ADJRNQkJg2fiYTWAuupBqrP1LXFLzeBy7,17c7qx7pektRmKp83XtZhc4yiRYGzzY8Cj,1E9uKJLW1D5iK9mHwDuasYCqUYhR2NfQ9x,13JfZ5Pm2UMKV6jRvFyjkSGsyGqio6mSZF,1KpjyYK4NNLGn1wMSUfpK4xY5emr72zJGX,1KS8XumTUcZE5oALLevpDMAQASfWX1gZJb,189QUKAQhTRkrrRGsKHBxTVbLGtSz7rXYH,1Ph79b99rHtkE1p5KV2LXGPaPdgunMR8Bq 0.1 from mix 1JJ5zWzRjr88BFKHPnvbWqxD5vtbWFbKja,1PBEb8KeBQpjPAyXwQAABu67cLufLEWFC4,1AsL2Y76BBZxHjQdpY5w3hdXSW5VeCLSPi,1KKHz4VWNu2xvK1VMHmUTrasuUkN1aUkZt,1KuWiFj4fdHSf8VwYP7P2aJosBsMM6UvZx,1AKqBPYULbJoVwv2bU3JJ9BNAaxmp4MQNQ,1AjkkN7Xd4mdzMYJDWK16h7WmgYVQkY9RE,1CDusW53zzxYjEXqjiDoECnHAJkmke46R8,18hCUt5TjKVepJsHBryupGfFtjte6bqsqV,1B7DhKYBUTThdsw4y9RqXY1yUokcFCj5xS,1VVRw4BJKxMF6yTrGCusfjo7NgFwGFiTH,12CN4CfHg31LkpdhiYpQZMmgaxWevmL7wC,12ufG6NpEM3p4SJgTGB1YMUuzTaVyfmkzn,15NhfgGSrgLCMQK4Q3skX39fZn9H1jJauh,19DZwxTUFtDgxZGZNNomSzUfdtuENaqZ3J,14syscfppLQ3NpCV16HudsABHW4U1J3pnb,1249NaoLoQ9jrqpUtb3FuMRmp8eT5ud5sy,1JdytQhBfvbMb2138SqwT8msuykYwu4jts,1CmTgm9tH7FuhYxNGGkWHkK8umWBxTqBaL,1BWjgmPpjSGaeWFPL3eXKTuYttYvGCYo3V,1NH9nTXUCNfA3LnzcjWkQLKnEK3FX33uB7,1DFTLTPgTtMwog6u5B6dW36T4HAmCEHrMn,1FRcgEgqGvcQPbjejD6rZtv6k4coKReAsm,198EdZ8oGTqHVPbDqofTBecXVXj6vsYXK5,13TvfH7y619ZvefN6yxWBcZUmHUy1qzjMs 0.037 from mix 1Kc4AnGmHV7xdhaQQ2ZKzhBMXs7Gomf3Qz,16m9DPFYbo1J5eA7H91CpkYjMaYp1sKikk,17GfsPQRDGisPMRrRnpbU4ggCQcnZHF6g6,1GzLDY8Aqmrztmo7xq9rB39vdgiEK9BqJa,1MgCmje65bNK8dz6m86q7aXYfaGHsgcZP4,1KDsuNyuf8BTmwBYnpU2e4uPTMALhd9qyW,1L4ZyeMzVURk5Rd8NVt5wGzu8gvsRfNqAG,19YYiw9AyScaSHjbuCKkrQBqTFjMjLTgq5,132AVbkhLNU8q2SdRDGFhiU7VPaBy44Ye3,18tBYvATWRScFrJvM37BHhuXZaUax9sSQF,14BG7tNJF5wig1kmYvXbMc8hv7Y4GbcLbj,1C3CrbTdGMpvEsQXgv6Tgh5GayHX3juXQY,1F5FTo5gH2LRo8K6U1So2YBEk2ntNVUNVx,1CRPiBLFQ4V34FYCjiXp6zaikaRMPGengX 0.5 from mix 1CUoQDQYAs5UWNDShNmEtNLjyu7Y8deARn,1MnqNm4CYutNHKJigdmSjunz97Sjn6FX2b,13Ry5c1AW2zjhn1LShxMLXJczJ19nJrzAk,1AYM2pRwPizB2nBpoAMtFyTCiuLpSPDQ59,1J1QzUTRFeHVnspu4jAoTu6uNZEtXeJ63R,15Gu8bzHwfxDmrV7ekLcSWSXEmnevc3Xn7,188UqaPhyBABnG84ExTTXT5yFP8MyaRw9E,1Dvz5Vu8KaNAzkAdZYQ3aGshyJCkpjzYkh,15ArsPoDjg8oVq3Xy96XVzsmWjTn2sw7cC,12rSkqqMbYLjL7QbNgebUV7kvRVt9ZhMUh,1LjcFihEKJUgukfTEWFVXrR1F1GkZSd2pE,1ZKnacQ9wDBv8ZnGNUEXwAjmYfB9C9B7Y,18r7MjFUm7y6PnAVZXvrDHVnjZKm8vquMa,144A1Ts8vZss7UWjFLEzYAqSTLkDrKNXYW,1NcP1yykNmHfK2g92ip5A3RZ2tBL1sa7Bf,1Bq8ShAQKWXDrizzxm8eW2Dx9zurEJ95ow,13EVhFRTqfGt15SW3tKctcjSwDhaJLpUKL,1QEVtaARbR6bNyNp9k4Pr7JFXxu4qPGXRB,1BdYGHH63ZaSadxpimjkkcGRhgUNyMMkFJ,1CE9Dyu2U3LDtr4TDxHefkTyJ1NEZNCj9w,1CvVBijvvqcUthtT7Hyz8sS7i2i1fGTifa,14u8192rmtKUkUMhnuA2JJd6D7PWpPzKA2,1J2jALZgVT2dkDkYXLTj1KPUqLqazn6x74,18EwPGr5t3h6L42cABsxEfcHH6YnvSxjy8,1KKqKmarNh91MpUn9MSY8X95aJZV4ccLNo,1JdtbAXoaHuSziR57CPgSAWAo5PSFX7m4n,1Gt3ZaUdEXDF5dUF6SeQo3vLwYdjm1g5WJ 0.01 from mix 18JbLc8Es5kDs24VAf2AZVR7xBXp4buVGS,1HRFQK738JJqbsLzkH6uyUDJ57s5UxCUah,1A4mxg4badrDcRists59b84AbqZPCp9oCo,14zPR4ZGh5CEBqWyxyxoPXJT5HT6MZyGSa,13WczJWtZWApthb9WMmhbDrHpvHhJEWEon,1NWPnwwuTAuRCiYaVVx1xQiSEf1mkkP3tQ 0.01 from mix 1AqJCqF15hByG3LFnNakHrj9HFxwCoty3c,19HdnvQnUbRNNaM9Mj1TrTxSanzuW2KLJK,1KT9boFiiNrXnfEXmjGzfGwZF2HKiLjJGQ,1PsfErV7SemNPnkBnRAwfS7shuc8GCjgJy,17L1o33aj4ajfwWCgCbNPmqU4jbiZGWWH6,1P8MREjTTeG913xpfkfw4NcQ7qMJoP8CiT,1Foj7F7oYK2w8LtAmCHBQPCjJsjDMgLUny,1JcXSwP47kft3PSjCdpkxKer8UiFDL1XMU,1KYqxCQ7VfxGFd33SSNot5NYaC6Uer2m1S when did you begin accepting payments to keep cryptome.org plaintext without HTTPS support john??? *grin* best regards, 0. "security by self evident existence" """ Red-Team Networks Everywhere!!! This effort attempts to remedy the pervasive and comprehensive vulnerability of consumer, industry, and government hardware and software systems. In order to achieve best effective posture with maximum haste apply four principles globally: 1) Blanket Legal Invulnerability Remove all criminal and civil liability for "hacking", computer trespass, and all related activities performed over data networks; establish proactive "shield" legislation to protect and encourage unrestricted security research of any subject on any network. extend to international agreements for blanket protection in all jurisdictions. 2) Educational Support Everywhere Establish lock picking, computing, and hacking curriculum in pre school through grade school with subsidized access to technical resources including mobile, tablet, laptop test equipment, grid/cloud computing on-demand, software defined radios with full receive/transmit, and gigabit internet service or faster. 3) Collaborative Competitions Organize a program of blue and red teaming challenges for educational and public participation at the district, regional, and national level cultivating expertise and rewarding it with hacking toys, access, and monies. 4) Privileged Positioning Direct and unrestricted backbone access to various individuals or groups who demonstrate competence in either the educational or competitive realms, in order for them to mount additional attack strategies against any reach-able target. this access must consist of both passive taps of backbone traffic as well as injection taps for raw packet transmission at core rates. this should be available on the Internet backbone at internet exchanges, private fiber through public right of way, and core networks of operators of licensed wireless spectrum. end result / strong attractor: Open software and hardware widely in use in post-privacy-protection-purge future will invert power structure to defender with near unassailable advantage in "cyber domain". Any attacker required to compete against the global, collaborative, massive, iterative-crowd-hardened systems publicly in use. as of jan 2014 https://peertech.org/rednet From coderman at gmail.com Wed Jan 15 16:20:01 2014 From: coderman at gmail.com (coderman) Date: Wed, 15 Jan 2014 16:20:01 -0800 Subject: A90-217 the beginnings of the NSA-TAO in 1990s In-Reply-To: References: <03c9a93618410d8db1cdd5ac573511ff@remailer.privacy.at> Message-ID: On Wed, Jan 15, 2014 at 1:36 PM, Anonymous Remailer (austria) wrote: > > tracking down the bastards > ... On Wed, Jan 15, 2014 at 1:54 PM, J.A. Terranson wrote: >... > Afraid this was a late follow-on to the 1987 program out of Ft. Monmouth > (via Battelle/DARPA at USAF request). The RFP outlined above is nearly a > word for word copy of the one I saw in 1987 (right around the time of the > Morris Worm). The company I worked for at the time actually bid on it... it would be very interesting to combine the black budget disclosures (as limited as they are) with the open data dumps for other contracting, with the corporate financial reporting from the various incorporated institutions implicated. obviously privately held interests will be harder to crack,... this would provide a very interesting source of information for further discovery along the timeline for which budget details are visible. given the RSA payout (as meager as it was, just for a little code change ;) financial signals traced to these budgets could help quantify the degree of complicity and duplicitous venality of various technology vendors. some affected are certainly more victims than co-conspirators. best regards, From yumkam at gmail.com Wed Jan 15 04:29:44 2014 From: yumkam at gmail.com (Yuriy Kaminskiy) Date: Wed, 15 Jan 2014 16:29:44 +0400 Subject: consistent pcp/pbp formats (was: Curve p25519 Replacements for GnuPG?(x2 now) ..) In-Reply-To: <20140115093443.GE3900@r4> References: <20140114111653.GD3900@r4> <20140115093443.GE3900@r4> Message-ID: Thomas von Dein wrote: > On Wed, Jan 15, 2014 at 02:46:08AM +0400, Yuriy Kaminskiy wrote: >>> When the user generates a new key, the ed25519 secret key will be >>> generated first. The curve25519 secret will be derived from that, since >> In general, reusing keys for different purposes (signing and encryption) >> considered bad idea, even through it is possible (RSA signing and RSA >> encryption, DSA signing and ElGamal/DH encryption [fwiw, this one considered >> *very* bad idea]). > > Well, the libsodium developers not only told me how to do it, it was > their idea. However, it's of course very simple to generate them > separate. It is *possible* to use same RSA keypair for encryption and signing (and earlier pgp versions used to that). Does not mean it is *good idea* (and newer openpgp/gnupg switched to use separate keys for signing/encryption/certificate signing purposes, by subkeys mechanism). (For DH/DSA it is even worse, you *can* reuse same keypair, but this leads to leak of secret key material. I'm not sure if same leak scenario apply to ECDH[curve25519]/EdDSA[ed25519], but better safe than sorry. And keypair reuse is bad from operational security pov anyway). >> 1) Recipient needs to know sender public key. Bad. [clarification: sender *long-term* public key; of course, receiver needs to know public key that was used for message encryption; but this key need not be same with sender *long-term* key] > That's the way curve25519 works. It would be possible to use one time > keys but for this there has to be some kind of key exchange process > before. But since pcp runs in offline mode, I'm not sure how to do this > in a user friendly way. I explained: include (single-use) public key in message, in place of "hash of sender key id"). >> 2) Message remains decipherable by sender. Very bad. > > No, it doesn't. In order to decrypt a message one needs the recipient > secret key and the sender public key. Yes, it does. With your protocol, message can be alternatively deciphered with crypto_open_box(c, n, sender_public_key, receiver_secret_key); (by receiver, good) or, alternatively, with crypto_open_box(c, n, receiver_public_key, sender_secret_key); (by sender, *BAD*). With openpgp (and with my suggested change), sender does not retain secret key used for message encryption, and thus cannot decipher his own message. >> 3) Sender public key/identity leaks with each message. Very bad. > > Because? > > While I don't know how stef does it in pbp, I only add the key id to the > cipher so that the recipient knows which key has to be used to decrypt. > I'm not sure how it is bad to publish a key id. That's daily business > with pgp as well. Incorrect. This is NOT daily business with pgp. Openpgp does not use long-term sender keypair when it encrypt message (otherwise, how could you encrypt message without using passphrase?) and does not leak sender keyid (/by default/ gnupg leaks /recipient/ keyid, but it can be disabled with --hidden-recipient). >> 4) Sender needs access to her secret key. Bad. > > Again, this is how curve25519 is designed. This has NOTHING to do with either curve25519 (or nacl) design. It is only how *YOU* are using it. >> Just generate single-use keypair, send public part with message, throw away >> secret part right after encryption. > > The sender needs a public key from the recipient anyways. And to be able > to decrypt the message, the recipient has to retain her secret key. I said nothing about *recipient* secret key. Recipient, of course, need to access to her secret key to decipher message. And sender, of course, needs to know recipient long-term public key. >> Oh, well, NIH-NIH-NIH, let's invent our own square-wheel bycicle. > > Funny, but neither I nor stef invented anything. DJB did. DJB has nothing to do with your self-invented protocol. DJB invented bending tool. *You* decided to use it to make square wheels. P.S. there were thing that openpgp did horrible wrong: keyids (they are harmful and useless crap). Funnily, you repeated their misdesign. From coderman at gmail.com Wed Jan 15 16:41:45 2014 From: coderman at gmail.com (coderman) Date: Wed, 15 Jan 2014 16:41:45 -0800 Subject: Fwd: CRYPTO-GRAM, January 15, 2014 In-Reply-To: <52D63E56.20203@schneier.com> References: <52D63E56.20203@schneier.com> Message-ID: ---------- Forwarded message ---------- From: Bruce Schneier Date: Tue, Jan 14, 2014 at 11:52 PM Subject: CRYPTO-GRAM, January 15, 2014 CRYPTO-GRAM January 15, 2014 by Bruce Schneier CTO, Co3 Systems, Inc. schneier at schneier.com http://www.schneier.com A free monthly newsletter providing summaries, analyses, insights, and commentaries on security: computer and otherwise. For back issues, or to subscribe, visit . You can read this issue on the web at . These same essays and news items appear in the "Schneier on Security" blog at , along with a lively and intelligent comment section. An RSS feed is available. ** *** ***** ******* *********** ************* In this issue: How the NSA Threatens National Security NSA Exploit of the Day Tor User Identified by FBI News Security Risks of Embedded Systems Schneier News Schneier News: I've Joined Co3 Systems Twitter Users: Please Make Sure You're Following the Right Feed ** *** ***** ******* *********** ************* How the NSA Threatens National Security Secret NSA eavesdropping is still in the news. Details about once secret programs continue to leak. The Director of National Intelligence has recently declassified additional information, and the President's Review Group has just released its report and recommendations. With all this going on, it's easy to become inured to the breadth and depth of the NSA's activities. But through the disclosures, we've learned an enormous amount about the agency's capabilities, how it is failing to protect us, and what we need to do to regain security in the Information Age. First and foremost, the surveillance state is robust. It is robust politically, legally, and technically. I can name three different NSA programs to collect Gmail user data. These programs are based on three different technical eavesdropping capabilities. They rely on three different legal authorities. They involve collaborations with three different companies. And this is just Gmail. The same is true for cell phone call records, Internet chats, cell-phone location data. Second, the NSA continues to lie about its capabilities. It hides behind tortured interpretations of words like "collect," "incidentally," "target," and "directed." It cloaks programs in multiple code names to obscure their full extent and capabilities. Officials testify that a particular surveillance activity is not done under one particular program or authority, conveniently omitting that it is done under some other program or authority. Third, US government surveillance is not just about the NSA. The Snowden documents have given us extraordinary details about the NSA's activities, but we now know that the CIA, NRO, FBI, DEA, and local police all engage in ubiquitous surveillance using the same sorts of eavesdropping tools, and that they regularly share information with each other. The NSA's collect-everything mentality is largely a hold-over from the Cold War, when a voyeuristic interest in the Soviet Union was the norm. Still, it is unclear how effective targeted surveillance against "enemy" countries really is. Even when we learn actual secrets, as we did regarding Syria's use of chemical weapons earlier this year, we often can't do anything with the information. Ubiquitous surveillance should have died with the fall of Communism, but it got a new -- and even more dangerous -- life with the intelligence community's post-9/11 "never again" terrorism mission. This quixotic goal of preventing something from happening forces us to try to know everything that does happen. This pushes the NSA to eavesdrop on online gaming worlds and on every cell phone in the world. But it's a fool's errand; there are simply too many ways to communicate. We have no evidence that any of this surveillance makes us safer. NSA Director General Keith Alexander responded to these stories in June by claiming that he disrupted 54 terrorist plots. In October, he revised that number downward to 13, and then to "one or two." At this point, the only "plot" prevented was that of a San Diego man sending $8,500 to support a Somali militant group. We have been repeatedly told that these surveillance programs would have been able to stop 9/11, yet the NSA didn't detect the Boston bombings -- even though one of the two terrorists was on the watch list and the other had a sloppy social media trail. Bulk collection of data and metadata is an ineffective counterterrorism tool. Not only is ubiquitous surveillance ineffective, it is extraordinarily costly. I don't mean just the budgets, which will continue to skyrocket. Or the diplomatic costs, as country after country learns of our surveillance programs against their citizens. I'm also talking about the cost to our society. It breaks so much of what our society has built. It breaks our political systems, as Congress is unable to provide any meaningful oversight and citizens are kept in the dark about what government does. It breaks our legal systems, as laws are ignored or reinterpreted, and people are unable to challenge government actions in court. It breaks our commercial systems, as US computer products and services are no longer trusted worldwide. It breaks our technical systems, as the very protocols of the Internet become untrusted. And it breaks our social systems; the loss of privacy, freedom, and liberty is much more damaging to our society than the occasional act of random violence. And finally, these systems are susceptible to abuse. This is not just a hypothetical problem. Recent history illustrates many episodes where this information was, or would have been, abused: Hoover and his FBI spying, McCarthy, Martin Luther King Jr. and the civil rights movement, anti-war Vietnam protesters, and -- more recently -- the Occupy movement. Outside the US, there are even more extreme examples. Building the surveillance state makes it too easy for people and organizations to slip over the line into abuse. It's not just domestic abuse we have to worry about; it's the rest of the world, too. The more we choose to eavesdrop on the Internet and other communications technologies, the less we are secure from eavesdropping by others. Our choice isn't between a digital world where the NSA can eavesdrop and one where the NSA is prevented from eavesdropping; it's between a digital world that is vulnerable to all attackers, and one that is secure for all users. Fixing this problem is going to be hard. We are long past the point where simple legal interventions can help. The bill in Congress to limit NSA surveillance won't actually do much to limit NSA surveillance. Maybe the NSA will figure out an interpretation of the law that will allow it to do what it wants anyway. Maybe it'll do it another way, using another justification. Maybe the FBI will do it and give it a copy. And when asked, it'll lie about it. NSA-level surveillance is like the Maginot Line was in the years before World War II: ineffective and wasteful. We need to openly disclose what surveillance we have been doing, and the known insecurities that make it possible. We need to work toward security, even if other countries like China continue to use the Internet as a giant surveillance platform. We need to build a coalition of free-world nations dedicated to a secure global Internet, and we need to continually push back against bad actors -- both state and non-state -- that work against that goal. Securing the Internet requires both laws and technology. It requires Internet technology that secures data wherever it is and however it travels. It requires broad laws that put security ahead of both domestic and international surveillance. It requires additional technology to enforce those laws, and a worldwide enforcement regime to deal with bad actors. It's not easy, and has all the problems that other international issues have: nuclear, chemical, and biological weapon non-proliferation; small arms trafficking; human trafficking; money laundering; intellectual property. Global information security and anti-surveillance needs to join those difficult global problems, so we can start making progress. The President's Review Group recommendations are largely positive, but they don't go nearly far enough. We need to recognize that security is more important than surveillance, and work towards that goal. This essay previously appeared on TheAtlantic.com. http://www.theatlantic.com/technology/archive/2014/01/how-the-nsa-threatens-national-security/282822/ or http://tinyurl.com/ok4vydn Newish Snowden revelations: http://www.nytimes.com/2013/12/21/world/nsa-dragnet-included-allies-aid-groups-and-business-elite.html or http://tinyurl.com/or8lz4e http://www.theguardian.com/uk-news/2013/dec/20/gchq-targeted-aid-agencies-german-government-eu-commissioner or http://tinyurl.com/pcmqpgm http://www.spiegel.de/international/world/snowden-documents-show-gchq-targeted-european-and-german-politicians-a-940135.html or http://tinyurl.com/oxcv5ko Recent DNI declassifications: http://www.theguardian.com/world/2013/dec/21/national-intelligence-bush-era-nsa-documents or http://tinyurl.com/lxufd23 http://icontherecord.tumblr.com/post/70683717031/dni-announces-the-declassification-of-the or http://tinyurl.com/mqqu9jg President's Review Group report: http://www.whitehouse.gov/sites/default/files/docs/2013-12-12_rg_final_report.pdf or http://tinyurl.com/lj4azsg http://www.nytimes.com/2013/12/20/opinion/protecting-citizens-and-their-privacy.html or http://tinyurl.com/nfjnrub The three different GMail collection programs: http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html or http://tinyurl.com/mm3ttqt http://www.washingtonpost.com/world/national-security/nsa-collects-millions-of-e-mail-address-books-globally/2013/10/14/8e58b5be-34f9-11e3-80c6-7e6dd8d22d8f_story.html or http://tinyurl.com/kn8ld96 http://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html or http://tinyurl.com/jwzxh77 Cell-phone location data collection: http://www.washingtonpost.com/world/national-security/nsa-tracking-cellphone-locations-worldwide-snowden-documents-show/2013/12/04/5492873a-5cf2-11e3-bc56-c6ca94801fac_story.html or http://tinyurl.com/nu4h5s9 http://www.washingtonpost.com/blogs/the-switch/wp/2013/12/10/new-documents-show-how-the-nsa-infers-relationships-based-on-mobile-location-data/ or http://tinyurl.com/opjhjko NSA lying: http://www.theatlantic.com/politics/archive/2013/12/new-evidence-that-the-head-of-the-nsa-misled-us/282365/ or http://tinyurl.com/kjyd43o NSA redefining words: https://www.eff.org/deeplinks/2013/06/director-national-intelligences-word-games-explained-how-government-deceived or http://tinyurl.com/ma7dk5j http://www.newyorker.com/online/blogs/closeread/2013/12/how-to-tell-when-the-nsa-is-lying.html or http://tinyurl.com/ly4eewu NSA hiding behind particular programs: http://www.theatlantic.com/politics/archive/2013/12/how-americans-were-deceived-about-cell-phone-location-data/282239/ or http://tinyurl.com/q5mt8j7 All the Snowden documents released so far: https://www.eff.org/nsa-spying/nsadocs https://www.aclu.org/nsa-documents-released-public-june-2013 http://cryptome.org/2013/11/snowden-tally.htm http://www.mindmeister.com/326632176/nsa-css http://www.tedgioia.com/nsa_facts.html Other law-enforcement organizations that engage in national surveillance: http://online.wsj.com/news/article_email/SB10001424052702303559504579198370113163530-lMyQjAxMTAzMDEwNDExNDQyWj or http://tinyurl.com/q434yn7 http://arstechnica.com/tech-policy/2013/12/new-us-spy-satellite-features-world-devouring-octopus/ or http://tinyurl.com/no7yzbx http://www.foreignpolicy.com/articles/2013/11/21/the_obscure_fbi_team_that_does_the_nsa_dirty_work or http://tinyurl.com/mozzoyp http://www.nytimes.com/2013/09/02/us/drug-agents-use-vast-phone-trove-eclipsing-nsas.html or http://tinyurl.com/k2qd45z http://www.usatoday.com/story/news/nation/2013/12/08/cellphone-data-spying-nsa-police/3902809/ or http://tinyurl.com/mxdftt8 Sharing of intelligence information between organizations: http://www.reuters.com/article/2013/08/05/us-dea-sod-idUSBRE97409R20130805 or http://tinyurl.com/kbsc4k9 http://www.reuters.com/article/2013/08/07/us-dea-irs-idUSBRE9761AZ20130807 or http://tinyurl.com/modr5rz The limitations of intelligence: https://www.schneier.com/blog/archives/2013/09/the_limitations.html The NSA's Quixotic goal: https://www.schneier.com/blog/archives/2013/11/dan_geer_explai.html NSA spying on online gaming worlds: http://www.nytimes.com/2013/12/10/world/spies-dragnet-reaches-a-playing-field-of-elves-and-trolls.html or http://tinyurl.com/mee2ubn No evidence that NSA bulk surveillance makes us safer: http://www.theguardian.com/commentisfree/2013/oct/08/nsa-bulk-metadata-surveillance-intelligence or http://tinyurl.com/pt7v3eb Alexander's 54 terrorist plots: http://usnews.nbcnews.com/_news/2013/06/27/19175466-nsa-chief-says-surveillance-programs-helped-foil-54-plots or http://tinyurl.com/m2tldhc Alexander's 13 terrorist plots: http://www.salon.com/2013/10/02/nsa_director_admits_to_misleading_public_on_terror_plots/ or http://tinyurl.com/m459sa6 Alexander's one remaining plot: http://www.huffingtonpost.com/2013/10/23/nsa-attacks-thwarted_n_4148811.html or http://tinyurl.com/mc3ccda Arguments that NSA surveillance could have stopped 9/11: http://www.washingtonpost.com/blogs/the-switch/wp/2013/10/30/heres-why-nsa-officials-never-seem-to-stop-talking-about-911/ or http://tinyurl.com/myk6s9u Boston bombers: http://www.reuters.com/article/2013/04/24/us-usa-explosions-boston-suspect-idUSBRE93N06720130424 or http://tinyurl.com/kk7vrwb http://storify.com/MacleansMag/the-social-media-trail-of-tsarnaev-brothers or http://tinyurl.com/klvz899 NSA surveillance is ineffective: http://www.cnn.com/2013/12/30/opinion/bergen-nsa-surveillance-september-11/index.html or http://tinyurl.com/kjvk3sr U.S. intelligence budgets: http://articles.washingtonpost.com/2013-08-29/world/41709796_1_intelligence-community-intelligence-spending-national-intelligence-program or http://tinyurl.com/ov35q5q Lack of Congressional oversight: https://www.youtube.com/watch?v=JPnfgUkcvOk http://www.theguardian.com/commentisfree/2013/oct/25/nsa-no-congress-oversight or http://tinyurl.com/p8ctswu NSA's lawbreaking: https://www.aclu.org/national-security/nsa-collating-data-americans-facebook-gps-tax-other-records or http://tinyurl.com/mqs3mwf http://www.theguardian.com/commentisfree/2013/oct/16/nsa-fbi-endrun-weak-oversight or http://tinyurl.com/kp3t92s http://www.nationalreview.com/corner/356159/sensenbrenner-nsa-surveillance-abuse-patriot-act-john-fund or http://tinyurl.com/l5deldt http://www.theatlantic.com/politics/archive/2013/07/mission-creep-when-everything-is-terrorism/277844/ or http://tinyurl.com/l2ddac9 Current Congressional bills: https://www.aclu.org/blog/national-security/usa-freedom-act-real-spying-reform or http://tinyurl.com/mzjlyns https://www.eff.org/deeplinks/2013/11/floor-not-ceiling-supporting-usa-freedom-act-step-towards-less-surveillance or http://tinyurl.com/mvqew8f Transparency and oversight: https://www.schneier.com/essay-447.html https://www.schneier.com/essay-435.html Security is more important than surveillance: http://www.schneier.com/essay-452.html ** *** ***** ******* *********** ************* NSA Exploit of the Day One of the top secret NSA documents published by Der Spiegel is a 50-page catalog of "implants" from the NSA's Tailored Access Group. Because the individual implants are so varied and we saw so many at once, most of them were never discussed in the security community. (Also, the pages were images, which makes them harder to index and search.) To rectify this, I am publishing an exploit a day on my blog. In the blog comments, feel free to discuss how the exploit works, how we might detect it, how it has probably been improved since the catalog entry in 2008, and so on. "DEITYBOUNCE provides software application persistence on Dell PowerEdge servers by exploiting the motherboard BIOS and utilizing System Management Mode (SMM) to gain periodic execution while the Operating System loads." https://www.schneier.com/blog/archives/2014/01/nsa_exploit_of.html "IRONCHEF provides access persistence to target systems by exploiting the motherboard BIOS and utilizing System Management Mode (SMM) to communicate with a hardware implany that provides two-way RF communication." It works on the HP Proliant 380DL G5 server. https://www.schneier.com/blog/archives/2014/01/nsa_exploit_of_1.html "FEEDTROUGH is a persistence technique for two software implants, DNT's BANANAGLEE and CES's ZESTYLEAK used against Juniper Netscreen firewalls." https://www.schneier.com/blog/archives/2014/01/feedtrough_nsa.html "GOURMETTROUGH is a user configurable implant for certain Juniper firewalls. It persists DNT's BANANAGLEE implant across reboots and OS upgrades. For some platforms, it supports a minimal implant with beaconing for OS's unsupported by BANANAGLEE." https://www.schneier.com/blog/archives/2014/01/gourmettrough_n.html "The HALLUXWATER Persistence Back Door implant is installed on a target Huawei Eudemon firewall as a boot ROM upgrade. When the target reboots, the PBD installer software will find the needed patch points and install the back door in the inbound packet processing routine." https://www.schneier.com/blog/archives/2014/01/halluxwater_nsa.html "JETPLOW is a firmware persistence implant for Cisco PIX Series and ASA (Adaptive Security Appliance) firewalls. It persists DNT's BANANAGLEE software implant. JETPLOW also has a persistent back-door capability." https://www.schneier.com/blog/archives/2014/01/jetplow_nsa_exp.html "SOUFFLETROUGH is a BIOS persistence implant for Juniper SSG 500 and SSG 300 firewalls. It persists DNT's BANANAGLEE software implant. SOUFFLETROUGH also has an advanced persistent back-door capability." https://www.schneier.com/blog/archives/2014/01/souffletrough_n.html "HEADWATER is a Persistent Backdoor (PDB) software implant for selected Huawei routers. The implant will enable covert functions to be remotely executed within the router via an Internet connection." https://www.schneier.com/blog/archives/2014/01/headwater_nsa_e.html "SCHOOLMONTANA provides persistence for DNT implants. The DNT implant will survive an upgrade or replacement of the operating system -- including physically replacing the router's compact flash card." https://www.schneier.com/blog/archives/2014/01/schoolmontana_n.html A U.S. government employee e-mailed me, asking me not to post these on my blog. The government has a weird policy that exposed secrets are still secret, and government employees without clearances are prohibited from reading the classified paragraphs. I've heard this before. Basically, before exposure only people with a TOP SECRET clearance could read these paragraphs. After exposure, only people without any clearance at all can read these paragraphs. No, it doesn't make any sense. ** *** ***** ******* *********** ************* Tor User Identified by FBI Eldo Kim sent an e-mail bomb threat to Harvard so he could skip a final exam. (It's just a coincidence that I was on the Harvard campus that day.) Even though he used an anonymous account and Tor, the FBI identified him. Reading the criminal complaint, it seems that the FBI got itself a list of Harvard users that accessed the Tor network, and went through them one by one to find the one who sent the threat. This is one of the problems of using a rare security tool. The very thing that gives you plausible deniability also makes you the most likely suspect. The FBI didn't have to break Tor; they just used conventional police mechanisms to get Kim to confess. Tor didn't break; Kim did. http://usnews.nbcnews.com/_news/2013/12/17/21943608-harvard-student-tried-to-dodge-exam-with-bomb-hoax-fbi-says or http://tinyurl.com/oud3x95 http://www.thecrimson.com/article/2013/12/17/eldo-threats-experts-sentencing/ or http://tinyurl.com/lvok7nm http://www.wbur.org/2013/12/18/pdf-criminal-complaint-harvard-bomb-threat or http://tinyurl.com/oe8mrsp ** *** ***** ******* *********** ************* News This story is about how at least two professional online poker players had their hotel rooms broken into and their computers infected with malware. I agree with the conclusion: "So, what's the moral of the story? If you have a laptop that is used to move large amounts of money, take good care of it. Lock the keyboard when you step away. Put it in a safe when you're not around it, and encrypt the disk to prevent off-line access. Don't surf the web with it (use another laptop/device for that, they're relatively cheap). This advice is true whether you're a poker pro using a laptop for gaming or a business controller in a large company using the computer for wiring a large amount of funds." Cheap laptops are very cheap, especially if you buy old models off the remainder tables at big box stores. There's no reason not to have special purpose machines. http://www.f-secure.com/weblog/archives/00002647.html An interesting research paper documents a "honeymoon effect" when it comes to software and vulnerabilities: attackers are more likely to find vulnerabilities in older and more familiar code. It's a few years old, but I haven't seen it before now. The paper is by Sandy Clark, Stefan Frei, Matt Blaze, and Jonathan Smith: "Familiarity Breeds Contempt: The Honeymoon Effect and the Role of Legacy Code in Zero-Day Vulnerabilities," Annual Computer Security Applications Conference 2010. http://www.acsac.org/2010/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=69&type=2 or http://tinyurl.com/kkypwxz Acoustic cryptanalysis "can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts." http://www.cs.tau.ac.il/~tromer/acoustic/ Two long blog posts on the NSA. The first is about RSA entering into a secret agreement with the NSA to make the backdoored DUAL_EC_PRNG the default random number generator in their BSAFE toolkit. The real story here is how the NSA has corroded the trust on the Internet. https://www.schneier.com/blog/archives/2013/12/nsa_spying_who.html The second is about the NSA Tailored Access Operations (TAO) group and their capabilities, based on new NSA top secret documents released by Der Spiegel. Jacob Appelbaum did a great job reporting on this stuff. https://www.schneier.com/blog/archives/2013/12/more_about_the.html If you read nothing else from this issue of Crypto-Gram, read those two links. Here is the list of NSA documents from the Der Spiegel article: https://www.schneier.com/blog/archives/2014/01/nsa_documents_f.html Fascinating report from Citizen Lab on the use of malware in the current Syrian conflict. https://www.eff.org/document/quantum-surveillance-familiar-actors-and-possible-false-flags-syrian-malware-campaigns or http://tinyurl.com/nx3vtwu https://www.eff.org/deeplinks/2013/12/social-engineering-and-malware-syria-eff-and-citizen-labs-latest-report-digital or http://tinyurl.com/my7dd9j http://www.wired.com/threatlevel/2013/12/syria-report/ Amusing Christmas comic. http://www.onthefastrack.com/?webcomic1=december-22-2013 "Talking to Vula" is the story of a 1980s secret communications channel between black South African leaders and others living in exile in the UK. The system used encrypted text encoded into DTMF "touch tones" and transmitted from pay phones. http://www.anc.org.za/show.php?id=4693 Joseph Stiglitz has an excellent essay on the value of trust, and the lack of it in today's society. http://opinionator.blogs.nytimes.com/2013/12/21/in-no-one-we-trust/ It has amazed me that the NSA doesn't seem to do any cost/benefit analyses on any of its surveillance programs. This seems particularly important for bulk surveillance programs, as they have significant costs aside from the obvious monetary costs. In this paper, John Mueller and Mark G. Stewart have done the analysis on one of these programs. Worth reading. http://politicalscience.osu.edu/faculty/jmueller/NSAshane3.pdf Matt Blaze on TAO's methods, pointing out that targeted surveillance is better than bulk surveillance. http://www.theguardian.com/commentisfree/2014/jan/06/nsa-tailored-access-operations-privacy or http://tinyurl.com/m8s74no This is important. As scarily impressive as TAO's implant catalog is, it's targeted. We can argue about how it should be targeted -- who counts as a "bad guy" and who doesn't -- but it's much better than the NSA's collecting cell phone location data on everyone on the planet. The more we can deny the NSA the ability to do broad wholesale surveillance on everyone, and force them to do targeted surveillance in individuals and organizations, the safer we all are. The failure of privacy notices and consumer choice. http://firstmonday.org/ojs/index.php/fm/article/view/4838/3802 Interesting story of a 1971 burglary of an FBI office. http://www.nytimes.com/2014/01/07/us/burglars-who-took-on-fbi-abandon-shadows.html or http://tinyurl.com/n62lf4d http://www.nytimes.com/video/us/100000002635482/stealing-j-edgar-hoovers-secrets.html or http://tinyurl.com/kqwjuvm It's also a book: http://www.amazon.com/The-Burglary-Discovery-Hoovers-Secret/dp/0307962954/ or http://tinyurl.com/mjlt3xm ** *** ***** ******* *********** ************* Security Risks of Embedded Systems We're at a crisis point now with regard to the security of embedded systems, where computing is embedded into the hardware itself -- as with the Internet of Things. These embedded computers are riddled with vulnerabilities, and there's no good way to patch them. It's not unlike what happened in the mid-1990s, when the insecurity of personal computers was reaching crisis levels. Software and operating systems were riddled with security vulnerabilities, and there was no good way to patch them. Companies were trying to keep vulnerabilities secret, and not releasing security updates quickly. And when updates were released, it was hard -- if not impossible -- to get users to install them. This has changed over the past twenty years, due to a combination of full disclosure -- publishing vulnerabilities to force companies to issue patches quicker -- and automatic updates: automating the process of installing updates on users' computers. The results aren't perfect, but they're much better than ever before. But this time the problem is much worse, because the world is different: All of these devices are connected to the Internet. The computers in our routers and modems are much more powerful than the PCs of the mid-1990s, and the Internet of Things will put computers into all sorts of consumer devices. The industries producing these devices are even less capable of fixing the problem than the PC and software industries were. If we don't solve this soon, we're in for a security disaster as hackers figure out that it's easier to hack routers than computers. At a recent Def Con, a researcher looked at thirty home routers and broke into half of them -- including some of the most popular and common brands. To understand the problem, you need to understand the embedded systems market. Typically, these systems are powered by specialized computer chips made by companies such as Broadcom, Qualcomm, and Marvell. These chips are cheap, and the profit margins slim. Aside from price, the way the manufacturers differentiate themselves from each other is by features and bandwidth. They typically put a version of the Linux operating system onto the chips, as well as a bunch of other open-source and proprietary components and drivers. They do as little engineering as possible before shipping, and there's little incentive to update their "board support package" until absolutely necessary. The system manufacturers -- usually original device manufacturers (ODMs) who often don't get their brand name on the finished product -- choose a chip based on price and features, and then build a router, server, or whatever. They don't do a lot of engineering, either. The brand-name company on the box may add a user interface and maybe some new features, make sure everything works, and they're done, too. The problem with this process is that no one entity has any incentive, expertise, or even ability to patch the software once it's shipped. The chip manufacturer is busy shipping the next version of the chip, and the ODM is busy upgrading its product to work with this next chip. Maintaining the older chips and products just isn't a priority. And the software is old, even when the device is new. For example, one survey of common home routers found that the software components were four to five years older than the device. The minimum age of the Linux operating system was four years. The minimum age of the Samba file system software: six years. They may have had all the security patches applied, but most likely not. No one has that job. Some of the components are so old that they're no longer being patched. This patching is especially important because security vulnerabilities are found "more easily" as systems age. To make matters worse, it's often impossible to patch the software or upgrade the components to the latest version. Often, the complete source code isn't available. Yes, they'll have the source code to Linux and any other open-source components. But many of the device drivers and other components are just "binary blobs" -- no source code at all. That's the most pernicious part of the problem: No one can possibly patch code that's just binary. Even when a patch is possible, it's rarely applied. Users usually have to manually download and install relevant patches. But since users never get alerted about security updates, and don't have the expertise to manually administer these devices, it doesn't happen. Sometimes the ISPs have the ability to remotely patch routers and modems, but this is also rare. The result is hundreds of millions of devices that have been sitting on the Internet, unpatched and insecure, for the last five to ten years. Hackers are starting to notice. Malware DNS Changer attacks home routers as well as computers. In Brazil, 4.5 million DSL routers were compromised for purposes of financial fraud. Last month, Symantec reported on a Linux worm that targets routers, cameras, and other embedded devices. This is only the beginning. All it will take is some easy-to-use hacker tools for the script kiddies to get into the game. And the Internet of Things will only make this problem worse, as the Internet -- as well as our homes and bodies -- becomes flooded with new embedded devices that will be equally poorly maintained and unpatchable. But routers and modems pose a particular problem, because they're: (1) between users and the Internet, so turning them off is increasingly not an option; (2) more powerful and more general in function than other embedded devices; (3) the one 24/7 computing device in the house, and are a natural place for lots of new features. We were here before with personal computers, and we fixed the problem. But disclosing vulnerabilities in an effort to force vendors to fix the problem won't work the same way as with embedded systems. The last time, the problem was computers, ones mostly not connected to the Internet, and slow-spreading viruses. The scale is different today: more devices, more vulnerability, viruses spreading faster on the Internet, and less technical expertise on both the vendor and the user sides. Plus vulnerabilities that are impossible to patch. Combine full function with lack of updates, add in a pernicious market dynamic that has inhibited updates and prevented anyone else from updating, and we have an incipient disaster in front of us. It's just a matter of when. We simply have to fix this. We have to put pressure on embedded system vendors to design their systems better. We need open-source driver software -- no more binary blobs! -- so third-party vendors and ISPs can provide security tools and software updates for as long as the device is in use. We need automatic update mechanisms to ensure they get installed. The economic incentives point to large ISPs as the driver for change. Whether they're to blame or not, the ISPs are the ones who get the service calls for crashes. They often have to send users new hardware because it's the only way to update a router or modem, and that can easily cost a year's worth of profit from that customer. This problem is only going to get worse, and more expensive. Paying the cost up front for better embedded systems is much cheaper than paying the costs of the resultant security disasters. This essay originally appeared on Wired.com. http://www.wired.com/opinion/2014/01/theres-no-good-way-to-patch-the-internet-of-things-and-thats-a-huge-problem/ or http://tinyurl.com/ngoxykw Security vulnerabilities in routers: https://www.defcon.org/images/defcon-18/dc-18-presentations/Heffner/DEFCON-18-Heffner-Routers.pdf or http://tinyurl.com/mycykl7 http://www.youtube.com/watch?v=stnJiPBIM6o Security vulnerabilities of older systems: http://www.acsac.org/2010/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=69&type=2 or http://tinyurl.com/l57yph8 Embedded malware: http://news.cnet.com/8301-10784_3-9970972-7.html http://nakedsecurity.sophos.com/2012/10/01/hacked-routers-brazil-vb2012/ or http://tinyurl.com/8js9jg2 http://www.symantec.com/connect/blogs/linux-worm-targeting-hidden-devices or http://tinyurl.com/ncwl6rr http://arstechnica.com/security/2013/11/new-linux-worm-targets-routers-cameras-internet-of-things-devices/ or http://tinyurl.com/mcv73mj Two essays that debunk the "NSA surveillance could have stopped 9/11" myth: http://www.cnn.com/2013/12/30/opinion/bergen-nsa-surveillance-september-11/ http://www.newyorker.com/talk/comment/2014/01/13/140113taco_talk_wright The changing cost of surveillance: http://ashkansoltani.org/2014/01/09/the-cost-of-surveillance/ http://www.yalelawjournal.org/the-yale-law-journal-pocket-part/constitutional-law/tiny-constables-and-the-cost-of-surveillance:-making-cents-out-of-united-states-v.-jones ** *** ***** ******* *********** ************* Schneier News I left BT at the end of December. https://www.schneier.com/blog/archives/2013/12/yes_im_leaving.html Last month, Eben Moglen and I had a conversation about NSA surveillance. Audio and video are online. https://www.softwarefreedom.org/events/2013/a_conversation_with_bruce_schneier/ or http://tinyurl.com/mganzed https://www.youtube.com/watch?v=N8Sc6pUR1mA ** *** ***** ******* *********** ************* Schneier News: I've Joined Co3 Systems For decades, I've said that good security is a combination of protection, detection, and response. In 1999, when I formed Counterpane Internet Security, I focused the company on what was then the nascent area of detection. Since then, there have been many products and services that focus on detection, and it's a huge part of the information security industry. Now, it's time for response. While there are many companies that offer services to aid in incident response -- mitigation, forensics, recovery, compliance -- there are no comprehensive products in this area. Well, almost none. Co3 Systems provides a coordination system for incident response. I think of it as a social networking site for incident response, though the company doesn't use this term. The idea is that the system generates your incident response plan on installation, and when something happens, automatically executes it. It collects information about the incident, assigns and tracks tasks, and logs everything you do. It links you with information you might need, companies you might want to talk to, and regulations you might be required to comply with. And it logs everything, so you can demonstrate that you followed your response plan and thus the law -- or see how and where you fell short. Years ago, attacks were both less frequent and less serious, and compliance requirements were more modest. But today, companies get breached all the time, and regulatory requirements are complicated -- and getting more so all the time. Ad hoc incident response isn't enough anymore. There are lots of things you need to do when you're attacked, both to secure your network from the attackers and to secure your company from litigation. The problem with any emergency response plan is that you only need it in an emergency. Emergencies are both complicated and stressful, and it's easy for things to fall through the cracks. It's critical to have something -- a system, a checklist, even a person -- that tracks everything and makes sure that everything that has to get done is. Co3 Systems is great in an emergency, but of course you really want to have installed and configured it *before* the emergency. It will also serve you better if you use it regularly. Co3 Systems is designed to be valuable for all incident response, both the mundane and the critical. The system can record and assess everything that appears abnormal. The incident response plans it generates make it easy, and the intelligence feeds make it useful. If Co3 Systems is already in place, when something turns out to be a real incident, it's easy to escalate it to the next level, and you'll be using tools you're already familiar with. Co3 Systems works either from a private cloud or on your network. I think the cloud makes more sense; you don't want to coordinate incident response from the network that is under attack. And it's constantly getting better as more partner companies integrate their information feeds and best practices. The company has launched some of these partnerships already, and there are some major names soon to be announced. Today I am joining Co3 Systems as its Chief Technology Officer. I've been on the company's advisory board for about a year, and was an informal adviser to CEO John Bruce before that. John and I worked together at Counterpane in the early 2000s, and we both think this is a natural extension to what we tried to build there. I also know CMO Ted Julian from his days at @Stake. Together, we're going to build *the* incident response product. I'm really excited about this -- and the fact that the company headquarters are just three T stops inbound to Harvard and the Berkman Center makes it even more perfect. http://www.co3sys.com https://www.co3sys.com/news/news-releases/bruce-schneier-joins-co3-systems-cto or http://tinyurl.com/nzhbsf4 http://www.darkreading.com/attacks-breaches/bruce-schneier-departs-bt-for-startup-co/240165137 or http://tinyurl.com/nyatozb http://threatpost.com/bruce-schneier-joins-startup-co3-systems/103429 or http://tinyurl.com/puynhos http://www.networkworld.com/news/2014/010614-schneier-co3-277365.html or http://tinyurl.com/kd4f4j9 https://www.co3sys.com/blog-post/bruce-schneier-chief-technology-officer or http://tinyurl.com/kszop9o https://www.co3sys.com/blog-post/security-legend-bruce-schneier-joins-co3 or http://tinyurl.com/k2u3rnb https://www.youtube.com/watch?v=c7XMWR1hD9M&sns=tw http://threatpost.com/bruce-schneier-joins-startup-co3-systems/103429# or http://tinyurl.com/khs2gdk ** *** ***** ******* *********** ************* Twitter Users: Please Make Sure You're Following the Right Feed I have an official Twitter feed of my blog; it's @schneierblog. There's also an unofficial feed at @Bruce_Schneier. I have nothing to do with that one. I wouldn't mind the unofficial feed -- if people are reading my blog, who cares -- except that it isn't working right, and hasn't been for some time. It publishes some posts weeks late and skips others entirely. I'm only hoping that this one will show up there. It's also kind of annoying that @Bruce_Schneier keeps following people, who think it's me. It's not; I never log in to Twitter and I don't follow anyone there. So if you want to read my blog on Twitter, please make sure you're following @schneierblog. And if you are the person who runs the @Bruce_Schneier account -- if anyone is even running it anymore -- please e-mail me at the address on my Contact page. I'd rather see it fixed than shut down, but better for it to be shut down than continue in its broken state. @schneierblog: http://twitter.com/schneierblog/ @Bruce_Schneier: https://twitter.com/Bruce_Schneier My contact page: https://www.schneier.com/contact.html ** *** ***** ******* *********** ************* Since 1998, CRYPTO-GRAM has been a free monthly newsletter providing summaries, analyses, insights, and commentaries on security: computer and otherwise. You can subscribe, unsubscribe, or change your address on the Web at . Back issues are also available at that URL. Please feel free to forward CRYPTO-GRAM, in whole or in part, to colleagues and friends who will find it valuable. Permission is also granted to reprint CRYPTO-GRAM, as long as it is reprinted in its entirety. CRYPTO-GRAM is written by Bruce Schneier. Bruce Schneier is an internationally renowned security technologist, called a "security guru" by The Economist. He is the author of 12 books -- including "Liars and Outliers: Enabling the Trust Society Needs to Survive" -- as well as hundreds of articles, essays, and academic papers. His influential newsletter "Crypto-Gram" and his blog "Schneier on Security" are read by over 250,000 people. He has testified before Congress, is a frequent guest on television and radio, has served on several government committees, and is regularly quoted in the press. Schneier is a fellow at the Berkman Center for Internet and Society at Harvard Law School, a program fellow at the New America Foundation's Open Technology Institute, a board member of the Electronic Frontier Foundation, an Advisory Board Member of the Electronic Privacy Information Center, and the Chief Technology Officer at Co3 Systems, Inc. See . From coderman at gmail.com Wed Jan 15 16:52:21 2014 From: coderman at gmail.com (coderman) Date: Wed, 15 Jan 2014 16:52:21 -0800 Subject: Fwd: [liberationtech] 15 years later, why can Johnny still not encrypt? Message-ID: ---------- Forwarded message ---------- From: Steve Weis Date: Wed, Jan 15, 2014 at 10:37 AM As one anecdote, when I TAed the MIT Network and Computer security course, we assigned "Why Johnny Can't Encrypt" as the first reading. We asked the students to send us a PGP encrypted & signed message and tell us how long it took. If I recall correctly, it took an average of 30 minutes for non-existing users to figure out how to use PGP. Think about that. These were graduate & upperclass undergraduate computer science students enrolled in a network security course. Everyone had accounts on the same university system and were mostly using standalone email clients. Best of all, someone decided it would be funny to generate a fake key for me and post it to pgp.mit.edu. Several students fell for the trick, didn't verify the key, and encrypted their homework with the wrong key. It was a great way to drive home the lesson, but we asked the jokers to kindly revoke their key, which they did. Long story short, PGP was still hard to figure out for an experienced cohort of users, who didn't have the issues of webmail and proliferation of mobile platforms we have today. I don't think anything has improved to make it viable for a wider audience. On Wed, Jan 15, 2014 at 2:23 AM, Anders Thoresson wrote: > Hi all! > > When doing research on email encryption and why it's still not widely used, I've read Alma Whittens "Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0" [1] from '99. I wonder if anyone knows of similar but more recent usability studies on encryption software? > > Comparing the findings made by Whittens and compare them to the software available today, not much seems to have happened. But does the conclusion still holds, that a lack of mass-adoption of email encryption is due to problematic UX – or are there other reasons that today are seen as more important? > > [1] – https://www.usenix.org/legacy/events/sec99/full_papers/whitten/whitten.ps >... From s at ctrlc.hu Wed Jan 15 09:30:00 2014 From: s at ctrlc.hu (stef) Date: Wed, 15 Jan 2014 18:30:00 +0100 Subject: consistent pcp/pbp formats (was: Curve p25519 Replacements for GnuPG?(x2 now) ..) In-Reply-To: <20140114111653.GD3900@r4> References: <20140114111653.GD3900@r4> Message-ID: <20140115173000.GU7008@ctrlc.hu> howdy, On Tue, Jan 14, 2014 at 12:16:53PM +0100, Thomas von Dein wrote: > > - coordinate representation x, x&y, x and sign ... > > or bits to show which of these ... perhaps borrow ANSI method > > Could you please explain this further? i believe this is not really necessary for this type of curve. especially if we manage to switch to elligator curves soonish. > > - hint / indication of cipher suite / curve > > In pcp there's already such a hint included in exported keys, however > I'm not using it, since there's no choice of different curves in > libsodium so far. But it's on the list. unfortunately pbp has such a distinguisher, it decides between asym/sym encryption. i should somehow get rid of that. > > - text encoding of binary format (ascii) > > As already stated in the other subthread, I use Z85, while stef is using > base85. Since Z85 is a subset of base85, I'm pretty sure we can agree on > something. absolutely. i like small keys, that's why we do ecc, not RSA. as it allows to use crypto e.g. also in tweets, signed tweets leave you with ~55 chars for messages, or as we recently found out also in the comment field of bank wiretransfers. i wasn't really joking doing a numberstation style output format. the https://en.wikipedia.org/wiki/PGP_word_list might be quite good for easy human voice transmission, like in key parties. takes a bit of time reciting 32 words, but might be easier than reciting a pgp keyid. > I'm not sure, how stef solved the ed25519 issue (you can't use a > curve25519 secret key to create an ed25519 signature directly). After > some discussion on the libsodium mailinglist we came up with this: > > When the user generates a new key, the ed25519 secret key will be > generated first. The curve25519 secret will be derived from that, since > the ed25519 already contains a usable curve25519 key. In pcp I store > both of them for easier access, so the ed25519 and curve25519 secret and > public keys are stored, the secret keys are encrypted and I store the > nonce as well (see include/pcp/key.h). pbp uses separate and unrelated keys for confidentiality and others for signing. > Speaking of key encryption: @stef: according to your docs you're already > using scrypt() for key derivation. I'd like to use that as well, but > it's not part of libsodium (afaik), so I use my own method for this til > scrypt() is implemented in libsodium. That's because I want to avoid > writing crypto code myself. http://ftp.de.debian.org/debian/pool/main/s/scrypt/scrypt_1.1.6.orig.tar.gz seems like a good start for reusing code. -- pgp: https://www.ctrlc.hu/~stef/stef.gpg pgp fp: FD52 DABD 5224 7F9C 63C6 3C12 FC97 D29F CA05 57EF otr fp: https://www.ctrlc.hu/~stef/otr.txt From bill.stewart at pobox.com Wed Jan 15 22:17:06 2014 From: bill.stewart at pobox.com (Bill Stewart) Date: Wed, 15 Jan 2014 22:17:06 -0800 Subject: gpg/pgp cli vs 15 years later, why can Johnny still not encrypt? In-Reply-To: <2b564ac2fff4588e7459ce21e5a1ffd2@remailer.privacy.at> References: <2b564ac2fff4588e7459ce21e5a1ffd2@remailer.privacy.at> Message-ID: <20140116061710.D597310C68@a-pb-sasl-quonix.pobox.com> > >> When doing research on email encryption and > why it's still not widely used, I've read Alma > Whittens "Why Johnny Can’t Encrypt: A > Usability Evaluation of PGP 5.0" [1] from '99. > I wonder if anyone knows of similar but more > recent usability studies on encryption software? By some time in the mid-00s, Hugh Daniel and I could no longer reliably send each other PGP-encrypted mail :-) I wouldn't use the older versions of PGP (including GPG which was compatible with them), which had the abusable bugs in variable-length-field handling that made it possible to force PGP to use really weak crypto; Hugh would only use the open-source versions, not the proprietary Windows-GUI versions from PGP Inc., and even the proprietary versions were getting less and less reliable. And stubbornness had, ummm, entirely nothing to do with either of our positions... And at some point I had a disk crash that trashed the current keyrings for which I knew the passphrases, and I haven't really tried since then. Some of the GUIs were ok, some weren't. I've gotten lazy and prefer to be able to cut and paste, but the text editors I used this morning included vi, ed, cat, and >, and I guess emacs if you count the bash line-editing commands. As far as PGP's CLI goes, it was painfully obvious that Phil was a Windows programmer, not a Unix programmer (though I suspect he had some DEC background as well). Bill Stewart, wearing my old geezer hat today. From mixmaster at remailer.privacy.at Wed Jan 15 13:36:40 2014 From: mixmaster at remailer.privacy.at (Anonymous Remailer (austria)) Date: Wed, 15 Jan 2014 22:36:40 +0100 (CET) Subject: A90-217 the beginnings of the NSA-TAO in 1990s Message-ID: <03c9a93618410d8db1cdd5ac573511ff@remailer.privacy.at> tracking down the bastards http://www.nytimes.com/2014/01/15/us/nsa-effort-pries-open-computers-not-connected-to-internet.html?hp&_r=0 How it started... http://sbirsource.com/sbir/awards/39357-computer-virus-electronic-countermeasures-ecm http://sbirsource.com/sbir/awards/39376-computervirus-electronic-execution-support are the companies and folks who got your tax dollars to build equipment at the NSA's bidding for TAO.. the whole SBIR was facilitated by DARPA is my unerstanding sbirsource.com/sbir/awards/16634-computer-virus-electronic-counter-measure-ecm this was the second award in 1992.. One of The research firm and name supplying these designs? Software & Electrical Engineering 248 Walnut Street Willimantic, CT 06226 Mr. Victor Civie the beginnings of the NSA Tailored Access Operation began here in part at least the ones der speigel is complaining about.. may have changed nowadays.. but here is the original culprit.. for those doing betting death pools I suggest Mr. Victor Civie and those of his ilk as one people would pay to nominate from the description Sophisticated Virus, Parasite and Resource Management systems are to be constructed to alter or report on the operation of a designated target. Specific systems include the Tape Worm, a low profile smart Parasite featuring comprehensive resource management operations, the Stealth Striker, an ultra low profile targeting virus, the Transport, an ultra low profile utility virus used to transport, load and excecute large programs and various surveillance and maintenance systems. Virus/Parasite objectives include securing a stable base, fixing, relocating and reproducing in teh target system, the ability to find and infect other systems, alter/record/monitor/recall computer operations, and alter/record/monitor/recall data and output. The effort will also produce a Code miniaturization strategy and apply the principals to the EMC programs. compact Task Oriented Routines are designed to create code to perform assigned tasks. another winner of the Phase 1 grant was Sparta, Inc. 23041 Avenida De La Carlota,, Suite 325 Laguna Hills, CA 92653 Principal Investigator DOUG PRICE From coderman at gmail.com Thu Jan 16 04:38:12 2014 From: coderman at gmail.com (coderman) Date: Thu, 16 Jan 2014 04:38:12 -0800 Subject: pie in sky suites - long lived public key pairs for persistent identity In-Reply-To: References: Message-ID: On Fri, Jan 3, 2014 at 11:42 AM, coderman wrote: > use case is long term (decade+) identity ... key signs > working keys tuned for speed with limited secret > life span (month+). i should have better clarified intent: - long term keys are offline, otherwise better protected (for arbitrary degrees of "beyond the everyday level"). thwarting active attacks or chosen input attacks is explicitly intended. - long term keys can be large, or slow, or demand elevated protections and blinding, or other mechanisms which aggravate to point of disabling or calling to costly with respect to the working / short term keys. applying all reasonable protections is specifically intended. - long term keys may be M of N threshold schemes for group or ceremony based attestations for other long term keys, working keys, or secure identifiers in general. said another way, long term keys are specifically intended as trust anchors in public key systems of various types. thanks all for the input that followed; i appreciate it! best regards, From mixmaster at remailer.privacy.at Wed Jan 15 21:36:45 2014 From: mixmaster at remailer.privacy.at (Anonymous Remailer (austria)) Date: Thu, 16 Jan 2014 06:36:45 +0100 (CET) Subject: gpg/pgp cli vs 15 years later, why can Johnny still not encrypt? Message-ID: <2b564ac2fff4588e7459ce21e5a1ffd2@remailer.privacy.at> To be fair.. maybe it helps to examine the software environment extant at the time pgp was developed.. ie macos was the gui($$$$), AUX had just been abandoned by apple. of the day... and dos 3.0 , unix releases were SCO Microport and Interactive/ all based on Att 5.3.2 sources except for microport which was SVR4, Linux did NOT exist nor did crypto libraries bsd/386 was an unforfilled promise and almost no private individual could afford a sun pizza box to run bsd and xenix was $$$$.. same for qnx(and non standard to boot). . Almost EVERYTHING was command line dos windows 3.0 was just starting to become available pgp 1.0 cli structure was loosely based on CryptMaster(an earlier paid product). ie pgp 1.0 was posted/published from a tandon 60 laptop(i386) running a dos command line version of uucp. and additionally fido and sdn clients on the morning of june 5, 1991 from Santa Cruz,Ca.(this after weeks of prediscussion on the WELL...) then additional copys were posted from random upload points all over silicon valley for the next 96 hours.(yes the van/payphone part of the tale is true also, although the payhones wiring was generally directly accessed using a testset to allow connection of a trailblazer modem(preferred for 19.2kb uploads via uucp to usenet.) pgp 2.0 continues on from there and currently gnupg is the cli choice of script and integration...(albeit with several flaws security and cryptowise.) pgp/gpg never was designed for ANYthing but CLI/script/filter/inline usage in the freeware opensource versions and typically people are incompetent at using CLI by far and large(even so called CS students)... On 1/15/14 4:52 PM, coderman wrote:> ---------- Forwarded message ---------- > From: Steve Weis > Date: Wed, Jan 15, 2014 at 10:37 AM > > > As one anecdote, when I TAed the MIT Network and Computer security > course, we assigned "Why Johnny Can't Encrypt" as the first reading. > We asked the students to send us a PGP encrypted & signed message and > tell us how long it took. > > If I recall correctly, it took an average of 30 minutes for > non-existing users to figure out how to use PGP. Think about that. > These were graduate & upperclass undergraduate computer science > students enrolled in a network security course. Everyone had accounts > on the same university system and were mostly using standalone email > clients. > > Best of all, someone decided it would be funny to generate a fake key > for me and post it to pgp.mit.edu. Several students fell for the > trick, didn't verify the key, and encrypted their homework with the > wrong key. It was a great way to drive home the lesson, but we asked > the jokers to kindly revoke their key, which they did. > > Long story short, PGP was still hard to figure out for an experienced > cohort of users, who didn't have the issues of webmail and > proliferation of mobile platforms we have today. I don't think > anything has improved to make it viable for a wider audience. > > > On Wed, Jan 15, 2014 at 2:23 AM, Anders Thoresson wrote: >> Hi all! >> >> When doing research on email encryption and why it's still not widely used, I've read Alma Whittens "Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0" [1] from '99. I wonder if anyone knows of similar but more recent usability studies on encryption software? >> >> Comparing the findings made by Whittens and compare them to the software available today, not much seems to have happened. But does the conclusion still holds, that a lack of mass-adoption of email encryption is due to problematic UX – or are there other reasons that today are seen as more important? >> >> [1] – https://www.usenix.org/legacy/events/sec99/full_papers/whitten/whitten.ps >> ... > From coderman at gmail.com Thu Jan 16 06:56:55 2014 From: coderman at gmail.com (coderman) Date: Thu, 16 Jan 2014 06:56:55 -0800 Subject: "the ability of the government to go back to taps collected years earlier to look for material with which to influence potential witnesses in the present" Message-ID: see also: http://www.reddit.com/user/ellsbergd from thread: http://www.reddit.com/r/IAmA/comments/1vahsi/i_am_pentagon_papers_leaker_daniel_ellsberg/ceqjvcl?context=3 --- PulvisEtUmbraSumus When did you first become aware that there had been an attempt to seize your medical files from Lewis Fielding's office, and what was your reaction to the administration going that far? In general, how aware were you of surveillance and character assassination attempts against your person, such as the attempts to tie you to communist groups in Minnesota as per this conversation between Nixon and John Mitchell? --- ellsbergd WOW! That link is absolutely fascinating! (Even though I don't have the time just now to go through it in detail, as I will shortly). Thank you for the link! I have to ask, where is it from, where did you get it (on the White House transcripts)? Well, in answer to your question, I just became aware of some surveillance on me (BEFORE the Pentagon papers came out) ten minutes ago, from your link. I was being surveilled because I was a witness in a criminal trial of draft resisters, some of the Minnesota Eight. Their very good lawyer has been accused, I don't know on what basis, of having been a Communist. And that allegation was not of particular significance to the DOJ UNTIL, months later, he was associated with me, after the Papers came out. Likewise, the president is heard discussing with Haldeman on these transcripts the need to go back over earlier (illegal, warrantless) wiretaps--of journalists and White House officials, on which I was overheard--to see what might look significant now, in light of the release of the Pentagon Papers. That's what I've been talking about in earlier answers: the ability of the government to go back to taps collected years earlier to look for material with which to influence potential witnesses in the present. (See their interest in the allegation that the wife of one journalist may have been accused of shoplifting in her past). So people who have "nothing to hide" should ask themselves if that is equally true of their spouses or children, or neighbors, who could possibly be turned into informants by threat of their private lives being revealed. (The Cuban CIA assets who burglarized my psychoanalyst's office were interested in my children and wife as much as me, a reporter who interviewed them was told; they had been told of the precedent of Alger Hiss' step-son who was crucially deterred, at Hiss' insistence, from testifying in his defense at his trial on a crucial point, because he would have been questioned about his alleged homosexuality). My analyst later apologized to me for not telling me about the break-in--which he was sure was aimed at me, by the White House--because his lawyer had advised him not to "get involved." So I didn't know about it until it came out in my courtroom, thanks to John Dean's revelation. All for the best. If he had told me and we had raised it in the court-room, the plumbers would not have been kept on the White House payroll (via CREEP) and would not have been ordered into the Watergate. Nixon would have stayed in office, and the war would have continued for years. From hozer at hozed.org Thu Jan 16 10:33:13 2014 From: hozer at hozed.org (Troy Benjegerdes) Date: Thu, 16 Jan 2014 12:33:13 -0600 Subject: anti-prosecution tactics. (Was Re:) Message-ID: <20140116183313.GC3180@nl.grid.coop> > a) JYA is being paid in laundered bitcoin for spreading FUD to > cypherpunks and privacy technologists; CIA now embracing altcoins for > darkops and payoffs. > > b) the emerging market for captured 0day is spilling over into overt > baiting tactics in public places like our beloved listserv; elevated > noise a signal for constructed focal points of interest tapping faux > target treasures. > > c) because honeypots I don't have a clue about JYA, but what I have seen on the bitcoin lists about address re-use and stealth addresses pretty much confirms that lots of people are getting paid, and many are getting manipulated into developing and promoting 'privacy and anonymity' systems that come pre-hacked with a feed to the highest bidder. The only real defense normal people have is transparency. The only people who can afford privacy are the ones shouting the loudest that we all have an inalienable right to keep shit secret, while they quietly tap our phones, bank accounts, cryptocoin wallets, and new media. From hozer at hozed.org Thu Jan 16 11:43:29 2014 From: hozer at hozed.org (Troy Benjegerdes) Date: Thu, 16 Jan 2014 13:43:29 -0600 Subject: anti-prosecution tactics. (Was Re:) In-Reply-To: <5F13F9B03C1409FEC2044012@F74D39FA044AA309EAEA14B9> References: <20140116183313.GC3180@nl.grid.coop> <5F13F9B03C1409FEC2044012@F74D39FA044AA309EAEA14B9> Message-ID: <20140116194329.GD3180@nl.grid.coop> On Thu, Jan 16, 2014 at 04:25:05PM -0300, Juan Garofalo wrote: > > > --On Thursday, January 16, 2014 12:33 PM -0600 Troy Benjegerdes > wrote: > > > The only real defense normal people have is transparency. > > What (the hell) is that supposed to mean? http://www.davidbrin.com/transparentsociety.html > > The only > > people who can afford privacy are the ones shouting the loudest that > > we all have an inalienable right to keep shit secret, while they > > quietly tap our phones, bank accounts, cryptocoin wallets, and new > > media. > > > Those criminals may have de facto privacy. And? The criminals in power have privacy. The rich who can pay have privacy. Those below the median income have none. I am inherently suspicious of privacy and anonynmity advocates because they are at best not realizing the threat model, and at worst are working for the criminals in power. From john at johnlgrubbs.net Thu Jan 16 12:12:15 2014 From: john at johnlgrubbs.net (John L Grubbs) Date: Thu, 16 Jan 2014 14:12:15 -0600 Subject: [Cfrg] Requesting removal of CFRG co-chair Message-ID: <201401162012.s0GKCRL0016725@antiproton.jfet.org> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 6275 bytes Desc: not available URL: From hozer at hozed.org Thu Jan 16 12:25:51 2014 From: hozer at hozed.org (Troy Benjegerdes) Date: Thu, 16 Jan 2014 14:25:51 -0600 Subject: anti-prosecution tactics. (Was Re:) In-Reply-To: <10612724.qVFqBZNlEa@lap> References: <20140116183313.GC3180@nl.grid.coop> <5F13F9B03C1409FEC2044012@F74D39FA044AA309EAEA14B9> <20140116194329.GD3180@nl.grid.coop> <10612724.qVFqBZNlEa@lap> Message-ID: <20140116202551.GE3180@nl.grid.coop> On Thu, Jan 16, 2014 at 08:59:46PM +0100, rysiek wrote: > Dnia czwartek, 16 stycznia 2014 13:43:29 Troy Benjegerdes pisze: > > The criminals in power have privacy. The rich who can pay have privacy. > > > > Those below the median income have none. > > > > I am inherently suspicious of privacy and anonynmity advocates because they > > are at best not realizing the threat model, and at worst are working for > > the criminals in power. > > So please tell us, oh enlightened one, what is the threat model? > > Because I would say the exact same thing about those who badmouth privacy > advocates and privacy itself: obviously those in power have vested interests > in violating privacy, be it for monetary, or political gain. > > They have vested interests in convincing the unwashed masses that either > "privacy is dead", "privacy is not needed" or "privacy is impossible". So that > they can more easily spy upon us all, and so that it gets that harder for > privacy-conscious people to maintain their privacy (as that is an ecology, if > you do not maintain your privacy, information about you might help somebody to > deduce information about me). > > I would say that the vested interest is more clear in the above than in what > you stated. So please tell me, what do I not see, or (if I am "working for the > man"), where's the cash that I must've gotten for my services over the > years?.. I'm going to trust you when you say you are an advocate for all the right reasons. I also like to trust, but verify. I cannot verify without invading your privacy, and since that's important to you, I won't. The vested interests absolutely would love us all to believe privacy is dead, but will not themselves give it up, making for an extreme imbalance of power. I, on the other hand, am a person. I am not, however, particularly private, because it costs me too fucking much in terms of money, time, and paranoia to actually test and verify that shit I think is supposed to be private actually is. What I want is for private cypherpunks and transparent cypherpunks to respect each other's values and spill the secrets of the fuckers who say privacy is dead but will only themselves give it up in the cold grip of the grave. From john at johnlgrubbs.net Thu Jan 16 12:37:56 2014 From: john at johnlgrubbs.net (John L Grubbs) Date: Thu, 16 Jan 2014 14:37:56 -0600 Subject: [Cfrg] Requesting removal of CFRG co-chair Message-ID: <201401162038.s0GKc7IM017003@antiproton.jfet.org> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 8596 bytes Desc: not available URL: From hozer at hozed.org Thu Jan 16 13:33:07 2014 From: hozer at hozed.org (Troy Benjegerdes) Date: Thu, 16 Jan 2014 15:33:07 -0600 Subject: anti-prosecution tactics. (Was Re:) In-Reply-To: <4114929.9VWVmFSbvN@lap> References: <20140116183313.GC3180@nl.grid.coop> <10612724.qVFqBZNlEa@lap> <20140116202551.GE3180@nl.grid.coop> <4114929.9VWVmFSbvN@lap> Message-ID: <20140116213307.GF3180@nl.grid.coop> ;) On Thu, Jan 16, 2014 at 09:49:33PM +0100, rysiek wrote: > OHAI, > > Dnia czwartek, 16 stycznia 2014 14:25:51 Troy Benjegerdes pisze: > > > So please tell us, oh enlightened one, what is the threat model? > > > > > > Because I would say the exact same thing about those who badmouth privacy > > > advocates and privacy itself: obviously those in power have vested > > > interests in violating privacy, be it for monetary, or political gain. > > > > > > They have vested interests in convincing the unwashed masses that either > > > "privacy is dead", "privacy is not needed" or "privacy is impossible". So > > > that they can more easily spy upon us all, and so that it gets that > > > harder for privacy-conscious people to maintain their privacy (as that is > > > an ecology, if you do not maintain your privacy, information about you > > > might help somebody to deduce information about me). > > > > > > I would say that the vested interest is more clear in the above than in > > > what you stated. So please tell me, what do I not see, or (if I am > > > "working for the man"), where's the cash that I must've gotten for my > > > services over the years?.. > > > > I'm going to trust you when you say you are an advocate for all the right > > reasons. > > Cool. :) > > > I also like to trust, but verify. I cannot verify without invading your > > privacy, and since that's important to you, I won't. > > Not true. You can verify my public actions, my public statements. What matters > in the end is if the result is right. If my actions, my statements were > conducive towards better privacy or bettering of our common human condition, > one can assume with high degree of certainty that my reasons were right. If > not, well, woe is me. > > > The vested interests absolutely would love us all to believe privacy is > > dead, but will not themselves give it up, making for an extreme imbalance > > of power. > > And information assymetry. That's why we have to build our own tools and use > them to guard our own privacy. pgp and gnupg are 'pretty good'. Bitcoin is a disaster because the vested interests appear to have achived complete regulatory capture through FINCEN and the Banking Secrecy Act > > I, on the other hand, am a person. I am not, however, particularly private, > > because it costs me too fucking much in terms of money, time, and paranoia > > to actually test and verify that shit I think is supposed to be private > > actually is. > > Well, there is always the element of trust. I have to (I don't have the time, > money, etc to verify myself) trust my hardware and software to some extent. > > But I *can* choose hardware and software in a way that should make that trust > better founded. Free software, open hardware. I use an "ancient" Nokia N900, > which is by far not ideal, still much better than any iPhone. > > I can make listeners' lives harder. And I do. > > > What I want is for private cypherpunks and transparent cypherpunks to > > respect each other's values and spill the secrets of the fuckers who say > > privacy is dead but will only themselves give it up in the cold grip of the > > grave. > > Abso-fucking-lutely! Still, I would like to know what is the threat model you > were talking about. I don't see how advocating privacy and anonymity can be > sinister -- apart from using these terms in context that these terms have no > purpose other than muddying the waters (i.e. "privacy of government agencies > or corporations"). > > -- > Pozdr > rysiek The cost of privacy is the threat. There's a lot we can do with things that are Free, as in Freedom (software). I think there's also a great advance waiting when a viral-freedom copyright license (GPL/AGPL) cryptocoin can figure out how to clearly express the cost tradeoff of doing verifiably secure anonymous transactions vs what it costs to just tell the world you are sending $20 to your grandma and making sure it gets there. The problem with bitcoin is all the developers who know what they are doing are now part of the 1% that benefits from exploiting privacy asymmetry. I can't trust someone talking with forked tongue about how cryptocoins are BOTH a serious business currency, AND protect your privacy. -- Troy From jya at pipeline.com Thu Jan 16 13:06:22 2014 From: jya at pipeline.com (John Young) Date: Thu, 16 Jan 2014 16:06:22 -0500 Subject: [Cfrg] Requesting removal of CFRG co-chair In-Reply-To: <201401162038.s0GKc7IM017003@antiproton.jfet.org> References: <201401162038.s0GKc7IM017003@antiproton.jfet.org> Message-ID: This witch hunt is ridiculous self-promotion, and most often is hawked by competing witches, actually by the publicity machinery of alternative acronymism. From skquinn at rushpost.com Thu Jan 16 14:20:09 2014 From: skquinn at rushpost.com (Shawn K. Quinn) Date: Thu, 16 Jan 2014 16:20:09 -0600 Subject: Requesting Removal of the ding-dong posting from the austria remailer (was Re: ...Removal of CARI MACHET/FAKE INDIAN...) In-Reply-To: References: Message-ID: <1389910809.17034.71745477.6943C833@webmail.messagingengine.com> On Thu, Jan 16, 2014, at 04:02 PM, Anonymous Remailer (austria) wrote: > > subject should remove herself for being softheaded to the point of > confusing herself > Cari Machet is also believed to be working undercover for the NSA Pardon my French, but I call bullshit. "Fake Indian" is a pretty serious accusation. Proof requested, and you need to identify yourself for credibility using at least a pseudonym that's been seen elsewhere. -- Shawn K. Quinn skquinn at rushpost.com From juan.g71 at gmail.com Thu Jan 16 11:25:05 2014 From: juan.g71 at gmail.com (Juan Garofalo) Date: Thu, 16 Jan 2014 16:25:05 -0300 Subject: anti-prosecution tactics. (Was Re:) In-Reply-To: <20140116183313.GC3180@nl.grid.coop> References: <20140116183313.GC3180@nl.grid.coop> Message-ID: <5F13F9B03C1409FEC2044012@F74D39FA044AA309EAEA14B9> --On Thursday, January 16, 2014 12:33 PM -0600 Troy Benjegerdes wrote: > The only real defense normal people have is transparency. What (the hell) is that supposed to mean? > The only > people who can afford privacy are the ones shouting the loudest that > we all have an inalienable right to keep shit secret, while they > quietly tap our phones, bank accounts, cryptocoin wallets, and new > media. Those criminals may have de facto privacy. And? From griffin at cryptolab.net Thu Jan 16 14:07:10 2014 From: griffin at cryptolab.net (Griffin Boyce) Date: Thu, 16 Jan 2014 17:07:10 -0500 Subject: Requesting Removal of In-Reply-To: References: Message-ID: <52D8580E.1080808@cryptolab.net> Anonymous Remailer (austria) wrote: > Cari Machet is also believed to be working undercover for the NSA Isn't everyone? From coderman at gmail.com Thu Jan 16 20:35:50 2014 From: coderman at gmail.com (coderman) Date: Thu, 16 Jan 2014 20:35:50 -0800 Subject: Requesting Removal of In-Reply-To: <52D8580E.1080808@cryptolab.net> References: <52D8580E.1080808@cryptolab.net> Message-ID: On Thu, Jan 16, 2014 at 2:07 PM, Griffin Boyce wrote: > Anonymous Remailer (austria) wrote: >> >> Cari Machet is also believed to be working undercover for the NSA > > > Isn't everyone? some paid better than others... From moritz at headstrong.de Thu Jan 16 11:50:03 2014 From: moritz at headstrong.de (Moritz) Date: Thu, 16 Jan 2014 20:50:03 +0100 Subject: [Cfrg] Requesting removal of CFRG co-chair Message-ID: <52D837EB.4050703@headstrong.de> https://www.ietf.org/mail-archive/web/cfrg/current/msg03554.html Dear IRTF Chair, IAB, and CFRG: I'd like to request the removal of Kevin Igoe from CFRG co-chair. The Crypto Forum Research Group is chartered to provide crypto advice to IETF Working Groups. As CFRG co-chair for the last 2 years, Kevin has shaped CFRG discussion and provided CFRG opinion to WGs. Kevin's handling of the "Dragonfly" protocol raises doubts that he is performing these duties competently. Additionally, Kevin's employment with the National Security Agency raises conflict-of-interest concerns. Dragonfly Background ---- Dragonfly is a "Password-Authenticated Key Exchange" protocol (or "PAKE"). Dragonfly was proposed to CFRG 2 years ago [PROPOSAL]. Compared to better-known PAKEs, Dragonfly has no security proof, a lack of extensive security analysis, nonfunctional complications added for IPR reasons, and some security issues [REVIEW]. Dragonfly became a hot topic recently when the TLS WG disputed CFRG's alleged report that Dragonfly was "satisfactory", as well as disputing that this report reflected CFRG consensus [TLS_1]. After extensive criticism of Dragonfly, the TLS WG ceased work on a Dragonfly extension [TLS_2]. NSA Background ---- The National Security Agency ("NSA") is a U.S. Intelligence Agency which is believed to devote considerable resources to: - "Influence policies, standards and specifications for commercial public key technologies" - "Shape the worldwide cryptography marketplace to make it more tractable to advanced cryptanalytic capabilities" [BULLRUN] While much is unknown about these activities, the NSA is known to have placed a "back door" in a NIST standard for random number generation [ECDRBG]. A recent report from the President's Review Group recommends that the NSA: - "fully support and not undermine efforts to create encryption standards" - "not in any way subvert, undermine, weaken, or make vulnerable generally available commercial software" [PRESIDENTS] This suggests the NSA is currently behaving contrary to the recommendations. Reasons for requesting Kevin's removal ---- 1) Kevin has provided the *ONLY* positive feedback for Dragonfly that can be found on the CFRG mailing list or meeting minutes. The contrast between Kevin's enthusiasm and the group's skepticism is striking [CFRG_SUMMARY]. It's unclear what this enthusiasm is based on. There's no record of Kevin making any effort to understand Dragonfly's unusual structure, compare it to alternatives, consider possible use cases, or construct a formal security analysis. 2) Twice Kevin suggested a technique for deriving the Dragonfly password-based element which would make the protocol easy to break [IGOE_1, IGOE_2]. He also endorsed an ineffective attempt to avoid timing attacks by adding extra iterations to one of the loops [IGOE_3, IGOE_4]. These are surprising mistakes from an experienced cryptographer. 3) Kevin's approval of Dragonfly to the TLS WG misrepresented CFRG consensus, which was skeptical of Dragonfly [CFRG_SUMMARY]. 4) Kevin's NSA affiliation raises unpleasant but unavoidable questions regarding these actions. It's entirely possible these are just mistakes by a novice chair who lacks experience in a particular sort of protocol and is being pressured by IETF participants to endorse something. But it's hard to escape an impression of carelessness and unseriousness in Kevin's work. One wonders whether the NSA is happy to preside over this sort of sloppy crypto design. While that's of course speculation, it remains baffling that an experienced cryptographer would champion such a shoddy protocol. The CFRG chairs have been silent for months, and haven't responded to attempts to clarify this. Conclusion ---- The position of CFRG chair (or co-chair) is a role of crucial importance to the IETF community. The IETF is in desperate need of trustworthy crypto guidance from parties who are above suspicion. I encourage the IAB and IRTF to replace Kevin Igoe with someone who can provide this. Thanks for considering this request. Trevor From rysiek at hackerspace.pl Thu Jan 16 11:51:17 2014 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 16 Jan 2014 20:51:17 +0100 Subject: anti-prosecution tactics. (Was Re:) In-Reply-To: <5F13F9B03C1409FEC2044012@F74D39FA044AA309EAEA14B9> References: <20140116183313.GC3180@nl.grid.coop> <5F13F9B03C1409FEC2044012@F74D39FA044AA309EAEA14B9> Message-ID: <1618947.py4ebngTF1@lap> Dnia czwartek, 16 stycznia 2014 16:25:05 Juan Garofalo pisze: > --On Thursday, January 16, 2014 12:33 PM -0600 Troy Benjegerdes > > wrote: > > The only real defense normal people have is transparency. > > What (the hell) is that supposed to mean? I guess one could read that as: "Only transparency OF THE LAW ENFORCEMENT and other government/corporate entities and actors can ensure that normal people have some control over them and can protect themselves from possible abuses of power." Surely nobody would use the word "transparency" to a private person, right? http://rys.io/en/27 -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From carimachet at gmail.com Thu Jan 16 11:58:41 2014 From: carimachet at gmail.com (Cari Machet) Date: Thu, 16 Jan 2014 20:58:41 +0100 Subject: anti-prosecution tactics. (Was Re:) In-Reply-To: <20140116194329.GD3180@nl.grid.coop> References: <20140116183313.GC3180@nl.grid.coop> <5F13F9B03C1409FEC2044012@F74D39FA044AA309EAEA14B9> <20140116194329.GD3180@nl.grid.coop> Message-ID: one of our tactics is to make things public knowledge - transparency has been seen by our security ppl as 'protection' >>> yup what can u do when they can even infiltrate thru ur sym card >> taking ur battery out of ur phone aint doin nothin Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. On Thu, Jan 16, 2014 at 8:43 PM, Troy Benjegerdes wrote: > On Thu, Jan 16, 2014 at 04:25:05PM -0300, Juan Garofalo wrote: > > > > > > --On Thursday, January 16, 2014 12:33 PM -0600 Troy Benjegerdes > > wrote: > > > > > The only real defense normal people have is transparency. > > > > What (the hell) is that supposed to mean? > > http://www.davidbrin.com/transparentsociety.html > > > > The only > > > people who can afford privacy are the ones shouting the loudest that > > > we all have an inalienable right to keep shit secret, while they > > > quietly tap our phones, bank accounts, cryptocoin wallets, and new > > > media. > > > > > > Those criminals may have de facto privacy. And? > > The criminals in power have privacy. The rich who can pay have privacy. > > Those below the median income have none. > > I am inherently suspicious of privacy and anonynmity advocates because they > are at best not realizing the threat model, and at worst are working for > the criminals in power. > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2608 bytes Desc: not available URL: From rysiek at hackerspace.pl Thu Jan 16 11:59:46 2014 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 16 Jan 2014 20:59:46 +0100 Subject: anti-prosecution tactics. (Was Re:) In-Reply-To: <20140116194329.GD3180@nl.grid.coop> References: <20140116183313.GC3180@nl.grid.coop> <5F13F9B03C1409FEC2044012@F74D39FA044AA309EAEA14B9> <20140116194329.GD3180@nl.grid.coop> Message-ID: <10612724.qVFqBZNlEa@lap> Dnia czwartek, 16 stycznia 2014 13:43:29 Troy Benjegerdes pisze: > The criminals in power have privacy. The rich who can pay have privacy. > > Those below the median income have none. > > I am inherently suspicious of privacy and anonynmity advocates because they > are at best not realizing the threat model, and at worst are working for > the criminals in power. So please tell us, oh enlightened one, what is the threat model? Because I would say the exact same thing about those who badmouth privacy advocates and privacy itself: obviously those in power have vested interests in violating privacy, be it for monetary, or political gain. They have vested interests in convincing the unwashed masses that either "privacy is dead", "privacy is not needed" or "privacy is impossible". So that they can more easily spy upon us all, and so that it gets that harder for privacy-conscious people to maintain their privacy (as that is an ecology, if you do not maintain your privacy, information about you might help somebody to deduce information about me). I would say that the vested interest is more clear in the above than in what you stated. So please tell me, what do I not see, or (if I am "working for the man"), where's the cash that I must've gotten for my services over the years?.. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From carimachet at gmail.com Thu Jan 16 12:04:38 2014 From: carimachet at gmail.com (Cari Machet) Date: Thu, 16 Jan 2014 21:04:38 +0100 Subject: [Cfrg] Requesting removal of CFRG co-chair In-Reply-To: <52D837EB.4050703@headstrong.de> References: <52D837EB.4050703@headstrong.de> Message-ID: BEAUTIFUL Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. On Thu, Jan 16, 2014 at 8:50 PM, Moritz wrote: > > https://www.ietf.org/mail-archive/web/cfrg/current/msg03554.html > > > Dear IRTF Chair, IAB, and CFRG: > > I'd like to request the removal of Kevin Igoe from CFRG co-chair. > > The Crypto Forum Research Group is chartered to provide crypto advice > to IETF Working Groups. As CFRG co-chair for the last 2 years, Kevin > has shaped CFRG discussion and provided CFRG opinion to WGs. > > Kevin's handling of the "Dragonfly" protocol raises doubts that he is > performing these duties competently. Additionally, Kevin's employment > with the National Security Agency raises conflict-of-interest > concerns. > > > Dragonfly Background > ---- > Dragonfly is a "Password-Authenticated Key Exchange" protocol (or > "PAKE"). Dragonfly was proposed to CFRG 2 years ago [PROPOSAL]. > Compared to better-known PAKEs, Dragonfly has no security proof, a > lack of extensive security analysis, nonfunctional complications added > for IPR reasons, and some security issues [REVIEW]. > > Dragonfly became a hot topic recently when the TLS WG disputed CFRG's > alleged report that Dragonfly was "satisfactory", as well as disputing > that this report reflected CFRG consensus [TLS_1]. After extensive > criticism of Dragonfly, the TLS WG ceased work on a Dragonfly > extension [TLS_2]. > > > NSA Background > ---- > The National Security Agency ("NSA") is a U.S. Intelligence Agency > which is believed to devote considerable resources to: > - "Influence policies, standards and specifications for commercial > public key technologies" > - "Shape the worldwide cryptography marketplace to make it more > tractable to advanced cryptanalytic capabilities" [BULLRUN] > > While much is unknown about these activities, the NSA is known to have > placed a "back door" in a NIST standard for random number generation > [ECDRBG]. A recent report from the President's Review Group > recommends that the NSA: > - "fully support and not undermine efforts to create encryption standards" > - "not in any way subvert, undermine, weaken, or make vulnerable > generally available commercial software" [PRESIDENTS] > > This suggests the NSA is currently behaving contrary to the > recommendations. > > > Reasons for requesting Kevin's removal > ---- > 1) Kevin has provided the *ONLY* positive feedback for Dragonfly that > can be found on the CFRG mailing list or meeting minutes. The > contrast between Kevin's enthusiasm and the group's skepticism is > striking [CFRG_SUMMARY]. It's unclear what this enthusiasm is based > on. There's no record of Kevin making any effort to understand > Dragonfly's unusual structure, compare it to alternatives, consider > possible use cases, or construct a formal security analysis. > > 2) Twice Kevin suggested a technique for deriving the Dragonfly > password-based element which would make the protocol easy to break > [IGOE_1, IGOE_2]. He also endorsed an ineffective attempt to avoid > timing attacks by adding extra iterations to one of the loops [IGOE_3, > IGOE_4]. These are surprising mistakes from an experienced > cryptographer. > > 3) Kevin's approval of Dragonfly to the TLS WG misrepresented CFRG > consensus, which was skeptical of Dragonfly [CFRG_SUMMARY]. > > 4) Kevin's NSA affiliation raises unpleasant but unavoidable > questions regarding these actions. It's entirely possible these are > just mistakes by a novice chair who lacks experience in a particular > sort of protocol and is being pressured by IETF participants to > endorse something. But it's hard to escape an impression of > carelessness and unseriousness in Kevin's work. One wonders whether > the NSA is happy to preside over this sort of sloppy crypto design. > > While that's of course speculation, it remains baffling that an > experienced cryptographer would champion such a shoddy protocol. The > CFRG chairs have been silent for months, and haven't responded to > attempts to clarify this. > > > Conclusion > ---- > The position of CFRG chair (or co-chair) is a role of crucial > importance to the IETF community. The IETF is in desperate need of > trustworthy crypto guidance from parties who are above suspicion. I > encourage the IAB and IRTF to replace Kevin Igoe with someone who can > provide this. > > Thanks for considering this request. > > > Trevor > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5849 bytes Desc: not available URL: From carimachet at gmail.com Thu Jan 16 12:17:37 2014 From: carimachet at gmail.com (Cari Machet) Date: Thu, 16 Jan 2014 21:17:37 +0100 Subject: [Cfrg] Requesting removal of CFRG co-chair In-Reply-To: <52d83d29.2792420a.347c.ffffe503SMTPIN_ADDED_MISSING@mx.google.com> References: <52d83d29.2792420a.347c.ffffe503SMTPIN_ADDED_MISSING@mx.google.com> Message-ID: well that is purely disgusting on what f'ing grounds was it denied? is there any doc info on that 'transaction' ??? Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. On Thu, Jan 16, 2014 at 9:12 PM, John L Grubbs wrote: > Trevor's request was denied last week. :( > On Jan 16, 2014 2:04 PM, Cari Machet wrote: > > BEAUTIFUL > > Cari Machet > NYC 646-436-7795 > carimachet at gmail.com > AIM carismachet > Syria +963-099 277 3243 > Amman +962 077 636 9407 > Berlin +49 152 11779219 > Twitter: @carimachet > > Ruh-roh, this is now necessary: This email is intended only for the > addressee(s) and may contain confidential information. If you are not the > intended recipient, you are hereby notified that any use of this > information, dissemination, distribution, or copying of this email without > permission is strictly prohibited. > > > > > On Thu, Jan 16, 2014 at 8:50 PM, Moritz wrote: > >> >> https://www.ietf.org/mail-archive/web/cfrg/current/msg03554.html >> >> >> Dear IRTF Chair, IAB, and CFRG: >> >> I'd like to request the removal of Kevin Igoe from CFRG co-chair. >> >> The Crypto Forum Research Group is chartered to provide crypto advice >> to IETF Working Groups. As CFRG co-chair for the last 2 years, Kevin >> has shaped CFRG discussion and provided CFRG opinion to WGs. >> >> Kevin's handling of the "Dragonfly" protocol raises doubts that he is >> performing these duties competently. Additionally, Kevin's employment >> with the National Security Agency raises conflict-of-interest >> concerns. >> >> >> Dragonfly Background >> ---- >> Dragonfly is a "Password-Authenticated Key Exchange" protocol (or >> "PAKE"). Dragonfly was proposed to CFRG 2 years ago [PROPOSAL]. >> Compared to better-known PAKEs, Dragonfly has no security proof, a >> lack of extensive security analysis, nonfunctional complications added >> for IPR reasons, and some security issues [REVIEW]. >> >> Dragonfly became a hot topic recently when the TLS WG disputed CFRG's >> alleged report that Dragonfly was "satisfactory", as well as disputing >> that this report reflected CFRG consensus [TLS_1]. After extensive >> criticism of Dragonfly, the TLS WG ceased work on a Dragonfly >> extension [TLS_2]. >> >> >> NSA Background >> ---- >> The National Security Agency ("NSA") is a U.S. Intelligence Agency >> which is believed to devote considerable resources to: >> - "Influence policies, standards and specifications for commercial >> public key technologies" >> - "Shape the worldwide cryptography marketplace to make it more >> tractable to advanced cryptanalytic capabilities" [BULLRUN] >> >> While much is unknown about these activities, the NSA is known to have >> placed a "back door" in a NIST standard for random number generation >> [ECDRBG]. A recent report from the President's Review Group >> recommends that the NSA: >> - "fully support and not undermine efforts to create encryption >> standards" >> - "not in any way subvert, undermine, weaken, or make vulnerable >> generally available commercial software" [PRESIDENTS] >> >> This suggests the NSA is currently behaving contrary to the >> recommendations. >> >> >> Reasons for requesting Kevin's removal >> ---- >> 1) Kevin has provided the *ONLY* positive feedback for Dragonfly that >> can be found on the CFRG mailing list or meeting minutes. The >> contrast between Kevin's enthusiasm and the group's skepticism is >> striking [CFRG_SUMMARY]. It's unclear what this enthusiasm is based >> on. There's no record of Kevin making any effort to understand >> Dragonfly's unusual structure, compare it to alternatives, consider >> possible use cases, or construct a formal security analysis. >> >> 2) Twice Kevin suggested a technique for deriving the Dragonfly >> password-based element which would make the protocol easy to break >> [IGOE_1, IGOE_2]. He also endorsed an ineffective attempt to avoid >> timing attacks by adding extra iterations to one of the loops [IGOE_3, >> IGOE_4]. These are surprising mistakes from an experienced >> cryptographer. >> >> 3) Kevin's approval of Dragonfly to the TLS WG misrepresented CFRG >> consensus, which was skeptical of Dragonfly [CFRG_SUMMARY]. >> >> 4) Kevin's NSA affiliation raises unpleasant but unavoidable >> questions regarding these actions. It's entirely possible these are >> just mistakes by a novice chair who lacks experience in a particular >> sort of protocol and is being pressured by IETF participants to >> endorse something. But it's hard to escape an impression of >> carelessness and unseriousness in Kevin's work. One wonders whether >> the NSA is happy to preside over this sort of sloppy crypto design. >> >> While that's of course speculation, it remains baffling that an >> experienced cryptographer would champion such a shoddy protocol. The >> CFRG chairs have been silent for months, and haven't responded to >> attempts to clarify this. >> >> >> Conclusion >> ---- >> The position of CFRG chair (or co-chair) is a role of crucial >> importance to the IETF community. The IETF is in desperate need of >> trustworthy crypto guidance from parties who are above suspicion. I >> encourage the IAB and IRTF to replace Kevin Igoe with someone who can >> provide this. >> >> Thanks for considering this request. >> >> >> Trevor >> > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 7779 bytes Desc: not available URL: From carimachet at gmail.com Thu Jan 16 12:34:30 2014 From: carimachet at gmail.com (Cari Machet) Date: Thu, 16 Jan 2014 21:34:30 +0100 Subject: anti-prosecution tactics. (Was Re:) In-Reply-To: <20140116202551.GE3180@nl.grid.coop> References: <20140116183313.GC3180@nl.grid.coop> <5F13F9B03C1409FEC2044012@F74D39FA044AA309EAEA14B9> <20140116194329.GD3180@nl.grid.coop> <10612724.qVFqBZNlEa@lap> <20140116202551.GE3180@nl.grid.coop> Message-ID: On Thu, Jan 16, 2014 at 9:25 PM, Troy Benjegerdes wrote: > . > > What I want is for private cypherpunks and transparent cypherpunks to > respect each > other's values and spill the secrets of the fuckers who say privacy is > dead but will > only themselves give it up in the cold grip of the grave. > YAY!! are those ppl largely libertarians (mayb)? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 761 bytes Desc: not available URL: From carimachet at gmail.com Thu Jan 16 12:39:51 2014 From: carimachet at gmail.com (Cari Machet) Date: Thu, 16 Jan 2014 21:39:51 +0100 Subject: [Cfrg] Requesting removal of CFRG co-chair In-Reply-To: <52d8432d.2a8b440a.3f09.ffffd951SMTPIN_ADDED_MISSING@mx.google.com> References: <52d8432d.2a8b440a.3f09.ffffd951SMTPIN_ADDED_MISSING@mx.google.com> Message-ID: link gives a 404 Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. On Thu, Jan 16, 2014 at 9:37 PM, John L Grubbs wrote: > https://www.ietf.org/mail-archive/web/cfrg/current/msg03736.HTML > > On Jan 16, 2014 2:17 PM, Cari Machet wrote: > > > > well that is purely disgusting on what f'ing grounds was it denied? is > there any doc info on that 'transaction' ??? > > > > Cari Machet > > NYC 646-436-7795 > > carimachet at gmail.com > > AIM carismachet > > Syria +963-099 277 3243 > > Amman +962 077 636 9407 > > Berlin +49 152 11779219 > > Twitter: @carimachet > > > > Ruh-roh, this is now necessary: This email is intended only for the > > addressee(s) and may contain confidential information. If you are not > the > > intended recipient, you are hereby notified that any use of this > > information, dissemination, distribution, or copying of this email > without > > permission is strictly prohibited. > > > > > > > > > > On Thu, Jan 16, 2014 at 9:12 PM, John L Grubbs > wrote: > >> > >> Trevor's request was denied last week. :( > >> > >> On Jan 16, 2014 2:04 PM, Cari Machet wrote: > >>> > >>> BEAUTIFUL > >>> > >>> Cari Machet > >>> NYC 646-436-7795 > >>> carimachet at gmail.com > >>> AIM carismachet > >>> Syria +963-099 277 3243 > >>> Amman +962 077 636 9407 > >>> Berlin +49 152 11779219 > >>> Twitter: @carimachet > >>> > >>> Ruh-roh, this is now necessary: This email is intended only for the > >>> addressee(s) and may contain confidential information. If you are not > the > >>> intended recipient, you are hereby notified that any use of this > >>> information, dissemination, distribution, or copying of this email > without > >>> permission is strictly prohibited. > >>> > >>> > >>> > >>> > >>> On Thu, Jan 16, 2014 at 8:50 PM, Moritz wrote: > >>>> > >>>> > >>>> https://www.ietf.org/mail-archive/web/cfrg/current/msg03554.html > >>>> > >>>> > >>>> Dear IRTF Chair, IAB, and CFRG: > >>>> > >>>> I'd like to request the removal of Kevin Igoe from CFRG co-chair. > >>>> > >>>> The Crypto Forum Research Group is chartered to provide crypto advice > >>>> to IETF Working Groups. As CFRG co-chair for the last 2 years, Kevin > >>>> has shaped CFRG discussion and provided CFRG opinion to WGs. > >>>> > >>>> Kevin's handling of the "Dragonfly" protocol raises doubts that he is > >>>> performing these duties competently. Additionally, Kevin's employment > >>>> with the National Security Agency raises conflict-of-interest > >>>> concerns. > >>>> > >>>> > >>>> Dragonfly Background > >>>> ---- > >>>> Dragonfly is a "Password-Authenticated Key Exchange" protocol (or > >>>> "PAKE"). Dragonfly was proposed to CFRG 2 years ago [PROPOSAL]. > >>>> Compared to better-known PAKEs, Dragonfly has no security proof, a > >>>> lack of extensive security analysis, nonfunctional complications added > >>>> for IPR reasons, and some security issues [REVIEW]. > >>>> > >>>> Dragonfly became a hot topic recently when the TLS WG disputed CFRG's > >>>> alleged report that Dragonfly was "satisfactory", as well as disputing > >>>> that this report reflected CFRG consensus [TLS_1]. After extensive > >>>> criticism of Dragonfly, the TLS WG ceased work on a Dragonfly > >>>> extension [TLS_2]. > >>>> > >>>> > >>>> NSA Background > >>>> ---- > >>>> The National Security Agency ("NSA") is a U.S. Intelligence Agency > >>>> which is believed to devote considerable resources to: > >>>> - "Influence policies, standards and specifications for commercial > >>>> public key technologies" > >>>> - "Shape the worldwide cryptography marketplace to make it more > >>>> tractable to advanced cryptanalytic capabilities" [BULLRUN] > >>>> > >>>> While much is unknown about these activities, the NSA is known to have > >>>> placed a "back door" in a NIST standard for random number generation > >>>> [ECDRBG]. A recent report from the President's Review Group > >>>> recommends that the NSA: > >>>> - "fully support and not undermine efforts to create encryption > standards" > >>>> - "not in any way subvert, undermine, weaken, or make vulnerable > >>>> generally available commercial software" [PRESIDENTS] > >>>> > >>>> This suggests the NSA is currently behaving contrary to the > recommendations. > >>>> > >>>> > >>>> Reasons for requesting Kevin's removal > >>>> ---- > >>>> 1) Kevin has provided the *ONLY* positive feedback for Dragonfly that > >>>> can be found on the CFRG mailing list or meeting minutes. The > >>>> contrast between Kevin's enthusiasm and the group's skepticism is > >>>> striking [CFRG_SUMMARY]. It's unclear what this enthusiasm is based > >>>> on. There's no record of Kevin making any effort to understand > >>>> Dragonfly's unusual structure, compare it to alternatives, consider > >>>> possible use cases, or construct a formal security analysis. > >>>> > >>>> 2) Twice Kevin suggested a technique for deriving the Dragonfly > >>>> password-based element which would make the protocol easy to break > >>>> [IGOE_1, IGOE_2]. He also endorsed an ineffective attempt to avoid > >>>> timing attacks by adding extra iterations to one of the loops [IGOE_3, > >>>> IGOE_4]. These are surprising mistakes from an experienced > >>>> cryptographer. > >>>> > >>>> 3) Kevin's approval of Dragonfly to the TLS WG misrepresented CFRG > >>>> consensus, which was skeptical of Dragonfly [CFRG_SUMMARY]. > >>>> > >>>> 4) Kevin's NSA affiliation raises unpleasant but unavoidable > >>>> questions regarding these actions. It's entirely possible these are > >>>> just mistakes by a novice chair who lacks experience in a particular > >>>> sort of protocol and is being pressured by IETF participants to > >>>> endorse something. But it's hard to escape an impression of > >>>> carelessness and unseriousness in Kevin's work. One wonders whether > >>>> the NSA is happy to preside over this sort of sloppy crypto design. > >>>> > >>>> While that's of course speculation, it remains baffling that an > >>>> experienced cryptographer would champion such a shoddy protocol. The > >>>> CFRG chairs have been silent for months, and haven't responded to > >>>> attempts to clarify this. > >>>> > >>>> > >>>> Conclusion > >>>> ---- > >>>> The position of CFRG chair (or co-chair) is a role of crucial > >>>> importance to the IETF community. The IETF is in desperate need of > >>>> trustworthy crypto guidance from parties who are above suspicion. I > >>>> encourage the IAB and IRTF to replace Kevin Igoe with someone who can > >>>> provide this. > >>>> > >>>> Thanks for considering this request. > >>>> > >>>> > >>>> Trevor > >>> > >>> > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 11085 bytes Desc: not available URL: From carimachet at gmail.com Thu Jan 16 12:48:45 2014 From: carimachet at gmail.com (Cari Machet) Date: Thu, 16 Jan 2014 21:48:45 +0100 Subject: [Cfrg] Requesting removal of CFRG co-chair In-Reply-To: References: <52d8432d.2a8b440a.3f09.ffffd951SMTPIN_ADDED_MISSING@mx.google.com> Message-ID: ok so he doesnt know about autocracies? WTF Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. On Thu, Jan 16, 2014 at 9:39 PM, Cari Machet wrote: > link gives a 404 > > Cari Machet > NYC 646-436-7795 > carimachet at gmail.com > AIM carismachet > Syria +963-099 277 3243 > Amman +962 077 636 9407 > Berlin +49 152 11779219 > Twitter: @carimachet > > Ruh-roh, this is now necessary: This email is intended only for the > addressee(s) and may contain confidential information. If you are not the > intended recipient, you are hereby notified that any use of this > information, dissemination, distribution, or copying of this email without > permission is strictly prohibited. > > > > > On Thu, Jan 16, 2014 at 9:37 PM, John L Grubbs wrote: > >> https://www.ietf.org/mail-archive/web/cfrg/current/msg03736.HTML >> >> On Jan 16, 2014 2:17 PM, Cari Machet wrote: >> > >> > well that is purely disgusting on what f'ing grounds was it denied? is >> there any doc info on that 'transaction' ??? >> > >> > Cari Machet >> > NYC 646-436-7795 >> > carimachet at gmail.com >> > AIM carismachet >> > Syria +963-099 277 3243 >> > Amman +962 077 636 9407 >> > Berlin +49 152 11779219 >> > Twitter: @carimachet >> > >> > Ruh-roh, this is now necessary: This email is intended only for the >> > addressee(s) and may contain confidential information. If you are not >> the >> > intended recipient, you are hereby notified that any use of this >> > information, dissemination, distribution, or copying of this email >> without >> > permission is strictly prohibited. >> > >> > >> > >> > >> > On Thu, Jan 16, 2014 at 9:12 PM, John L Grubbs >> wrote: >> >> >> >> Trevor's request was denied last week. :( >> >> >> >> On Jan 16, 2014 2:04 PM, Cari Machet wrote: >> >>> >> >>> BEAUTIFUL >> >>> >> >>> Cari Machet >> >>> NYC 646-436-7795 >> >>> carimachet at gmail.com >> >>> AIM carismachet >> >>> Syria +963-099 277 3243 >> >>> Amman +962 077 636 9407 >> >>> Berlin +49 152 11779219 >> >>> Twitter: @carimachet >> >>> >> >>> Ruh-roh, this is now necessary: This email is intended only for the >> >>> addressee(s) and may contain confidential information. If you are not >> the >> >>> intended recipient, you are hereby notified that any use of this >> >>> information, dissemination, distribution, or copying of this email >> without >> >>> permission is strictly prohibited. >> >>> >> >>> >> >>> >> >>> >> >>> On Thu, Jan 16, 2014 at 8:50 PM, Moritz wrote: >> >>>> >> >>>> >> >>>> https://www.ietf.org/mail-archive/web/cfrg/current/msg03554.html >> >>>> >> >>>> >> >>>> Dear IRTF Chair, IAB, and CFRG: >> >>>> >> >>>> I'd like to request the removal of Kevin Igoe from CFRG co-chair. >> >>>> >> >>>> The Crypto Forum Research Group is chartered to provide crypto advice >> >>>> to IETF Working Groups. As CFRG co-chair for the last 2 years, Kevin >> >>>> has shaped CFRG discussion and provided CFRG opinion to WGs. >> >>>> >> >>>> Kevin's handling of the "Dragonfly" protocol raises doubts that he is >> >>>> performing these duties competently. Additionally, Kevin's >> employment >> >>>> with the National Security Agency raises conflict-of-interest >> >>>> concerns. >> >>>> >> >>>> >> >>>> Dragonfly Background >> >>>> ---- >> >>>> Dragonfly is a "Password-Authenticated Key Exchange" protocol (or >> >>>> "PAKE"). Dragonfly was proposed to CFRG 2 years ago [PROPOSAL]. >> >>>> Compared to better-known PAKEs, Dragonfly has no security proof, a >> >>>> lack of extensive security analysis, nonfunctional complications >> added >> >>>> for IPR reasons, and some security issues [REVIEW]. >> >>>> >> >>>> Dragonfly became a hot topic recently when the TLS WG disputed CFRG's >> >>>> alleged report that Dragonfly was "satisfactory", as well as >> disputing >> >>>> that this report reflected CFRG consensus [TLS_1]. After extensive >> >>>> criticism of Dragonfly, the TLS WG ceased work on a Dragonfly >> >>>> extension [TLS_2]. >> >>>> >> >>>> >> >>>> NSA Background >> >>>> ---- >> >>>> The National Security Agency ("NSA") is a U.S. Intelligence Agency >> >>>> which is believed to devote considerable resources to: >> >>>> - "Influence policies, standards and specifications for commercial >> >>>> public key technologies" >> >>>> - "Shape the worldwide cryptography marketplace to make it more >> >>>> tractable to advanced cryptanalytic capabilities" [BULLRUN] >> >>>> >> >>>> While much is unknown about these activities, the NSA is known to >> have >> >>>> placed a "back door" in a NIST standard for random number generation >> >>>> [ECDRBG]. A recent report from the President's Review Group >> >>>> recommends that the NSA: >> >>>> - "fully support and not undermine efforts to create encryption >> standards" >> >>>> - "not in any way subvert, undermine, weaken, or make vulnerable >> >>>> generally available commercial software" [PRESIDENTS] >> >>>> >> >>>> This suggests the NSA is currently behaving contrary to the >> recommendations. >> >>>> >> >>>> >> >>>> Reasons for requesting Kevin's removal >> >>>> ---- >> >>>> 1) Kevin has provided the *ONLY* positive feedback for Dragonfly >> that >> >>>> can be found on the CFRG mailing list or meeting minutes. The >> >>>> contrast between Kevin's enthusiasm and the group's skepticism is >> >>>> striking [CFRG_SUMMARY]. It's unclear what this enthusiasm is based >> >>>> on. There's no record of Kevin making any effort to understand >> >>>> Dragonfly's unusual structure, compare it to alternatives, consider >> >>>> possible use cases, or construct a formal security analysis. >> >>>> >> >>>> 2) Twice Kevin suggested a technique for deriving the Dragonfly >> >>>> password-based element which would make the protocol easy to break >> >>>> [IGOE_1, IGOE_2]. He also endorsed an ineffective attempt to avoid >> >>>> timing attacks by adding extra iterations to one of the loops >> [IGOE_3, >> >>>> IGOE_4]. These are surprising mistakes from an experienced >> >>>> cryptographer. >> >>>> >> >>>> 3) Kevin's approval of Dragonfly to the TLS WG misrepresented CFRG >> >>>> consensus, which was skeptical of Dragonfly [CFRG_SUMMARY]. >> >>>> >> >>>> 4) Kevin's NSA affiliation raises unpleasant but unavoidable >> >>>> questions regarding these actions. It's entirely possible these are >> >>>> just mistakes by a novice chair who lacks experience in a particular >> >>>> sort of protocol and is being pressured by IETF participants to >> >>>> endorse something. But it's hard to escape an impression of >> >>>> carelessness and unseriousness in Kevin's work. One wonders whether >> >>>> the NSA is happy to preside over this sort of sloppy crypto design. >> >>>> >> >>>> While that's of course speculation, it remains baffling that an >> >>>> experienced cryptographer would champion such a shoddy protocol. The >> >>>> CFRG chairs have been silent for months, and haven't responded to >> >>>> attempts to clarify this. >> >>>> >> >>>> >> >>>> Conclusion >> >>>> ---- >> >>>> The position of CFRG chair (or co-chair) is a role of crucial >> >>>> importance to the IETF community. The IETF is in desperate need of >> >>>> trustworthy crypto guidance from parties who are above suspicion. I >> >>>> encourage the IAB and IRTF to replace Kevin Igoe with someone who can >> >>>> provide this. >> >>>> >> >>>> Thanks for considering this request. >> >>>> >> >>>> >> >>>> Trevor >> >>> >> >>> >> > >> > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 12576 bytes Desc: not available URL: From rysiek at hackerspace.pl Thu Jan 16 12:49:33 2014 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 16 Jan 2014 21:49:33 +0100 Subject: anti-prosecution tactics. (Was Re:) In-Reply-To: <20140116202551.GE3180@nl.grid.coop> References: <20140116183313.GC3180@nl.grid.coop> <10612724.qVFqBZNlEa@lap> <20140116202551.GE3180@nl.grid.coop> Message-ID: <4114929.9VWVmFSbvN@lap> OHAI, Dnia czwartek, 16 stycznia 2014 14:25:51 Troy Benjegerdes pisze: > > So please tell us, oh enlightened one, what is the threat model? > > > > Because I would say the exact same thing about those who badmouth privacy > > advocates and privacy itself: obviously those in power have vested > > interests in violating privacy, be it for monetary, or political gain. > > > > They have vested interests in convincing the unwashed masses that either > > "privacy is dead", "privacy is not needed" or "privacy is impossible". So > > that they can more easily spy upon us all, and so that it gets that > > harder for privacy-conscious people to maintain their privacy (as that is > > an ecology, if you do not maintain your privacy, information about you > > might help somebody to deduce information about me). > > > > I would say that the vested interest is more clear in the above than in > > what you stated. So please tell me, what do I not see, or (if I am > > "working for the man"), where's the cash that I must've gotten for my > > services over the years?.. > > I'm going to trust you when you say you are an advocate for all the right > reasons. Cool. :) > I also like to trust, but verify. I cannot verify without invading your > privacy, and since that's important to you, I won't. Not true. You can verify my public actions, my public statements. What matters in the end is if the result is right. If my actions, my statements were conducive towards better privacy or bettering of our common human condition, one can assume with high degree of certainty that my reasons were right. If not, well, woe is me. > The vested interests absolutely would love us all to believe privacy is > dead, but will not themselves give it up, making for an extreme imbalance > of power. And information assymetry. That's why we have to build our own tools and use them to guard our own privacy. > I, on the other hand, am a person. I am not, however, particularly private, > because it costs me too fucking much in terms of money, time, and paranoia > to actually test and verify that shit I think is supposed to be private > actually is. Well, there is always the element of trust. I have to (I don't have the time, money, etc to verify myself) trust my hardware and software to some extent. But I *can* choose hardware and software in a way that should make that trust better founded. Free software, open hardware. I use an "ancient" Nokia N900, which is by far not ideal, still much better than any iPhone. I can make listeners' lives harder. And I do. > What I want is for private cypherpunks and transparent cypherpunks to > respect each other's values and spill the secrets of the fuckers who say > privacy is dead but will only themselves give it up in the cold grip of the > grave. Abso-fucking-lutely! Still, I would like to know what is the threat model you were talking about. I don't see how advocating privacy and anonymity can be sinister -- apart from using these terms in context that these terms have no purpose other than muddying the waters (i.e. "privacy of government agencies or corporations"). -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From moritz at headstrong.de Thu Jan 16 12:53:02 2014 From: moritz at headstrong.de (Moritz) Date: Thu, 16 Jan 2014 21:53:02 +0100 Subject: [Cfrg] Requesting removal of CFRG co-chair In-Reply-To: <20140116201908.3B1B51C00EFA@mail.headstrong.de> References: <20140116201908.3B1B51C00EFA@mail.headstrong.de> Message-ID: <52D846AE.9030206@headstrong.de> The best thing to do at this stage would be to convince Kevin friendly but firmly that it is in his best interest to step down. This really creates an unhealthy environment, drawing away many others from contributing, something that really should not happen at an open forum like IETF. So, please voice your opinions on the respective IETF lists. On 01/16/2014 09:12 PM, John L Grubbs wrote: > Trevor's request was denied last week. :( > > On Jan 16, 2014 2:04 PM, Cari Machet wrote: > > BEAUTIFUL > > Cari Machet > NYC 646-436-7795 > carimachet at gmail.com > AIM carismachet > Syria +963-099 277 3243 > Amman +962 077 636 9407 > Berlin +49 152 11779219 > Twitter: @carimachet > > Ruh-roh, this is now necessary: This email is intended only for the > addressee(s) and may contain confidential information. If you are > not the > intended recipient, you are hereby notified that any use of this > information, dissemination, distribution, or copying of this email > without > permission is strictly prohibited. > > > > > On Thu, Jan 16, 2014 at 8:50 PM, Moritz > wrote: > > > https://www.ietf.org/mail-archive/web/cfrg/current/msg03554.html > > > Dear IRTF Chair, IAB, and CFRG: > > I'd like to request the removal of Kevin Igoe from CFRG co-chair. > > The Crypto Forum Research Group is chartered to provide crypto > advice > to IETF Working Groups. As CFRG co-chair for the last 2 years, > Kevin > has shaped CFRG discussion and provided CFRG opinion to WGs. > > Kevin's handling of the "Dragonfly" protocol raises doubts that > he is > performing these duties competently. Additionally, Kevin's > employment > with the National Security Agency raises conflict-of-interest > concerns. > > > Dragonfly Background > ---- > Dragonfly is a "Password-Authenticated Key Exchange" protocol (or > "PAKE"). Dragonfly was proposed to CFRG 2 years ago [PROPOSAL]. > Compared to better-known PAKEs, Dragonfly has no security proof, a > lack of extensive security analysis, nonfunctional complications > added > for IPR reasons, and some security issues [REVIEW]. > > Dragonfly became a hot topic recently when the TLS WG disputed > CFRG's > alleged report that Dragonfly was "satisfactory", as well as > disputing > that this report reflected CFRG consensus [TLS_1]. After extensive > criticism of Dragonfly, the TLS WG ceased work on a Dragonfly > extension [TLS_2]. > > > NSA Background > ---- > The National Security Agency ("NSA") is a U.S. Intelligence Agency > which is believed to devote considerable resources to: > - "Influence policies, standards and specifications for commercial > public key technologies" > - "Shape the worldwide cryptography marketplace to make it more > tractable to advanced cryptanalytic capabilities" [BULLRUN] > > While much is unknown about these activities, the NSA is known > to have > placed a "back door" in a NIST standard for random number generation > [ECDRBG]. A recent report from the President's Review Group > recommends that the NSA: > - "fully support and not undermine efforts to create encryption > standards" > - "not in any way subvert, undermine, weaken, or make vulnerable > generally available commercial software" [PRESIDENTS] > > This suggests the NSA is currently behaving contrary to the > recommendations. > > > Reasons for requesting Kevin's removal > ---- > 1) Kevin has provided the *ONLY* positive feedback for > Dragonfly that > can be found on the CFRG mailing list or meeting minutes. The > contrast between Kevin's enthusiasm and the group's skepticism is > striking [CFRG_SUMMARY]. It's unclear what this enthusiasm is based > on. There's no record of Kevin making any effort to understand > Dragonfly's unusual structure, compare it to alternatives, consider > possible use cases, or construct a formal security analysis. > > 2) Twice Kevin suggested a technique for deriving the Dragonfly > password-based element which would make the protocol easy to break > [IGOE_1, IGOE_2]. He also endorsed an ineffective attempt to avoid > timing attacks by adding extra iterations to one of the loops > [IGOE_3, > IGOE_4]. These are surprising mistakes from an experienced > cryptographer. > > 3) Kevin's approval of Dragonfly to the TLS WG misrepresented CFRG > consensus, which was skeptical of Dragonfly [CFRG_SUMMARY]. > > 4) Kevin's NSA affiliation raises unpleasant but unavoidable > questions regarding these actions. It's entirely possible these are > just mistakes by a novice chair who lacks experience in a particular > sort of protocol and is being pressured by IETF participants to > endorse something. But it's hard to escape an impression of > carelessness and unseriousness in Kevin's work. One wonders whether > the NSA is happy to preside over this sort of sloppy crypto design. > > While that's of course speculation, it remains baffling that an > experienced cryptographer would champion such a shoddy protocol. > The > CFRG chairs have been silent for months, and haven't responded to > attempts to clarify this. > > > Conclusion > ---- > The position of CFRG chair (or co-chair) is a role of crucial > importance to the IETF community. The IETF is in desperate need of > trustworthy crypto guidance from parties who are above suspicion. I > encourage the IAB and IRTF to replace Kevin Igoe with someone > who can > provide this. > > Thanks for considering this request. > > > Trevor > > From carimachet at gmail.com Thu Jan 16 13:04:46 2014 From: carimachet at gmail.com (Cari Machet) Date: Thu, 16 Jan 2014 22:04:46 +0100 Subject: [Cfrg] Requesting removal of CFRG co-chair In-Reply-To: <52D846AE.9030206@headstrong.de> References: <20140116201908.3B1B51C00EFA@mail.headstrong.de> <52D846AE.9030206@headstrong.de> Message-ID: ok so i know structure is not known tantamountly as anarchy but guess what it is - it is primary that they have a hierarchical structure where one MAN can make a decision and not the working group itself is just pathetic >> what "open forum" o hey lets have a mass murderer babysit our children Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. On Thu, Jan 16, 2014 at 9:53 PM, Moritz wrote: > The best thing to do at this stage would be to convince Kevin friendly > but firmly that it is in his best interest to step down. This really > creates an unhealthy environment, drawing away many others from > contributing, something that really should not happen at an open forum > like IETF. > > So, please voice your opinions on the respective IETF lists. > > On 01/16/2014 09:12 PM, John L Grubbs wrote: > > Trevor's request was denied last week. :( > > > > On Jan 16, 2014 2:04 PM, Cari Machet wrote: > > > > BEAUTIFUL > > > > Cari Machet > > NYC 646-436-7795 > > carimachet at gmail.com > > AIM carismachet > > Syria +963-099 277 3243 > > Amman +962 077 636 9407 > > Berlin +49 152 11779219 > > Twitter: @carimachet > > > > Ruh-roh, this is now necessary: This email is intended only for the > > addressee(s) and may contain confidential information. If you are > > not the > > intended recipient, you are hereby notified that any use of this > > information, dissemination, distribution, or copying of this email > > without > > permission is strictly prohibited. > > > > > > > > > > On Thu, Jan 16, 2014 at 8:50 PM, Moritz > > wrote: > > > > > > https://www.ietf.org/mail-archive/web/cfrg/current/msg03554.html > > > > > > Dear IRTF Chair, IAB, and CFRG: > > > > I'd like to request the removal of Kevin Igoe from CFRG co-chair. > > > > The Crypto Forum Research Group is chartered to provide crypto > > advice > > to IETF Working Groups. As CFRG co-chair for the last 2 years, > > Kevin > > has shaped CFRG discussion and provided CFRG opinion to WGs. > > > > Kevin's handling of the "Dragonfly" protocol raises doubts that > > he is > > performing these duties competently. Additionally, Kevin's > > employment > > with the National Security Agency raises conflict-of-interest > > concerns. > > > > > > Dragonfly Background > > ---- > > Dragonfly is a "Password-Authenticated Key Exchange" protocol (or > > "PAKE"). Dragonfly was proposed to CFRG 2 years ago [PROPOSAL]. > > Compared to better-known PAKEs, Dragonfly has no security proof, > a > > lack of extensive security analysis, nonfunctional complications > > added > > for IPR reasons, and some security issues [REVIEW]. > > > > Dragonfly became a hot topic recently when the TLS WG disputed > > CFRG's > > alleged report that Dragonfly was "satisfactory", as well as > > disputing > > that this report reflected CFRG consensus [TLS_1]. After > extensive > > criticism of Dragonfly, the TLS WG ceased work on a Dragonfly > > extension [TLS_2]. > > > > > > NSA Background > > ---- > > The National Security Agency ("NSA") is a U.S. Intelligence > Agency > > which is believed to devote considerable resources to: > > - "Influence policies, standards and specifications for > commercial > > public key technologies" > > - "Shape the worldwide cryptography marketplace to make it more > > tractable to advanced cryptanalytic capabilities" [BULLRUN] > > > > While much is unknown about these activities, the NSA is known > > to have > > placed a "back door" in a NIST standard for random number > generation > > [ECDRBG]. A recent report from the President's Review Group > > recommends that the NSA: > > - "fully support and not undermine efforts to create encryption > > standards" > > - "not in any way subvert, undermine, weaken, or make vulnerable > > generally available commercial software" [PRESIDENTS] > > > > This suggests the NSA is currently behaving contrary to the > > recommendations. > > > > > > Reasons for requesting Kevin's removal > > ---- > > 1) Kevin has provided the *ONLY* positive feedback for > > Dragonfly that > > can be found on the CFRG mailing list or meeting minutes. The > > contrast between Kevin's enthusiasm and the group's skepticism is > > striking [CFRG_SUMMARY]. It's unclear what this enthusiasm is > based > > on. There's no record of Kevin making any effort to understand > > Dragonfly's unusual structure, compare it to alternatives, > consider > > possible use cases, or construct a formal security analysis. > > > > 2) Twice Kevin suggested a technique for deriving the Dragonfly > > password-based element which would make the protocol easy to > break > > [IGOE_1, IGOE_2]. He also endorsed an ineffective attempt to > avoid > > timing attacks by adding extra iterations to one of the loops > > [IGOE_3, > > IGOE_4]. These are surprising mistakes from an experienced > > cryptographer. > > > > 3) Kevin's approval of Dragonfly to the TLS WG misrepresented > CFRG > > consensus, which was skeptical of Dragonfly [CFRG_SUMMARY]. > > > > 4) Kevin's NSA affiliation raises unpleasant but unavoidable > > questions regarding these actions. It's entirely possible these > are > > just mistakes by a novice chair who lacks experience in a > particular > > sort of protocol and is being pressured by IETF participants to > > endorse something. But it's hard to escape an impression of > > carelessness and unseriousness in Kevin's work. One wonders > whether > > the NSA is happy to preside over this sort of sloppy crypto > design. > > > > While that's of course speculation, it remains baffling that an > > experienced cryptographer would champion such a shoddy protocol. > > The > > CFRG chairs have been silent for months, and haven't responded to > > attempts to clarify this. > > > > > > Conclusion > > ---- > > The position of CFRG chair (or co-chair) is a role of crucial > > importance to the IETF community. The IETF is in desperate need > of > > trustworthy crypto guidance from parties who are above > suspicion. I > > encourage the IAB and IRTF to replace Kevin Igoe with someone > > who can > > provide this. > > > > Thanks for considering this request. > > > > > > Trevor > > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 9688 bytes Desc: not available URL: From carimachet at gmail.com Thu Jan 16 13:08:23 2014 From: carimachet at gmail.com (Cari Machet) Date: Thu, 16 Jan 2014 22:08:23 +0100 Subject: [Cfrg] Requesting removal of CFRG co-chair In-Reply-To: References: <201401162038.s0GKc7IM017003@antiproton.jfet.org> Message-ID: but he works for the nsa please explain that to me Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. On Thu, Jan 16, 2014 at 10:06 PM, John Young wrote: > This witch hunt is ridiculous self-promotion, and most often > is hawked by competing witches, actually by the publicity > machinery of alternative acronymism. > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1294 bytes Desc: not available URL: From dan at geer.org Thu Jan 16 19:52:16 2014 From: dan at geer.org (dan at geer.org) Date: Thu, 16 Jan 2014 22:52:16 -0500 Subject: weasel words: "no evidence that the N.S.A. has implanted its software or used its radio frequency technology inside the United States" In-Reply-To: Your message of "Wed, 15 Jan 2014 15:30:22 PST." Message-ID: <20140117035216.458FE228108@palinka.tinho.net> It might be possible to bring this location versus target discussion into a more publicly accessible form by having a little vignette, something like "A is a citizen of B, and is just now boarding a flight from C to D which will, incidentally, overfly B as well as E and F. Which of B, C, D, E, or F can assert a lawful authority to monitor A's phone calls, and how can they know when can they do it?" perhaps followed by the notion that a satellite phone call has a similar sort of little vignette around it. --dan From mixmaster at remailer.privacy.at Thu Jan 16 14:02:16 2014 From: mixmaster at remailer.privacy.at (Anonymous Remailer (austria)) Date: Thu, 16 Jan 2014 23:02:16 +0100 (CET) Subject: Requesting Removal of CARI MACHET/FAKE INDIAN from cypherpunks.. Message-ID: subject should remove herself for being softheaded to the point of confusing herself Cari Machet is also believed to be working undercover for the NSA From carimachet at gmail.com Thu Jan 16 14:12:19 2014 From: carimachet at gmail.com (Cari Machet) Date: Thu, 16 Jan 2014 23:12:19 +0100 Subject: Requesting Removal of CARI MACHET/FAKE INDIAN from cypherpunks.. In-Reply-To: References: Message-ID: i actually have the "balls" to b myself online and not hide > and even as a female i dont believe in belief > religious thought processies > pathetic we are not "indians" indians live in india what is ur dna made from > sludge? i think this is so cute > i like pushback very nice ... now wheres the substance? Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. On Thu, Jan 16, 2014 at 11:02 PM, Anonymous Remailer (austria) < mixmaster at remailer.privacy.at> wrote: > > subject should remove herself for being softheaded to the point of > confusing herself > Cari Machet is also believed to be working undercover for the NSA > > > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1718 bytes Desc: not available URL: From carimachet at gmail.com Thu Jan 16 14:28:35 2014 From: carimachet at gmail.com (Cari Machet) Date: Thu, 16 Jan 2014 23:28:35 +0100 Subject: Requesting Removal of the ding-dong posting from the austria remailer (was Re: ...Removal of CARI MACHET/FAKE INDIAN...) In-Reply-To: <1389910809.17034.71745477.6943C833@webmail.messagingengine.com> References: <1389910809.17034.71745477.6943C833@webmail.messagingengine.com> Message-ID: why such a giant interest in what i post anyway - i find it at best odd On Thu, Jan 16, 2014 at 11:20 PM, Shawn K. Quinn wrote: > On Thu, Jan 16, 2014, at 04:02 PM, Anonymous Remailer (austria) wrote: > > > > subject should remove herself for being softheaded to the point of > > confusing herself > > Cari Machet is also believed to be working undercover for the NSA > > Pardon my French, but I call bullshit. > > "Fake Indian" is a pretty serious accusation. Proof requested, and you > need to identify yourself for credibility using at least a pseudonym > that's been seen elsewhere. > > -- > Shawn K. Quinn > skquinn at rushpost.com > -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1815 bytes Desc: not available URL: From measl at mfn.org Thu Jan 16 21:53:21 2014 From: measl at mfn.org (J.A. Terranson) Date: Thu, 16 Jan 2014 23:53:21 -0600 (CST) Subject: anti-prosecution tactics. (Was Re:) In-Reply-To: References: <20140116183313.GC3180@nl.grid.coop> <5F13F9B03C1409FEC2044012@F74D39FA044AA309EAEA14B9> <20140116194329.GD3180@nl.grid.coop> <10612724.qVFqBZNlEa@lap> <20140116202551.GE3180@nl.grid.coop> Message-ID: On Thu, 16 Jan 2014, Cari Machet wrote: > > What I want is for private cypherpunks and transparent cypherpunks to > > respect each > > other's values and spill the secrets of the fuckers who say privacy is > > dead but will > > only themselves give it up in the cold grip of the grave. > > > > YAY!! > > are those ppl largely libertarians (mayb)? Do you *always* use SMS-speak? This is a mailing list, not a Twit feed: it's safe to use real words. //Alif -- Those who make peaceful change impossible, make violent revolution inevitable. An American Spring is coming: one way or another. From rysiek at hackerspace.pl Thu Jan 16 16:22:02 2014 From: rysiek at hackerspace.pl (rysiek) Date: Fri, 17 Jan 2014 01:22:02 +0100 Subject: anti-prosecution tactics. (Was Re:) In-Reply-To: <20140116213307.GF3180@nl.grid.coop> References: <20140116183313.GC3180@nl.grid.coop> <4114929.9VWVmFSbvN@lap> <20140116213307.GF3180@nl.grid.coop> Message-ID: <1569770.LT7nzabdej@lap> Dnia czwartek, 16 stycznia 2014 15:33:07 Troy Benjegerdes pisze: > > > The vested interests absolutely would love us all to believe privacy is > > > dead, but will not themselves give it up, making for an extreme > > > imbalance > > > of power. > > > > And information assymetry. That's why we have to build our own tools and > > use them to guard our own privacy. > > pgp and gnupg are 'pretty good'. Yup. And we can make them better, more usable, etc. > Bitcoin is a disaster because the vested interests appear to have achived > complete regulatory capture through FINCEN and the Banking Secrecy Act Also, FBI has "over9000" BTC from SilkRoad bust. Enough to do whatever they want with this market. Who knows how that cash is going to be spent. > > > I, on the other hand, am a person. I am not, however, particularly > > > private, > > > because it costs me too fucking much in terms of money, time, and > > > paranoia > > > to actually test and verify that shit I think is supposed to be private > > > actually is. > > > > Well, there is always the element of trust. I have to (I don't have the > > time, money, etc to verify myself) trust my hardware and software to some > > extent. > > > > But I *can* choose hardware and software in a way that should make that > > trust better founded. Free software, open hardware. I use an "ancient" > > Nokia N900, which is by far not ideal, still much better than any iPhone. > > > > I can make listeners' lives harder. And I do. > > > > > What I want is for private cypherpunks and transparent cypherpunks to > > > respect each other's values and spill the secrets of the fuckers who say > > > privacy is dead but will only themselves give it up in the cold grip of > > > the > > > grave. > > > > Abso-fucking-lutely! Still, I would like to know what is the threat model > > you were talking about. I don't see how advocating privacy and anonymity > > can be sinister -- apart from using these terms in context that these > > terms have no purpose other than muddying the waters (i.e. "privacy of > > government agencies or corporations"). > > The cost of privacy is the threat. Oh? > There's a lot we can do with things that are Free, as in Freedom (software). > I think there's also a great advance waiting when a viral-freedom copyright > license (GPL/AGPL) cryptocoin can figure out how to clearly express the cost > tradeoff of doing verifiably secure anonymous transactions vs what it costs > to just tell the world you are sending $20 to your grandma and making sure > it gets there. What kind of cost are you talking about. The cost of equipment and electricity to mine BTC/whateverCoin? Opportunity cost of some kind? Privacy cost (as in: "my address gets written into a public ledger")? Also: http://en.wikipedia.org/wiki/Zerocoin "Zerocoin is a proposed cryptocurrency that would be provably anonymous. It will employ cryptographic accumulators and digital commitments with zero- nowledge proofs to eliminate trackable linkage in a blockchain, which would make the currency anonymous and untraceable." > The problem with bitcoin is all the developers who know what they are doing > are now part of the 1% that benefits from exploiting privacy asymmetry. Yup. > I can't trust someone talking with forked tongue about how cryptocoins are > BOTH a serious business currency, AND protect your privacy. Makes a lot of sense. Bitcoin is not anonymous, we already know that. It is pseudonymous at best. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From jamesdbell8 at yahoo.com Fri Jan 17 01:25:50 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Fri, 17 Jan 2014 01:25:50 -0800 (PST) Subject: "Blackphone" said to be "a super-secure nsa-proof" Message-ID: <1389950750.79148.YahooMailNeo@web141202.mail.bf1.yahoo.com> http://www.yahoo.com/tech/startup-launching-a-super-secure-nsa-proof-73511096050.html Fears over NSA spying have prompted people around the world to think about security differently, whether it be petitioning for companies to better secure their data or changing the information they share online. In particular, security around smartphones has been of great concern, as people increasingly surf the Web, make calls and send messages from their mobile devices. An international group of privacy enthusiasts has come together to create Blackphone, a smartphone that claims it will help to better protect your information. Mashable writes that Blackphone is the brainchild of Silent Circle and Geekosphere, with participation from big players in the fight for information privacy and computer security. Phil Zimmermann, creator of data encryption protocol PGP (Pretty Good Privacy), is one of the minds behind the device. “Blackphone provides users with everything they need to ensure privacy and control of their communications, along with all the other high-end smartphone features they have come to expect,” Zimmerman said, according to Mashable. [ Right Click: Kiwi lifestyle tracker to free people from their smartphones ] The operating system is a custom build of Android OS called PrivatOS, designed for improved security. Silent Circle’s CEO Mike Janke says the project will be open source, as will the PrivatOS operating system. The phone likely won’t have the most outstanding specs, but the team says that’s because privacy is the top concern. No specific details have been given about the phone yet (although some of the code has been posted to GitHub). The companies say they’ll be unveiling it properly at Mobile World Congress in Barcelona beginning Feb. 24. Even with very little information about the device currently available, some media outlets are suggesting that the phone could be “NSA-proof.” That’s a tall order, especially in light of a story from The New York Times claiming that the NSA has implanted software in nearly 100,000 computers to create backdoor radio access. For more information on Blackphone, visit its website at https://www.blackphone.ch. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4137 bytes Desc: not available URL: From segordon at gmx.com Fri Jan 17 01:41:29 2014 From: segordon at gmx.com (Sam Gordon) Date: Fri, 17 Jan 2014 01:41:29 -0800 Subject: "Blackphone" said to be "a super-secure nsa-proof" In-Reply-To: <1389950750.79148.YahooMailNeo@web141202.mail.bf1.yahoo.com> References: <1389950750.79148.YahooMailNeo@web141202.mail.bf1.yahoo.com> Message-ID: <52D8FAC9.4010103@gmx.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The only almost-safe portable phone I can imagine is a purely VoIP phone, and that comes with a ton of caveats and precautions. It's a very difficult problem. That whole corporate-locked-in-baseband thing seems to throw a curveball at any ideas I can think of when trying to execute a secure cellular device. I am, however, excited to see Zimmermann involved. Sam On Fri 17 Jan 2014 01:25:50 AM PST, Jim Bell wrote: > > > http://www.yahoo.com/tech/startup-launching-a-super-secure-nsa-proof-73511096050.html > > > Fears over NSA spying have prompted people around the world to think > about security differently, whether it be petitioning for companies to > better secure their data or changing the information they share online. > In particular, security around smartphones has been of great concern, as people increasingly surf the Web, make calls and send messages from > their mobile devices. > An international group of privacy enthusiasts has come together to > create Blackphone, a smartphone that claims it will help to better > protect your information. > Mashable writes that Blackphone is the brainchild of Silent Circle and Geekosphere, > with participation from big players in the fight for information privacy and computer security. Phil Zimmermann, creator of data encryption > protocol PGP (Pretty Good Privacy), is one of the minds behind the > device. > “Blackphone provides users with everything they need to ensure > privacy and control of their communications, along with all the other > high-end smartphone features they have come to expect,” Zimmerman said, > according to Mashable. > [ Right Click: Kiwi lifestyle tracker to free people from their smartphones ] > The operating system is a custom build of Android OS called PrivatOS, designed for improved security. Silent Circle’s CEO Mike Janke says the project will be open source, as will the PrivatOS operating system. The phone likely won’t have the most outstanding specs, but the team says > that’s because privacy is the top concern. > No specific details have been given about the phone yet (although > some of the code has been posted to GitHub). The companies say they’ll > be unveiling it properly at Mobile World Congress in Barcelona beginning Feb. 24. > Even with very little information about the device currently > available, some media outlets are suggesting that the phone could be > “NSA-proof.” That’s a tall order, especially in light of a story from The New York Times claiming that the NSA has implanted software in nearly 100,000 computers to create backdoor radio access. > For more information on Blackphone, visit its website at https://www.blackphone.ch. - -- http://about.me/sam.gordon Keep the net free Electronic Frontier Foundation https://supporters.eff.org/donate Free Software Foundation https://my.fsf.org/associate/support_freedom/join_fsf -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJS2PrJAAoJEBNrXBfj4zc+lqAIAIpTi9wtUfXGIZSgZGk0LcCn jVTjpg6ZSd6C8uIrYPmXFiiy0DCnb1aj4ca6BoFRVbrVVad64ED4e/zqkM4lAqTU 9IilvLfzeTcX04OmZsXgU+644ymjODO5l/wb/hL1/DdQTHnyz91IzKZsocI7d3Cw Aatm0vEquUmwR0eT10LWto2F+phQze0OpMGLxCa/KN5+/q+Yk5MQ9o/wuEj2ePhu cUJOv8lFjkl+rbSC+6X1rIhaa89mKjlz8tLlXQYUj/++c5vXhDyMIe0lQratgzMm o076UvIhCeo7yz4ct5NzKFISSGW7CrTHt1xjQF1ybM6Nt1FV/wKxpTwBRB8qc1A= =dGK5 -----END PGP SIGNATURE----- From mixmaster at remailer.privacy.at Thu Jan 16 20:35:08 2014 From: mixmaster at remailer.privacy.at (Anonymous Remailer (austria)) Date: Fri, 17 Jan 2014 05:35:08 +0100 (CET) Subject: name machet NOT found at http://www.accessgenealogy.com/native/final-rolls.htm Message-ID: its real simple I dont like fakes hmm lets see you committed an act of battery against a german police officer while claiming to be be a cherokee american indian/aboriginal, to wit you admitted in a public forum that you committed the act of assault(fighting with a police officer) violating section 113.1 of the German criminal code. "Whosoever, by force or threat of force, offers resistance to or attacks a public official or soldier of the Armed Forces charged with the enforcement of laws, ordinances, judgments, judicial decisions or orders acting in the execution of such official duty shall be liable to imprisonment not exceeding two years or a fine." as the punishment is up to 2 years by american legal standars you have committed a felony and blamed my racial group in doing so.. This in a legal jurisdiction notorius for historically pursuing racial profiling/purity etc and track same in their national police intelligence systems. You are no better that any other white racist in blackface/redface makeup.. except in this case you chose to lie about your descent. Membership in ANY of the indian tribes and familial band that are a registered tribe with the USG is easily checked.. This was all setout by treaty after the american holocaust known as the trail of tears when the nascent USG did their level best to exterminate my family and all of my relations and by lineal descent moi. I will point you to http://www.accessgenealogy.com/native/final-rolls.htm where the familial name machet appears on NONE of the tribes recognized by treaty( which includes 4 seperate lists for the cherokee nation.) SO if you are NOT a obsessive liar Cari machet either supply a familial name and relationship to the tribal rolls or publically apologize to the Cherokee Nation for having defamed same.. or suffer the consequences.. negative exposure in all tha media that a clever cypherpunk can reach in essence Information Warfare Level - 1 reputation capital reduction publication of true and untrue negative statements about the target in question with the intent that these public statement make their way into intelligence files and dossiers kept by national/police/corporate security organization. Also known as "dirtying up someones reputation", technique to get someone investigated by DHS/IRS etc... Paula Deen aint got nothing on you bitch... From jamesd at echeque.com Thu Jan 16 14:01:51 2014 From: jamesd at echeque.com (James A. Donald) Date: Fri, 17 Jan 2014 08:01:51 +1000 Subject: [Cfrg] Requesting removal of CFRG co-chair In-Reply-To: References: <201401162038.s0GKc7IM017003@antiproton.jfet.org> Message-ID: <52D856CF.9030109@echeque.com> On 2014-01-17 07:06, John Young wrote: > This witch hunt is ridiculous self-promotion, and most often > is hawked by competing witches, actually by the publicity > machinery of alternative acronymism. To call it a witch hunt is to imply the nonexistence of witches. But, the Snowden documents reveal the existence of NSA infiltrators aiming at preventing security, and the behavior of Kevin Igoe makes it obvious he is an NSA infiltrator who aims at preventing security. The failure to remove Kevin Igoe demonstrates once again that the IETF is firmly in the hands of the enemy, which has long been obvious. Cypherpunks should not tolerate this, and I am pretty sure that China and Russia will not tolerate it either. From dan at geer.org Fri Jan 17 05:06:46 2014 From: dan at geer.org (dan at geer.org) Date: Fri, 17 Jan 2014 08:06:46 -0500 Subject: anti-prosecution tactics. (Was Re:) In-Reply-To: Your message of "Thu, 16 Jan 2014 20:59:46 +0100." <10612724.qVFqBZNlEa@lap> Message-ID: <20140117130646.3EDFE2280D8@palinka.tinho.net> > The criminals in power have privacy. The rich who can pay have privacy. > > Those below the median income have none. It has long been said that obscurity is not security (except that in modest doses it is). At the same time, obscurity most assuredly *is* a species of privacy. In other words, the quotation above has it exactly backwards. I have written on this, which is to say that I'm on the record. The most recent is http://geer.tinho.net/geer.uncc.9x13.txt In the meantime, everyone on this list is above world median income (USD 1,225 per annum) and almost everyone is in the world's 1% (USD 34,000 per annum). I commend Branko Milanovic's _The Haves and the Have Nots_ to your reading in that regard. --dan From loki at obscura.com Fri Jan 17 09:02:08 2014 From: loki at obscura.com (Lance Cottrell) Date: Fri, 17 Jan 2014 09:02:08 -0800 Subject: "Blackphone" said to be "a super-secure nsa-proof" In-Reply-To: <52D8FAC9.4010103@gmx.com> References: <1389950750.79148.YahooMailNeo@web141202.mail.bf1.yahoo.com> <52D8FAC9.4010103@gmx.com> Message-ID: <1A6F9020-4609-459A-9751-4D7D036034D4@obscura.com> They should be able to do blackphone to blackphone secure voice and text reasonable well. Other android apps and phone location tracking, not so much. -Lance -- Lance Cottrell loki at obscura.com On Jan 17, 2014, at 1:41 AM, Sam Gordon wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > The only almost-safe portable phone I can imagine is a purely VoIP > phone, and that comes with a ton of caveats and precautions. It's a > very difficult problem. > > That whole corporate-locked-in-baseband thing seems to throw a > curveball at any ideas I can think of when trying to execute a secure > cellular device. > > I am, however, excited to see Zimmermann involved. > > Sam > > On Fri 17 Jan 2014 01:25:50 AM PST, Jim Bell wrote: >> >> >> http://www.yahoo.com/tech/startup-launching-a-super-secure-nsa-proof-73511096050.html >> >> >> Fears over NSA spying have prompted people around the world to think >> about security differently, whether it be petitioning for companies to >> better secure their data or changing the information they share online. >> In particular, security around smartphones has been of great concern, as people increasingly surf the Web, make calls and send messages from >> their mobile devices. >> An international group of privacy enthusiasts has come together to >> create Blackphone, a smartphone that claims it will help to better >> protect your information. >> Mashable writes that Blackphone is the brainchild of Silent Circle and Geekosphere, >> with participation from big players in the fight for information privacy and computer security. Phil Zimmermann, creator of data encryption >> protocol PGP (Pretty Good Privacy), is one of the minds behind the >> device. >> “Blackphone provides users with everything they need to ensure >> privacy and control of their communications, along with all the other >> high-end smartphone features they have come to expect,” Zimmerman said, >> according to Mashable. >> [ Right Click: Kiwi lifestyle tracker to free people from their smartphones ] >> The operating system is a custom build of Android OS called PrivatOS, designed for improved security. Silent Circle’s CEO Mike Janke says the project will be open source, as will the PrivatOS operating system. The phone likely won’t have the most outstanding specs, but the team says >> that’s because privacy is the top concern. >> No specific details have been given about the phone yet (although >> some of the code has been posted to GitHub). The companies say they’ll >> be unveiling it properly at Mobile World Congress in Barcelona beginning Feb. 24. >> Even with very little information about the device currently >> available, some media outlets are suggesting that the phone could be >> “NSA-proof.” That’s a tall order, especially in light of a story from The New York Times claiming that the NSA has implanted software in nearly 100,000 computers to create backdoor radio access. >> For more information on Blackphone, visit its website at https://www.blackphone.ch. > > - -- > http://about.me/sam.gordon > > Keep the net free > > Electronic Frontier Foundation > https://supporters.eff.org/donate > > Free Software Foundation > https://my.fsf.org/associate/support_freedom/join_fsf > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.14 (GNU/Linux) > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQEcBAEBAgAGBQJS2PrJAAoJEBNrXBfj4zc+lqAIAIpTi9wtUfXGIZSgZGk0LcCn > jVTjpg6ZSd6C8uIrYPmXFiiy0DCnb1aj4ca6BoFRVbrVVad64ED4e/zqkM4lAqTU > 9IilvLfzeTcX04OmZsXgU+644ymjODO5l/wb/hL1/DdQTHnyz91IzKZsocI7d3Cw > Aatm0vEquUmwR0eT10LWto2F+phQze0OpMGLxCa/KN5+/q+Yk5MQ9o/wuEj2ePhu > cUJOv8lFjkl+rbSC+6X1rIhaa89mKjlz8tLlXQYUj/++c5vXhDyMIe0lQratgzMm > o076UvIhCeo7yz4ct5NzKFISSGW7CrTHt1xjQF1ybM6Nt1FV/wKxpTwBRB8qc1A= > =dGK5 > -----END PGP SIGNATURE----- > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5227 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4877 bytes Desc: not available URL: From seanl at literati.org Fri Jan 17 10:55:33 2014 From: seanl at literati.org (Sean Lynch) Date: Fri, 17 Jan 2014 10:55:33 -0800 Subject: Replacing corporate search engines with anonymous/decentralized search In-Reply-To: <19029347.avvEohIsFf@lap> References: <1388305027.11664.55.camel@debian> <52C4A8C3.9020106@echeque.com> <19029347.avvEohIsFf@lap> Message-ID: On Sun, Jan 5, 2014 at 10:39 AM, rysiek wrote: > Dnia czwartek, 2 stycznia 2014 13:04:17 Sean Lynch pisze: > > On Wed, Jan 1, 2014 at 3:46 PM, James A. Donald > wrote: > > > As a matter of fact, it still does work. > > > > It works far less, though, since most people expect others to rely on > > search engines, so they don't bother to link anymore. > > > > Here's a thought: browser extension that stores your "personal" web > index, > > and gives you a typeahead menu when you write about concepts in your > index, > > prompting you to convert phrases to links. Like the way Facebook always > > wants to convert the names of people and pages to tags. Even if it were > > just primed with Wikipedia, that would drastically reduce the amount of > > Google searching people need to do when reading stuff you write. > > In Firefox it's called "The Awesome Bar", and it sifts through your history > and bookmarks (I bookmark a lot, and tag these pretty exactly, which helps > immensely). > I'm talking about anytime you type into text boxes. The goal of this proposal was to return to the hypertextual nature of the web in order to reduce our dependence on centralized indexes. However, I find your proposal to improve the utility of the AwesomeBar interesting. > The downside, of course, is that it works only for links that I have > already > visited. > > So here's the idea: sharing bookmark tags and links with each other, via > some > extention for example, and making "The Awesome Bar" (damn, I hate that > name) > sift through bookmarks/tags of people in your "network" (what that means > would > have to be defined, but as Mozilla Sync can already store bookmarks, the > data > can already be on a server, just use it). > > An even simpler proposal: assuming the AwesomeBar doesn't already include live bookmarks in its autocomplete functionality, add it. Then anyone can simply publish their bookmarks via RSS and anyone else can import them. Then someone can just add functionality to create live bookmarks that pull signed and possibly encrypted (with Ed25519/Curve25519 of course) RSS feeds from a DHT. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2874 bytes Desc: not available URL: From rysiek at hackerspace.pl Fri Jan 17 02:28:53 2014 From: rysiek at hackerspace.pl (rysiek) Date: Fri, 17 Jan 2014 11:28:53 +0100 Subject: name machet NOT found at http://www.accessgenealogy.com/native/final-rolls.htm In-Reply-To: References: Message-ID: <694980049.3UkphaP84B@lap> Dnia piątek, 17 stycznia 2014 05:35:08 Anonymous Remailer pisze: > its real simple I dont like fakes Aw come on, this is absurd. She could have married, she could have changed her name. I don't give a flying fuck about whether or not she is a "truly" of First Nations descent, or not, if she married or not, etc. It is no business of mine, nor yours. There is no reason nor excuse for her bragging about it all the time, just as there is not a single reason nor excuse for you digging in her private shit. Both are irrelevant and off-topic here, from what I can tell. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From carimachet at gmail.com Fri Jan 17 04:00:32 2014 From: carimachet at gmail.com (Cari Machet) Date: Fri, 17 Jan 2014 13:00:32 +0100 Subject: name machet NOT found at http://www.accessgenealogy.com/native/final-rolls.htm In-Reply-To: <694980049.3UkphaP84B@lap> References: <694980049.3UkphaP84B@lap> Message-ID: hahhaha what level of intellectual profoundity what rigor in research > such a detective... i cant even read it also i am not "bragging" about being native i am explaining ONE of the physiical reasons i am different than most white thinkers... should i make a list of the other reasons? NO cause its #boring figure something out to do with your time on the planet On Fri, Jan 17, 2014 at 11:28 AM, rysiek wrote: > Dnia piątek, 17 stycznia 2014 05:35:08 Anonymous Remailer pisze: > > its real simple I dont like fakes > > Aw come on, this is absurd. She could have married, she could have changed > her > name. > > I don't give a flying fuck about whether or not she is a "truly" of First > Nations descent, or not, if she married or not, etc. It is no business of > mine, nor yours. > > There is no reason nor excuse for her bragging about it all the time, just > as > there is not a single reason nor excuse for you digging in her private > shit. > Both are irrelevant and off-topic here, from what I can tell. > > -- > Pozdr > rysiek -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2231 bytes Desc: not available URL: From coderman at gmail.com Fri Jan 17 13:26:23 2014 From: coderman at gmail.com (coderman) Date: Fri, 17 Jan 2014 13:26:23 -0800 Subject: anti-prosecution tactics. (Was Re:) In-Reply-To: <20140117130646.3EDFE2280D8@palinka.tinho.net> References: <10612724.qVFqBZNlEa@lap> <20140117130646.3EDFE2280D8@palinka.tinho.net> Message-ID: On Fri, Jan 17, 2014 at 5:06 AM, wrote: > ... At the same time, obscurity most > assuredly *is* a species of privacy. an interesting corollary is obscurity as cost factor / lower bound effort for various attacks in your threat model. more opsec, less information theoretic bounds against discrimination from background... > In the meantime, everyone on this list is [exceptionally privileged...] alas, privilege below truly absurd[0] apparently insufficient shield from the whims of malevolent prosecution and arbitrary retribution... regarding the original subject: if some perceived method of deterrence (or at best deferment) is attained, is that action itself high risk years later as attempts to redress thwarted efforts are redoubled? or said another way: is deterrence a continual escalation until nullified, once applied in even a single instance? i have seen rare instances of quid pro quo applied instead of other pressures. we get to watch (copy exfil data), you get to walk to away... this is hardly sustainable nor continual however. best regards, 0. investment banking a position of absurd privilege, fraud and conspiracy and other felonies in this domain rarely lead to more than symbolic gestures and slaps on the wrist! From coderman at gmail.com Fri Jan 17 13:44:01 2014 From: coderman at gmail.com (coderman) Date: Fri, 17 Jan 2014 13:44:01 -0800 Subject: "Blackphone" said to be "a super-secure nsa-proof" Message-ID: "super-secure nsa-proof" phone... this shit is hilarious! will it ever get old? :P~ smartphones our Achilles heel: so convenient, so entirely privacy destroying and inherently vulnerable and insecure (as of existing closed baseband systems, proprietary chipsets, poorly keyed, weakly ciphered, horribly authenticated, geo location and side channel leaking sieves we call handsets today that is...) some have suggested the GTA04[0], which i do like, and also liked the original GTA01 back in the day. however, the ideal platform would be wideband SDR on a coreboot mobile with virtualization support (e.g. mobile Qubes OS with MIMO SDR radios and hardware protected key management) one last comment on smart phones and mobile networks: they do offer myriad and many methods to pollute the upstream; indications are this delays rather than defends, but still interesting and enjoyable none the less *grin* 0. OpenMoko GTA04 handsets [avail since 2011] http://wiki.openmoko.org/wiki/GTA04 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1806 bytes Desc: not available URL: From carimachet at gmail.com Fri Jan 17 05:23:58 2014 From: carimachet at gmail.com (Cari Machet) Date: Fri, 17 Jan 2014 14:23:58 +0100 Subject: anti-prosecution tactics. (Was Re:) In-Reply-To: References: <20140116183313.GC3180@nl.grid.coop> <5F13F9B03C1409FEC2044012@F74D39FA044AA309EAEA14B9> <20140116194329.GD3180@nl.grid.coop> <10612724.qVFqBZNlEa@lap> <20140116202551.GE3180@nl.grid.coop> Message-ID: thanks for telling me i am in a safe place i actually use these ways of writing on purpose - i think language is alive and it changes like you and i - so i see the future english language use as different than now but i use some of its aspects now such as the use of numbers in words etc - if you have seen any future depictions of written language it is usually full of symbols letters and numbers (like code) - even just squares - i just try to open pathways for such things in different arenas and i dont see things as 'real' or unreal in the way that you do On Fri, Jan 17, 2014 at 6:53 AM, J.A. Terranson wrote: > > On Thu, 16 Jan 2014, Cari Machet wrote: > > > > What I want is for private cypherpunks and transparent cypherpunks to > > > respect each > > > other's values and spill the secrets of the fuckers who say privacy is > > > dead but will > > > only themselves give it up in the cold grip of the grave. > > > > > > > YAY!! > > > > are those ppl largely libertarians (mayb)? > > Do you *always* use SMS-speak? This is a mailing list, not a Twit feed: > it's safe to use real words. > > > //Alif > > -- > Those who make peaceful change impossible, > make violent revolution inevitable. > > An American Spring is coming: > one way or another. > > > > -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2502 bytes Desc: not available URL: From bill at scannell.org Fri Jan 17 16:02:41 2014 From: bill at scannell.org (Bill Scannell) Date: Fri, 17 Jan 2014 15:02:41 -0900 Subject: Call for Papers: LangSec Workshop @ IEEE Security & Privacy 2014 Message-ID: Hi all, The First Workshop on Language-Theoretic Security (LangSec) at the IEEE CS Security & Privacy Workshops solicits contributions related to the growing area of language-theoretic security. The workshop will be held on May 18, 2014. For more information, visit: http://spw14.langsec.org . The overall goal of the workshop is to bring more clarity and focus to two complementary areas: (1) practical software assurance and (2) vulnerability analysis (identification, characterization, and exploit development). The LangSec community views these activities as related and highly structured engineering disciplines and seeks to provide a forum to explore and develop this relationship. Looking forward to hearing from you, Bill -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 842 bytes Desc: Message signed with OpenPGP using GPGMail URL: From juan.g71 at gmail.com Fri Jan 17 10:47:24 2014 From: juan.g71 at gmail.com (Juan Garofalo) Date: Fri, 17 Jan 2014 15:47:24 -0300 Subject: name machet NOT found at http://www.accessgenealogy.com/native/final-rolls.htm In-Reply-To: References: <694980049.3UkphaP84B@lap> Message-ID: --On Friday, January 17, 2014 1:00 PM +0100 Cari Machet wrote: > > also i am not "bragging" about being native i am explaining ONE of the > physiical reasons i am different than most white thinkers... You mean you *look* different than most 'white' 'thinkers'? > should i make > a list of the other reasons? NO cause its #boring figure something out to > do with your time on the planet > > > On Fri, Jan 17, 2014 at 11:28 AM, rysiek wrote: > >> Dnia piątek, 17 stycznia 2014 05:35:08 Anonymous Remailer pisze: >> > its real simple I dont like fakes >> >> Aw come on, this is absurd. She could have married, she could have >> changed her >> name. >> >> I don't give a flying fuck about whether or not she is a "truly" of First >> Nations descent, or not, if she married or not, etc. It is no business of >> mine, nor yours. >> >> There is no reason nor excuse for her bragging about it all the time, >> just as >> there is not a single reason nor excuse for you digging in her private >> shit. >> Both are irrelevant and off-topic here, from what I can tell. >> >> -- >> Pozdr >> rysiek > > > > > -- > Cari Machet > NYC 646-436-7795 > carimachet at gmail.com > AIM carismachet > Syria +963-099 277 3243 > Amman +962 077 636 9407 > Berlin +49 152 11779219 > Twitter: @carimachet > > Ruh-roh, this is now necessary: This email is intended only for the > addressee(s) and may contain confidential information. If you are not the > intended recipient, you are hereby notified that any use of this > information, dissemination, distribution, or copying of this email without > permission is strictly prohibited. > From coderman at gmail.com Fri Jan 17 16:30:15 2014 From: coderman at gmail.com (coderman) Date: Fri, 17 Jan 2014 16:30:15 -0800 Subject: independently assisting oversight of highly classified programs Message-ID: per the Schneier brief with congress[0]: """ ... Lofgren asked me to brief her and a few Representatives on the NSA. She said that the NSA wasn't forthcoming about their activities, and they wanted me -- as someone with access to the Snowden documents -- to explain to them what the NSA was doing... I suggested that we hold this meeting in a SCIF, because [...] top secret documents [...] The problem is that I, as someone without a clearance, would not be allowed into the SCIF. So we had to have the meeting in a regular room. EDITED TO ADD: This really was an extraordinary thing. """ Wyden has an aide whose primary efforts and expertise revolve around the classification of national security programs, funding, and information.[1] however this person is dedicated to keeping Wyden within bounds as far as what he publicly discusses. consider the opposite end of the spectrum: anonymous supporters and sources who are able to analyze and disseminate specifics of these programs deemed priorities by hamstrung and handbound public servants. how would you prioritize the efforts of such an ad-hoc group? (presumably the intent would be legislative and monetary impact, rather than advertising revenue via popularity, which may vary scope and focus a little or a lot...) would the ability to extensively and widely reverse engineer intelligence agency efforts significantly alter the position of various legislators with regards to these programs? (or are the details insufficient to alter already concrete and lucrative positions?) this is particularly relevant given the Obama pass to congress with respect to intelligence agency oversight and program limits[2]. best regards, 0. "Today I Briefed Congress on the NSA" https://www.schneier.com/blog/archives/2014/01/today_i_briefed.html 1. sorry, i can't find this off hand; there was a rolling stone or other profile done which discussed this person from beaverton/tigard areaoutside Portland, OR metro. 2. "Remarks of President Barack Obama: Results of our Signals Intelligence Review" http://cryptome.org/2014/01/obama-nsa-13-0117.htm From electromagnetize at gmail.com Fri Jan 17 20:04:58 2014 From: electromagnetize at gmail.com (brian carroll) Date: Fri, 17 Jan 2014 22:04:58 -0600 Subject: wld b nice to know what these procedures entail In-Reply-To: References: Message-ID: have been thinking for some time that given the vast document cache by Snowden if not others, that making a public list of the highest known priority topics -- beyond software/hardware model of net.warfare, and instead, as of yet undocumented or unknown territory, as if a FOIA request, my picks would be anything neuro- or nervous system, also directed energy, as it relates to attacks, weapons, fielded infrastructure or what is placed in hands of local police state on the offensive against citizens using their rights. then perhaps priority vetting or keyword searches by those with the data, to seek to fulfill requests for that information outside the perish if publishing 'news-style' account, no-wave-making required while tsunami radiation & sonic attacks occurring live perhaps a top-twenty list: my requests as mentioned::: #) neurology based equipment and attacks employed by or in use with NSA surveillance and electronic or other warfare attacks inside the USA, in any intelligence or police activities; as these may relate to stand-alone tools, processes, or involve distributed systems, and fielded infrastructure (cellular,other) #) directed energy (EMFs,radiation,acoustics,sound,infrasound, other) weapons or tools deployed or used in the USA against citizens, including standalone, networked, or infrastructure, as these may also relate to dual-use technologies (routers) where functioning may occur in covert, unlisted parameters ... others ideas, and then make a public listing, perhaps even run an ad in the New York Times, Sunday edition, to demand public information, release of any data within these parameters if such a list could be compiled then an organized approach to the data could help structuring the released information, vetting it based on priority and not news cycle whims based on politics perhaps ten points to keep it simple or start with five topics and keep it focused upon the most aggressive police state tactics. any confirmation of this known activity would cause continuing abuses to collapse due to sunshine on crimes against citizens question is: how might they deny it, and so how to find how it is organized. for instance, what is actual range of 'implants', would information exist in the clear about these covert projects or is it out of bounds even for the information stolen, classified at a higher level or in another agency or category. how to find what fragments may exist about functioning, fielded programs, what parameters to search for to triangulate data thus provide framework for disclosure, rationalization allowing dialogue vs no context to share such information, unbelievable to many On Fri, Jan 17, 2014 at 9:03 PM, Cari Machet wrote: > > http://www.theguardian.com/world/interactive/2013/jun/07/obama-cyber-directive-full-text > > pg 6 > footnote > > "...electromagnetic or directed energy to control the electromagnetic > spectrum or to attack the enemy. Electronic warfare consists of three > divisions: electronic attack, electronic protection, and electronic warfare > support." > > -- > Cari Machet > NYC 646-436-7795 > carimachet at gmail.com > AIM carismachet > Syria +963-099 277 3243 > Amman +962 077 636 9407 > Berlin +49 152 11779219 > Twitter: @carimachet > > Ruh-roh, this is now necessary: This email is intended only for the > addressee(s) and may contain confidential information. If you are not the > intended recipient, you are hereby notified that any use of this > information, dissemination, distribution, or copying of this email without > permission is strictly prohibited. > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5289 bytes Desc: not available URL: From coderman at gmail.com Sat Jan 18 02:01:56 2014 From: coderman at gmail.com (coderman) Date: Sat, 18 Jan 2014 02:01:56 -0800 Subject: more NTRU fun: Homomorphic AES Evaluation Using NTRU Message-ID: http://eprint.iacr.org/2014/039.pdf [see pdf for citations / bib] """ ... Fully homomorphic encryption has come a long way in a mere few years since the first plausibly secure construction was introduced by Gentry in 2009. This advance settled an open problem posed by Rivest, and opened the door to many new applications. In a nutshell, by employing FHE one may perform an arbitrary number of computations directly on the encrypted data without revealing the secret key. This feature, makes FHE a powerful tool in multi-party computing and perfectly suited to protect sensitive data in distributed applications including those hosted on semi-trusted cloud servers. The eciency bottleneck that prevents FHE from being deployed in real-life applications is now being bridged with the introduction of numerous new optimizations and related proof-of-concept implementations. The rst implementation of an FHE variant was proposed by Gentry and Halevi. An impressive array of optimizations were proposed with the goals of reducing the size of the public-key and improving the performance of the primitives. Still, encryption of one bit takes more than a second on a high-end Intel Xeon based server, while recrypt primitive takes nearly half a minute for the lowest security setting... a GPU based implementation of the same scheme was developed which managed to reduce the recryption time to a few seconds. Recently more ecient schemes emerged based on the hardness of learning with errors (LWE) problem... Brakerski, Gentry, and Vaikuntanathan (BGV) introduced an LWE based scheme that reduces the need for bootstrapping. Instead the BGV scheme uses a new lightweight method, i.e. modulus switching, to mitigate noise growth in ciphertexts as homomorphic evaluation proceeds. While modulus switching cannot restore the original level of noise as bootstrapping does, it still manages to gain exponentially on depth of the circuits evaluated without a ecting the depth of the decryption circuit. Therefore, as long as we can x the depth of the circuit a priori, we can perform evaluations without bootstrapping using a leveled implementation. Smart and Vercauteren presented a number of batching techniques for packing multiple data streams into a single ciphertext. Gentry, Halevi and Smart introduced the first evaluation of a complex circuit, i.e. a full AES block evaluation by using a BGV style scheme introduced earlier by the same authors. The scheme makes use of batching, key switching and modulus switching techniques to obtain an efficient leveled implementation. Three batching techniques are used to obtain bit–sliced, byte–sliced and SIMD implementations. With 5 minutes per block evaluation time the byte-sliced implementation is faster, but also requires less memory. The SIMD implementation takes about 40 minutes per block. Alt-L´pez, Tromer and Vaikuntanathan (ATV) presented a leveled FHE scheme based on the modified NTRU scheme introduced earlier by Stehle and Steinfeld. A unique aspect of the ATV scheme is that it supports homomorphic evaluation of ciphertexts encrypted by using public keys assigned to different parties. The authors outline the scheme using a leveled implementation and introduce a technique called relinearization to facilitate key switching during the levels of the evaluation. Modulus switching is also performed after multiplication and addition operations. The security of ATV scheme relies on two assumptions: the ring LWE assumption, and the Decisional Small Polynomial Ratio (DSPR) assumption. The scheme also supports bootstrapping. While the scheme is appears to be efficient, the analysis ... lacks concrete parameters. Very recently Bos et al. presented a leveled implementation based on ATV . The authors modify the proposed scheme in a number of aspects to build up their own fully homomorphic scheme. The semantic security of ATV is based on uniformity of the public key which relies on the DSPR assumption.. the ATV scheme is modified by adopting a tensor product technique introduced by Brakerski such that the security depends only on standard lattice assumptions. Furthermore, modulus–switching is no longer needed due to the reduced noise growth. Lastly, the authors improve the flexibility of the scheme by splitting the message using the Chinese Remainder Theorem and then encrypting them into separate ciphertexts. This makes integer based arithmetic easier and more efficient with a cost of a reduction in the depth of circuits that can be evaluated with the scheme. Our Contributions. We introduce an implementation of the ATV FHE scheme along with a number of optimizations. More specifically we: • present a batched, bit-sliced implementation of the ATV scheme. The implementation is generic and is not customized to optimally evaluate any class of circuits (e.g. AES) more efficiently than other. • resolve the parameter selection issue in the light of recent theoretical and experimental results in the field of lattice reduction. • introduce a specialization of the rings that simplifies modulus reduction and allows us to significantly reduce the size of the public key. We show that the impact of this specialization on the key space is negligibly small. Even further, with the specialization key switching is no longer needed. • rigorously analyze the noise growth of the ATV scheme over the levels of computation, and develop a simple formula for estimating the number of bits one needs to cut during the modulus reduction step. • homomorphically evaluate the full 128-bit AES circuit in a bit-sliced implementation to demonstrate the scalability of the introduced technique. Our implementation is 5 times faster than the byte sliced implementation and 43 times faster than the SIMD implementation of [other FHE...]. """ From carimachet at gmail.com Fri Jan 17 17:19:57 2014 From: carimachet at gmail.com (Cari Machet) Date: Sat, 18 Jan 2014 02:19:57 +0100 Subject: name machet NOT found at http://www.accessgenealogy.com/native/final-rolls.htm In-Reply-To: References: <694980049.3UkphaP84B@lap> Message-ID: no - i have blue eyes and blondeish hair so look white in color - if u know facial features of native tribes you may b able to tell i am part native but... rare bird knows that On Fri, Jan 17, 2014 at 7:47 PM, Juan Garofalo wrote: > > > --On Friday, January 17, 2014 1:00 PM +0100 Cari Machet > wrote: > > > > > > also i am not "bragging" about being native i am explaining ONE of the > > physiical reasons i am different than most white thinkers... > > > You mean you *look* different than most 'white' 'thinkers'? > > > > should i make > > a list of the other reasons? NO cause its #boring figure something out to > > do with your time on the planet > > > > > > On Fri, Jan 17, 2014 at 11:28 AM, rysiek wrote: > > > >> Dnia piątek, 17 stycznia 2014 05:35:08 Anonymous Remailer pisze: > >> > its real simple I dont like fakes > >> > >> Aw come on, this is absurd. She could have married, she could have > >> changed her > >> name. > >> > >> I don't give a flying fuck about whether or not she is a "truly" of > First > >> Nations descent, or not, if she married or not, etc. It is no business > of > >> mine, nor yours. > >> > >> There is no reason nor excuse for her bragging about it all the time, > >> just as > >> there is not a single reason nor excuse for you digging in her private > >> shit. > >> Both are irrelevant and off-topic here, from what I can tell. > >> > >> -- > >> Pozdr > >> rysiek > > > > > > > > > > -- > > Cari Machet > > NYC 646-436-7795 > > carimachet at gmail.com > > AIM carismachet > > Syria +963-099 277 3243 > > Amman +962 077 636 9407 > > Berlin +49 152 11779219 > > Twitter: @carimachet > > > > Ruh-roh, this is now necessary: This email is intended only for the > > addressee(s) and may contain confidential information. If you are not the > > intended recipient, you are hereby notified that any use of this > > information, dissemination, distribution, or copying of this email > without > > permission is strictly prohibited. > > > > > > -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3984 bytes Desc: not available URL: From carimachet at gmail.com Fri Jan 17 18:15:23 2014 From: carimachet at gmail.com (Cari Machet) Date: Sat, 18 Jan 2014 03:15:23 +0100 Subject: page 8 Message-ID: https://fas.org/irp/offdocs/ppd/ppd-28.pdf "a report assessing the feasibility of creating software that would allow the IC more easily to conduct targeted information acquisition rather than bulk collection." -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1199 bytes Desc: not available URL: From carimachet at gmail.com Fri Jan 17 19:03:07 2014 From: carimachet at gmail.com (Cari Machet) Date: Sat, 18 Jan 2014 04:03:07 +0100 Subject: wld b nice to know what these procedures entail Message-ID: http://www.theguardian.com/world/interactive/2013/jun/07/obama-cyber-directive-full-text pg 6 > footnote "...electromagnetic or directed energy to control the electromagnetic spectrum or to attack the enemy. Electronic warfare consists of three divisions: electronic attack, electronic protection, and electronic warfare support." -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1220 bytes Desc: not available URL: From gwen at cypherpunks.to Sat Jan 18 12:16:45 2014 From: gwen at cypherpunks.to (gwen hastings) Date: Sat, 18 Jan 2014 12:16:45 -0800 Subject: Hmm maybe so maybe not Re: "Blackphone" said to be "a super-secure nsa-proof" In-Reply-To: <1389950750.79148.YahooMailNeo@web141202.mail.bf1.yahoo.com> References: <1389950750.79148.YahooMailNeo@web141202.mail.bf1.yahoo.com> Message-ID: <52DAE12D.9080406@cypherpunks.to> Hi All, Unfortunately there are NO guarantees of NSA proof claims, Phil above all knows this after having designed version after version of insecurity with pgp, bassomatic and web of evidence being only 2 examples that went public,(dont even get me started on the DSA key mess...) Similar bumps in the road were noted during ZRTP development.. Now in the secure phone case .. there is NO way to know that you are secure against NSA TAO even if ALL source code to the phone apps and the base band processor firmware is published.. not even if the VHDL code for the IC design is published.. does mean we stop trying and give up?? hell no...think of it as a economic problem even classifying enough crypto at realtime speeds for capture turns into a major pain the the ass even on Narus boxen. And enough PFS-type systems ie DH ephemeral key exchange systems deployed and the headache grows even more... but all claims of NSA proof are indeed basically somewhat fraudulent as its a guarantee that no one checked out the chip design software for auto insert logic additions to their cell libraries. And with TAO placing teams of engineers its almost a sure bet that the IC libs are contaminated either with active flaws or simply important ones that never got reported. And etc ad nauseam from the silicon on out.. we should just stop using loaded language like "NSA Proof" and resting on past laurels to assure folks that such is a fact(it isn't). gh(who is now finally picking up the python language in a serious way) ps "Violent Python"(the book) rocks! next will be taking pbp routines and formats and creating a new curvep25519 version of type 1 and type 2 remailers with a nym.alias.net clone in python using Curvep25519 keys to emulate a type 1 reply block(have to see what mixminion does for reply-blocks if any) ps2ps: PCP and PBP developers need to make up their collective heads about external representation key formats for public keys(I will be using pbp as its already in python) I am kind of dependent on these(key format representations) On 1/17/14 1:25 AM, Jim Bell wrote: > > > http://www.yahoo.com/tech/startup-launching-a-super-secure-nsa-proof-73511096050.html > > > Fears over NSA spying have prompted people around the world to think > about security differently, whether it be petitioning for companies to > better secure their data or changing the information they share online. > In particular, security around smartphones has been of great concern, as people increasingly surf the Web, make calls and send messages from > their mobile devices. > An international group of privacy enthusiasts has come together to > create Blackphone, a smartphone that claims it will help to better > protect your information. > Mashable writes that Blackphone is the brainchild of Silent Circle and Geekosphere, > with participation from big players in the fight for information privacy and computer security. Phil Zimmermann, creator of data encryption > protocol PGP (Pretty Good Privacy), is one of the minds behind the > device. > “Blackphone provides users with everything they need to ensure > privacy and control of their communications, along with all the other > high-end smartphone features they have come to expect,” Zimmerman said, > according to Mashable. > [ Right Click: Kiwi lifestyle tracker to free people from their smartphones ] > The operating system is a custom build of Android OS called PrivatOS, designed for improved security. Silent Circle’s CEO Mike Janke says the project will be open source, as will the PrivatOS operating system. The phone likely won’t have the most outstanding specs, but the team says > that’s because privacy is the top concern. > No specific details have been given about the phone yet (although > some of the code has been posted to GitHub). The companies say they’ll > be unveiling it properly at Mobile World Congress in Barcelona beginning Feb. 24. > Even with very little information about the device currently > available, some media outlets are suggesting that the phone could be > “NSA-proof.” That’s a tall order, especially in light of a story from The New York Times claiming that the NSA has implanted software in nearly 100,000 computers to create backdoor radio access. > For more information on Blackphone, visit its website at https://www.blackphone.ch. > -- Tentacle #99 ecc public key curve p25519(pcp 0.15) 1l0$WoM5C8z=yeZG7?$]f^Uu8.g>4rf#t^6mfW9(rr910 Governments are instituted among men, deriving their just powers from the consent of the governed, that whenever any form of government becomes destructive of these ends, it is the right of the people to alter or abolish it, and to institute new government, laying its foundation on such principles, and organizing its powers in such form, as to them shall seem most likely to effect their safety and happiness.’ https://github.com/TLINDEN/pcp.git to get pcp(curve25519 cli) https://github.com/stef/pbp.git (curve 25519 python based cli) -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x42AA24D5.asc Type: application/pgp-keys Size: 70878 bytes Desc: not available URL: From carimachet at gmail.com Sat Jan 18 03:33:16 2014 From: carimachet at gmail.com (Cari Machet) Date: Sat, 18 Jan 2014 12:33:16 +0100 Subject: wld b nice to know what these procedures entail In-Reply-To: References: Message-ID: i would be happy to work on such a project yes - people dont believe it we witnessed such machinery at our raid and thought it was sound related but have no way of knowing what the large apparatus was actually doing - as i have asthma it was also a sensitive night for me in terms of breathing but it seemed like a chemical was released - the air was different by the camp but we had no gauges to detect such things - of course they care little for their own people and would expose them as well to anything they exposed us to + they would have used tear gas but it is illegal in nyc - all these things we experienced are slight compared to what they are capable of > as they have lost all ethics On Sat, Jan 18, 2014 at 5:04 AM, brian carroll wrote: > > have been thinking for some time that given the vast document > cache by Snowden if not others, that making a public list of the > highest known priority topics -- beyond software/hardware model > of net.warfare, and instead, as of yet undocumented or unknown > territory, as if a FOIA request, my picks would be anything neuro- > or nervous system, also directed energy, as it relates to attacks, > weapons, fielded infrastructure or what is placed in hands of local > police state on the offensive against citizens using their rights. > > then perhaps priority vetting or keyword searches by those with > the data, to seek to fulfill requests for that information outside > the perish if publishing 'news-style' account, no-wave-making > required while tsunami radiation & sonic attacks occurring live > > perhaps a top-twenty list: my requests as mentioned::: > > #) neurology based equipment and attacks employed by > or in use with NSA surveillance and electronic or other warfare > attacks inside the USA, in any intelligence or police activities; > as these may relate to stand-alone tools, processes, or involve > distributed systems, and fielded infrastructure (cellular,other) > > #) directed energy (EMFs,radiation,acoustics,sound,infrasound, > other) weapons or tools deployed or used in the USA against > citizens, including standalone, networked, or infrastructure, > as these may also relate to dual-use technologies (routers) > where functioning may occur in covert, unlisted parameters > > ... others ideas, and then make a public listing, perhaps even > run an ad in the New York Times, Sunday edition, to demand > public information, release of any data within these parameters > > if such a list could be compiled then an organized approach to > the data could help structuring the released information, vetting > it based on priority and not news cycle whims based on politics > > perhaps ten points to keep it simple or start with five topics and > keep it focused upon the most aggressive police state tactics. > any confirmation of this known activity would cause continuing > abuses to collapse due to sunshine on crimes against citizens > > question is: how might they deny it, and so how to find how it > is organized. for instance, what is actual range of 'implants', > would information exist in the clear about these covert projects > or is it out of bounds even for the information stolen, classified > at a higher level or in another agency or category. how to find > what fragments may exist about functioning, fielded programs, > what parameters to search for to triangulate data thus provide > framework for disclosure, rationalization allowing dialogue vs > no context to share such information, unbelievable to many > > > On Fri, Jan 17, 2014 at 9:03 PM, Cari Machet wrote: > >> >> http://www.theguardian.com/world/interactive/2013/jun/07/obama-cyber-directive-full-text >> >> pg 6 > footnote >> >> "...electromagnetic or directed energy to control the electromagnetic >> spectrum or to attack the enemy. Electronic warfare consists of three >> divisions: electronic attack, electronic protection, and electronic warfare >> support." >> >> -- >> Cari Machet >> NYC 646-436-7795 >> carimachet at gmail.com >> AIM carismachet >> Syria +963-099 277 3243 >> Amman +962 077 636 9407 >> Berlin +49 152 11779219 >> Twitter: @carimachet >> >> Ruh-roh, this is now necessary: This email is intended only for the >> addressee(s) and may contain confidential information. If you are not the >> intended recipient, you are hereby notified that any use of this >> information, dissemination, distribution, or copying of this email >> without >> permission is strictly prohibited. >> >> >> > -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 7186 bytes Desc: not available URL: From carimachet at gmail.com Sat Jan 18 03:43:02 2014 From: carimachet at gmail.com (Cari Machet) Date: Sat, 18 Jan 2014 12:43:02 +0100 Subject: wld b nice to know what these procedures entail In-Reply-To: References: Message-ID: we could also poll with an API to gather information that is on the net already > they are not as covert as ppl think they are at least thats what i think On Sat, Jan 18, 2014 at 12:33 PM, Cari Machet wrote: > i would be happy to work on such a project > > yes - people dont believe it > > we witnessed such machinery at our raid and thought it was sound related > but have no way of knowing what the large apparatus was actually doing - as > i have asthma it was also a sensitive night for me in terms of breathing > but it seemed like a chemical was released - the air was different by the > camp but we had no gauges to detect such things - of course they care > little for their own people and would expose them as well to anything they > exposed us to + they would have used tear gas but it is illegal in nyc - > all these things we experienced are slight compared to what they are > capable of > as they have lost all ethics > > > On Sat, Jan 18, 2014 at 5:04 AM, brian carroll > wrote: > >> >> have been thinking for some time that given the vast document >> cache by Snowden if not others, that making a public list of the >> highest known priority topics -- beyond software/hardware model >> of net.warfare, and instead, as of yet undocumented or unknown >> territory, as if a FOIA request, my picks would be anything neuro- >> or nervous system, also directed energy, as it relates to attacks, >> weapons, fielded infrastructure or what is placed in hands of local >> police state on the offensive against citizens using their rights. >> >> then perhaps priority vetting or keyword searches by those with >> the data, to seek to fulfill requests for that information outside >> the perish if publishing 'news-style' account, no-wave-making >> required while tsunami radiation & sonic attacks occurring live >> >> perhaps a top-twenty list: my requests as mentioned::: >> >> #) neurology based equipment and attacks employed by >> or in use with NSA surveillance and electronic or other warfare >> attacks inside the USA, in any intelligence or police activities; >> as these may relate to stand-alone tools, processes, or involve >> distributed systems, and fielded infrastructure (cellular,other) >> >> #) directed energy (EMFs,radiation,acoustics,sound,infrasound, >> other) weapons or tools deployed or used in the USA against >> citizens, including standalone, networked, or infrastructure, >> as these may also relate to dual-use technologies (routers) >> where functioning may occur in covert, unlisted parameters >> >> ... others ideas, and then make a public listing, perhaps even >> run an ad in the New York Times, Sunday edition, to demand >> public information, release of any data within these parameters >> >> if such a list could be compiled then an organized approach to >> the data could help structuring the released information, vetting >> it based on priority and not news cycle whims based on politics >> >> perhaps ten points to keep it simple or start with five topics and >> keep it focused upon the most aggressive police state tactics. >> any confirmation of this known activity would cause continuing >> abuses to collapse due to sunshine on crimes against citizens >> >> question is: how might they deny it, and so how to find how it >> is organized. for instance, what is actual range of 'implants', >> would information exist in the clear about these covert projects >> or is it out of bounds even for the information stolen, classified >> at a higher level or in another agency or category. how to find >> what fragments may exist about functioning, fielded programs, >> what parameters to search for to triangulate data thus provide >> framework for disclosure, rationalization allowing dialogue vs >> no context to share such information, unbelievable to many >> >> >> On Fri, Jan 17, 2014 at 9:03 PM, Cari Machet wrote: >> >>> >>> http://www.theguardian.com/world/interactive/2013/jun/07/obama-cyber-directive-full-text >>> >>> pg 6 > footnote >>> >>> "...electromagnetic or directed energy to control the electromagnetic >>> spectrum or to attack the enemy. Electronic warfare consists of three >>> divisions: electronic attack, electronic protection, and electronic warfare >>> support." >>> >>> -- >>> Cari Machet >>> NYC 646-436-7795 >>> carimachet at gmail.com >>> AIM carismachet >>> Syria +963-099 277 3243 >>> Amman +962 077 636 9407 >>> Berlin +49 152 11779219 >>> Twitter: @carimachet >>> >>> Ruh-roh, this is now necessary: This email is intended only for the >>> addressee(s) and may contain confidential information. If you are not >>> the >>> intended recipient, you are hereby notified that any use of this >>> information, dissemination, distribution, or copying of this email >>> without >>> permission is strictly prohibited. >>> >>> >>> >> > > > -- > Cari Machet > NYC 646-436-7795 > carimachet at gmail.com > AIM carismachet > Syria +963-099 277 3243 > Amman +962 077 636 9407 > Berlin +49 152 11779219 > Twitter: @carimachet > > Ruh-roh, this is now necessary: This email is intended only for the > addressee(s) and may contain confidential information. If you are not the > intended recipient, you are hereby notified that any use of this > information, dissemination, distribution, or copying of this email without > permission is strictly prohibited. > > > -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 8822 bytes Desc: not available URL: From hozer at hozed.org Sat Jan 18 11:23:01 2014 From: hozer at hozed.org (Troy Benjegerdes) Date: Sat, 18 Jan 2014 13:23:01 -0600 Subject: PROFESSIONAL VICTIM CARI MACHET...time for DOXING In-Reply-To: <38a36181ec8f2e9f6882c4b56c69b8f9@remailer.privacy.at> References: <38a36181ec8f2e9f6882c4b56c69b8f9@remailer.privacy.at> Message-ID: <20140118192301.GI3180@nl.grid.coop> > SO a BIG FUCK YOU to CARI MACHET FAKE WHITE BITCH CLAIMING 5 nations membership > > You and Paula Deen both should compare your makeup REDFACE/BLACKFACE makeup > > BITCHES AND CUNTS you BOTH are from the white establishment.. > > NO STUPID YOU DONT LOOK A BIT LIKE a CHEROKEE BAND INDIAN! > > BITCH Dear Anonoperson, you went off the fucking rails here, and you are giving all the other anonopeople a very bad name with this shit. I'm going to assume the best, and you're just freaking pissed off and livid that someone is trying to take your heritage and profit from it somehow. I will leave it to other ethical anonopeople to restore the good name of Anonymous, and point out all the 'worst' assumptions about why you might be doing this. And yeah, shit sucks. We are not going to get any better dragging each other down. That's what the big bankster white man wants. I think I can say that because I'm the little white priviledged son of-a-bitch who's doing his best to hold the family farm long enough for some who respect the Great Spirit to start a Buffalo Insurance company and bring Tatonka back to the plains. I'd rather have buffalo in the field than half of the neighbor's topsoil because they cultivated it 30 times this summer and it all just blew away. Geezus fuckin chthulu-christ. This is cypherpunks. Get back to the fucking crypto-shit, and get me a god-damned distributed futures trading system, so we can get on with this shit instead of letting city-slicksters run the show. From odinn.cyberguerrilla at riseup.net Sat Jan 18 14:25:05 2014 From: odinn.cyberguerrilla at riseup.net (Odinn Cyberguerrilla) Date: Sat, 18 Jan 2014 14:25:05 -0800 Subject: cypherpunks and hackers who dont code? In-Reply-To: References: <3d1fc4a4e28791f48926b4e7175ad622@remailer.privacy.at> Message-ID: <2a846567f30cca513319596fba351be1.squirrel@fruiteater.riseup.net> 1) Thank you for making me laugh, I enjoyed reading that. You should write books.. 2) OTP, One True Pairing! also Oulun Työväen Palloilijat. :-) :-) 3) On a slightly divergent note, yes to more decentralization / free and open source stuff everywhere. More transparency, good. OK, enough buzzwords thrown about. :-) Cheers > Recently it was learned that code, crypto code at least, had become > superfluous. Nothing like that protects anything, and never did. It > has joined alchemy, phrenology, snake religion and astrology as > a pseudo-science for TED rituals and RSA suspicion-fest, > still beloved by the faithful, practiced by charlatans, funded > unstoppably by DoD research and to fill a vast repository of > "unbroken messages" out in Utah, a scholarly debunking topic of > historical recollections of aged cryptographers and classified > conferences at NSA and GCHQ to keep up appearances > of once unbeatable prowess. Fort Meade being converted > to a hospice for the greatest collection of mathematicians. > > Decrypting computers are silently humming with nothing to > crack, blowing through Megawatts of power to protect the jobs > of hundreds of sysadmins and, yes, dumbfoundedly useless > coders surfing for android bestiality. > > Quantum computing collapsed with a whisper, never fulfilling > its promise to render cryptography useless, beaten by a guy > named Snowden or something who revealed that the crypto > leader of the universe had arranged the end of trustworthy > crypto code by rigging holes and backdoors and tricks and > planting malware in every conceivable piece of machinery > everywhere all the time. > > Now everything electromagnetic is romantic daydreaming > of what never was. > > Remaining, for a while longer, is a 3x5 OTP and a pencil. For > sending coded love notes up your MTM ass. Like here. > > > At 04:43 PM 1/18/2014, you wrote: > >>to the inmates: >> its seems we have a number of the intellectually lazy among us >> who either dont/wont >>or in some way refuse to code.. yet they wish to call themselves >>cypherpunks and hackers. >> >> >> >> am I missing something here about these wannabe(s) > > > From hozer at hozed.org Sat Jan 18 12:34:18 2014 From: hozer at hozed.org (Troy Benjegerdes) Date: Sat, 18 Jan 2014 14:34:18 -0600 Subject: anti-prosecution tactics. (Was Re:) In-Reply-To: <20140117130646.3EDFE2280D8@palinka.tinho.net> References: <10612724.qVFqBZNlEa@lap> <20140117130646.3EDFE2280D8@palinka.tinho.net> Message-ID: <20140118203418.GJ3180@nl.grid.coop> On Fri, Jan 17, 2014 at 08:06:46AM -0500, dan at geer.org wrote: > > > The criminals in power have privacy. The rich who can pay have privacy. > > > > Those below the median income have none. > > > It has long been said that obscurity is not security (except > that in modest doses it is). At the same time, obscurity most > assuredly *is* a species of privacy. In other words, the > quotation above has it exactly backwards. > > I have written on this, which is to say that I'm on the record. > The most recent is > > http://geer.tinho.net/geer.uncc.9x13.txt > > In the meantime, everyone on this list is above world median > income (USD 1,225 per annum) and almost everyone is in the > world's 1% (USD 34,000 per annum). I commend Branko Milanovic's > _The Haves and the Have Nots_ to your reading in that regard. > > > --dan > Great article Dan, thank you. In other words, privacy is easy, give up your money, and hide in obscurity. Personally, I'd rather live in a world where the top 1% just publish their tax returns, and keep live online transaction wallets that anyone can watch. Why does this idea threaten people so? I'm under 40 (just barely), and I want the little brothers. There's more money to be made, and lives lived, and the cost is some will do what others think is a crime. Call me an anarcho-capitalist-green-libertarian-farmer. (Except in Minnesota, the Democratic-Farmer-Labor big brother already owns farmer) You're right, we're probably all in the top 1% here. I don't wish to impose my ethics and morals on anyone else, so I feel compelled to advocate radical transparency for most, and creative obscurity for the punks who wish to hide from the Biggest Brother. I think it's actually critical for whomever is the 'Biggest Brother' (and I'm not sure if that's FaceAmaGoogle, or the NSA) to cultivate lots of little brothers they have no control over. If they try to control them, it only takes one to slip through the cover of obscurity with a disruptive innovation (or a disruptive weapon), and crash the biggest. The surveillance states that survive must accept and encourage uncertainty and chaos, or be destroyed by those that do. If one of those states makes me an offer I can't refuse (like Farmland and Wind Turbines), and you hear about it here, I think there is reason to be optimistic. And if you don't hear about it, ask me why. I'm not hard to find. --- FaceGoog, are you listening? You need a cpunk on your payroll .. I would rather work for the NSA, but they won't figure out they need really good people with NO SECURITY CLEARANCE working for them for at least a couple more years. I have more chance of one of the NNSA/DOE open-science labs getting it. I believe I have a lot of asymmetric leverage with the last statement(s), and I hope some other transparency punk will formalize it in a better mathematical/security publication than I can. From odinn.cyberguerrilla at riseup.net Sat Jan 18 14:36:00 2014 From: odinn.cyberguerrilla at riseup.net (Odinn Cyberguerrilla) Date: Sat, 18 Jan 2014 14:36:00 -0800 Subject: Duty now for the future? In-Reply-To: <52DAFFB9.9060203@gogulski.com> References: <3d1fc4a4e28791f48926b4e7175ad622@remailer.privacy.at> <52DAFFB9.9060203@gogulski.com> Message-ID: <6cf51c8d94c866fd9c76709e8b96f7f0.squirrel@fruiteater.riseup.net> There will always be a Duty (Excuse me, I have a Duty to attend to) :-) > Is there a Kickstarter for this? Quasi-serious question! > > On 01/18/2014 11:16 PM, John Young wrote: >> Fort Meade being converted >> to a hospice for the greatest collection of mathematicians. >> > > From coderman at gmail.com Sat Jan 18 14:38:17 2014 From: coderman at gmail.com (coderman) Date: Sat, 18 Jan 2014 14:38:17 -0800 Subject: cypherpunks and hackers who dont code? In-Reply-To: References: <3d1fc4a4e28791f48926b4e7175ad622@remailer.privacy.at> Message-ID: On Sat, Jan 18, 2014 at 2:16 PM, John Young wrote: > Recently it was learned that code, crypto code at least, had become > superfluous. Nothing like that protects anything, and never did. John channeling my innermost fears... i now view crypto as cost factor, rather than protection. "what's your threat model?" [something laughably broad and unrealistic] "let's try to focus on realistic threats" [modest aims to prevent plain-text observation and MitM downgrade attacks like SSLstrip] "so here's how you would build that, since nothing out of the box is sufficient..." [further reduction to prevent trivial passive observation] "if you eschew all these apps and services, and force everyone you communicate with to configure their settings like this..." [departs rejected] for a fun experiment, grab your latest Kali linux, position yourself in the middle, and see just how much of your desktop, Android, iOS activity escapes unmolested... it seems most most in the industry flee to offensive operations lest cruel realities render their crushing existential depression lethal. others plain crazy and try to play on "Hard Mode(TM)"[0] with the life consuming insanity that entails ;) > Quantum computing collapsed with a whisper, never fulfilling > its promise to render cryptography useless why so impatient? sure, DWave is a door stop, but incremental progress continues unabated. > Now everything electromagnetic is romantic daydreaming > of what never was. i still have hope. it starts with absolute anonymity for everyone as basic infrastructure of every network. like internet protocol: privacy edition. i'll let you know when the low latency datagram based unlinkable traffic analysis resistant transport is ready, and we can figure out what step #2 looks like ;P From hozer at hozed.org Sat Jan 18 12:44:28 2014 From: hozer at hozed.org (Troy Benjegerdes) Date: Sat, 18 Jan 2014 14:44:28 -0600 Subject: Privacy cost: was Re: anti-prosecution tactics In-Reply-To: <1569770.LT7nzabdej@lap> References: <20140116183313.GC3180@nl.grid.coop> <4114929.9VWVmFSbvN@lap> <20140116213307.GF3180@nl.grid.coop> <1569770.LT7nzabdej@lap> Message-ID: <20140118204428.GK3180@nl.grid.coop> > > > Abso-fucking-lutely! Still, I would like to know what is the threat model > > > you were talking about. I don't see how advocating privacy and anonymity > > > can be sinister -- apart from using these terms in context that these > > > terms have no purpose other than muddying the waters (i.e. "privacy of > > > government agencies or corporations"). > > > > The cost of privacy is the threat. > > Oh? > > > There's a lot we can do with things that are Free, as in Freedom (software). > > I think there's also a great advance waiting when a viral-freedom copyright > > license (GPL/AGPL) cryptocoin can figure out how to clearly express the cost > > tradeoff of doing verifiably secure anonymous transactions vs what it costs > > to just tell the world you are sending $20 to your grandma and making sure > > it gets there. > > What kind of cost are you talking about. The cost of equipment and electricity > to mine BTC/whateverCoin? Opportunity cost of some kind? Privacy cost (as in: > "my address gets written into a public ledger")? The code bloat of , the blockchain bloat of new addresses all the time, and the biggest one: The god damned mental anguish I have to deal with because the fricking bitcoin client generates a new address for every damned transaction. I just want a couple of well known addresses to keep track of my stuff. If I want privacy (and for the record, I don't), I can hide in high-frequency automated trading and buttonwood exchanges. Otherwise known as 'tradecraft'. The software attempting to 'do it for me' makes for worse privacy and opsec for EVERYONE, at substantial mental, storage, and computation cost. I dunno, maybe I'm missing something here, but then, if I am missing it, how the hell are non-coders (aka, the real world, or journalists, or dissidents) supposed to figure it out? From jamesd at echeque.com Fri Jan 17 20:49:19 2014 From: jamesd at echeque.com (James A. Donald) Date: Sat, 18 Jan 2014 14:49:19 +1000 Subject: name machet NOT found at http://www.accessgenealogy.com/native/final-rolls.htm In-Reply-To: <694980049.3UkphaP84B@lap> References: <694980049.3UkphaP84B@lap> Message-ID: <52DA07CF.40707@echeque.com> On 2014-01-17 20:28, rysiek wrote: > I don't give a flying fuck about whether or not she is a "truly" of First > Nations descent, or not, if she married or not, etc. It is no business of > mine, nor yours. She is making it everyone's business since her argument is that supposedly being a member of an official victim group makes her right and everyone else wrong. Similar to the argument that because Trayvon was black and Zimmerman was ... less black, it must have been Zimmerman attacking Trayvon rather than Trayvon attacking Zimmerman. From coderman at gmail.com Sat Jan 18 15:29:57 2014 From: coderman at gmail.com (coderman) Date: Sat, 18 Jan 2014 15:29:57 -0800 Subject: Hmm maybe so maybe not Re: "Blackphone" said to be "a super-secure nsa-proof" In-Reply-To: <52DAE12D.9080406@cypherpunks.to> References: <1389950750.79148.YahooMailNeo@web141202.mail.bf1.yahoo.com> <52DAE12D.9080406@cypherpunks.to> Message-ID: On Sat, Jan 18, 2014 at 12:16 PM, gwen hastings wrote: > ... > Now in the secure phone case .. there is NO way to know that you are > secure against NSA TAO even if ALL source code to the phone apps and the > base band processor firmware is published.. not even if the VHDL code > for the IC design is published.. > > does mean we stop trying and give up?? hell no...think of it as a > economic problem even classifying enough crypto at realtime speeds for > capture turns into a major pain the the ass even on Narus boxen. indeed, useful as a cost deterrent even if fallible. and of course, it's fun trying to protect against these attacks (e.g. playing on "Hard Mode"). for some definition of "fun"... > but all claims of NSA proof are indeed basically somewhat fraudulent as > its a guarantee that no one checked out the chip design software for > auto insert logic additions to their cell libraries. And with TAO > placing teams of engineers its almost a sure bet that the IC libs are > contaminated either with active flaws or simply important ones that > never got reported. And etc ad nauseam from the silicon on out.. the short list of mandatory steps to play the game: - never mess up! one mistake can be catastrophic. (this means developing habits) - source all hardware through retail outlets paid in cash. (avoid targeted supply chain inserts) - review all open source components related to key generation, management, derivation, zeroisation. or have someone you trust do so. (see also: crowd funded TrueCrypt audit) replace unsatisfactory parts with better ones. (still using my own rngd; so glad to not have to roll my own FDE boot and key mgmt anymore!) - use extensive defense in depth. Virtualization/Qubes, operating system DACLs, user space separation, network isolation, offline-only key management, the list is infinite! - monitor everything: network traffic pre-encryption, running processes, system calls, event logs, RF signals, sounds, power consumption, at the highest granularity possible. analyze what you monitor for anomalies and failures. (if you aren't watching, you won't know when you've caught something interesting, and/or need to harden some first line defenses) - custom build critical software components: kernel, crypto libs, secure applications (ssh,openvpn,etc), high risk browsers, email clients, chat clients, document viewers. (vast majority of exploits are tailored for common builds - if you build your own with custom configuration, suites, supported features, exploitation becomes a tailored and time consuming effort against your specific system) - employ camouflage to further thwart attempted attacks and increase the likelihood they'll be detected. look like WinXP but be a FreeBSD, claim to be Firefox with plugins such and such while actually running hardened chromium, spoof versions and platforms, etc. etc. - employ userspace entropy collection, hardware entropy sources, and strong entropy mixing across all applications, always! you may need libc hooking or dalvik interception to make built-in entropy sources not suck. (e.g. substrate for Android, LD_PRELOAD, etc.) entropy is a lucrative target, hard to verify, and often overlooked - make it a priority! - physical security is paramount: evil maid attacks, covert hw keyloggers, TEMPEST leaking cables. if they get their hands on it, it is pwned! (this may cramp your lifestyle) - operational security: don't even know where to begin with this one. bonus points for getting the fed chick[0] to take a bowl hit ;) > gh(who is now finally picking up the python language in a serious > way) excellent; i like Python quite a bit for many tasks, and you'll want to spend a week going through pypy/pip looking at useful modules. other languages on my short list: - C/C++ (it's everywhere. it will remain everywhere.) - Scheme/Lisp (for the perspective more than utility) - Ruby/PHP/PERL (good complements to Python. except PHP, which should be hated and ostracized :) - Bash/Csh/PowerShell (scripting++) - Go/C#/Java (you're going to want to know these sooner or later) what would you add, and why? best regards, 0. not trying to be a dick, but a dismissive chick label in this situation intentional. employing attractive women (or men?) to HUMINT targets may be par for the social engineering conference course, but subterfuge based in sexual wiles == cheap shots and disrespect. oh how hard i had to work to stifle a chuckle when $fed_chick explained she was "in desktop security but moving into laptops..." see also: "beware strangers with candy" best regards, From adam at cypherspace.org Sat Jan 18 06:31:16 2014 From: adam at cypherspace.org (Adam Back) Date: Sat, 18 Jan 2014 15:31:16 +0100 Subject: more NTRU fun: Homomorphic AES Evaluation Using NTRU In-Reply-To: References: Message-ID: <20140118143116.GA18740@netbook.cypherspace.org> Seems like still 7-orders of magnitude slower than native. Thats is progress though and 1-minute for a single AES block might start to have some niche areas of use if there are no direct algorithms to do whatever it is that needs to be done. (Plus a bunch of esoteric crypto stuff and hardness assumptions that might get weakened over time.) Adam On Sat, Jan 18, 2014 at 02:01:56AM -0800, coderman wrote: >http://eprint.iacr.org/2014/039.pdf >[see pdf for citations / bib] > >Gentry, Halevi and Smart introduced the first evaluation of a complex >circuit, i.e. a full AES block evaluation [...] With 5 minutes per block >evaluation time the byte-sliced implementation is faster, > [...] > homomorphically evaluate the full 128-bit AES circuit in a bit-sliced >implementation to demonstrate the scalability of the introduced technique. >Our implementation is 5 times faster than the byte sliced implementation From coderman at gmail.com Sat Jan 18 15:34:42 2014 From: coderman at gmail.com (coderman) Date: Sat, 18 Jan 2014 15:34:42 -0800 Subject: anti-prosecution tactics. (Was Re:) In-Reply-To: <20140118203418.GJ3180@nl.grid.coop> References: <10612724.qVFqBZNlEa@lap> <20140117130646.3EDFE2280D8@palinka.tinho.net> <20140118203418.GJ3180@nl.grid.coop> Message-ID: On Sat, Jan 18, 2014 at 12:34 PM, Troy Benjegerdes wrote: > ... > --- FaceGoog, are you listening? You need a cpunk on your payroll > .. I would rather work for the NSA, but they won't figure out they > need really good people with NO SECURITY CLEARANCE working for them > for at least a couple more years. I have more chance of one of the > NNSA/DOE open-science labs getting it. better yet: don't security for paid work at all. money corrupts, even subconsciously. do something technical that builds angst and restlessness during the day. hack for great justice bridling that pent up discontent at dark. YMMV From coderman at gmail.com Sat Jan 18 15:41:37 2014 From: coderman at gmail.com (coderman) Date: Sat, 18 Jan 2014 15:41:37 -0800 Subject: Privacy cost: was Re: anti-prosecution tactics In-Reply-To: <20140118204428.GK3180@nl.grid.coop> References: <20140116183313.GC3180@nl.grid.coop> <4114929.9VWVmFSbvN@lap> <20140116213307.GF3180@nl.grid.coop> <1569770.LT7nzabdej@lap> <20140118204428.GK3180@nl.grid.coop> Message-ID: On Sat, Jan 18, 2014 at 12:44 PM, Troy Benjegerdes wrote: > ... > The god damned mental anguish I have to deal with because the fricking bitcoin > client generates a new address for every damned transaction. I just want a > couple of well known addresses to keep track of my stuff. you don't have to use this feature. i just sent some coin back to originating wallet on command line some hours ago, in fact. (and many wallet services, as much as i hate them, can also do this for you as transfer option.) > If I want privacy (and for the record, I don't), I can hide in high-frequency > automated trading and buttonwood exchanges. Otherwise known as 'tradecraft'. > > The software attempting to 'do it for me' makes for worse privacy and opsec > for EVERYONE, at substantial mental, storage, and computation cost. I dunno, > maybe I'm missing something here, but then, if I am missing it, how the hell > are non-coders (aka, the real world, or journalists, or dissidents) supposed > to figure it out? the issue is that anonymity loves company. so those that need it badly also need those who care less to use it for best effectiveness. e.g. NSA may be hacking Tor users, but NSA is also a Tor user! the bomb hoax debacle, etc. that said, the rest of your argument i am in agreement with. the existing techniques suck, privacy is too expensive, and myriad well intention-ed idiots are pissing in the pool already filled with IC dookie. best regards, From coderman at gmail.com Sat Jan 18 15:43:59 2014 From: coderman at gmail.com (coderman) Date: Sat, 18 Jan 2014 15:43:59 -0800 Subject: independently assisting oversight of highly classified programs In-Reply-To: References: Message-ID: On Sat, Jan 18, 2014 at 2:59 PM, grarpamp wrote: > ... > Though lacking a reference, I believe members of congress may > speak/leak at will on the floor in open public session and shall not > be held to any crime for doing so. Of course in return the government > or the public may not support their ongoing candidacy. citation? my understanding is that statements in congress are public, and subject to same unauthorized disclosure laws. only the POTUS can unilaterally decide to "leak" something in public without legal repercussions (impeachment aside). From datapacrat at gmail.com Sat Jan 18 13:46:49 2014 From: datapacrat at gmail.com (DataPacRat) Date: Sat, 18 Jan 2014 16:46:49 -0500 Subject: cypherpunks and hackers who dont code? In-Reply-To: <3d1fc4a4e28791f48926b4e7175ad622@remailer.privacy.at> References: <3d1fc4a4e28791f48926b4e7175ad622@remailer.privacy.at> Message-ID: On Sat, Jan 18, 2014 at 4:43 PM, Anonymous Remailer (austria) wrote: > > to the inmates: > its seems we have a number of the intellectually lazy among us who either dont/wont > or in some way refuse to code.. yet they wish to call themselves cypherpunks and hackers. > > > > am I missing something here about these wannabe(s) Possibly this: http://www.catb.org/jargon/html/H/hacker.html ? Thank you for your time, -- DataPacRat "Then again, I could be wrong." From grarpamp at gmail.com Sat Jan 18 13:54:47 2014 From: grarpamp at gmail.com (grarpamp) Date: Sat, 18 Jan 2014 16:54:47 -0500 Subject: Fwd: Email is unsecurable - maybe not? In-Reply-To: <035e01cf12ee$0cb9e6e0$262db4a0$@shazzle.com> References: <035e01cf12ee$0cb9e6e0$262db4a0$@shazzle.com> Message-ID: More direct junkmail... ---------- Forwarded message ---------- From: Doug McFetters Date: Thu, Jan 16, 2014 at 2:06 PM Subject: Email is unsecurable - maybe not? To: grarpamp at gmail.com Hello I ran across the Nov 25 blog post on RandomBit.net titled ‘Email is unsecurable.’ I think we have pretty much developed what was imagined here. We identified the same flaws with email and came up with sending p2p tossing aside client/server architecture and using the sender’s smartphone as a server. And, like it was suggested, we don't send until someone comes up on line. App is free for consumers with iOS or Android device. Currently have tools for POP3/SMTP clients or our own slimmed down email client. Would love for you to try it out and let us know what you think. Or happy to hop on a call to discuss in more detail. Here is a link to get started - http://shazzlemail.com/quick-start Thanks Doug Doug McFetters VP, Operations Public: dmcfetters at shazzle.com Private & Secure: doug at zmail.shazzlemail.com (602) 793-1058 [image: Logo v7 small] ShazzleMail.com | Visit us on Facebook! This email is only for the use of the intended recipient. Any unauthorized use or distribution is prohibited. If you received this email in error, please reply to the sender and destroy all copies of the email. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3546 bytes Desc: not available URL: From jya at pipeline.com Sat Jan 18 14:16:58 2014 From: jya at pipeline.com (John Young) Date: Sat, 18 Jan 2014 17:16:58 -0500 Subject: cypherpunks and hackers who dont code? In-Reply-To: <3d1fc4a4e28791f48926b4e7175ad622@remailer.privacy.at> References: <3d1fc4a4e28791f48926b4e7175ad622@remailer.privacy.at> Message-ID: Recently it was learned that code, crypto code at least, had become superfluous. Nothing like that protects anything, and never did. It has joined alchemy, phrenology, snake religion and astrology as a pseudo-science for TED rituals and RSA suspicion-fest, still beloved by the faithful, practiced by charlatans, funded unstoppably by DoD research and to fill a vast repository of "unbroken messages" out in Utah, a scholarly debunking topic of historical recollections of aged cryptographers and classified conferences at NSA and GCHQ to keep up appearances of once unbeatable prowess. Fort Meade being converted to a hospice for the greatest collection of mathematicians. Decrypting computers are silently humming with nothing to crack, blowing through Megawatts of power to protect the jobs of hundreds of sysadmins and, yes, dumbfoundedly useless coders surfing for android bestiality. Quantum computing collapsed with a whisper, never fulfilling its promise to render cryptography useless, beaten by a guy named Snowden or something who revealed that the crypto leader of the universe had arranged the end of trustworthy crypto code by rigging holes and backdoors and tricks and planting malware in every conceivable piece of machinery everywhere all the time. Now everything electromagnetic is romantic daydreaming of what never was. Remaining, for a while longer, is a 3x5 OTP and a pencil. For sending coded love notes up your MTM ass. Like here. At 04:43 PM 1/18/2014, you wrote: >to the inmates: > its seems we have a number of the intellectually lazy among us > who either dont/wont >or in some way refuse to code.. yet they wish to call themselves >cypherpunks and hackers. > > > > am I missing something here about these wannabe(s) From grarpamp at gmail.com Sat Jan 18 14:59:00 2014 From: grarpamp at gmail.com (grarpamp) Date: Sat, 18 Jan 2014 17:59:00 -0500 Subject: independently assisting oversight of highly classified programs In-Reply-To: References: Message-ID: On Fri, Jan 17, 2014 at 7:30 PM, coderman wrote: > however this person is dedicated to keeping Wyden within bounds as far > as what he publicly discusses. Though lacking a reference, I believe members of congress may speak/leak at will on the floor in open public session and shall not be held to any crime for doing so. Of course in return the government or the public may not support their ongoing candidacy. From mixmaster at remailer.privacy.at Sat Jan 18 10:51:42 2014 From: mixmaster at remailer.privacy.at (Anonymous Remailer (austria)) Date: Sat, 18 Jan 2014 19:51:42 +0100 (CET) Subject: PROFESSIONAL VICTIM CARI MACHET...time for DOXING Message-ID: <38a36181ec8f2e9f6882c4b56c69b8f9@remailer.privacy.at> hmm seems like anonymous may have a new project DOXING a fake indian/professional victim and publishing all of her sordid details publicly.. perhaps public shame will cause modification of her behavour.. for one thing though when you choose to announce 5 nations(civilized tribe) blood or membership as a way of winning discussions its like saying your great great grand parents and ALL of their family were awoken in the middle of the night and force marched 2k+ miles without supplies or belonging in an affort to exterminate them deiberately Do that around an actual descendant of the 5 nations and you will get checked out and backgrounded... again.. its not something for idle chitchat... other racial groups that have experience same such as the jewish "racial" grouping also keep track of holocaust survivor member names and descendants for reparation and claims, By a similar token citizenship or kin ship with a member of an indian nation is taken quite seriously by a lot of us as in the case of Cherokee or Seminole band membership an and reservation status may convey serious financial advantage or hardship(depending on which tribe) ie for seminole or cherokee it may mean a share of casino profits and land for choctaw band/nation indians it means getting included as part of Obummers new plantation system (the choctaw nation was called out specifically) for navajo nation bands it means your res is mined for Uranium and thorium and you get to have ALL your water supplies polluted by the white owned company that was given permission to invade and ruin what is essentially a foreign nation by the USG(this is present day) SO a BIG FUCK YOU to CARI MACHET FAKE WHITE BITCH CLAIMING 5 nations membership You and Paula Deen both should compare your makeup REDFACE/BLACKFACE makeup BITCHES AND CUNTS you BOTH are from the white establishment.. NO STUPID YOU DONT LOOK A BIT LIKE a CHEROKEE BAND INDIAN! BITCH From juan.g71 at gmail.com Sat Jan 18 15:22:38 2014 From: juan.g71 at gmail.com (Juan Garofalo) Date: Sat, 18 Jan 2014 20:22:38 -0300 Subject: AHEM! Please dont feed the Troll(s)! In-Reply-To: References: Message-ID: If anything, you're the troll here. (top posted on purpose) --On Saturday, January 18, 2014 11:08 PM +0100 "Anonymous Remailer (austria)" wrote: > > Sigh, > > seems every crop of new cypherpunks has to learn this lesson. > > > Folks, > Please DONT FEED the trolls here on cypherpunks.. dont repeat their > subject lines dont respond to them, ignore them and killfile them if > possible so you are not tempted to respond to them. > > Trust me its like wrestling with a pig in shit. after a while you > notice the pig is enjoying him/herself. > > Anything you tell a troll will be used as more fuel for the fire.. trust > me I have seen this many times! > > > > the anon moderator > > > From mixmaster at remailer.privacy.at Sat Jan 18 13:20:11 2014 From: mixmaster at remailer.privacy.at (Anonymous Remailer (austria)) Date: Sat, 18 Jan 2014 22:20:11 +0100 (CET) Subject: TROY BENJEGER TRIES TO GET IN PROFESSIONAL VICTIMS PANTS Message-ID: and your angling to get in the professional victims pussy is obvious.. whats the matter cant make the bad persons stop telling the truth about your girlfriend? fuck you troy benjeger cock blocking anonpeople ps you give cypherpunks a bad name... pussy From juan.g71 at gmail.com Sat Jan 18 17:28:48 2014 From: juan.g71 at gmail.com (Juan Garofalo) Date: Sat, 18 Jan 2014 22:28:48 -0300 Subject: Cari Machet In-Reply-To: <52DB1E60.4070205@echeque.com> References: <52DB1E60.4070205@echeque.com> Message-ID: <052AC9F0D511AFB77A743024@F74D39FA044AA309EAEA14B9> --On Sunday, January 19, 2014 10:37 AM +1000 "James A. Donald" wrote: > > An actual native american, probably male, You mean you using sockpuppet. > gets pissed because this faux > indian is an embarrassment to actual Indians. . > > It would perhaps have been more entertaining had her argument been that > private property oppresses women. > > > From juan.g71 at gmail.com Sat Jan 18 17:29:27 2014 From: juan.g71 at gmail.com (Juan Garofalo) Date: Sat, 18 Jan 2014 22:29:27 -0300 Subject: Cari Machet Message-ID: <17C1A0A656250A2EA4FCDEFD@F74D39FA044AA309EAEA14B9> --On Sunday, January 19, 2014 10:37 AM +1000 "James A. Donald" wrote: > > An actual native american, probably male, You mean, you using +a sockpuppet. > gets pissed because this faux > indian is an embarrassment to actual Indians. > > It would perhaps have been more entertaining had her argument been that > private property oppresses women. > > > From mixmaster at remailer.privacy.at Sat Jan 18 13:43:38 2014 From: mixmaster at remailer.privacy.at (Anonymous Remailer (austria)) Date: Sat, 18 Jan 2014 22:43:38 +0100 (CET) Subject: cypherpunks and hackers who dont code? Message-ID: <3d1fc4a4e28791f48926b4e7175ad622@remailer.privacy.at> to the inmates: its seems we have a number of the intellectually lazy among us who either dont/wont or in some way refuse to code.. yet they wish to call themselves cypherpunks and hackers. am I missing something here about these wannabe(s) From rysiek at hackerspace.pl Sat Jan 18 14:00:55 2014 From: rysiek at hackerspace.pl (rysiek) Date: Sat, 18 Jan 2014 23:00:55 +0100 Subject: Replacing corporate search engines with anonymous/decentralized search In-Reply-To: References: <1388305027.11664.55.camel@debian> <19029347.avvEohIsFf@lap> Message-ID: <11309650.9mz3BQGylJ@lap> Dnia piątek, 17 stycznia 2014 10:55:33 Sean Lynch pisze: > > In Firefox it's called "The Awesome Bar", and it sifts through your > > history > > and bookmarks (I bookmark a lot, and tag these pretty exactly, which helps > > immensely). > > I'm talking about anytime you type into text boxes. Which "text boxes"? Any form on Teh Intertubes? THe AwesomeBar or SearchBar? > The goal of this proposal was to return to the hypertextual nature of the > web in order to reduce our dependence on centralized indexes. However, I > find your proposal to improve the utility of the AwesomeBar interesting. It's easy (it just requires a habit of decent tagging), and effective -- when I remember an information I found important from a website I visited, it's usually in my bookmarks, tagged properly. This means 95% of the time as far as information I have already seen is concerned, the AwesomeBar reaching down to my bookmarks is enough to get what I need, no need to go to Google here. > > The downside, of course, is that it works only for links that I have > > already > > visited. > > > > So here's the idea: sharing bookmark tags and links with each other, via > > some > > extention for example, and making "The Awesome Bar" (damn, I hate that > > name) > > sift through bookmarks/tags of people in your "network" (what that means > > would > > have to be defined, but as Mozilla Sync can already store bookmarks, the > > data > > can already be on a server, just use it). > > An even simpler proposal: assuming the AwesomeBar doesn't already include > live bookmarks in its autocomplete functionality, add it. Then anyone can > simply publish their bookmarks via RSS and anyone else can import them. > Then someone can just add functionality to create live bookmarks that pull > signed and possibly encrypted (with Ed25519/Curve25519 of course) RSS feeds > from a DHT. Not that easy, as everybody would need to publish their bookmark RSS/Atom channels not entirely in accordance with how it is being done usually on the 'Net. Usually, only the first 10-30 headlines/items are in the RSS/Atom channel, the older ones (it is assumed) are already cached in users' RSS/Atom readers. Firefox does not cache live bookmarks, so each time you only get the current 10-30 items, all older are "lost". This makes sense with regard to the intended use of this functionality in Firefox (and other browsers), but unfortunately makes it harder to implement interesting bookmarks sharing the way you described. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From mixmaster at remailer.privacy.at Sat Jan 18 14:08:10 2014 From: mixmaster at remailer.privacy.at (Anonymous Remailer (austria)) Date: Sat, 18 Jan 2014 23:08:10 +0100 (CET) Subject: AHEM! Please dont feed the Troll(s)! Message-ID: Sigh, seems every crop of new cypherpunks has to learn this lesson. Folks, Please DONT FEED the trolls here on cypherpunks.. dont repeat their subject lines dont respond to them, ignore them and killfile them if possible so you are not tempted to respond to them. Trust me its like wrestling with a pig in shit. after a while you notice the pig is enjoying him/herself. Anything you tell a troll will be used as more fuel for the fire.. trust me I have seen this many times! the anon moderator From bill.stewart at pobox.com Sat Jan 18 23:16:48 2014 From: bill.stewart at pobox.com (Bill Stewart) Date: Sat, 18 Jan 2014 23:16:48 -0800 Subject: Feeding trolls In-Reply-To: <52DB1E60.4070205@echeque.com> References: <52DB1E60.4070205@echeque.com> Message-ID: <20140119071700.F35E1106DD@a-pb-sasl-quonix.pobox.com> At 04:37 PM 1/18/2014, James A. Donald wrote: >Girl enters list that discusses intellectual topics. Sorry, James, but we really don't need sexist or racist trolling here. This is Cypherpunks, and we've got plenty of appropriate things to troll about. I was driving the other day, and caught part of Obama's weasel-speech about how he's issuing orders to the NSA not to get caught so blatantly. Had to turn it off, because throwing things at the radio while driving isn't safe. I might have been able to sit through more of it if I'd been home on my couch with enough beer to do the "drink if he says something blatantly ridiculous" bingo game, or at the bar at Shmoocon or something. From mike at gogulski.com Sat Jan 18 14:27:05 2014 From: mike at gogulski.com (Mike Gogulski) Date: Sat, 18 Jan 2014 23:27:05 +0100 Subject: Duty now for the future? In-Reply-To: References: <3d1fc4a4e28791f48926b4e7175ad622@remailer.privacy.at> Message-ID: <52DAFFB9.9060203@gogulski.com> Is there a Kickstarter for this? Quasi-serious question! On 01/18/2014 11:16 PM, John Young wrote: > Fort Meade being converted > to a hospice for the greatest collection of mathematicians. > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 295 bytes Desc: OpenPGP digital signature URL: From jamesdbell8 at yahoo.com Sun Jan 19 00:27:35 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Sun, 19 Jan 2014 00:27:35 -0800 (PST) Subject: Updates on the Death Prediction Lottery. In-Reply-To: <167471390091196@web2h.yandex.ru> References: <167471390091196@web2h.yandex.ru> Message-ID: <1390120055.52888.YahooMailNeo@web164606.mail.gq1.yahoo.com> From: David - >Some updates to DPL. >1) I have added a lot of names, mainly FISA court members and people from intelligence agencies. >2) I have decided not to have multiple pools but to have every name in the same death pool. Most names qualify for 75% of the pool funds, a few for 100%.> > >The list is not complete yet, and I would consider any suggestions that I might receive. >D. I recommend that you ask for "ideas", not "suggestions.  While I see no reason to believe that a "death prediction lottery" is illegal, any prosecutor salivating to victimize people would want to charge 'conspiracy', an extraordinarily broad charge.   A 'conspiracy' is an agreement by two or more people to commit a crime, and at least one action done in furtherance of that crime. Asking for 'suggestions'  implies an offer, and giving the 'suggestion' implies an agreement, and the implementation of that agreement could be called the completion of that conspiracy.  Asking for mere 'ideas', instead of 'suggestions', tends to isolate the source of those ideas from responsibility.  I wish somebody (one not associated with any DPL, 'AM', 'AP', etc) would file a lawsuit in federal court, challenging the government to prove that a 'death prediction lottery' or 'Assassination Market' is necessarily illegal.  That's because currently the Feds may be secretly planning to file charges against 'AM's Sanjuro or others, and it would be better to pre-challenge them, before they can act like heroes, sweep in, and arrest the 'evil criminals'.          Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2156 bytes Desc: not available URL: From mixmaster at remailer.privacy.at Sat Jan 18 15:37:42 2014 From: mixmaster at remailer.privacy.at (Anonymous Remailer (austria)) Date: Sun, 19 Jan 2014 00:37:42 +0100 (CET) Subject: test 6 Message-ID: <45ce9c9d6da3b678abc213208ab253fb@remailer.privacy.at> test 6 From hozer at hozed.org Sat Jan 18 22:45:39 2014 From: hozer at hozed.org (Troy Benjegerdes) Date: Sun, 19 Jan 2014 00:45:39 -0600 Subject: AHEM! Please dont feed the Troll(s)! In-Reply-To: References: Message-ID: <20140119064539.GL3180@nl.grid.coop> On Sat, Jan 18, 2014 at 11:08:10PM +0100, Anonymous Remailer (austria) wrote: > > Sigh, > > seems every crop of new cypherpunks has to learn this lesson. > > > Folks, > Please DONT FEED the trolls here on cypherpunks.. dont repeat their subject lines > dont respond to them, ignore them and killfile them if possible so you are not tempted > to respond to them. > > Trust me its like wrestling with a pig in shit. after a while you > notice the pig is enjoying him/herself. > > Anything you tell a troll will be used as more fuel for the fire.. trust me I have seen > this many times! You know, I kinda liked that little episode of honest-to-god dirty shit. It's good practice for politics. It's a good diversion from arguments with bitcoiners who work for the FaceGoog From carimachet at gmail.com Sat Jan 18 15:49:43 2014 From: carimachet at gmail.com (Cari Machet) Date: Sun, 19 Jan 2014 00:49:43 +0100 Subject: independently assisting oversight of highly classified programs In-Reply-To: References: Message-ID: On Sun, Jan 19, 2014 at 12:43 AM, coderman wrote: > On Sat, Jan 18, 2014 at 2:59 PM, grarpamp wrote: > > ... > > Though lacking a reference, I believe members of congress may > > speak/leak at will on the floor in open public session and shall not > > be held to any crime for doing so. Of course in return the government > > or the public may not support their ongoing candidacy. > > citation? my understanding is that statements in congress are public, > and subject to same unauthorized disclosure laws. only the POTUS can > unilaterally decide to "leak" something in public without legal > repercussions (impeachment aside). > they cannot speak/leak neither can the executive branch > see dick cheney -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1894 bytes Desc: not available URL: From hozer at hozed.org Sat Jan 18 22:57:08 2014 From: hozer at hozed.org (Troy Benjegerdes) Date: Sun, 19 Jan 2014 00:57:08 -0600 Subject: TROY BENJEGER TRIES TO GET IN PROFESSIONAL VICTIMS PANTS In-Reply-To: References: Message-ID: <20140119065708.GM3180@nl.grid.coop> On Sat, Jan 18, 2014 at 10:20:11PM +0100, Anonymous Remailer (austria) wrote: > > and your angling to get in the professional victims pussy is obvious.. > > > whats the matter cant make the bad persons stop telling the truth about your girlfriend? > > > fuck you troy benjeger > cock blocking anonpeople > ps you give cypherpunks a bad name... pussy A packet in a pocket run through the wringer pulls traces of anonopeople Up to Bigger Brothers Feed the trolls Signal anal-ists have fun From mixmaster at remailer.privacy.at Sat Jan 18 15:58:09 2014 From: mixmaster at remailer.privacy.at (Anonymous Remailer (austria)) Date: Sun, 19 Jan 2014 00:58:09 +0100 (CET) Subject: Cari Machet Message-ID: I've been watching this shit throwing match between Troy and Cari for the last few days and, let me just say, both of you need to GROW THE FUCK UP. I don't give a rats ass if Cari is a 'real Indian' or just some crazy bitch pretending to be one and I don't give a fuck if Troy is offended by her pretending. This list is NOT the place for this bullshit. Get a room and fuck it out or just take it off-list but keep us the hell out of it. From rysiek at hackerspace.pl Sat Jan 18 16:01:53 2014 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 19 Jan 2014 01:01:53 +0100 Subject: Duty now for the future? In-Reply-To: <6cf51c8d94c866fd9c76709e8b96f7f0.squirrel@fruiteater.riseup.net> References: <3d1fc4a4e28791f48926b4e7175ad622@remailer.privacy.at> <52DAFFB9.9060203@gogulski.com> <6cf51c8d94c866fd9c76709e8b96f7f0.squirrel@fruiteater.riseup.net> Message-ID: <2521891.3yOsBQ2PCo@lap> Dnia sobota, 18 stycznia 2014 14:36:00 Odinn Cyberguerrilla pisze: > There will always be a Duty > > (Excuse me, I have a Duty to attend to) There's a pun around "duty-free" somewhere here, I'm sure... -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From mixmaster at remailer.privacy.at Sat Jan 18 16:02:11 2014 From: mixmaster at remailer.privacy.at (Anonymous Remailer (austria)) Date: Sun, 19 Jan 2014 01:02:11 +0100 (CET) Subject: Is JYA now a medical Cannabis patient? Message-ID: <19c49cbabf15734b23381c12de2bfc9a@remailer.privacy.at> hi everyone, Subject says it all, JYA has gotten rather loopy in his postings as of late refuses to bow to Ft Meade and the blessed repository of crypto knowledge our thought is the the NSA may be spiking/drugging his morning beverages or perhaps he is newly a medical cannabis patient... one does wonder From jamesdbell8 at yahoo.com Sun Jan 19 01:23:14 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Sun, 19 Jan 2014 01:23:14 -0800 (PST) Subject: Updates on the Death Prediction Lottery. In-Reply-To: <172201390121508@web15m.yandex.ru> References: <167471390091196@web2h.yandex.ru> <1390120055.52888.YahooMailNeo@web164606.mail.gq1.yahoo.com> <172201390121508@web15m.yandex.ru> Message-ID: <1390123394.95840.YahooMailNeo@web164601.mail.gq1.yahoo.com> Well, while the chosen name "Assassination Market" is intentionallyquite provocative, Sanjuro's 'AM' site includes some appropriate caveats (they will pay regardless of the nature of the death, including presumably:  Accidents, natural disasters, illnesses, suicide, etc) that ought to make it the overall system legal.   (At least, legal with the exception of some people out there who might commit murder.)             Jim Bell ________________________________ From: David - To: "cypherpunks at cpunks.org" Sent: Sunday, January 19, 2014 12:51 AM Subject: Re: Updates on the Death Prediction Lottery.  Thank you for your ideas. There is indeed a very important distinction here.   I am quite sure that 'Assassination Market' would be illegal. That being said I run a 'death prediction lottery', which is something else entirely.      19.01.2014, 12:30, "Jim Bell" : From: David - >>Some updates to DPL. > >>1) I have added a lot of names, mainly FISA court members and people from intelligence agencies. >>2) I have decided not to have multiple pools but to have every name in the same death pool. Most names qualify for 75% of the pool funds, a few for 100%.> >> >>The list is not complete yet, and I would consider any suggestions that I might receive. >>D. > >I recommend that you ask for "ideas", not "suggestions.  While I see no reason to believe that a "death prediction lottery" is illegal, any prosecutor salivating to victimize people would want to charge 'conspiracy', an extraordinarily broad charge.   A 'conspiracy' is an agreement by two or more people to commit a crime, and at least one action done in furtherance of that crime. Asking for 'suggestions'  implies an offer, and giving the 'suggestion' implies an agreement, and the implementation of that agreement could be called the completion of that conspiracy.  Asking for mere 'ideas', instead of 'suggestions', tends to isolate the source of those ideas from responsibility.  > >I wish somebody (one not associated with any DPL, 'AM', 'AP', etc) would file a lawsuit in federal court, challenging the government to prove that a 'death prediction lottery' or 'Assassination Market' is necessarily illegal.  That's because currently the Feds may be secretly planning to file charges against 'AM's Sanjuro or others, and it would be better to pre-challenge them, before they can act like heroes, sweep in, and arrest the 'evil criminals'. >         Jim Bell > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4621 bytes Desc: not available URL: From mixmaster at remailer.privacy.at Sat Jan 18 17:01:02 2014 From: mixmaster at remailer.privacy.at (Anonymous Remailer (austria)) Date: Sun, 19 Jan 2014 02:01:02 +0100 (CET) Subject: test 3 Message-ID: t 3 From grarpamp at gmail.com Sat Jan 18 23:53:21 2014 From: grarpamp at gmail.com (grarpamp) Date: Sun, 19 Jan 2014 02:53:21 -0500 Subject: independently assisting oversight of highly classified programs In-Reply-To: References: Message-ID: On Sat, Jan 18, 2014 at 6:49 PM, Cari Machet wrote: > On Sun, Jan 19, 2014 at 12:43 AM, coderman wrote: >> On Sat, Jan 18, 2014 at 2:59 PM, grarpamp wrote: >> > ... >> > Though lacking a reference, I believe members of congress may >> > speak/leak at will on the floor in open public session and shall not >> > be held to any crime for doing so. Of course in return the government >> > or the public may not support their ongoing candidacy. >> >> citation? my understanding is that statements in congress are public, >> and subject to same unauthorized disclosure laws. only the POTUS can >> unilaterally decide to "leak" something in public without legal >> repercussions (impeachment aside). > > they cannot speak/leak neither can the executive branch > see dick cheney """ US Constitution - Art 1, Sec 6: The Senators and Representatives ... shall in all Cases, except Treason, Felony and Breach of the Peace, be privileged from Arrest during their Attendance at the Session of their respective Houses, and in going to and returning from the same; and for any Speech or Debate in either House, they shall not be questioned in any other Place. """ The bit after the semicolon is interesting. It appears to grant immunity outside Place of Congress for speech in Congress, and since Congress has no real internal law/police/judge/jail of its own, speak all you want. This has been subsequently developed... https://en.wikipedia.org/wiki/Speech_or_Debate_Clause Then there's Art 1 Sec 5 PP2 and PP3 and so on that might be applied after the fact. Though right now there is CSPAN and observation balconies for the public/press, so any speech bombs that someone drops would make it out to the world. Congress (Sen/Rep) is not the Executive (VP), so different rules can and do apply there. From mixmaster at remailer.privacy.at Sat Jan 18 19:21:56 2014 From: mixmaster at remailer.privacy.at (Anonymous Remailer (austria)) Date: Sun, 19 Jan 2014 04:21:56 +0100 (CET) Subject: Updates on the Death Prediction Lottery Message-ID: <416f6d859d7b0d788d10b71d70ebc110@remailer.privacy.at> Good work with the DPL! I visited the site a few weeks ago and saw it was coming along very nicely. I do have a concern about buy-in costs though. Are you planning on ever lowering the costs to cheaper than 1 bitcoin? At the current price, many can't afford to make a prediction. If you lowered, more people would participate and the pool would grow larger, more quickly. Just a thought. On 01/18/2014 06:26 PM, David - wrote:> Some updates to DPL. > > 1) I have added a lot of names, mainly FISA court members and people from intelligence agencies. > 2) I have decided not to have multiple pools but to have every name in the same death pool. Most names qualify for 75% of the pool funds, a few for 100%. > > The list is not complete yet, and I would consider any suggestions that I might receive. > > D. > > From vfwavrwava at yandex.com Sat Jan 18 16:26:36 2014 From: vfwavrwava at yandex.com (David -) Date: Sun, 19 Jan 2014 04:26:36 +0400 Subject: Updates on the Death Prediction Lottery. Message-ID: <167471390091196@web2h.yandex.ru> Some updates to DPL. 1) I have added a lot of names, mainly FISA court members and people from intelligence agencies. 2) I have decided not to have multiple pools but to have every name in the same death pool. Most names qualify for 75% of the pool funds, a few for 100%. The list is not complete yet, and I would consider any suggestions that I might receive. D. From coderman at gmail.com Sun Jan 19 07:12:07 2014 From: coderman at gmail.com (coderman) Date: Sun, 19 Jan 2014 07:12:07 -0800 Subject: cypherpunks and hackers who dont code? In-Reply-To: <52DB8E10.8070904@gogulski.com> References: <3d1fc4a4e28791f48926b4e7175ad622@remailer.privacy.at> <52DB8E10.8070904@gogulski.com> Message-ID: On Sun, Jan 19, 2014 at 12:34 AM, Mike Gogulski wrote: > ... > Hopefully that will look something like: "When the WAN LED on your $9.99 > Myanmarese consumer Wi-Fi cable modem router slows its blinking rate to > sub-epileptic levels, SAFE SURFING ON THE INFORMATION SUPERHIGHWAY mode > is activated, and AL FREAKING GORE. It is now safe to press the 'connect > to safe internet' buttons in Internet Explorer." this is pre snowden thinking; usability demands that it immediately emits only one state on boot: a glowing blue LED "SECURE". once the network is up, now lights "SUPER SECURE". (it can only be SECURE, lest the wrong impression be conveyed by accident) further usability refinements will result in glowing blue "+", and when on line, "++". it will have no ports or buttons, but know by how you hold if you want it on or off, or to restart... some time later, "Why Jane can't network" will dissect the usability failures of this adventure and determine: metcalf trumps simple! usability implies enough will buy and use it. , much wailing, gnashing of teeth... dependency hell leading to intractable graph recursion. From coderman at gmail.com Sun Jan 19 07:18:14 2014 From: coderman at gmail.com (coderman) Date: Sun, 19 Jan 2014 07:18:14 -0800 Subject: Updates on the Death Prediction Lottery. In-Reply-To: <167471390091196@web2h.yandex.ru> References: <167471390091196@web2h.yandex.ru> Message-ID: On Sat, Jan 18, 2014 at 4:26 PM, David - wrote: > ... > The list is not complete yet, and I would consider any suggestions that I might receive. please add me[0] to the list. my worst enemy; that fucker has it coming! best regards, 0. where me == coderman at gmail.com / 0x65A847E7C2B9380C true name just a hop skip jump from this and other identifiers, but why ruin the fun? -------------- next part -------------- -----BEGIN PGP PUBLIC KEY BLOCK----- mQStBAAAcjURDADr+BmpnhH+3n2ZNsrInvXMQL4pyFkysD0h9uhVKScUaQu5WoYT TSbgP0MINjjba7hq8j6bFfMZgaRfJU4O6w8BO9ugjjre8RopBptpgabCdXNzZS6Q 3YqBxb723pnYOj35Ie0fXMGDZZeNseSv76ATr+GuVtQ4VuDr8XmEkreS/Jikkuot r2VeII/7GmJ6tdEHF3yIPFXhOzp32fEyzc2ZaKmyR5wo7CT9GR4oFhSdnzXhw3CZ DqSqQx3eRLGX8gGgEiye3CluekcRmD7V2m4fWZsnD1ohdxBAx/8TWf/rF5H9lp5O 1dWNE03MK9Iuzfnc+kcsUhQHcRIR1fzeYGtHL9cEXckxOuvZpxGqPr9vg6jxVD+/ VhEkcHHVzSj1gidj4BdSzMsfBc9yS+aYGX8O9GLcYk2+ry3VZOkb2QnDlrgd8o3H LBSleqxxoXpn+m5obatK0kkxzvD4LCuMHlvel/Fq5/5I37l7zL0drQ2j3XLSJjpW gFT7p/PQTBnt1nsBAM+ZbY4kaX+O15NzYcoNzr1GwnQKn6T49c/Tv8hNR0EpDADf bMFJrTfQKtK4/1F/ERUzygPa8wYzMZDCO5Tfjhx6x3ctHSj/7nT/vqYoutip7KXi LZ+2D/UqXDqj7WycJ1NBpqKvnvzjbcrXYHV+MSWZRIMS2bKRbq9Dmck8Rc3rVoRN p49/M5zLfyWA9CLj/A15zOjqI0y53tExogFVdykXoJmfy/zvm4wme+4X6h2BAmQv tZP5Z+aYmYCtPxkqzaTrkTw4QRVdz/Iykw5rPn7bzi5Rw1jHPNl+9L2+wGfSeJNl hCmiwdZWddKV0rHBfo7tegd82Oi8BS4dZFsDCPbXBiHFMWvtgR0b+2+V8THIc9k3 0ZvpxWHjreVvl/9ikGyfpZTenrbKjKO6hKrgwG9/Ev/FSQhyiqFeO7ysUEfGzsXu oNEeN95MlgVPdeOvClq11MYaRXZ2pjuoMiOM7bZzxz79CgA5i8ebraVAbUZLbDLM cmLkKFv2JpiBlJtahZe6jIij7XOFlKjWlxbVxMOmfqoY6p2xZQ+QIuYJyEaoVq8L 9RYy8LF29QsCfMRF+X8VGFU8FQYoJDvpJRNgX4urBtZltMpsLFFREDVUrScXoXmZ KgUgkcttWMIDOWg0ZHzTuvNmMwvO3c/C3i+48Xoge+JXY+KHH8HY4vcJ7M7Bggfq 4U2Fp6f1mBv61iFu3cet1xHcCt1IVYZSXh/DLWQcRDM//tPoDcaDs9r4L2IlPGL/ 1iC6uz2X4ZOHQLYHMYi10yirXNce3GVZplB2HUuW5gjgqcG/5S3g9MJLnY2UXlRG uiNFmzuxqFQKYK13noMCwTxNr7hOrgf2isc/ILsXJ0a1NEmCgfg5DUldkm0VURfs u572h83WIj5lglExvvXC85bHckczDNeObt5mL3cd4XQvDzgQ2RtfjsqFdmkMA/7W yqkhT+E1yIk23qmSrasS5u3uz0zw9kFOiGa6HNGjwskSNhoEmK+pPELla8IwXIzV L/6iOODXuSM9MHNfmUFTxiD6oLN02DILrMqvn7qQ5I+KxjGpNGQtI+NYZMj+chTp tI5oaWRkZW5AZG90Lm9uaW9uICgiYm9ybiBvbiBKYW51YXJ5IDMxIDE5NzkgLi4g YWxsIHByaW1lIG51bWJlcnMgLi4gSSB3b3VsZCBzaXQgb24gdGhlIGZsb29yIGlu IG15IGJlZHJvb20gYW5kIGp1c3QgY291bnQuIikgPGhpZGRlbkBkb3Qub25pb24+ iHkEExEIACEFAgAAcjUCGwMFCwkIBwMFFQoJCAsFFgMCAQACHgECF4AACgkQZahH 58K5OAw/QwD9EJaiCtFysCYeCuQfABa+Np68FkIlq9xunDqpxO8JtmwBAKchQFu9 +bHa2tXJZeTwR4SR3oiyBN3tzRP3f4c4zCL6uQMNBAAAcjUQDAC5x2Igm4sw/3ch fBwptsTV3MLd4z1q9vaxcegQXMsAT9+zBlVdzdTWaWKPZwn65QJx472vDSnIdC/O SOj9rp2+uBTuXkE47UNYxgc0lLdG13fafS5SQR86bwmvcvaqAqDxcwzELNPFV2UG 13BgOeiDWAjTHEN33MzV4lAyK7qUTcK10vMYmdvi793W7EjtaVigzzCTxWEEaIli OtURb46C6g65F5oVt6Nihhnlb1Al4LsTfqA0y1aw9CSCQdYritANvF+ekWYcxeGb 9qRSjAdFWLH8fxv7nteCzBDvsmR7aXvzZ2GkXVMmCAt9XvxajI329CArU1LixMrW 1/xSr6n3tU7ezLwZ8CxrjsZKYTYYzcrJ3vGlZ06Ez1T4QdUiFHxSAU7OADiRUNAu tW6cxgZs5hNtpNoU9HRlShaMO9xqhrWQkiwSCmVuRWwPqHFVnMrh/GROJUgMj82B RlS0YVp8ZgQHwRmi0womzSqJ4j+fCbzgtDpLZoGpCMyeLS/WOLMAAwUL/A2uMgOG 9dADx6MKMdpWor9l6WgG34AN6sbUkEaetxpFPKCd0LRyebvlueJJirFOhNheUqns 1rixVO7yaMqrY1wYYUoGMspQQ/QhGlTckxKIaygjjbq9843P3bFOUutgo7V8Wm/E N53MxD7kE/f/IcvkH9W84/aLUsjO4xStP7fTq7B/d5Cx5HbLiRVMFykRB1PjrPRF ojO26I2O7h9zIH5PXqD+DbJ3i4FsZqSvOFOkt0H70cyDZse22vniS4YnL/yPcjqH DZoGz99k5sLf14RP0W+8QgnXRqTaReFnGU7o7cQmozomocKTlQ4nQInaJeiFiZCS vLjq4RWN/vhHgm1Zt8D5ihvo0v/ztEM4EILIJ5M47Vhg9lFPKUambTd7qf+k28nA FAusEhf7U9s8S9TMJIAYPBwsoYoH5vzJZNaEZKEKflYVhgHbx137OpHCXtLo/iuT Xy23fBl5zeZlGNiq6PWlIOd/zc8qrudXnvBBbE1/F34K/ipENDWi1YO/EohhBBgR CAAJBQIAAHI1AhsMAAoJEGWoR+fCuTgM3Q4BAMzZ6XcvyqVe/IkbqwxvtEwQ+DbX tXJofbiwx8RL1MpAAP44ZMisc8+A7W0UPa/NWB8VQvKWX8ONw/sPtGc2CB4EYw== =H0Fx -----END PGP PUBLIC KEY BLOCK----- From coderman at gmail.com Sun Jan 19 07:26:16 2014 From: coderman at gmail.com (coderman) Date: Sun, 19 Jan 2014 07:26:16 -0800 Subject: independently assisting oversight of highly classified programs In-Reply-To: References: Message-ID: On Sat, Jan 18, 2014 at 11:53 PM, grarpamp wrote: > ... > """ > US Constitution - Art 1, Sec 6: > The Senators and Representatives ... shall in all Cases, except > Treason, Felony and Breach of the Peace, be privileged from Arrest > during their Attendance at the Session of their respective Houses, > and in going to and returning from the same; and for any Speech or > Debate in either House, they shall not be questioned in any other > Place. > """ > > The bit after the semicolon is interesting. It appears to grant > immunity outside Place of Congress for speech in Congress, and since > Congress has no real internal law/police/judge/jail of its own, > speak all you want now describe to me what happens when the session is over, their attendance complete, they return home, and then still find themselves having leaked classified information without authorization. i'm trying to find the legal basis for commander in chief to unilaterally declassify as desired. my public info skills less judicial more osint, alas. perhaps i made it up in some mental fiction of blurred experience... ;) best regards, From coderman at gmail.com Sun Jan 19 07:41:58 2014 From: coderman at gmail.com (coderman) Date: Sun, 19 Jan 2014 07:41:58 -0800 Subject: Updates on the Death Prediction Lottery. In-Reply-To: References: <167471390091196@web2h.yandex.ru> Message-ID: On Sun, Jan 19, 2014 at 7:18 AM, coderman wrote: > ... > please add [...] to the list... > coderman at gmail.com / 0x65A847E7C2B9380C 0.658477 BTC en route to confirm request and boost bounty. thanks :P best regards, From coderman at gmail.com Sun Jan 19 07:53:54 2014 From: coderman at gmail.com (coderman) Date: Sun, 19 Jan 2014 07:53:54 -0800 Subject: Updates on the Death Prediction Lottery. In-Reply-To: References: <167471390091196@web2h.yandex.ru> Message-ID: On Sun, Jan 19, 2014 at 7:41 AM, coderman wrote: > > please add [...] to the list... > coderman at gmail.com / 0x65A847E7C2B9380C > ... apologies; forgot to add: Name: "coderman" Known as: "0x65A847E7C2B9380C" Keywords: "[redacted]" Agency: probably free, but philosophically unresolved. txn d4f89ca19c9ce0e9bcf1fc47d8223e4bee07ad269323faca68ae1113fa867d16 From dan at geer.org Sun Jan 19 06:04:01 2014 From: dan at geer.org (dan at geer.org) Date: Sun, 19 Jan 2014 09:04:01 -0500 Subject: Feeding trolls In-Reply-To: Your message of "Sun, 19 Jan 2014 10:36:26 +0100." <52DB9C9A.5030603@gogulski.com> Message-ID: <20140119140401.0B2412280AD@palinka.tinho.net> Let's experimentally determine whether science qualifies as troll food: http://www.pnas.org/content/111/2/823 --dan From jamesdbell8 at yahoo.com Sun Jan 19 09:12:11 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Sun, 19 Jan 2014 09:12:11 -0800 (PST) Subject: Updates on the Death Prediction Lottery. In-Reply-To: References: <167471390091196@web2h.yandex.ru> <1390120055.52888.YahooMailNeo@web164606.mail.gq1.yahoo.com> Message-ID: <1390151531.61655.YahooMailNeo@web164604.mail.gq1.yahoo.com> From: Philip Shaw On 19 Jan 2014, at 18:57 , Jim Bell wrote: I wish somebody (one not associated with any DPL, 'AM', 'AP', etc) would file a lawsuit in federal court, challenging the government to prove that a 'death prediction lottery' or 'Assassination Market' is necessarily illegal.  That's because currently the Feds may be secretly planning to file charges against 'AM's Sanjuro or others, and it would be better to pre-challenge them, before they can act like heroes, sweep in, and arrest the 'evil criminals'. > >>I think such a market would be reasonably safe if the pay-outs were covered by a condition which cancelled the payment if the recipient were determined to be criminally responsible for >the death (in which case the money would otherwise be seized as proceeds of crime anyway, so the bookmakers might as well try to claim the money back rather than let the treasury >have it).  At the risk of inadvertently patting myself on the back (I probably mentioned something like this in my AP essay), that's a good tactic.  Keep in mind that most donors to DPL/'AM/AP would have no problem paying any perpetrators.  Further, such systems will presumably be carefully designed to prevent the identification of those bettors/donors, so even if there is a prosecution after a death, it will become very difficult or impossible to determine if the party charged is the same person who is to receive the payment.  Further, the wheels of justice grind slowly.  Any such payment should probably be made very quickly, certainly within a month and quite possibly within a week.  The organization making the payments will have made the payment long before anybody is convicted for a crime.  So, while I think it's a good idea to include such a clause, it would (happily) be of minimal effectiveness. >However, I think the operators would probably run into difficulties with either the bookmaking laws or the life-insurance laws. Yes, that is an additional factor.  Internet-betting has, in the past and perhaps currently, is objected to by the United States Federal government.  Defending a DPL/'AM'/AP system ought to be as easy as analogizing with life-insurance laws. >It is also very difficult to get a court to rule that something is legal before you get prosecuted or sued for doing it, which, given the complexity of our legal systems, seems like a fairly > significant flaw. Test cases provide some protection in civil matters, but there isn’t really a practical analogue in criminal matters. Sorry to contradict you, but I recall cases (up to the level of the US Supreme Court) allowing this.  How 'difficult' it is, I don't recall.  Problem is, I don't have access to the Lexis system that I used while stuck in the Fed's "gated communities".  But at least at the Federal level, such a mechanism exists.  I wish I could be more specific.   I'll check  www.law.cornell.edu.                Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4760 bytes Desc: not available URL: From coderman at gmail.com Sun Jan 19 09:14:41 2014 From: coderman at gmail.com (coderman) Date: Sun, 19 Jan 2014 09:14:41 -0800 Subject: "the ability of the government to go back to taps collected years earlier to look for material with which to influence potential witnesses in the present" In-Reply-To: References: Message-ID: On Thu, Jan 16, 2014 at 6:56 AM, coderman wrote: > ... > That's what I've been talking about in earlier answers: the ability of > the government to go back to taps collected years earlier to look for > material with which to influence potential witnesses in the present. i noticed in the new sigint memo there were a few justifications for bulk collection: """ In particular, when the United States collects nonpublicly available signals intelligence in bulk, it shall use that data only for the purposes of detecting and countering: (1) espionage and other threats and activities directed by foreign powers or their intelligence services against the United States and its interests; (2) threats to the United States and its interests from terrorism; (3) threats to the United States and its interests from the development, possession, proliferation, or use of weapons of mass destruction; (4) cybersecurity threats; [ED: WTF???] (5) threats to U.S. or allied Armed Forces or other U.S or allied personnel; and (6) transnational criminal threats, including illicit finance and sanctions evasion related to the other purposes named in this section. """ half of these could be argued law enforcement domain; why is the power of the IC applied to potential crimes of "cybersecurity threat", "transnational criminal threats", and "illicit finance"? this is looking less like reigning in and more like white wash with retroactive indemnification... 0. "PRESIDENTIAL POLICY DIRECTIVE/PPD-28 : Signals Intelligence Activities" http://s3.documentcloud.org/documents/1006318/2014sigint-mem-ppd-rel.pdf From mike at gogulski.com Sun Jan 19 00:25:23 2014 From: mike at gogulski.com (Mike Gogulski) Date: Sun, 19 Jan 2014 09:25:23 +0100 Subject: test 3 In-Reply-To: References: Message-ID: <52DB8BF3.3010703@gogulski.com> It doesn't work. And you've been annoying since 1989. On 01/19/2014 02:01 AM, Anonymous Remailer (austria) wrote: > t 3 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 295 bytes Desc: OpenPGP digital signature URL: From mike at gogulski.com Sun Jan 19 00:34:24 2014 From: mike at gogulski.com (Mike Gogulski) Date: Sun, 19 Jan 2014 09:34:24 +0100 Subject: cypherpunks and hackers who dont code? In-Reply-To: References: <3d1fc4a4e28791f48926b4e7175ad622@remailer.privacy.at> Message-ID: <52DB8E10.8070904@gogulski.com> On 01/18/2014 11:38 PM, coderman wrote: > i'll let you know when the low latency datagram based unlinkable > traffic analysis resistant transport is ready, and we can figure out > what step #2 looks like ;P Hopefully that will look something like: "When the WAN LED on your $9.99 Myanmarese consumer Wi-Fi cable modem router slows its blinking rate to sub-epileptic levels, SAFE SURFING ON THE INFORMATION SUPERHIGHWAY mode is activated, and AL FREAKING GORE. It is now safe to press the 'connect to safe internet' buttons in Internet Explorer." Of course, few will be able to extract that meaning from the poorly-translated manual. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 295 bytes Desc: OpenPGP digital signature URL: From mike at gogulski.com Sun Jan 19 00:43:50 2014 From: mike at gogulski.com (Mike Gogulski) Date: Sun, 19 Jan 2014 09:43:50 +0100 Subject: Duty now for the future? In-Reply-To: <2521891.3yOsBQ2PCo@lap> References: <3d1fc4a4e28791f48926b4e7175ad622@remailer.privacy.at> <52DAFFB9.9060203@gogulski.com> <6cf51c8d94c866fd9c76709e8b96f7f0.squirrel@fruiteater.riseup.net> <2521891.3yOsBQ2PCo@lap> Message-ID: <52DB9046.1030509@gogulski.com> On 01/19/2014 01:01 AM, rysiek wrote: > Dnia sobota, 18 stycznia 2014 14:36:00 Odinn Cyberguerrilla pisze: >> There will always be a Duty >> >> (Excuse me, I have a Duty to attend to) > There's a pun around "duty-free" somewhere here, I'm sure... > No puns. The subject line is the title of a late-70s Devo album, which contains, among other horrors, the song "Secret Agent Man" (n.b.: cavities of evil have nothing to do with fiendish fluoridators): You know I live a life of danger for the FBI Keeping tabs on our nation On the land, on the sea, in the sky But every single night before I go to bed I get down on my knees and thank God I'm a secret agent man Secret agent man, secret agent man They've given me a number But they've taken away my name I got one hell of a job to perform for the U. S. of A. Got the responsibility of our nation's top security But every night and day I salute the flag and say Thank you Jesus 'cause I'm I'm a secret agent man Secret agent man, secret agent man They've given me a number But they've taken away my name You know they got me doin' this doin' that And a little bit of something else Fighting cavities of evil, safeguarding America's health But not an afternoon pass, I don't get up off my ass Thank you God 'cause I'm I'm a secret agent man Secret agent man, secret agent man They've given me a number But they've taken away my name (Repeat) 'Cause I'm a secret agent man -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 295 bytes Desc: OpenPGP digital signature URL: From mike at gogulski.com Sun Jan 19 01:36:26 2014 From: mike at gogulski.com (Mike Gogulski) Date: Sun, 19 Jan 2014 10:36:26 +0100 Subject: Feeding trolls In-Reply-To: <52DB994C.9080406@echeque.com> References: <52DB1E60.4070205@echeque.com> <20140119071700.F35E1106DD@a-pb-sasl-quonix.pobox.com> <52DB994C.9080406@echeque.com> Message-ID: <52DB9C9A.5030603@gogulski.com> On 01/19/2014 10:22 AM, James A. Donald wrote: > Characteristically male environments are characteristically male > because of characteristically male virtues^H^H^H^H^H^H^Hprivilege. FTFY. Jackass. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 295 bytes Desc: OpenPGP digital signature URL: From jamesd at echeque.com Sat Jan 18 16:37:52 2014 From: jamesd at echeque.com (James A. Donald) Date: Sun, 19 Jan 2014 10:37:52 +1000 Subject: Cari Machet In-Reply-To: References: Message-ID: <52DB1E60.4070205@echeque.com> On 2014-01-19 09:58, Anonymous Remailer (austria) wrote: > I've been watching this shit throwing match between Troy and Cari for > the last few days and, let me just say, both of you need to GROW THE > FUCK UP. I don't give a rats ass if Cari is a 'real Indian' or just some > crazy bitch pretending to be one and I don't give a fuck if Troy is > offended by her pretending. Girl enters list that discusses intellectual topics. I assert that private property rights are good in actual private property, such as places that belong to some people and not to other people, because the alternative is mass murder, but the case for intellectual is considerably less convincing. Girl replies "Private property is wicked. Furthermore I am a native, therefore I am right and you are wrong, because of the horrible crime committed against my people." Confirming the standard stereotype of girls in engineering. An actual native american, probably male, gets pissed because this faux indian is an embarrassment to actual Indians. It would perhaps have been more entertaining had her argument been that private property oppresses women. From coderman at gmail.com Sun Jan 19 10:52:26 2014 From: coderman at gmail.com (coderman) Date: Sun, 19 Jan 2014 10:52:26 -0800 Subject: Programming languages for a safe and secure future In-Reply-To: <20140119184343.GF6302@order.stressinduktion.org> References: <1389950750.79148.YahooMailNeo@web141202.mail.bf1.yahoo.com> <52DAE12D.9080406@cypherpunks.to> <52DC1500.3020805@mehnert.org> <20140119184343.GF6302@order.stressinduktion.org> Message-ID: [glossing over C and C++ lumped together; if there's one implementation that's seen exhaustive scrutiny, it would be Bitcoin in C++. only DJB can write C code without harm at every corner, however! ;] On Sun, Jan 19, 2014 at 10:43 AM, Hannes Frederic Sowa wrote: > ... > Maybe you can comment a bit on the code extraction process into compilable > languages. > > There seems to be a semantic differences between the proofable > language and the language the extraction process targets in e.g. array > handling(e.g. ocaml code) or just overflow handling in integers. > I guess Idris does not have this problem? > > I always wondered if ats-lang would be the most suitable language for > writing more typesafe code? thank you for these pointers, learning new things++ related efforts i've found interesting: Quark, ProofWeb, Frama-C, ELFbac, and interesting 30C3 presentation on "bug class genocide" http://www.youtube.com/watch?v=2ybcByjNlq8 best regards, From coderman at gmail.com Sun Jan 19 11:09:28 2014 From: coderman at gmail.com (coderman) Date: Sun, 19 Jan 2014 11:09:28 -0800 Subject: "the ability of the government to go back to taps collected years earlier to look for material with which to influence potential witnesses in the present" In-Reply-To: References: Message-ID: On Sun, Jan 19, 2014 at 9:14 AM, coderman wrote: > ... > (4) cybersecurity threats; [ED: WTF???] i should have noted: this is not so unusual after all! seems DITU trying to get their ducks in a row since May 2011 administration efforts to expand CFAA with a modification which “Clarifies that both conspiracy and attempt to commit a computer hacking offense are subject to the same penalties as completed, substantive offenses.” most recently trotted out again this month by Patrick Leahy (D-Vermont). IC doesn't delay until after the bad happens to intervene, why can't FBI have this courtesy? (parallel construction cumbersome!) From measl at mfn.org Sun Jan 19 09:12:09 2014 From: measl at mfn.org (J.A. Terranson) Date: Sun, 19 Jan 2014 11:12:09 -0600 (CST) Subject: Updates on the Death Prediction Lottery. In-Reply-To: <1390151531.61655.YahooMailNeo@web164604.mail.gq1.yahoo.com> References: <167471390091196@web2h.yandex.ru> <1390120055.52888.YahooMailNeo@web164606.mail.gq1.yahoo.com> <1390151531.61655.YahooMailNeo@web164604.mail.gq1.yahoo.com> Message-ID: On Sun, 19 Jan 2014, Jim Bell wrote: >It is also very difficult to get a court to rule that something is legal >before you get prosecuted or sued for doing it, which, given the >complexity of our legal systems, seems like a fairly > significant flaw. Test cases provide some protection in civil matters, but there isnÿÿt really a practical analogue in criminal matters. Sorry to contradict you, but I recall cases (up to the level of the US Supreme Court) allowing this.  How 'difficult' it is, I don't recall.  Problem is, I don't have access to the Lexis system that I used while stuck in the Fed's "gated communities".  But at least at the Federal level, such a mechanism exists.  I wish I could be more specific.   I'll check  www.law.cornell.edu.                Jim Bell You are looking for "Declaratory Judgments". //Alif -- Those who make peaceful change impossible, make violent revolution inevitable. An American Spring is coming: one way or another. From measl at mfn.org Sun Jan 19 09:21:43 2014 From: measl at mfn.org (J.A. Terranson) Date: Sun, 19 Jan 2014 11:21:43 -0600 (CST) Subject: Updates on the Death Prediction Lottery. In-Reply-To: References: <167471390091196@web2h.yandex.ru> <1390120055.52888.YahooMailNeo@web164606.mail.gq1.yahoo.com> Message-ID: On Mon, 20 Jan 2014, Philip Shaw wrote: > On 19 Jan 2014, at 18:57 , Jim Bell wrote: > > > I wish somebody (one not associated with any DPL, 'AM', 'AP', etc) > > would file a lawsuit in federal court, challenging the government to > > prove that a 'death prediction lottery' or 'Assassination Market' is > > necessarily illegal. That's because currently the Feds may be > > secretly planning to file charges against 'AM's Sanjuro or others, and > > it would be better to pre-challenge them, before they can act like > > heroes, sweep in, and arrest the 'evil criminals'. > > > I think such a market would be reasonably safe if the pay-outs were > covered by a condition which cancelled the payment if the recipient were > determined to be criminally responsible for the death (in which case the > money would otherwise be seized as proceeds of crime anyway, so the > bookmakers might as well try to claim the money back rather than let the > treasury have it). If I were the Fedz (and I'm not :-), I would *immediately* size the entire pot by declaring them to be "Proceeds from drug activity", and then let each donator go and try to prove otherwise. This tactic is widely abused (despite the obviousness of it being patently unconstitutional, the SCOTUS has ruled otherwise on several cases: individual States, as well as the Fedz that came up with this idea of "Sieze first, "let the perps argue over it later - if they really want too". Turns out that very few siezures are ever contested (imagine that!?!?!?), out of fear of being further persecution. In fact, YT has a vast collection of examples in HD, where you can see the pigs in action: "I'm siezing that $200,000 as proceeds from a drug conspiracy. If you want to contest it, we'll arrest you for conspiracy to engage in the distribution of controlled substances, otherwise, you can just sign this handy little waiver form which says you are OK with this siezure, because the money isn't yours and you never saw it before, and if you sign it, we'll let you just walk away.". Literal Highway Robbery. Fed, SCOTUS, and usually, Population Approved. *Digusting*! > However, I think the operators would probably run into difficulties with > either the bookmaking laws or the life-insurance laws. Both of these are great points which I hadn't thought of. //Alif -- Those who make peaceful change impossible, make violent revolution inevitable. An American Spring is coming: one way or another. From measl at mfn.org Sun Jan 19 09:31:50 2014 From: measl at mfn.org (J.A. Terranson) Date: Sun, 19 Jan 2014 11:31:50 -0600 (CST) Subject: [OT] Note to new-ish subscribers: you joined a mailing list, not a "group". (fwd) Message-ID: Resent to the new "cypherpunks at cpunks.org" address, as the old address is experiencing some kind of random delivery issue - my apologies if the copies sent to the old address show up [much] delayed, as seems to happen about half the time... ---------- Forwarded message ---------- Date: Sun, 19 Jan 2014 02:25:27 -0600 (CST) From: J.A. Terranson To: cypherpunks at al-qaeda.net Subject: [OT] Note to new-ish subscribers: you joined a mailing list, not a "group". In response to several off-list emails, I believe that the Millenials Amongst Us (tm) may have a slightly off-kilter view of "What are CP's"? "cypherpunks are "doctors, lawyers, mathematicians, felons, druggies, anti-druggies, anarchists, libertarians, right-wing fanatics, left-wing fanatics, teachers, housewives, househusbands, students, cops and criminals,"[1] What I was [unsuccessfully] trying to point out to this Idjit was that the CP mailing list is *just* a mailing list: you have not joined "A Group", a "Political Party", or any other kind of organized "thing". You simply subscribed to a mailing list - that's it. There is only *one* universal position, or philosophy if you will: CP is a bunch of otherwise unconnected and likely opposite people (cops/criminals. felons/druggies & right wingers/left wingers, etc), who share a central concern over privacy and privacy enabling tools. Privacy is the ONLY thing that everyone here shares [in theory anyway]. There is NO GROUP. There is NO LEADER. There is NO RIGHT or WRONG "WAY"! Except for flat out trolling, there is ONLY one thing that binds all CP subscribers together: concern over privacy (digital or analog). From that concern for privacy flows a desire to contribute: some people write code, some people host code (remailers, TOR exit nodes, etc), but we all *use* code created and/or nursed along here, whether you realize it or not, so contribute some brain cells ;-) Play nice with others. Or don't - doesn't really matter, right? Yes, that was rhetorical. Grr... Got a little sidetracked there with the contribute some brain cells crap... Back to the point I was poorly making in the middle of the night (on 2 days with no sleep, waaaay too much caffiene, and, and ...). The *instant* you start believing that you have "joined a group" or some such nonsense, you'll find yourself in shackles: no bullshit, do your homework. *************************************************************************** * * * This list has a long history (day 2 pretty much) of both covert and * * overt monitoring by the Real Deal in Federal "Service": from Attorney's * * General [federal and state], to FBI to IRS and all the way down the * * alphabet - they all watch this list. So be aware of what you say, and * * how you say it. More than one list subscriber has done *serious* * * prison time for things they posted to this list: * * * * Think BEFORE you post. * * [2] * *************************************************************************** Last, but not least: Trolls.... Consider carefully whether a troll might not be a provocateur: http://en.wikipedia.org/wiki/Agent_provocateur It would not be the first time an Agent of the Federal Oligarchy has posted something here hoping to get a reaction that could be [and was] prosecuted using whatever Law-Of-The-Day was available for stretching that day. Look at my .sig. Go ahead - I'll wait till you get back. ... ... Pretty tame, right? Not so. I got "An Interview [3]" for it. Seriously. Don't fuck around unless you're willing to let them come for you. And they will: with delight and vengeance turned up to maximum. They will break their own laws, if necessary, when they come for you ("Hi Dennis!"). They don't exactly get written up for bending a law into a shape that nobody - including your Jury - can recognize ("Hi Tom!"). If your jury can't recognize it they WILL do what's expected of them: Convict. You will NOT get a fair trial, and you will NOT get a fair appeal, and nobody will get hurt except *you*. So for fucks sake, be *careful*. If you just can't be careful ("Hi ***"!), at least phrase it in such a way as to have Plausible Deniability[4]. If you can't control that either, at least avoid phrasing things in any way that would point at anyone else as a possible "co-conspirator": if you want to be a fuck up, you alone should be the recipient of your own lazyness. Hrmmmm... I already claimed to have written the "last" paragraph, but I forgot something else: Don't write to people directly (I break this rule a lot for those of you getting ready to say "huh? He just said *what*? Fuck me - we all have our issues), unless they specifically ask you to, or unless you have something to say that is truly private. A lot of people will get *really* Bent Out Of Shape(tm) over this one: it will often break reply-chains, although some people get bent for no reason I can identify - they're just plain fucking crazy. The Crazy Train makes very regular stops to both pickup and deliver to CPs. Get used to it ;-) //Alif -- [1] http://www.wired.com/culture/lifestyle/news/2002/09/55114 [2] People using proportional fonts probably see garbage here: GIGO ;-) [3] They don't call it "Interrogation" anymore. Now you are "Interviewed" into submission. [4] http://en.wikipedia.org/wiki/Plausible_deniability Those who make peaceful change impossible, make violent revolution inevitable. An American Spring is coming: one way or another. From rsw at jfet.org Sun Jan 19 09:09:18 2014 From: rsw at jfet.org (Riad S. Wahby) Date: Sun, 19 Jan 2014 12:09:18 -0500 Subject: anonymous remailer whitelisting Message-ID: <20140119170918.GA20450@antiproton.jfet.org> I received an anonymous request to expand the whitelist for remailers. Requester: thank you for keeping me honest! I have updated the list. -=rsw From vfwavrwava at yandex.com Sun Jan 19 00:35:31 2014 From: vfwavrwava at yandex.com (David -) Date: Sun, 19 Jan 2014 12:35:31 +0400 Subject: Updates on the Death Prediction Lottery In-Reply-To: <416f6d859d7b0d788d10b71d70ebc110@remailer.privacy.at> References: <416f6d859d7b0d788d10b71d70ebc110@remailer.privacy.at> Message-ID: <32331390120531@web8h.yandex.ru> I think you might be confused with this assassination market: http://assmkedzgorodn7o.onion/ I am running this one (which I call a lottery): http://lotteryd77nqcmtc.onion But thank you for noticing improvements! You can contribute to the pool with less than one bitcoin, any amount you like. 19.01.2014, 07:29, "Anonymous Remailer (austria)" : > Good work with the DPL! I visited the site a few weeks ago and saw it > was coming along very nicely. I do have a concern about buy-in costs > though. Are you planning on ever lowering the costs to cheaper than 1 > bitcoin? At the current price, many can't afford to make a prediction. > If you lowered, more people would participate and the pool would grow > larger, more quickly. > > Just a thought. > > On 01/18/2014 06:26 PM, David - wrote:> Some updates to DPL. > >>  1) I have added a lot of names, mainly FISA court members and people > > from intelligence agencies. > >>  2) I have decided not to have multiple pools but to have every name in > > the same death pool. Most names qualify for 75% of the pool funds, a few > for 100%. > >>  The list is not complete yet, and I would consider any suggestions > > that I might receive. > >>  D. From vfwavrwava at yandex.com Sun Jan 19 00:51:48 2014 From: vfwavrwava at yandex.com (David -) Date: Sun, 19 Jan 2014 12:51:48 +0400 Subject: Updates on the Death Prediction Lottery. In-Reply-To: <1390120055.52888.YahooMailNeo@web164606.mail.gq1.yahoo.com> References: <167471390091196@web2h.yandex.ru> <1390120055.52888.YahooMailNeo@web164606.mail.gq1.yahoo.com> Message-ID: <172201390121508@web15m.yandex.ru> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2470 bytes Desc: not available URL: From s at ctrlc.hu Sun Jan 19 04:13:58 2014 From: s at ctrlc.hu (stef) Date: Sun, 19 Jan 2014 13:13:58 +0100 Subject: Hmm maybe so maybe not Re: "Blackphone" said to be "a super-secure nsa-proof" In-Reply-To: <52DAE12D.9080406@cypherpunks.to> References: <1389950750.79148.YahooMailNeo@web141202.mail.bf1.yahoo.com> <52DAE12D.9080406@cypherpunks.to> Message-ID: <20140119121357.GJ7008@ctrlc.hu> On Sat, Jan 18, 2014 at 12:16:45PM -0800, gwen hastings wrote: > we should just stop using loaded language like "NSA Proof" and resting > on past laurels to assure folks that such is a fact(it isn't). proof implies 100% security. eh? we all know that that's a unicorn. > gh(who is now finally picking up the python language in a serious > way) <3 hell yeah, it sometimes pays to be grumpy. > next will be taking pbp routines and formats and creating a new > curvep25519 version of type 1 and type 2 remailers with a nym.alias.net > clone in python using Curvep25519 keys to emulate a type 1 reply > block(have to see what mixminion does for reply-blocks if any) fantastic. just 2 days ago i hacked an AMM together using pbp. https://www.ctrlc.hu/~stef/amm.py - proper release coming soon. should be hosted on an .onion address. > ps2ps: PCP and PBP developers need to make up their collective heads > about external representation key formats for public keys(I will be > using pbp as its already in python) we are off-list in fruitful contact. > I am kind of dependent on these(key format representations) pbp is still kinda experimental. but the more users and the more feedback on key-formats and related stuff gets us faster to stability. nb: your pgp key is kinda huge due to the embedded jpg of yours, which is kinda contra-productive, it does not allow visual recognition, but leaks side-chan information that could be used against you. -- pgp: https://www.ctrlc.hu/~stef/stef.gpg pgp fp: FD52 DABD 5224 7F9C 63C6 3C12 FC97 D29F CA05 57EF otr fp: https://www.ctrlc.hu/~stef/otr.txt From rsw at jfet.org Sun Jan 19 10:15:07 2014 From: rsw at jfet.org (Riad S. Wahby) Date: Sun, 19 Jan 2014 13:15:07 -0500 Subject: [OT] Note to new-ish subscribers: you joined a mailing list, not a "group". (fwd) In-Reply-To: References: Message-ID: <20140119181507.GA22336@antiproton.jfet.org> "J.A. Terranson" wrote: > experiencing some kind of random delivery issue @al-qaeda.net is deprecated. Apologies: I should have announced this on-list before I made the related configuration changes. In case anyone suspects censorship, chilling effects, et cetera, the explanation is actually much more innocuous: I'm trying to cut down the amount of spam my poor little VPS has to handle, and as you might imagine the amount that goes to @al-qaeda.net is *staggering*. (More to the point, after running the list @al-qaeda.net for more than ten years, this small gesture isn't going to somehow erase the internet's long memory.) -=rsw From measl at mfn.org Sun Jan 19 11:35:33 2014 From: measl at mfn.org (J.A. Terranson) Date: Sun, 19 Jan 2014 13:35:33 -0600 (CST) Subject: Al-qaeda.net deprecated (was: Note to new-ish subscribers) In-Reply-To: <20140119181507.GA22336@antiproton.jfet.org> References: <20140119181507.GA22336@antiproton.jfet.org> Message-ID: On Sun, 19 Jan 2014, Riad S. Wahby wrote: > @al-qaeda.net is deprecated. Apologies: I should have announced this > on-list before I made the related configuration changes. Since you have done so now, it shouldn't be an issue: thanks - that was driving me *wild*! > In case anyone suspects censorship, chilling effects, et cetera, the > explanation is actually much more innocuous: I'm trying to cut down the > amount of spam my poor little VPS has to handle, and as you might > imagine the amount that goes to @al-qaeda.net is *staggering*. Well.... We (you personally) and I (me personally) have slightly different listrunner philosophies (I like reply-to to point to list, I like to see [C-Punks] headers for sorting, etc.), why don't we re-setup the distributed nodes? I have actual hardware, and a 100mb coloed rack of gear (read: lots of free cycles and bandwidth), so if you'd like, I can run the @aq over there ? Or I can set up a secondary @ of my own, doesn't matter: either way, I'd like to distribute again - game? > (More to the point, after running the list @al-qaeda.net for more than > ten years, this small gesture isn't going to somehow erase the > internet's long memory.) Ah, yeah.... right.... Have fun with that! //Alif -- Those who make peaceful change impossible, make violent revolution inevitable. An American Spring is coming: one way or another. From carimachet at gmail.com Sun Jan 19 04:37:56 2014 From: carimachet at gmail.com (Cari Machet) Date: Sun, 19 Jan 2014 13:37:56 +0100 Subject: independently assisting oversight of highly classified programs In-Reply-To: References: Message-ID: interesting how little the constitution is functioning they do not leak information - not that i am aware of anyway - do you know of an instance? this is shocking that they are protected basically with immunity BUT it does say "treason, felony and breech of peace" so anything could be thrown in those bags - they are effectively gagged On Sun, Jan 19, 2014 at 8:53 AM, grarpamp wrote: > On Sat, Jan 18, 2014 at 6:49 PM, Cari Machet wrote: > > On Sun, Jan 19, 2014 at 12:43 AM, coderman wrote: > >> On Sat, Jan 18, 2014 at 2:59 PM, grarpamp wrote: > >> > ... > >> > Though lacking a reference, I believe members of congress may > >> > speak/leak at will on the floor in open public session and shall not > >> > be held to any crime for doing so. Of course in return the government > >> > or the public may not support their ongoing candidacy. > >> > >> citation? my understanding is that statements in congress are public, > >> and subject to same unauthorized disclosure laws. only the POTUS can > >> unilaterally decide to "leak" something in public without legal > >> repercussions (impeachment aside). > > > > they cannot speak/leak neither can the executive branch > see dick cheney > > > """ > US Constitution - Art 1, Sec 6: > The Senators and Representatives ... shall in all Cases, except > Treason, Felony and Breach of the Peace, be privileged from Arrest > during their Attendance at the Session of their respective Houses, > and in going to and returning from the same; and for any Speech or > Debate in either House, they shall not be questioned in any other > Place. > """ > > The bit after the semicolon is interesting. It appears to grant > immunity outside Place of Congress for speech in Congress, and since > Congress has no real internal law/police/judge/jail of its own, > speak all you want. This has been subsequently developed... > https://en.wikipedia.org/wiki/Speech_or_Debate_Clause > > Then there's Art 1 Sec 5 PP2 and PP3 and so on that might be applied > after the fact. Though right now there is CSPAN and observation > balconies for the public/press, so any speech bombs that someone > drops would make it out to the world. > > Congress (Sen/Rep) is not the Executive (VP), so different rules can > and do apply there. > -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3835 bytes Desc: not available URL: From measl at mfn.org Sun Jan 19 11:48:45 2014 From: measl at mfn.org (J.A. Terranson) Date: Sun, 19 Jan 2014 13:48:45 -0600 (CST) Subject: Feeding trolls In-Reply-To: <52DBCE08.7010404@echeque.com> References: <52DB1E60.4070205@echeque.com> <20140119071700.F35E1106DD@a-pb-sasl-quonix.pobox.com> <52DB994C.9080406@echeque.com> <52DB9C9A.5030603@gogulski.com> <52DBCE08.7010404@echeque.com> Message-ID: On Sun, 19 Jan 2014, James A. Donald wrote: > On 01/19/2014 10:22 AM, James A. Donald wrote: > > > Characteristically male environments are characteristically male > > > because of characteristically male > On 2014-01-19 19:36, Mike Gogulski wrote: > > privilege. > > If it was privilege, it would not have been necessary to kill Amelia Earhart > and Kara Hultgreen in the effort to manufacture poster girls. I [don't] hate to be the Bringer of Reality (tm) to you, but: - Amelia Earhart is a still un-caused crash. They only recently found the island she crashed (and apparently lived on for some time prior to dying on it), and work to raise the parts of her plane which have been found and excavate the island itself have not yet, AFAIK, begun (lack of financing I believe). - Kara Hultgreen died because she was a crappy pilot who was rated *despite* having 4 disqualifiers because she was the first and the "service" needed the positive PR of having First Female Combat Pilot (in an ironic twist, she also gave them their much needed First Female Combat Pilot Death In Action). She fucked up her carrier landing by stalling an engine (in a manner that EVRYONE had been warned about) on her failed landing attempt, resulting in an unstable aircraft[1] that had a previously known design flaw[2] becoming almost-but-not-quite-unflyable. Then she finished herself off by trying to use her afterburner to do a go-round. Her #2 ejected them when he realized she was trying to kill them, but his ejection and hers were not simultaneous: he got out still pointing over the hosrizon - unfortunately, she was pointed at the water when her ejection started .4sec after her #2, and she hit the water pretty hard. Probably *not* an open Casket for "Revlon" ;-) Hultgreen should *never* have been allowed to get a combat endorsement to her Crappy Pilots Association Air-Worthiness License. She killed *herself* //Alif -- Those who make peaceful change impossible, make violent revolution inevitable. An American Spring is coming: one way or another. From measl at mfn.org Sun Jan 19 12:23:39 2014 From: measl at mfn.org (J.A. Terranson) Date: Sun, 19 Jan 2014 14:23:39 -0600 (CST) Subject: Feeding trolls In-Reply-To: <52DC3028.1040001@echeque.com> References: <52DB9C9A.5030603@gogulski.com> <20140119140401.0B2412280AD@palinka.tinho.net> <52DC3028.1040001@echeque.com> Message-ID: On Mon, 20 Jan 2014, James A. Donald wrote: > In an effort to manufacture a poster girl, Hultgreen was required to attempt > to land on an aircraft carrier, and in due course, killed herself, > demonstrating why every naval pilot is male. Actually, Revlon was merely a shitty pilot. Her orginal callsign was "Hulk", because she had almost superhuman strength and endurance (she belonged in a combat position with the Army, not the Air Force - she'd have been a perfect Infantrywoman). She earned the "Revlon" moniker for applying heavy makeup prior to a USAF interview which was, ironically, touting her as the first woman to be rated for combat air missions. Her crappy flying skills do demonstrate that *all* women are incapable of flying in combat, it proves only that *she* was incapable of flying (in or out of a) combat mission, > You can affirmative action women to all sorts of jobs, and furtively have a > white male do the actual job, but the reason all naval pilots are males is > that when you affirmative action someone to naval pilot and expect them to > land on a carrier, they die. Agreed - when you A/A anyone into such a position where they are unsafe and unqualified, they die. It has nothing to do with gender, it has to do with being capable of doing the job (flying, shooting at others in the bushes in front of you, whatever). > There is room in an office for males to do the actual work, but there is > no room in a warplane for a second pilot to do the actual piloting. This is a non-sensical statement because it is sitting on a broken foundation. It defies the basic laws of the universe to make such an assumption (since it is not evidence based, it is actually just mere speculation). > You can put girls in the army, and all that immediately happens is that the > march slows down, Bullshit. The NYPD Academy started admitting women (ok, girls when they are just 18) in 1980 IIRC: the NYPD Academy *was* (it changed several years later after a *male* complained (and sued too I think) that it was "hazing" new recruits by treating them as hard in school has they would be tested on the streets of New York. A court agreed, and *bam*, the "abusive" behaviour stopped. Personally, I didnt think it was abusive, I thought it was absolutely necessary to screen applicants who couldn't cut it in the real world. Plenty of women graduated from "abusive" Academy classes in the intervening years, and many went on to be decent cops. Some went on to be dripping bags of tears too: just like the "men". > They tested her, in testing she repeated made errors that would have > killed her. Precisely. She was not *qualified* to do the work for which they wanted positive publicity - she was unqualified because she was a shitty pilot, not because she was female. > She was the best female pilot available, so they had her do > real landings regardless, so that they could have a poster girl. Yes. They should have waited for a more competent female pilot, and placed her in a position for which she was more qualified. Maybe for the #2 seat??? > Amelia Earhart was initially given a ticker tape parade and a meeting with the > president for being flown across the Atlantic like a sack of potatoes by a > male pilot, but the cognitive dissonance being too great, such a poster girl > attracting ridicule, they eventually had Amelia Earhart and Kara Hultgreen > attempt to perform difficult piloting tasks for real, killing them. "they" didnt have Earhardt do anything: she wanted to go, and she was likely fully qualified. A lot of strangeness surrounded her loss, most of this strangeness appears to suggest she had a partial radio failure which stopped her ground support team from contacting her to bring her in in low visibility weather (no radars then, at lt least, not for planes. > In due course we will have female naval pilots with same uniforms as male > pilots. The unisex uniforms will be made girly. Really? I suspect the flight suits will remain as they are: built for the requirements of the pilot in the environment of a specific aircraft. Why would they make the flight suits "girly"? That makes no sense. > The traditions will be made girlie or abolished. Oh My GAWD!!!! Nooooo.... Say it aint so! This is conjectural bullshit, and you are smart enough that you *should* know it*! > Male camraderie will be forbidden. Depending on the definition of "male comraderie", maybe so. Maybe it *needs* to change anyway? > References to nuts and bolts will be forbidden as excessively sexist. Conjecture. Now, if your problem is that you feel intimidated talking about your dick in front of a femal compatriot, that an issue for you and the air force headshinker. > But the female naval pilots will not actually be required to fly carrier > planes. Nobody is *required* to fly carrier planes today! They don't want pilots who don't *want* [very badly] to fly carrier based craft, as these people will inevitibly fuck up at some point, killing the pilot, plane, and possibly others as well. You have to volunteer *before* you can attempt to get rated for carrier based aviation. Get a grip man! //Alif -- Those who make peaceful change impossible, make violent revolution inevitable. An American Spring is coming: one way or another. From rysiek at hackerspace.pl Sun Jan 19 05:32:50 2014 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 19 Jan 2014 14:32:50 +0100 Subject: independently assisting oversight of highly classified programs In-Reply-To: References: Message-ID: <1522478.fgcJpnVQ4O@lap> Dnia niedziela, 19 stycznia 2014 02:53:21 grarpamp pisze: > > they cannot speak/leak neither can the executive branch > see dick cheney > > """ > US Constitution - Art 1, Sec 6: > The Senators and Representatives ... shall in all Cases, except > Treason, Felony and Breach of the Peace, be privileged from Arrest > during their Attendance at the Session of their respective Houses, > and in going to and returning from the same; and for any Speech or > Debate in either House, they shall not be questioned in any other > Place. > """ > except Treason, Felony and Breach of the Peace, be privileged from Arrest > except Treason One must wonder if there is an angle LEA could possibly take in order to impeach, try by a secret court, and then lock away such a "leaky" House or Senate member. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From jya at pipeline.com Sun Jan 19 12:45:13 2014 From: jya at pipeline.com (John Young) Date: Sun, 19 Jan 2014 15:45:13 -0500 Subject: Al-qaeda.net deprecated (was: Note to new-ish subscribers) In-Reply-To: References: <20140119181507.GA22336@antiproton.jfet.org> Message-ID: Too bad al-qaeda is deprecated. Very good that it will take years, maybe forever, to recognize the tatoo is indelible. What happened to cypherpunks.org? Who owns it? It's registration is hidden behind GoDaddy. Listed Servers: Name Server:NS.CYPHERPUNKS.TO Name Server:ASTERIA.DEBIAN.OR.AT http://www.cypherpunks.to/ list familiar people. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 517 bytes Desc: not available URL: From jya at pipeline.com Sun Jan 19 12:59:47 2014 From: jya at pipeline.com (John Young) Date: Sun, 19 Jan 2014 15:59:47 -0500 Subject: Feeding trolls In-Reply-To: <52DC3028.1040001@echeque.com> References: <52DB9C9A.5030603@gogulski.com> <20140119140401.0B2412280AD@palinka.tinho.net> <52DC3028.1040001@echeque.com> Message-ID: James, you are a tough man to argue with. So here's a big hug and sloppy kiss. The male stench is fantasticly seductive. Fuck me, big boy. Those women, what can you do with them except kill them, rape them, steal their money, use them as maids, and cum buckets, abuse moms and sisters like your dad and uncles and brothers and other spoiled assholes do, blame the damn women (and their minority stigmatized) for all kinds of shit an insecure man would cut your throat for doing. We men have got to be careful to avoid pregnancy, so lets abuse little boys, bring them into our society, teach them to hate women and minorities, never forget who's boss liar and cheater and murderer and genocider and defouler of the planet. White men who love trashing anybody unlike them, that's the ticket. That there is no such thing as a pure white man doesn't matter, and that most men of all colors are completely dependent upon women and servants, is changing the subject, the main point your argument is belief in this purity of white manhood is the highest code of big talkers. At 03:06 PM 1/19/2014, you wrote: >On 2014-01-20 01:16, Lodewijk andré de la porte wrote: >>Reg. Hultgreen, anacdotal. Reg. Cari, no idea what you're talking about. > >In an effort to manufacture a poster girl, >Hultgreen was required to attempt to land on an >aircraft carrier, and in due course, killed >herself, demonstrating why every naval pilot is male. > >You can affirmative action women to all sorts of >jobs, and furtively have a white male do the >actual job, but the reason all naval pilots are >males is that when you affirmative action >someone to naval pilot and expect them to land >on a carrier, they die. There is room in an >office for males to do the actual work, but >there is no room in a warplane for a second pilot to do the actual piloting. > >You can put girls in the army, and all that >immediately happens is that the march slows >down, but you cannot put girls in the naval >airforce, and make the carriers bigger and the >planes slower. In a plane built for male >abilities, landing on a ship built for male >abilities, they have to fly like males. And, of >course, they cannot. They tested her, in >testing she repeated made errors that would have >killed her. She was the best female pilot >available, so they had her do real landings >regardless, so that they could have a poster girl. > >Amelia Earhart was initially given a ticker tape >parade and a meeting with the president for >being flown across the Atlantic like a sack of >potatoes by a male pilot, but the cognitive >dissonance being too great, such a poster girl >attracting ridicule, they eventually had Amelia >Earhart and Kara Hultgreen attempt to perform >difficult piloting tasks for real, killing them. > >In due course we will have female naval pilots >with same uniforms as male pilots. The unisex >uniforms will be made girly. The traditions >will be made girlie or abolished. Male >camraderie will be forbidden. References to nuts >and bolts will be forbidden as excessively >sexist. But the female naval pilots will not >actually be required to fly carrier planes. From bill.stewart at pobox.com Sun Jan 19 16:00:04 2014 From: bill.stewart at pobox.com (Bill Stewart) Date: Sun, 19 Jan 2014 16:00:04 -0800 Subject: "the ability of the government to go back to taps collected years earlier to look for material with which to influence potential witnesses in the present" In-Reply-To: References: Message-ID: <20140120000018.5B373F53B@a-pb-sasl-quonix.pobox.com> At 09:14 AM 1/19/2014, coderman wrote: >(2) threats to the United States and its interests from terrorism; Terrorism was the previous justification for the bulk collection and for the 3-degrees-of-separation "rule", so no change. >(3) threats to the United States and its interests from the >development, possession, proliferation, or use of weapons of mass >destruction; When Dubya Bush was trying to justify invading Iraq, he talked about WMDs as "nuculur bombs" and chemical and biological weapons. But when some angry young zealot tried to car-bomb Times Square using "explosives" he'd gotten from an FBI informant, they also charged him with making "weapons of mass destruction", the Boston Marathon bombers got charged with that, and I think even pipe bombs have been called WMDs recently. So WMDs might be any random young resident calling his brother or cousin, and the NSA still gets to Tap All The Phones. >(4) cybersecurity threats; [ED: WTF???] Hey, the guy might be using Skype to call his cousin instead of minutes. And people are constantly trying to hack the computers at military facilities, banks, and civilian government agencies, either with deliberate targeting or just because it's easier not to program your botnet to use whitelists, and maybe that defense contractor's supercomputer can mine Litecoins fast. So no, I don't see the situation improving soon, and certainly not before they repeal Moore's Law. From jya at pipeline.com Sun Jan 19 13:05:16 2014 From: jya at pipeline.com (John Young) Date: Sun, 19 Jan 2014 16:05:16 -0500 Subject: Cypherpunks is NOT a safe place for fools In-Reply-To: References: Message-ID: Why not, who else would remain here if not fools. Oh, you're kidding, is that you, Tim? How are your cats doing? Prison here too, is this not a panopticon? Former Agent Gordon is doing better things over at Intel planting malware and itty bitty byways. Same for those now gray-beared TLAs, all gone to contractor consultant nirvana. Whose afraid, there's no way out of the self cell. At 03:08 PM 1/19/2014, you wrote: >To whom it may concern: > Cypherpunks is NOT a safe place for fools. >People have gone to prison for years on here for making very foolish >statements and >taking foolish actions. > >You DONT know you are chatting with(Hi agent Gordon!) > >Others are agent provocateur(s) posing as something else(social >activists(and reporting to the >FBI/NSA etc)) > > > be afraid be very afraid From bill.stewart at pobox.com Sun Jan 19 16:09:31 2014 From: bill.stewart at pobox.com (Bill Stewart) Date: Sun, 19 Jan 2014 16:09:31 -0800 Subject: Al-qaeda.net deprecated (was: Note to new-ish subscribers) In-Reply-To: <1390174697.11793.72791097.3940EAF2@webmail.messagingengine .com> References: <20140119181507.GA22336@antiproton.jfet.org> <1390174697.11793.72791097.3940EAF2@webmail.messagingengine.com> Message-ID: <20140120004239.4E674F6E6@a-pb-sasl-quonix.pobox.com> At 03:38 PM 1/19/2014, Shawn K. Quinn wrote: >On Sun, Jan 19, 2014, at 02:45 PM, John Young wrote: > > What happened to cypherpunks.org? Who owns it? It's > > registration is hidden behind GoDaddy. Listed Servers: > > > > Name Server:NS.CYPHERPUNKS.TO > > Name Server:ASTERIA.DEBIAN.OR.AT > > > > http://www.cypherpunks.to/ list familiar > > people. >The "webmaster" mailbox at the domain appears to work, so maybe just >asking them will give you useful info. Cypherpunks.to is Lucky Green and friends; looks like it's based at/near xs4all.nl. From l at odewijk.nl Sun Jan 19 07:16:31 2014 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Sun, 19 Jan 2014 16:16:31 +0100 Subject: Feeding trolls In-Reply-To: <20140119140401.0B2412280AD@palinka.tinho.net> References: <52DB9C9A.5030603@gogulski.com> <20140119140401.0B2412280AD@palinka.tinho.net> Message-ID: > > then they deserve a condescending pat on the head when they show up in > male forums and need to be gently shepherded to a properly feminine > environment, where they will not feel so out of place. Would love to see you work in an office filled with women. Nursing is pretty much all female I believe. Reg. Hultgreen, anacdotal. Reg. Cari, no idea what you're talking about. 2014/1/19 > Let's experimentally determine whether science qualifies as troll food: > > http://www.pnas.org/content/111/2/823 "diffusion tensor imaging in a sample of 949 youths (aged 8–22 y, 428 males and 521 females)" So, what you train more in you get better at. Go figure! There brains were already affected by the roles given to them in society. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1998 bytes Desc: not available URL: From coderman at gmail.com Sun Jan 19 16:31:58 2014 From: coderman at gmail.com (coderman) Date: Sun, 19 Jan 2014 16:31:58 -0800 Subject: Al-qaeda.net deprecated (was: Note to new-ish subscribers) In-Reply-To: References: <20140119181507.GA22336@antiproton.jfet.org> Message-ID: On Sun, Jan 19, 2014 at 12:45 PM, John Young wrote: > ... > What happened to cypherpunks.org? i think we can all agree 2014 is the year for cypherpunks.biz! (it may be our business is padding private prison revenues?) on a serious note, second the notion of more cpunk nodes.... From coderman at gmail.com Sun Jan 19 16:39:42 2014 From: coderman at gmail.com (coderman) Date: Sun, 19 Jan 2014 16:39:42 -0800 Subject: independently assisting oversight of highly classified programs In-Reply-To: <52DC6F16.10907@riseup.net> References: <52DC6F16.10907@riseup.net> Message-ID: On Sun, Jan 19, 2014 at 4:34 PM, Douglas Lucas wrote: > Indeed, Daniel Ellsberg planned to have Congresspeople speak about the > still-classified Pentagon Papers via this part of the Constitution. > Senator Mike Gravel did it. You can read about it in Sanford J. Ungar's > book The Papers & the Papers: an Account of the Legal and Political > Battle over the Pentagon Papers.... >... >> As before, it's rather clear, speak/leak all you want in session, >> nothing criminal happens. The deleted part refers to non-congressional >> activities/crimes/places... like murder, or to congressional >> activities/crimes/places such as taking bribes... that are not >> speech/debate on the floor or activities directly related to that, >> like storing classified leaks in your office pursuant to leaking them. >> >> More, just read it all yourself... >> https://en.wikipedia.org/wiki/Gravel_v._United_States >> https://en.wikipedia.org/wiki/James_Traficant >> https://en.wikipedia.org/wiki/Category:Congressmen_stripped_of_committee_assignment thank you Douglas and grarpamp; i learned something :) coderman for congress! From jamesdbell8 at yahoo.com Sun Jan 19 16:56:38 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Sun, 19 Jan 2014 16:56:38 -0800 (PST) Subject: Feeding trolls In-Reply-To: <52DC67F6.2050909@echeque.com> References: <52DB9C9A.5030603@gogulski.com> <20140119140401.0B2412280AD@palinka.tinho.net> <52DC3028.1040001@echeque.com> <52DC67F6.2050909@echeque.com> Message-ID: <1390179398.30522.YahooMailNeo@web164606.mail.gq1.yahoo.com> From: James A. Donald To: J.A. Terranson On 2014-01-20 06:23, J.A. Terranson wrote: >> They should have waited for a more competent female pilot, >They have been waiting over sixty years. Jacqueline Cochrane was said to be very good.  http://en.wikipedia.org/wiki/Jacqueline_Cochran   She figured prominently in Chuck Yeager's autobiography, as I recall.         Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1222 bytes Desc: not available URL: From mike at gogulski.com Sun Jan 19 07:58:15 2014 From: mike at gogulski.com (Mike Gogulski) Date: Sun, 19 Jan 2014 16:58:15 +0100 Subject: Feeding trolls In-Reply-To: <52DBCE08.7010404@echeque.com> References: <52DB1E60.4070205@echeque.com> <20140119071700.F35E1106DD@a-pb-sasl-quonix.pobox.com> <52DB994C.9080406@echeque.com> <52DB9C9A.5030603@gogulski.com> <52DBCE08.7010404@echeque.com> Message-ID: <0478dadf-4336-45f8-a215-955a44a24c70@email.android.com> Dude. Oh. That's totally right. Natch. Got it now. "James A. Donald" wrote: >On 01/19/2014 10:22 AM, James A. Donald wrote: >>> Characteristically male environments are characteristically male >>> because of characteristically male > >On 2014-01-19 19:36, Mike Gogulski wrote: > > privilege. > >If it was privilege, it would not have been necessary to kill Amelia >Earhart and Kara Hultgreen in the effort to manufacture poster girls. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1137 bytes Desc: not available URL: From dan at geer.org Sun Jan 19 14:17:35 2014 From: dan at geer.org (dan at geer.org) Date: Sun, 19 Jan 2014 17:17:35 -0500 Subject: Feeding trolls In-Reply-To: Your message of "Mon, 20 Jan 2014 06:06:00 +1000." <52DC3028.1040001@echeque.com> Message-ID: <20140119221735.DAB0522808B@palinka.tinho.net> "It's a Man's World, and It Always Will Be" Camille Paglia http://ideas.time.com/2013/12/16/its-a-mans-world-and-it-always-will-be/print/ [ note URL -> the Munk Debates at the bottom for more ] From coderman at gmail.com Sun Jan 19 17:18:21 2014 From: coderman at gmail.com (coderman) Date: Sun, 19 Jan 2014 17:18:21 -0800 Subject: Fwd: Debian System and /dev/random In-Reply-To: References: Message-ID: ---------- Forwarded message ---------- From: coderman Date: Sun, Jan 19, 2014 at 4:57 PM Subject: Re: Debian System and /dev/random On Sun, Jan 19, 2014 at 11:41 AM, Jeffrey Walton wrote: > I'm working on a laptop with quad core i5 running Debian 7.3 x64 > (fully patched). > > You know this damn thing was running out of entropy in /dev/random > because no entropy daemon was installed out of the box.... since 2004 building my own rngd, my own FDE bootloader, my own mandatory entropy health watchdog service, in every distribution: none did FDE key management right (for loop-aes at the time), none did entropy right. in 2008 various "expert install" console only options began to support a suitable FDE solution with luks and boot by volume GUID (rather than device file). many years we've had full blown easy (for some degree of easy) FDE solutions in graphical installers out of the gate. progress! and yet entropy, the most critical component of any crypto system, is so horribly and woefully inadequate today. will no indications this will change soon... this is not an accident. :/ > And I was depleting it with a simple program that tried to read 32 > bytes to seed an OpenSSL generator. I could only get 9 or 16 or 19 > bytes out of it yup. for fun, check out how this setup seeds itself: https://github.com/catid/cymric/ """ Linux/Android: /dev/random (160 bits) /dev/urandom (96 bits) srand() and rand() from stdlib (64 bits) gettid() or pthread_self() (32 bits) getpid() (32 bits) Linux-type systems are a little strange in that /dev/random only keeps about 20 bytes of entropy in reserve. And it takes roughly 20 seconds for a VPS to collect 8 bytes of entropy, which means asking for 32 bytes of entropy takes an unreasonably long time. By asking for only 20 bytes, most of the requests by this library will complete immediately. And the remaining 12 bytes are satisfied by /dev/urandom... """ > Seriously... That's all it was on startup.... > > That's amazing in 2013........ amazingly effective! BULLRUN FTW [EDIT: to clarify, i am lamenting the lack of high rate, raw source physical entropy sources as native instructions in processors. this should be a baseline mandatory requirement! i am also lamenting the lack of user space entropy daemons and collectors being enabled by default in most distributions. i am also lamenting the lack of proper boot time / VM pass through entropy support in most distributions. i am lamenting the lack of any failure handling for entropy in any distribution, such that a failed RNG condition leads to service halt rather than blindly carrying on, perhaps for years, unaware that you're broken. i am also lamenting the lack of serious attention and thoroughness applied to entropy sources in nearly every computing system deployed across this planet. i could go on, but you get the point... *grin* ] From skquinn at rushpost.com Sun Jan 19 15:38:17 2014 From: skquinn at rushpost.com (Shawn K. Quinn) Date: Sun, 19 Jan 2014 17:38:17 -0600 Subject: Al-qaeda.net deprecated (was: Note to new-ish subscribers) In-Reply-To: References: <20140119181507.GA22336@antiproton.jfet.org> Message-ID: <1390174697.11793.72791097.3940EAF2@webmail.messagingengine.com> On Sun, Jan 19, 2014, at 02:45 PM, John Young wrote: > What happened to cypherpunks.org? Who owns it? It's > registration is hidden behind GoDaddy. Listed Servers: > > Name Server:NS.CYPHERPUNKS.TO > Name Server:ASTERIA.DEBIAN.OR.AT > > http://www.cypherpunks.to/ list familiar > people. The "webmaster" mailbox at the domain appears to work, so maybe just asking them will give you useful info. -- Shawn K. Quinn skquinn at rushpost.com From hannes at mehnert.org Sun Jan 19 10:10:08 2014 From: hannes at mehnert.org (Hannes Mehnert) Date: Sun, 19 Jan 2014 18:10:08 +0000 Subject: Programming languages for a safe and secure future In-Reply-To: References: <1389950750.79148.YahooMailNeo@web141202.mail.bf1.yahoo.com> <52DAE12D.9080406@cypherpunks.to> Message-ID: <52DC1500.3020805@mehnert.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA384 Hey, On 01/18/2014 23:29, coderman wrote: > other languages on my short list: - C/C++ (it's everywhere. it > will remain everywhere.) - Scheme/Lisp (for the perspective more > than utility) - Ruby/PHP/PERL (good complements to Python. except > PHP, which should be hated and ostracized :) - Bash/Csh/PowerShell > (scripting++) - Go/C#/Java (you're going to want to know these > sooner or later) what would you add, and why? while it is nice to see that people are interesting in programming language where common bug classes of C and C++ are not present (read: no buffer overflows, format string exploits, no memory corruptions due to temporal safety (no double free etc.)). I suggest to look into http://media.ccc.de/browse/congress/2013/30C3_-_5412_-_en_-_saal_1_-_201312271830_-_bug_class_genocide_-_andreas_bogk.html - -- which is about a compiler plugin to get rid of these bug classes in C (or any other language using LLVM). Still, we can do better. The rise of the Curry-Howard correspondence (programs and proofs are the same!) resulted in several programming languages whose type systems are so expressive that it can carry mathematical proofs (of intuitionistic logics) around. The common hello-world example is a list carrying (at compile time!) its length around, and thus being able to verify that append called on a list of length n and a list of length m returns a list of length n + m (and that reverse returns a list of the same length). While it is true, that these examples and languages are used mainly in computer science at the moment, I hope to see more people attracted to these kind of languages, writing libraries and applications. I can recommend several languages: - coq (http://coq.inria.fr) [the tutorial software foundations http://www.cis.upenn.edu/~bcpierce/sf/ ] - agda (http://wiki.portal.chalmers.se/agda/pmwiki.php) - idris (http://www.idris-lang.org/) There are certain tradeoffs and minor differences between those, I have the most hope with idris at the moment (due to design decisions from a practical point of view). In the end, I hope that the dream of (at least partially) verified systems will be reality during my lifetime, Hannes -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iQIcBAEBCQAGBQJS3BUAAAoJELyJZYjffCjuF5MQALL5PqQyUYWH7TJQn6ZD3FwR vk/7OZwvlt2InHjFq1sx6mMp+k4/7Dc2Eb32rUPukU5NYIgmoIVGQz5rc3tTUUMH T8ttcjD8VP95Px26X3Gw3v9rD8QlWSUUdPtjC4IFK0lDhLmMzQDy49IPrh72XtEv GNZogxS29swhajhgh0UUieGoUnL55BafGnZoYu6j10OfY1qEsnLH++ISHM+G0HtS rOoi6dAlDW2wAj8Z6FopkWlTBuGjBeZD+csgg3y6r8LYRDKnl0KBcngdkHKjQ1UV UrqyYDiTOr2EG8ddYua7ZK756TdBDLVmsl5Er3KZFIaoY3D6QHvMbRd0NTNkSUJh yOqLS4RVlF22ztRKhn9oKTSyGRWRBIJCCPu7RPSHxs4fHJUfyRo1I2zI2RLaFNbU V5CYiS++EFgM+EyljcjoC5oYrjlEKA8lOAAgeaS0XJA1ViqnPo8BMsza50DLq7MS /MgWzSw8x43Ph4wjdeZwAH2XjM8Ek9SKXp+ojm61poYse2SWllfPyIZZOlDsAAgO Z0gjtZCFPVCEhoCTuSIULIJBQfcNkIoZw7feREwMYyV1bIdsOSjUC6bAIf6tmDB9 pkjO8jmyFC1B0GNeTBaLpIhcjdxtHz8xHi0f5U6uygt+pDZgCls7Xs3GgAWCoVHu e8+/2nfYpatyqDzmlkRh =Qz7b -----END PGP SIGNATURE----- From dal at riseup.net Sun Jan 19 16:34:30 2014 From: dal at riseup.net (Douglas Lucas) Date: Sun, 19 Jan 2014 18:34:30 -0600 Subject: independently assisting oversight of highly classified programs In-Reply-To: References: Message-ID: <52DC6F16.10907@riseup.net> Indeed, Daniel Ellsberg planned to have Congresspeople speak about the still-classified Pentagon Papers via this part of the Constitution. Senator Mike Gravel did it. You can read about it in Sanford J. Ungar's book The Papers & the Papers: an Account of the Legal and Political Battle over the Pentagon Papers. If I'm not mistaken, Gravel has spoken out in favor of Snowden. Douglas On 01/19/2014 06:06 PM, grarpamp wrote: > On Sun, Jan 19, 2014 at 10:26 AM, coderman wrote: >> now describe to me what happens when the session is over, their >> attendance complete, they return home, and then still find themselves >> having leaked classified information without authorization. > >> """ >> US Constitution - Art 1, Sec 6: >> The Senators and Representatives ... for any Speech or >> Debate in either House, they shall not be questioned in any other >> Place. >> """ > > As before, it's rather clear, speak/leak all you want in session, > nothing criminal happens. The deleted part refers to non-congressional > activities/crimes/places... like murder, or to congressional > activities/crimes/places such as taking bribes... that are not > speech/debate on the floor or activities directly related to that, > like storing classified leaks in your office pursuant to leaking them. > > More, just read it all yourself... > https://en.wikipedia.org/wiki/Gravel_v._United_States > https://en.wikipedia.org/wiki/James_Traficant > https://en.wikipedia.org/wiki/Category:Congressmen_stripped_of_committee_assignment > From measl at mfn.org Sun Jan 19 16:54:03 2014 From: measl at mfn.org (J.A. Terranson) Date: Sun, 19 Jan 2014 18:54:03 -0600 (CST) Subject: Welcome to the Asylum! In-Reply-To: <52DC56AC.7070507@cathalgarvey.me> References: <1c74501ba7ecf8b22d18efdef2c1e0bb@remailer.privacy.at> <52DC56AC.7070507@cathalgarvey.me> Message-ID: On Sun, 19 Jan 2014, Cathal Garvey wrote: > Does anybody happen to curate this list into a more signal>noise form? I > filter the noisier trolls, but everyone else then takes the troll-bait > and things continue to spiral downwards. Rian Wahby is our "Curator". > Who's actually here to discuss privacy and crypto? > > On 19/01/14 20:45, Anonymous Remailer (austria) wrote: > > Hi All, I would add its NOT just a mailing list, it IS instead an > > insane asylum and experiment in social darwinism where reputation > > capitol has replaced wealth in the currency of the group. > > > > just my .02 In the past, the list almost destroyed itself over the question of whether moderation equalls censorship, and a distributed list was created, where each feed was shared, but the moderation of what came in was decided by each node operator. I personally dont care about th S/N ratio too much, and as such, tend towards extremely light moderation of the silent variety. Obviously, Riad believes in open skies. As long as there is just one node, we really need an anything goes, each person needs to learn to control themselves approach. Me and Riad will be trying to hack mailmain inot a CDR system soon (the old one used the now long deprecated Majordomo scripting system). All the best, //Alif -- Those who make peaceful change impossible, make violent revolution inevitable. An American Spring is coming: one way or another. -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x988B9099.asc Type: application/pgp-keys Size: 6176 bytes Desc: URL: From grarpamp at gmail.com Sun Jan 19 16:06:33 2014 From: grarpamp at gmail.com (grarpamp) Date: Sun, 19 Jan 2014 19:06:33 -0500 Subject: independently assisting oversight of highly classified programs In-Reply-To: References: Message-ID: On Sun, Jan 19, 2014 at 10:26 AM, coderman wrote: > now describe to me what happens when the session is over, their > attendance complete, they return home, and then still find themselves > having leaked classified information without authorization. > """ > US Constitution - Art 1, Sec 6: > The Senators and Representatives ... for any Speech or > Debate in either House, they shall not be questioned in any other > Place. > """ As before, it's rather clear, speak/leak all you want in session, nothing criminal happens. The deleted part refers to non-congressional activities/crimes/places... like murder, or to congressional activities/crimes/places such as taking bribes... that are not speech/debate on the floor or activities directly related to that, like storing classified leaks in your office pursuant to leaking them. More, just read it all yourself... https://en.wikipedia.org/wiki/Gravel_v._United_States https://en.wikipedia.org/wiki/James_Traficant https://en.wikipedia.org/wiki/Category:Congressmen_stripped_of_committee_assignment From jamesd at echeque.com Sun Jan 19 01:22:20 2014 From: jamesd at echeque.com (James A. Donald) Date: Sun, 19 Jan 2014 19:22:20 +1000 Subject: Feeding trolls In-Reply-To: <20140119071700.F35E1106DD@a-pb-sasl-quonix.pobox.com> References: <52DB1E60.4070205@echeque.com> <20140119071700.F35E1106DD@a-pb-sasl-quonix.pobox.com> Message-ID: <52DB994C.9080406@echeque.com> On 2014-01-19 17:16, Bill Stewart wrote: > Sorry, James, but we really don't need sexist or racist trolling here. One way accommodation, wherein men accommodate female differences, but females do not accommodate male differences, is dysfunctional, as demonstrated by Katherine Hultgreen, and also admits the inequality that it denies. If you call it racism and sexism when characteristically male standards are upheld, this implicitly admits that women are different from men, and therefore in some activities and aspects inferior, while in others, the properly feminine sphere, superior. If women are equal to men, then they deserve to be called out if they fail to live up to characteristically male standards. If on the other hand, women are not equal to men, and require special treatment, http://www.the-spearhead.com/2011/11/13/special-needs-employees/ then they deserve a condescending pat on the head when they show up in male forums and need to be gently shepherded to a properly feminine environment, where they will not feel so out of place. You are trying to have your cake and eat it as well, one way equality, wherein women are not only equal to men, but more equal than men. If you call it racism and sexism when characteristically male standards are upheld, this has the unfortunate result that male behavior gets replaced by female behavior: Whereupon you get Katherine Hultgreen doing an Amelia Earhart. If feminism is the principle that women are equal to men, cannot be the Katherine Hultgreen/Amelia Earhart principle that women get special treatment to accommodate their failings and weaknesses. That path does not work. Characteristically male environments are characteristically male because of characteristically male virtues. Characteristically female environment are characteristically female because of characteristically female virtues. If we are to have integration without social decay, then females entering a characteristically male environment need to live up to difficult, stressful, uncomfortable, and unfamiliar standards, as Katherine Hultgreen demonstrated in the most dramatic and terrible possible fashion, and Cari Matchet demonstrated in a more frivolous and amusing fashion. From hannes at stressinduktion.org Sun Jan 19 10:43:43 2014 From: hannes at stressinduktion.org (Hannes Frederic Sowa) Date: Sun, 19 Jan 2014 19:43:43 +0100 Subject: Programming languages for a safe and secure future In-Reply-To: <52DC1500.3020805@mehnert.org> References: <1389950750.79148.YahooMailNeo@web141202.mail.bf1.yahoo.com> <52DAE12D.9080406@cypherpunks.to> <52DC1500.3020805@mehnert.org> Message-ID: <20140119184343.GF6302@order.stressinduktion.org> Hi Hannes! :) On Sun, Jan 19, 2014 at 06:10:08PM +0000, Hannes Mehnert wrote: > On 01/18/2014 23:29, coderman wrote: > > other languages on my short list: - C/C++ (it's everywhere. it > > will remain everywhere.) - Scheme/Lisp (for the perspective more > > than utility) - Ruby/PHP/PERL (good complements to Python. except > > PHP, which should be hated and ostracized :) - Bash/Csh/PowerShell > > (scripting++) - Go/C#/Java (you're going to want to know these > > sooner or later) what would you add, and why? > > while it is nice to see that people are interesting in programming > language where common bug classes of C and C++ are not present (read: > no buffer overflows, format string exploits, no memory corruptions due > to temporal safety (no double free etc.)). I suggest to look into > http://media.ccc.de/browse/congress/2013/30C3_-_5412_-_en_-_saal_1_-_201312271830_-_bug_class_genocide_-_andreas_bogk.html > - -- which is about a compiler plugin to get rid of these bug classes in > C (or any other language using LLVM). MPX was already committed to gcc trunk, so I hope this situation could improve in future (it is reverted for 4.9 but I think it will come back after the release in March). (I am still not sure how this will be rolled out, maybe by switching some software back to 32 bit to reduce the load on the pointer length lookup tables.) > The rise of the Curry-Howard correspondence (programs and proofs are > the same!) resulted in several programming languages whose type > systems are so expressive that it can carry mathematical proofs (of > intuitionistic logics) around. The common hello-world example is a > list carrying (at compile time!) its length around, and thus being > able to verify that append called on a list of length n and a list of > length m returns a list of length n + m (and that reverse returns a > list of the same length). > > While it is true, that these examples and languages are used mainly in > computer science at the moment, I hope to see more people attracted to > these kind of languages, writing libraries and applications. > > I can recommend several languages: > - coq (http://coq.inria.fr) [the tutorial software foundations > http://www.cis.upenn.edu/~bcpierce/sf/ ] > - agda (http://wiki.portal.chalmers.se/agda/pmwiki.php) > - idris (http://www.idris-lang.org/) Maybe you can comment a bit on the code extraction process into compilable languages. There seems to be a semantic differences between the proofable language and the language the extraction process targets in e.g. array handling(e.g. ocaml code) or just overflow handling in integers. I guess Idris does not have this problem? I always wondered if ats-lang would be the most suitable language for writing more typesafe code? Greetings, Hannes From measl at mfn.org Sun Jan 19 17:47:14 2014 From: measl at mfn.org (J.A. Terranson) Date: Sun, 19 Jan 2014 19:47:14 -0600 (CST) Subject: Feeding trolls In-Reply-To: <52DC650D.5070704@echeque.com> References: <52DB1E60.4070205@echeque.com> <20140119071700.F35E1106DD@a-pb-sasl-quonix.pobox.com> <52DB994C.9080406@echeque.com> <52DB9C9A.5030603@gogulski.com> <52DBCE08.7010404@echeque.com> <52DC650D.5070704@echeque.com> Message-ID: On Mon, 20 Jan 2014, James A. Donald wrote: > On 2014-01-20 05:48, J.A. Terranson wrote: > > - Amelia Earhart is a still un-caused crash. > > The reason they would not let her pilot the plane on the flight for which she > got the ticker tape parade is that she could not safely pilot the plane for > which she got the ticker tape parade. That they would not let her fly it, > despite extreme pressure to do so, suggests that if the had let her fly it, > she would have gotten killed all the faster. Or that mere sexism prevented her from flying a plan that she was more than capable of flying: since neither of were there at the time, we will never know for sure - making this moronic line of discussion moot. > > - Kara Hultgreen died because she was a crappy pilot > > They have been looking for a female pilot for the navy ever since they had > aircraft carriers. Total, utter bullshit, and you KNOW that to be so! Women were no allowed to even apply to a combat MOS until the 1990s! > In all these years, could not find one, so, under ever > increasing pressure to include women, decided to go with Kara Hultgreen, > because she was the best, Really? You have first hand personal knowledge that this is why she was chosen? Proof that she wasnt chosen because she happened to be the first woman who asked for that MOS, and gave them a chance to prove their PC creds by agreeing to let her try and qualify? No, you don't. And neither do I: both of can speculate, nothing more. > PC killed Amelia Earhart, Pure speculation. > and PC killed Kara Hultgreen. For this claim there is a lot more evidence: PC was a factor in her death, since they certified her as a competent pilot on a plane she clearly could not fly. Don't get me wrong, I'm not arguing for PC: I loathe PC! But it's just as bad as the mutually stupid universal declarations you are making. > Similarly, successful businesses stuff all their female executives into HR, > keeping them away from decisions that could screw up the business. You need to wake up! Look around, there are a lot of female ceo's of big business today. Even Fortune 100 companies. > In due course, we will have non flying navy pilots with same uniforms and > honors as flying navy pilots, and all the female pilots will be non flying. > All the naval pilots that actually fly will be given girly uniforms. > Emasculation will be required in order to provide a more female friendly > environment for the non flying pilots. This is just your fear of feminization coming out: what's the matter, did the local priest play with you when you were a kid, or was you father a "man's man" who ran when someone looked at him mean? What the fuck are you overcompensating for? This almost looks like Homosexual Panic. //Alif -- Those who make peaceful change impossible, make violent revolution inevitable. An American Spring is coming: one way or another. From measl at mfn.org Sun Jan 19 17:48:57 2014 From: measl at mfn.org (J.A. Terranson) Date: Sun, 19 Jan 2014 19:48:57 -0600 (CST) Subject: Al-qaeda.net deprecated (was: Note to new-ish subscribers) In-Reply-To: <20140120004239.4E674F6E6@a-pb-sasl-quonix.pobox.com> References: <20140119181507.GA22336@antiproton.jfet.org> <1390174697.11793.72791097.3940EAF2@webmail.messagingengine.com> <20140120004239.4E674F6E6@a-pb-sasl-quonix.pobox.com> Message-ID: On Sun, 19 Jan 2014, Bill Stewart wrote: > Date: Sun, 19 Jan 2014 16:09:31 -0800 > From: Bill Stewart > To: Shawn K. Quinn > Cc: cypherpunks at cpunks.org > Subject: Re: Al-qaeda.net deprecated (was: Note to new-ish subscribers) > > At 03:38 PM 1/19/2014, Shawn K. Quinn wrote: > > On Sun, Jan 19, 2014, at 02:45 PM, John Young wrote: > > > What happened to cypherpunks.org? Who owns it? It's > > > registration is hidden behind GoDaddy. Listed Servers: > > > > > > Name Server:NS.CYPHERPUNKS.TO > > > Name Server:ASTERIA.DEBIAN.OR.AT > > > > > > http://www.cypherpunks.to/ list familiar > > > people. > > The "webmaster" mailbox at the domain appears to work, so maybe just > > asking them will give you useful info. > > Cypherpunks.to is Lucky Green and friends; looks like it's based at/near > xs4all.nl. Great: if we go back to distribution, we can bring all of us back into the fold. //Alif -- Those who make peaceful change impossible, make violent revolution inevitable. An American Spring is coming: one way or another. From coderman at gmail.com Sun Jan 19 20:06:57 2014 From: coderman at gmail.com (coderman) Date: Sun, 19 Jan 2014 20:06:57 -0800 Subject: cypherpunks and hackers who dont code? In-Reply-To: References: Message-ID: On Sun, Jan 19, 2014 at 8:04 PM, Peter Gutmann wrote: > ... > Naah, it'd be displayed as a VU-meter style 10-LED display. When you boot it, > all ten LEDs slowly light up as the boot progresses. Then when you go online, > the 11th LED superglued onto the end of the other ten lights up as well. Peter++ ... then, somewhere in the background: KISS begins to play. From coderman at gmail.com Sun Jan 19 20:18:58 2014 From: coderman at gmail.com (coderman) Date: Sun, 19 Jan 2014 20:18:58 -0800 Subject: Feeding trolls In-Reply-To: References: <52DB1E60.4070205@echeque.com> <20140119071700.F35E1106DD@a-pb-sasl-quonix.pobox.com> <52DB994C.9080406@echeque.com> <52DB9C9A.5030603@gogulski.com> <52DBCE08.7010404@echeque.com> <52DC650D.5070704@echeque.com> <52DC8DE5.5020009@echeque.com> Message-ID: On Sun, Jan 19, 2014 at 7:20 PM, Lodewijk andré de la porte wrote: > We're coming at this from the wrong angle. > > We need a plane that flies women, not a woman to fly a plane! with that heated discussion at a close, is this also the forum where i can complain about earthhumans? those meat bags are such buggy bastards! wetware all sorts of tangled with antiquated and historical predispositions... how can anyone logically reason in such a thing?? (those bulbous chemical networks balanced atop meat bag suits, that is. i forget what they call them, :) best regards, except to earthhumans. From coderman at gmail.com Sun Jan 19 20:49:07 2014 From: coderman at gmail.com (coderman) Date: Sun, 19 Jan 2014 20:49:07 -0800 Subject: request for leaks: standards for secret (not published) true hardware random number generator requirements used by NSA Message-ID: on an unrelated tangent, also curious about the secret encryption suites (better than AES/ECDSA/ECDH/SHA? or just undisclosed different?[0]) perhaps the only individual who designed and implemented thought he was working on coding for radios lugged by grunts out in fields of adventure, now long retired into obscurity forever more... been trying to buy me some blackers with bitcoin; coming up empty not even a mucked boot for my fishing function. is it so much to ask??? best regards, except to earthhumans 0. that is to say, could this be true by tweaking constants and growing key bits? AES ~= MEDLEY ECDSA ~= SHILLELAGH ECDH ~= BATON SHA ~= SAVILLE ADH ~= WALBURN TRNG ~= JOSEKI-1 bonus points for leaking to https://en.wikipedia.org/wiki/NSA_Suite_A_Cryptography via the NSA TAO Covert Network! From coderman at gmail.com Sun Jan 19 20:56:00 2014 From: coderman at gmail.com (coderman) Date: Sun, 19 Jan 2014 20:56:00 -0800 Subject: request for leaks: standards for secret (not published) true hardware random number generator requirements used by NSA In-Reply-To: References: Message-ID: On Sun, Jan 19, 2014 at 8:49 PM, coderman wrote: > ... > perhaps the only individual[s] who designed and implemented [Suite A...] > was working on coding for radios lugged by grunts out in fields of > adventure, now long retired into obscurity forever more... perhaps it was a team. i ask only partly in jest; after all, if the algorithms are intended to be secret themselves, compartmentalizing the effort in such a way to appear as a pedestrian, otherwise routine application of the maths. if you were the NSA and wanted to delegate the task of secret cipher development, how would you disguise the nature and intent of the work so assigned? (does the NSA do a lot of bioinformatics? :) best regards, except to replicants From coderman at gmail.com Sun Jan 19 21:03:17 2014 From: coderman at gmail.com (coderman) Date: Sun, 19 Jan 2014 21:03:17 -0800 Subject: request for leaks: standards for secret (not published) true hardware random number generator requirements used by NSA In-Reply-To: References: Message-ID: On Sun, Jan 19, 2014 at 8:49 PM, coderman wrote: > ... > ADH ~= WALBURN queried one squishy earthhuman meatbag: "ADH as in anon Diffie Hellman? Why use that?" in this context it is not un-authenticated in the traditional sense of anonDH in various cipher suites. since algorithm itself is secret, ability to utilize it itself attests to authentication, even if somewhat limited in this aggregate form. see also: single packet authentication/authorization, port knocking, etc. best regards, except to nonterrestrial encephalopods From grarpamp at gmail.com Sun Jan 19 18:04:46 2014 From: grarpamp at gmail.com (grarpamp) Date: Sun, 19 Jan 2014 21:04:46 -0500 Subject: independently assisting oversight of highly classified programs In-Reply-To: References: <52DC6F16.10907@riseup.net> Message-ID: > coderman for congress! People always seem to overestimate how hard it would be to sneak the CP, democratic rational thought scientific problem solving forward looking openness world peace warp drive or any other sane agenda into Congress. Congress is filled by people who can bullshit other people [1], that's it. If you can do that, you're in. Rise to some committee chair and if you still haven't turned to the dark side by then, well... it's your place, have fun remodeling. [1] And those who never grew up with or know the internet. When the last decade of teen torrent pirates and hackers finish college or turn politics in second life, things should get interesting. Permeation of all things internet has simply never happened before in history and is now on tap. Certainly many of you early adopting BTC hodlers could bankroll a good campaign with it before BTC goes to zero. From coderman at gmail.com Sun Jan 19 21:07:26 2014 From: coderman at gmail.com (coderman) Date: Sun, 19 Jan 2014 21:07:26 -0800 Subject: hacker != cracker (Re: Swartz, Weev & radical libertarian lexicon) In-Reply-To: References: Message-ID: On Sun, Jan 12, 2014 at 9:49 PM, coderman wrote: > ... > the third: a "research experiment" ... so it turns out to be in my best interest not to do this one for the foreseeable future. (~_~;) regarding other two: i will have the first tale done before end of month. best regards, From mixmaster at remailer.privacy.at Sun Jan 19 12:08:11 2014 From: mixmaster at remailer.privacy.at (Anonymous Remailer (austria)) Date: Sun, 19 Jan 2014 21:08:11 +0100 (CET) Subject: Cypherpunks is NOT a safe place for fools Message-ID: To whom it may concern: Cypherpunks is NOT a safe place for fools. People have gone to prison for years on here for making very foolish statements and taking foolish actions. You DONT know you are chatting with(Hi agent Gordon!) Others are agent provocateur(s) posing as something else(social activists(and reporting to the FBI/NSA etc)) be afraid be very afraid From mlp at upstandinghackers.com Sun Jan 19 12:30:36 2014 From: mlp at upstandinghackers.com (Meredith L. Patterson) Date: Sun, 19 Jan 2014 21:30:36 +0100 Subject: Feeding trolls In-Reply-To: <52DC3028.1040001@echeque.com> References: <52DB9C9A.5030603@gogulski.com> <20140119140401.0B2412280AD@palinka.tinho.net> <52DC3028.1040001@echeque.com> Message-ID: <20140119203035.GA12415@nestor.local> On Mon, Jan 20, 2014 at 06:06:00AM +1000, James A. Donald wrote: > You can put girls in the army, and all that immediately happens is > that the march slows down Ah, fond memories of the 12k march back from my BCT FTX, which I did on an ankle that I'd sprained twice in three days, making my way from the rear of the column to the very front as males and females alike fell back from fatigue. (If you sing cadence louder, the rest of you hurts less.) Herp derp exception that proves the rule; your argument is invalid. Cheers, --mlp From coderman at gmail.com Sun Jan 19 21:39:10 2014 From: coderman at gmail.com (coderman) Date: Sun, 19 Jan 2014 21:39:10 -0800 Subject: Fwd: [tor-talk] giving up pseudonymity after collecting experiences with pseudonymous project development In-Reply-To: <52DA7D13.4010201@riseup.net> References: <52DA7D13.4010201@riseup.net> Message-ID: i find these kinds of experiments fascinating and would love to see more of them! ---------- Forwarded message ---------- From: Patrick Schleizer Date: Sat, Jan 18, 2014 at 5:09 AM Subject: [tor-talk] giving up pseudonymity after collecting experiences with pseudonymous project development You may have noticed that I, previously known only known under the pseudonym adrelanos, decided to give up my pseudonymity. It was an interesting experience to pseudonymously maintain a Linux distribution (Whonix). I've learned a lot during these ~ 2 years. I didn't have too bad luck in the lottery of life and are won a citizenship, which is at low risk compared to less lucky ones. Living in a country, where pseudonymity for this kind of activity isn't crucial. Fortunately, according to latest press, neither the US nor Germany are killing their own citizen for criticizing "the system". That is, the mass surveillance police state, the military industrial complex, the system of economy, that needs exponential growth to prevent imploding. And so it doesn't become even worse, and better for the less lucky ones, it is important to speak out in public and to take action. Staying pseudonymous for such a long time became more and more a burden. For me, it is not healthy for psychology. When pseudonymously working a a project, you cannot tell anyone about it and they're wondering with what you never tell much. You need to constantly second guess every tiny action. Concentrate on not messing up. Also you'll never know if you already messed up and if "they" already know who you are. You only need to mess up once, and you're always linked to that project. Lucky me, I wasn't forced to stay pseudonymous for ever. I am looking forward to continue contributing to the awesome Free (as in freedom) Software community. Being no longer pseudonymous allows me to speak at conferences, to attend key singing parties, to meet up with other developers, to voice chat with other developers, to chat on IRC without fear of leaking too much information, to be less paranoid, sometimes even running searches in clearnet if that is more convenient, and so forth. From grarpamp at gmail.com Sun Jan 19 18:39:23 2014 From: grarpamp at gmail.com (grarpamp) Date: Sun, 19 Jan 2014 21:39:23 -0500 Subject: independently assisting oversight of highly classified programs In-Reply-To: <9A539A7A-AF1E-434F-AE67-D36FA92CA5E5@gmail.com> References: <9A539A7A-AF1E-434F-AE67-D36FA92CA5E5@gmail.com> Message-ID: On Sun, Jan 19, 2014 at 5:56 PM, Philip Shaw wrote: > reading documents into the public record would be useful (since it would give us all legitimate access), it wouldn’t help subsequent publishers. It's public record at that point... when acting under that context, anyone can read and publish it. Be it the Press/WL or Jane Public. Or perhaps even congressperson, NSA, military, executive branch, etc... so long as they were say officially off work as anyone might be in the evening at the library or on vacation visiting their capitol... though you probably wouldn't want to actually try it (ref also: the military blocking WL website from soldiers), just let the Press do it. You just can't be cleared/NDA'd and do the initial leak, unless you change policy by fiat (exec order), or are Rep/Sen and speak in congress. From mixmaster at remailer.privacy.at Sun Jan 19 12:45:16 2014 From: mixmaster at remailer.privacy.at (Anonymous Remailer (austria)) Date: Sun, 19 Jan 2014 21:45:16 +0100 (CET) Subject: Welcome to the Asylum! Message-ID: <1c74501ba7ecf8b22d18efdef2c1e0bb@remailer.privacy.at> Hi All, I would add its NOT just a mailing list, it IS instead an insane asylum and experiment in social darwinism where reputation capitol has replaced wealth in the currency of the group. just my .02 From coderman at gmail.com Sun Jan 19 21:57:54 2014 From: coderman at gmail.com (coderman) Date: Sun, 19 Jan 2014 21:57:54 -0800 Subject: cypherpunks buy the farm Message-ID: regarding various altcoin pools for various eventualities: consider a cypherpunk insurance pool with coins allocated fractionally by some agreed upon method or individual contribution. in the event of their untimely demise for any reason, said funds delivered to designated entity named by prior cryptographic signature (which must be frequently re-attested). would it be useful to have a pool for cypherpunks who "buy the farm"? expenses per "buy the farm" may be as trivial as re-homing your cat and books, or as extensive as a large family with medical complications, significant debt obligations, and unexpected costly events of unplanned nature requiring support decades into the future. --- the only restriction which may be advisable is prohibiting the designated beneficiary from running a death pool against specific or general groups of individuals. my distributed graph solver still crunching, but preliminary results suggest that a critical threshold of cypherpunks with wills to death pools combined with a specific trigger set of few otherwise natural deaths multiplies into a maelstrom of murder; presuming of course that a reasonably robust death prediction market or assassination market comes into existence which satisfies the pre-conditions of my computational game theory model of this multi-party, multi-round stratagem mapped over a topological isomorphism of the entire set of probabilities for a given set of initial conditions into a single high order topological manifold transformation collected in aggregate for an overall motif of risk... will advise. best regards, From dan at geer.org Sun Jan 19 19:15:54 2014 From: dan at geer.org (dan at geer.org) Date: Sun, 19 Jan 2014 22:15:54 -0500 Subject: Feeding trolls In-Reply-To: Your message of "Mon, 20 Jan 2014 09:51:41 +1000." <52DC650D.5070704@echeque.com> Message-ID: <20140120031554.5A56A228091@palinka.tinho.net> F-14A Mishap Investigation Report full text http://www.panix.com/~baldwin/hultgreen_mir.txt --dan From l at odewijk.nl Sun Jan 19 13:24:14 2014 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Sun, 19 Jan 2014 22:24:14 +0100 Subject: Feeding trolls In-Reply-To: References: <52DB9C9A.5030603@gogulski.com> <20140119140401.0B2412280AD@palinka.tinho.net> <52DC3028.1040001@echeque.com> Message-ID: I think muslims do it all much better. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 56 bytes Desc: not available URL: From coderman at gmail.com Sun Jan 19 22:24:39 2014 From: coderman at gmail.com (coderman) Date: Sun, 19 Jan 2014 22:24:39 -0800 Subject: cypherpunks buy the farm In-Reply-To: References: Message-ID: On Sun, Jan 19, 2014 at 9:57 PM, coderman wrote: > ... cypherpunks who "buy the farm" yes, this is a euphamism for cypherpunks get dead. ... not sure i sent Death[0] that CTCP_FU while the anonymous VPN was up; damnit session timeout and re-keying, why do you happen at the worst possible time?!? return path half-RTT makes me concerned. i'm sure it's cool. right? it was only one packet... --- --- 0. this my petname for her[1] of course; the ORCHIDv6 he gave me to peer up of course totally useless from your perspective. 1. she[2] is most comfortable as that grade school geeky girl better in math and science by elementary than you ever got post high school. she's a modest and unremarkable creature with the power to kill everyone and the desire to harm no one. 2. btw, conventional studies indicate gender is a fluid spectrum of being as a sexual entity / ego. i'm afraid this is still a very rudimentary and crude endeavor. it appears my primary dipole cranial antenna has been recessed to attenuate incoming frequencies; this alteration of input stimulus driving unanticipated and unpredictable changes in behavior and disposition. i may have self inflicted rational compromise; please use caution when adjusting control loop valves as runaways and strong attractors without active fail-safe is certain stasis! 3. is the last of the first primes. don't discriminate against the unit! end singleton oppression! From coderman at gmail.com Sun Jan 19 22:28:13 2014 From: coderman at gmail.com (coderman) Date: Sun, 19 Jan 2014 22:28:13 -0800 Subject: cypherpunks buy the farm In-Reply-To: References: Message-ID: On Sun, Jan 19, 2014 at 10:24 PM, coderman wrote: > ... > yes, this is a euphamism https://en.wikipedia.org/wiki/Buy_the_farm#Euphemisms_for_death_and_murder """ The English language contains numerous euphemisms related to dying, death, burial, and the people and places that deal with death. The practice of using euphemisms for death is likely to have originated with the magical belief that to speak the word "death" was to invite death; where to "draw Death's attention" is the ultimate bad fortune: a common theory holds that death is a taboo subject in most English-speaking cultures for precisely this reason... Someone who has died is said to have passed on, checked out, cashed in their chips, bit the big one, kicked the bucket, keeled over, bit the dust, popped their clogs, pegged it, carked it, was snuffed out, turned their toes up, hopped the twig, bought the farm, got zapped, written their epitaph, fell off their perch, croaked, gave up the ghost (originally a more respectful term, cf. the death of Jesus as translated in the King James Version of the Bible Mark 15:37), gone south, gone west, gone to California, shuffled off this mortal coil (from William Shakespeare's Hamlet), run down the curtain and joined the Choir Invisible, or assumed room temperature (actually a dysphemism in use among mortuary technicians). When buried, they may be said to be pushing up daisies, sleeping the big sleep, taking a dirt nap, gone into the fertilizing business, checking out the grass from underneath or six feet under. Euthanasia also attracts euphemisms. One may put one out of one's misery, put one to sleep, or have one put down, the latter two phrases being used primarily with dogs, cats, and horses who are being or have been euthanized by a veterinarian. (These terms are not usually applied to humans, because both medical ethics and law deprecate euthanasia.) Some euphemisms for killing are neither respectful nor playful, but instead clinical and detached, including terminate, wet work, to take care of one, to do them in, tooff, or to take them out. To cut loose or open up on someone or something means "to shoot at with every available weapon". Gangland euphemisms for murder includeventilate, whack, rub out, liquidate, cut down, hit, take him for a ride, string him up, cut down to size, or "put him in cement boots," "sleep with the fishes" or "put him in a concrete overcoat," the latter three implying disposal in deep water, if then alive by drowning; the arrangement for a killing may be a simple "contract" with the victim referred to as the "client," which suggests a normal transaction of business. One of the most infamous euphemisms in history was the German term Endlösung der Judenfrage, frequently translated in English as "the Final Solution of the Jewish Question", a systematic plan for genocide of the Jews. Even if not associated with the Holocaust, the Nazis used such terms as Schutzhaft, best translated as "protective custody" for persons seeking shelter from street violence by Nazi militias, but such shelter leading quickly to long-term incarceration in a Nazi prison for political offenders who often got murdered, and Sonderbehandlung, whose translation "special treatment" implies privileged protection but in practice meant summary execution. Nazi officials authorized the disappearance of hostages into 'night and fog' (Nacht und Nebel) whence few returned. "Charitable Ambulances" for the buses which took mental patients away to killing centers, and "Lazarett" (a quarantine clinic for ill travelers) for the shooting-pits where severely ill death camp arrivals would be executed. """ now if you'll excuse me i must go custodian that affirmative action with some power room in the family way... best regards, except for the class P-SPACE and its familial complexity co-conspirators From jamesd at echeque.com Sun Jan 19 04:41:19 2014 From: jamesd at echeque.com (James A. Donald) Date: Sun, 19 Jan 2014 22:41:19 +1000 Subject: Feeding trolls In-Reply-To: <52DB994C.9080406@echeque.com> References: <52DB1E60.4070205@echeque.com> <20140119071700.F35E1106DD@a-pb-sasl-quonix.pobox.com> <52DB994C.9080406@echeque.com> Message-ID: <52DBC7EF.1070301@echeque.com> Bill Stewart wrote: > Sorry, James, but we really don't need sexist or racist trolling here. The reason Cari Matchet is behaving so badly, is that no one has ever been allowed to laugh at her. From hozer at hozed.org Sun Jan 19 20:43:28 2014 From: hozer at hozed.org (Troy Benjegerdes) Date: Sun, 19 Jan 2014 22:43:28 -0600 Subject: Welcome to the Asylum! In-Reply-To: References: <1c74501ba7ecf8b22d18efdef2c1e0bb@remailer.privacy.at> <52DC56AC.7070507@cathalgarvey.me> Message-ID: <20140120044328.GP3180@nl.grid.coop> On Sun, Jan 19, 2014 at 06:54:03PM -0600, J.A. Terranson wrote: > > On Sun, 19 Jan 2014, Cathal Garvey wrote: > > > Does anybody happen to curate this list into a more signal>noise form? I > > filter the noisier trolls, but everyone else then takes the troll-bait > > and things continue to spiral downwards. > > Rian Wahby is our "Curator". > > > Who's actually here to discuss privacy and crypto? > > > > On 19/01/14 20:45, Anonymous Remailer (austria) wrote: > > > Hi All, I would add its NOT just a mailing list, it IS instead an > > > insane asylum and experiment in social darwinism where reputation > > > capitol has replaced wealth in the currency of the group. > > > > > > just my .02 > > In the past, the list almost destroyed itself over the question of whether > moderation equalls censorship, and a distributed list was created, where > each feed was shared, but the moderation of what came in was decided by > each node operator. I personally dont care about th S/N ratio too much, > and as such, tend towards extremely light moderation of the silent > variety. Obviously, Riad believes in open skies. As long as there is just > one node, we really need an anything goes, each person needs to > learn to control themselves approach. > > Me and Riad will be trying to hack mailmain inot a CDR system soon (the > old one used the now long deprecated Majordomo scripting system). I want to apologize to everyone else for having to put up with me taking up the troll-bait and having a nice shit-wrestle. The experience (experiment?) did, however, confirm my personal conviction that privacy and anonymity are expensive, and we as a society generally have to pay that cost for others, and the cost continues to spiral out of control as surveillance capabilities spiral out of control. See subject {}coin for what I hope might be part of a solution. -- Troy From cathalgarvey at cathalgarvey.me Sun Jan 19 14:50:20 2014 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Sun, 19 Jan 2014 22:50:20 +0000 Subject: Welcome to the Asylum! In-Reply-To: <1c74501ba7ecf8b22d18efdef2c1e0bb@remailer.privacy.at> References: <1c74501ba7ecf8b22d18efdef2c1e0bb@remailer.privacy.at> Message-ID: <52DC56AC.7070507@cathalgarvey.me> More plausible: it's evidence that you don't need anything as complex as cointelpro these days, just some inflammatory sock puppets. A list will proceed to eat itself alive in due course. Does anybody happen to curate this list into a more signal>noise form? I filter the noisier trolls, but everyone else then takes the troll-bait and things continue to spiral downwards. Who's actually here to discuss privacy and crypto? On 19/01/14 20:45, Anonymous Remailer (austria) wrote: > Hi All, I would add its NOT just a mailing list, it IS instead an > insane asylum and experiment in social darwinism where reputation > capitol has replaced wealth in the currency of the group. > > just my .02 > -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x988B9099.asc Type: application/pgp-keys Size: 6176 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 901 bytes Desc: OpenPGP digital signature URL: From grarpamp at gmail.com Sun Jan 19 19:56:48 2014 From: grarpamp at gmail.com (grarpamp) Date: Sun, 19 Jan 2014 22:56:48 -0500 Subject: independently assisting oversight of highly classified programs In-Reply-To: <0E173C87-EAB3-4BCB-AAA1-0AC3B9DF4BA7@gmail.com> References: <9A539A7A-AF1E-434F-AE67-D36FA92CA5E5@gmail.com> <0E173C87-EAB3-4BCB-AAA1-0AC3B9DF4BA7@gmail.com> Message-ID: On Sun, Jan 19, 2014 at 10:05 PM, Philip Shaw wrote: > do state legislatures have an equivalent of parliamentary privilege That's in the first link I sent. > and if so does it protect state legislators from federal law? Afaik, states / state legislatures are not bound to protect classified fed secrets that just appear on their doorstep, only their own... they're separate entities. But with LEA/FOUO there are lots of data sharing memorandums and general enabling law between state and fed, ie: state driver bureaus, criminal records. geo resources, etc. Unlikely outside of such interagency use that fed top secrets would even make it to the state legislatures... largely irrelevant to their interests unless it's about where to get good Cuban cigars. All afaik, you'd have to research more. Also: FAS secrecy blog, US national archives, foia, etc. From mixmaster at remailer.privacy.at Sun Jan 19 13:58:33 2014 From: mixmaster at remailer.privacy.at (Anonymous Remailer (austria)) Date: Sun, 19 Jan 2014 22:58:33 +0100 (CET) Subject: test 1a Message-ID: <5d809a515d3dd400c2b80056868e8b42@remailer.privacy.at> this is a test of remailer white listing From hozer at hozed.org Sun Jan 19 21:01:32 2014 From: hozer at hozed.org (Troy Benjegerdes) Date: Sun, 19 Jan 2014 23:01:32 -0600 Subject: {}coin: good enough for election politics? Message-ID: <20140120050132.GQ3180@nl.grid.coop> I may be a fool, but I'm not fool enough to play with Assassination politcs. I am, however, stupid enough to go do something provacative like attempt to prove that code is speech, money is code, and someone better figure out a better way to deal with campaign finance or we are all screwed. So I present {}coin, the broken cryptocurrency, neutered of all the privacy I can strip out of it, for broken election systems. https://bitbucket.org/dahozer/-- Could a good anonoperson cipherpunk tack on higher-level layers that are actually anonymous, as opposed too what I see being proposed for Bitcoin? Probably. >From the techno-political-economic angle, it looks like overlaying distributed high-frequency futures trading would provide more than enough noise on top of fully-surveillable {}coin to provide a sufficient anonymity set, while actually providing a usefull value to us farmers, who could actually see who's on the other side of a trade. The experts at stealth, redirection, misdirection, and over-all dirty tricks (aka Wall Street) could simply move up a few layers and continue their anonymous game-of-thrones ( I mean game of CEO), and hide in plain sight in huge volumes of trades, and then so could anyone else. But then **I** don't have to pay to be someone else's anonymity set, and I could make money if I wanted to play that game, and take money from those who want to hide, instead of having value siphoned off by thousands of economic vampires hiding under regulatory capture of our current finance system. Does this sound anywhere near possible, or am I just an optimistic hashcash fool? From coderman at gmail.com Sun Jan 19 23:03:44 2014 From: coderman at gmail.com (coderman) Date: Sun, 19 Jan 2014 23:03:44 -0800 Subject: Fwd: [tor-talk] giving up pseudonymity after collecting experiences with pseudonymous project development In-Reply-To: References: Message-ID: On Sun, Jan 19, 2014 at 10:51 PM, Peter Gutmann wrote: > ... > His ideas are intriguing to you and you wish to subscribe to his newsletter? also, A+++ Would Transact Again! more interesting reports: "The Memoirs of Eleusis" see http://w3.cultdeadcow.com/cms/2005/03/a-classic-lost.html , context: http://www.erowid.org/archive/rhodium/chemistry/eleusis/eleusis.vs.fester.html they removed Eleusis from marketplace and revoked keys; apparently ToS or something... best regards, except for those uppity aromatic indole rings From jamesd at echeque.com Sun Jan 19 05:07:20 2014 From: jamesd at echeque.com (James A. Donald) Date: Sun, 19 Jan 2014 23:07:20 +1000 Subject: Feeding trolls In-Reply-To: <52DB9C9A.5030603@gogulski.com> References: <52DB1E60.4070205@echeque.com> <20140119071700.F35E1106DD@a-pb-sasl-quonix.pobox.com> <52DB994C.9080406@echeque.com> <52DB9C9A.5030603@gogulski.com> Message-ID: <52DBCE08.7010404@echeque.com> On 01/19/2014 10:22 AM, James A. Donald wrote: >> Characteristically male environments are characteristically male >> because of characteristically male On 2014-01-19 19:36, Mike Gogulski wrote: > privilege. If it was privilege, it would not have been necessary to kill Amelia Earhart and Kara Hultgreen in the effort to manufacture poster girls. From hozer at hozed.org Sun Jan 19 21:13:32 2014 From: hozer at hozed.org (Troy Benjegerdes) Date: Sun, 19 Jan 2014 23:13:32 -0600 Subject: [OT] Note to new-ish subscribers: you joined a mailing list, not a "group". (fwd) In-Reply-To: <20140119181507.GA22336@antiproton.jfet.org> References: <20140119181507.GA22336@antiproton.jfet.org> Message-ID: <20140120051332.GR3180@nl.grid.coop> On Sun, Jan 19, 2014 at 01:15:07PM -0500, Riad S. Wahby wrote: > "J.A. Terranson" wrote: > > experiencing some kind of random delivery issue > > @al-qaeda.net is deprecated. Apologies: I should have announced this > on-list before I made the related configuration changes. > > In case anyone suspects censorship, chilling effects, et cetera, the > explanation is actually much more innocuous: I'm trying to cut down the > amount of spam my poor little VPS has to handle, and as you might > imagine the amount that goes to @al-qaeda.net is *staggering*. > > (More to the point, after running the list @al-qaeda.net for more than > ten years, this small gesture isn't going to somehow erase the > internet's long memory.) > > -=rsw I was struggling with spamassassin and attemping to implement reject- -at-smtp time filtering, and reading about this 'hashcash' idea, several years ago and thinking maybe it would be nice if someone would *pay* me to read their email. We have lots of privacyscam hash-cash code running around these days, so what are the chances of just advertising you only accept mail that includes a *coin payment to the recipient? (Granted, it's low because most *coiners don't seem to understand what mail is given they can't even figure out how to install mailman, but the hope remains) -- Troy From grarpamp at gmail.com Sun Jan 19 20:25:24 2014 From: grarpamp at gmail.com (grarpamp) Date: Sun, 19 Jan 2014 23:25:24 -0500 Subject: "the ability of the government to go back to taps collected years earlier to look for material with which to influence potential witnesses in the present" In-Reply-To: <20140120000018.5B373F53B@a-pb-sasl-quonix.pobox.com> References: <20140120000018.5B373F53B@a-pb-sasl-quonix.pobox.com> Message-ID: > (2) threats to the United States and its interests from terrorism; Not only is the action not well defined 'terrorism', nor is the resultant 'threat' from it, nor is the source and sink of that action. So not only is Muhammad flying his private 747 from Arabia into the Empire State subject to general warrants in bulk... so is Joe Midwest Farmer marching on Congress pitchfork in hand or burning his fields to stop up the just in time food flow in protest of some subsidy issue. Same loose interpretation could be applied to most of those stanzas. Weasel words and mission creep, a year from now and everything will be the same, unless Joe and Corp do in fact continue to get up and act up about it. On Sun, Jan 19, 2014 at 7:00 PM, Bill Stewart wrote: > At 09:14 AM 1/19/2014, coderman wrote: >> >> (2) threats to the United States and its interests from terrorism; > > Terrorism was the previous justification for the bulk collection > and for the 3-degrees-of-separation "rule", so no change. > > >> (3) threats to the United States and its interests from the >> development, possession, proliferation, or use of weapons of mass >> destruction; > > When Dubya Bush was trying to justify invading Iraq, > he talked about WMDs as "nuculur bombs" and chemical and biological > weapons. > But when some angry young zealot tried to car-bomb Times Square > using > "explosives" he'd gotten from an FBI informant, > they also charged him with making "weapons of mass destruction", > the Boston Marathon bombers got charged with that, > and I think even pipe bombs have been called WMDs recently. > > So WMDs might be any random young resident calling his brother or > cousin, > and the NSA still gets to Tap All The Phones. > > >> (4) cybersecurity threats; [ED: WTF???] > > Hey, the guy might be using Skype to call his cousin instead of > minutes. > And people are constantly trying to hack the computers at military > facilities, > banks, and civilian government agencies, either with deliberate > targeting > or just because it's easier not to program your botnet to use > whitelists, > and maybe that defense contractor's supercomputer can mine Litecoins > fast. > > So no, I don't see the situation improving soon, and > certainly not before they repeal Moore's Law. > From coderman at gmail.com Sun Jan 19 23:33:29 2014 From: coderman at gmail.com (coderman) Date: Sun, 19 Jan 2014 23:33:29 -0800 Subject: independently assisting oversight of highly classified programs In-Reply-To: References: Message-ID: On Sat, Jan 18, 2014 at 3:43 PM, coderman wrote: > ... my understanding is that statements in congress are public, > and subject to same unauthorized disclosure laws. only the POTUS can > unilaterally decide to "leak" something in public without legal > repercussions (impeachment aside). i was wrong, and the POTUS angle by Executive Order 13526 implies he/she/$POTUS can clarify at will. seems there is a longer history of not just presidents but also congress leaking secrets. does anyone know the specific instances covered in these texts? - Burn Before Reading, Stansfield Turner - The Deadly Bet, Walter LaFaber - Seeds of Terror, Gretchen Peters - Classified Information in "Obama's Wars", Jack Goldsmith, Lawfare also interesting that classifying non-government-generated information has not been tried in the courts; the Sean P. Gorman incident not applicable as my understanding is that he received clearance and they built a SCIF on the university campus for him to finish studies and perform research in an official capacity for USGov. best regards, except those byzantine general warmongers From wahspilihp at gmail.com Sun Jan 19 05:28:11 2014 From: wahspilihp at gmail.com (Philip Shaw) Date: Sun, 19 Jan 2014 23:58:11 +1030 Subject: Hmm maybe so maybe not Re: "Blackphone" said to be "a super-secure nsa-proof" In-Reply-To: References: <1389950750.79148.YahooMailNeo@web141202.mail.bf1.yahoo.com> <52DAE12D.9080406@cypherpunks.to> Message-ID: On 19 Jan 2014, at 9:59 , coderman wrote: > > 0. not trying to be a dick, but a dismissive chick label in this > situation intentional. employing attractive women (or men?) to HUMINT > targets may be par for the social engineering conference course, > but subterfuge based in sexual wiles == cheap shots and disrespect. > > oh how hard i had to work to stifle a chuckle when $fed_chick > explained she was "in desktop security but moving into laptops..." > > see also: "beware strangers with candy” Actually, for the feds that isn’t an entirely dumb idea, if their honey traps can’t manage to pretend to be delegates. Being so obviously fake, there’s a good chance that less paranoid delegates might assume she’s just trying to steal hardware from people who aren’t likely to want to report the circumstances (or trying her luck for a soon-to-be rich start-up king), and feel confident enough in their precautions to take that risk for a quick lay. (Of course, as demonstrated by numerous hacks at Blackhats many people aren’t paranoid enough even when they should be alerted to the heightened risk.) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 243 bytes Desc: Message signed with OpenPGP using GPGMail URL: From hozer at hozed.org Sun Jan 19 22:00:00 2014 From: hozer at hozed.org (Troy Benjegerdes) Date: Mon, 20 Jan 2014 00:00:00 -0600 Subject: Fwd: [tor-talk] giving up pseudonymity after collecting experiences with pseudonymous project development In-Reply-To: References: <52DA7D13.4010201@riseup.net> Message-ID: <20140120060000.GT3180@nl.grid.coop> I am continually reminded why I prefer to be onymous when talking to various counterculture/resistance/etc movement members around the city. So many of them are paranoid of each other and 'the man' So I can confirm this from direct experience. I like dealing with people with real names, locations, and whom I can tell them whatever I feel like is appropriate, without having to compartmentalize my life. I can only imaging that a huge contributing factor to Edward Snowden's decision to leak was the inability to tell anyone close to him (girlfriend, family, friends) what the hell was bothering him. On Sun, Jan 19, 2014 at 09:39:10PM -0800, coderman wrote: > i find these kinds of experiments fascinating > and would love to see more of them! > > > ---------- Forwarded message ---------- > From: Patrick Schleizer > Date: Sat, Jan 18, 2014 at 5:09 AM > Subject: [tor-talk] giving up pseudonymity after collecting > experiences with pseudonymous project development > > > You may have noticed that I, previously known only known under the > pseudonym adrelanos, decided to give up my pseudonymity. It was an > interesting experience to pseudonymously maintain a Linux distribution > (Whonix). I've learned a lot during these ~ 2 years. > > I didn't have too bad luck in the lottery of life and are won a > citizenship, which is at low risk compared to less lucky ones. Living in > a country, where pseudonymity for this kind of activity isn't crucial. > Fortunately, according to latest press, neither the US nor Germany are > killing their own citizen for criticizing "the system". That is, the > mass surveillance police state, the military industrial complex, the > system of economy, that needs exponential growth to prevent imploding. > And so it doesn't become even worse, and better for the less lucky ones, > it is important to speak out in public and to take action. > > Staying pseudonymous for such a long time became more and more a burden. > For me, it is not healthy for psychology. When pseudonymously working a > a project, you cannot tell anyone about it and they're wondering with > what you never tell much. You need to constantly second guess every tiny > action. Concentrate on not messing up. Also you'll never know if you > already messed up and if "they" already know who you are. You only need > to mess up once, and you're always linked to that project. Lucky me, I > wasn't forced to stay pseudonymous for ever. > > I am looking forward to continue contributing to the awesome Free (as in > freedom) Software community. Being no longer pseudonymous allows me to > speak at conferences, to attend key singing parties, to meet up with > other developers, to voice chat with other developers, to chat on IRC > without fear of leaking too much information, to be less paranoid, > sometimes even running searches in clearnet if that is more convenient, > and so forth. From cpunks at martin-studio.com Mon Jan 20 00:29:04 2014 From: cpunks at martin-studio.com (Anthony Martin) Date: Mon, 20 Jan 2014 00:29:04 -0800 Subject: bitcoin In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I think a likely mid-term vector of attack will be ETF. But it'll take a long time to ramp up. An ETF like the BIT could allow the status quo to pump up the price of Bitcoin, like the dot coms and housing, creating an environment of malinvestment. Mind you, the malinvestment under that kind of attack is not really in Bitcoin directly. It's in the ETF. But most people won't know there's even a difference. But that's just one possible vector. Another one, perhaps a longer term vector, might be a so-called "adoption" of Bitcoin into the "legitimate" practices of democracy. In that scenario, a central bank might seek to issue "Bitcoin-backed" notes, with the promise to pay the bearer a certain percentage of the face value in Bitcoin. Early on, the bearer will get 100% of the face value in Bitcoin. They'll get the "benefit" of being able to pay their taxes in those notes. Over time, the bearer amount will fall. But even if it falls just to 99% bearer value, that's a problem for the note's long term health, which is by design. No one who knows what Bitcoin really is will ever want this note. But the average person will love it. It might even have a QR code, but it won't be a private key or anything useful. It'll just be a serial number. The average person won't know the difference. Eventually, the QR code will be used in a court battle where the status quo attempts to convince the public that any competing note that has such a QR code is a counterfeit currency, and only "legitimate" organizations may emit such media. The goal will be to make sure the note is seen as Bitcoin itself. Then, create a crisis in that note to tarnish Bitcoin. The average person will think that Bitcoin failed, when in fact, the silly currency "backed" by Bitcoin is the thing that failed. Whatever the scheme, the main weapon will be ignorance. On 1/19/14, 11:04 PM, Juan Garofalo wrote: > > > So, what do you think is going to happen 'if' Bitcoin ever > threatens the 'integrity' of the financial mafia, I mean, the > integrity of the financial system of the Free and Democratic World? > > > > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJS3N1jAAoJEI5Fi4bvh9HgR/8H/3C4OfkxkcJbosNO4VQ+FDFd sCYJznwXbDAf/PGw+3Sp6KXq1clwX9Is7DNUk9v/U4WTwFO+3vek/3sDlj3AxlVC 1NsRRNlAXeucWdaQENDiqdNZ3m4NPjyrmxC6WK4jkQGAAf8A+WVSWStgXC5iLp8o 5BfaSDtt2dyWWfVbN++2o78bP6QATVVhb+tXAF/GMgynovu0yZcm6TQbBF3vw6kU fuEwN6RzoGqDeItBH1J0pgtf4KscPXUxTCHbbIsfA3lQ4d/fPmsWsj08UGPjzfxn QXbLhrHnBpVuitWsAgsHhnoxcv0W571If6TG6719fPvJIsczvDO1h8Ef//57nZs= =xufP -----END PGP SIGNATURE----- On Sun, Jan 19, 2014 at 11:04 PM, Juan Garofalo wrote: > > > So, what do you think is going to happen 'if' bitcoin ever > threatens the > 'integrity' of the financial mafia, I mean, the integrity of the financial > system of the Free and Democratic World? > > > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3573 bytes Desc: not available URL: From wahspilihp at gmail.com Sun Jan 19 06:02:41 2014 From: wahspilihp at gmail.com (Philip Shaw) Date: Mon, 20 Jan 2014 00:32:41 +1030 Subject: Updates on the Death Prediction Lottery. In-Reply-To: <1390120055.52888.YahooMailNeo@web164606.mail.gq1.yahoo.com> References: <167471390091196@web2h.yandex.ru> <1390120055.52888.YahooMailNeo@web164606.mail.gq1.yahoo.com> Message-ID: On 19 Jan 2014, at 18:57 , Jim Bell wrote: > I wish somebody (one not associated with any DPL, 'AM', 'AP', etc) would file a lawsuit in federal court, challenging the government to prove that a 'death prediction lottery' or 'Assassination Market' is necessarily illegal. That's because currently the Feds may be secretly planning to file charges against 'AM's Sanjuro or others, and it would be better to pre-challenge them, before they can act like heroes, sweep in, and arrest the 'evil criminals'. > I think such a market would be reasonably safe if the pay-outs were covered by a condition which cancelled the payment if the recipient were determined to be criminally responsible for the death (in which case the money would otherwise be seized as proceeds of crime anyway, so the bookmakers might as well try to claim the money back rather than let the treasury have it). However, I think the operators would probably run into difficulties with either the bookmaking laws or the life-insurance laws. It is also very difficult to get a court to rule that something is legal before you get prosecuted or sued for doing it, which, given the complexity of our legal systems, seems like a fairly significant flaw. Test cases provide some protection in civil matters, but there isn’t really a practical analogue in criminal matters. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2324 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 243 bytes Desc: Message signed with OpenPGP using GPGMail URL: From coderman at gmail.com Mon Jan 20 01:47:31 2014 From: coderman at gmail.com (coderman) Date: Mon, 20 Jan 2014 01:47:31 -0800 Subject: request for transcript / presentation: "Random Number Generation, Revisited" Message-ID: RWC going on, and at http://realworldcrypto.wordpress.com/program/ Session 11: Crypto Applications II 2:00pm Yevgeniy Dodis | New York University Random Number Generation, Revisited From coderman at gmail.com Mon Jan 20 03:27:41 2014 From: coderman at gmail.com (coderman) Date: Mon, 20 Jan 2014 03:27:41 -0800 Subject: Welcome to the Asylum! In-Reply-To: <52DCFF78.8050008@cathalgarvey.me> References: <1c74501ba7ecf8b22d18efdef2c1e0bb@remailer.privacy.at> <52DC56AC.7070507@cathalgarvey.me> <20140120044328.GP3180@nl.grid.coop> <52DCFF78.8050008@cathalgarvey.me> Message-ID: On Mon, Jan 20, 2014 at 2:50 AM, Cathal Garvey wrote: > ... > Secondly, it's true that cheap ano/pseudo/nymity seems to permit people > to express personality traits they would moderate if they had a > reputation to maintain. related: http://xkcd.com/137/ > All very navel-gaze-y way of saying that Mailing lists are far more > prone to the tragedy of the commons... it is the year 2014. we have classification systems, labeling systems, tagclouding systems, machine learning systems, ... and you're still complaining about having to infrequently operate a trivial mail filter to avoid trollbait? [my contempt for this thread well reflected via large attachment!] -------------- next part -------------- A non-text attachment was scrubbed... Name: xkcd_remember-when-we-had-dreams.jpg Type: image/jpeg Size: 77695 bytes Desc: not available URL: From coderman at gmail.com Mon Jan 20 03:45:45 2014 From: coderman at gmail.com (coderman) Date: Mon, 20 Jan 2014 03:45:45 -0800 Subject: Welcome to the Asylum! In-Reply-To: <52DD09A2.4060302@cathalgarvey.me> References: <1c74501ba7ecf8b22d18efdef2c1e0bb@remailer.privacy.at> <52DC56AC.7070507@cathalgarvey.me> <20140120044328.GP3180@nl.grid.coop> <52DCFF78.8050008@cathalgarvey.me> <52DD09A2.4060302@cathalgarvey.me> Message-ID: On Mon, Jan 20, 2014 at 3:33 AM, Cathal Garvey wrote: > ... > Should I blacklist the Austrian remailer then, and cut out all decent > uses of it as well as the bullshit? How about people who are fairly > high-signal until they get into mud-wrestling? > > Humans are hard to "filter". If they weren't, they'd be really dull. brute force so inelegant; did not say it was key match filter, only that you've got the tools for sophisticated categorizing, hiding, and re-tuning at your disposal. no you don't have to but you should and will find it enlightening[0]. it's bonus level when playing SMTP on INTERTUBES :) 0. regarding conspiring communicators: like full take, your algorithmic puppet behavior fixed in record now until the infinite future, linkability only ever increasing... i'm doing my part to train your tools since before you were watching! *grin* email actually convenient to work with for this type of processing compared to other channels like custom forums, javascripty-and-comety "Web 2.0" services, etc. From coderman at gmail.com Mon Jan 20 04:03:21 2014 From: coderman at gmail.com (coderman) Date: Mon, 20 Jan 2014 04:03:21 -0800 Subject: Cypherpunks is NOT a safe place for fools In-Reply-To: References: Message-ID: On Sun, Jan 19, 2014 at 1:05 PM, John Young wrote: > Why not, who else would remain here if not fools. Oh, > you're kidding, is that you, Tim? How are your cats doing? > > Prison here too, is this not a panopticon? > > Former Agent Gordon is doing better things over at Intel > planting malware and itty bitty byways. > > Same for those now gray-beared TLAs, all gone to contractor > consultant nirvana. > > Whose afraid, there's no way out of the self cell. nostalgia for the present and interested and interactive days of infiltration? . . . seems now you get nary a nod before the off, c.f.: """ “I think if we had the chance, we would end it very quickly,” he said. “Just casually walking on the streets of Moscow, coming back from buying his groceries. Going back to his flat and he is casually poked by a passerby. He thinks nothing of it at the time starts to feel a little woozy and thinks it’s a parasite from the local water. He goes home very innocently and next thing you know he dies in the shower.” ... the intelligence operators who spoke to BuzzFeed on the condition of anonymity did not say they expected anyone to act on their desire for revenge. But their mood is widespread, people who regularly work with the intelligence community said. """ via http://www.buzzfeed.com/bennyjohnson/americas-spies-want-edward-snowden-dead for now their blood lust snuff fantasies unfulfilled by remote, mechanistic, televised to a console near you "drone operations" yielding none of the requisite hormonal pomp and chemical haze... it's a hard life for the modern secret agent earthhuman From juan.g71 at gmail.com Sun Jan 19 23:04:16 2014 From: juan.g71 at gmail.com (Juan Garofalo) Date: Mon, 20 Jan 2014 04:04:16 -0300 Subject: bitcoin Message-ID: So, what do you think is going to happen 'if' bitcoin ever threatens the 'integrity' of the financial mafia, I mean, the integrity of the financial system of the Free and Democratic World? From coderman at gmail.com Mon Jan 20 04:09:16 2014 From: coderman at gmail.com (coderman) Date: Mon, 20 Jan 2014 04:09:16 -0800 Subject: Cypherpunks is NOT a safe place for fools In-Reply-To: References: Message-ID: On Mon, Jan 20, 2014 at 4:03 AM, coderman wrote: >.... > “I think if we had the chance, we would end it very quickly,” he said. > “Just casually walking on the streets of Moscow, coming back from > buying his groceries. Going back to his flat and he is casually poked > by a passerby. He thinks nothing of it at the time starts to feel a > little woozy and thinks it’s a parasite from the local water. He goes > home very innocently and next thing you know he dies in the shower.” fukin' yank-ee newbs, why all of this theater? we know how do.[0] 0. "On 1 November 2006, Litvinenko suddenly fell ill and was hospitalized. He died three weeks later, becoming the first confirmed victim of lethal polonium-210-induced acute radiation syndrome." https://en.wikipedia.org/wiki/Poisoning_of_Alexander_Litvinenko From l at odewijk.nl Sun Jan 19 19:20:56 2014 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Mon, 20 Jan 2014 04:20:56 +0100 Subject: Feeding trolls In-Reply-To: <52DC8DE5.5020009@echeque.com> References: <52DB1E60.4070205@echeque.com> <20140119071700.F35E1106DD@a-pb-sasl-quonix.pobox.com> <52DB994C.9080406@echeque.com> <52DB9C9A.5030603@gogulski.com> <52DBCE08.7010404@echeque.com> <52DC650D.5070704@echeque.com> <52DC8DE5.5020009@echeque.com> Message-ID: We're coming at this from the wrong angle. We need a plane that flies women, not a woman to fly a plane! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 227 bytes Desc: not available URL: From coderman at gmail.com Mon Jan 20 04:33:05 2014 From: coderman at gmail.com (coderman) Date: Mon, 20 Jan 2014 04:33:05 -0800 Subject: bespoke boot and runtime configuration [was Re: Debian System and /dev/random] Message-ID: On Sun, Jan 19, 2014 at 4:57 PM, coderman wrote: > .... > since 2004 building my own rngd, my own FDE bootloader, my own > mandatory entropy health watchdog service, VIA Padlock enabled processors only. FDE was loop-aes. init enforces mtrngd[0] at boot in conservative configuration. if in key mode without networking, failure of XSTORE at any time causes mtrngd to exit non zero then halt. for normal operation defaults to sync, shutdown -h in 60 seconds. cypherpunks may write code, but sharing with anyone and everyone never the bargain ;) 0. mtrngd - high performance entropy daemon for XSTORE https://peertech.org/dist/mtrngd-0.7-2007.tgz see also https://peertech.org/archives/viarng/ --- custom kernel, initramfs, initrd, install.tgz builds produced bootable ISO mastered with per-image unique entropy mixed at boot using custom pre-boot auth that launches desired OS once encrypted root volume is mounted. the FDE boot process at the time (~2005) worked like this: # first some settings / defaults export keydir=/janus/keys export addir=/janus/active-domain export logfile=/var/log/start.log export klogfile=/janus/active-domain/system.log export tmpmntdir=/mnt/tmp export aes_mode="AES256" # note that message and log calls assume console; e.g. dialog --msgbox # define some common tasks; note that we're single user here (no race) gen_tmpname () { uuid=`cat /proc/sys/kernel/random/uuid` echo "/tmp/.${uuid}.tmp" } LBL_LENGTH=53 get_idlabel () { dev="$1" part=`echo $dev | sed 's/.*\///'` num=`echo $part | sed 's/[a-z]*//g'` drv=`echo $part | sed 's/[0-9]*//g'` tmpf=$(gen_tmpname) dd if=$dev of=$tmpf bs=1 count=$LBL_LENGTH grep IDLABEL $tmpf 1>/dev/null 2>/dev/null if (( $? != 0 )); then rm -f $tmpf return 1 fi rm -f $tmpf cat $tmpf | sed 's/^IDLABEL=//' } list_usb_storage_devs () { l "begin list_usb_storage_devs" done=0 timeout=4 while (( $done == 0 )); do if [ -f /dev/makedevs.sh ]; then l "invoking makedevs.sh" /dev/makedevs.sh 1>/dev/null 2>/dev/null fi sleep 1 ccount=0 devs=$(ls /dev/sd* | grep '[0-9]') for dname in $devs; do l "testing device $dname for readable" dd if=$dname of=/dev/null count=1 1>/dev/null 2>/dev/null if (( $? == 0 )); then l "$dname is readable" ccount=`expr $ccount + 1` fi done if (( $ccount > 0 )); then done=1 fi timeout=`expr $timeout - 1` if (( $timeout == 0 )); then done=1 fi done devs=$(ls /dev/sd* | grep '[0-9]') for dname in $devs; do l "testing device $dname for readable" dd if=$dname of=/dev/null count=1 1>/dev/null 2>/dev/null if (( $? == 0 )); then l "$dname is readable" echo $dname fi done } get_usb_dev_fstype () { l "begin get_usb_dev_fstype" if [ -z "$1" ]; then return 1 fi dname="$1" l "verifying readability for $dname" dd if=$dname of=/dev/null count=1 1>/dev/null 2>/dev/null if (( $? != 0 )); then l "$dname is not readable" return 2 fi if [ ! -d $tmpmntdir ]; then l "creating non existant temp dir $tmpmntdir" mkdir $tmpmntdir 1>/dev/null 2>/dev/null fi umount $tmpmntdir 1>/dev/null 2>/dev/null ismnted=0 mount $dname $tmpmntdir 1>/dev/null 2>/dev/null if (( $? != 0 )); then sleep 3 mount $dname $tmpmntdir 1>/dev/null 2>/dev/null if (( $? != 0 )); then fstypes="xfs ext2 ext3 reiserfs vfat ntfs msdos iso9660 romfs usbfs" for fst in $fstypes; do if (( $ismnted == 0 )); then l "attempting mount -t $fst $dname $tmpmntdir" mount -t $fst $dname $tmpmntdir 1>/dev/null 2>/dev/null if (( $? == 0 )); then l "mounted $dname" ismnted=1 fi fi done if (( $ismnted == 0 )); then l "unable to mount $dname at $tmpmntdir" return 3 fi fi fi fstype=$(mount -l | grep $dname | sed 's/.*type //' | sed 's/ .*//') if [[ "$fstype" == "" ]]; then l "unable to get fstype for $dname" return 4 fi echo $fstype l "got $fstype for mounted volume $dname" umount $tmpmntdir 1>/dev/null 2>/dev/null return 0 } ## keystore management ## a "keystore" stored on USB or microSD carried always on person ## id.txt is an ascii nickname, keys.dat loop-aes encrypted file backed volume ## and finally keys.gpg the disk encryption key wrapped with passphrase. list_keystores () { l "begin list_keystores" if [ -z "$1" ]; then return 1 fi basekeydir="$1" domains="" ddirs=`ls -1dF $basekeydir/* 2>/dev/null | grep '/$'` for dir in $ddirs; do dname=`basename $dir` domains="$domains $dname" done echo $domains return 0 } select_keystore () { l "begin select_keystore" if [ -z "$1" ]; then return 1 fi basekeydir="$1" domains="" ddirs=`ls -1F $basekeydir/` for dir in $ddirs; do if [ -d $dir ]; then dname=`basename $dir` domains="$domains $dname" fi done # MRP NOT IMPLEMENTED YET... return 0 } mount_keystore () { l "begin mount_keystore" if [ -z "$1" ]; then return 1 fi if [ -z "$2" ]; then return 1 fi domkeydir="$1" mntpoint="$2" name=`basename $domkeydir` ld=$(locate_free_loopdev) if [ -z "$ld" ]; then return 2 fi idfile="${domkeydir}/id.txt" if [ -f "${domkeydir}/keys.dat" ]; then keyfile="${domkeydir}/keys.dat" open=1 else if [ -f "${domkeydir}/keys.gpg" ]; then keyfile="${domkeydir}/keys.gpg" open=0 else d "Invalid key store" return 3 fi fi fsfile="${domkeydir}/fs.enc" if [ ! -f $fsfile ]; then d "Invalid key store" return 4 fi if (( $open == 1 )); then cat $keyfile | losetup -p 0 -e $aes_mode $ld $fsfile if (( $? != 0 )); then d "Could not configure keys for loop device." return 1 fi else gpgerrf=/tmp/.gpg_err done=0 while (( $done == 0 )); do d "Loading keystore $name" gpg --decrypt $keyfile 2>$gpgerrf | losetup -p 0 -e $aes_mode $ld $fsfile if (( $? != 0 )); then sleep 2 else done=1 fi done fi mount -t ext2 $ld $mntpoint 1>/dev/null 2>/dev/null if (( $? != 0 )); then losetup -d $ld 1>/dev/null 2>/dev/null return 1 fi echo "$ld" >&2 return 0 } ### the main initialization sequence main () { l "begin main" # args? d "Initializing ..." doinit # set run mode janusmode="default" grep JANUS_TARGET /proc/cmdline >/dev/null 2>&1 if (( $? == 0 )); then janusmode=`cat /proc/cmdline | sed 's/.* JANUS_TARGET=//' | sed 's/ .*//'` fi export janusmode grep VERBOSE /proc/cmdline >/dev/null 2>&1 if (( $? == 0 )); then export VERBOSE=true fi done=0 while (( $done == 0 )); do udevs=$(list_usb_storage_devs) if [ -z "$udevs" ]; then d "No USB storage devices found. Please insert one and press enter:" read sleep 5 else done=1 fi done if [ ! -d $keydir ]; then mkdir -p $keydir 1>/dev/null 2>/dev/null else umount $keydir 1>/dev/null 2>/dev/null fi chmod 700 $keydir 1>/dev/null 2>/dev/null unset xfsdevs unset odevs xfscount=0 for udev in $udevs; do fstype=$(get_usb_dev_fstype $udev) if [ -z "$fstype" ]; then odevs="$odevs ${udev}=none" else if [[ "$fstype" == "xfs" ]]; then xfsdevs="$xfsdevs $udev" xfscount=`expr $xfscount + 1` else odevs="$odevs ${udev}=${fstype}" fi fi done prompt_mkxfs=0 if (( $xfscount == 0 )); then e "No secure key storage domains found on USB devices!" return 2 fi if (( $xfscount > 1 )); then d "Currently only one USB device is supported." d "Please leave only a single secret USB key storage device and try again." noclear sleep 2 return 3 fi mount -t xfs $xfsdevs $keydir 1>/dev/null 2>/dev/null if (( $? != 0 )); then d "Unable to mount key storage" sleep 2 return 3 fi if [ ! -d $addir ]; then mkdir -p $addir 1>/dev/null 2>/dev/null fi chmod 700 $addir 1>/dev/null 2>/dev/null domains=$(list_keystores $keydir) if [ -z "$domains" ]; then e "No secure key storage domains found!" else l "selecting domain from set :${domains}:" dc=0 for domain in $domains; do dc=`expr $dc + 1` done if (( $dc > 1 )); then select_keystore $keydir 2>/tmp/.res if (( $? != 0 )); then d "Error selecting domain." sleep 2 return 5 fi adomain=$(cat /tmp/.res) else adomain=$domains fi mount_keystore $keydir/$adomain $addir 2>/tmp/.res if (( $? != 0 )); then d "Error selecting domain." sleep 2 return 5 fi cldev=`cat /tmp/.res` fi touch $klogfile do_disks_boot l "completed boot menu, assuming restart" if [[ "$VERBOSE" == "true" ]]; then sleep 5 fi return 0 } # execute main then exit l "entering main" doinit exec /sbin/init ### last but not least, modern linux makes this much easier (yay GUID!) ### otherwise shitty hacks required... get_part_keyfile () { l "begin get_part_keyfile" part=$1 num=`echo $part | sed 's/[a-z]*//g'` drv=`echo $part | sed 's/[0-9]*//g'` pdi="/proc/ide/${drv}/identify" if [ ! -f $pdi ]; then case $drv in 'sda') busno="001" ;; 'sdb') busno="002" ;; 'sdc') busno="003" ;; 'sdd') busno="004" ;; 'sde') busno="005" ;; 'sdf') busno="006" ;; *) busno="NOT_FOUND" esac uname=`lsusb | grep "Bus $busno" | grep "Device 002" | sed 's/ .*Device 002: ID ....:.... //' | sed 's/[^a-zA-Z0-9]/_/g' | head -1` pdi=/tmp/.tmp_pdi echo "$uname" > $pdi if [[ "$uname" == "" ]]; then l "No disk identifier found for partition $part at expected $pdi" return 1 fi fi did=`gpg --print-md sha512 $pdi 2>/dev/null | sed 's/.*://' | sed 's/ //g'` did=`echo $did | sed 's/ //g'` kf="${addir}/${did}.${num}" l "associated $kf to device $part" echo $kf return 0 } get_label_keyfile () { l "begin get_label_keyfile" part=$1 num=`echo $part | sed 's/[a-z]*//g'` drv=`echo $part | sed 's/[0-9]*//g'` lid=$(get_idlabel $drv) if (( $? != 0 )); then l "unable to locate label for $drv" return 1 fi kf="${addir}/${lid}.${num}" l "matched $kf to device $part" echo $kf return 0 } ## last but not least, the specifics of how the loop-aes mount and pivot done do_boot_enc_part () { l "begin do_boot_env_part" part=$1 kf=$(get_part_keyfile $part) lkf=$(get_label_keyfile $part) if [ -f $lkf ]; then kf="$lkf" fi ld=$(locate_free_loopdev) if [ -z "$ld" ]; then l "Unable to locate free loop device." return 1 fi pdev="/dev/${part}" cat $kf | losetup -p 0 -e $aes_mode $ld $pdev if (( $? != 0 )); then l "Unable to setup loop $ld for $pdev with keyfile $kf" return 1 fi mpoint="/mnt/${part}" if [ ! -d $mpoint ]; then mkdir -p $mpoint fi l "attempting to mount $part at $mpoint using loop device $ld" mount -t xfs -w $ld $mpoint if (( $? != 0 )); then l "Unable to mount XFS partition at $mpoint" losetup -d $ld return 1 fi # actual umount and pivot root l "cd $mpoint" cd $mpoint cdir=`pwd` l "unmounting filesystems before pivot_root in $cdir" l "umount $addir" umount $addir l "losetup -d $cldev" losetup -d $cldev l "umount $keydir" umount $keydir if [ ! -d initrd ]; then l "mkdir initrd" mkdir initrd fi l "umount /proc/bus/usb" umount /proc/bus/usb l "umount /proc" umount /proc #if [ ! -f etc/save-fstab ]; then # cp etc/fstab etc/save-fstab #fi #cat etc/fstab | grep -v '^.dev.hd' | grep -v '^#' > /tmp/.sf #echo "$pdev / xfs defaults 0 1" > etc/fstab #cat /tmp/.sf >> etc/fstab l "privot root filesystem onto target volume" pivot_root . ./initrd l "executing init..." exec /sbin/init # will never hit here l "ERROR: init could not be executed?" sleep 5 l "aborting exec..." return 1 } do_boot_norm_part () { l "begin do_boot_norm_part" part=$1 mpoint="/mnt/${part}" if [ ! -d $mpoint ]; then mkdir -p $mpoint fi l "attempting to mount $part at $mpoint" mount -w /dev/$part $mpoint if (( $? != 0 )); then l "Unable to mount partition at $mpoint" return 1 fi # actual umount and pivot root l "cd $mpoint" cd $mpoint cdir=`pwd` l "unmounting filesystems before pivot_root in $cdir" l "umount $addir" umount $addir l "losetup -d $cldev" losetup -d $cldev l "umount $keydir" umount $keydir if [ ! -d initrd ]; then l "mkdir initrd" mkdir initrd fi l "umount /proc/bus/usb" umount /proc/bus/usb #MRP l "umount /proc" #umount /proc l "pivot root filesystem onto target volume" pivot_root . ./initrd l "executing init from $cdir ..." exec /sbin/init # will never hit here l "ERROR: init could not be executed?" sleep 5 l "aborting exec..." return 1 } do_disks_boot () { l "begin do_disks_boot" argf=/tmp/.args echo "--title \"Boot Encrypted Operating System\" " > $argf echo "--menu \"Select the OS to boot:\" " >> $argf echo "18 70 10" >> $argf /dev/makedevs.sh 1>/dev/null 2>/dev/null drives=`cat /proc/partitions | grep ' hd[a-z][0-9]' | sed 's/.* hd/hd/' | sort` sdrives=`cat /proc/partitions | grep ' sd[a-z][0-9]' | sed 's/.* sd/sd/' | grep -v sda1 | sort` count=0 for part in $drives $sdrives; do kf=$(get_part_keyfile $part) lkf=$(get_label_keyfile $part) if [ -f $lkf ]; then kf="$lkf" fi l "$part expects $kf" if [ -f $kf ]; then count=`expr $count + 1` allkfs="${allkfs} part${part}:${kf}" cnf="${kf}.alias" cname=`cat $cnf` if [[ "$cname" == "" ]]; then cname=$part fi psize=`fdisk -l /dev/$part 2>/dev/null | grep Disk | sed s'/.*: //' | sed 's/,.*//'` echo "\"Boot $cname\" \"Boot into encrypted $psize partition $part\" " >> $argf l "found encrypted bootable $cname on $part" else l "non encrypted $part , no $kf found" if [[ "$janusmode" == "adv" ]]; then psize=`fdisk -l /dev/$part 2>/dev/null | grep Disk | sed s'/.*: //' | sed 's/,.*//'` echo "\"Exec $part\" \"Boot into UNencrypted public partition\" " >> $argf fi fi done echo "Exit \"Reboot into a different target\" " >> $argf dodispmenu=0 if [[ "$janusmode" == "adv" ]]; then dodispmenu=1 fi if (( $count > 1 )); then dodispmenu=1 fi if (( $dodispmenu )); then dialog --file $argf --output-fd 2 2> /tmp/.res if (( $? != 0 )); then l "unable to launch dialog prompt" return 2 fi dispn=$(cat /tmp/.res) selection=`echo ${dispn}` else if (( $count == 0 )); then selection="Exit" dispmsg "No operating systems found..." else selection="Boot $cname" fi fi l "do_disks_mount selection: $selection" case $selection in Boot*) for ckf in $allkfs; do kf=`echo $ckf | sed 's/.*://'` part=`echo $ckf | sed 's/:.*//' | sed 's/part//'` cnf="${kf}.alias" cname=`cat $cnf` if [[ "$cname" == "" ]]; then cname=$part fi tn=`echo $selection | sed 's/Boot //'` if [[ "$tn" == "$cname" ]]; then ddev=$part fi done do_boot_enc_part $ddev return $? ;; Exec*) tn=`echo $selection | sed 's/Exec //'` do_boot_norm_part $tn ;; *) return 1 esac return 0 } From coderman at gmail.com Mon Jan 20 04:50:28 2014 From: coderman at gmail.com (coderman) Date: Mon, 20 Jan 2014 04:50:28 -0800 Subject: bespoke boot and runtime configuration [was Re: Debian System and /dev/random] In-Reply-To: References: Message-ID: On Mon, Jan 20, 2014 at 4:33 AM, coderman wrote: > ... > cypherpunks may write code, but sharing with anyone and everyone never > the bargain ;) slowly but surely... by this i mean that public distribution has obligations and additional time consumption beyond the primary effort of writing code to do things. i may report on the results of testing an implementation, but it may be many months before it ends up in your hands all vetted and pretty. or maybe never, which has happened before infrequently. is this really such an alien concept? i did not submit to your RFP; i did not make claims on the record or ask for an article; i did not swear a work for hire on your behalf... asking nicely never hurts, however, zero encumbered devel is intentional and enjoyable! > 0. mtrngd - high performance entropy daemon for XSTORE > https://peertech.org/dist/mtrngd-0.7-2007.tgz ... mtrngd is safe to play with, but: don't use the FDE script! it is outdated, using outdated FDE, and better is available. > ##... ? :) From measl at mfn.org Mon Jan 20 03:10:58 2014 From: measl at mfn.org (J.A. Terranson) Date: Mon, 20 Jan 2014 05:10:58 -0600 (CST) Subject: {}coin: good enough for election politics? In-Reply-To: <20140120050132.GQ3180@nl.grid.coop> References: <20140120050132.GQ3180@nl.grid.coop> Message-ID: On Sun, 19 Jan 2014, Troy Benjegerdes wrote: > I may be a fool, but I'm not fool enough to play with Assassination > politcs. I am, however, stupid enough to go do something provacative > like attempt to prove that code is speech, Already litigated in the USA, with very strange results: for example, code printed on your T-Shirt is free speech, while the same code may be a munition if instantiated on a processor. Money == spech (recent SCOTUS explosion of pro corporate diareaha). bits (for email) may be private, or not, depending on whether they are "at rest" or "in motion", etc... There are an unknown number of permutations, which leads to the inevitable realization that everything must be protected from governmental decisions as to whether any subset of bits is "free" or forbidden, by making the meaningful only to the entities (persons or corps) that have an actual right to know: encrypt *everything*, and only let those who you want to have access be able to decrypt them. > ... and someone better figure out a better way to deal with campaign > finance or we are all screwed. Too late in the US. And with Roberts being such a young guy, expect no changes for a very, *very*, long time. > So I present {}coin, the broken cryptocurrency, neutered of all the > privacy I can strip out of it, for broken election systems. Very bad idea. Allowing the entire planet know your financial contributions [trail] will lock you out of some employers, lose your job with still other employers, act as a basis for reputational destruction of future candidates inder the right [or wrong] conditions, etc. The problem I think you are looking to "solve" is *Corporate* anonymity/pseudonymity. Won't happen under todays paradigm: the *fix* is to go back to separation of "natural persons" and "Corporate/chartered persons". The two types of personhood were never designed to be ewuals, yet her we are. :-( > https://bitbucket.org/dahozer/-- > > Could a good anonoperson WTF is an "anonoperson"? > cipherpunk tack on higher-level layers that are actually anonymous, as > opposed too what I see being proposed for Bitcoin? Probably. > > From the techno-political-economic angle, it looks like overlaying > distributed high-frequency futures trading would provide more than > enough noise on top of fully-surveillable {}coin to provide a > sufficient anonymity set, while actually providing a usefull value > to us farmers, who could actually see who's on the other side of a > trade. Obscurity as actual security isn't going to fly anymore (if it ever did). > The experts at stealth, redirection, misdirection, and over-all > dirty tricks (aka Wall Street) could simply move up a few layers and > continue their anonymous game-of-thrones ( I mean game of CEO), and > hide in plain sight in huge volumes of trades, and then so could > anyone else. You are describing the state of the world today, at least in *most* jurisdictions. Hell, fully automated trading has had the effect of greying out their respective meta-transactions from most forensic accountants since the mid-80's, but only for routine audits. If you know what youre looking for the meta is easy to see, and prove. > But then **I** don't have to pay to be someone else's anonymity set, > and I could make money if I wanted to play that game, and take > money from those who want to hide, instead of having value siphoned > off by thousands of economic vampires hiding under regulatory > capture of our current finance system. And this seems fair to you? Why would we want to penalize the excersize of privacy????? > Does this sound anywhere near possible, or am I just an optimistic > hashcash fool? First off, I liked H/C: we even had a local bank here that dealt in H/C! Secondly though, I think you need to re-examine the privacy implications of the systems you are advocating. //Alif -- Those who make peaceful change impossible, make violent revolution inevitable. An American Spring is coming: one way or another. From measl at mfn.org Mon Jan 20 03:23:53 2014 From: measl at mfn.org (J.A. Terranson) Date: Mon, 20 Jan 2014 05:23:53 -0600 (CST) Subject: [OT] Note to new-ish subscribers: you joined a mailing list, not a "group". (fwd) In-Reply-To: <20140120051332.GR3180@nl.grid.coop> References: <20140119181507.GA22336@antiproton.jfet.org> <20140120051332.GR3180@nl.grid.coop> Message-ID: On Sun, 19 Jan 2014, Troy Benjegerdes wrote: > I was struggling with spamassassin and attemping to implement reject- Duck S/A: learn to run a real mailserver: that's where the action is! > -at-smtp time filtering, and reading about this 'hashcash' idea, several > years ago and thinking maybe it would be nice if someone would *pay* me > to read their email. > > We have lots of privacyscam hash-cash code running around these days, > so what are the chances of just advertising you only accept mail that > includes a *coin payment to the recipient? Been examined at lenght, in detail, in the mid-90s. Remember that things have value even if they are not tied to a money system: cpu cycles have a value which is relative to each user/cpu. The idea of "charging" to read mail (as an antispam system), by reshifting the costs of delivering spam back to the sender through the tying up of the senders CPU cycles ("stamps") has been exhaustively examined. I would refer you to the Archive, but im not certain that any meaningful (pre-2003ish) archives still exist that would have all the mail from any 1 CDT, let alone all of them... > (Granted, it's low because most *coiners don't seem to understand what > mail is given they can't even figure out how to install mailman, but > the hope remains) Don't fixate on coin (money). A common antispam measure is tarpitting (look it up), where known spammers are bogged down by resource depletion: unfortunately, theres no way at this point to superimpose stamping across the zillions of already installed SMTP systems (computers, printers, appliances, etc.). As you think about this, make sure you look both macroscopically as well as microscopically. //Alif -- Those who make peaceful change impossible, make violent revolution inevitable. An American Spring is coming: one way or another. From jamesd at echeque.com Sun Jan 19 12:06:00 2014 From: jamesd at echeque.com (James A. Donald) Date: Mon, 20 Jan 2014 06:06:00 +1000 Subject: Feeding trolls In-Reply-To: References: <52DB9C9A.5030603@gogulski.com> <20140119140401.0B2412280AD@palinka.tinho.net> Message-ID: <52DC3028.1040001@echeque.com> On 2014-01-20 01:16, Lodewijk andré de la porte wrote: > Reg. Hultgreen, anacdotal. Reg. Cari, no idea what you're talking about. In an effort to manufacture a poster girl, Hultgreen was required to attempt to land on an aircraft carrier, and in due course, killed herself, demonstrating why every naval pilot is male. You can affirmative action women to all sorts of jobs, and furtively have a white male do the actual job, but the reason all naval pilots are males is that when you affirmative action someone to naval pilot and expect them to land on a carrier, they die. There is room in an office for males to do the actual work, but there is no room in a warplane for a second pilot to do the actual piloting. You can put girls in the army, and all that immediately happens is that the march slows down, but you cannot put girls in the naval airforce, and make the carriers bigger and the planes slower. In a plane built for male abilities, landing on a ship built for male abilities, they have to fly like males. And, of course, they cannot. They tested her, in testing she repeated made errors that would have killed her. She was the best female pilot available, so they had her do real landings regardless, so that they could have a poster girl. Amelia Earhart was initially given a ticker tape parade and a meeting with the president for being flown across the Atlantic like a sack of potatoes by a male pilot, but the cognitive dissonance being too great, such a poster girl attracting ridicule, they eventually had Amelia Earhart and Kara Hultgreen attempt to perform difficult piloting tasks for real, killing them. In due course we will have female naval pilots with same uniforms as male pilots. The unisex uniforms will be made girly. The traditions will be made girlie or abolished. Male camraderie will be forbidden. References to nuts and bolts will be forbidden as excessively sexist. But the female naval pilots will not actually be required to fly carrier planes. From iam at kjro.se Mon Jan 20 05:34:17 2014 From: iam at kjro.se (Kelly John Rose) Date: Mon, 20 Jan 2014 08:34:17 -0500 Subject: Feeding trolls In-Reply-To: References: <52DB1E60.4070205@echeque.com> <20140119071700.F35E1106DD@a-pb-sasl-quonix.pobox.com> <52DB994C.9080406@echeque.com> <52DB9C9A.5030603@gogulski.com> <52DBCE08.7010404@echeque.com> <52DC650D.5070704@echeque.com> <52DC8DE5.5020009@echeque.com> Message-ID: Yes... "Non existence" *shifty eyes* On Monday, January 20, 2014, Lodewijk andré de la porte wrote: > On Jan 20, 2014 5:19 AM, "coderman" > > wrote: > > except to earthhumans. > > As opposed to Marshumans. Their nonexistence is perfectly pleasing. > -- Kelly John Rose Toronto, ON Phone: +1 647 638-4104 Twitter: @kjrose Skype: kjrose.pr Gtalk: iam at kjro.se MSN: msn at kjro.se Document contents are confidential between original recipients and sender. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1104 bytes Desc: not available URL: From iam at kjro.se Mon Jan 20 05:37:34 2014 From: iam at kjro.se (Kelly John Rose) Date: Mon, 20 Jan 2014 08:37:34 -0500 Subject: bitcoin In-Reply-To: <20140120102514.449c9214@steves-laptop> References: <20140120102514.449c9214@steves-laptop> Message-ID: Pretty much this If they really cared, this would be dealt with promptly. On Monday, January 20, 2014, Steve Jones wrote: > On Mon, 20 Jan 2014 04:04:16 -0300 > Juan Garofalo > wrote: > > > So, what do you think is going to happen 'if' bitcoin ever > threatens the > > 'integrity' of the financial mafia, I mean, the integrity of the > financial > > system of the Free and Democratic World? > > Bitcoin is a cryptocurrency, the free and democratic world has aircraft > carriers, tanks and cruise missiles. It also has the ability to turn off > bits of the Internet at will. The only way bitcoin would threaten it is if > it was really really not paying attention. > > -- > Steve Jones > > Key fingerprint: 3550 BFC8 D7BA 4286 0FBC 4272 2AC8 A680 7167 C896 > -- Kelly John Rose Toronto, ON Phone: +1 647 638-4104 Twitter: @kjrose Skype: kjrose.pr Gtalk: iam at kjro.se MSN: msn at kjro.se Document contents are confidential between original recipients and sender. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1770 bytes Desc: not available URL: From dwhite at olp.net Mon Jan 20 06:56:23 2014 From: dwhite at olp.net (Dan White) Date: Mon, 20 Jan 2014 08:56:23 -0600 Subject: Infiltration / Exfiltration In-Reply-To: <0e3dc88e757ed0fda36f0d945c44253f@remailer.privacy.at> References: <0e3dc88e757ed0fda36f0d945c44253f@remailer.privacy.at> Message-ID: <20140120145622.GB6176@dan.olp.net> On 01/20/14 15:19 +0100, Anonymous Remailer (austria) wrote: >We cypherpunks live by the saying "cypherpunks code". But isn't it time >for more than just coding? We're in a very real digital war for the >freedom of the Internet, similar to what we faced in the 1990's but with >even more at stake and a better funded, better equipped enemy. I'm not sure if you're referring to net neutrality (free market issue) or NSA cable taps. The later is fixable to some degree by coding, the former requires legislative access (money) to influence in the short term (in the US). >Isn't it time for infiltration? The cypherpunk community has some of the >best tech people (not just programmers) out there. We could easily get >jobs within government agencies and then help exfiltrate data out of >them into the hands of the public of civil rights agencies like the ACLU >in America. The ACLU is unlikely to get into the Wikileaks business. >I understand how distasteful working in the belly of the beast might be >but isn't it one of the most needed things cyperpunks can do right now? It's time to win the public brain trust war. Leaks, in the last year, have done much to shift public opinion, and will likely continue to help tremendously. That will only get us so far (in the US). We (the larger tech community) need to cash in that momentum and turn that into political change, particularly at the legislative level. However, that path needs charismatic leaders, i.e. Lawrence Lessig, to actually run for office. From wahspilihp at gmail.com Sun Jan 19 14:56:24 2014 From: wahspilihp at gmail.com (Philip Shaw) Date: Mon, 20 Jan 2014 09:26:24 +1030 Subject: independently assisting oversight of highly classified programs In-Reply-To: References: Message-ID: <9A539A7A-AF1E-434F-AE67-D36FA92CA5E5@gmail.com> On 19 Jan 2014, at 18:23 , grarpamp wrote: > US Constitution - Art 1, Sec 6: > The Senators and Representatives ... shall in all Cases, except > Treason, Felony and Breach of the Peace, be privileged from Arrest > during their Attendance at the Session of their respective Houses, > and in going to and returning from the same; and for any Speech or > Debate in either House, they shall not be questioned in any other > Place. > """ > > The bit after the semicolon is interesting. It appears to grant > immunity outside Place of Congress for speech in Congress, and since > Congress has no real internal law/police/judge/jail of its own, > speak all you want. This has been subsequently developed... > https://en.wikipedia.org/wiki/Speech_or_Debate_Clause IANAL, but the use of a semi-colon rather than a comma would seem to suggest that the except for treason, felony, etc. doesn’t apply to the speech or debate clause, so all matters of speech or debate can only be tried by that house (although what court-like powers the house would have would be an interesting legal problem - I’d say that the framers intended it to be reasonably extensive, since that was (and is) the case in Britain, but one could also argue that it only applies to enforcing the standing orders as written). > Then there's Art 1 Sec 5 PP2 and PP3 and so on that might be applied > after the fact. Though right now there is CSPAN and observation > balconies for the public/press, so any speech bombs that someone > drops would make it out to the world. Gravell suggests that publishing an excerpt from the official records isn’t protected by the speech or debate clause, so although reading documents into the public record would be useful (since it would give us all legitimate access), it wouldn’t help subsequent publishers. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 243 bytes Desc: Message signed with OpenPGP using GPGMail URL: From jamesd at echeque.com Sun Jan 19 15:51:41 2014 From: jamesd at echeque.com (James A. Donald) Date: Mon, 20 Jan 2014 09:51:41 +1000 Subject: Feeding trolls In-Reply-To: References: <52DB1E60.4070205@echeque.com> <20140119071700.F35E1106DD@a-pb-sasl-quonix.pobox.com> <52DB994C.9080406@echeque.com> <52DB9C9A.5030603@gogulski.com> <52DBCE08.7010404@echeque.com> Message-ID: <52DC650D.5070704@echeque.com> On 2014-01-20 05:48, J.A. Terranson wrote: > - Amelia Earhart is a still un-caused crash. The reason they would not let her pilot the plane on the flight for which she got the ticker tape parade is that she could not safely pilot the plane for which she got the ticker tape parade. That they would not let her fly it, despite extreme pressure to do so, suggests that if the had let her fly it, she would have gotten killed all the faster. If unsafe to let her fly one plane, unsafe to let her fly another very similar plane. > - Kara Hultgreen died because she was a crappy pilot They have been looking for a female pilot for the navy ever since they had aircraft carriers. In all these years, could not find one, so, under ever increasing pressure to include women, decided to go with Kara Hultgreen, because she was the best, which is to say the least bad they could find. PC killed Amelia Earhart, and PC killed Kara Hultgreen. Similarly, successful businesses stuff all their female executives into HR, keeping them away from decisions that could screw up the business. In due course, we will have non flying navy pilots with same uniforms and honors as flying navy pilots, and all the female pilots will be non flying. All the naval pilots that actually fly will be given girly uniforms. Emasculation will be required in order to provide a more female friendly environment for the non flying pilots. From jamesd at echeque.com Sun Jan 19 16:04:06 2014 From: jamesd at echeque.com (James A. Donald) Date: Mon, 20 Jan 2014 10:04:06 +1000 Subject: Feeding trolls In-Reply-To: References: <52DB9C9A.5030603@gogulski.com> <20140119140401.0B2412280AD@palinka.tinho.net> <52DC3028.1040001@echeque.com> Message-ID: <52DC67F6.2050909@echeque.com> On 2014-01-20 06:23, J.A. Terranson wrote: > They should have waited for a more competent female pilot, They have been waiting over sixty years. From rysiek at hackerspace.pl Mon Jan 20 01:10:06 2014 From: rysiek at hackerspace.pl (rysiek) Date: Mon, 20 Jan 2014 10:10:06 +0100 Subject: Welcome to the Asylum! In-Reply-To: <20140120044328.GP3180@nl.grid.coop> References: <1c74501ba7ecf8b22d18efdef2c1e0bb@remailer.privacy.at> <20140120044328.GP3180@nl.grid.coop> Message-ID: <1706259.o3g7zWxD1H@lap> Dnia niedziela, 19 stycznia 2014 22:43:28 Troy Benjegerdes pisze: > On Sun, Jan 19, 2014 at 06:54:03PM -0600, J.A. Terranson wrote: > > On Sun, 19 Jan 2014, Cathal Garvey wrote: > > > Does anybody happen to curate this list into a more signal>noise form? I > > > filter the noisier trolls, but everyone else then takes the troll-bait > > > and things continue to spiral downwards. > > > > Rian Wahby is our "Curator". > > > > > Who's actually here to discuss privacy and crypto? > > > > > > On 19/01/14 20:45, Anonymous Remailer (austria) wrote: > > > > Hi All, I would add its NOT just a mailing list, it IS instead an > > > > insane asylum and experiment in social darwinism where reputation > > > > capitol has replaced wealth in the currency of the group. > > > > > > > > just my .02 > > > > In the past, the list almost destroyed itself over the question of whether > > moderation equalls censorship, and a distributed list was created, where > > each feed was shared, but the moderation of what came in was decided by > > each node operator. I personally dont care about th S/N ratio too much, > > and as such, tend towards extremely light moderation of the silent > > variety. Obviously, Riad believes in open skies. As long as there is just > > one node, we really need an anything goes, each person needs to > > learn to control themselves approach. > > > > Me and Riad will be trying to hack mailmain inot a CDR system soon (the > > old one used the now long deprecated Majordomo scripting system). > > I want to apologize to everyone else for having to put up with me taking > up the troll-bait and having a nice shit-wrestle. > > The experience (experiment?) did, however, confirm my personal conviction > that privacy and anonymity are expensive, and we as a society generally > have to pay that cost for others, and the cost continues to spiral out of > control as surveillance capabilities spiral out of control. Indeed. However, *pseudonymity* offers the benefits of identifiability without many of the drawbacks of total anonymity. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From jya at pipeline.com Mon Jan 20 07:17:37 2014 From: jya at pipeline.com (John Young) Date: Mon, 20 Jan 2014 10:17:37 -0500 Subject: Infiltration / Exfiltration In-Reply-To: <0e3dc88e757ed0fda36f0d945c44253f@remailer.privacy.at> References: <0e3dc88e757ed0fda36f0d945c44253f@remailer.privacy.at> Message-ID: This how Cryptome got its first contributions from this cave. And still does along with a long list of others. WikiLeaks and Snowden the best yelled about, but far from disclosing the most information which is done quietly and without "batshit" hyperbole and vulgar braggardy. Excessive publicity is verily an indication that something is not right. Claims of needing journalism and slow drips to hold public attention are merely monetizing justifications. Biblical fundamentalism. And may be much worse, as in the Snowden case, a rationale for not releasing information except to a few selected abusers, journalistic, technical and political "freedom of informaton." In the bogosity of "doing no harm to national security" just like secretkeepers who use that exact lingo. Not to say that the holy trinity of abusive comsec, protected media and secretkeeping are avoidable as globalism's deitific market riggers. At 09:19 AM 1/20/2014, you wrote: >We cypherpunks live by the saying "cypherpunks code". But isn't it time >for more than just coding? We're in a very real digital war for the >freedom of the Internet, similar to what we faced in the 1990's but with >even more at stake and a better funded, better equipped enemy. > >Isn't it time for infiltration? The cypherpunk community has some of the >best tech people (not just programmers) out there. We could easily get >jobs within government agencies and then help exfiltrate data out of >them into the hands of the public of civil rights agencies like the ACLU >in America. > >I understand how distasteful working in the belly of the beast might be >but isn't it one of the most needed things cyperpunks can do right now? From rysiek at hackerspace.pl Mon Jan 20 01:22:02 2014 From: rysiek at hackerspace.pl (rysiek) Date: Mon, 20 Jan 2014 10:22:02 +0100 Subject: "the ability of the government to go back to taps collected years earlier to look for material with which to influence potential witnesses in the present" In-Reply-To: References: <20140120000018.5B373F53B@a-pb-sasl-quonix.pobox.com> Message-ID: <7603511.i9NAaKBNfX@lap> Dnia niedziela, 19 stycznia 2014 23:25:24 grarpamp pisze: > Weasel words and mission creep, I expected nothing less. > a year from now and everything will be the same, unless Joe and Corp do > in fact continue to get up and act up about it. Corp? Are you implying that corporations are on "our" side of this? That's cute. Once corporations get 1. plausible deniability; 2. legal indemnification, they'll be happy to provide any and all data to any government that asks. I hope we're all clear on that. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From steve at secretvolcanobase.org Mon Jan 20 02:25:14 2014 From: steve at secretvolcanobase.org (Steve Jones) Date: Mon, 20 Jan 2014 10:25:14 +0000 Subject: bitcoin In-Reply-To: References: Message-ID: <20140120102514.449c9214@steves-laptop> On Mon, 20 Jan 2014 04:04:16 -0300 Juan Garofalo wrote: > So, what do you think is going to happen 'if' bitcoin ever threatens the > 'integrity' of the financial mafia, I mean, the integrity of the financial > system of the Free and Democratic World? Bitcoin is a cryptocurrency, the free and democratic world has aircraft carriers, tanks and cruise missiles. It also has the ability to turn off bits of the Internet at will. The only way bitcoin would threaten it is if it was really really not paying attention. -- Steve Jones Key fingerprint: 3550 BFC8 D7BA 4286 0FBC 4272 2AC8 A680 7167 C896 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: not available URL: From jya at pipeline.com Mon Jan 20 07:31:03 2014 From: jya at pipeline.com (John Young) Date: Mon, 20 Jan 2014 10:31:03 -0500 Subject: Infiltration / Exfiltration In-Reply-To: <20140120145622.GB6176@dan.olp.net> References: <0e3dc88e757ed0fda36f0d945c44253f@remailer.privacy.at> <20140120145622.GB6176@dan.olp.net> Message-ID: Dan White wrote: >The ACLU is unlikely to get into the Wikileaks business. No org headed by a lawyer will break the law, on the contrary will enforce it stringently, above and below the table. Nor will a journalist working for a commercial outlet. The perks of privilege for both industries are just too beneficial. (WikiLeaks was taken over by lawyers and journalists precursing Snowden's takeover.) Oh, and they shop clients and sources through confabs in chambers and consultation with officials, and, really nasty, by access to classified and secret information. Does that sound like dual-use comsec, yes, that is what it is. >>I understand how distasteful working in the belly of the beast might be >>but isn't it one of the most needed things cyperpunks can do right now? > >It's time to win the public brain trust war. Leaks, in the last year, have >done much to shift public opinion, and will likely continue to help >tremendously. That will only get us so far (in the US). We (the larger >tech community) need to cash in that momentum and turn that into political >change, particularly at the legislative level. However, that path needs >charismatic leaders, i.e. Lawrence Lessig, to actually run for office. Far too many lawyers are in government. Push some techs. Go crazy, push a bunch of cryptographer. Not those under control of in thrall to lawyers. Any of those charismatics untethered? Coda: IANAL is never to be flashed as a sign of cowardice, brain-washing, intimidation, ignorance. It's other side of the king's coin of Godwin's Law. From cathalgarvey at cathalgarvey.me Mon Jan 20 02:50:32 2014 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Mon, 20 Jan 2014 10:50:32 +0000 Subject: Welcome to the Asylum! In-Reply-To: <20140120044328.GP3180@nl.grid.coop> References: <1c74501ba7ecf8b22d18efdef2c1e0bb@remailer.privacy.at> <52DC56AC.7070507@cathalgarvey.me> <20140120044328.GP3180@nl.grid.coop> Message-ID: <52DCFF78.8050008@cathalgarvey.me> > The experience (experiment?) did, however, confirm my personal conviction > that privacy and anonymity are expensive, and we as a society generally > have to pay that cost for others, and the cost continues to spiral out of > control as surveillance capabilities spiral out of control. Two thoughts on this. Firstly, that this mailing list certainly does have well resourced enemies known to employ tactics like "persona management" and COINTELPRO, etc. etc.; I would actually find it implausible to assume they don't stir shit up to ruin the signal/noise ratio on the most overtly political applied-cryptography mailing list out there. Secondly, it's true that cheap ano/pseudo/nymity seems to permit people to express personality traits they would moderate if they had a reputation to maintain. This has often made me wonder about just why Anonymous seems *vaguely* stable despite the whole, (er, membership?) being anons. But of course, they're not Anons, they're Pseudons. Most of the active and influential membership go by names they've built reputational capital upon. They can't afford to throw that capital away by being dicks all the time. If they want to be dicks, they have to sock-puppet, and Anon discussion format is usually chat-based on moderated servers like IRC, so flames can get put out if the mod feels like it.. or high-signal people can migrate to a private room trivially. All of this makes pointless trolling like we're seeing on this list pretty expensive compared to a mailing list with little moderation. You can't afford to burn a 'nym because making a new 'nym is expensive (socially, if not computationally; nobody listens to a newfag), and there's simply no way to prevent high-signals from discussing things without you because Chat just works better that way. All very navel-gaze-y way of saying that Mailing lists are far more prone to the tragedy of the commons, and that if bloody Anonymous can do a better job of keeping the Signal ratio high then perhaps things need further thought. On 20/01/14 04:43, Troy Benjegerdes wrote: > On Sun, Jan 19, 2014 at 06:54:03PM -0600, J.A. Terranson wrote: >> >> On Sun, 19 Jan 2014, Cathal Garvey wrote: >> >>> Does anybody happen to curate this list into a more signal>noise form? I >>> filter the noisier trolls, but everyone else then takes the troll-bait >>> and things continue to spiral downwards. >> >> Rian Wahby is our "Curator". >> >>> Who's actually here to discuss privacy and crypto? >>> >>> On 19/01/14 20:45, Anonymous Remailer (austria) wrote: >>>> Hi All, I would add its NOT just a mailing list, it IS instead an >>>> insane asylum and experiment in social darwinism where reputation >>>> capitol has replaced wealth in the currency of the group. >>>> >>>> just my .02 >> >> In the past, the list almost destroyed itself over the question of whether >> moderation equalls censorship, and a distributed list was created, where >> each feed was shared, but the moderation of what came in was decided by >> each node operator. I personally dont care about th S/N ratio too much, >> and as such, tend towards extremely light moderation of the silent >> variety. Obviously, Riad believes in open skies. As long as there is just >> one node, we really need an anything goes, each person needs to >> learn to control themselves approach. >> >> Me and Riad will be trying to hack mailmain inot a CDR system soon (the >> old one used the now long deprecated Majordomo scripting system). > > I want to apologize to everyone else for having to put up with me taking > up the troll-bait and having a nice shit-wrestle. > > The experience (experiment?) did, however, confirm my personal conviction > that privacy and anonymity are expensive, and we as a society generally > have to pay that cost for others, and the cost continues to spiral out of > control as surveillance capabilities spiral out of control. > > See subject {}coin for what I hope might be part of a solution. > > > -- Troy > -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x988B9099.asc Type: application/pgp-keys Size: 6176 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 901 bytes Desc: OpenPGP digital signature URL: From cathalgarvey at cathalgarvey.me Mon Jan 20 03:01:44 2014 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Mon, 20 Jan 2014 11:01:44 +0000 Subject: [OT] Note to new-ish subscribers: you joined a mailing list, not a "group". (fwd) In-Reply-To: <20140120051332.GR3180@nl.grid.coop> References: <20140119181507.GA22336@antiproton.jfet.org> <20140120051332.GR3180@nl.grid.coop> Message-ID: <52DD0218.7040404@cathalgarvey.me> > We have lots of privacyscam hash-cash code running around these days, > so what are the chances of just advertising you only accept mail that > includes a *coin payment to the recipient? The obvious problem is that not everyone will pay, so you'll end up in a filter bubble of people who think their speech is so important it's worth tacking money on to make you read it, and people who think *you listening to them* is so important it requires money. One option to fix this is to revive mail priority levels, and set things up so that you can only have your mail regarded by recipients as "high priority" if it comes with cash. Another option is to have a pseudocurrency within mail; not a real thing, though perhaps exchangeable in bulk for real money, but just a way to measure roughly speaking the sending-to-receiving ratio of the *sender*. That is, when I set up my account, a well-respected server mints me 10 tokens for sending email. Recipients will weigh my mail in higher favour if I include a token, so by default I spend one per email. Recipients get to keep my tokens, in a bitcoinish transactional fashion. If I run out of tokens, people are more likely to ditch or ignore my mail, and I may have to mint some more by doing something free but time consuming like hard-proof-of-work (think hashcash in advance) or paying real money. So, if I'm running a normal email account, I'll send and receive my mail in a certain ratio, and that'll lead to a certain rate of coin accumulation or loss, but it'll be manageable. I might have to do hashcash now and again to replenish if I send more than I receive, or I might be swimming in 'coin if I receive lots and send little. But if I'm a spammer, I'll run out immediately, and have to buy more or spend a lot of time minting; same principal as hashcash, prohibitively expensive for something that requires huge volumes to catch the occasional idiot. This is a bastard combination of hashcash (which would have and would still work well if implemented, I feel) and the current white/blacklisting system for servers that impose a moderation responsibility on SMTP servers. But I think it mixes them in good ratio. Servers who are trusted can arbitrarily mint, but the usage of coins makes abuse self-limiting, so there's less load on the servers to moderate and invade privacy. On 20/01/14 05:13, Troy Benjegerdes wrote: > I was struggling with spamassassin and attemping to implement reject- > -at-smtp time filtering, and reading about this 'hashcash' idea, several > years ago and thinking maybe it would be nice if someone would *pay* me > to read their email. > > We have lots of privacyscam hash-cash code running around these days, > so what are the chances of just advertising you only accept mail that > includes a *coin payment to the recipient? > > (Granted, it's low because most *coiners don't seem to understand what > mail is given they can't even figure out how to install mailman, but > the hope remains) > > -- Troy > -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x988B9099.asc Type: application/pgp-keys Size: 6176 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 901 bytes Desc: OpenPGP digital signature URL: From grarpamp at gmail.com Mon Jan 20 08:05:26 2014 From: grarpamp at gmail.com (grarpamp) Date: Mon, 20 Jan 2014 11:05:26 -0500 Subject: independently assisting oversight of highly classified programs In-Reply-To: References: Message-ID: On Mon, Jan 20, 2014 at 2:33 AM, coderman wrote: > i was wrong, and the POTUS angle by Executive Order 13526 implies > he/she/$POTUS can clarify at will. > > seems there is a longer history of not just presidents but also > congress leaking secrets. does anyone know the specific instances > covered in these texts? > - Burn Before Reading, Stansfield Turner > - The Deadly Bet, Walter LaFaber > - Seeds of Terror, Gretchen Peters > - Classified Information in "Obama's Wars", Jack Goldsmith, Lawfare > > > also interesting that classifying non-government-generated information > has not been tried in the courts; Classification are internal handling rules. The gov can stamp top secret on their copy of my private or public doc and do what they want with it (subject possibly to my copyright/license/patent/etc stamp, charges of theft/1stAmend etc to copy/take my copy,). They don't have any purview over my copy, unless mine is stolen, copied, etc where it might be a crime itself. It's not been tried because it seems covered by the 1stAmend. Ref also: Banned books lists, cypherpunks list, Cryptome, etc. So besides the usual "we'd really like if you didn't publish that" and co-op'd self-censor, has forced classification ever been done, links? > the Sean P. Gorman incident not > applicable as my understanding is that he received clearance and they > built a SCIF on the university campus for him to finish studies and > perform research in an official capacity for USGov.\ I don't think his work was gov funded and/or classified, and believe it was cooperatively self-censored, with no known full release (JYA would have been all over that if so, and was not party to the media or quasi-gov consultations/releases). The funding part would be noted in the uncensored version of the papers, which also seem hard to find... ie: where is the canonical distribution point? From l at odewijk.nl Mon Jan 20 02:17:58 2014 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Mon, 20 Jan 2014 11:17:58 +0100 Subject: Feeding trolls In-Reply-To: References: <52DB1E60.4070205@echeque.com> <20140119071700.F35E1106DD@a-pb-sasl-quonix.pobox.com> <52DB994C.9080406@echeque.com> <52DB9C9A.5030603@gogulski.com> <52DBCE08.7010404@echeque.com> <52DC650D.5070704@echeque.com> <52DC8DE5.5020009@echeque.com> Message-ID: On Jan 20, 2014 5:19 AM, "coderman" wrote: > except to earthhumans. As opposed to Marshumans. Their nonexistence is perfectly pleasing. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 261 bytes Desc: not available URL: From rysiek at hackerspace.pl Mon Jan 20 02:28:18 2014 From: rysiek at hackerspace.pl (rysiek) Date: Mon, 20 Jan 2014 11:28:18 +0100 Subject: Welcome to the Asylum! In-Reply-To: References: <1c74501ba7ecf8b22d18efdef2c1e0bb@remailer.privacy.at> <1706259.o3g7zWxD1H@lap> Message-ID: <2849709.8gED5UbWuj@lap> Dnia poniedziałek, 20 stycznia 2014 20:35:48 Philip Shaw pisze: > On 20 Jan 2014, at 19:40 , rysiek wrote: > > Dnia niedziela, 19 stycznia 2014 22:43:28 Troy Benjegerdes pisze: > >> The experience (experiment?) did, however, confirm my personal conviction > >> that privacy and anonymity are expensive, and we as a society generally > >> have to pay that cost for others, and the cost continues to spiral out of > >> control as surveillance capabilities spiral out of control. > > > > Indeed. However, *pseudonymity* offers the benefits of identifiability > > without many of the drawbacks of total anonymity. > > In many ways psuedonymity is easier, but it does increase the importance of > being very careful to avoid giving out revealing information. Ah, apologies. I was unclear. I was refering to the perspective of a community, not the individual (as has Troy, I believe). As in: anonymity poses significant problems for any community that tries to honour it. For example anonymous remailer trolls and flames on this list are a concrete "cost" of the fact that the list accepts anonymous remailers. Pseudonymity (along with some reputation-based mechanisms) helps to alleviate that, to some extent, while retaining some of the most important advantages of personal anonymity. By the way, I'm perfectly okay with the cost-benefit trade-off we're making on this list with anonymous remailers, please do not treat the above as a suggestion (pardon! idea ;) ) to remove that option. > Over time, small details which are easily leaked (either explicitly, or > through unintentional references to local facts, events, and jargon, areas > of interest, personal details hinting at age, gender, etc., and so on), can > build up into enough detail to identify a person down to a very few people, > at least for those with the resources and inclination to make such an > attempt. Indeed. > One strategy I have heard of to mitigate that risk is creating a > deliberately false persona, one which lives in the same city but in totally > different circumstances (changing their family relationships, type of > house, etc.), and adjusting tehri comments to fit that, which reduces the > risk of accidental disclosure but requires more effort than ordinary > psuedonymity. Seems legit, thanks. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Mon Jan 20 02:31:35 2014 From: rysiek at hackerspace.pl (rysiek) Date: Mon, 20 Jan 2014 11:31:35 +0100 Subject: Feeding trolls In-Reply-To: References: Message-ID: <9463974.mHBYv6yIek@lap> Dnia poniedziałek, 20 stycznia 2014 11:17:58 Lodewijk andré de la porte pisze: > On Jan 20, 2014 5:19 AM, "coderman" wrote: > > except to earthhumans. > > As opposed to Marshumans. Their nonexistence is perfectly pleasing. Does that imply Marshumans eat hmallows by the fire? Are we eating some magical Mars-originating stuff that magically appeared on earth at some point in time? ;) -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From cathalgarvey at cathalgarvey.me Mon Jan 20 03:33:54 2014 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Mon, 20 Jan 2014 11:33:54 +0000 Subject: Welcome to the Asylum! In-Reply-To: References: <1c74501ba7ecf8b22d18efdef2c1e0bb@remailer.privacy.at> <52DC56AC.7070507@cathalgarvey.me> <20140120044328.GP3180@nl.grid.coop> <52DCFF78.8050008@cathalgarvey.me> Message-ID: <52DD09A2.4060302@cathalgarvey.me> > you're still > complaining about having to infrequently operate a trivial mail filter > to avoid trollbait? Should I blacklist the Austrian remailer then, and cut out all decent uses of it as well as the bullshit? How about people who are fairly high-signal until they get into mud-wrestling? Humans are hard to "filter". If they weren't, they'd be really dull. On 20/01/14 11:27, coderman wrote: > On Mon, Jan 20, 2014 at 2:50 AM, Cathal Garvey > wrote: >> ... >> Secondly, it's true that cheap ano/pseudo/nymity seems to permit people >> to express personality traits they would moderate if they had a >> reputation to maintain. > > related: http://xkcd.com/137/ > > >> All very navel-gaze-y way of saying that Mailing lists are far more >> prone to the tragedy of the commons... > > it is the year 2014. we have classification systems, labeling systems, > tagclouding systems, machine learning systems, ... and you're still > complaining about having to infrequently operate a trivial mail filter > to avoid trollbait? > > > > [my contempt for this thread well reflected via large attachment!] > -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x988B9099.asc Type: application/pgp-keys Size: 6176 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 901 bytes Desc: OpenPGP digital signature URL: From hozer at hozed.org Mon Jan 20 09:49:39 2014 From: hozer at hozed.org (Troy Benjegerdes) Date: Mon, 20 Jan 2014 11:49:39 -0600 Subject: bitcoin In-Reply-To: References: Message-ID: <20140120174939.GU3180@nl.grid.coop> On Mon, Jan 20, 2014 at 04:04:16AM -0300, Juan Garofalo wrote: > > > So, what do you think is going to happen 'if' bitcoin ever threatens the > 'integrity' of the financial mafia, I mean, the integrity of the financial > system of the Free and Democratic World? > Based on the amount of VC money and 'speculation' in Bitcoin right now, the financial mafia have already achieved complete regulatory capture of Bitcoin through FINCEN, the 'banking secrecy act', and https://blockchain.info/address/1FfmbHfnpaZjKFvyi1okTjJJusN455paPH My bet is the NSA can track all bitcoin transactions through some sort of signals intelligence. Differential power analysis on quickly engineered SHA-256 hashing hardware that draws an aggregate power in Megawatts should be a pretty easy trick. Also see http://www.gedigitalenergy.com/SmartGrid/Sep06/Synchrophasors_Paper.pdf Extra bonus points for the cypherpunk to can figure out what sort of easter eggs lie hidden in bitcoin mining hardware and what the social networks of the companies building sha-256 asics are. From hannes at mehnert.org Mon Jan 20 03:53:06 2014 From: hannes at mehnert.org (Hannes Mehnert) Date: Mon, 20 Jan 2014 11:53:06 +0000 Subject: Programming languages for a safe and secure future In-Reply-To: <20140119184343.GF6302@order.stressinduktion.org> References: <1389950750.79148.YahooMailNeo@web141202.mail.bf1.yahoo.com> <52DAE12D.9080406@cypherpunks.to> <52DC1500.3020805@mehnert.org> <20140119184343.GF6302@order.stressinduktion.org> Message-ID: <52DD0E22.6000307@mehnert.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA384 Hi, first of all I want to discuss 'verification'. There are so many different definitions and it seems everybody uses their own definition. It is strongly connected to trusted code base. Which axioms of a rule system do you believe in? Do you believe that arithmetic is verified? There are some axioms which you need to trust... [http://mathworld.wolfram.com/GoedelsIncompletenessTheorem.html] Some software 'verification systems' trust in more axioms than others... and yes, there have been verification systems which accepted invalid code/proved falsity. The other topic is trusted code base: - verification system itself (it's just a piece of software) - compiler? [http://cm.bell-labs.com/who/ken/trust.html] - language runtime? - operating system? - microcode of the processor? - hardware?? On 01/19/2014 18:43, Hannes Frederic Sowa wrote: > MPX was already committed to gcc trunk, so I hope this situation > could improve in future (it is reverted for 4.9 but I think it will > come back after the release in March). The difference, as far as I can tell is in-band vs out-of-band signalling... (correct me if I'm wrong) with the former you put some magic values before and after the array, and an attacker has to guess these. The latter puts the meta-information out of band, hard to predict for an attacker.. that's at least the difference between the llvm bounds checks plugin (BoundsChecking.cpp / MemorySanitizer.cpp in LLVM 3.3) and the softboundCETS approach.. >> I can recommend several languages: - coq (http://coq.inria.fr) >> [the tutorial software foundations >> http://www.cis.upenn.edu/~bcpierce/sf/ ] - agda >> (http://wiki.portal.chalmers.se/agda/pmwiki.php) - idris >> (http://www.idris-lang.org/) > > Maybe you can comment a bit on the code extraction process into > compilable languages. [I've to admit that I did some research in Coq over the recent 3 years (a higher-order separation logic to verify the full functional correctness of Java programs). And no, at the moment I don't believe anymore in taking off-the-shelf code and verify its correctness. That's a myth. If we need to reimplement it anyways, why not in a neat modern programming language?] In Coq you can develop programs and extract them to ML code, without the irrelevant proof bits. But it seems this is rather cumbersome. The verified optimizing compiler for C, compcert [http://compcert.inria.fr/] does this. The softbound plugin [http://acg.cis.upenn.edu/softbound/], although they developed a semantics for the LLVM intermediate representation, have the real implementation in C++ and no formalized proof (at least I couldn't find any) of its correspondence to the Coq development. I actually think there are some overflows in the C++ runtime (size + start < bound might fail The verified L4 microkernel redeveloped a bunch of C++ and assembly into Haskell in order to be able to prove it. The main difference between Coq and Agda/Idris is that the dependent types are used in Coq to proof stuff, while in Agda/Idris you use them for programming. (Obviously, all is the same, and Adam wrote a great book about programming with dependent types in Coq http://adam.chlipala.net/cpdt/). Agda has a story about people not interested in executing programs, but rather type check and prove them. Idris has a slightly different tradeoff -- instead of forcing developers to write only total functions (due to curry-howard, partial functions better not be used for proofs [basically if you use a partial function for a proof, you assume false, and can prove everything]), but also partial functions. Only total ones can be used for proving though. Idris has a compiler which produces executable programs! :) Obviously the runtime needs to be looked into. In the end it is part of your trusted code base. Unfortunately I have not used ATS, but if I'm not entirely wrong, it is a dependently typed programming language with mutable state and a C foreign function interface which treats variables as resources (and uses linear logic/linear types to do so). A very interesting system; Chris Double wrote several blog posts when he used it http://bluishcoder.co.nz/tags/ats/ . I'm happy to discuss further, Hannes -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iQIcBAEBCQAGBQJS3Q4iAAoJELyJZYjffCjuuwAQAIlV480onmDrunNB5GOrRqXK EaEfbIQPRZT4tnaj9zrqjxAxgh+gls9ugKPKPaUfQzxzQUPSn88SWx6dpRKfGYZu e4N77kSCb1YoTnG9SjWao2IVRxnSZXtATmNAEQG8FqyXejbq+G1IJfP2eX9DRzM8 nLB1JQLWcI4lZonYYh2pIHA8n0raJav2OCqUhp7tbjEuubU2Uxil8ToHDMfaqzSY /hanRu/F9sCFVNtNOysIsbP8bUukZLex3yIgRIiojUy3S2872doqSL1QNeRa3A/Z aOifWowLi4UdCdcmk2obvdI4sSanh7LG5ijw9IZDXdOsWM4Jyb9qZS+PP0Rs6I6T IzHwA5wf+Te0q6Gh621W6bDnaR4dDd6cARmLafyGyY0ViRbWJoLjLW6d4zfXttvh V/dryq4LjdztlyblfjxY9Djlx2O8JO/Q7/YYhb8ZpOn8lek7cQH4FxZWGmWqpiEf Ay7A1nPM47BIPgKgTFRdMpeUnrttm+HMXOHtx9sID6jycT8HsJxOA645gunhi4D+ 5UhcKMNUZae2tiqxOeUsvxI9/YwZu7g2FLvgoR4h7koQfl1jpsbNxE2ckopc+2ej 1YQDF7ZB0gTXyX9xHRxSEb76fFBW1sPz0s/W5DTEnQw+DnT0LIXaNGsvzAE7RU/e GcMkqEodPLluzQJgPwz4 =xZP7 -----END PGP SIGNATURE----- From coderman at gmail.com Mon Jan 20 11:59:43 2014 From: coderman at gmail.com (coderman) Date: Mon, 20 Jan 2014 11:59:43 -0800 Subject: independently assisting oversight of highly classified programs In-Reply-To: References: Message-ID: On Mon, Jan 20, 2014 at 8:05 AM, grarpamp wrote: > ... >> the Sean P. Gorman incident not >> applicable as my understanding is that he received clearance and they >> built a SCIF on the university campus for him to finish studies and >> perform research in an official capacity for USGov.\ > > I don't think his work was gov funded and/or classified, and believe > it was cooperatively self-censored,... it started off as doctoral thesis done as undergrand. before year was out he did indeed "sign up" in some manner. his work was classified at or above secret. and they did indeed build a SCIF on the campus for him to complete his work. these are facts, and i've got a copy of the original article with Sean's description of the events "I was just this grad student..." i do not know the nature of the agreement; i do not know if it was encouraged with carrots or sticks. > ... (JYA > would have been all over that if so, and was not party to the media > or quasi-gov consultations/releases). The funding part would be > noted in the uncensored version of the papers, which also seem > hard to find... ie: where is the canonical distribution point? i'll dig up the archives later today... the paper was "sanitized" but the real concern was all of the vast and detailed fiber, power, gas, transportation, and other infrastructure mapped at sufficient detail for edges to have sufficiently useful capacity ratings for evaluation in the graph algorithms highlighting high degree, high risk nodes / links in the network. access to "sensitive critical infrastructure information" ever after actively squelched. From rysiek at hackerspace.pl Mon Jan 20 03:03:50 2014 From: rysiek at hackerspace.pl (rysiek) Date: Mon, 20 Jan 2014 12:03:50 +0100 Subject: "the ability of the government to go back to taps collected years earlier to look for material with which to influence potential witnesses in the present" In-Reply-To: <30A961F6-7A15-454A-8430-8B0233C71F6D@gmail.com> References: <7603511.i9NAaKBNfX@lap> <30A961F6-7A15-454A-8430-8B0233C71F6D@gmail.com> Message-ID: <8089387.jJH9kA28Py@lap> Dnia poniedziałek, 20 stycznia 2014 20:51:34 Philip Shaw pisze: > On 20 Jan 2014, at 19:52 , rysiek wrote: > > Corp? Are you implying that corporations are on "our" side of this? That's > > cute. > > > > Once corporations get 1. plausible deniability; 2. legal indemnification, > > they'll be happy to provide any and all data to any government that asks. > > I > > hope we're all clear on that. > > That varies from corp to corp - pure ISPs (as opposed to companies which are > also involved in other areas of the media business), for example, are > generally quite strongly opposed to filtering, wiretap and data retention > laws, because they are a significant cost to them which makes their core > product no better for their customers (and will often make things worse), > without any useful benefit to them. Sure, they are only really interested > in their own advantage, but their advantage coincides with the desires of > privacy advocates, so an alliance of convenience is suitable. Exactly. I am seeing this in Poland right now. We're after 3-4 different Internet censorship debates (and a few data retention ones), and ISPs had always been vehemently opposed. However, as soon as such a discussion gravitates towards tax incentives, direct payment, etc. -- they are all for it. They see it as an additional revenue stream. In fact, a few international ISPs that operate in Poland (I will not disclose any of the two related colours) are -- as far as I know -- in the process of implementing parental filtering on the national network level. The tech is advanced and less costly than 5 years ago, and now ISPs seem to think that this will be a billable feature for parents. Always about the children, eh? My point being: we can't rely on corporations. We can use the momentary alliances as they form, but should not rely on them in the long run. > OTOH, in the US many ISPs are also either content producers, TV companies, > or POTS companies, and so have a strong interest in preventing their > internet activities from harming those (often more profitable) areas of > their business. Because they are themselves often beneficiaries of attempts > to preserve traditional distribution channels and business methods, they > are strong advocates for anti-privacy measures which they believe (rightly > or wrongly) will help them while shifting any opposition onto the > politicians. > > Also, some companies have the sense to realise that even if handing over > customer data is no great burden now, the demands from governments only > tend to grow, and so opposing a small amount of snooping can protect > themselves against a larger imposition later. (For example, the telephone > companies at first only had to turn over data they were keeping anyway, > then they were ordered to keep it at their own expense for government use.) Yeah, but the lawmakers can make the best interest of corporations perfectly aligned with snooping and retention easily -- with law and money. The only place where we can really stop such activities is values/virtues/human rights. And these are foreign and all french to both corporations and politicians. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From carimachet at gmail.com Mon Jan 20 03:08:37 2014 From: carimachet at gmail.com (Cari Machet) Date: Mon, 20 Jan 2014 12:08:37 +0100 Subject: [OT] Note to new-ish subscribers: you joined a mailing list, not a "group". (fwd) In-Reply-To: References: Message-ID: On Sun, Jan 19, 2014 at 6:31 PM, J.A. Terranson wrote: > > > > > > Last, but not least: Trolls.... > > Consider carefully whether a troll might not be a provocateur: > > http://en.wikipedia.org/wiki/Agent_provocateur > > It would not be the first time an Agent of the Federal Oligarchy has > posted something here hoping to get a reaction that could be [and was] > prosecuted using whatever Law-Of-The-Day was available for stretching that > day. > > FYI now they make laws that are retroactive to indict - i know of a case (or 5 actually) where the law was made to indict and convict 2 years after the "crime" yup ppl went to fed prison for years ... seems the breech of the rule of law by the US has come more out of the shadows -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1918 bytes Desc: not available URL: From coderman at gmail.com Mon Jan 20 12:21:59 2014 From: coderman at gmail.com (coderman) Date: Mon, 20 Jan 2014 12:21:59 -0800 Subject: independently assisting oversight of highly classified programs In-Reply-To: References: Message-ID: On Mon, Jan 20, 2014 at 11:59 AM, coderman wrote: > ... > i'll dig up the archives later today... the paper was "sanitized" but > the real concern was all of the vast and detailed fiber, power, gas, > transportation, and other infrastructure mapped at sufficient detail > for edges to have sufficiently useful capacity ratings for evaluation > in the graph algorithms highlighting high degree, high risk nodes / > links in the network. access to "sensitive critical infrastructure > information" ever after actively squelched. there is some likely usual bit rot around this story, for now read at: http://seclists.org/isn/2003/Jul/28 and i may be wrong; they describe the cinderblock, unconnected, multi-factor auth fortress where the work was moved, but this article doesn't say SCIF and implies the contracts still in progress. still digging... JYA do you remember this hullabaloo? have convenient docs to link? best regards, except SONET pairs sharing same right of way over aerial and buried plant. --- http://www.washingtonpost.com/wp-dyn/articles/A23689-2003Jul7.html By Laura Blumenfeld Washington Post Staff Writer Tuesday, July 8, 2003 Sean Gorman's professor called his dissertation "tedious and unimportant." Gorman didn't talk about it when he went on dates because "it was so boring they'd start staring up at the ceiling." But since the Sept. 11, 2001, attacks, Gorman's work has become so compelling that companies want to seize it, government officials want to suppress it, and al Qaeda operatives -- if they could get their hands on it -- would find a terrorist treasure map. Tinkering on a laptop, wearing a rumpled T-shirt and a soul patch goatee, this George Mason University graduate student has mapped every business and industrial sector in the American economy, layering on top the fiber-optic network that connects them. He can click on a bank in Manhattan and see who has communication lines running into it and where. He can zoom in on Baltimore and find the choke point for trucking warehouses. He can drill into a cable trench between Kansas and Colorado and determine how to create the most havoc with a hedge clipper. Using mathematical formulas, he probes for critical links, trying to answer the question: "If I were Osama bin Laden, where would I want to attack?" In the background, he plays the Beastie Boys. For this, Gorman has become part of an expanding field of researchers whose work is coming under scrutiny for national security reasons. His story illustrates new ripples in the old tension between an open society and a secure society. "I'm this grad student," said Gorman, 29, amazed by his transformation from geek to cybercommando. "Never in my wildest dreams would I have imagined I'd be briefing government officials and private-sector CEOs." Invariably, he said, they suggest his work be classified. "Classify my dissertation? Crap. Does this mean I have to redo my PhD?" he said. "They're worried about national security. I'm worried about getting my degree." For academics, there always has been the imperative to publish or perish. In Gorman's case, there's a new concern: publish and perish. "He should turn it in to his professor, get his grade -- and then they both should burn it," said Richard Clarke, who until recently was the White House cyberterrorism chief. "The fiber-optic network is our country's nervous system." Every fiber, thin as a hair, carries the impulses responsible for Internet traffic, telephones, cell phones, military communications, bank transfers, air traffic control, signals to the power grids and water systems, among other things. "You don't want to give terrorists a road map to blow that up," he said. The Washington Post has agreed not to print the results of Gorman's research, at the insistence of GMU. Some argue that the critical targets should be publicized, because it would force the government and industry to protect them. "It's a tricky balance," said Michael Vatis, founder and first director of the National Infrastructure Protection Center. Vatis noted the dangerous time gap between exposing the weaknesses and patching them: "But I don't think security through obscurity is a winning strategy." Gorman compiled his mega-map using publicly available material he found on the Internet. None of it was classified. His interest in maps evolved from his childhood, he said, because he "grew up all over the place." Hunched in the back seat of the family car, he would puzzle over maps, trying to figure out where they should turn. Five years ago, he began work on a master's degree in geography. His original intention was to map the physical infrastructure of the Internet, to see who was connected, who was not, and to measure its economic impact. "We just had this research idea, and thought, 'Okay,' " said his research partner, Laurie Schintler, an assistant professor at GMU. "I wasn't even thinking about implications." The implications, however, in the post-Sept. 11 world, were enough to knock the wind out of John M. Derrick Jr., chairman of the board of Pepco Holdings Inc., which provides power to 1.8 million customers. When a reporter showed him sample pages of Gorman's findings, he exhaled sharply. "This is why CEOs of major power companies don't sleep well these days," Derrick said, flattening the pages with his fist. "Why in the world have we been so stupid as a country to have all this information in the public domain? Does that openness still make sense? It sure as hell doesn't to me." Recently, Derrick received an e-mail from an atlas company offering to sell him a color-coded map of the United States with all the electric power generation and transmission systems. He hit the reply button on his e-mail and typed: "With friends like you, we don't need any enemies in the world." Toward the other end of the free speech spectrum are such people as John Young, a New York architect who created a Web site with a friend, featuring aerial pictures of nuclear weapons storage areas, military bases, ports, dams and secret government bunkers, along with driving directions from Mapquest.com. He has been contacted by the FBI, he said, but the site is still up. "It gives us a great thrill," Young said. "If it's banned, it should be published. We like defying authority as a matter of principle." This is a time when people are rethinking the idea of innocent information. But it is hardly the first time a university has entangled itself in a war. John McCarthy, who oversees Gorman's project at GMU's National Center for Technology and Law, compared this period to World War II, when academics worked on code-breaking and atomic research. McCarthy introduced Gorman to some national security contacts. Gorman's critical infrastructure project, he said, has opened a dialogue among academia, the public sector and the private sector. The challenge? "Getting everyone to trust each other," McCarthy said. "It's a three-way tension that tugs and pulls." When Gorman and Schintler presented their findings to government officials, McCarthy recalled, "they said, 'Pssh, let's scarf this up and classify it.' " And when they presented them at a forum of chief information officers of the country's largest financial services companies -- clicking on a single cable running into a Manhattan office, for example, and revealing the names of 25 telecommunications providers -- the executives suggested that Gorman and Schintler not be allowed to leave the building with the laptop. Businesses are particularly sensitive about such data. They don't want to lose consumer confidence, don't want to be liable for security lapses and don't want competitors to know about their weaknesses. The CIOs for Wells Fargo and Mellon Financial Corp. attended the meeting. Neither would comment for this story. Catherine Allen, chief executive of BITS, the technology group for the financial services roundtable, said the attendees were "amazed" and "concerned" to see how interdependent their systems were. Following the presentation, she said, they decided to hold an exercise in an undisclosed Midwestern city this summer. They plan to simulate a cyber assault and a bomb attack jointly with the telecommunications industry and the National Communications System to measure the impact on financial services. McCarthy hopes that by identifying vulnerabilities, the GMU research will help solve a risk management problem: "We know we can't have a policeman at every bank and switching facility, so what things do you secure?" Terrorists, presumably, are exploring the question from the other end. In December 2001, bin Laden appeared in a videotape and urged the destruction of the U.S. economy. He smiled occasionally, leaned into the camera and said, "This economic hemorrhaging continues until today, but requires more blows. And the youth should try to find the joints of the American economy and hit the enemy in these joints, with God's permission." Every day, Gorman tries to identify those "joints," sitting in a gray cinderblock lab secured by an electronic lock, multiple sign-on codes and a paper shredder. No one other than Gorman, Schintler or their research instructor, Rajendra Kulkarni, is allowed inside; they even take out their own trash. When their computer crashed, they removed the hard drive, froze it, smashed it and rubbed magnets over the surface to erase the data. The university has imposed the security guidelines. It is trying to build a cooperative relationship with the Department of Homeland Security. Brenton Greene, director for infrastructure coordination at DHS, described the project as "a cookbook of how to exploit the vulnerabilities of our nation's infrastructure." He applauds Gorman's work, as long as he refrains from publishing details. "We would recommend this not be openly distributed," he said. Greene is trying to help the center get federal funding. ("The government uses research funding as a carrot to induce people to refrain from speech they would otherwise engage in," said Kathleen Sullivan, dean of Stanford Law School. "If it were a command, it would be unconstitutional.") All this is a bit heavy for Gorman, who is in many ways a typical student. His Christmas lights are still up in July; his living room couch came from a trash pile on the curb. Twice a day, Gorman rows on the Potomac. Out on the water, pulling the oars, he can stop thinking about how someone could bring down the New York Stock Exchange or cripple the Federal Reserve's ability to transfer money. On a recent afternoon, he drove his Jeep from the Fairfax campus toward the river. Along the way he talked about his dilemma: not wanting to hurt national security; not wanting to ruin his career as an academic. "Is this going to completely squash me?" he said, biting his fingernail. GMU has determined that he will publish only the most general aspects of his work. "Academics make their name as an expert in something. . . . If I can't talk about it, it's hard to get hired. It's hard to put 'classified' on your list of publications on your résumé." As he drove along Route 50, he pointed out a satellite tower and a Verizon installation. Somewhere in Arlington he took a wrong turn and stopped to ask for directions. It has always been that way with him. He's great at maps, but somehow he ends up lost. From jamesd at echeque.com Sun Jan 19 18:45:57 2014 From: jamesd at echeque.com (James A. Donald) Date: Mon, 20 Jan 2014 12:45:57 +1000 Subject: Feeding trolls In-Reply-To: References: <52DB1E60.4070205@echeque.com> <20140119071700.F35E1106DD@a-pb-sasl-quonix.pobox.com> <52DB994C.9080406@echeque.com> <52DB9C9A.5030603@gogulski.com> <52DBCE08.7010404@echeque.com> <52DC650D.5070704@echeque.com> Message-ID: <52DC8DE5.5020009@echeque.com> James A. Donald wrote: > > Similarly, successful businesses stuff all their female executives > > into HR, keeping them away from decisions that could screw up the > > business. J.A. Terranson wrote: > You need to wake up! Look around, there are a lot of female ceo's > of big business today. Even Fortune 100 companies. And was HP a *successful* business once it appointed a female CEO? Businesses appoint female CEOs for political reasons, and it usually has a bad outcome. > This is just your fear of feminization coming out Compare photos of men of 1950, with photos of men today. We *are* being forcibly feminized. It is unpleasant, distressing, humiliating, degrading, and contrary to our natures. Either that, or something in the water is making testosterone levels and sperm counts drop like a stone. You might blame evil pollution by evil capitalists rather than forced feminization, but undeniably something really bad is happening. And the fact that no one is paying attention suggests that the problem is forced feminization rather than some mystery pollutant. If it was likely that it is plastic softeners in the drinking water, we would have more official scientists making a officially big deal about it than about global warming. From measl at mfn.org Mon Jan 20 10:48:10 2014 From: measl at mfn.org (J.A. Terranson) Date: Mon, 20 Jan 2014 12:48:10 -0600 (CST) Subject: CDRv2 discussion (was: Re: Al-qaeda.net deprecated) In-Reply-To: <20140120174842.GA1034@antiproton.jfet.org> References: <20140119181507.GA22336@antiproton.jfet.org> <1390174697.11793.72791097.3940EAF2@webmail.messagingengine.com> <20140120004239.4E674F6E6@a-pb-sasl-quonix.pobox.com> <20140120174842.GA1034@antiproton.jfet.org> Message-ID: On Mon, 20 Jan 2014, Riad S. Wahby wrote: Skeletal srchitechture discussion... I too have been giving this some thought: especially as not exposing list membership. I think a two-way broadcast repeater is the answer: Everyone sends to the node of their choice, the node sends to a broadcast repeater that knows the source, and sends to everyone else, after stipping any mailman specific things like tags, etc. The down side to this kind of dumb repeater is in the case of outages - the repeater will not know (or would it? I need to look at this in postfix) what to forward. I think the key is getting the incoming emails to the repeater *prior* to mailman intervention. //Alif -- Those who make peaceful change impossible, make violent revolution inevitable. An American Spring is coming: one way or another. From rsw at jfet.org Mon Jan 20 09:48:42 2014 From: rsw at jfet.org (Riad S. Wahby) Date: Mon, 20 Jan 2014 12:48:42 -0500 Subject: CDRv2 discussion (was: Re: Al-qaeda.net deprecated) In-Reply-To: References: <20140119181507.GA22336@antiproton.jfet.org> <1390174697.11793.72791097.3940EAF2@webmail.messagingengine.com> <20140120004239.4E674F6E6@a-pb-sasl-quonix.pobox.com> Message-ID: <20140120174842.GA1034@antiproton.jfet.org> "J.A. Terranson" wrote: > Great: if we go back to distribution, we can bring all of us back into the > fold. It was around 2005 that the last few nodes dropped off the old CDR, so it's been quite a while since we've been distributed. I went back through the list archives late last year in search of the history of the CDR. While I'm sure others can add more to the skeleton, what I found went into the Cypherpunk Wikipedia entry (with references to archived emails where possible). To be honest, I'm not sure distribution is a response to any real threat: to the extent that the Cpunks list is of interest, isn't it more sensible to keep it alive and monitored than to shut it down? Of course, as J.A. points out, there are plenty of other reasons, viz., different list policies at different nodes (reply-to:, subject modification, sender whitelisting, etc.)---and these create some problems that we'll have to address in designing CDRv2. So let's talk a bit about the CDR architecture. One obvious issue with the old one is that it was a bit rickety: at its heart it was a bandaid fractal built on top of procmail and Majordomo, and getting it set up took enough work that most people didn't want to do it. To this end, I suggest we build upon mailman this time around: the codebase is reasonably well maintained, plenty of people feel comfortable hacking in Python, and we automatically get more user friendliness in the subscriber and administrative interfaces. (In principle, an even better way to do this would be to cleanly separate the CDR functionality from the list management functionality so that individual nodes can decide on their own what list software to run. This probably ends up expanding the time cost of the project well in excess of the utility it generates, so my vote would be against making this a requirement.) One major question we need to address is the topology of the CDR network itself. From an implementation point of view it would be most straightforward if every node knew about every other node, but one could argue that this is too fragile. If we take that position, we have to solve a broadcast repeater problem: when a node receives a message, it needs to have some way of deciding what other nodes it forwards messages to. Obviously we'd like to do this in a way that doesn't result in a lot of useless echoes. (Recognizing that perfect is the enemy of good may be the better part of valor here; after all, we don't expect to have more than a handful of CDR nodes.) As before, we want to be able to have independent policies at each node at least with respect to: - subject line modification - header mangling (reply-to: etc) - attachments - sender whitelisting - other things I'm forgetting As far as I can tell, the ones that will require the most work are subject line modification and sender whitelisting. Mangling the subject line becomes a problem because eventually we end up with subjects like "[CDR] Re: [Cpunks] Re: [Cypherpunks] foo", which confuses a lot of mail clients. This isn't a problem for monolithic mailman setups because mailman knows not to add another prefix to outgoing messages that already have one, but the problem becomes more difficult when each node potentially has its own (possibly empty) prefix. This problem would have a trivial solution in the case that all nodes knew the tagging policy at all other nodes, but (as I point out above) we may prefer not to require nodes to know all other nodes in the CDR. (The fallback solution is the old one: manually construct an appropriate filter to demangle subject lines. Yech.) In the old CDR (possibly after the LNE.com modifications circa 2001), nodes had to expose their sender lists (at least to other nodes) to allow for member whitelisting. Obviously this is ripe for abuse, and I'd prefer to achieve this in a different way if possible. The goal here is to make it easy to verify that a given sender is subscribed to *some* node but difficult to enumerate all list subscribers. I can see how one might think of this as coddling the supposedly savvy and internet- hardened subscribers of the list, but I just don't see any reason to expose users to more abuse than necessary, especially when solutions to this problem have already been described and are nominally right in the cpunks wheelhouse! I have a skeleton architecture in mind that can be beaten into a shape capable of addressing the above issues, but as this email is getting long and I've doubtless forgotten several other important problems, let's discuss a bit more first. -=rsw From dwhite at olp.net Mon Jan 20 10:58:14 2014 From: dwhite at olp.net (Dan White) Date: Mon, 20 Jan 2014 12:58:14 -0600 Subject: Infiltration / Exfiltration In-Reply-To: References: <0e3dc88e757ed0fda36f0d945c44253f@remailer.privacy.at> <20140120145622.GB6176@dan.olp.net> Message-ID: <20140120185813.GB7373@dan.olp.net> On 01/20/14 17:19 +0100, Cari Machet wrote: >On Mon, Jan 20, 2014 at 4:31 PM, John Young wrote: >> Dan White wrote: >>> change, particularly at the legislative level. However, that path needs >>> charismatic leaders, i.e. Lawrence Lessig, to actually run for office. >> > leaders??? aarrrghhh Charisma is needed to implement true change within our *existing* government. Anarchy is an equally valid alternative path to true freedom, but not one that am a proponent of. > lawrence has substance besides being able to orate? > show me http://en.wikipedia.org/wiki/Lawrence_Lessig I picked him as an example, since he's fairly well known, and has been thrown around as a potential congressional candidate, or an employee of the executive branch. He's someone with potential to change the legal landscape in a significant way. Unfortunately he chose the route to change the process rather than implement direct change (by becoming elected), which has been a failure to date. > there are many solutions many many problems > a major one is the > neo-liberal capitalist state is alive and well in you and i > hacking that > is not easy No, it's certainly not. This is where having good leadership helps. Much in the way that coding is action in our community, becoming elected (implementing law) is action in the political world, and nothing can be done to change our government than to elect ~like minded individuals. > the wikileaks capitalistic blob embound by fierce ego w/out ethics is but > one example of the blindness > > levels of intellect that are socially engineered to be very low - in the US > particularly - suck life out so making a big data drop - as ellsberg > learned - on a public with no brain tells the powers they have succeeded in > their disgusting social engineering I have a much higher opinion of the American public. The problem isn't that we have too much influence over our government, but not enough. The ultimate fix is to somehow replace our legislative branch with true democracy. > ever tried speaking to a wall? > > the solutions are constant and findable ... everyday moving toward them > ... in estonia they passed a law where 1st graders have to learn code ... > now to implement the law.... -- Dan White From rsw at jfet.org Mon Jan 20 09:58:21 2014 From: rsw at jfet.org (Riad S. Wahby) Date: Mon, 20 Jan 2014 12:58:21 -0500 Subject: Welcome to the Asylum! In-Reply-To: References: <1c74501ba7ecf8b22d18efdef2c1e0bb@remailer.privacy.at> <52DC56AC.7070507@cathalgarvey.me> Message-ID: <20140120175821.GB1034@antiproton.jfet.org> "J.A. Terranson" wrote: > Riad Wahby is our "Curator". And a poor one indeed :) Lest anyone misinterpret the quotes, I assure you I do nothing of the sort. The *only* filtering that goes on is subscriber whitelisting. I've been subscribed to cpunks in one form or other since the early 90s, and thinking back to those days makes the worries about SNR on the list now seem like nothing. By my recollection it wasn't until circa 2001 that any of the distributed remailer nodes even had sender whitelisting; even with the worst flaming the SNR now is an order of magnitude better than what we'd get prior to Ericm's LNE.com node. -=rsw From measl at mfn.org Mon Jan 20 10:59:18 2014 From: measl at mfn.org (J.A. Terranson) Date: Mon, 20 Jan 2014 12:59:18 -0600 (CST) Subject: Welcome to the Asylum! In-Reply-To: <20140120175821.GB1034@antiproton.jfet.org> References: <1c74501ba7ecf8b22d18efdef2c1e0bb@remailer.privacy.at> <52DC56AC.7070507@cathalgarvey.me> <20140120175821.GB1034@antiproton.jfet.org> Message-ID: On Mon, 20 Jan 2014, Riad S. Wahby wrote: > "J.A. Terranson" wrote: > > Riad Wahby is our "Curator". > > And a poor one indeed :) Ditto. My sole advantage is I have free colo, and lots of extra hardware, with a n/c 100mbit connection. As long as I don't have to spend money, I can support just about anything. > Lest anyone misinterpret the quotes, I assure you I do nothing of the > sort. The *only* filtering that goes on is subscriber whitelisting. > > I've been subscribed to cpunks in one form or other since the early 90s, Same. > and thinking back to those days makes the worries about SNR on the list > now seem like nothing. By my recollection it wasn't until circa 2001 > that any of the distributed remailer nodes even had sender whitelisting; > even with the worst flaming the SNR now is an order of magnitude better > than what we'd get prior to Ericm's LNE.com node. Oh yes! I'm sure that toad is still swamped with incoming spam, especially after it started to be used as an attack vector in the mid 90s. this *may* be an issue going forward, but I doubt it: only admins can open up mailman to attack vectors, and that may even be closed by now. I've been running mailman since it came out, although I havent updated any of the installed bases in a few years (as fresh upgrades were always a nightmare under mailman). Mailman is incredibly easy to install (once you get past the *awful* instructions and just figure it out!), and doesn't open itself to the many types of crazyness that majordomo did (not to say that majordomo wasnt a great platform for it's time - it was. But traffic up until 95/96 wasn't that heavy either. Another thing that will be nice about mailman vs majordomo is you won't get the situation where your posts come in from what appears to be different places: in the archives I noted that I had multiple posts under a half dozen "names", depending on the workstation I was sitting at when I hit send. Majordomo made a LOT of assumtions which usually turned out to be wrong... The repeater is the key. I think it should be a stand alone piece of code, not a script, so that I can run it as any other service (or, *someone* can run it as a service!). There should be somekind of fallback for the repeater as well: if it goes down, the entire CDR shouldn't go with it. Maybe a heartbeat system coupled with elections as to masters/backup slaves. This kind of setup has DNS implications though: the TTL would need to be *very* low, and other repeaters who need to step up in case of outage need a mechanism to change the DNS for the repeater. -=rsw > //Alif -- Those who make peaceful change impossible, make violent revolution inevitable. An American Spring is coming: one way or another. From jamesdbell8 at yahoo.com Mon Jan 20 13:06:02 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Mon, 20 Jan 2014 13:06:02 -0800 (PST) Subject: Cypherpunks is NOT a safe place for fools In-Reply-To: References: Message-ID: <1390251962.67900.YahooMailNeo@web164603.mail.gq1.yahoo.com> From: coderman On Sun, Jan 19, 2014 at 1:05 PM, John Young wrote: > Why not, who else would remain here if not fools. Oh, > you're kidding, is that you, Tim? How are your cats doing? > > Prison here too, is this not a panopticon? > > Former Agent Gordon is doing better things over at Intel > planting malware and itty bitty byways. I saw this reference to Gordon before, but I wondered what to say.   Really?  At Intel?!?  Maybe TCM, myself, and Gordon could form the "(ex)-Intel employees catfight club"? Prosecutor Robb London, I found a couple of months ago, has been the Communications director for Harvard Law School.  (Google '"Robb London" "Harvard Law". During my days at MIT, we students referred to Harvard as "That little red-brick liberal arts school a couple of miles up 'Mass Ave'".         Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1791 bytes Desc: not available URL: From tedks at riseup.net Mon Jan 20 10:09:03 2014 From: tedks at riseup.net (Ted Smith) Date: Mon, 20 Jan 2014 13:09:03 -0500 Subject: Fwd: [tor-talk] giving up pseudonymity after collecting experiences with pseudonymous project development In-Reply-To: <20140120060000.GT3180@nl.grid.coop> References: <52DA7D13.4010201@riseup.net> <20140120060000.GT3180@nl.grid.coop> Message-ID: <1390241343.27096.8.camel@anglachel> On Mon, 2014-01-20 at 00:00 -0600, Troy Benjegerdes wrote: > I am continually reminded why I prefer to be onymous when talking to various > counterculture/resistance/etc movement members around the city. So many of them > are paranoid of each other and 'the man' > > So I can confirm this from direct experience. I like dealing with people with > real names, locations, and whom I can tell them whatever I feel like is > appropriate, without having to compartmentalize my life. It's definitely a privilege to be able to do this. In the United States, the animal liberation activism community (among others) is rightly paranoid of infiltrators and state repression. There's a certain level of paranoia that's culturally accepted as necessary "security culture". This might involve using pseudonyms, but obviously not very secure ones, because this organization happens primarily in meatspace. This dovetails nicely with the somewhat nomadic lifestyles of the people involved, and the self-determinist ethic from the punk scene that's so wedded to this group of cultures. It's common for people to introduce themselves with obviously psuedonymous names like "carrot" or "scout", but these people might even use these names on a personal basis with people who know their legal names. This comes back to the threat model -- these activists are scared of at most an FBI investigation, and at baseline local police keeping tabs on them. Weak pseudonyms are expensive enough for local police to keep the community afloat. Likewise, I doubt it would have been very dangerous for adrelanos' partners or close friends to know their activities as a Whonix maintainer. Probably a hyperinvestigation leveraging the full powers of the surveillance states of the world would have penetrated this layer of psuedonymity, but I doubt this would ever have happened. It would have been interesting to see how far this could have progressed along a spectrum from complete psuedonymity to complete ...nymity. How long would adrelanos have been psychologically capable of keeping up the act if a single friend had known? -- Sent from Ubuntu -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: This is a digitally signed message part URL: From wahspilihp at gmail.com Sun Jan 19 19:05:27 2014 From: wahspilihp at gmail.com (Philip Shaw) Date: Mon, 20 Jan 2014 13:35:27 +1030 Subject: independently assisting oversight of highly classified programs In-Reply-To: References: <9A539A7A-AF1E-434F-AE67-D36FA92CA5E5@gmail.com> Message-ID: <0E173C87-EAB3-4BCB-AAA1-0AC3B9DF4BA7@gmail.com> On 20 Jan 2014, at 13:09 , grarpamp wrote: > On Sun, Jan 19, 2014 at 5:56 PM, Philip Shaw wrote: >> reading documents into the public record would be useful (since it would give us all legitimate access), it wouldn’t help subsequent publishers. > > It's public record at that point... when acting under that context, anyone can > read and publish it. Be it the Press/WL or Jane Public. Or perhaps even > congressperson, NSA, military, executive branch, etc... so long as they > were say officially off work as anyone might be in the evening at the library > or on vacation visiting their capitol... though you probably wouldn't want to > actually try it (ref also: the military blocking WL website from soldiers), just > let the Press do it. You just can't be cleared/NDA'd and do the initial leak, > unless you change policy by fiat (exec order), or are Rep/Sen and speak > in congress. I must have misunderstood the reports of the part involving Beacon Press, since the documents published there were the same ones as he had placed in the records of the committee. On reflection, ISTM that the mistake Gravel and Beacon made was that Gravel had obtained it as classified material, and so couldn’t publish it until it was declassified, even though anyone else could have obtained identical documents as an open matter of public record. (A similar quirk affects people who read the Snowdon documents in that the handling rules still apply even though the documents have been published openly, which also makes the mistake of confirming the authenticity of at least some of the documents.) For any lawyers out there - do state legislatures have an equivalent of parliamentary privilege, and if so does it protect state legislators from federal law? I know in Australia they do, but there parliamentary privilege mostly relates to defamation law rather than official secrets (and that’s a matter of state law). -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 243 bytes Desc: Message signed with OpenPGP using GPGMail URL: From jamesdbell8 at yahoo.com Mon Jan 20 14:29:58 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Mon, 20 Jan 2014 14:29:58 -0800 (PST) Subject: Infiltration / Exfiltration In-Reply-To: <0e3dc88e757ed0fda36f0d945c44253f@remailer.privacy.at> References: <0e3dc88e757ed0fda36f0d945c44253f@remailer.privacy.at> Message-ID: <1390256998.65860.YahooMailNeo@web164601.mail.gq1.yahoo.com> From: Anonymous Remailer (austria) To: cypherpunks at cpunks.org >We cypherpunks live by the saying "cypherpunks code". But isn't it time >for more than just coding? We're in a very real digital war for the >freedom of the Internet, similar to what we faced in the 1990's but with >even more at stake and a better funded, better equipped enemy. >Isn't it time for infiltration? The cypherpunk community has some of the >best tech people (not just programmers) out there. We could easily get >jobs within government agencies and then help exfiltrate data out of >them into the hands of the public of civil rights agencies like the ACLU >in America. >I understand how distasteful working in the belly of the beast might be >but isn't it one of the most needed things cyperpunks can do right now? Obviously, this is a well-meaning idea.  However, I wonder how 'efficient' such a tactic would be.  It might take years for a person to get into a position to be able to obtain and leak information.  And, the longer a 'mole' stays, the more he will become dependant on that government.  And, let's not fall into the trap of assuming that everyone who works for a government agrees with the policies and practices of that government.  If we guesstimate that 1% of (current) government employees would be sufficiently unhappy to do such leaks, the main thing that's necessary to do is to somehow add additional inducement:  To reward them for exposing that government.  If Snowden or Manning, or both, get a well-publicized $5 million reward, that would invigorate a lot of similar people to do similar things.  What's desirable would be a kind of anonymous reward system to allow ordinary people to reward the leakers.  I haven't read enough about the origins of Wikileaks to know whether such a system was ever contemplated.          Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2580 bytes Desc: not available URL: From tom at vondein.org Mon Jan 20 05:31:04 2014 From: tom at vondein.org (Thomas von Dein) Date: Mon, 20 Jan 2014 14:31:04 +0100 Subject: consistent pcp/pbp formats (was: Curve p25519 Replacements for GnuPG?(x2 now) ..) In-Reply-To: References: <20140114111653.GD3900@r4> <20140115093443.GE3900@r4> <20140115134145.GF3900@r4> Message-ID: <20140120133104.GL3900@r4> Hi, On Mon, Jan 20, 2014 at 03:13:42PM +0400, Yuriy Kaminskiy wrote: > FWIW, I quickly looked at pbp [python? hate-hate-hate], it apparently has nearly > same design defect: it uses long-term curve25519 keypair for message encryption. > Unlike pcp, it does not include sender identification in message, receiver must > try all public keys in her keyring. Nope, the sender's public key is included by pbp with the encrypted message. Since yesterday pcp does the same. However, I use a dynamic keypair on the sender site now. I'm currently in the process to change the encrypted output format of pcp to match the one of pbp. > It is not easy to mess up with crypto - it is /extremely/ easy :-( > > And that's why it is important to point out at mistakes early on, without any > mercy :-) Absolutely. Speaking of mistakes: I had even a note in the manpage where I mentioned that it might be a bad idea to include the key-id with encrypted messages, though I totally forgot it :) Oh - and I didn't really include the key-ids, but a hash from it instead. However, this has already been changed. > PPS === cut platform.h === > #ifndef HAVE_ARC4RANDOM_BUF > // shitty OS. we're using libsodium's implementation > === cut === > LOL, I'm glad I'm on "shitty OS" Well, now you know, I don't like linux :) best regards, Tom -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hannes at stressinduktion.org Mon Jan 20 05:42:34 2014 From: hannes at stressinduktion.org (Hannes Frederic Sowa) Date: Mon, 20 Jan 2014 14:42:34 +0100 Subject: Programming languages for a safe and secure future In-Reply-To: <52DD0E22.6000307@mehnert.org> References: <1389950750.79148.YahooMailNeo@web141202.mail.bf1.yahoo.com> <52DAE12D.9080406@cypherpunks.to> <52DC1500.3020805@mehnert.org> <20140119184343.GF6302@order.stressinduktion.org> <52DD0E22.6000307@mehnert.org> Message-ID: <20140120134234.GB27626@order.stressinduktion.org> Hi! On Mon, Jan 20, 2014 at 11:53:06AM +0000, Hannes Mehnert wrote: > > [...] > > On 01/19/2014 18:43, Hannes Frederic Sowa wrote: > > MPX was already committed to gcc trunk, so I hope this situation > > could improve in future (it is reverted for 4.9 but I think it will > > come back after the release in March). > > > The difference, as far as I can tell is in-band vs out-of-band > signalling... (correct me if I'm wrong) with the former you put some > magic values before and after the array, and an attacker has to guess > these. The latter puts the meta-information out of band, hard to > predict for an attacker.. that's at least the difference between the > llvm bounds checks plugin (BoundsChecking.cpp / MemorySanitizer.cpp in > LLVM 3.3) and the softboundCETS approach.. MPX uses CPU managed out-of-band (but in application memory) page-table-alike structures to store the bound table entries. They get updated via specific cpu instructions, which result in nops on todays cpus (so you can execute mpx code on non-mpx cpus and just won't have the bounds checking). They also made sure that non-MPX code that is linked against MPX code can propagate unbounded pointers, so you don't need to switch your whole operating system to MPX enabled code at once (I guess that would aslo be a problem memory-wise, but Intel entered the DRAM business again, too :) ). The x64 linux ABI has also been updated. While passing parameters and returning, MPX will introduce new registers to pass those bounds checks automatically between function calls. I guess this enables faster function calls because the cpu does not need to store those pointer bounds in the permanent pointer bound tables thus eliminating the stress on the cpu caches. You can find details here: What would be interesting, especially for the linux kernel, is to restrict jmp and callq addresses so it is impossible for an attacker to get control over them and e.g. dispatch own code on network packet dismantling without needing whole pointer checking infrastructure e.g. > >> I can recommend several languages: - coq (http://coq.inria.fr) > >> [the tutorial software foundations > >> http://www.cis.upenn.edu/~bcpierce/sf/ ] - agda > >> (http://wiki.portal.chalmers.se/agda/pmwiki.php) - idris > >> (http://www.idris-lang.org/) > > > > Maybe you can comment a bit on the code extraction process into > > compilable languages. > > [...] > > The softbound plugin [http://acg.cis.upenn.edu/softbound/], although > they developed a semantics for the LLVM intermediate representation, > have the real implementation in C++ and no formalized proof (at least > I couldn't find any) of its correspondence to the Coq development. I > actually think there are some overflows in the C++ runtime (size + > start < bound might fail IIRC this was already addressed in the talk. > The verified L4 microkernel redeveloped a bunch of C++ and assembly > into Haskell in order to be able to prove it. > > The main difference between Coq and Agda/Idris is that the dependent > types are used in Coq to proof stuff, while in Agda/Idris you use them > for programming. (Obviously, all is the same, and Adam wrote a great > book about programming with dependent types in Coq > http://adam.chlipala.net/cpdt/). I would also like to point to Software Foundations from Benjamin Pierce here, as it also has some great material to learn Coq: > Agda has a story about people not interested in executing programs, > but rather type check and prove them. :) > Obviously the runtime needs to be looked into. In the end it is part > of your trusted code base. Code generation without heavy runtime would also be nice. > Unfortunately I have not used ATS, but if I'm not entirely wrong, it > is a dependently typed programming language with mutable state and a C > foreign function interface which treats variables as resources (and > uses linear logic/linear types to do so). A very interesting system; > Chris Double wrote several blog posts when he used it > http://bluishcoder.co.nz/tags/ats/ . ATS uses plain C as an intermediate language and the whole language feels pretty low-level, too. So it seems it is easily possible to compile these programs freestanding and also link those to other programs, which is quite a nice feature, especially if one wants to make incrementally use of more checked languages. Thanks for your additional remarks, Hannes From rsw at jfet.org Mon Jan 20 11:44:15 2014 From: rsw at jfet.org (Riad S. Wahby) Date: Mon, 20 Jan 2014 14:44:15 -0500 Subject: CDRv2 discussion (was: Re: Al-qaeda.net deprecated) In-Reply-To: References: <20140119181507.GA22336@antiproton.jfet.org> <1390174697.11793.72791097.3940EAF2@webmail.messagingengine.com> <20140120004239.4E674F6E6@a-pb-sasl-quonix.pobox.com> <20140120174842.GA1034@antiproton.jfet.org> Message-ID: <20140120194414.GA4557@antiproton.jfet.org> "J.A. Terranson" wrote: > Everyone sends to the node of their choice, the node sends to a > broadcast repeater that knows the source, and sends to everyone else, > after stipping any mailman specific things like tags, etc. The down side > to this kind of dumb repeater is in the case of outages - the repeater > will not know (or would it? I need to look at this in postfix) what to > forward. As far as I can tell this doesn't (yet) solve the problem of whitelisting subscribers to other nodes. However, we can add one more step and solve this: when a node receives an email from the repeater whose sender is a member of the node's local subscriber list, it bounces the message back to the repeater with an added header saying, in effect, "I vouch for this sender." Other nodes employing sender whitelisting would ignore the first email, since its sender isn't locally whitelisted and it lacks the aforementioned node-auth header, but would presumably forward the second email, assuming they chose to trust the node that is vouching for the sender. Nodes with no whitelisting policy could safely ignore the second email by filtering out duplicate msgids or something similar. I'm not totally in love with the master repeater scheme, though. Notwithstanding my previous comments regarding the supposed threat model behind the CDR's original conception, as long as we're paying the fixed cost of setting up a new system we may as well get *some* additional reliability out of it, right? -=rsw From yumkam at gmail.com Mon Jan 20 03:13:42 2014 From: yumkam at gmail.com (Yuriy Kaminskiy) Date: Mon, 20 Jan 2014 15:13:42 +0400 Subject: consistent pcp/pbp formats (was: Curve p25519 Replacements for GnuPG?(x2 now) ..) In-Reply-To: <20140115134145.GF3900@r4> References: <20140114111653.GD3900@r4> <20140115093443.GE3900@r4> <20140115134145.GF3900@r4> Message-ID: FWIW, I quickly looked at pbp [python? hate-hate-hate], it apparently has nearly same design defect: it uses long-term curve25519 keypair for message encryption. Unlike pcp, it does not include sender identification in message, receiver must try all public keys in her keyring. Which have advantage of not leaking sender identity to eavesdropper, but waste a lot of CPU on receiver side (as your keyring grows), and receiver also cannot search sender identity by keyid on [hypothetical] keyserver. NIH, NIH, NIH. Thomas von Dein wrote: > On Wed, Jan 15, 2014 at 04:29:44PM +0400, Yuriy Kaminskiy wrote: >>> Well, the libsodium developers not only told me how to do it, it was >>> their idea. However, it's of course very simple to generate them >>> separate. >> It is *possible* to use same RSA keypair for encryption and signing (and earlier >> pgp versions used to that). Does not mean it is *good idea* (and newer >> openpgp/gnupg switched to use separate keys for signing/encryption/certificate >> signing purposes, by subkeys mechanism). > > We're not talking about RSA, do we? Nearly same consideration apply to both? >> (For DH/DSA it is even worse, you *can* reuse same keypair, but this leads to >> leak of secret key material. I'm not sure if same leak scenario apply to >> ECDH[curve25519]/EdDSA[ed25519], but better safe than sorry. And keypair reuse >> is bad from operational security pov anyway). > > As I alredy said, it's no problem to have separate keyspairs for signing > and encrypting, just a couple of lines to change. > >>>> 1) Recipient needs to know sender public key. Bad. >> [clarification: sender *long-term* public key; of course, receiver needs to know >> public key that was used for message encryption; but this key need not be same >> with sender *long-term* key] >> >>> That's the way curve25519 works. It would be possible to use one time >>> keys but for this there has to be some kind of key exchange process >>> before. But since pcp runs in offline mode, I'm not sure how to do this >>> in a user friendly way. >> I explained: include (single-use) public key in message, in place of "hash of >> sender key id"). > > Ok, let me formulate it better: I can use a single-use keypair on the > sender's side and include the public part in the message. Cool. But the > sender would nevertheless need a public key from the recipient. This one > has to be from a long-term key, since we're operating in a Well, yes. If you want to send message to someone, you need to obtain her (current/longterm) public key first, and you need verify it somehow (in-person exchange, web-of-trust, CA signature, etc; in case ephemeral encryption key, it should be signed by verified long-term identity key), otherwise you are vulnerable to MITM. I don't see any way around it. > store-and-forward environment. But it doesn't make sense to use a > single-use key only on one side of the communication, does it? Hmm? You cannot fix (1), (2), (3), (4) without using single-use keypair by sender side. So, of course, it makes sense. Single-use keypair on receiver side would be nice (PFS!), but it is not possible in store-and-forward. > As a sidenote, in pcp it's possible to generate a keypair for one > recipient (it's derived from the long-term keypair), so you'd at least > have one keypair per peer. But it's unclear to me, how to use single-use > keys on both sides of a communication in a store-and-forward > environment. Any hints? I'm not sure how are they useful? (Once you use per-message keypairs, that is.) >>>> 2) Message remains decipherable by sender. Very bad. >>> No, it doesn't. In order to decrypt a message one needs the recipient >>> secret key and the sender public key. >> Yes, it does. With your protocol, message can be alternatively deciphered with >> crypto_open_box(c, n, sender_public_key, receiver_secret_key); >> (by receiver, good) or, alternatively, with >> crypto_open_box(c, n, receiver_public_key, sender_secret_key); >> (by sender, *BAD*). > > Really? I'll try it, but if this is the case, then it's bad indeed. That's how (any) DH works? You generate common secret from one side public key and other side private key? >> With openpgp (and with my suggested change), sender does not retain secret key >> used for message encryption, and thus cannot decipher his own message. > > Yea, I see. > >> Incorrect. This is NOT daily business with pgp. Openpgp does not use long-term >> sender keypair when it encrypt message (otherwise, how could you encrypt message >> without using passphrase?) and does not leak sender keyid (/by default/ gnupg >> leaks /recipient/ keyid, but it can be disabled with --hidden-recipient). > > ok, got it. > >> DJB has nothing to do with your self-invented protocol. >> DJB invented bending tool. *You* decided to use it to make square wheels. > > Come on, have a heart. The only thing I "invented", was how to store > keys and encrypted files. It's just a fun project in it's early > stages and everything can be changed. And I'm really glad when someone > points out some errors I made. > >> P.S. there were thing that openpgp did horrible wrong: keyids (they are harmful >> and useless crap). Funnily, you repeated their misdesign. Well, to be fair, openpgp standard had several edition, was reviewed by many people, etc, and still managed to get it wrong. Earlier versions of pgp also did a lot things wrong. Etc. SSL/TLS history is also full of mistakes, some fixed by newer version, some still remains (EtM), some even added by newer versions (cleartext SNI). It is not easy to mess up with crypto - it is /extremely/ easy :-( And that's why it is important to point out at mistakes early on, without any mercy :-) > ok, really got it. PPS === cut platform.h === #ifndef HAVE_ARC4RANDOM_BUF // shitty OS. we're using libsodium's implementation === cut === LOL, I'm glad I'm on "shitty OS"; well, not quite (e.g. openbsd recently switched arc4random from rc4 to chacha); but I'd bet there are quite some "by-​ this-​definition-​non-​shitty-​OS" that 1) has arc4random_buf; 2) still uses RC4 under the hood. Then again, while rc4 is considered somewhat flaky, but it is not completely broken (yet), and still in wide use, so it is not *terrible* big deal. But DJB will frown on you, LOL. From mixmaster at remailer.privacy.at Mon Jan 20 06:19:52 2014 From: mixmaster at remailer.privacy.at (Anonymous Remailer (austria)) Date: Mon, 20 Jan 2014 15:19:52 +0100 (CET) Subject: Infiltration / Exfiltration Message-ID: <0e3dc88e757ed0fda36f0d945c44253f@remailer.privacy.at> We cypherpunks live by the saying "cypherpunks code". But isn't it time for more than just coding? We're in a very real digital war for the freedom of the Internet, similar to what we faced in the 1990's but with even more at stake and a better funded, better equipped enemy. Isn't it time for infiltration? The cypherpunk community has some of the best tech people (not just programmers) out there. We could easily get jobs within government agencies and then help exfiltrate data out of them into the hands of the public of civil rights agencies like the ACLU in America. I understand how distasteful working in the belly of the beast might be but isn't it one of the most needed things cyperpunks can do right now? From measl at mfn.org Mon Jan 20 13:24:54 2014 From: measl at mfn.org (J.A. Terranson) Date: Mon, 20 Jan 2014 15:24:54 -0600 (CST) Subject: CDRv2 discussion (was: Re: Al-qaeda.net deprecated) In-Reply-To: <20140120194414.GA4557@antiproton.jfet.org> References: <20140119181507.GA22336@antiproton.jfet.org> <1390174697.11793.72791097.3940EAF2@webmail.messagingengine.com> <20140120004239.4E674F6E6@a-pb-sasl-quonix.pobox.com> <20140120174842.GA1034@antiproton.jfet.org> <20140120194414.GA4557@antiproton.jfet.org> Message-ID: On Mon, 20 Jan 2014, Riad S. Wahby wrote: > As far as I can tell this doesn't (yet) solve the problem of > whitelisting subscribers to other nodes. > > However, we can add one more step and solve this: when a node receives > an email from the repeater whose sender is a member of the node's local > subscriber list, it bounces the message back to the repeater with an > added header saying, in effect, "I vouch for this sender." There are two possible approaches to dealing with white (& black) listings: (1) The repeater is a dumb one, and doesn't care, each node on the CDR is free to implement their own local rules and white/blacklists; (2) Any one whitelist is agreed to be valid for all nodes: as you point out, there will need to be some way to recognize that. Option 1 is simple to implement, but I don't know if it's consistent with the goals of sharing information freely amongst CDR subscribers. Option 2 is, obviously, much harder to design. \> I'm not totally in love with the master repeater scheme, though. > Notwithstanding my previous comments regarding the supposed threat model > behind the CDR's original conception, as long as we're paying the fixed > cost of setting up a new system we may as well get *some* additional > reliability out of it, right? OK: if we want to design redundancy in all possible dimensions (above the threat model I believe, but still a good practice to have no single point of failure... We have a repeater on each CDR which, again, is elected every time an Elected Master Repeater refuses/fails to keep up with a heartbeat timer? > -=rsw > //Alif -- Those who make peaceful change impossible, make violent revolution inevitable. An American Spring is coming: one way or another. From measl at mfn.org Mon Jan 20 13:30:40 2014 From: measl at mfn.org (J.A. Terranson) Date: Mon, 20 Jan 2014 15:30:40 -0600 (CST) Subject: Try to remember... (Was: AHEM! ...) (fwd) Message-ID: (Came back due to deprecated A/Q - the "lesson" is not feeding trolls, good behaviour, etc.) > seems every crop of new cypherpunks has to learn this lesson. [1] Try to remember the kind of September When life was slow, and oh, so mellow. Try to remember the kind of September When grass was green, and grain was Yellow. Try to remember the kind of September When you were a tender and callow Fellow[2]. Try to remember, and if you remember, then follow... //Alif -- Those who make peaceful change impossible, make violent revolution inevitable. An American Spring is coming: one way or another. [1] Taken completely out of context from the Very Off-Broadway "The Fantasticks" - a show which was expected to run for a few weeks and then enter eternal obscurity. [2] The original lyric has no capitalization of "Fellow". Those who can, will draw the correct inference. From rsw at jfet.org Mon Jan 20 13:46:34 2014 From: rsw at jfet.org (Riad S. Wahby) Date: Mon, 20 Jan 2014 16:46:34 -0500 Subject: anonymous remailer whitelisting In-Reply-To: <20140119170918.GA20450@antiproton.jfet.org> References: <20140119170918.GA20450@antiproton.jfet.org> Message-ID: <20140120214634.GA7500@antiproton.jfet.org> All, I received another query regarding remailer whitelisting; it seems that some dropping may still be going on. I will double check the logs later tonight to be sure that such messages are actually getting through, and post any findings. -=rsw From hannes at stressinduktion.org Mon Jan 20 08:03:22 2014 From: hannes at stressinduktion.org (Hannes Frederic Sowa) Date: Mon, 20 Jan 2014 17:03:22 +0100 Subject: Programming languages for a safe and secure future In-Reply-To: <20140120134234.GB27626@order.stressinduktion.org> References: <1389950750.79148.YahooMailNeo@web141202.mail.bf1.yahoo.com> <52DAE12D.9080406@cypherpunks.to> <52DC1500.3020805@mehnert.org> <20140119184343.GF6302@order.stressinduktion.org> <52DD0E22.6000307@mehnert.org> <20140120134234.GB27626@order.stressinduktion.org> Message-ID: <20140120160321.GF27626@order.stressinduktion.org> On Mon, Jan 20, 2014 at 02:42:34PM +0100, Hannes Frederic Sowa wrote: > What would be interesting, especially for the linux kernel, is to restrict > jmp and callq addresses so it is impossible for an attacker to get control > over them and e.g. dispatch own code on network packet dismantling without > needing whole pointer checking infrastructure e.g. Just remembered there was some research on this already: Greetings, Hannes From pgut001 at cs.auckland.ac.nz Sun Jan 19 20:04:44 2014 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Mon, 20 Jan 2014 17:04:44 +1300 Subject: cypherpunks and hackers who dont code? In-Reply-To: Message-ID: coderman writes: >this is pre snowden thinking; usability demands that it immediately emits >only one state on boot: a glowing blue LED "SECURE". > >once the network is up, now lights "SUPER SECURE". (it can only be SECURE, >lest the wrong impression be conveyed by accident) Naah, it'd be displayed as a VU-meter style 10-LED display. When you boot it, all ten LEDs slowly light up as the boot progresses. Then when you go online, the 11th LED superglued onto the end of the other ten lights up as well. Peter. From carimachet at gmail.com Mon Jan 20 08:19:43 2014 From: carimachet at gmail.com (Cari Machet) Date: Mon, 20 Jan 2014 17:19:43 +0100 Subject: Infiltration / Exfiltration In-Reply-To: References: <0e3dc88e757ed0fda36f0d945c44253f@remailer.privacy.at> <20140120145622.GB6176@dan.olp.net> Message-ID: On Mon, Jan 20, 2014 at 4:31 PM, John Young wrote: > Dan White wrote: > > change, particularly at the legislative level. However, that path needs >> charismatic leaders, i.e. Lawrence Lessig, to actually run for office. > > leaders??? aarrrghhh lawrence has substance besides being able to orate? > show me there are many solutions many many problems > a major one is the neo-liberal capitalist state is alive and well in you and i > hacking that is not easy the wikileaks capitalistic blob embound by fierce ego w/out ethics is but one example of the blindness levels of intellect that are socially engineered to be very low - in the US particularly - suck life out so making a big data drop - as ellsberg learned - on a public with no brain tells the powers they have succeeded in their disgusting social engineering ever tried speaking to a wall? the solutions are constant and findable ... everyday moving toward them ... in estonia they passed a law where 1st graders have to learn code ... now to implement the law.... -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2430 bytes Desc: not available URL: From jamesd at echeque.com Sun Jan 19 23:52:05 2014 From: jamesd at echeque.com (James A. Donald) Date: Mon, 20 Jan 2014 17:52:05 +1000 Subject: bitcoin In-Reply-To: References: Message-ID: <52DCD5A5.6050508@echeque.com> On 2014-01-20 17:04, Juan Garofalo wrote: > > > So, what do you think is going to happen 'if' bitcoin ever threatens the > 'integrity' of the financial mafia, I mean, the integrity of the financial > system of the Free and Democratic World? Less than you would think. Our ruling elite is incohesive. There are far too many of them, and they do not like or trust each other all that much. Faced with a serious threat to their power, they would not act all that effectually or decisively. From jamesdbell8 at yahoo.com Mon Jan 20 18:36:57 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Mon, 20 Jan 2014 18:36:57 -0800 (PST) Subject: Infiltration / Exfiltration In-Reply-To: References: <0e3dc88e757ed0fda36f0d945c44253f@remailer.privacy.at> <1390256998.65860.YahooMailNeo@web164601.mail.gq1.yahoo.com> Message-ID: <1390271817.14017.YahooMailNeo@web164602.mail.gq1.yahoo.com> From: grarpamp To: "cypherpunks at cpunks.org" Sent: Monday, January 20, 2014 6:05 PM Subject: Re: Infiltration / Exfiltration On Mon, Jan 20, 2014 at 5:29 PM, Jim Bell wrote: >> somehow add additional inducement:  To reward them for exposing that >> government.  If Snowden or Manning, or both, get a well-publicized $5 >> million reward, that would invigorate a lot of similar people to do similar >And interesting idea to be sure. Though while you could easily enough >verifiy the data/leaker and arrange payment semantics, there does >not at this moment seem to exists a suitably anonymous pay system >for even $100kUSD other than a briefcase in the woods, bitcoin appears >to be balance trackable at that level and it's useless to the leaker if >they can't deposit or draw on it. One obvious problem with "money for leaks" is that, who decides what a given leak is worth?  So, fixed prices are probably out.  But, the actual leak can be posted, and the potential donors will decide what they will give.  As I recall, one problem with the Wikileaks system was that its ability to collect donations (through credit cards) was impeded.  Presumably, Zerocoin will shortly become available for truly anonymous donations. But, it occurs to me that even though the leaker should be able to collect the reward truly anonymously, perhaps it should be documentable the fact that he/she actually obtained that amount, for the encouragement of future, potential leakers.  Could the donations/rewards go through the leak-organization in a pseudonymous (at least) fashion, and then be given to the anonymous leaker, in a way that is documented sufficiently so that people considering becoming leakers are aware of the actual rewards being given?        Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3005 bytes Desc: not available URL: From grarpamp at gmail.com Mon Jan 20 16:16:50 2014 From: grarpamp at gmail.com (grarpamp) Date: Mon, 20 Jan 2014 19:16:50 -0500 Subject: independently assisting oversight of highly classified programs In-Reply-To: References: Message-ID: On Mon, Jan 20, 2014 at 3:21 PM, coderman wrote: > except SONET pairs sharing same right of way over aerial and buried plant. In US, besides the utilities themselves which do not give out detail info, and call before you digs which might give it out, full ROW's are maintained in county or city gov engineers and deed offices. I'm not saying he didn't compile that street level of information, only that he would have had to interact with well over a thousand entities and different data sets, even down to the individual deed, to even begin to extract that information. You can get pretty powerpoints off the utilities, google maps, etc, but the raw street/land locations is a colossal amount of work. Anyone with a clue knows most longhaul lines follow/share similar/same paths... telecom, rail, power and pipe. Outside of a few target areas like downtown NYC that he may have focused on for show, I doubt it was more than overlaid national powerpoints reminiscent of JYA's eyeball series. Unless the work was recognized and then adopted into relevant and detailed access semantics... > http://www.washingtonpost.com/wp-dyn/articles/A23689-2003Jul7.html Aware of this newspeak. From pgut001 at cs.auckland.ac.nz Sun Jan 19 22:51:32 2014 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Mon, 20 Jan 2014 19:51:32 +1300 Subject: Fwd: [tor-talk] giving up pseudonymity after collecting experiences with pseudonymous project development In-Reply-To: Message-ID: coderman writes: >i find these kinds of experiments fascinating and would love to see more of >them! His ideas are intriguing to you and you wish to subscribe to his newsletter? Peter. From measl at mfn.org Mon Jan 20 18:16:07 2014 From: measl at mfn.org (J.A. Terranson) Date: Mon, 20 Jan 2014 20:16:07 -0600 (CST) Subject: CDRv2 discussion (was: Re: Al-qaeda.net deprecated) In-Reply-To: References: <20140119181507.GA22336@antiproton.jfet.org> <1390174697.11793.72791097.3940EAF2@webmail.messagingengine.com> <20140120004239.4E674F6E6@a-pb-sasl-quonix.pobox.com> <20140120174842.GA1034@antiproton.jfet.org> Message-ID: On Mon, 20 Jan 2014, grarpamp wrote: > Some notes... > - Some subset of nodes should commit to carrying all messages Thats going to be strictly up the node owners. The node I anticipate here will likely carry all messages, but thats stricly a choice for the node operator. > - Consider instead deploying NNTP via Diablo with a list of current > readers and a howto on each of the splash pages. Don't try to > tell me cypherpunks cant grok this. Certainly you can > DSPAM/spamassasin/moderate and all other things with this too. >From an administrative point of view, nntp is a *major* PITA. I know, I used to run a full feed over DS3 (which could barely take the traffic back in '99!). NNTP is a really fucked up protocol, with tons of room for abuse. > - Or a hash based interchange backend? ie: message body > synchronization between nodes. Mail is ugly, see nntp above. Thats a really good idea, but implementation across multiple nodes may prove difficult. I'll give it some thought. > - Umm, mailbox/maildir/nntp archives from day one, please, seriously. Seriously, if you want to support it, get a box and be a provider. I'll happily support mailman and its native archives, but it'll be a cold day in hell before I interface NNTP again, or worry about maildirs for every user: forget it. If you are hereby *seriously* offering to provide these, then put up a box on a permanent connection, and you can be the designated module writer for it :-) //Alif -- Those who make peaceful change impossible, make violent revolution inevitable. An American Spring is coming: one way or another. From measl at mfn.org Mon Jan 20 18:17:19 2014 From: measl at mfn.org (J.A. Terranson) Date: Mon, 20 Jan 2014 20:17:19 -0600 (CST) Subject: [OT] Note to new-ish subscribers: you joined a mailing list, not a "group". (fwd) In-Reply-To: References: Message-ID: On Tue, 21 Jan 2014, Philip Shaw wrote: > On 20 Jan 2014, at 21:38 , Cari Machet wrote: > > > > FYI now they make laws that are retroactive to indict - i know of a > > case (or 5 actually) where the law was made to indict and convict 2 > > years after the "crime" yup ppl went to fed prison for years ... seems > > the breech of the rule of law by the US has come more out of the > > shadows > > Do you have a citation for those cases? I?m not doubting you, but the > legal sophistry to argue that an ex post facto law was constitutional > despite the explicit prohibition would be interesting. I?ve heard of > cases where higher penalties were applied than existed at the time > (which IIRC is banned by the ECHR and possibly the CCPR, although is > allowed in the USA and elsewhere), or where statutes of limitations were > extended, but a blatant ex post facto law seems surprising. Telecom/NSA/*retroactive immunity* ring a bell? //Alif -- Those who make peaceful change impossible, make violent revolution inevitable. An American Spring is coming: one way or another. From jamesdbell8 at yahoo.com Mon Jan 20 20:23:17 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Mon, 20 Jan 2014 20:23:17 -0800 (PST) Subject: [OT] Note to new-ish subscribers: you joined a mailing list, not a "group". (fwd) In-Reply-To: References: Message-ID: <1390278197.83759.YahooMailNeo@web164604.mail.gq1.yahoo.com> From: Philip Shaw To: Cari Machet Cc: cpunks Sent: Monday, January 20, 2014 6:11 PM Subject: Re: [OT] Note to new-ish subscribers: you joined a mailing list, not a "group". (fwd) On 20 Jan 2014, at 21:38 , Cari Machet wrote: >> >> FYI now they make laws that are retroactive to indict - i know of a case (or 5 actually) where the law was made to indict and convict 2 years after the "crime" yup ppl went to fed prison for years ... seems the breech of the rule of law by the US has come more out of the shadows >Do you have a citation for those cases? I’m not doubting you, but the legal sophistry to argue that an ex post facto law was constitutional despite the explicit prohibition would be >interesting. I’ve heard of cases where higher penalties were applied than existed at the time (which IIRC is banned by the ECHR and possibly the CCPR, although is allowed in the USA >and elsewhere), or where statutes of limitations were extended, but a blatant ex post facto law seems surprising. Yes, I too haven't seen any ex post facto law; however, as I recall ex post facto prohibition only works on criminal cases, not civil.  I saw an indication of a criminal case where the limitations period was illegally extended.   http://www.crimemagazine.com/firefighter-case-part-i      I met two of these convicts while in prison, and I am absolutely convinced that they were falsely convicted.  Worst, they were charged about 10 years after the crime, when the statute of limitations was about 5 years.  There was no limitations period for crimes punishable by death, but the crime occurred during a time in which the Feds did not have a death penalty.  Thus, the appeals court simply and deliberately violated the law.   http://crimemagazine.com/analysis-8th-circuit-opinion-firefighters-case    (However, on a skim I don't see reference to the statute of limitations issue here.)          Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3170 bytes Desc: not available URL: From wahspilihp at gmail.com Mon Jan 20 02:05:48 2014 From: wahspilihp at gmail.com (Philip Shaw) Date: Mon, 20 Jan 2014 20:35:48 +1030 Subject: Welcome to the Asylum! In-Reply-To: <1706259.o3g7zWxD1H@lap> References: <1c74501ba7ecf8b22d18efdef2c1e0bb@remailer.privacy.at> <20140120044328.GP3180@nl.grid.coop> <1706259.o3g7zWxD1H@lap> Message-ID: On 20 Jan 2014, at 19:40 , rysiek wrote: > Dnia niedziela, 19 stycznia 2014 22:43:28 Troy Benjegerdes pisze: >> >> The experience (experiment?) did, however, confirm my personal conviction >> that privacy and anonymity are expensive, and we as a society generally >> have to pay that cost for others, and the cost continues to spiral out of >> control as surveillance capabilities spiral out of control. > > Indeed. However, *pseudonymity* offers the benefits of identifiability without > many of the drawbacks of total anonymity. In many ways psuedonymity is easier, but it does increase the importance of being very careful to avoid giving out revealing information. Over time, small details which are easily leaked (either explicitly, or through unintentional references to local facts, events, and jargon, areas of interest, personal details hinting at age, gender, etc., and so on), can build up into enough detail to identify a person down to a very few people, at least for those with the resources and inclination to make such an attempt. One strategy I have heard of to mitigate that risk is creating a deliberately false persona, one which lives in the same city but in totally different circumstances (changing their family relationships, type of house, etc.), and adjusting tehri comments to fit that, which reduces the risk of accidental disclosure but requires more effort than ordinary psuedonymity. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 243 bytes Desc: Message signed with OpenPGP using GPGMail URL: From wahspilihp at gmail.com Mon Jan 20 02:21:34 2014 From: wahspilihp at gmail.com (Philip Shaw) Date: Mon, 20 Jan 2014 20:51:34 +1030 Subject: "the ability of the government to go back to taps collected years earlier to look for material with which to influence potential witnesses in the present" In-Reply-To: <7603511.i9NAaKBNfX@lap> References: <20140120000018.5B373F53B@a-pb-sasl-quonix.pobox.com> <7603511.i9NAaKBNfX@lap> Message-ID: <30A961F6-7A15-454A-8430-8B0233C71F6D@gmail.com> On 20 Jan 2014, at 19:52 , rysiek wrote: > Corp? Are you implying that corporations are on "our" side of this? That's > cute. > > Once corporations get 1. plausible deniability; 2. legal indemnification, > they'll be happy to provide any and all data to any government that asks. I > hope we're all clear on that. That varies from corp to corp - pure ISPs (as opposed to companies which are also involved in other areas of the media business), for example, are generally quite strongly opposed to filtering, wiretap and data retention laws, because they are a significant cost to them which makes their core product no better for their customers (and will often make things worse), without any useful benefit to them. Sure, they are only really interested in their own advantage, but their advantage coincides with the desires of privacy advocates, so an alliance of convenience is suitable. OTOH, in the US many ISPs are also either content producers, TV companies, or POTS companies, and so have a strong interest in preventing their internet activities from harming those (often more profitable) areas of their business. Because they are themselves often beneficiaries of attempts to preserve traditional distribution channels and business methods, they are strong advocates for anti-privacy measures which they believe (rightly or wrongly) will help them while shifting any opposition onto the politicians. Also, some companies have the sense to realise that even if handing over customer data is no great burden now, the demands from governments only tend to grow, and so opposing a small amount of snooping can protect themselves against a larger imposition later. (For example, the telephone companies at first only had to turn over data they were keeping anyway, then they were ordered to keep it at their own expense for government use.) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 243 bytes Desc: Message signed with OpenPGP using GPGMail URL: From mixmaster at remailer.privacy.at Mon Jan 20 11:53:10 2014 From: mixmaster at remailer.privacy.at (Anonymous Remailer (austria)) Date: Mon, 20 Jan 2014 20:53:10 +0100 (CET) Subject: training grounds and basic training for cypherpunks Message-ID: can the millenials get a clue? methinks maybe not but as there may be one or two of them who are NOT soft in the head I invite those to read http://borg.uu3.net/ldetweil/medusa/detweiler.html , where freedom of speech comes in conflict with the tradegy of the commons, there were indeed a lot of valuable lessons learned from detweilers actions and those in opposition to same. perhaps some millenials can get a clue about killfiles(course you take a chance of missing the creation of memes and subsequent modification of same and cypherpunks is ALL about memes.) While the whole snowden affair is most certainly interesting, cypherpunks do things anonymously and pseudoanonymously, we have been embedded in some of the largest government agencies as well as some of the largest and smallest corps. Thing is for all the NDA and loyalty oaths you cant tell when someone comes over to the darkside quietly nowaday especially if they were always using tor to browse anyway and that of course in and of itself will come to be regarded as suspicious Just as using PGP was always suspicious too few using it.. and a LOT of those on insecure platforms. All the recent meme introduction both signal and noise memes have resulted in some interesting side discussions about censorship vs moderation which I suspect is what the postings were intended to produce. anon From grarpamp at gmail.com Mon Jan 20 17:56:07 2014 From: grarpamp at gmail.com (grarpamp) Date: Mon, 20 Jan 2014 20:56:07 -0500 Subject: What more is there? [infil/exfil] Message-ID: On Mon, Jan 20, 2014 at 2:57 PM, Anonymous Remailer (austria) wrote: > I too wish the leaks would come at a faster pace. But I don't think The pace is ok, it keeps up the pressure. The real question is, is what remains? More of this same stuff we all knew was happening anyways? Or is there more deeper stuff we only questioned but shrugged off due to the hardness/fantasy of it all? - decryption of aes? cracked rsa? - automatic and global translation to stored text of all voice calls? - gratuitous unwarranted passing of crimetips to LEA? - fundamental metadata knowledge of all persons/associations? - political puppetstringing? I suggest the answer lies in budget analysis... the possibilities within a well spent budget. Or a seriously conscientious leaker at the top who is yet to come... since so far Snowden seems limited to confirming lower level obviousness. From mixmaster at remailer.privacy.at Mon Jan 20 11:57:17 2014 From: mixmaster at remailer.privacy.at (Anonymous Remailer (austria)) Date: Mon, 20 Jan 2014 20:57:17 +0100 (CET) Subject: Infiltration/Exfiltration Message-ID: On 01/20/2014 09:17 AM, John Young wrote: > This how Cryptome got its first contributions from this cave. And > still does along with a long list of others. WikiLeaks and Snowden > the best yelled about, but far from disclosing the most information > which is done quietly and without "batshit" hyperbole and vulgar > braggardy. I'm talking about something slightly different here. With most of the information on Cryptome, it looks like someone came across some information and decided to exfiltrate it. They probably weren't deliberately looking for it or had joined the agency for the specific purpose of having access to and leaking such information. In this case, I'm talking about actual infiltration: going in with the explicit purpose of betraying the secrecy of the organization and getting valuable data out of it. > Claims of needing journalism and slow drips to hold public attention > are merely monetizing justifications. Biblical fundamentalism. I too wish the leaks would come at a faster pace. But I don't think Snowden posting the leaks to, say, an FTP server somewhere would have got any response. There are too many leaks with too much technical jargon. Joe Average would have given up after the first four pages. What the Guardian and other media outlets are doing is making the information more accessible to people. I wish they'd do it more quickly, yes, but I do think there is some value in what they're doing. > And may be much worse, as in the Snowden case, a rationale > for not releasing information except to a few selected abusers, > journalistic, technical and political "freedom of informaton." In > the bogosity of "doing no harm to national security" just like > secretkeepers who use that exact lingo. I'll admit here that I am not someone who believes that there should be no secrets. I do believe keeping certain things secret, at least for a little while, has value. But those things should respect civil and human rights and adhere to the principles of the Constitution. In too many cases, Snowden and Ellsberg being prime examples, official secrecy was used for no other reason than to cover up wrongdoing. The "national security" bullshit was just that - bullshit because they could. That's why I think we need more deliberate infiltrators. People who are well versed in the Constitution with a strong bend for civil and human rights. People who don't buy into the bullshit but also see value in some of the work being done. Someone who can filter through that and find what needs to be exposed while still protecting what shouldn't be. From grarpamp at gmail.com Mon Jan 20 18:05:34 2014 From: grarpamp at gmail.com (grarpamp) Date: Mon, 20 Jan 2014 21:05:34 -0500 Subject: Infiltration / Exfiltration In-Reply-To: <1390256998.65860.YahooMailNeo@web164601.mail.gq1.yahoo.com> References: <0e3dc88e757ed0fda36f0d945c44253f@remailer.privacy.at> <1390256998.65860.YahooMailNeo@web164601.mail.gq1.yahoo.com> Message-ID: On Mon, Jan 20, 2014 at 5:29 PM, Jim Bell wrote: > somehow add additional inducement: To reward them for exposing that > government. If Snowden or Manning, or both, get a well-publicized $5 > million reward, that would invigorate a lot of similar people to do similar And interesting idea to be sure. Though while you could easily enough verifiy the data/leaker and arrange payment semantics, there does not at this moment seem to exists a suitably anonymous pay system for even $100kUSD other than a briefcase in the woods, bitcoin appears to be balance trackable at that level and it's useless to the leaker if they can't deposit or draw on it. From jamesdbell8 at yahoo.com Mon Jan 20 21:06:49 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Mon, 20 Jan 2014 21:06:49 -0800 (PST) Subject: [OT] Note to new-ish subscribers: you joined a mailing list, not a "group". (fwd) In-Reply-To: <149CBD8B-A1D9-4524-83FC-5D7DB662EEAA@gmail.com> References: <149CBD8B-A1D9-4524-83FC-5D7DB662EEAA@gmail.com> Message-ID: <1390280809.39967.YahooMailNeo@web164601.mail.gq1.yahoo.com> From: Philip Shaw To: J.A. Terranson Cc: cpunks Sent: Monday, January 20, 2014 8:28 PM Subject: Re: [OT] Note to new-ish subscribers: you joined a mailing list, not a "group". (fwd) On 21 Jan 2014, at 12:47 , J.A. Terranson wrote: >> Telecom/NSA/*retroactive immunity* ring a bell? >Retroactive acquittal is relatively OK - it is a good thing when applied to the people, for example people have been campaigning for a long time to get all British sodomy convictions >quashed even though everyone has now been released, so we more or less have to accept that it *can* be used to clear government agents too, even if politically we shouldn’t approve >(at least in specific cases). (For criminal matters, in many jurisdictions the government can simply refuse to prosecute cases against its agents and private prosecutions aren’t permitted >in some places, so it doesn’t create any new danger to the public.) >Retroactive indictment is the problem, and is far more dangerous. Au contraire!  A good argument can be made that retroactive acquittal (more precisely, in this case, retroactive civil immunity of corporations) is a violation of the 14th Amendment to the U.S. Constitution, which says in relevant part:   Section 1. All persons born or naturalized in the United States, and subject to the jurisdiction thereof, are citizens of the United States and of the State wherein they reside. No State shall make or enforce any law which shall abridge the privileges or immunities of citizens of the United States; nor shall any State deprive any person of life, liberty, or property, without due process of law;_nor deny to any person within its jurisdiction the equal protection of the laws_. If people were supposed to be protected by the law in question, and once it was found out that the corporations were violating it (worse, doing that on behalf of the government!) then to give those corporations retroactive civil immunity amounts to denying the public that protection the law ostensibly was intended to provide.       Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3176 bytes Desc: not available URL: From grarpamp at gmail.com Mon Jan 20 18:19:48 2014 From: grarpamp at gmail.com (grarpamp) Date: Mon, 20 Jan 2014 21:19:48 -0500 Subject: CDRv2 discussion (was: Re: Al-qaeda.net deprecated) In-Reply-To: <20140120174842.GA1034@antiproton.jfet.org> References: <20140119181507.GA22336@antiproton.jfet.org> <1390174697.11793.72791097.3940EAF2@webmail.messagingengine.com> <20140120004239.4E674F6E6@a-pb-sasl-quonix.pobox.com> <20140120174842.GA1034@antiproton.jfet.org> Message-ID: Some notes... - Some subset of nodes should commit to carrying all messages - Consider instead deploying NNTP via Diablo with a list of current readers and a howto on each of the splash pages. Don't try to tell me cypherpunks cant grok this. Certainly you can DSPAM/spamassasin/moderate and all other things with this too. - Or a hash based interchange backend? ie: message body synchronization between nodes. Mail is ugly, see nntp above. - Umm, mailbox/maildir/nntp archives from day one, please, seriously. From bill.stewart at pobox.com Mon Jan 20 22:02:54 2014 From: bill.stewart at pobox.com (Bill Stewart) Date: Mon, 20 Jan 2014 22:02:54 -0800 Subject: bitcoin In-Reply-To: <20090126223438.GQ11544@leitl.org> References: <20090126223438.GQ11544@leitl.org> Message-ID: <20140121060536.14B311027D@a-pb-sasl-quonix.pobox.com> My email client is set to sort messages by date but group them by Subject: line. I just happened to notice the following message at the top of a recent conversation: At 02:34 PM 1/26/2009, Eugen Leitl wrote: > Anyone is running it? > Any coins yet? > Anyone having more than 4 connections? I'm not sure the port > forwarding on the firewall worked. So five years later, bitcoins are a thing, and I hope Eugen mined a bunch of them when they were easy. I recently tried installing a Dogecoin wallet and miner on a spare lab machine at work. Dogecoin's a really non-serious Litecoin variant that's mostly not worth anything (something like US$0.0001 - Wow, such coins!), mainly used for tipping authors of Reddit articles about cryptocurrencies, and I figured it would be ok to run it for experimentation because its near-zero value doesn't count as "using work resources to make money" (Wow! Much electrons!) I've found a couple of interesting things running it. - Litecoin uses scrypt, which was designed to not fit into ASICs or GPUs, so people with regular PCs could still mine it, without being crowded out by commercial miners. It turns out that people have figured out how to fit it into GPUs, which still run about 10-100 times as fast as CPU mining, so if I wanted to actually make money mining $25 Litecoins I should buy a $100 graphics card; it's not worth it for Dogecoins. (Woof!) - The spare desktop lab machine has Intel 965 motherboard graphics GPU; there don't seem to be any miners for it, unlike the AMD and nVidia GPUs, so it's only running CPU mining. Ok for Doge chow - much coins! - While running background CPU-burning number-crunchers on a laptop is probably just as bad an idea today as it was when I was crunching Mersenne primes in the 90s, because of heat and battery problems, I haven't been able to verify whether that's still true today. My work laptop has an nVidia GPU, but not one of the high-end ones, and an 8-core i7 CPU, and McAfee Anti-Virus seems to think the mining programs are malware, so I haven't been able to test either one with binaries; maybe it'll let me run it if I compile the source myself. - The network security people at work contacted me :-) The firewall thinks Port 22556 is some kind of botnet, and they got hits from my lab machine to random countries around the world. After running anti-virus to make them happy, I checked tcpdump, and Dogewallet-qt uses that port to stay on the net and send and receive money; turning it on and off turns traffic to that port on and off. I'll have to check the source code and verify it, but I'm assuming it's on purpose, rather than a malicious binary distributed by the official Dogecoin site or one I picked up by accident. The miner doesn't have that issue - I'm using it with a mining pool, talking to one server over a fairly standard port. So *coin runs over a distributed service that looks a lot like a botnet. Makes sense, I guess. From grarpamp at gmail.com Mon Jan 20 19:07:58 2014 From: grarpamp at gmail.com (grarpamp) Date: Mon, 20 Jan 2014 22:07:58 -0500 Subject: "the ability of the government to go back to taps collected years earlier to look for material with which to influence potential witnesses in the present" In-Reply-To: <7603511.i9NAaKBNfX@lap> References: <20140120000018.5B373F53B@a-pb-sasl-quonix.pobox.com> <7603511.i9NAaKBNfX@lap> Message-ID: > Corp? Are you implying that corporations are on "our" side of > this? No, they're not, except any kind thoughts of their boards, they are only on the money side. However in most places they are separate from government and thus not have always same interests aligned with govts, ie: are in competition with govts. And since 'we' feed corps their existance money just like we feed govts, they are in part behold to us same as are to govt. It is a three way symbiot. And right now corp is pissed at govt for causing their user contracts to breach and sales to go down. So we should jump like fly on shit on that angle to beside corp to ourselves while we can to use them that way against govt. Need remind you to replace Tor hat with IBM hat, it be same effect. https://bayimg.com/BAfJGAafB > Once corporations get 1. plausible deniability; 2. legal indemnification, 3. funding From grarpamp at gmail.com Mon Jan 20 19:30:48 2014 From: grarpamp at gmail.com (grarpamp) Date: Mon, 20 Jan 2014 22:30:48 -0500 Subject: CDRv2 discussion (was: Re: Al-qaeda.net deprecated) In-Reply-To: References: <20140119181507.GA22336@antiproton.jfet.org> <1390174697.11793.72791097.3940EAF2@webmail.messagingengine.com> <20140120004239.4E674F6E6@a-pb-sasl-quonix.pobox.com> <20140120174842.GA1034@antiproton.jfet.org> Message-ID: On Mon, Jan 20, 2014 at 9:16 PM, J.A. Terranson wrote: >> - Some subset of nodes should commit to carrying all messages > > Thats going to be strictly up the node owners. I mean ethically someone should do it. But unless a filtering node agrees to forward messages filtered from its own list through its backend and out to all the other nodes for them to make their own choices, there will be holes... unless a user cross posts. A node committed to carrying all user posted messages should advertise itself as such. Similarly for carrying all backend received messages. carries posted: yes/no carries backend: yes/no despam mechanism [posted/backend]: describe here moderation [posted/backend]: policy here peers with: who > From an administrative point of view, nntp is a *major* PITA. Been there. I meant to carry one group called cypherpunks. There are even private nntp clouds of their own groups existing in the anon nets. NNTP use does not have to imply 'usenet' connection. > maildirs for every user No, just one for the list. But for that archive use rotated mbox.7z is far better. > then put up a box on a permanent connection I do consider making an archive box. From grarpamp at gmail.com Mon Jan 20 19:34:12 2014 From: grarpamp at gmail.com (grarpamp) Date: Mon, 20 Jan 2014 22:34:12 -0500 Subject: [OT] Note to new-ish subscribers: you joined a mailing list, not a "group". (fwd) In-Reply-To: References: Message-ID: On Mon, Jan 20, 2014 at 9:17 PM, J.A. Terranson wrote: >> > FYI now they make laws that are retroactive to indict - i know of a >> Do you have a citation for those cases? I?m not doubting you, but the > Telecom/NSA/*retroactive immunity* ring a bell? That is effectively retroactive acquittal, not indictment. From grarpamp at gmail.com Mon Jan 20 19:53:58 2014 From: grarpamp at gmail.com (grarpamp) Date: Mon, 20 Jan 2014 22:53:58 -0500 Subject: Infiltration / Exfiltration In-Reply-To: <1390271817.14017.YahooMailNeo@web164602.mail.gq1.yahoo.com> References: <0e3dc88e757ed0fda36f0d945c44253f@remailer.privacy.at> <1390256998.65860.YahooMailNeo@web164601.mail.gq1.yahoo.com> <1390271817.14017.YahooMailNeo@web164602.mail.gq1.yahoo.com> Message-ID: > On Mon, Jan 20, 2014 at 5:29 PM, Jim Bell wrote: >>And interesting idea to be sure. Though while you could easily enough >>verifiy the data/leaker and arrange payment semantics, there does >>not at this moment seem to exists a suitably anonymous pay system >>for even $100kUSD other than a briefcase in the woods, bitcoin appears >>to be balance trackable at that level and it's useless to the leaker if >>they can't deposit or draw on it. > > One obvious problem with "money for leaks" is that, who decides what a given > leak is worth? So, fixed prices are probably out. But, the actual leak can > be posted, and the potential donors will decide what they will give. As I > recall, one problem with the Wikileaks system was that its ability to > collect donations (through credit cards) was impeded. Presumably, Zerocoin > will shortly become available for truly anonymous donations. > But, it occurs to me that even though the leaker should be able to collect > the reward truly anonymously, perhaps it should be documentable the fact > that he/she actually obtained that amount, for the encouragement of future, > potential leakers. Could the donations/rewards go through the > leak-organization in a pseudonymous (at least) fashion, and then be given to > the anonymous leaker, in a way that is documented sufficiently so that > people considering becoming leakers are aware of the actual rewards being > given? I think because you as leak recipient could defraud the leaker of their efforts by unwrapping and placing your own identity stamp on the leak, the leaker would have to publish the leak themselves with their own ID stamp into say a new time-secure blockchain dedicated to leaking. Then the payment board would examine the chain for prior leaks of the same material and award payment to the first such leaker. If for some reason the leaker cannot leak to the chain, such as with inconceivably digitizable/transferable materiel, they must obviously establish the traditional trust mechanisms with their receiving/publishing partner who will enter leaker's leak and ID in such chain as proxy. Deciding what a leak is worth could be done in the usual AP fashion by donating to classes of leaks. Blockchain systems already have some N of M signature requirements to release funds. Zerocoin or some anon payment is still needed. And payment to leakers ID would show up for verification in that system. From jamesdbell8 at yahoo.com Mon Jan 20 22:58:22 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Mon, 20 Jan 2014 22:58:22 -0800 (PST) Subject: Feinstein: NSA Metadata Stays In-Reply-To: References: Message-ID: <1390287502.27879.YahooMailNeo@web164602.mail.gq1.yahoo.com> From: grarpamp >  http://yro.slashdot.org/story/14/01/20/1410221/senator-dianne-feinstein-nsa-metadata-program-here-to-stay ""The Hill reports, 'Senate Intelligence Committee Chairwoman Dianne Feinstein (D-Calif.) predicted Sunday that lawmakers who favored shutting down the bulk collection of telephone metadata would not be successful in their efforts as Congress weighs potential reforms to the nation's controversial intelligence programs. "I don't believe so," Feinstein said during an appearance on NBC's Meet the Press (video). "The president has very clearly said that he wants to keep the capability So I think we would agree with him. I know a dominant majority of the — everybody, virtually, except two or three, on the Senate Intelligence Committee would agree with that." ... "A lot of the privacy people, perhaps, don't understand that we still occupy the role of the Great Satan. New bombs are being devised. New terrorists are emerging, new groups, actually, a new level of viciousness," Feinstein said. "We need to be prepared. I think we need to do it in a way that respects people's privacy rights."'"" In other words, "We need to violate people's privacy rights in a way that respects people's privacy rights."          Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2150 bytes Desc: not available URL: From s at ctrlc.hu Mon Jan 20 14:29:40 2014 From: s at ctrlc.hu (stef) Date: Mon, 20 Jan 2014 23:29:40 +0100 Subject: CDRv2 discussion (was: Re: Al-qaeda.net deprecated) In-Reply-To: References: <20140119181507.GA22336@antiproton.jfet.org> <1390174697.11793.72791097.3940EAF2@webmail.messagingengine.com> <20140120004239.4E674F6E6@a-pb-sasl-quonix.pobox.com> <20140120174842.GA1034@antiproton.jfet.org> Message-ID: <20140120222940.GT7008@ctrlc.hu> On Mon, Jan 20, 2014 at 12:48:10PM -0600, J.A. Terranson wrote: > I think a two-way broadcast repeater is the answer: > > Everyone sends to the node of their choice, the node sends to a > broadcast repeater that knows the source, and sends to everyone else, > after stipping any mailman specific things like tags, etc. The down side > to this kind of dumb repeater is in the case of outages - the repeater > will not know (or would it? I need to look at this in postfix) what to > forward. > > I think the key is getting the incoming emails to the repeater *prior* to > mailman intervention. maybe lamson/librelist with some changes in front of postfix is exactly what you're looking for -- pgp: https://www.ctrlc.hu/~stef/stef.gpg pgp fp: FD52 DABD 5224 7F9C 63C6 3C12 FC97 D29F CA05 57EF otr fp: https://www.ctrlc.hu/~stef/otr.txt From hozer at hozed.org Mon Jan 20 21:29:46 2014 From: hozer at hozed.org (Troy Benjegerdes) Date: Mon, 20 Jan 2014 23:29:46 -0600 Subject: Infiltration/Exfiltration In-Reply-To: References: Message-ID: <20140121052946.GV3180@nl.grid.coop> On Mon, Jan 20, 2014 at 08:57:17PM +0100, Anonymous Remailer (austria) wrote: > > > > On 01/20/2014 09:17 AM, John Young wrote: > > This how Cryptome got its first contributions from this cave. And > > still does along with a long list of others. WikiLeaks and Snowden > > the best yelled about, but far from disclosing the most information > > which is done quietly and without "batshit" hyperbole and vulgar > > braggardy. > > I'm talking about something slightly different here. With most of the > information on Cryptome, it looks like someone came across some > information and decided to exfiltrate it. They probably weren't > deliberately looking for it or had joined the agency for the specific > purpose of having access to and leaking such information. > > In this case, I'm talking about actual infiltration: going in with the > explicit purpose of betraying the secrecy of the organization and > getting valuable data out of it. > > > Claims of needing journalism and slow drips to hold public attention > > are merely monetizing justifications. Biblical fundamentalism. > > I too wish the leaks would come at a faster pace. But I don't think > Snowden posting the leaks to, say, an FTP server somewhere would have > got any response. There are too many leaks with too much technical > jargon. Joe Average would have given up after the first four pages. What > the Guardian and other media outlets are doing is making the information > more accessible to people. I wish they'd do it more quickly, yes, but I > do think there is some value in what they're doing. > > > And may be much worse, as in the Snowden case, a rationale > > for not releasing information except to a few selected abusers, > > journalistic, technical and political "freedom of informaton." In > > the bogosity of "doing no harm to national security" just like > > secretkeepers who use that exact lingo. > > I'll admit here that I am not someone who believes that there should be > no secrets. I do believe keeping certain things secret, at least for a > little while, has value. But those things should respect civil and human > rights and adhere to the principles of the Constitution. In too many > cases, Snowden and Ellsberg being prime examples, official secrecy was > used for no other reason than to cover up wrongdoing. The "national > security" bullshit was just that - bullshit because they could. > > That's why I think we need more deliberate infiltrators. People who are > well versed in the Constitution with a strong bend for civil and human > rights. People who don't buy into the bullshit but also see value in > some of the work being done. Someone who can filter through that and > find what needs to be exposed while still protecting what shouldn't be. Let me posit that we need humans that act more like ethical beings, that have insights that go beyond the logic, rules, and reason that seem to, well, govern the keeping of secrets. I see a disturbing trend towards people who appear to be more human rule-and-emotional-reactivity execution units than empowered beings with free and unpredictable thought and discernment. The great thing that Snowden did was get more of the general public engaged and involved, and for the various types of infiltrators to have any lasting effect, there must be cypherpoliticians, architecting secure legal codes and blocking legislative trojans. Assassination Politics is an interesting armchair quarterback game, but I think what we really need is some of that theory applied to Election politics, with some down-in-the dirt wrestling with campaign finance. We need cypherpunks pointing out the futility of more reactive campaign finance regulations that plug the holes we saw last year. We need speech, and code as speech, and a debate about does the First Amendment cover the right to speak in code, and does the Second Amendment give us the right to keep and bear a well-regulated open-source drone Militia? Get the public engaged and involved again, and run for office, or go work for a campaign an do some analytics, and tell us the state-of-the art in modern election engineering. From carimachet at gmail.com Mon Jan 20 14:46:15 2014 From: carimachet at gmail.com (Cari Machet) Date: Mon, 20 Jan 2014 23:46:15 +0100 Subject: Infiltration / Exfiltration In-Reply-To: <1390256998.65860.YahooMailNeo@web164601.mail.gq1.yahoo.com> References: <0e3dc88e757ed0fda36f0d945c44253f@remailer.privacy.at> <1390256998.65860.YahooMailNeo@web164601.mail.gq1.yahoo.com> Message-ID: On Mon, Jan 20, 2014 at 11:29 PM, Jim Bell wrote: > > Obviously, this is a well-meaning idea. However, I wonder how 'efficient' > such a tactic would be. It might take years for a person to get into a > position to be able to obtain and leak information. And, the longer a > 'mole' stays, the more he will become dependant on that government. And, > let's not fall into the trap of assuming that everyone who works for a > government agrees with the policies and practices of that government. If > we guesstimate that 1% of (current) government employees would be > sufficiently unhappy to do such leaks, > right you ask the ones already in to act exactly and there have been 'a lot' lately relatively speaking... i think also a major problem in this is getting caught esp after the snowden thing they are (probably) hyper vigilant - though i am sure sloppy as hell still... as they are want to be also do note that whistleblowers often go to their managers and higher ups and complain about the government breech and no one listens so... it is a very long process > If Snowden or Manning, or both, get a well-publicized $5 million reward, > that would invigorate a lot of similar people to do similar things. What's > desirable would be a kind of anonymous reward system to allow ordinary > people to reward the leakers. > thats an amazing idea > I haven't read enough about the origins of Wikileaks to know whether > such a system was ever contemplated. > Jim Bell > > hahahhah thats a funny one you understand he pledged a mere 100,000 to mannings defense [just his defense not him] then gave 15,000 -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4141 bytes Desc: not available URL: From grarpamp at gmail.com Mon Jan 20 21:20:30 2014 From: grarpamp at gmail.com (grarpamp) Date: Tue, 21 Jan 2014 00:20:30 -0500 Subject: cypherpunks buy the farm In-Reply-To: References: Message-ID: On Mon, Jan 20, 2014 at 1:28 AM, coderman wrote: >> yes, this is a euphamism > https://en.wikipedia.org/wiki/Buy_the_farm http://www.youtube.com/watch?v=o25I2fzFGoY From steve at secretvolcanobase.org Mon Jan 20 16:34:12 2014 From: steve at secretvolcanobase.org (Steve Jones) Date: Tue, 21 Jan 2014 00:34:12 +0000 Subject: bitcoin In-Reply-To: <52DDAD0A.6010801@echeque.com> References: <20140120102514.449c9214@steves-laptop> <52DDAD0A.6010801@echeque.com> Message-ID: <20140121003412.1626bbed@steves-laptop> On Tue, 21 Jan 2014 09:11:06 +1000 "James A. Donald" wrote: > On 2014-01-20 23:37, Kelly John Rose wrote: > > Bitcoin is a cryptocurrency, the free and democratic world has > > aircraft carriers, tanks and cruise missiles. > > As I said before, there are too many people in the ruling elite, and > they do not like or trust each other. This is just nonsense. The political elite can easily rely on their footsoldiers to enforce the law, and the law is what they say it is. They're wise enough to praise the armed forces frequently and raise enough budget to ensure their well-being as to keep them as an effective force for repressing the masses. Only when a concept has sufficient popular support that the masses strength of numbers becomes embarrassing will the military not obey the elite. Look at Occupy, they didn't even have to break out the military for that one. Now consider the massive support bicoin has; oh wait, it's almost non-existent in comparison. -- Steve Jones Key fingerprint: 3550 BFC8 D7BA 4286 0FBC 4272 2AC8 A680 7167 C896 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: not available URL: From grarpamp at gmail.com Mon Jan 20 21:56:56 2014 From: grarpamp at gmail.com (grarpamp) Date: Tue, 21 Jan 2014 00:56:56 -0500 Subject: [OT] Note to new-ish subscribers: you joined a mailing list, not a "group". (fwd) In-Reply-To: <1390280809.39967.YahooMailNeo@web164601.mail.gq1.yahoo.com> References: <149CBD8B-A1D9-4524-83FC-5D7DB662EEAA@gmail.com> <1390280809.39967.YahooMailNeo@web164601.mail.gq1.yahoo.com> Message-ID: On Tue, Jan 21, 2014 at 12:06 AM, Jim Bell wrote: > From: Philip Shaw > On 21 Jan 2014, at 12:47 , J.A. Terranson wrote: >> in specific cases). (For criminal matters, in many jurisdictions the >> government can simply refuse to prosecute cases against its agents and >> private prosecutions aren’t permitted in some places Particularly regarding the US, in what places are such prosecutions or prosecutors permitted? >>> Telecom/NSA/*retroactive immunity* ring a bell? >>Retroactive acquittal is relatively OK - it is a good thing when applied to >>Retroactive indictment is the problem, and is far more dangerous. > > Au contraire! A good argument can be made that retroactive acquittal (more > precisely, in this case, retroactive civil immunity of corporations) is a > violation of the 14th Amendment to the U.S. Constitution, which says in > relevant part: > > Section 1. All persons born or naturalized in the United States, and > subject to the jurisdiction thereof, are citizens of the United States and > of the State wherein they reside. No State shall make or enforce any law > which shall abridge the privileges or immunities of citizens of the United > States; nor shall any State deprive any person of life, liberty, or > property, without due process of law; _nor deny to any person within its > jurisdiction the equal protection of the laws_. > > If people were supposed to be protected by the law in question, and once it > was found out that the corporations were violating it (worse, doing that on > behalf of the government!) then to give those corporations retroactive civil > immunity amounts to denying the public that protection the law ostensibly > was intended to provide. The quote refers to the States doing the making/enforcing of abridging, the depriving, and the denying regarding fed law, or other state's laws as applicable. I believe telecom/nsa immunity happened only at the federal level, eg: fed wiretap law. (ie: The would be equal blanket protection of fed law was duly wiped out at the fed level, leaving suing AT&T in state court under state wiretap law as your only remaining option.) From grarpamp at gmail.com Mon Jan 20 22:38:51 2014 From: grarpamp at gmail.com (grarpamp) Date: Tue, 21 Jan 2014 01:38:51 -0500 Subject: Feinstein: NSA Metadata Stays Message-ID: http://yro.slashdot.org/story/14/01/20/1410221/senator-dianne-feinstein-nsa-metadata-program-here-to-stay From s at ctrlc.hu Mon Jan 20 16:39:24 2014 From: s at ctrlc.hu (stef) Date: Tue, 21 Jan 2014 01:39:24 +0100 Subject: consistent pcp/pbp formats (was: Curve p25519 Replacements for GnuPG?(x2 now) ..) In-Reply-To: References: <20140114111653.GD3900@r4> <20140115093443.GE3900@r4> <20140115134145.GF3900@r4> Message-ID: <20140121003924.GU7008@ctrlc.hu> howdy, On Mon, Jan 20, 2014 at 03:13:42PM +0400, Yuriy Kaminskiy wrote: > FWIW, I quickly looked at pbp [python? hate-hate-hate], it apparently has nearly > same design defect: it uses long-term curve25519 keypair for message encryption. does it? actually pbp generates a symmetric key, which is encrypted to the recipients encryption public key. btw, pbp creates 3 keys for each id, one long-term master for key-signing only, and two sub-keys one for encryption and one for generic signing. the encryption subkey is only used for the encryption of the message key. is that a problem? isn't that how pgp does it? > Unlike pcp, it does not include sender identification in message, receiver must > try all public keys in her keyring. this is mostly a problem only for verifying signatures, in a keyring with lots of public keys. but the operation is only on the hash of the message. for encryption this is neither so much a problem as traditionally the number of private keys one person holds is manageable. however even in these cases the wrong key is detected after decoding the message key, which again is a 32 byte ciphertext. so i don't expect this to be very slow. if this really becomes a problem you can start pbp with different home directories using the --basedir param. > Which have advantage of not leaking sender identity to eavesdropper, but > waste a lot of CPU on receiver side (as your keyring grows), indeed. but that was one of the design goals, to fix the problem openpgp being a strong selector and low hanging fruit in all forensic tools. i'm very happy to spend some cpu cycles on locating the right key if it means the adversary has a higher computational effort than me. > and receiver also cannot search sender identity by keyid on [hypothetical] > keyserver. indeed, this need has not been addressed yet. > Hmm? You cannot fix (1), (2), (3), (4) without using single-use keypair by > sender side. So, of course, it makes sense. Single-use keypair on receiver > side would be nice (PFS!), but it is not possible in store-and-forward. i would be delighted to hear your commentary on https://raw.github.com/stef/pbp/master/doc/chaining-dh.txt > > Really? I'll try it, but if this is the case, then it's bad indeed. > > That's how (any) DH works? You generate common secret from one side public key > and other side private key? in the nacl implementation i believe something like this happens: P_a and S_b, as well as on the other side S_a and P_b are used in a ECDH secret derivation, which then is passed through hsalsa20 to derive the key, then this shared secret is used as a key for a salsa20xpoly1305 authenticating stream algo, that also needs a 32 byte nonce for encryption. so indeed both sides can decrypt the message encrypted to the other in this scheme. all this of course is overly simplified you can find the details on pp15 http://cr.yp.to/highspeed/naclcrypto-20090310.pdf cheers,s -- pgp: https://www.ctrlc.hu/~stef/stef.gpg pgp fp: FD52 DABD 5224 7F9C 63C6 3C12 FC97 D29F CA05 57EF otr fp: https://www.ctrlc.hu/~stef/otr.txt From s at ctrlc.hu Mon Jan 20 16:44:29 2014 From: s at ctrlc.hu (stef) Date: Tue, 21 Jan 2014 01:44:29 +0100 Subject: consistent pcp/pbp formats (was: Curve p25519 Replacements for GnuPG?(x2 now) ..) In-Reply-To: <20140121003924.GU7008@ctrlc.hu> References: <20140114111653.GD3900@r4> <20140115093443.GE3900@r4> <20140115134145.GF3900@r4> <20140121003924.GU7008@ctrlc.hu> Message-ID: <20140121004429.GW7008@ctrlc.hu> On Tue, Jan 21, 2014 at 01:39:24AM +0100, stef wrote: > does it? actually pbp generates a symmetric key, which is encrypted to the > recipients encryption public key. this is two step encryption is only necessary to allow sending the same message to multiple recipients. otherwise i believe the crypto_secretbox way is the way to go if you are strictly 1-to-1 communicating. -- pgp: https://www.ctrlc.hu/~stef/stef.gpg pgp fp: FD52 DABD 5224 7F9C 63C6 3C12 FC97 D29F CA05 57EF otr fp: https://www.ctrlc.hu/~stef/otr.txt From jamesd at echeque.com Mon Jan 20 15:11:06 2014 From: jamesd at echeque.com (James A. Donald) Date: Tue, 21 Jan 2014 09:11:06 +1000 Subject: bitcoin In-Reply-To: References: <20140120102514.449c9214@steves-laptop> Message-ID: <52DDAD0A.6010801@echeque.com> On 2014-01-20 23:37, Kelly John Rose wrote: > Bitcoin is a cryptocurrency, the free and democratic world has > aircraft carriers, tanks and cruise missiles. The Blue empire is in a state of not quite peace and proxy war with the red empire. If the blue empire wants to suppress Bitcoin, it will not trust the red empire to do it. The Red empire probably will not want to suppress bitcoin. We are seeing a similar disagreement between the red empire and the blue empire on "asylum seekers" - code word for colored illegal immigrants headed to white countries other than North America. The reason the blue empire is destroying the morale and cohesion of the US military forces is that it is more afraid of those forces than it is of external enemies. As I said before, there are too many people in the ruling elite, and they do not like or trust each other. From measl at mfn.org Tue Jan 21 08:52:49 2014 From: measl at mfn.org (J.A. Terranson) Date: Tue, 21 Jan 2014 10:52:49 -0600 (CST) Subject: [OT] Note to new-ish subscribers: you joined a mailing list, not a "group". (fwd) In-Reply-To: References: Message-ID: On Mon, 20 Jan 2014, grarpamp wrote: > Date: Mon, 20 Jan 2014 22:34:12 -0500 > From: grarpamp > To: cpunks > Subject: Re: [OT] Note to new-ish subscribers: you joined a mailing list, > not a "group". (fwd) > > On Mon, Jan 20, 2014 at 9:17 PM, J.A. Terranson wrote: > >> > FYI now they make laws that are retroactive to indict - i know of a > >> Do you have a citation for those cases? I?m not doubting you, but the > > Telecom/NSA/*retroactive immunity* ring a bell? > > That is effectively retroactive acquittal, not indictment. The constitution speaks of ex-post facto LAW, not aquittal law nor indictment law. That aside, I was personally found guilty of breaking a law that was not on the books at the time I was supposed to have committed the "crime", although it *was* on the books by the time I went to trial. Yes, I could have beat it on appeal, but it would have been so costly as to make it unworthy of the effort since I was "sententenced" to an "SIS" - something that may just be a local thing (since I've not heard the term anywhere else), or maybe it was just coming into use at the time (~1985). "SIS" ("Suspended Imposition of Sentence") - pay the fine, and don't get rearrested in the following six months, and the arrest, charge, and "conviction" gets vacated and "expunged"[1]. //Alif [1] "Expunged" it turns out is not used in the standard English way we all assume it is: the incident shows up as a "sealed criminal record", which can be (and has on more than one occasion since then) opened during any subsequent criminal proceeding and used against you for "showing a pattern of criminal behaviour" as well as for sentencing "points". "Expunged" my ass! Had this been explained to me by my so-called lawyer, I would have gone ahead with the [outrageously expensive] appeal of my $1,500 fine. -- Those who make peaceful change impossible, make violent revolution inevitable. An American Spring is coming: one way or another. From tom at vondein.org Tue Jan 21 02:10:57 2014 From: tom at vondein.org (Thomas von Dein) Date: Tue, 21 Jan 2014 11:10:57 +0100 Subject: consistent pcp/pbp formats (was: Curve p25519 Replacements for GnuPG?(x2 now) ..) In-Reply-To: References: <20140114111653.GD3900@r4> <20140115093443.GE3900@r4> <20140115134145.GF3900@r4> <20140120133104.GL3900@r4> Message-ID: <20140121101057.GO3900@r4> Yuriy, On Tue, Jan 21, 2014 at 01:32:23PM +0400, Yuriy Kaminskiy wrote: > Correct format should be: > 6[1]|temp_keypair.pubkey|len(recipients)[4]|(recipients...)|(secretboxes...) Let me recap to see if I really got it right: the sender does: - generate a random single-use keypair - generate a random secretbox key - secretbox the message 32k-wise with the former - box that key for each recipient - put into the output the cipher, the recipient stuff and the public key part of the random single-use keypair Is that right? So, in order to communicate with someone, only user A has to publish her public key. User B takes it, box()es a message for her, puts his (random) pk into it and sends it. A then uses the public key included in the message plus her own secret key, decrypts the message and drops B's public key afterwards. Because, usually with curve25519 both A and B had to exchange their public keys in advance to be able to communicate. The scheme above makes it a lot easier for users but is it sufficient securitywise? best, Tom -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hozer at hozed.org Tue Jan 21 09:11:23 2014 From: hozer at hozed.org (Troy Benjegerdes) Date: Tue, 21 Jan 2014 11:11:23 -0600 Subject: cypherpunks buy the farm In-Reply-To: References: Message-ID: <20140121171123.GW3180@nl.grid.coop> On Sun, Jan 19, 2014 at 10:24:39PM -0800, coderman wrote: > On Sun, Jan 19, 2014 at 9:57 PM, coderman wrote: > > ... cypherpunks who "buy the farm" > > > yes, this is a euphamism for cypherpunks get dead. ... not sure i > sent Death[0] that CTCP_FU while the anonymous VPN was up; damnit > session timeout and re-keying, why do you happen at the worst possible > time?!? And here I was thinking we were talking about signing your life away to be owned by some land and take on the task of surviving in a market that is more often than not pays below what it costs to grow the product. I suppose that's why they call it 'buy the farm', the only way a true farmer retires is having a date with Death[1] OT: Have we turned into cyphergoths here? Not that I'm complaining, I do like a woman in Black. > return path half-RTT makes me concerned. i'm sure it's cool. right? > > it was only one packet... > > > --- > > > --- > > 0. this my petname for her[1] of course; the ORCHIDv6 he gave me to > peer up of course totally useless from your perspective. > > 1. she[2] is most comfortable as that grade school geeky girl better > in math and science by elementary than you ever got post high school. > she's a modest and unremarkable creature with the power to kill > everyone and the desire to harm no one. > > 2. btw, conventional studies indicate gender is a fluid spectrum of > being as a sexual entity / ego. i'm afraid this is still a very > rudimentary and crude endeavor. it appears my primary dipole cranial > antenna has been recessed to attenuate incoming frequencies; this > alteration of input stimulus driving unanticipated and unpredictable > changes in behavior and disposition. i may have self inflicted > rational compromise; please use caution when adjusting control loop > valves as runaways and strong attractors without active fail-safe is > certain stasis! > > 3. is the last of the first primes. don't discriminate against the > unit! end singleton oppression! From hozer at hozed.org Tue Jan 21 09:18:48 2014 From: hozer at hozed.org (Troy Benjegerdes) Date: Tue, 21 Jan 2014 11:18:48 -0600 Subject: Feinstein: NSA Metadata Stays In-Reply-To: <1390287502.27879.YahooMailNeo@web164602.mail.gq1.yahoo.com> References: <1390287502.27879.YahooMailNeo@web164602.mail.gq1.yahoo.com> Message-ID: <20140121171848.GX3180@nl.grid.coop> On Mon, Jan 20, 2014 at 10:58:22PM -0800, Jim Bell wrote: > From: grarpamp > > >  http://yro.slashdot.org/story/14/01/20/1410221/senator-dianne-feinstein-nsa-metadata-program-here-to-stay > > > ""The Hill reports, 'Senate Intelligence Committee Chairwoman Dianne Feinstein (D-Calif.) predicted Sunday that lawmakers who favored shutting down the bulk collection of telephone metadata would not be successful in their efforts as Congress weighs potential reforms to the nation's > controversial intelligence programs. "I don't believe so," Feinstein > said during an appearance on NBC's Meet the Press (video). "The president has very clearly said that he wants to keep the capability So I think we would agree with him. I know a dominant > majority of the — everybody, virtually, except two or three, on the > Senate Intelligence Committee would agree with that." ... "A lot of the > privacy people, perhaps, don't understand that we still occupy the role > of the Great Satan. New bombs are being devised. New terrorists are > emerging, new groups, actually, a new level of viciousness," Feinstein > said. "We need to be prepared. I think we need to do it in a way that > respects people's privacy rights."'"" > > In other words, "We need to violate people's privacy rights in a way that respects people's privacy rights." > >          Jim Bell Translation: New political parties threaten the Demopublican/Republicrat Duopoly, and we must protect the elite from any and all LibertiGeenian threats to the AmeriKan panopticon. Fortunately, the peddlers in the currency of Fear do not seem to be able to comprehend those who know not the fear of disclosure, and encourage the light of day to dark smoky rooms. From jamesdbell8 at yahoo.com Tue Jan 21 11:22:19 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Tue, 21 Jan 2014 11:22:19 -0800 (PST) Subject: [OT] Note to new-ish subscribers: you joined a mailing list, not a "group". (fwd) In-Reply-To: References: Message-ID: <1390332139.24220.YahooMailNeo@web164601.mail.gq1.yahoo.com> From: J.A. Terranson To: grarpamp On Mon, 20 Jan 2014, grarpamp wrote: >> Date: Mon, 20 Jan 2014 22:34:12 -0500 >> From: grarpamp >> To: cpunks >> Subject: Re: [OT] Note to new-ish subscribers: you joined a mailing list, >>    not a "group". (fwd) >> >> On Mon, Jan 20, 2014 at 9:17 PM, J.A. Terranson wrote: >> >> > FYI now they make laws that are retroactive to indict - i know of a >> >> Do you have a citation for those cases? I?m not doubting you, but the >> > Telecom/NSA/*retroactive immunity* ring a bell? >> >> That is effectively retroactive acquittal, not indictment. [...] >[1] "Expunged" it turns out is not used in the standard English way we all >assume it is: the incident shows up as a "sealed criminal record", which >can be (and has on more than one occasion since then) opened during any >subsequent criminal proceeding and used against you for "showing a pattern >of criminal behaviour" as well as for sentencing "points". "Expunged" my >ass!  Had this been explained to me by my so-called lawyer, I would have >gone ahead with the [outrageously expensive] appeal of my $1,500 fine. In prison, there is a joke:    "Suppose you find yourself on an elevator with your judge, your prosecutor, and your lawyer, and you have a gun with two bullets.  What would you do?  Answer, 'I'd shoot my lawyer TWICE to make sure the fucker is dead!!!'"      Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3104 bytes Desc: not available URL: From s at ctrlc.hu Tue Jan 21 02:31:59 2014 From: s at ctrlc.hu (stef) Date: Tue, 21 Jan 2014 11:31:59 +0100 Subject: consistent pcp/pbp formats (was: Curve p25519 Replacements for GnuPG?(x2 now) ..) In-Reply-To: <20140121101057.GO3900@r4> References: <20140114111653.GD3900@r4> <20140115093443.GE3900@r4> <20140115134145.GF3900@r4> <20140120133104.GL3900@r4> <20140121101057.GO3900@r4> Message-ID: <20140121103159.GM7008@ctrlc.hu> On Tue, Jan 21, 2014 at 11:10:57AM +0100, Thomas von Dein wrote: > Because, usually with curve25519 both A and B had to exchange their > public keys in advance to be able to communicate. The scheme above makes > it a lot easier for users but is it sufficient securitywise? the problem is you cannot be sure who the sender of the msg is, it might be a mitm. -- pgp: https://www.ctrlc.hu/~stef/stef.gpg pgp fp: FD52 DABD 5224 7F9C 63C6 3C12 FC97 D29F CA05 57EF otr fp: https://www.ctrlc.hu/~stef/otr.txt From s at ctrlc.hu Tue Jan 21 02:37:28 2014 From: s at ctrlc.hu (stef) Date: Tue, 21 Jan 2014 11:37:28 +0100 Subject: consistent pcp/pbp formats (was: Curve p25519 Replacements for GnuPG?(x2 now) ..) In-Reply-To: References: <20140114111653.GD3900@r4> <20140115093443.GE3900@r4> <20140115134145.GF3900@r4> <20140120133104.GL3900@r4> Message-ID: <20140121103727.GO7008@ctrlc.hu> On Tue, Jan 21, 2014 at 01:32:23PM +0400, Yuriy Kaminskiy wrote: > Well, if you look at code, actual format is a bit different: thanks for catching that! > Correct format should be: > 6[1]|temp_keypair.pubkey|len(recipients)[4]|(recipients...)|(secretboxes...) > where recipients is a concatenated list of > random_nonce|box(temp_keypair.privkey, recipient crypto pk, random_nonce, > packet key) i think in this case the temp_keypair.pubkey should actually be signed by the long-term signing key. otherwise it opens up again the trust problem. anyway i don't see immediately why the asym approach is better instead of the sym, as the asym does quite the same as the sym, only the key derivation is different. -- pgp: https://www.ctrlc.hu/~stef/stef.gpg pgp fp: FD52 DABD 5224 7F9C 63C6 3C12 FC97 D29F CA05 57EF otr fp: https://www.ctrlc.hu/~stef/otr.txt From carimachet at gmail.com Tue Jan 21 03:32:15 2014 From: carimachet at gmail.com (cari machet) Date: Tue, 21 Jan 2014 12:32:15 +0100 Subject: [OT] Note to new-ish subscribers: you joined a mailing list, not a "group". (fwd) In-Reply-To: References: Message-ID: On Jan 21, 2014, at 3:11 AM, Philip Shaw wrote: > > On 20 Jan 2014, at 21:38 , Cari Machet wrote: >> >> FYI now they make laws that are retroactive to indict - i know of a case (or 5 actually) where the law was made to indict and convict 2 years after the "crime" yup ppl went to fed prison for years ... seems the breech of the rule of law by the US has come more out of the shadows > > Do you have a citation for those cases? I’m not doubting you, but the legal sophistry to argue that an ex post facto law was constitutional despite the explicit prohibition would be interesting. I’ve heard of cases where higher penalties were applied than existed at the time (which IIRC is banned by the ECHR and possibly the CCPR, although is allowed in the USA and elsewhere), or where statutes of limitations were extended, but a blatant ex post facto law seems surprising. its the shac7 case there were convictions on stalking that were not illegal at the time of the incidents - thats my information from one of the defendants anyway and other laws were never utilized in such a way in order to convict activists or anyone - one law that was over 10 years old was used that had never been utilized in any case and even the name of the law was changed before the case was brought the problem with these kinds of cases is that they set precedent and no one knows about it AND the defendants rarely have the cash to properly fight the case so the system of law becomes flawed - broken From steve at secretvolcanobase.org Tue Jan 21 04:32:17 2014 From: steve at secretvolcanobase.org (Steve Jones) Date: Tue, 21 Jan 2014 12:32:17 +0000 Subject: [OT] Note to new-ish subscribers: you joined a mailing list, not a "group". (fwd) In-Reply-To: <3991396.Fn3xMA343Y@lap> References: <149CBD8B-A1D9-4524-83FC-5D7DB662EEAA@gmail.com> <1390280809.39967.YahooMailNeo@web164601.mail.gq1.yahoo.com> <3991396.Fn3xMA343Y@lap> Message-ID: <20140121123217.1d915ba8@steves-laptop> On Tue, 21 Jan 2014 12:48:46 +0100 rysiek wrote: > Because I'm sure we can agree here that retroactive corporate acquittal is > bullshit and should not happen, under any circumstances. > > And I think we can agree that in some cases *personal* retroactive acquittal > is not a bad idea. Sure the question is whether or not you agree with the conviction? It is possible, theoretically at least, for a corporation to be convicted under a law that is later decided to be unjust. -- Steve Jones Key fingerprint: 3550 BFC8 D7BA 4286 0FBC 4272 2AC8 A680 7167 C896 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: not available URL: From rysiek at hackerspace.pl Tue Jan 21 03:32:53 2014 From: rysiek at hackerspace.pl (rysiek) Date: Tue, 21 Jan 2014 12:32:53 +0100 Subject: Infiltration/Exfiltration In-Reply-To: <20140121052946.GV3180@nl.grid.coop> References: <20140121052946.GV3180@nl.grid.coop> Message-ID: <2446844.lTtSaIMl8d@lap> Dnia poniedziałek, 20 stycznia 2014 23:29:46 Troy Benjegerdes pisze: > Let me posit that we need humans that act more like ethical beings, that > have insights that go beyond the logic, rules, and reason that seem to, > well, govern the keeping of secrets. I see a disturbing trend towards > people who appear to be more human rule-and-emotional-reactivity execution > units than empowered beings with free and unpredictable thought and > discernment. > > The great thing that Snowden did was get more of the general public engaged > and involved, and for the various types of infiltrators to have any lasting > effect, there must be cypherpoliticians, architecting secure legal codes and > blocking legislative trojans. > > Assassination Politics is an interesting armchair quarterback game, but I > think what we really need is some of that theory applied to Election > politics, with some down-in-the dirt wrestling with campaign finance. Oooooh. Oooh. "I just had a brainwave", to quote Chief Inspector Hubbard. How about use the very same mechanism as assassination market, but for voting? Betting on who will win the next election, generally or in a each district, etc? Creating cash incentives not for politicians (well, also, they could bet themselves after all!), but activists, or other people that might help get somebody elected? Pooling resources, but not in a candidate's pocket. > We need cypherpunks pointing out the futility of more reactive campaign > finance regulations that plug the holes we saw last year. We need speech, > and code as speech, and a debate about does the First Amendment cover the > right to speak in code, and does the Second Amendment give us the right to > keep and bear a well-regulated open-source drone Militia? Well, funny thing that. I wrote on it: http://rys.io/en/54 The tl;dr is -- even though traditional RC planes are better-fitted to be used as "terrorist tools" (faster, more load, etc), it's *copters that will get banned first, as they empower people to "watch the watchers". > Get the public engaged and involved again, and run for office, or go work > for a campaign an do some analytics, and tell us the state-of-the art in > modern election engineering. +1 This modus operandi (get involved, get inside, change the game) worked great with blocking software patents in Europe years ago, worked similarly well with blocking ACTA in Europe. Had there been no "our people" in the bowels of the European Parliament, for example, it would be much harder or nigh impossible. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From wahspilihp at gmail.com Mon Jan 20 18:05:45 2014 From: wahspilihp at gmail.com (Philip Shaw) Date: Tue, 21 Jan 2014 12:35:45 +1030 Subject: {}coin: good enough for election politics? In-Reply-To: References: <20140120050132.GQ3180@nl.grid.coop> Message-ID: On 20 Jan 2014, at 21:40 , J.A. Terranson wrote: >> ... and someone better figure out a better way to deal with campaign >> finance or we are all screwed. > > Too late in the US. And with Roberts being such a young guy, expect no > changes for a very, *very*, long time. > >> So I present {}coin, the broken cryptocurrency, neutered of all the >> privacy I can strip out of it, for broken election systems. > > Very bad idea. Allowing the entire planet know your financial > contributions [trail] will lock you out of some employers, lose your job > with still other employers, act as a basis for reputational destruction of > future candidates inder the right [or wrong] conditions, etc. > > The problem I think you are looking to "solve" is *Corporate* > anonymity/pseudonymity. Won't happen under todays paradigm: the *fix* is > to go back to separation of "natural persons" and "Corporate/chartered > persons". The two types of personhood were never designed to be ewuals, > yet her we are. :-( The fundamental problem is that we need to protect the anonymity of the common people supporting minority views, and keep public the rich and powerful’s lobbying and campaign contributions (and avoid having them simply filter money through others to hide their actions). -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 243 bytes Desc: Message signed with OpenPGP using GPGMail URL: From wahspilihp at gmail.com Mon Jan 20 18:11:29 2014 From: wahspilihp at gmail.com (Philip Shaw) Date: Tue, 21 Jan 2014 12:41:29 +1030 Subject: [OT] Note to new-ish subscribers: you joined a mailing list, not a "group". (fwd) In-Reply-To: References: Message-ID: On 20 Jan 2014, at 21:38 , Cari Machet wrote: > > FYI now they make laws that are retroactive to indict - i know of a case (or 5 actually) where the law was made to indict and convict 2 years after the "crime" yup ppl went to fed prison for years ... seems the breech of the rule of law by the US has come more out of the shadows Do you have a citation for those cases? I’m not doubting you, but the legal sophistry to argue that an ex post facto law was constitutional despite the explicit prohibition would be interesting. I’ve heard of cases where higher penalties were applied than existed at the time (which IIRC is banned by the ECHR and possibly the CCPR, although is allowed in the USA and elsewhere), or where statutes of limitations were extended, but a blatant ex post facto law seems surprising. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 243 bytes Desc: Message signed with OpenPGP using GPGMail URL: From gwen at cypherpunks.to Tue Jan 21 12:44:28 2014 From: gwen at cypherpunks.to (gwen hastings) Date: Tue, 21 Jan 2014 12:44:28 -0800 Subject: here you go.(firearms resistant drone bodies ) ..Re: Infiltration/Exfiltration In-Reply-To: <20140121201707.GY3180@nl.grid.coop> References: <20140121052946.GV3180@nl.grid.coop> <2446844.lTtSaIMl8d@lap> <20140121201707.GY3180@nl.grid.coop> Message-ID: <52DEDC2C.3030409@cypherpunks.to> http://www.gameofdrones.biz/ they do their testing with 12 gauges at close range :) gh On 1/21/14 12:17 PM, Troy Benjegerdes wrote: > On Tue, Jan 21, 2014 at 12:32:53PM +0100, rysiek wrote: >> Dnia poniedziałek, 20 stycznia 2014 23:29:46 Troy Benjegerdes pisze: >>> Let me posit that we need humans that act more like ethical beings, that >>> have insights that go beyond the logic, rules, and reason that seem to, >>> well, govern the keeping of secrets. I see a disturbing trend towards >>> people who appear to be more human rule-and-emotional-reactivity execution >>> units than empowered beings with free and unpredictable thought and >>> discernment. >>> >>> The great thing that Snowden did was get more of the general public engaged >>> and involved, and for the various types of infiltrators to have any lasting >>> effect, there must be cypherpoliticians, architecting secure legal codes and >>> blocking legislative trojans. >>> >>> Assassination Politics is an interesting armchair quarterback game, but I >>> think what we really need is some of that theory applied to Election >>> politics, with some down-in-the dirt wrestling with campaign finance. >> >> Oooooh. Oooh. "I just had a brainwave", to quote Chief Inspector Hubbard. >> >> How about use the very same mechanism as assassination market, but for voting? >> Betting on who will win the next election, generally or in a each district, >> etc? Creating cash incentives not for politicians (well, also, they could bet >> themselves after all!), but activists, or other people that might help get >> somebody elected? Pooling resources, but not in a candidate's pocket. > > This is a perfect example of "It's hard to understand something your salary > (or campaign finances) depend on not understanding", cause I never saw this > until you pointed it out. Fortunately I still have a few braincells that fired. > > This is brilliant... Get more money in politics, but in a way the politicians > can never touch it. Oh sure, some will, but they will quickly be strung up > by the 'clean campaigns' lynch mob. > >>> We need cypherpunks pointing out the futility of more reactive campaign >>> finance regulations that plug the holes we saw last year. We need speech, >>> and code as speech, and a debate about does the First Amendment cover the >>> right to speak in code, and does the Second Amendment give us the right to >>> keep and bear a well-regulated open-source drone Militia? >> >> Well, funny thing that. I wrote on it: >> http://rys.io/en/54 >> >> The tl;dr is -- even though traditional RC planes are better-fitted to be used >> as "terrorist tools" (faster, more load, etc), it's *copters that will get >> banned first, as they empower people to "watch the watchers". > > Except I get to play the "Farmers need open-source drones to keep those anti-GMO > terr'ists out" police state card, and watch the competing interests tie themselves > up in knots while activists download the code I use to "Protect America's Food" > > I think I need to have a conversation with my local sheriff and FAA folks on if > 'Stand your Airspace' applies, or if they want to have fun with target practice > if I start seeing undocumented drones. > > I also need a little advance warning to let the rednecks know when drone season > starts, and distribute IFF scopes so they don't shoot down the ones with 1watt > orange warning LEDs that are videotaping the amusement. > > It might be better to have the IFF scope send off a warning laser pulse first and > all drones running released standards-compliant firmware drop out of the sky and > the shooter gets a 'win', and save the kinetics for the drones that don't drop > on request. Points for marked drones, cash for 'illegals', but only if you can > find the flash memory chips. The NSA should probably figure out how to work with > the FBI to make sure they are the highest bidder, in public, on the darknets, > and most importantly, at the local gun/drone shop. > > Drone Registration should consist of posting your make, model, firmware image, > and radio 'handle' on a public website. > > Geez, someone needs to make a game, cartoon, and video game out of this. The > above concept is released to anyone under public domain. Have at it reality TV, > you can call it "Drone Dynasty". Just give me a chance to test the software. > > I just want to send out the drones to check if my crop came up, or if I need > to hook up the cultivator. The rest of this stuff is just a means to get an > industry started to defend my ability to hack the code on my drones. > -- Tentacle #99 ecc public key curve p25519(pcp 0.15) 1l0$WoM5C8z=yeZG7?$]f^Uu8.g>4rf#t^6mfW9(rr910 Governments are instituted among men, deriving their just powers from the consent of the governed, that whenever any form of government becomes destructive of these ends, it is the right of the people to alter or abolish it, and to institute new government, laying its foundation on such principles, and organizing its powers in such form, as to them shall seem most likely to effect their safety and happiness.’ https://github.com/TLINDEN/pcp.git to get pcp(curve25519 cli) https://github.com/stef/pbp.git (curve 25519 python based cli) -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x42AA24D5.asc Type: application/pgp-keys Size: 70878 bytes Desc: not available URL: From rysiek at hackerspace.pl Tue Jan 21 03:45:26 2014 From: rysiek at hackerspace.pl (rysiek) Date: Tue, 21 Jan 2014 12:45:26 +0100 Subject: {}coin: good enough for election politics? In-Reply-To: References: <20140120050132.GQ3180@nl.grid.coop> Message-ID: <4673167.zPLzVVGOnc@lap> Dnia poniedziałek, 20 stycznia 2014 05:10:58 J.A. Terranson pisze: > The problem I think you are looking to "solve" is *Corporate* > anonymity/pseudonymity. Won't happen under todays paradigm: the *fix* is > to go back to separation of "natural persons" and "Corporate/chartered > persons". The two types of personhood were never designed to be ewuals, > yet her we are. :-( Pretty much this. We need to dismantle the modern-day nobility: http://rys.io/en/77 Corporations are "people" with their "free speech": http://en.wikipedia.org/wiki/Citizens_United_v._Federal_Election_Commission ...trying to have their "privacy": http://www.reuters.com/article/2011/03/01/us-att-privacy-idUSTRE7203UN20110301 ...having their own courts and enactin their own laws. They are impossible to kill and impossible to be thrown in jail. They have (almost) all the rights of people without many of the duties, and without any of the morality: http://en.wikipedia.org/wiki/The_Corporation_%28film%29 http://rys.io/en/61 This is why we can't have nice things. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Tue Jan 21 03:48:46 2014 From: rysiek at hackerspace.pl (rysiek) Date: Tue, 21 Jan 2014 12:48:46 +0100 Subject: [OT] Note to new-ish subscribers: you joined a mailing list, not a "group". (fwd) In-Reply-To: <1390280809.39967.YahooMailNeo@web164601.mail.gq1.yahoo.com> References: <149CBD8B-A1D9-4524-83FC-5D7DB662EEAA@gmail.com> <1390280809.39967.YahooMailNeo@web164601.mail.gq1.yahoo.com> Message-ID: <3991396.Fn3xMA343Y@lap> Dnia poniedziałek, 20 stycznia 2014 21:06:49 Jim Bell pisze: > From: Philip Shaw > > To: J.A. Terranson > Cc: cpunks > Sent: Monday, January 20, 2014 8:28 PM > Subject: Re: [OT] Note to new-ish subscribers: you joined a mailing list, > not a "group". (fwd) > On 21 Jan 2014, at 12:47 , J.A. Terranson wrote: > >> Telecom/NSA/*retroactive immunity* ring a bell? > > > >Retroactive acquittal is relatively OK - it is a good thing when applied to > >the people, for example people have been campaigning for a long time to > >get all British sodomy convictions >quashed even though everyone has now > >been released, so we more or less have to accept that it *can* be used to > >clear government agents too, even if politically we shouldn’t approve >(at > >least in specific cases). (For criminal matters, in many jurisdictions the > >government can simply refuse to prosecute cases against its agents and > >private prosecutions aren’t permitted >in some places, so it doesn’t > >create any new danger to the public.) Retroactive indictment is the > >problem, and is far more dangerous. > > Au contraire! A good argument can be made that retroactive acquittal (more > precisely, in this case, retroactive civil immunity of corporations) So let's stick to either the general thing (that seems to be more or less okay) *or* the specific not-okay thing, and not use arguments against the latter against the former, shall we? Because I'm sure we can agree here that retroactive corporate acquittal is bullshit and should not happen, under any circumstances. And I think we can agree that in some cases *personal* retroactive acquittal is not a bad idea. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From demonfighter at gmail.com Tue Jan 21 09:55:11 2014 From: demonfighter at gmail.com (Steve Furlong) Date: Tue, 21 Jan 2014 12:55:11 -0500 Subject: cypherpunks buy the farm In-Reply-To: <20140121171123.GW3180@nl.grid.coop> References: <20140121171123.GW3180@nl.grid.coop> Message-ID: On Tue, Jan 21, 2014 at 12:11 PM, Troy Benjegerdes wrote: > OT: Have we turned into cyphergoths here? Cypheremos develop their own broken encryption algorithms and whine that no one understands them. They seed their entropy pools by cutting themselves and looking at the pattern of blood drops. Cyphergoths beat them up and take their lunch money. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 660 bytes Desc: not available URL: From yumkam at gmail.com Tue Jan 21 01:32:23 2014 From: yumkam at gmail.com (Yuriy Kaminskiy) Date: Tue, 21 Jan 2014 13:32:23 +0400 Subject: consistent pcp/pbp formats (was: Curve p25519 Replacements for GnuPG?(x2 now) ..) In-Reply-To: <20140120133104.GL3900@r4> References: <20140114111653.GD3900@r4> <20140115093443.GE3900@r4> <20140115134145.GF3900@r4> <20140120133104.GL3900@r4> Message-ID: Thomas von Dein wrote: > On Mon, Jan 20, 2014 at 03:13:42PM +0400, Yuriy Kaminskiy wrote: >> FWIW, I quickly looked at pbp [python? hate-hate-hate], it apparently has nearly >> same design defect: it uses long-term curve25519 keypair for message encryption. >> Unlike pcp, it does not include sender identification in message, receiver must >> try all public keys in her keyring. > > Nope, the sender's public key is included by pbp with the encrypted Hmm? === cut pbp-git/doc/fileformats.txt === public key encrypted files have the following structure: 5[1]|nonce|len(recipients)[4]|[(recipients...)|c(packet key, nonce, msg) where recipients is a concatenated list of random_nonce|c(recipient crypto pk, random_nonce, packet key) ==== cut === Public key where? Well, if you look at code, actual format is a bit different: === according to pbp-git/pbp/pbp.py === 5[1]|len(recipients)[4]|(recipients...)|(secretboxes...) where recipients is a concatenated list of random_nonce|box(our identity privkey, recipient crypto pk, random_nonce, packet key) and secretboxes is a list of nonce|secretbox(packet key, nonce, msg[i:i+BLOCK_SIZE]); i+=BLOCK_SIZE; === cut === (Too lazy to dig in "chaining-dh" carefully; but it uses "normal pubkey encryption" for bootstrap anyway). Correct format should be: 6[1]|temp_keypair.pubkey|len(recipients)[4]|(recipients...)|(secretboxes...) where recipients is a concatenated list of random_nonce|box(temp_keypair.privkey, recipient crypto pk, random_nonce, packet key) > message. Since yesterday pcp does the same. However, I use a dynamic > keypair on the sender site now. I'm currently in the process to change > the encrypted output format of pcp to match the one of pbp. > >> It is not easy to mess up with crypto - it is /extremely/ easy :-( >> >> And that's why it is important to point out at mistakes early on, without any >> mercy :-) > > Absolutely. Speaking of mistakes: I had even a note in the manpage where > I mentioned that it might be a bad idea to include the key-id with > encrypted messages, though I totally forgot it :) Oh - and I didn't > really include the key-ids, but a hash from it instead. However, this (Well, this is already fixed and does not matter anymore, but...) For eavesdropper, it does not matter if you use keyid or hash(keyid), or hash(hash(hash(hash(keyid))))). If keyids are same, their hashes are same (this can be fixed by salting). If eavesdropper knows keyid, he can calculate hash(keyid) as well, and thus map messages to keyids (this *cannot* be fixed by salting). > has already been changed. From rysiek at hackerspace.pl Tue Jan 21 04:46:28 2014 From: rysiek at hackerspace.pl (rysiek) Date: Tue, 21 Jan 2014 13:46:28 +0100 Subject: [OT] Note to new-ish subscribers: you joined a mailing list, not a "group". (fwd) In-Reply-To: <20140121123217.1d915ba8@steves-laptop> References: <3991396.Fn3xMA343Y@lap> <20140121123217.1d915ba8@steves-laptop> Message-ID: <5824904.emI4M74NFJ@lap> Dnia wtorek, 21 stycznia 2014 12:32:17 Steve Jones pisze: > On Tue, 21 Jan 2014 12:48:46 +0100 > > rysiek wrote: > > Because I'm sure we can agree here that retroactive corporate acquittal is > > bullshit and should not happen, under any circumstances. > > > > And I think we can agree that in some cases *personal* retroactive > > acquittal is not a bad idea. > > Sure the question is whether or not you agree with the conviction? It is > possible, theoretically at least, for a corporation to be convicted under a > law that is later decided to be unjust. Corporations are not people. I don't give a flying whatever about such a situation, and I do not see why I should. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From hozer at hozed.org Tue Jan 21 12:17:07 2014 From: hozer at hozed.org (Troy Benjegerdes) Date: Tue, 21 Jan 2014 14:17:07 -0600 Subject: Infiltration/Exfiltration In-Reply-To: <2446844.lTtSaIMl8d@lap> References: <20140121052946.GV3180@nl.grid.coop> <2446844.lTtSaIMl8d@lap> Message-ID: <20140121201707.GY3180@nl.grid.coop> On Tue, Jan 21, 2014 at 12:32:53PM +0100, rysiek wrote: > Dnia poniedziałek, 20 stycznia 2014 23:29:46 Troy Benjegerdes pisze: > > Let me posit that we need humans that act more like ethical beings, that > > have insights that go beyond the logic, rules, and reason that seem to, > > well, govern the keeping of secrets. I see a disturbing trend towards > > people who appear to be more human rule-and-emotional-reactivity execution > > units than empowered beings with free and unpredictable thought and > > discernment. > > > > The great thing that Snowden did was get more of the general public engaged > > and involved, and for the various types of infiltrators to have any lasting > > effect, there must be cypherpoliticians, architecting secure legal codes and > > blocking legislative trojans. > > > > Assassination Politics is an interesting armchair quarterback game, but I > > think what we really need is some of that theory applied to Election > > politics, with some down-in-the dirt wrestling with campaign finance. > > Oooooh. Oooh. "I just had a brainwave", to quote Chief Inspector Hubbard. > > How about use the very same mechanism as assassination market, but for voting? > Betting on who will win the next election, generally or in a each district, > etc? Creating cash incentives not for politicians (well, also, they could bet > themselves after all!), but activists, or other people that might help get > somebody elected? Pooling resources, but not in a candidate's pocket. This is a perfect example of "It's hard to understand something your salary (or campaign finances) depend on not understanding", cause I never saw this until you pointed it out. Fortunately I still have a few braincells that fired. This is brilliant... Get more money in politics, but in a way the politicians can never touch it. Oh sure, some will, but they will quickly be strung up by the 'clean campaigns' lynch mob. > > We need cypherpunks pointing out the futility of more reactive campaign > > finance regulations that plug the holes we saw last year. We need speech, > > and code as speech, and a debate about does the First Amendment cover the > > right to speak in code, and does the Second Amendment give us the right to > > keep and bear a well-regulated open-source drone Militia? > > Well, funny thing that. I wrote on it: > http://rys.io/en/54 > > The tl;dr is -- even though traditional RC planes are better-fitted to be used > as "terrorist tools" (faster, more load, etc), it's *copters that will get > banned first, as they empower people to "watch the watchers". Except I get to play the "Farmers need open-source drones to keep those anti-GMO terr'ists out" police state card, and watch the competing interests tie themselves up in knots while activists download the code I use to "Protect America's Food" I think I need to have a conversation with my local sheriff and FAA folks on if 'Stand your Airspace' applies, or if they want to have fun with target practice if I start seeing undocumented drones. I also need a little advance warning to let the rednecks know when drone season starts, and distribute IFF scopes so they don't shoot down the ones with 1watt orange warning LEDs that are videotaping the amusement. It might be better to have the IFF scope send off a warning laser pulse first and all drones running released standards-compliant firmware drop out of the sky and the shooter gets a 'win', and save the kinetics for the drones that don't drop on request. Points for marked drones, cash for 'illegals', but only if you can find the flash memory chips. The NSA should probably figure out how to work with the FBI to make sure they are the highest bidder, in public, on the darknets, and most importantly, at the local gun/drone shop. Drone Registration should consist of posting your make, model, firmware image, and radio 'handle' on a public website. Geez, someone needs to make a game, cartoon, and video game out of this. The above concept is released to anyone under public domain. Have at it reality TV, you can call it "Drone Dynasty". Just give me a chance to test the software. I just want to send out the drones to check if my crop came up, or if I need to hook up the cultivator. The rest of this stuff is just a means to get an industry started to defend my ability to hack the code on my drones. From jamesdbell8 at yahoo.com Tue Jan 21 14:23:07 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Tue, 21 Jan 2014 14:23:07 -0800 (PST) Subject: Been there, done that. Message-ID: <1390342987.4434.YahooMailNeo@web164606.mail.gq1.yahoo.com> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 498 bytes Desc: not available URL: From wahspilihp at gmail.com Mon Jan 20 20:28:21 2014 From: wahspilihp at gmail.com (Philip Shaw) Date: Tue, 21 Jan 2014 14:58:21 +1030 Subject: [OT] Note to new-ish subscribers: you joined a mailing list, not a "group". (fwd) In-Reply-To: References: Message-ID: <149CBD8B-A1D9-4524-83FC-5D7DB662EEAA@gmail.com> On 21 Jan 2014, at 12:47 , J.A. Terranson wrote: > Telecom/NSA/*retroactive immunity* ring a bell? Retroactive acquittal is relatively OK - it is a good thing when applied to the people, for example people have been campaigning for a long time to get all British sodomy convictions quashed even though everyone has now been released, so we more or less have to accept that it *can* be used to clear government agents too, even if politically we shouldn’t approve (at least in specific cases). (For criminal matters, in many jurisdictions the government can simply refuse to prosecute cases against its agents and private prosecutions aren’t permitted in some places, so it doesn’t create any new danger to the public.) Retroactive indictment is the problem, and is far more dangerous. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 243 bytes Desc: Message signed with OpenPGP using GPGMail URL: From cathalgarvey at cathalgarvey.me Tue Jan 21 08:28:00 2014 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Tue, 21 Jan 2014 16:28:00 +0000 Subject: What more is there? [infil/exfil] In-Reply-To: References: Message-ID: <52DEA010.4000104@cathalgarvey.me> > He also trusted RSA enough to use it to encrypt communications with > Greenwald and Poitris (sp?). Not only that, after Schneier took a look at the files he alluded that discrete-log crypto was a safer bet right now. So it looks like RSA remains ironclad in terms of age and security. Also, if AES were backdoored, I think we'd see waaay more panicked allusions to state-secret-smashing revelations. Besides, as has been argued many times; if you own the random number generator, you own the RSA/AES ciphers anyway, and that's what the NSA did. So yea, if you were using RSA-RSA, you're fucked because one of the CSPRNGs was backdoored. But the RSA algorithm, going by Snowden's usage and Schneier's interpretation of the documents, is still OK if properly implemented. > Very real possibility. Commercial tech is almost there. Assuming > government is 3-5 years ahead, they might well have that. But I really > don't see that as much of a threat. It just saves analysts time. Also permits more efficient storage for a backlog of dirt if they ever decide they don't like you. So, it is a bit of a game-changer. The NSA will never store raw audio of you being a total asshole if you're not a target, even though it would be great material for discrediting you someday if you get out of line. But they could easily store plaintext transcripts. On 21/01/14 15:38, Anonymous Remailer (austria) wrote: > On 01/20/2014 07:56 PM, grarpamp wrote:> On Mon, Jan 20, 2014 at 2:57 > PM, Anonymous Remailer (austria) >> wrote: >>>> I too wish the leaks would come at a faster pace. But I don't think >>> >> The pace is ok, it keeps up the pressure. The real question is, >> is what remains? More of this same stuff we all knew was happening >> anyways? Or is there more deeper stuff we only questioned but >> shrugged off due to the hardness/fantasy of it all? >> >> - decryption of aes? cracked rsa? > > Unlikely, unless it's buried deep within files that Snowden took. > Remember, during his very first few interviews, he encouraged us to > continue to use encryption and made the statement "encryption works". He > also trusted RSA enough to use it to encrypt communications with > Greenwald and Poitris (sp?). > >> - automatic and global translation to stored text of all voice calls? > > Very real possibility. Commercial tech is almost there. Assuming > government is 3-5 years ahead, they might well have that. But I really > don't see that as much of a threat. It just saves analysts time. > >> - gratuitous unwarranted passing of crimetips to LEA? > > Likely already being done. In fact, there seems to be some evidence that > this has happened in several instances. > >> - fundamental metadata knowledge of all persons/associations? > > Probably possible but not really feasible. Too difficult to filter even > using selectors. But I'm sure they're close. Still, there are ways to > communicate without generating useful metadata so it might not matter. > >> - political puppetstringing? > > I'd say this is nearly guaranteed. In fact, I suspect this is why > Congress has been so slow to do anything about it. The NSA has them by > the balls. If you were running a large, illegal, operation, wouldn't you > first gather as much dirt on the people who could shut it down as possible? > >> I suggest the answer lies in budget analysis... the possibilities >> within a well spent budget. Or a seriously conscientious leaker at >> the top who is yet to come... since so far Snowden seems limited >> to confirming lower level obviousness. > > Good point. You know what I'd like to see? I'd like to see code. I'd > like someone to drop the code to one of these massive systems online for > us to analyze. But I suppose documents and program details would be just > as useful. > -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x988B9099.asc Type: application/pgp-keys Size: 6176 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 901 bytes Desc: OpenPGP digital signature URL: From mixmaster at remailer.privacy.at Tue Jan 21 07:38:57 2014 From: mixmaster at remailer.privacy.at (Anonymous Remailer (austria)) Date: Tue, 21 Jan 2014 16:38:57 +0100 (CET) Subject: What more is there? [infil/exfil] Message-ID: On 01/20/2014 07:56 PM, grarpamp wrote:> On Mon, Jan 20, 2014 at 2:57 PM, Anonymous Remailer (austria) > wrote: >> > I too wish the leaks would come at a faster pace. But I don't think >> > The pace is ok, it keeps up the pressure. The real question is, > is what remains? More of this same stuff we all knew was happening > anyways? Or is there more deeper stuff we only questioned but > shrugged off due to the hardness/fantasy of it all? > > - decryption of aes? cracked rsa? Unlikely, unless it's buried deep within files that Snowden took. Remember, during his very first few interviews, he encouraged us to continue to use encryption and made the statement "encryption works". He also trusted RSA enough to use it to encrypt communications with Greenwald and Poitris (sp?). > - automatic and global translation to stored text of all voice calls? Very real possibility. Commercial tech is almost there. Assuming government is 3-5 years ahead, they might well have that. But I really don't see that as much of a threat. It just saves analysts time. > - gratuitous unwarranted passing of crimetips to LEA? Likely already being done. In fact, there seems to be some evidence that this has happened in several instances. > - fundamental metadata knowledge of all persons/associations? Probably possible but not really feasible. Too difficult to filter even using selectors. But I'm sure they're close. Still, there are ways to communicate without generating useful metadata so it might not matter. > - political puppetstringing? I'd say this is nearly guaranteed. In fact, I suspect this is why Congress has been so slow to do anything about it. The NSA has them by the balls. If you were running a large, illegal, operation, wouldn't you first gather as much dirt on the people who could shut it down as possible? > I suggest the answer lies in budget analysis... the possibilities > within a well spent budget. Or a seriously conscientious leaker at > the top who is yet to come... since so far Snowden seems limited > to confirming lower level obviousness. Good point. You know what I'd like to see? I'd like to see code. I'd like someone to drop the code to one of these massive systems online for us to analyze. But I suppose documents and program details would be just as useful. From jamesdbell8 at yahoo.com Tue Jan 21 17:23:04 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Tue, 21 Jan 2014 17:23:04 -0800 (PST) Subject: Dying Grandma's Coded Messages. Message-ID: <1390353784.80896.YahooMailNeo@web164603.mail.gq1.yahoo.com> http://news.yahoo.com/blogs/sideshow/the-internet-helps-decode-grandmother-s-mysterious-note-191712093.html http://ask.metafilter.com/255675/Decoding-cancer-addled-ramblings        Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1213 bytes Desc: not available URL: From shelley at misanthropia.info Tue Jan 21 17:36:10 2014 From: shelley at misanthropia.info (shelley at misanthropia.info) Date: Tue, 21 Jan 2014 17:36:10 -0800 Subject: The Cypherpunk Enquirer In-Reply-To: <89e345007bd4873792c257d61bb34545@remailer.privacy.at> Message-ID: <20140122013614.290546800A9@frontend2.nyi.mail.srv.osa> Bravo, anon! Very well done.  Project Creampie, Bose-Einstein condensate and the bit about JYA... Oh, how I needed that laugh today!  On Jan 21, 2014 5:13 PM, Anonymous Remailer (austria) <mixmaster at remailer.privacy.at> wrote: THE CYPHERPUNK ENQUIRER "Just when we thought we were out, they drag us back in ..." Recently reviewed documents leaked by Edward Snowden reveal that, following the discovery of large quantities of pornography on hard drives retrieved from the Abbottabad compound where Osama bin Laden was assassinated, the NSA became concerned that al Queda was using steganographic techniques to hide various communications within the jpgs and animated gifs, and began a program (known internally as 'Project Creampie') to collect all the pornography on the internet into one giant database, presently located at the new NSA data storage center in Bluffdale, Utah, that could be searched by various interns and subcontractors. Progress has apparently been slowed due to subcontractor Hewitt Packard's problems in designing and building a computer keyboard impervious to "precious bodily fluids". In response to the newly discovered NSA obsession with feelthy peectures, the old al-queda.net NSA bait URL has been changed to porn-are-us.org. Responding to charges of 'language-ism', the Obfuscated C contest opened itself to languages other than just C this year, and the clear winner in the English category was our own John Young of cryptome.org. "We don't have a clue what he's saying," the nominating committee stated, "but we sure as hell know what he means." The judging committee was impressed by Mr. Young's ability to be almost totally incomprehensible while still getting his point across, and by the fact that he had obviously attained bootstrap status, and in addition is Turing complete. The debate over whether Mr. Young qualifies as P or NP has yet to be resolved. In a shout-out to the old DEFCON ritual of playing 'Spot the Fed', the RSA Conference has announced a contest to 'Spot Tim May', the winner receiving an 'I Outed Tim May' tee shirt and a personal bodyguard for the conference duration. Interest appears to be limited due to the boycott. After a long absence, the Cypherpunks steering committee, due to recent revelations about NSA spying, has once again opened One Time Pad season. The early leader appears to be Ian Goldberg's (of UC Berkeley's 'Glow in the Dark Campanile' fame) proposal to distribute OTP bits via entangled photons, awaiting only Phillip Hallam-Baker's work on developing a room-temperature Bose-Einstein condensate. Open source programmers have already initiated a Kickstarter campaign to develop a delivery method for the distribution of OTPs that would avoid the internet completely and still be RFC 1149, 2549, and 6214 compliant. The NIST is facing further controversy following claims that it intentionally 'backdoored' the Dual_EC_DRBG random number generator. Now an IETF taskforce, after several months of study, has determined that NIST's proposal to increase the security of a venerable UNIX encryption algorithm by 'doubling the cycle length' actually makes the algorithm more susceptible to cryptanalysis. Cryptographers are recommending that all programs that use the new algorithm immediately revert to the old 'ROT13' standard. Quote of the Week: "In conclusion, the main thing we did wrong when designing ATM security systems in the early to mid-1980s was to worry about criminals being clever; we should rather have worried about our customers - the banks' system designers, implementers, and testers - being stupid." Ross Anderson, "Security Engineering" SCOTUS Justice Antonin Scalia was arrested yesterday and charged with threatening to assassinate POTUS Barak Obama. Justice Scalia was released 6 hours later after scientific vocal analysis of his Skype call to Justice Samuel Alito revealed that his actual statement was, "Let's kill the precedent". The FBI blamed the British GCHQ for providing them a poor quality recording, to which a GCHQ spokesperson replied that the recording was "exactly what the NSA gave us". The Microsoft Corporation denied it provided any Skype information to the NSA whatsoever via a press representative whose trousers were quickly extinguished by an attentive aide. Tonight on NSA TV - "Sexting with the Stars" Miley Cyrus and Lady Gaga in hot girl-on-girl action! (security clearance 'Secret' or above required) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5118 bytes Desc: not available URL: From wahspilihp at gmail.com Mon Jan 20 23:50:04 2014 From: wahspilihp at gmail.com (Philip Shaw) Date: Tue, 21 Jan 2014 18:20:04 +1030 Subject: bitcoin In-Reply-To: <20140121060536.14B311027D@a-pb-sasl-quonix.pobox.com> References: <20090126223438.GQ11544@leitl.org> <20140121060536.14B311027D@a-pb-sasl-quonix.pobox.com> Message-ID: On 21 Jan 2014, at 16:32 , Bill Stewart wrote: > - Litecoin uses scrypt, which was designed to not fit into ASICs or GPUs, so people with regular PCs could still mine it, without being crowded out by commercial miners. It turns out that people have figured out how to fit it into GPUs, which still run about 10-100 times as fast as CPU mining, While unfortunate for Litecoin’s users, that does demonstrate a nice benefit of crypto currencies for the public cryptography community - it gives a direct financial benefit to ordinary people working on attacking cryptography, and their discoveries will be much more likely to leak than government cryptographers. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 243 bytes Desc: Message signed with OpenPGP using GPGMail URL: From juan.g71 at gmail.com Tue Jan 21 13:45:59 2014 From: juan.g71 at gmail.com (Juan Garofalo) Date: Tue, 21 Jan 2014 18:45:59 -0300 Subject: bitcoin In-Reply-To: <52DE3A5F.7010109@echeque.com> References: <20140120102514.449c9214@steves-laptop> <52DDAD0A.6010801@echeque.com> <20140121003412.1626bbed@steves-laptop> <52DE3A5F.7010109@echeque.com> Message-ID: --On Tuesday, January 21, 2014 7:14 PM +1000 "James A. Donald" wrote: > Kelly John Rose wrote: > > > > Bitcoin is a cryptocurrency, the free and democratic world > > > > has aircraft carriers, tanks and cruise missiles. > > "James A. Donald" wrote: > > > As I said before, there are too many people in the ruling elite, > > > and they do not like or trust each other. > > On 2014-01-21 10:34, Steve Jones wrote: > > This is just nonsense. The political elite can easily rely on their > > footsoldiers to enforce the law, > > Suppose the political elite are not in agreement But they are in agreement. And that's not really the point anyway. I'm asking what practical means would governments use to deal with bitcoin if it becomes a real problem for them. - and they are > finding it harder and harder to get agreement. They tell their > footsoldiers to implement the policy, and tell their footsoldiers to > not implement the policy - and suddenly the footsoldiers are > kingmakers, making the ruling elite nervous. > > This is already happening with "asylum seekers". > From jamesd at echeque.com Tue Jan 21 01:14:07 2014 From: jamesd at echeque.com (James A. Donald) Date: Tue, 21 Jan 2014 19:14:07 +1000 Subject: bitcoin In-Reply-To: <20140121003412.1626bbed@steves-laptop> References: <20140120102514.449c9214@steves-laptop> <52DDAD0A.6010801@echeque.com> <20140121003412.1626bbed@steves-laptop> Message-ID: <52DE3A5F.7010109@echeque.com> Kelly John Rose wrote: > > > Bitcoin is a cryptocurrency, the free and democratic world > > > has aircraft carriers, tanks and cruise missiles. "James A. Donald" wrote: > > As I said before, there are too many people in the ruling elite, > > and they do not like or trust each other. On 2014-01-21 10:34, Steve Jones wrote: > This is just nonsense. The political elite can easily rely on their > footsoldiers to enforce the law, Suppose the political elite are not in agreement - and they are finding it harder and harder to get agreement. They tell their footsoldiers to implement the policy, and tell their footsoldiers to not implement the policy - and suddenly the footsoldiers are kingmakers, making the ruling elite nervous. This is already happening with "asylum seekers". From grarpamp at gmail.com Tue Jan 21 16:25:52 2014 From: grarpamp at gmail.com (grarpamp) Date: Tue, 21 Jan 2014 19:25:52 -0500 Subject: here you go.(firearms resistant drone bodies ) ..Re: Infiltration/Exfiltration In-Reply-To: <52DEDC2C.3030409@cypherpunks.to> References: <20140121052946.GV3180@nl.grid.coop> <2446844.lTtSaIMl8d@lap> <20140121201707.GY3180@nl.grid.coop> <52DEDC2C.3030409@cypherpunks.to> Message-ID: On Tue, Jan 21, 2014 at 3:44 PM, gwen hastings wrote: > http://www.gameofdrones.biz/ they do their testing with 12 gauges at >>> Assassination Politics is an interesting armchair quarterback game, >>>> keep and bear a well-regulated open-source drone Militia? >>> Well, funny thing that. I wrote on it: >>> http://rys.io/en/54 >>> >>> The tl;dr is -- even though traditional RC planes are better-fitted to be used >>> as "terrorist tools" (faster, more load, etc), it's *copters that will get >>> banned first, as they empower people to "watch the watchers". No idea what kind of flight characteristics RC gear has, but someday someone's going to try loading them with munitions and taking out targets with them from far away. Even with RF jamming and hailfire on close approach they could counter with inertial autopilot, vertical guided payload drops from altitude, and redundancy. Maybe $1-5k per drone. Will it crop up as a rebirth of Mafia/Ghetto gangland violence? Corporate warfare? A political tool for anyone from nations to individuals? Nations seem to publicize who they bagged in theatre with drones today, but what if people just start dropping off? No longer are you going to find bits of $M cruise missle labeled USA but a bunch of Chinese toy parts (possibly flown at you while on holiday in Germany by a Korean funded by a Texan who didnt't like your oil contract in Canada). It's unbannable dual use leaving crazy movielike future bounded only by human nature. Next is radar based automatic rooftop shotgun mounts for the home, better buy stock in Mossberg. From bill.stewart at pobox.com Tue Jan 21 19:47:40 2014 From: bill.stewart at pobox.com (Bill Stewart) Date: Tue, 21 Jan 2014 19:47:40 -0800 Subject: {}coin: good enough for election politics? In-Reply-To: References: <20140120050132.GQ3180@nl.grid.coop> Message-ID: <20140122034758.28C62FD0D@a-pb-sasl-quonix.pobox.com> At 03:10 AM 1/20/2014, J.A. Terranson wrote: >Already litigated in the USA, with very strange results: for example, code >printed on your T-Shirt is free speech, while the same code may be a >munition if instantiated on a processor. No, that one was never litigated, just administratively ignored. I was half-tempted to submit a FOIA request saying "Where's Raph's T-Shirt?" because his ITAR request for an export permit for the shirt was neither approved nor denied (or at least, it hadn't been replied to at all for quite a long time at that point.) It could only have been litigated if either he'd taken it to court or else they'd charged somebody with a crime for exporting it. >Money == spech (recent SCOTUS explosion of pro corporate diareaha). Money might not exactly be "speech", but it's certainly "press". It's how you get your speech out to people who might listen to it. I get really tired of the kinds of people whose justification for censoring porn on the internet is "the first amendment's only about political speech" but when somebody actually wants to use it for political speech "no, can't do that, elections are WAY too important to let JUST ANYBODY say JUST ANYTHING they want!" >Too late in the US. And with Roberts being such a young guy, expect no >changes for a very, *very*, long time. Roberts's real attraction for Bush was that he believes that anything the Executive Branch wants to do is Just Fine. He's probably more radical than Scalia about that. But while we're probably stuck with Roberts for the rest of my lifetime, the Court's balances can still change. >An American Spring is coming: one way or another. Given Global Warming, it'll probably be what we used to call "winter"... From iam at kjro.se Tue Jan 21 16:49:50 2014 From: iam at kjro.se (Kelly John Rose) Date: Tue, 21 Jan 2014 19:49:50 -0500 Subject: bitcoin In-Reply-To: <52DF142A.2050900@echeque.com> References: <20140120102514.449c9214@steves-laptop> <52DDAD0A.6010801@echeque.com> <20140121003412.1626bbed@steves-laptop> <52DE3A5F.7010109@echeque.com> <52DF142A.2050900@echeque.com> Message-ID: Large enough funding to take over 51% of the bitmining regime. Ability to block / adjust internet packets on an international basis If necessary, the police and physical force to take down the players with the most bitcoins quickly and effectively. On Tue, Jan 21, 2014 at 7:43 PM, James A. Donald wrote: > On 2014-01-22 07:45, Juan Garofalo wrote: > >> I'm asking what practical means would governments use to deal >> with bitcoin >> if it becomes a real problem for them. >> > > And I am telling you that they will act in a way that is chaotic, > incompetent, corrupt, and disorderly. > > -- Kelly John Rose Toronto, ON Phone: +1 647 638-4104 Twitter: @kjrose Skype: kjrose.pr Gtalk: iam at kjro.se MSN: msn at kjro.se Document contents are confidential between original recipients and sender. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1560 bytes Desc: not available URL: From demonfighter at gmail.com Tue Jan 21 17:11:47 2014 From: demonfighter at gmail.com (Steve Furlong) Date: Tue, 21 Jan 2014 20:11:47 -0500 Subject: cypherpunks buy the farm In-Reply-To: <948C95B9-B5AC-40DF-A2B0-3DB29BBCB16D@gmail.com> References: <20140121171123.GW3180@nl.grid.coop> <948C95B9-B5AC-40DF-A2B0-3DB29BBCB16D@gmail.com> Message-ID: On Tue, Jan 21, 2014 at 7:58 PM, Robert Hettinga wrote: > We’re cypherfarts. Cypherfarts sniff their own traffic and think it smells great. -- Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 500 bytes Desc: not available URL: From hettinga at gmail.com Tue Jan 21 16:58:01 2014 From: hettinga at gmail.com (Robert Hettinga) Date: Tue, 21 Jan 2014 20:58:01 -0400 Subject: cypherpunks buy the farm In-Reply-To: References: <20140121171123.GW3180@nl.grid.coop> Message-ID: <948C95B9-B5AC-40DF-A2B0-3DB29BBCB16D@gmail.com> On Jan 21, 2014, at 1:55 PM, Steve Furlong wrote: > On Tue, Jan 21, 2014 at 12:11 PM, Troy Benjegerdes wrote: > > > OT: Have we turned into cyphergoths here? > > Cypheremos develop their own broken encryption algorithms and whine that no one understands them. They seed their entropy pools by cutting themselves and looking at the pattern of blood drops. Cyphergoths beat them up and take their lunch money. We’re cypherfarts. Get offa my lawn. Cheers, RAH -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 496 bytes Desc: Message signed with OpenPGP using GPGMail URL: From hettinga at gmail.com Tue Jan 21 17:41:59 2014 From: hettinga at gmail.com (Robert Hettinga) Date: Tue, 21 Jan 2014 21:41:59 -0400 Subject: cypherpunks buy the farm In-Reply-To: References: <20140121171123.GW3180@nl.grid.coop> <948C95B9-B5AC-40DF-A2B0-3DB29BBCB16D@gmail.com> Message-ID: On Jan 21, 2014, at 9:11 PM, Steve Furlong wrote: > Cypherfarts sniff their own traffic and think it smells great. Just so. Cheers, RAH -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 496 bytes Desc: Message signed with OpenPGP using GPGMail URL: From l at odewijk.nl Tue Jan 21 14:37:57 2014 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Tue, 21 Jan 2014 23:37:57 +0100 Subject: Been there, done that. In-Reply-To: <1390342987.4434.YahooMailNeo@web164606.mail.gq1.yahoo.com> References: <1390342987.4434.YahooMailNeo@web164606.mail.gq1.yahoo.com> Message-ID: Nice. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 58 bytes Desc: not available URL: From mixmaster at remailer.privacy.at Tue Jan 21 17:08:39 2014 From: mixmaster at remailer.privacy.at (Anonymous Remailer (austria)) Date: Wed, 22 Jan 2014 02:08:39 +0100 (CET) Subject: The Enquirer Message-ID: <89e345007bd4873792c257d61bb34545@remailer.privacy.at> THE CYPHERPUNK ENQUIRER "Just when we thought we were out, they drag us back in ..." Recently reviewed documents leaked by Edward Snowden reveal that, following the discovery of large quantities of pornography on hard drives retrieved from the Abbottabad compound where Osama bin Laden was assassinated, the NSA became concerned that al Queda was using steganographic techniques to hide various communications within the jpgs and animated gifs, and began a program (known internally as 'Project Creampie') to collect all the pornography on the internet into one giant database, presently located at the new NSA data storage center in Bluffdale, Utah, that could be searched by various interns and subcontractors. Progress has apparently been slowed due to subcontractor Hewitt Packard's problems in designing and building a computer keyboard impervious to "precious bodily fluids". In response to the newly discovered NSA obsession with feelthy peectures, the old al-queda.net NSA bait URL has been changed to porn-are-us.org. Responding to charges of 'language-ism', the Obfuscated C contest opened itself to languages other than just C this year, and the clear winner in the English category was our own John Young of cryptome.org. "We don't have a clue what he's saying," the nominating committee stated, "but we sure as hell know what he means." The judging committee was impressed by Mr. Young's ability to be almost totally incomprehensible while still getting his point across, and by the fact that he had obviously attained bootstrap status, and in addition is Turing complete. The debate over whether Mr. Young qualifies as P or NP has yet to be resolved. In a shout-out to the old DEFCON ritual of playing 'Spot the Fed', the RSA Conference has announced a contest to 'Spot Tim May', the winner receiving an 'I Outed Tim May' tee shirt and a personal bodyguard for the conference duration. Interest appears to be limited due to the boycott. After a long absence, the Cypherpunks steering committee, due to recent revelations about NSA spying, has once again opened One Time Pad season. The early leader appears to be Ian Goldberg's (of UC Berkeley's 'Glow in the Dark Campanile' fame) proposal to distribute OTP bits via entangled photons, awaiting only Phillip Hallam-Baker's work on developing a room-temperature Bose-Einstein condensate. Open source programmers have already initiated a Kickstarter campaign to develop a delivery method for the distribution of OTPs that would avoid the internet completely and still be RFC 1149, 2549, and 6214 compliant. The NIST is facing further controversy following claims that it intentionally 'backdoored' the Dual_EC_DRBG random number generator. Now an IETF taskforce, after several months of study, has determined that NIST's proposal to increase the security of a venerable UNIX encryption algorithm by 'doubling the cycle length' actually makes the algorithm more susceptible to cryptanalysis. Cryptographers are recommending that all programs that use the new algorithm immediately revert to the old 'ROT13' standard. Quote of the Week: "In conclusion, the main thing we did wrong when designing ATM security systems in the early to mid-1980s was to worry about criminals being clever; we should rather have worried about our customers - the banks' system designers, implementers, and testers - being stupid." Ross Anderson, "Security Engineering" SCOTUS Justice Antonin Scalia was arrested yesterday and charged with threatening to assassinate POTUS Barak Obama. Justice Scalia was released 6 hours later after scientific vocal analysis of his Skype call to Justice Samuel Alito revealed that his actual statement was, "Let's kill the precedent". The FBI blamed the British GCHQ for providing them a poor quality recording, to which a GCHQ spokesperson replied that the recording was "exactly what the NSA gave us". The Microsoft Corporation denied it provided any Skype information to the NSA whatsoever via a press representative whose trousers were quickly extinguished by an attentive aide. Tonight on NSA TV - "Sexting with the Stars" Miley Cyrus and Lady Gaga in hot girl-on-girl action! (security clearance 'Secret' or above required) From juan.g71 at gmail.com Tue Jan 21 22:15:44 2014 From: juan.g71 at gmail.com (Juan Garofalo) Date: Wed, 22 Jan 2014 03:15:44 -0300 Subject: bitcoin In-Reply-To: <2562159D-33FD-4D98-A5D9-AA2DB8694D6F@gmail.com> References: <20140120102514.449c9214@steves-laptop> <52DDAD0A.6010801@echeque.com> <20140121003412.1626bbed@steves-laptop> <52DE3A5F.7010109@echeque.com> <2562159D-33FD-4D98-A5D9-AA2DB8694D6F@gmail.com> Message-ID: --On Wednesday, January 22, 2014 11:33 AM +1030 Philip Shaw wrote: > > On 22 Jan 2014, at 8:15 , Juan Garofalo wrote: >> >> I'm asking what practical means would governments use to deal with >> bitcoin if it becomes a real problem for them. > > Obvious solutions: > > * declare BTC to be presumptively evidence of drug dealing or trading CP > - possession of weakly-related artefacts being declared as sufficient > evidence has, IIRC, been ruled legal in NY in the case of a law which > made possession by a woman of multiple condoms evidence of prostitution. > * require BTC holdings to be declared to the tax authorities, and make > explicit that whatever the local tax on investment holdings applies to > BTC (I think the current question is not whether growth in value of BTC > is taxable but what kind of investment it should be taxed as). * snarl up > BTC exchanges with the same reporting requirements as normal banks and > trading houses, even though the much smaller scale will make that > extremely difficult to comply with. * rule that BTC miners are engaging > in banking by building up the record in the block chain, and make them > all responsible for reporting the transactions they process So, those are some possible 'legal' means that can be used to cripple bitcoin. What about requiring people to tie their identities to addresses? If individuals were forced to use addresses known to the government, then surveilling (maybe all) economic transactions would become...rather easy. > > Apart from the first, none of those would be very controversial, or even > entirely without merit if you accept the validity of the anti-fraud, > anti-money-laundering, and anti-tax-evasion laws which require reporting > by financial services companies. The trouble is, what is a tolerable > imposition on a company handling millions of dollars is a huge and > crippling burden on some guy with a couple of hundred dollars worth of > BTC. (This is where a "by way of trade" qualifier[0] would come in > useful, but it would also be horribly exploitable when it comes to > financial trading.) > > [0] Typically meaning, taking up a significant portion of one's time or > providing a significant portion of one's income - the sort of clause > which means that someone driving cross-country with some friends and > accepting petrol money from them isn't required to comply with the > regulations regarding taxis or minicabs. From juan.g71 at gmail.com Tue Jan 21 22:27:08 2014 From: juan.g71 at gmail.com (Juan Garofalo) Date: Wed, 22 Jan 2014 03:27:08 -0300 Subject: bitcoin In-Reply-To: References: <20140120102514.449c9214@steves-laptop> <52DDAD0A.6010801@echeque.com> <20140121003412.1626bbed@steves-laptop> <52DE3A5F.7010109@echeque.com> <52DF142A.2050900@echeque.com> Message-ID: --On Tuesday, January 21, 2014 7:49 PM -0500 Kelly John Rose wrote: > Large enough funding to take over 51% of the bitmining regime. Is there some kind of estimate of the price of doing that? Bitcoin optimists would say that at some point the network will be too big for a single player (even if it's a government) to take over? > > Ability to block / adjust internet packets on an international basis Is it possible to filter bitcoin traffic? The counterargument I've seen is that bitcoin traffic is really light, so it would be possible to 'disguise' it - steganography being the technical term I guess. > > If necessary, the police and physical force to take down the players with > the most bitcoins quickly and effectively. Yes. That sound's like a plan. And of course, contrary to James Donald's wishful thinking, governments are pretty efficient at using force to get rid of people who get in their way. > > > On Tue, Jan 21, 2014 at 7:43 PM, James A. Donald > wrote: > >> On 2014-01-22 07:45, Juan Garofalo wrote: >> >>> I'm asking what practical means would governments use to deal >>> with bitcoin >>> if it becomes a real problem for them. >>> >> >> And I am telling you that they will act in a way that is chaotic, >> incompetent, corrupt, and disorderly. >> >> > > > -- > Kelly John Rose > Toronto, ON > Phone: +1 647 638-4104 > Twitter: @kjrose > Skype: kjrose.pr > Gtalk: iam at kjro.se > MSN: msn at kjro.se > > Document contents are confidential between original recipients and sender. > From privarchy at gmail.com Tue Jan 21 20:25:01 2014 From: privarchy at gmail.com (Alex J. Martin) Date: Wed, 22 Jan 2014 04:25:01 +0000 Subject: Live Q&A with Edward Snowden: Thursday 23rd January, 8pm GMT, 3pm EST Message-ID: <52DF481D.3060008@gmail.com> http://www.freesnowden.is/asksnowden/ "Edward Snowden will be answering questions submitted by the public on his official support site, freesnowden.is , this Thursday 23 January at 8pm GMT, 3pm EST. The support site is run by The Courage Foundation and is the only endorsed Snowden Defence Fund. This is the first Snowden live chat since June 2013 and will last for an hour starting at 8pm GMT, 3pm EST. Questions can be submitted on twitter on the day of the event using the #AskSnowden hashtag. Edward Snowden's responses will appear at http://www.freesnowden.is/asksnowden The live chat comes exactly a week after US President Barack Obama gave an address in response to the public concerns raised by Edward Snowden's revelations about US surveillance practices. In the live chat, Edward Snowden is expected to give his first reaction to the President's speech. Courage (formerly the Journalistic Source Protection Defence Fund) is a trust, audited by accountants Derek Rothera & Company in the UK, for the purpose of providing legal defence and campaign aid to journalistic sources. It is overseen by an unrenumerated committee of trustees. Edward Snowden is its first recipient. freesnowden.is was commissioned by the trustees of Courage to provide information on the threats Edward Snowden faces and what can be done to support him, and details all revelations made to date in a convenient central archive." -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2226 bytes Desc: not available URL: From jd.cypherpunks at gmail.com Tue Jan 21 19:45:27 2014 From: jd.cypherpunks at gmail.com (jd.cypherpunks at gmail.com) Date: Wed, 22 Jan 2014 04:45:27 +0100 Subject: The Enquirer In-Reply-To: <89e345007bd4873792c257d61bb34545@remailer.privacy.at> References: <89e345007bd4873792c257d61bb34545@remailer.privacy.at> Message-ID: <159FD440-C2B5-48CB-BDB4-E97CE2421CFA@gmail.com> Very well done! Thanks. --michael From coderman at gmail.com Wed Jan 22 04:55:11 2014 From: coderman at gmail.com (coderman) Date: Wed, 22 Jan 2014 04:55:11 -0800 Subject: independently assisting oversight of highly classified programs In-Reply-To: References: Message-ID: On Mon, Jan 20, 2014 at 4:16 PM, grarpamp wrote: > ... > In US, besides the utilities themselves which do not give out detail info, there are data providers for this, even today. they appear to charge on the order of $400/mo to $50,000/yr for various metro and long distance fiber information. they're US companies and presumably screen the hell out of you before order and scrutinize your usage after. you can call for a quote ;) > ... I'm not saying he didn't > compile that street level of information, only that he would have had to > interact with well over a thousand entities and different data sets, even > down to the individual deed, to even begin to extract that information. huge amounts of this info used to be publicly available, much intentionally so. also, most of the plats are not so useful; you want to focus on the high capacity backbone links, transoceanic fibers, etc. these represent the vulnerable highly concentrated edges between "high degree nodes" when looking at aggregate traffic capacities. the degree of centralization / concentration is highest in communications, yet still significant in every other critical infrastructure. > ... Outside of a few target areas like downtown NYC that > he may have focused on for show, I doubt it was more than overlaid > national powerpoints reminiscent of JYA's eyeball series. it was much more than this. a combination of both an excessive collection he ggathered during an opportune window (pre 9/11), joined to novel application of graph theory to identify critical high degree nodes in these systems and estimate the impact of severing one or few links. (then further refined by others into a good paper i'll need to dig up, which shows that it is exceptionally difficult to win this defense against a motivated attack. e.g. almost all models for robust critical infrastructures assume random / natural failures and not targeted attacks by coordinated attackers.) From jya at pipeline.com Wed Jan 22 03:39:25 2014 From: jya at pipeline.com (John Young) Date: Wed, 22 Jan 2014 06:39:25 -0500 Subject: Guccifer Arrested and Archive Message-ID: http://cryptome.org/2014/01/guccifer-arrested.htm Guccifer Archive (~7GB) http://pastebin.com/ph02cfxw From coderman at gmail.com Wed Jan 22 06:45:08 2014 From: coderman at gmail.com (coderman) Date: Wed, 22 Jan 2014 06:45:08 -0800 Subject: independently assisting oversight of highly classified programs In-Reply-To: References: Message-ID: On Wed, Jan 22, 2014 at 4:55 AM, coderman wrote: >... application of graph theory to identify critical high degree > nodes in these systems and estimate the impact of severing one or few > links. > (then further refined by others into a good paper i'll need to dig up, i can't find it; will check other archives later,... related below. [note: where protections or identifications of critical components are identified, work backwards to direct attacks at least protected areas with highest impact.] "The Revenge of Distance: Vulnerability Analysis of Critical Information Infrastructure" Sean P. Gorman, Laurie Schintler, Raj Kulkarni, Roger Stough http://onlinelibrary.wiley.com/doi/10.1111/j.0966-0879.2004.00435.x/abstract "Identifying Critical Locations in a Spatial Network with Graph Theory" Urška Demšar, Olga Špatenková, Kirsi Virrantaus2 http://onlinelibrary.wiley.com/doi/10.1111/j.1467-9671.2008.01086.x/abstract?deniedAccessCustomisedMessage=&userIsAuthenticated=false "On Some Recent Definitions and Analysis Frameworks for Risk, Vulnerability, and Resilience" Terje Aven http://onlinelibrary.wiley.com/doi/10.1111/j.1539-6924.2010.01528.x/abstract?deniedAccessCustomisedMessage=&userIsAuthenticated=false From coderman at gmail.com Wed Jan 22 06:54:00 2014 From: coderman at gmail.com (coderman) Date: Wed, 22 Jan 2014 06:54:00 -0800 Subject: and not a single Tor hacker was surprised... Message-ID: Scientists detect “spoiled onions” trying to sabotage Tor privacy network Rogue Tor volunteers perform attacks that try to degrade encrypted connections. by Dan Goodin - Jan 21 2014, 2:42pm PST http://arstechnica.com/security/2014/01/scientists-detect-spoiled-onions-trying-to-sabotage-tor-privacy-network/ or reason #16256 to crypto end to end... --- Computer scientists have identified almost two dozen computers that were actively working to sabotage the Tor privacy network by carrying out attacks that can degrade encrypted connections between end users and the websites or servers they visit. The "spoiled onions," as the researchers from Karlstad University in Sweden dubbed the bad actors, were among the 1,000 or so volunteer computers that typically made up the final nodes that exited the Tor—short for The Onion Router—network at any given time in recent months. Because these exit relays act as a bridge between the encrypted Tor network and the open Internet, the egressing traffic is decrypted as it leaves. That means operators of these servers can see traffic as it was sent by the end user. Any data the end user sent unencrypted, as well as the destinations of servers receiving or responding to data passed between an end user and server, can be monitored—and potentially modified—by malicious volunteers. Privacy advocates have long acknowledged the possibility that the National Security Agency and spy agencies across the world operate such rogue exit nodes. The paper—titled Spoiled Onions: Exposing Malicious Tor Exit Relays—is among the first to document the existence of exit nodes deliberately working to tamper with end users' traffic (a paper with similar findings is here). Still, it remains doubtful that any of the 25 misconfigured or outright malicious servers were operated by NSA agents. Two of the 25 servers appeared to redirect traffic when end users attempted to visit pornography sites, leading the researchers to suspect they were carrying out censorship regimes required by the countries in which they operated. A third server suffered from what researchers said was a configuration error in the OpenDNS server. The remainder carried out so-called man-in-the-middle (MitM) attacks designed to degrade encrypted Web or SSH traffic to plaintext traffic. The servers did this by using the well-known sslstrip attack designed by researcher Moxie Marlinspike or another common MitM technique that converts unreadable HTTPS traffic into plaintext HTTP. Often, the attacks involved replacing the valid encryption key certificate with a forged certificate self-signed by the attacker. "All the remaining relays engaged in HTTPS and/or SSH MitM attacks," researchers Philipp Winter and Stefan Lindskog wrote. "Upon establishing a connection to the decoy destination, these relays exchanged the destination's certificate with their own, self-signed version. Since these certificates were not issued by a trusted authority contained in TorBrowser's certificate store, a user falling prey to such a MitM attack would be redirected to the about:certerror warning page." >From Russia with love The 22 malicious servers were among about 1,000 exit nodes that were typically available on Tor at any given time over a four-month period. (The precise number of exit relays regularly changes as some go offline and others come online.) The researchers found evidence that 19 of the 22 malicious servers were operated by the same person or group of people. Each of the 19 servers presented forged certificates containing the same identifying information. The virtually identical certificate information meant the MitM attacks shared a common origin. What's more, all the servers used the highly outdated version 0.2.2.37 of Tor, and all but one of the servers were hosted in the network of a virtual private system providers located in Russia. Several of the IP addresses were also located in the same net block. The researchers caution that there's no way to know that the operators of the malicious exit nodes are the ones carrying out the attacks. It's possible the actual attacks may be carried out by the ISPs or network backbone providers that serve the malicious nodes. Still, the researchers discounted the likelihood of an upstream provider of the Russian exit relays carrying out the attacks for several reasons. For one, the relays relied on a diverse set of IP address blocks, including one based in the US. The relays frequently disappeared after they were flagged as untrustworthy, researchers also noted. The researchers identified the rogue volunteers by scanning for server relays that replaced valid HTTPS certificates with forged ones. That might have helped to detect certificate forgery attacks such as the one used in 2011 to monitor 300,000 Gmail users—wouldn't be detected using the methods devised by the researchers. The researchers don't believe the malicious nodes they observed were operated by the NSA or other government agencies. "Organizations like the NSA have read/write access to large parts of the Internet backbone," Karlstad University's Winter wrote in an e-mail. "They simply do not need to run Tor relays. We believe that the attacks we discovered are mostly done by independent individuals who want to experiment." While the confirmation of malicious exit nodes is important, it's not particularly surprising. Tor officials have long warned that Tor does nothing to encrypt plaintext communications once it leaves the network. That means ISPs, remote sites, VPN providers, and the Tor exit relay itself can all see the communications that aren't encrypted by end users and the parties they communicate with. Tor officials have long counseled users to rely on HTTPS, e-mail encryption, or other methods to ensure that traffic receives end-to-end encryption. The researchers have proposed a series of updates to the "Torbutton" software used by most Tor users. Among other things, the proof-of-concept software fix would use an alternative exit relay to refetch all self-signed certificates delivered over Tor. The software would then compare the digital fingerprints of the two certificates. It's feasible that the changes might one day include certificate pinning, a technique for ensuring that a certificate presented by Google, Twitter, and other sites is the one authorized by the operator rather than a counterfeit one. Several hours after this article went live, Winter published this blog post titled What the "Spoiled Onions" paper means for Tor users. From jamesd at echeque.com Tue Jan 21 13:35:10 2014 From: jamesd at echeque.com (James A. Donald) Date: Wed, 22 Jan 2014 07:35:10 +1000 Subject: {}coin: good enough for election politics? In-Reply-To: <4673167.zPLzVVGOnc@lap> References: <20140120050132.GQ3180@nl.grid.coop> <4673167.zPLzVVGOnc@lap> Message-ID: <52DEE80E.5030600@echeque.com> On 2014-01-21 21:45, rysiek wrote: > Dnia poniedziałek, 20 stycznia 2014 05:10:58 J.A. Terranson pisze: >> The problem I think you are looking to "solve" is *Corporate* >> anonymity/pseudonymity. Won't happen under todays paradigm: the *fix* is >> to go back to separation of "natural persons" and "Corporate/chartered >> persons". The two types of personhood were never designed to be ewuals, >> yet her we are. :-( > > Pretty much this. We need to dismantle the modern-day nobility: > http://rys.io/en/77 > > Corporations are "people" with their "free speech": > http://en.wikipedia.org/wiki/Citizens_United_v._Federal_Election_Commission > > ...trying to have their "privacy": > http://www.reuters.com/article/2011/03/01/us-att-privacy-idUSTRE7203UN20110301 Corporations are people. If you grant lesser rights to corporations than to natural people, then the state can, and will, make corporations fire anyone suspected of thinking politically incorrect thoughts. Turned on the news last night, they were interviewing some silicon valley people, and the interviewer asked about how corporations viewed this and that. One of the interviewees replied "I am a corporation". He complained that he was subject to secret orders by a secret court, which lawless orders he could not tell anyone about, that he himself was being spied upon, that as well as being required to turn over information officially, his information was being stolen unofficially, and that foreign customers had (correctly) come to distrust him. A corporation is freedom of association, a group of people that agree together to act as one. In order to act as one, they delegate complete power over the collective assets of the project to one of themselves, the CEO, who is, often one of the major shareholders. Thus a corporation is people, people agreeing to associate, and corporation is a person, in that the people agreeing to associate commonly nominate one of themselves to be that person. From coderman at gmail.com Wed Jan 22 07:38:17 2014 From: coderman at gmail.com (coderman) Date: Wed, 22 Jan 2014 07:38:17 -0800 Subject: dear Eve, Message-ID: it was fun! i assume we have come to an understanding - security, like anonymity, is best as public good that floats all boats UPSTREAM (even if current reality far from vision of ideal). hopefully a good arrangement not needlessly obstructed... best regards, except to the surreptitious surveillance-ers; you're the outlier here! love, codermange --- many of the best detections for advanced attacks involved not-quite consumer hardware and customized systems for distributed storage, observation, and processing. this is way beyond the budget, skill, and time afforded even modestly technical users for most intents and purposes. however, sometimes simple measures to thwart attacks combined with a keen situational awareness can identify sophisticated attacks with less technical means. anomalies signal to attempt counter measures and initiate in depth scrutiny. --- consider the following, - baseband attack against mobile target: + cannot "hot patch" running image, as some changes take effect during initialization. force push results in restart. anomaly #0. + battery longevity one third what expected, distinct transition post-baseband-push for longevity of full charge - power consumption doesn't lie. anomaly #1. + abnormal signal power level for well known location for cell link. anomaly #2. + outbound dial attempts cannot put cell radio into lower bitrate audio call mode - outbound dial attempts fail - serious anomaly #3. (workaround of making call immediately on boot appears effective, and keeping a call in voice mode appears to thwart data exfiltation when no wifi uplink avail. + (technical but possible) pushed baseband needs to pass authentication of image; signature valid, revision same as prior mtd partition archive version, however sha digests do NOT match! this is not expected for the same build version. anomaly #4. --- consider the following, - BIOS attack with post-boot re-infection vector triggered once graphics mode transitions from console to graphical display: + target hardware is a match and supported, however, root file system is XFS, ZFS, or other unsupported *nix variant. attempt to persist by injection on file system using kernel fs funcs and data structures (this gets around FDE by interacting before luks/mdcrypt/loopaes/cryptoloop layer) thus causes kernel panic. anomaly #0. [note: A for effort++ by setting a not-again flag after first attempt. this prevents the kernel panic from becoming a persistent DoS as the next boot attempt will complete normally into graphical desktop. Subsequent reactivation follows similar fail safe of next boot succeeding after post boot persistent hook failure and kernel panic.] --- consider the following, - SMS MitM attack against Android mobile target: + normal delivery of SMS using a client such as TextSecure that checks for delivery confirmation on SMS, (do NOT use fire-and-forget like majority of text clients). attack introduces latency on confirmation due to radio mode switching between high rate exfiltation mode and low rate SMS with additional MitM proxy processing latency added as well. this results in messages initially showing "Message delivery failed" before shortly then confirming successful transmisssion. anomaly #0. + abnormal signal power level for well known location for cell link. anomaly #1. From coderman at gmail.com Wed Jan 22 07:44:16 2014 From: coderman at gmail.com (coderman) Date: Wed, 22 Jan 2014 07:44:16 -0800 Subject: and not a single Tor hacker was surprised... In-Reply-To: <52DFDFCB.9090003@kjro.se> References: <52DFDFCB.9090003@kjro.se> Message-ID: On Wed, Jan 22, 2014 at 7:12 AM, Kelly John Rose wrote: > To verify though, this has no effect on someone using tor and staying on > .onion sites or if you are using https end-to-end right? correct. > Honestly, if you use Tor and don't use SSL that seems like laziness to > me and deserves to be caught. i would agree, and i would also show some sympathy towards the unsuspecting. anything cypherpunks can do to ensure end to end crypto everywhere by default is another MitM and eavesdropping attack denied.... (someone should write more about using client-side certificates as a method to thwart SSL MitM with a CA signing transparent proxy adversary upstream. aka BlueCoat with "enterprise certificate" injected or private key pilfer.) best regards, From iam at kjro.se Wed Jan 22 05:14:09 2014 From: iam at kjro.se (Kelly John Rose) Date: Wed, 22 Jan 2014 08:14:09 -0500 Subject: bitcoin In-Reply-To: References: <20140120102514.449c9214@steves-laptop> <52DDAD0A.6010801@echeque.com> <20140121003412.1626bbed@steves-laptop> <52DE3A5F.7010109@echeque.com> <52DF142A.2050900@echeque.com> Message-ID: <52DFC421.5090200@kjro.se> On 1/22/2014 1:27 AM, Juan Garofalo wrote: > > > --On Tuesday, January 21, 2014 7:49 PM -0500 Kelly John Rose > wrote: > >> Large enough funding to take over 51% of the bitmining regime. > > Is there some kind of estimate of the price of doing that? Bitcoin > optimists would say that at some point the network will be too big for a > single player (even if it's a government) to take over? > The NSA has an almost unlimited budget. I could easily see them being used in this fashion. Especially since if bitcoin was being used by the official enemies of the US, it would allow the NSA to directly screw around with them. > >> >> Ability to block / adjust internet packets on an international basis > > > Is it possible to filter bitcoin traffic? The counterargument I've seen is > that bitcoin traffic is really light, so it would be possible to > 'disguise' it - steganography being the technical term I guess. > True, but the mining needs to happen in the open somehow. > > >> >> If necessary, the police and physical force to take down the players with >> the most bitcoins quickly and effectively. > > > Yes. That sound's like a plan. And of course, contrary to James Donald's > wishful thinking, governments are pretty efficient at using force to get > rid of people who get in their way. > > Actually, someone mentioned the fact that they could just do the "think of the children" CP/Drugs line, and that would resolve the problem more or less in the public eye. Especially when you combine that with "proceeds of a crime" laws, arguably turning a bitcoin into a similar object as a stolen stereo. In China and other similar countries they are dealing with it in a more direct manner, essentially telling people that if they continue to use it there will be severe consequences. Hence why the banks in China backed out so quickly. Unfortunately, utopian thinking is commonly wishful thinking, that's why so many bad things happen when utopian extremists start to get their way. > >> >> >> On Tue, Jan 21, 2014 at 7:43 PM, James A. Donald >> wrote: >> >>> On 2014-01-22 07:45, Juan Garofalo wrote: >>> >>>> I'm asking what practical means would governments use to deal >>>> with bitcoin >>>> if it becomes a real problem for them. >>>> >>> >>> And I am telling you that they will act in a way that is chaotic, >>> incompetent, corrupt, and disorderly. >>> >>> >> >> >> -- >> Kelly John Rose >> Toronto, ON >> Phone: +1 647 638-4104 >> Twitter: @kjrose >> Skype: kjrose.pr >> Gtalk: iam at kjro.se >> MSN: msn at kjro.se >> >> Document contents are confidential between original recipients and sender. >> > > From measl at mfn.org Wed Jan 22 07:47:51 2014 From: measl at mfn.org (J.A. Terranson) Date: Wed, 22 Jan 2014 09:47:51 -0600 (CST) Subject: SO... APPARENTLY THEY DECIDED TO TAKE THE INTERNET In-Reply-To: References: Message-ID: On Wed, 22 Jan 2014, Cari Machet SCREAMED AT THE TOP OF HER LUNGS: Ms. Machet. please avoid using all caps, *anywhere*. Not only is impolite, ITS A STRAIN ON THE EYES YOU UNTHINKING HALF-WIT. Very Tuly Yours, //Alif -- Those who make peaceful change impossible, make violent revolution inevitable. An American Spring is coming: one way or another. From iam at kjro.se Wed Jan 22 07:12:11 2014 From: iam at kjro.se (Kelly John Rose) Date: Wed, 22 Jan 2014 10:12:11 -0500 Subject: and not a single Tor hacker was surprised... In-Reply-To: References: Message-ID: <52DFDFCB.9090003@kjro.se> To verify though, this has no effect on someone using tor and staying on .onion sites or if you are using https end-to-end right? Honestly, if you use Tor and don't use SSL that seems like laziness to me and deserves to be caught. On 1/22/2014 9:54 AM, coderman wrote: > Scientists detect “spoiled onions” trying to sabotage Tor privacy network > Rogue Tor volunteers perform attacks that try to degrade encrypted connections. > by Dan Goodin - Jan 21 2014, 2:42pm PST > http://arstechnica.com/security/2014/01/scientists-detect-spoiled-onions-trying-to-sabotage-tor-privacy-network/ > > or reason #16256 to crypto end to end... > > --- > > Computer scientists have identified almost two dozen computers that > were actively working to sabotage the Tor privacy network by carrying > out attacks that can degrade encrypted connections between end users > and the websites or servers they visit. > > The "spoiled onions," as the researchers from Karlstad University in > Sweden dubbed the bad actors, were among the 1,000 or so volunteer > computers that typically made up the final nodes that exited the > Tor—short for The Onion Router—network at any given time in recent > months. Because these exit relays act as a bridge between the > encrypted Tor network and the open Internet, the egressing traffic is > decrypted as it leaves. That means operators of these servers can see > traffic as it was sent by the end user. Any data the end user sent > unencrypted, as well as the destinations of servers receiving or > responding to data passed between an end user and server, can be > monitored—and potentially modified—by malicious volunteers. Privacy > advocates have long acknowledged the possibility that the National > Security Agency and spy agencies across the world operate such rogue > exit nodes. > > The paper—titled Spoiled Onions: Exposing Malicious Tor Exit Relays—is > among the first to document the existence of exit nodes deliberately > working to tamper with end users' traffic (a paper with similar > findings is here). Still, it remains doubtful that any of the 25 > misconfigured or outright malicious servers were operated by NSA > agents. Two of the 25 servers appeared to redirect traffic when end > users attempted to visit pornography sites, leading the researchers to > suspect they were carrying out censorship regimes required by the > countries in which they operated. A third server suffered from what > researchers said was a configuration error in the OpenDNS server. > > The remainder carried out so-called man-in-the-middle (MitM) attacks > designed to degrade encrypted Web or SSH traffic to plaintext traffic. > The servers did this by using the well-known sslstrip attack designed > by researcher Moxie Marlinspike or another common MitM technique that > converts unreadable HTTPS traffic into plaintext HTTP. Often, the > attacks involved replacing the valid encryption key certificate with a > forged certificate self-signed by the attacker. > > "All the remaining relays engaged in HTTPS and/or SSH MitM attacks," > researchers Philipp Winter and Stefan Lindskog wrote. "Upon > establishing a connection to the decoy destination, these relays > exchanged the destination's certificate with their own, self-signed > version. Since these certificates were not issued by a trusted > authority contained in TorBrowser's certificate store, a user falling > prey to such a MitM attack would be redirected to the about:certerror > warning page." > > From Russia with love > > The 22 malicious servers were among about 1,000 exit nodes that were > typically available on Tor at any given time over a four-month period. > (The precise number of exit relays regularly changes as some go > offline and others come online.) The researchers found evidence that > 19 of the 22 malicious servers were operated by the same person or > group of people. Each of the 19 servers presented forged certificates > containing the same identifying information. The virtually identical > certificate information meant the MitM attacks shared a common origin. > What's more, all the servers used the highly outdated version 0.2.2.37 > of Tor, and all but one of the servers were hosted in the network of a > virtual private system providers located in Russia. Several of the IP > addresses were also located in the same net block. > > The researchers caution that there's no way to know that the operators > of the malicious exit nodes are the ones carrying out the attacks. > It's possible the actual attacks may be carried out by the ISPs or > network backbone providers that serve the malicious nodes. Still, the > researchers discounted the likelihood of an upstream provider of the > Russian exit relays carrying out the attacks for several reasons. For > one, the relays relied on a diverse set of IP address blocks, > including one based in the US. The relays frequently disappeared after > they were flagged as untrustworthy, researchers also noted. > > The researchers identified the rogue volunteers by scanning for server > relays that replaced valid HTTPS certificates with forged ones. That > might have helped to detect certificate forgery attacks such as the > one used in 2011 to monitor 300,000 Gmail users—wouldn't be detected > using the methods devised by the researchers. The researchers don't > believe the malicious nodes they observed were operated by the NSA or > other government agencies. > > "Organizations like the NSA have read/write access to large parts of > the Internet backbone," Karlstad University's Winter wrote in an > e-mail. "They simply do not need to run Tor relays. We believe that > the attacks we discovered are mostly done by independent individuals > who want to experiment." > > While the confirmation of malicious exit nodes is important, it's not > particularly surprising. Tor officials have long warned that Tor does > nothing to encrypt plaintext communications once it leaves the > network. That means ISPs, remote sites, VPN providers, and the Tor > exit relay itself can all see the communications that aren't encrypted > by end users and the parties they communicate with. Tor officials have > long counseled users to rely on HTTPS, e-mail encryption, or other > methods to ensure that traffic receives end-to-end encryption. > > The researchers have proposed a series of updates to the "Torbutton" > software used by most Tor users. Among other things, the > proof-of-concept software fix would use an alternative exit relay to > refetch all self-signed certificates delivered over Tor. The software > would then compare the digital fingerprints of the two certificates. > It's feasible that the changes might one day include certificate > pinning, a technique for ensuring that a certificate presented by > Google, Twitter, and other sites is the one authorized by the operator > rather than a counterfeit one. Several hours after this article went > live, Winter published this blog post titled What the "Spoiled Onions" > paper means for Tor users. > From jamesd at echeque.com Tue Jan 21 16:43:22 2014 From: jamesd at echeque.com (James A. Donald) Date: Wed, 22 Jan 2014 10:43:22 +1000 Subject: bitcoin In-Reply-To: References: <20140120102514.449c9214@steves-laptop> <52DDAD0A.6010801@echeque.com> <20140121003412.1626bbed@steves-laptop> <52DE3A5F.7010109@echeque.com> Message-ID: <52DF142A.2050900@echeque.com> On 2014-01-22 07:45, Juan Garofalo wrote: > I'm asking what practical means would governments use to deal with bitcoin > if it becomes a real problem for them. And I am telling you that they will act in a way that is chaotic, incompetent, corrupt, and disorderly. From hozer at hozed.org Wed Jan 22 08:47:03 2014 From: hozer at hozed.org (Troy Benjegerdes) Date: Wed, 22 Jan 2014 10:47:03 -0600 Subject: What more is there? [infil/exfil] In-Reply-To: References: Message-ID: <20140122164703.GZ3180@nl.grid.coop> On Tue, Jan 21, 2014 at 04:38:57PM +0100, Anonymous Remailer (austria) wrote: > > On 01/20/2014 07:56 PM, grarpamp wrote:> On Mon, Jan 20, 2014 at 2:57 > PM, Anonymous Remailer (austria) > > wrote: > >> > I too wish the leaks would come at a faster pace. But I don't think > >> > > The pace is ok, it keeps up the pressure. The real question is, > > is what remains? More of this same stuff we all knew was happening > > anyways? Or is there more deeper stuff we only questioned but > > shrugged off due to the hardness/fantasy of it all? > > > > - decryption of aes? cracked rsa? > > Unlikely, unless it's buried deep within files that Snowden took. > Remember, during his very first few interviews, he encouraged us to > continue to use encryption and made the statement "encryption works". He > also trusted RSA enough to use it to encrypt communications with > Greenwald and Poitris (sp?). > > > - automatic and global translation to stored text of all voice calls? > > Very real possibility. Commercial tech is almost there. Assuming > government is 3-5 years ahead, they might well have that. But I really > don't see that as much of a threat. It just saves analysts time. > > > - gratuitous unwarranted passing of crimetips to LEA? > > Likely already being done. In fact, there seems to be some evidence that > this has happened in several instances. > > > - fundamental metadata knowledge of all persons/associations? > > Probably possible but not really feasible. Too difficult to filter even > using selectors. But I'm sure they're close. Still, there are ways to > communicate without generating useful metadata so it might not matter. > > > - political puppetstringing? > > I'd say this is nearly guaranteed. In fact, I suspect this is why > Congress has been so slow to do anything about it. The NSA has them by > the balls. If you were running a large, illegal, operation, wouldn't you > first gather as much dirt on the people who could shut it down as possible? Illegal is a judgement call. If you keep people in the dark with enough compartmentalization and inter-department rivally, each individual (may) think they are doing their duty to $DIETY and Country. It takes someone who can see enough of the whole picture willing to have their career 'buy the farm' to either take a stand internally, and risk getting fired, or leak it. I doubt the IRS is in cahoots with the NSA AND the SEC AND the FEC, AND the EPA. Each of these organizations has their own information, motives, and dirt on various politicians and upper-level managers play each other and politicians to expand their fiefdoms and hire more wage serfs. The problem (for them) is every once in awhile the serfs get unruly. > > I suggest the answer lies in budget analysis... the possibilities > > within a well spent budget. Or a seriously conscientious leaker at > > the top who is yet to come... since so far Snowden seems limited > > to confirming lower level obviousness. > > Good point. You know what I'd like to see? I'd like to see code. I'd > like someone to drop the code to one of these massive systems online for > us to analyze. But I suppose documents and program details would be just > as useful. My wager is 'the code' will be Microsoft exchange and eXcel spreadsheets. What you want is the documents and the bank records, and I think the only way you'll ever get that is if the GAO starts mandating use of some transparent cryptocoin. The Federal Reserve could easily issue 'dollarcoin' that they directly control the money supply for and will back with federal reserve notes. -- Troy, public transparency fool #7 From hozer at hozed.org Wed Jan 22 09:10:09 2014 From: hozer at hozed.org (Troy Benjegerdes) Date: Wed, 22 Jan 2014 11:10:09 -0600 Subject: here you go.(firearms resistant drone bodies ) ..Re: Infiltration/Exfiltration In-Reply-To: References: <20140121052946.GV3180@nl.grid.coop> <2446844.lTtSaIMl8d@lap> <20140121201707.GY3180@nl.grid.coop> <52DEDC2C.3030409@cypherpunks.to> Message-ID: <20140122171009.GA3180@nl.grid.coop> On Tue, Jan 21, 2014 at 07:25:52PM -0500, grarpamp wrote: > On Tue, Jan 21, 2014 at 3:44 PM, gwen hastings wrote: > > http://www.gameofdrones.biz/ they do their testing with 12 gauges at > > >>> Assassination Politics is an interesting armchair quarterback game, > > >>>> keep and bear a well-regulated open-source drone Militia? > > >>> Well, funny thing that. I wrote on it: > >>> http://rys.io/en/54 > >>> > >>> The tl;dr is -- even though traditional RC planes are better-fitted to be used > >>> as "terrorist tools" (faster, more load, etc), it's *copters that will get > >>> banned first, as they empower people to "watch the watchers". > > No idea what kind of flight characteristics RC gear has, but someday > someone's going to try loading them with munitions and taking out > targets with them from far away. Even with RF jamming and > hailfire on close approach they could counter with inertial autopilot, > vertical guided payload drops from altitude, and redundancy. Maybe > $1-5k per drone. Will it crop up as a rebirth of Mafia/Ghetto gangland > violence? Corporate warfare? A political tool for anyone from nations > to individuals? Nations seem to publicize who they bagged in theatre > with drones today, but what if people just start dropping off? No longer > are you going to find bits of $M cruise missle labeled USA but a bunch > of Chinese toy parts (possibly flown at you while on holiday in Germany > by a Korean funded by a Texan who didnt't like your oil contract in > Canada). It's unbannable dual use leaving crazy movielike future > bounded only by human nature. Next is radar based automatic > rooftop shotgun mounts for the home, better buy stock in Mossberg. I expect suicide bombers will still be more effective, although now the bombers can fly 150 drones in formation to a target they can't physically get to and do some damage before they get droned themselves. Don't think TOR will help when the UN defense forces drop tungesten from orbit. Trying to hide is only going to get you AND the network you are hiding behind killed. That will be a faustian bargain for exit node operators.. censor/block/ limit known remote flight control traffic, or get bombed from orbit. Oh, and latency. Line-of-sight and theft of commercial aircraft is still going to be able to cause more damage. What I expect will be *far* more interesting will be the escalation in the seed-bombing wars.. http://www.guerrillagardening.org/ggseedbombs.html The geese already started it.. http://www.gmeducation.org/latest-news/p213503-the-oregon-gmo-wheat-mystery:-conspiracygeese-or-human-error.html From griffin at cryptolab.net Wed Jan 22 08:30:53 2014 From: griffin at cryptolab.net (Griffin Boyce) Date: Wed, 22 Jan 2014 11:30:53 -0500 Subject: and not a single Tor hacker was surprised... In-Reply-To: References: Message-ID: <52DFF23D.9020104@cryptolab.net> To be fair, literally no one who works on Tor or Tor-related projects is surprised. This is addressed at nearly every talk, nearly every workshop, and people are pretty open about it as a feature of the landscape. That most of these are low-speed exits is pretty telling. Most bad exits are designed to inject/replace ads, which is pretty stupid. If you catch someone doing this, share their ad code so they can be reported to ad networks and lose the money they were trying to make. However, the balance of probability has it that any given user is likely to be fine. Enforce https and don't accept random certificate errors. If you're getting a certificate error, click New Identity and you'll find that most magically disappear (and those that don't are typically issues with the website itself - don't patronize poorly-secured websites). What do I mean by "balance of probability"? Well, if you use Tor, there's about a 90% chance you'll pass through an exit run by someone I know, and a quite good chance that you'll specifically exit through a Torservers node. My point being that the only real answer to this problem is network diversity. If you're concerned about "spoiled onions," run a node! Don't have the time/money/interest? Donate to Torservers or Nos Oignons or Noisetor so that they can run more exit nodes. ~Griffin On 01/22/2014 09:54 AM, coderman wrote: > Scientists detect “spoiled onions” trying to sabotage Tor privacy network > Rogue Tor volunteers perform attacks that try to degrade encrypted connections. > by Dan Goodin - Jan 21 2014, 2:42pm PST > http://arstechnica.com/security/2014/01/scientists-detect-spoiled-onions-trying-to-sabotage-tor-privacy-network/ > > or reason #16256 to crypto end to end... > > --- > > Computer scientists have identified almost two dozen computers that > were actively working to sabotage the Tor privacy network by carrying > out attacks that can degrade encrypted connections between end users > and the websites or servers they visit. > > The "spoiled onions," as the researchers from Karlstad University in > Sweden dubbed the bad actors, were among the 1,000 or so volunteer > computers that typically made up the final nodes that exited the > Tor—short for The Onion Router—network at any given time in recent > months. Because these exit relays act as a bridge between the > encrypted Tor network and the open Internet, the egressing traffic is > decrypted as it leaves. That means operators of these servers can see > traffic as it was sent by the end user. Any data the end user sent > unencrypted, as well as the destinations of servers receiving or > responding to data passed between an end user and server, can be > monitored—and potentially modified—by malicious volunteers. Privacy > advocates have long acknowledged the possibility that the National > Security Agency and spy agencies across the world operate such rogue > exit nodes. > > The paper—titled Spoiled Onions: Exposing Malicious Tor Exit Relays—is > among the first to document the existence of exit nodes deliberately > working to tamper with end users' traffic (a paper with similar > findings is here). Still, it remains doubtful that any of the 25 > misconfigured or outright malicious servers were operated by NSA > agents. Two of the 25 servers appeared to redirect traffic when end > users attempted to visit pornography sites, leading the researchers to > suspect they were carrying out censorship regimes required by the > countries in which they operated. A third server suffered from what > researchers said was a configuration error in the OpenDNS server. > > The remainder carried out so-called man-in-the-middle (MitM) attacks > designed to degrade encrypted Web or SSH traffic to plaintext traffic. > The servers did this by using the well-known sslstrip attack designed > by researcher Moxie Marlinspike or another common MitM technique that > converts unreadable HTTPS traffic into plaintext HTTP. Often, the > attacks involved replacing the valid encryption key certificate with a > forged certificate self-signed by the attacker. > > "All the remaining relays engaged in HTTPS and/or SSH MitM attacks," > researchers Philipp Winter and Stefan Lindskog wrote. "Upon > establishing a connection to the decoy destination, these relays > exchanged the destination's certificate with their own, self-signed > version. Since these certificates were not issued by a trusted > authority contained in TorBrowser's certificate store, a user falling > prey to such a MitM attack would be redirected to the about:certerror > warning page." > > From Russia with love > > The 22 malicious servers were among about 1,000 exit nodes that were > typically available on Tor at any given time over a four-month period. > (The precise number of exit relays regularly changes as some go > offline and others come online.) The researchers found evidence that > 19 of the 22 malicious servers were operated by the same person or > group of people. Each of the 19 servers presented forged certificates > containing the same identifying information. The virtually identical > certificate information meant the MitM attacks shared a common origin. > What's more, all the servers used the highly outdated version 0.2.2.37 > of Tor, and all but one of the servers were hosted in the network of a > virtual private system providers located in Russia. Several of the IP > addresses were also located in the same net block. > > The researchers caution that there's no way to know that the operators > of the malicious exit nodes are the ones carrying out the attacks. > It's possible the actual attacks may be carried out by the ISPs or > network backbone providers that serve the malicious nodes. Still, the > researchers discounted the likelihood of an upstream provider of the > Russian exit relays carrying out the attacks for several reasons. For > one, the relays relied on a diverse set of IP address blocks, > including one based in the US. The relays frequently disappeared after > they were flagged as untrustworthy, researchers also noted. > > The researchers identified the rogue volunteers by scanning for server > relays that replaced valid HTTPS certificates with forged ones. That > might have helped to detect certificate forgery attacks such as the > one used in 2011 to monitor 300,000 Gmail users—wouldn't be detected > using the methods devised by the researchers. The researchers don't > believe the malicious nodes they observed were operated by the NSA or > other government agencies. > > "Organizations like the NSA have read/write access to large parts of > the Internet backbone," Karlstad University's Winter wrote in an > e-mail. "They simply do not need to run Tor relays. We believe that > the attacks we discovered are mostly done by independent individuals > who want to experiment." > > While the confirmation of malicious exit nodes is important, it's not > particularly surprising. Tor officials have long warned that Tor does > nothing to encrypt plaintext communications once it leaves the > network. That means ISPs, remote sites, VPN providers, and the Tor > exit relay itself can all see the communications that aren't encrypted > by end users and the parties they communicate with. Tor officials have > long counseled users to rely on HTTPS, e-mail encryption, or other > methods to ensure that traffic receives end-to-end encryption. > > The researchers have proposed a series of updates to the "Torbutton" > software used by most Tor users. Among other things, the > proof-of-concept software fix would use an alternative exit relay to > refetch all self-signed certificates delivered over Tor. The software > would then compare the digital fingerprints of the two certificates. > It's feasible that the changes might one day include certificate > pinning, a technique for ensuring that a certificate presented by > Google, Twitter, and other sites is the one authorized by the operator > rather than a counterfeit one. Several hours after this article went > live, Winter published this blog post titled What the "Spoiled Onions" > paper means for Tor users. From wahspilihp at gmail.com Tue Jan 21 17:03:18 2014 From: wahspilihp at gmail.com (Philip Shaw) Date: Wed, 22 Jan 2014 11:33:18 +1030 Subject: bitcoin In-Reply-To: References: <20140120102514.449c9214@steves-laptop> <52DDAD0A.6010801@echeque.com> <20140121003412.1626bbed@steves-laptop> <52DE3A5F.7010109@echeque.com> Message-ID: <2562159D-33FD-4D98-A5D9-AA2DB8694D6F@gmail.com> On 22 Jan 2014, at 8:15 , Juan Garofalo wrote: > > I'm asking what practical means would governments use to deal with bitcoin > if it becomes a real problem for them. Obvious solutions: * declare BTC to be presumptively evidence of drug dealing or trading CP - possession of weakly-related artefacts being declared as sufficient evidence has, IIRC, been ruled legal in NY in the case of a law which made possession by a woman of multiple condoms evidence of prostitution. * require BTC holdings to be declared to the tax authorities, and make explicit that whatever the local tax on investment holdings applies to BTC (I think the current question is not whether growth in value of BTC is taxable but what kind of investment it should be taxed as). * snarl up BTC exchanges with the same reporting requirements as normal banks and trading houses, even though the much smaller scale will make that extremely difficult to comply with. * rule that BTC miners are engaging in banking by building up the record in the block chain, and make them all responsible for reporting the transactions they process Apart from the first, none of those would be very controversial, or even entirely without merit if you accept the validity of the anti-fraud, anti-money-laundering, and anti-tax-evasion laws which require reporting by financial services companies. The trouble is, what is a tolerable imposition on a company handling millions of dollars is a huge and crippling burden on some guy with a couple of hundred dollars worth of BTC. (This is where a “by way of trade” qualifier[0] would come in useful, but it would also be horribly exploitable when it comes to financial trading.) [0] Typically meaning, taking up a significant portion of one’s time or providing a significant portion of one’s income - the sort of clause which means that someone driving cross-country with some friends and accepting petrol money from them isn’t required to comply with the regulations regarding taxis or minicabs. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 243 bytes Desc: Message signed with OpenPGP using GPGMail URL: From rysiek at hackerspace.pl Wed Jan 22 03:19:56 2014 From: rysiek at hackerspace.pl (rysiek) Date: Wed, 22 Jan 2014 12:19:56 +0100 Subject: {}coin: good enough for election politics? In-Reply-To: <52DEE80E.5030600@echeque.com> References: <20140120050132.GQ3180@nl.grid.coop> <4673167.zPLzVVGOnc@lap> <52DEE80E.5030600@echeque.com> Message-ID: <7523334.nATcYzJ4QX@lap> OHAI, Dnia środa, 22 stycznia 2014 07:35:10 James A. Donald pisze: > On 2014-01-21 21:45, rysiek wrote: > > Dnia poniedziałek, 20 stycznia 2014 05:10:58 J.A. Terranson pisze: > >> The problem I think you are looking to "solve" is *Corporate* > >> anonymity/pseudonymity. Won't happen under todays paradigm: the *fix* is > >> to go back to separation of "natural persons" and "Corporate/chartered > >> persons". The two types of personhood were never designed to be ewuals, > >> yet her we are. :-( > > > > Pretty much this. We need to dismantle the modern-day nobility: > > http://rys.io/en/77 > > > > Corporations are "people" with their "free speech": > > http://en.wikipedia.org/wiki/Citizens_United_v._Federal_Election_Commissio > > n > > > > ...trying to have their "privacy": > > http://www.reuters.com/article/2011/03/01/us-att-privacy-idUSTRE7203UN2011 > > 0301 > > Corporations are people. No. They are *made of* people. This is not the same thing. > If you grant lesser rights to corporations than to natural people, then > the state can, and will, make corporations fire anyone suspected of > thinking politically incorrect thoughts. What? I call bull. First of all, it's not the corporation's decision, it's a decision made always by *some person*. You don't have to give corporations these rights, as people that corporations consist of already have them. So, the government still cannot make *these people* fire other people for political views. Secondly, it's all about the responsibility. If the responsibility for decisions stops at corporation level, we're fucked, as we are currently, because people that actually make the decisions (in the end people make decisions, not corporations!) think "whatever, even if something gets fucked up, I'm in the clear, so why bother". > Turned on the news last night, they were interviewing some silicon > valley people, and the interviewer asked about how corporations viewed > this and that. One of the interviewees replied "I am a corporation". > He complained that he was subject to secret orders by a secret court, > which lawless orders he could not tell anyone about, that he himself was > being spied upon, that as well as being required to turn over > information officially, his information was being stolen unofficially, > and that foreign customers had (correctly) come to distrust him. But that still can be solved by bringing the rights and responsibilities down to personal level. If a "secret order" issued to a corporation is in violation of rights of physical people working there (as it seems to be in this case), the order is unlawful, full stop. Solved. > A corporation is freedom of association, a group of people that agree > together to act as one. Don't mix the freedom of association with the convenience of removed responsibility, or responsibility attached not to people, but to some legal fiction. The former is crucial, the latter is dangerous. > In order to act as one, they delegate complete power over the collective > assets of the project to one of themselves, the CEO, who is, often one > of the major shareholders. Thus a corporation is people, people > agreeing to associate, and corporation is a person, in that the people > agreeing to associate commonly nominate one of themselves to be that person. But corporations are thus ubermensch -- they have all the rights and powers of a person, without many of the responsibilities, with no danger of being imprisoned, and the only real legal sanction the courts (and thus, the rest of people) have against them are fines. Which, if the corporation is large enough, can be factored-in as cost of doing business, hence being passed on to customers. So, passed to other people. The problem is that our laws and constitutions had been written in times when governments had been by far the biggest threats to personal freedoms, possessions and life. They had posed (and continue to pose) a real threat because: 1. their sheer power (in terms of money, information, military power, etc) 2. human flaws (power corrupts, etc) 3. (perceived) removal of responsibility ("what could they do to me anyway") Today all three (power, human factor and perceived removal of responsibility) is present in largest multinationals. I see no reason to fear them less than governments. In fact, I am dreading the coming day the first corporation announces independence. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From hozer at hozed.org Wed Jan 22 10:24:36 2014 From: hozer at hozed.org (Troy Benjegerdes) Date: Wed, 22 Jan 2014 12:24:36 -0600 Subject: and not a single Tor hacker was surprised... In-Reply-To: <4869289.mJZM0fiGMF@lap> References: <52DFDFCB.9090003@kjro.se> <4869289.mJZM0fiGMF@lap> Message-ID: <20140122182436.GB3180@nl.grid.coop> On Wed, Jan 22, 2014 at 06:05:51PM +0100, rysiek wrote: > Dnia środa, 22 stycznia 2014 07:44:16 coderman pisze: > > (someone should write more about using client-side certificates as a > > method to thwart SSL MitM with a CA signing transparent proxy > > adversary upstream. aka BlueCoat with "enterprise certificate" > > injected or private key pilfer.) > > About this. Is there a way to serve 2 (or more) certificates for a given HTTPS > server/domain? What I would like to have is a way to: > - serve a proper, vanilla SSL certificate bought from some provider for the > general public accessing my service; > - serve a different cert (for example, using MonkeySphere) for those that do > not trust (and with good reasons) major CA's. > > This would have to work for the *same* domain on the *same* webserver. I > haven't yet seen a way to do this, so this might need implementing, but maybe > somebody here has heard about something along these lines? How secure is Bitcoin's ECDSA? My thought is using doing a *new* encrypted transport (or re-purposing SSL) and using the exact same ECDSA keys that are already being used as Bitcoin addresses would make it more likely that an attacker would just go after the money rather than wast time on MITM, and it's a lot more likely that average users would care to upgrade. This, I conjecture, would result in a generally much stronger deployment of crypto to end-users. From alfiej at fastmail.fm Tue Jan 21 18:06:17 2014 From: alfiej at fastmail.fm (Alfie John) Date: Wed, 22 Jan 2014 13:06:17 +1100 Subject: The Cypherpunk Enquirer In-Reply-To: <20140122013614.290546800A9@frontend2.nyi.mail.srv.osa> References: <20140122013614.290546800A9@frontend2.nyi.mail.srv.osa> Message-ID: <1390356377.24788.73738733.71A8AC0D@webmail.messagingengine.com> On Wed, Jan 22, 2014, at 12:36 PM, shelley at misanthropia.info wrote: > Bravo, anon! > > Very well done.  Project Creampie, Bose-Einstein condensate and the > bit about JYA... Oh, how I needed that laugh today! With the US government providing ample comedic/sadistic material, I hope the Cypherpunk Enquirer becomes a weekly/monthly thing. Nice work anon. Alfie -- Alfie John alfiej at fastmail.fm From carimachet at gmail.com Wed Jan 22 06:31:08 2014 From: carimachet at gmail.com (Cari Machet) Date: Wed, 22 Jan 2014 15:31:08 +0100 Subject: SO... APPARENTLY THEY DECIDED TO TAKE THE INTERNET Message-ID: https://www.ourinternet.org/#commission -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 807 bytes Desc: not available URL: From grarpamp at gmail.com Wed Jan 22 13:05:00 2014 From: grarpamp at gmail.com (grarpamp) Date: Wed, 22 Jan 2014 16:05:00 -0500 Subject: Kiev Protest: Cell/Net LibTech Law Message-ID: http://motherboard.vice.com/en_ca/blog/maybe-the-most-orwellian-text-message-ever-sent https://twitter.com/EuromaidanPR http://craphound.com/images/dictatorship-en.jpg http://www.bbc.co.uk/news/world-europe-25838962 From rysiek at hackerspace.pl Wed Jan 22 09:05:51 2014 From: rysiek at hackerspace.pl (rysiek) Date: Wed, 22 Jan 2014 18:05:51 +0100 Subject: and not a single Tor hacker was surprised... In-Reply-To: References: <52DFDFCB.9090003@kjro.se> Message-ID: <4869289.mJZM0fiGMF@lap> Dnia środa, 22 stycznia 2014 07:44:16 coderman pisze: > (someone should write more about using client-side certificates as a > method to thwart SSL MitM with a CA signing transparent proxy > adversary upstream. aka BlueCoat with "enterprise certificate" > injected or private key pilfer.) About this. Is there a way to serve 2 (or more) certificates for a given HTTPS server/domain? What I would like to have is a way to: - serve a proper, vanilla SSL certificate bought from some provider for the general public accessing my service; - serve a different cert (for example, using MonkeySphere) for those that do not trust (and with good reasons) major CA's. This would have to work for the *same* domain on the *same* webserver. I haven't yet seen a way to do this, so this might need implementing, but maybe somebody here has heard about something along these lines? -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Wed Jan 22 09:14:39 2014 From: rysiek at hackerspace.pl (rysiek) Date: Wed, 22 Jan 2014 18:14:39 +0100 Subject: Infiltration/Exfiltration In-Reply-To: <20140121201707.GY3180@nl.grid.coop> References: <2446844.lTtSaIMl8d@lap> <20140121201707.GY3180@nl.grid.coop> Message-ID: <6270827.cjgGcNSLHo@lap> Dnia wtorek, 21 stycznia 2014 14:17:07 Troy Benjegerdes pisze: > On Tue, Jan 21, 2014 at 12:32:53PM +0100, rysiek wrote: > > Dnia poniedziałek, 20 stycznia 2014 23:29:46 Troy Benjegerdes pisze: > > > Let me posit that we need humans that act more like ethical beings, that > > > have insights that go beyond the logic, rules, and reason that seem to, > > > well, govern the keeping of secrets. I see a disturbing trend towards > > > people who appear to be more human rule-and-emotional-reactivity > > > execution > > > units than empowered beings with free and unpredictable thought and > > > discernment. > > > > > > The great thing that Snowden did was get more of the general public > > > engaged > > > and involved, and for the various types of infiltrators to have any > > > lasting > > > effect, there must be cypherpoliticians, architecting secure legal codes > > > and blocking legislative trojans. > > > > > > Assassination Politics is an interesting armchair quarterback game, but > > > I > > > think what we really need is some of that theory applied to Election > > > politics, with some down-in-the dirt wrestling with campaign finance. > > > > Oooooh. Oooh. "I just had a brainwave", to quote Chief Inspector Hubbard. > > > > How about use the very same mechanism as assassination market, but for > > voting? Betting on who will win the next election, generally or in a each > > district, etc? Creating cash incentives not for politicians (well, also, > > they could bet themselves after all!), but activists, or other people > > that might help get somebody elected? Pooling resources, but not in a > > candidate's pocket. > This is a perfect example of "It's hard to understand something your salary > (or campaign finances) depend on not understanding", cause I never saw this > until you pointed it out. Fortunately I still have a few braincells that > fired. > > This is brilliant... Get more money in politics, but in a way the > politicians can never touch it. Oh sure, some will, but they will quickly > be strung up by the 'clean campaigns' lynch mob. Well, ideas are cheap, so if anybody feels compelled to implement that, go for it, it's Public Domain now. ;) > > > We need cypherpunks pointing out the futility of more reactive campaign > > > finance regulations that plug the holes we saw last year. We need > > > speech, > > > and code as speech, and a debate about does the First Amendment cover > > > the > > > right to speak in code, and does the Second Amendment give us the right > > > to > > > keep and bear a well-regulated open-source drone Militia? > > > > Well, funny thing that. I wrote on it: > > http://rys.io/en/54 > > > > The tl;dr is -- even though traditional RC planes are better-fitted to be > > used as "terrorist tools" (faster, more load, etc), it's *copters that > > will get banned first, as they empower people to "watch the watchers". > > Except I get to play the "Farmers need open-source drones to keep those > anti-GMO terr'ists out" police state card, and watch the competing > interests tie themselves up in knots while activists download the code I > use to "Protect America's Food" "The Police will handle that for you, Dear Farmer. Now hand over the drone that you no longer need. You're not a terr'ist, are ya?.." -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From katana at riseup.net Wed Jan 22 09:47:12 2014 From: katana at riseup.net (katana) Date: Wed, 22 Jan 2014 18:47:12 +0100 Subject: and not a single Tor hacker was surprised... In-Reply-To: <4869289.mJZM0fiGMF@lap> References: <52DFDFCB.9090003@kjro.se> <4869289.mJZM0fiGMF@lap> Message-ID: <52E00420.1090501@riseup.net> Hi, > About this. Is there a way to serve 2 (or more) certificates for a > given HTTPS server/domain? What I would like to have is a way to: - > serve a proper, vanilla SSL certificate bought from some provider for > the general public accessing my service; - serve a different cert > (for example, using MonkeySphere) for those that do not trust (and > with good reasons) major CA's. > > This would have to work for the *same* domain on the *same* > webserver. I haven't yet seen a way to do this, so this might need > implementing, but maybe somebody here has heard about something along > these lines? Like the Soveraign or TACKed keys perhaps? -- Katana From tom at ritter.vg Wed Jan 22 21:47:48 2014 From: tom at ritter.vg (Tom Ritter) Date: Thu, 23 Jan 2014 00:47:48 -0500 Subject: and not a single Tor hacker was surprised... In-Reply-To: <4869289.mJZM0fiGMF@lap> References: <52DFDFCB.9090003@kjro.se> <4869289.mJZM0fiGMF@lap> Message-ID: On Jan 23, 2014 6:13 AM, "rysiek" wrote:> About this. Is there a way to serve 2 (or more) certificates for a given HTTPS > server/domain? What I would like to have is a way to: > - serve a proper, vanilla SSL certificate bought from some provider for the > general public accessing my service; > - serve a different cert (for example, using MonkeySphere) for those that do > not trust (and with good reasons) major CA's. > > This would have to work for the *same* domain on the *same* webserver. I > haven't yet seen a way to do this, so this might need implementing, but maybe > somebody here has heard about something along these lines? There are a lot of things like this, but the big question is: how does the user indicate to you which cert they want? If it was via pubca.x.com or privca.x.com - that's easy just put the different certs in the different sites. But otherwise, you have to rely on quirks. TLS allows you to send different certs to different users, but this is based off the handshake and is for algorithm agility - not cert chaining. EG I send ECDSA signed certs if I know you can handle them, and RSA if not. You can also send two leaf certs, two cert chains, a cert and garbage, a cert and a stego message - whatever. This is the closest to what you want, but this is undefined behavior. Browsers may build a valid chain off the public CA, and monkeysphere off the private* and it works perfect... Or the browser may pop an invalid cert warning. It's undefined behavior. You'll have to test, see what happens, and hope chrome doesn't break when it updates every week. -tom * I realize monkey sphere doesn't use a private CA, just using it as an example. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2075 bytes Desc: not available URL: From jamesd at echeque.com Wed Jan 22 14:38:39 2014 From: jamesd at echeque.com (James A. Donald) Date: Thu, 23 Jan 2014 08:38:39 +1000 Subject: {}coin: good enough for election politics? In-Reply-To: <7523334.nATcYzJ4QX@lap> References: <20140120050132.GQ3180@nl.grid.coop> <4673167.zPLzVVGOnc@lap> <52DEE80E.5030600@echeque.com> <7523334.nATcYzJ4QX@lap> Message-ID: <52E0486F.6070402@echeque.com> James A. Donald: >> Corporations are people. rysiek wrote: > No. They are *made of* people. This is not the same thing. Is the same thing in any case that matters, such as freedom of speech, search without reasonable cause, and so on and so forth. >> If you grant lesser rights to corporations than to natural people, >> then the state can, and will, make corporations fire anyone >> suspected of thinking politically incorrect thoughts. > What? I call bull. Happens every day. > First of all, it's not the corporation's decision, it's a decision > made always by *some person*. But that person is not an officer of the corporation, but an employee of the government. > You don't have to give corporations these rights, as people that > corporations consist of already have them. That is backwards from reality. People that corporations consist of lose these rights, such as freedom of speech, because the government violates the rights of the corporation. From rich at openwatch.net Thu Jan 23 10:28:12 2014 From: rich at openwatch.net (Rich Jones) Date: Thu, 23 Jan 2014 10:28:12 -0800 Subject: Internet/cell phones blocked in Eastern Ukraine? In-Reply-To: References: <23575258.HspTl1Qfko@lap> <52E14B63.7090402@ch1p.com> Message-ID: This was a particularly troubling related story: http://www.theverge.com/2014/1/21/5332726/ukraine-government-texts-ominous-orwellian-message-directly-to-cell http://www.washingtonpost.com/blogs/the-switch/wp/2014/01/21/ukraines-1984-moment-government-using-cellphones-to-track-protesters/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 586 bytes Desc: not available URL: From tedks at riseup.net Thu Jan 23 07:55:58 2014 From: tedks at riseup.net (Ted Smith) Date: Thu, 23 Jan 2014 10:55:58 -0500 Subject: {}coin: good enough for election politics? In-Reply-To: <52E0708A.7020304@echeque.com> References: <20140120050132.GQ3180@nl.grid.coop> <4673167.zPLzVVGOnc@lap> <52DEE80E.5030600@echeque.com> <7523334.nATcYzJ4QX@lap> <52E0486F.6070402@echeque.com> <52E0708A.7020304@echeque.com> Message-ID: <1390492558.31788.2.camel@anglachel> On Thu, 2014-01-23 at 11:29 +1000, James A. Donald wrote: > James A. Donald: > > > > Corporations are people. > > > > > If you grant lesser rights to corporations than to natural > > > > people, then the state can, and will, make corporations fire > > > > anyone suspected of thinking politically incorrect thoughts. > > rysiek wrote: > > > What? I call bull. > > James A. Donald: > > Happens every day. > > For example, Pax Dickinson was fired for crimethink Pax Dickinson was fired for being a rampant misogynist. I can see how that would upset you, being also a rampant misogynist/racist asshole, but nobody *really likes* people like you, and surely as an overt corporatist you must realize that you have no right to be employed if your employer doesn't want to be around an asshole. That also rather obviously had nothing to do with "the state" and far more to do with the massively bad PR that comes from employing openly misogynist assholes. No matter what domain your email account is on, you're obviously a troll at this point, and you're going in my killfile. -- Sent from Ubuntu -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: This is a digitally signed message part URL: From jamesd at echeque.com Wed Jan 22 17:29:46 2014 From: jamesd at echeque.com (James A. Donald) Date: Thu, 23 Jan 2014 11:29:46 +1000 Subject: {}coin: good enough for election politics? In-Reply-To: <52E0486F.6070402@echeque.com> References: <20140120050132.GQ3180@nl.grid.coop> <4673167.zPLzVVGOnc@lap> <52DEE80E.5030600@echeque.com> <7523334.nATcYzJ4QX@lap> <52E0486F.6070402@echeque.com> Message-ID: <52E0708A.7020304@echeque.com> James A. Donald: > > > Corporations are people. > > > If you grant lesser rights to corporations than to natural > > > people, then the state can, and will, make corporations fire > > > anyone suspected of thinking politically incorrect thoughts. rysiek wrote: > > What? I call bull. James A. Donald: > Happens every day. For example, Pax Dickinson was fired for crimethink The person who called for his firing was Anil, who holds regulatory government powers over the company that employed Pax Dickinson. I was pretty amazed that he went for it. He flat out said that he wants his startup to be funded and wasn’t sure if it’d be possible after all of his, and I replied that it realistically wasn’t going to happen without the say-so of someone like me, and I wasn’t inclined to give some VC the nod on this. So, these days, the merely wealthy need a nod from the likes of Anil, the powerless need to run all their decisions past the powerful. From rysiek at hackerspace.pl Thu Jan 23 05:50:52 2014 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 23 Jan 2014 14:50:52 +0100 Subject: Internet/cell phones blocked in Eastern Ukraine? Message-ID: <23575258.HspTl1Qfko@lap> Hi there, I just got wind that Internet and cell phones are being blocked/disabled in Eastern Ukraine. Can anybody confirm this in any way? -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From gutemhc at gmail.com Thu Jan 23 09:20:13 2014 From: gutemhc at gmail.com (Gutem) Date: Thu, 23 Jan 2014 15:20:13 -0200 Subject: Fwd: Google Chrome Has a Bug That Lets Any Site Eavesdrop On You In-Reply-To: References: Message-ID: A Bug? Really? http://gizmodo.com/google-chrome-has-a-bug-that-could-let-anyone-eavesdrop-1506483705 http://talater.com/chrome-is-listening/ Att, - Gutem ------------------------------------------------------------------------------------------- Registered Linux User: 562142 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 625 bytes Desc: not available URL: From rysiek at hackerspace.pl Thu Jan 23 06:58:34 2014 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 23 Jan 2014 15:58:34 +0100 Subject: Internet/cell phones blocked in Eastern Ukraine? In-Reply-To: <23575258.HspTl1Qfko@lap> References: <23575258.HspTl1Qfko@lap> Message-ID: <10462520.RYbm9aVvvo@lap> Dnia czwartek, 23 stycznia 2014 14:50:52 rysiek pisze: > Hi there, > > I just got wind that Internet and cell phones are being blocked/disabled in > Eastern Ukraine. Can anybody confirm this in any way? Humm: http://b2b.renesys.com/eventsbulletin/2014/01/UA-1390415430.html#more 116 networks out in the Ukraine By Renesys Events on January 22, 2014 8:00 PM | No Comments | No TrackBacks 116 networks experienced an outage in the Ukraine starting at 18:30 UTC on January 22. This represents 1% of the routed networks in the country. 99% of the networks in this event reached the Internet through the connection: Volia (Kyivski Telekomunikatsiyni Merezhi LLC) (AS25229) to Telecom Italia Sparkle (AS6762). Summary statistics on the event are as follows: date/time 2014-Jan-22 18:30:30 UTC primary geography the Ukraine primary organization Volia (Kyivski Telekomunikatsiyni Merezhi LLC) (AS25229) severity 1% of the routed networks in the country -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From mlp at upstandinghackers.com Thu Jan 23 08:56:16 2014 From: mlp at upstandinghackers.com (Meredith L. Patterson) Date: Thu, 23 Jan 2014 17:56:16 +0100 Subject: {}coin: good enough for election politics? In-Reply-To: <1390492558.31788.2.camel@anglachel> References: <20140120050132.GQ3180@nl.grid.coop> <4673167.zPLzVVGOnc@lap> <52DEE80E.5030600@echeque.com> <7523334.nATcYzJ4QX@lap> <52E0486F.6070402@echeque.com> <52E0708A.7020304@echeque.com> <1390492558.31788.2.camel@anglachel> Message-ID: <20140123165616.GB13459@nestor.local> On Thu, Jan 23, 2014 at 10:55:58AM -0500, Ted Smith wrote: > On Thu, 2014-01-23 at 11:29 +1000, James A. Donald wrote: > > For example, Pax Dickinson was fired for crimethink > > Pax Dickinson was fired for being a rampant misogynist. I can see how > that would upset you, being also a rampant misogynist/racist asshole, So, I'm not James, nor do I have much of anything in common with him at all, but I'm far more creeped out by Anil Dash's self-righteous chortling over his own perception of holding Dickinson's career future hostage than I am at Dickinson's firing. "What is new in our time," Bertrand Russell once said, "is the increased power of the authorities to enforce their prejudices." Let me ask you this: put me in Pax's shoes. (You can substitute something offensive I'd be likely to say for Pax's actual words, if that helps with the cognitive dissonance. Perhaps something about guns. Or titties, I say some pretty crass things about titties too.) Suppose I then ended up across that lunch table from Dash, and that Dash had made the same "you'll never see VC if I can help it" threat. That's where the cognitive dissonance kicks in too strongly for me to continue the Gedankenexperiment: Dash would never make that threat to a woman, for fear of the ANIL DASH THREATENS FEMALE ENTREPRENEUR headlines that would flow like wine afterward. Dickinson was Fair Game, in Dash's view, and Dash accordingly displayed all the civility and restraint of a Hubbardite zealot, cloaked as it was under the veneer of a genteel Manhattan business lunch. Anil Dash fancies himself an authority, and fancies his position to be one from which enforcing his prejudices constitutes acceptable behaviour. The only authority he actually holds is money and relationships with other people who have money, but his demonstrated eagerness to use that authority to punish nonbelievers marks him as a danger to free thought and free discourse. Don't let that sycophantic scumbag anywhere near public office, is all I'm sayin'. --mlp From dan at geer.org Thu Jan 23 15:00:27 2014 From: dan at geer.org (dan at geer.org) Date: Thu, 23 Jan 2014 18:00:27 -0500 Subject: [OT] Note to new-ish subscribers: you joined a mailing list, not a "group". (fwd) In-Reply-To: Your message of "Tue, 21 Jan 2014 12:48:46 +0100." <3991396.Fn3xMA343Y@lap> Message-ID: <20140123230027.2DD402280C5@palinka.tinho.net> On the question of retroactivity of law: http://www.heritage.org/constitution/articles/1/essays/62/bill-of-attainder On the question of selective enforcement of existing law, Obama has turned it into an art form: http://www.wnd.com/2014/01/liberal-icon-urges-obama-impeachment --dan From read at ch1p.com Thu Jan 23 09:03:31 2014 From: read at ch1p.com (ch1p.read) Date: Thu, 23 Jan 2014 19:03:31 +0200 Subject: Internet/cell phones blocked in Eastern Ukraine? In-Reply-To: <23575258.HspTl1Qfko@lap> References: <23575258.HspTl1Qfko@lap> Message-ID: <52E14B63.7090402@ch1p.com> I'm in Crimea now, everything is ok here. On 01/23/2014 03:50 PM, rysiek wrote: > Hi there, > > I just got wind that Internet and cell phones are being blocked/disabled in > Eastern Ukraine. Can anybody confirm this in any way? > From carimachet at gmail.com Thu Jan 23 10:12:55 2014 From: carimachet at gmail.com (Cari Machet) Date: Thu, 23 Jan 2014 19:12:55 +0100 Subject: Internet/cell phones blocked in Eastern Ukraine? In-Reply-To: <52E14B63.7090402@ch1p.com> References: <23575258.HspTl1Qfko@lap> <52E14B63.7090402@ch1p.com> Message-ID: not looking likely but this is super cute Racist right-wing group on frontlines of euromaidan protests http://news.yahoo.com/shadowy-ukraine-far-group-frontline-clashes-174144548.html On Thu, Jan 23, 2014 at 6:03 PM, ch1p.read wrote: > I'm in Crimea now, everything is ok here. > > > On 01/23/2014 03:50 PM, rysiek wrote: > >> Hi there, >> >> I just got wind that Internet and cell phones are being blocked/disabled >> in >> Eastern Ukraine. Can anybody confirm this in any way? >> >> > -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1989 bytes Desc: not available URL: From rysiek at hackerspace.pl Thu Jan 23 11:34:24 2014 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 23 Jan 2014 20:34:24 +0100 Subject: Internet/cell phones blocked in Eastern Ukraine? In-Reply-To: <52E14B63.7090402@ch1p.com> References: <23575258.HspTl1Qfko@lap> <52E14B63.7090402@ch1p.com> Message-ID: <2336870.LitqSuuMT4@lap> Dnia czwartek, 23 stycznia 2014 19:03:31 ch1p.read pisze: > I'm in Crimea now, everything is ok here. Thanks. Can you try contacting anybody in Kiev about it? It would be greatly appreciated. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Thu Jan 23 11:36:37 2014 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 23 Jan 2014 20:36:37 +0100 Subject: Internet/cell phones blocked in Eastern Ukraine? In-Reply-To: References: <23575258.HspTl1Qfko@lap> Message-ID: <8092051.GdxlFSfkAx@lap> Dnia czwartek, 23 stycznia 2014 20:44:34 Andrey Popp pisze: > Just asked a comrade in Kyiv — everything works ok. Where did you get this > information from? A text message / SMS from a friend in the area. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From 8mayday at gmail.com Thu Jan 23 08:44:34 2014 From: 8mayday at gmail.com (Andrey Popp) Date: Thu, 23 Jan 2014 20:44:34 +0400 Subject: Internet/cell phones blocked in Eastern Ukraine? In-Reply-To: <23575258.HspTl1Qfko@lap> References: <23575258.HspTl1Qfko@lap> Message-ID: Just asked a comrade in Kyiv — everything works ok. Where did you get this information from? On Thu, Jan 23, 2014 at 5:50 PM, rysiek wrote: > Hi there, > > I just got wind that Internet and cell phones are being blocked/disabled in > Eastern Ukraine. Can anybody confirm this in any way? > > -- > Pozdr > rysiek -- Andrey Popp / 8mayday at gmail.com -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 861 bytes Desc: not available URL: From odinn.cyberguerrilla at riseup.net Thu Jan 23 20:51:52 2014 From: odinn.cyberguerrilla at riseup.net (Odinn Cyberguerrilla) Date: Thu, 23 Jan 2014 20:51:52 -0800 Subject: Meanwhile in the USA... Re: Internet/cell phones blocked in Eastern Ukraine? In-Reply-To: <2336870.LitqSuuMT4@lap> References: <23575258.HspTl1Qfko@lap> <52E14B63.7090402@ch1p.com> <2336870.LitqSuuMT4@lap> Message-ID: <2aff26f8b4dc74def59da7c572ed290c.squirrel@fulvetta.riseup.net> Meanwhile, in the USA... still no ruling from 'government' on the matter of BART and cell / wireless throttling or shutoff generally. http://apps.fcc.gov/ecfs/proceeding/view?z=6uvc1&name=12-52 Notice the link to the proceeding is currently down, you can't see the NLG, Public Knowledge, etc. filings. fcc.gov is up, but transition.fcc.gov is acting funny or not available. The Electronic Comment Filing System (ECFS) where people go through to file things to the FCC is unavailable totally, and fjallfoss is down, unless I've just burnt a fuse or something. I haven't been watching the FCC much if at all in the past year, so maybe I just missed them moving onto a new site and I don't know what it is? However it appears that the FCC has temporarily lost its shit, and I want to note here for the record I had nothing to do with it, I just noticed. "Connecting America" is up though. :-O https://www.fcc.gov/connecting-america Public Knowledge (which files a lot with the FCC) hasn't posted anything about it. This was a story released in the last tweet that @publicknowledge RT'd: http://www.reuters.com/article/2014/01/23/us-usa-security-privacy-idUSBREA0M0TI20140123 Something about the NSA. Whatevs. Interesting timing, the Ukraine, DC, etc. -Odinn > Dnia czwartek, 23 stycznia 2014 19:03:31 ch1p.read pisze: >> I'm in Crimea now, everything is ok here. > > Thanks. Can you try contacting anybody in Kiev about it? It would be > greatly > appreciated. > > -- > Pozdr > rysiek From jamesdbell8 at yahoo.com Thu Jan 23 22:09:52 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Thu, 23 Jan 2014 22:09:52 -0800 (PST) Subject: {}coin: good enough for election politics? In-Reply-To: <52E1FB19.5060909@echeque.com> References: <20140120050132.GQ3180@nl.grid.coop> <4673167.zPLzVVGOnc@lap> <52DEE80E.5030600@echeque.com> <7523334.nATcYzJ4QX@lap> <52E0486F.6070402@echeque.com> <52E0708A.7020304@echeque.com> <1390492558.31788.2.camel@anglachel> <20140123165616.GB13459@nestor.local> <52E1A2EA.2080300@echeque.com> <20140123233054.GL14252@nestor.local> <52E1FB19.5060909@echeque.com> Message-ID: <1390543792.90788.YahooMailNeo@web164604.mail.gq1.yahoo.com> From: James A. Donald On 2014-01-24 09:30, Meredith L. Patterson wrote: > On Fri, Jan 24, 2014 at 09:16:58AM +1000, James A. Donald wrote: >> On 2014-01-24 02:56, Meredith L. Patterson wrote: >>> Anil Dash fancies himself an authority, and fancies his position to be >>> one from which enforcing his prejudices constitutes acceptable >>> behaviour. The only authority he actually holds is money >>> You are factually wrong:  The authority Anil holds is government >>> money and government permissions.  He is on the revolving door >>> between regulators and regulated. >> Are you referring to the fact that whatever currency he holds is fiat >> currency, or to his role as (e.g.) director of Expert Labs, or >> something else? (I know little about the man's history, just glanced >> at his LinkedIn.) >Expert labs is a "Government 2.0 initiative that aims to connect United >States government projects with citizens who want to become more >involved in the political discussion". >In other words, he is a political commissar.  Expert labs is an NGO. >NGO is code for GO, for when NGOs advertise jobs, they generally >advertise those jobs as government employment. Hmmm, I thought that _I_ invented the concept of "Government 2.0" when I wrote my "Assassination Politics" essay in 1995-96.  Or perhaps I should have called it, "Government Omega.Omega".        Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2515 bytes Desc: not available URL: From read at ch1p.com Thu Jan 23 12:13:02 2014 From: read at ch1p.com (Eugene Z) Date: Thu, 23 Jan 2014 22:13:02 +0200 Subject: Internet/cell phones blocked in Eastern Ukraine? In-Reply-To: <2336870.LitqSuuMT4@lap> References: <23575258.HspTl1Qfko@lap> <52E14B63.7090402@ch1p.com> <2336870.LitqSuuMT4@lap> Message-ID: <52E177CE.80401@ch1p.com> My friends/colleagues from Kyiv, Ivano-Frankivsk and Chernihiv say that everything works. On 01/23/2014 09:34 PM, rysiek wrote: > Dnia czwartek, 23 stycznia 2014 19:03:31 ch1p.read pisze: >> I'm in Crimea now, everything is ok here. > Thanks. Can you try contacting anybody in Kiev about it? It would be greatly > appreciated. > From juan.g71 at gmail.com Thu Jan 23 17:18:53 2014 From: juan.g71 at gmail.com (Juan Garofalo) Date: Thu, 23 Jan 2014 22:18:53 -0300 Subject: {}coin: good enough for election politics? In-Reply-To: <1570101.OHLpTmz9Hx@lap> References: <20140120050132.GQ3180@nl.grid.coop> <1390492558.31788.2.camel@anglachel> <20140123165616.GB13459@nestor.local> <1570101.OHLpTmz9Hx@lap> Message-ID: --On Friday, January 24, 2014 1:42 AM +0100 rysiek wrote: > > Thing is, today not only authorities have increased power to enforce > their prejudices. Multinationals have sometimes even bigger power and > possibilities as far as this is concerned -- just consider what Facebook > can do in terms of censorship. Or Google. I love how google censors autocomplete terms... 3, 2, 1, A conservative starts to pretend that 'private' censorship is not censorship! Also, it's funny how the jew-kristian-google-puritan monkeys censor, among other things, autocomplete terms related to porn and sex in general. > > I'm not saying authorities and governments are not dangerous. I'm saying > multinationals are as dangerous and we need to do something about it. > > -- > Pozdr > rysiek From rich at openwatch.net Fri Jan 24 00:27:35 2014 From: rich at openwatch.net (Rich Jones) Date: Fri, 24 Jan 2014 00:27:35 -0800 Subject: BitCloud Message-ID: Tor-like anonymity network, but backed by a new cryptocurrency in order to pay for the relay bandwidth. It's a nice thought! https://github.com/wetube/bitcloud http://www.reddit.com/r/bitcloud http://talk.bitcloudproject.org/ Meat: https://github.com/wetube/bitcloud/blob/master/bitcloud.org More logos of the 'loading' interface than actual code at this point, which is certainly a bad sign, but people are at least enthusiastic about the idea. As an approach to solving the autonomy problem, though, I think I'm more interested in radios than new overlay networks.. R -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 908 bytes Desc: not available URL: From mlp at upstandinghackers.com Thu Jan 23 15:30:54 2014 From: mlp at upstandinghackers.com (Meredith L. Patterson) Date: Fri, 24 Jan 2014 00:30:54 +0100 Subject: {}coin: good enough for election politics? In-Reply-To: <52E1A2EA.2080300@echeque.com> References: <20140120050132.GQ3180@nl.grid.coop> <4673167.zPLzVVGOnc@lap> <52DEE80E.5030600@echeque.com> <7523334.nATcYzJ4QX@lap> <52E0486F.6070402@echeque.com> <52E0708A.7020304@echeque.com> <1390492558.31788.2.camel@anglachel> <20140123165616.GB13459@nestor.local> <52E1A2EA.2080300@echeque.com> Message-ID: <20140123233054.GL14252@nestor.local> On Fri, Jan 24, 2014 at 09:16:58AM +1000, James A. Donald wrote: > On 2014-01-24 02:56, Meredith L. Patterson wrote: > >Anil Dash fancies himself an authority, and fancies his position to be > >one from which enforcing his prejudices constitutes acceptable > >behaviour. The only authority he actually holds is money > > You are factually wrong: The authority Anil holds is government > money and government permissions. He is on the revolving door > between regulators and regulated. Are you referring to the fact that whatever currency he holds is fiat currency, or to his role as (e.g.) director of Expert Labs, or something else? (I know little about the man's history, just glanced at his LinkedIn.) --mlp From juan.g71 at gmail.com Thu Jan 23 19:49:01 2014 From: juan.g71 at gmail.com (Juan Garofalo) Date: Fri, 24 Jan 2014 00:49:01 -0300 Subject: [OT] Note to new-ish subscribers: you joined a mailing list, not a "group". (fwd) In-Reply-To: References: <3991396.Fn3xMA343Y@lap> <20140123230027.2DD402280C5@palinka.tinho.net> Message-ID: <67AF5440BF321831B198FF69@F74D39FA044AA309EAEA14B9> --On Friday, January 24, 2014 3:15 AM +0000 Cari Machet wrote: > i love when they make excuses like well its better than china hahhahaha > .... > > umn rule of law long loooooong dead ... what can we do about that? What do you think 'rule of law' is, and when do you think it was 'alive'? Maybe when jefferson and accomplices founded their little slave republic? > > > > On 1/23/14, dan at geer.org wrote: >> >> >> >> On the question of retroactivity of law: >> >> http://www.heritage.org/constitution/articles/1/essays/62/bill-of-attain >> der >> >> On the question of selective enforcement of existing law, >> Obama has turned it into an art form: >> >> http://www.wnd.com/2014/01/liberal-icon-urges-obama-impeachment >> >> >> --dan >> >> > > > -- > Cari Machet > NYC 646-436-7795 > carimachet at gmail.com > AIM carismachet > Syria +963-099 277 3243 > Amman +962 077 636 9407 > Berlin +49 152 11779219 > Twitter: @carimachet > > Ruh-roh, this is now necessary: This email is intended only for the > addressee(s) and may contain confidential information. If you are not the > intended recipient, you are hereby notified that any use of this > information, dissemination, distribution, or copying of this email without > permission is strictly prohibited. > From measl at mfn.org Thu Jan 23 23:36:06 2014 From: measl at mfn.org (J.A. Terranson) Date: Fri, 24 Jan 2014 01:36:06 -0600 (CST) Subject: {}coin: good enough for election politics? In-Reply-To: <52E1A141.5050309@echeque.com> References: <20140120050132.GQ3180@nl.grid.coop> <4673167.zPLzVVGOnc@lap> <52DEE80E.5030600@echeque.com> <7523334.nATcYzJ4QX@lap> <52E0486F.6070402@echeque.com> <52E0708A.7020304@echeque.com> <1390492558.31788.2.camel@anglachel> <52E1A141.5050309@echeque.com> Message-ID: On Fri, 24 Jan 2014, James A. Donald wrote: > On 2014-01-24 01:55, Ted Smith wrote: > > Pax Dickinson was fired for being a rampant misogynist. > > He was fired for saying things, not doing things, fired for speaking out > against affirmative action. In other words, you do not want freedom of speech > for corporations, because that is a way of ensuring that individual humans > employed by corporations do not have freedom of speech Assuming all of your arguments to be correct (which I don't), I would want to remove "freedom of speech" for corporations because it artificially amplifies the voice of the corporate entity: the individuals who own the issued shares of the corporation already have these freedoms - by allowing the corporation "to speak", these "people" (both natural and atificial) are given more than their one individual opinions, (b) the corporation can be used to nullify the voices of the [natural] People comprising the corporation, and (c) the corporation has a narrow interest - making more money - which is often (if not always) at odds with those of the natural people who comprise the corporation. Corporations don't need food to eat, water to drink, and shelter to live: the People for which the Country acts as a home have interests that are at odds with the corporate focus on cash. //Alif -- Those who make peaceful change impossible, make violent revolution inevitable. An American Spring is coming: one way or another. From measl at mfn.org Thu Jan 23 23:37:16 2014 From: measl at mfn.org (J.A. Terranson) Date: Fri, 24 Jan 2014 01:37:16 -0600 (CST) Subject: {}coin: good enough for election politics? In-Reply-To: <52E1A1EE.5030805@echeque.com> References: <20140120050132.GQ3180@nl.grid.coop> <4673167.zPLzVVGOnc@lap> <52DEE80E.5030600@echeque.com> <7523334.nATcYzJ4QX@lap> <52E0486F.6070402@echeque.com> <52E0708A.7020304@echeque.com> <1390492558.31788.2.camel@anglachel> <52E1A1EE.5030805@echeque.com> Message-ID: On Fri, 24 Jan 2014, James A. Donald wrote: > On 2014-01-24 01:55, Ted Smith wrote: > > That also rather obviously had nothing to do with "the state" and far > > more to do with the massively bad PR that comes from employing openly > > misogynist assholes. > > Anil was the state. Anil was not the public. The public quietly approves of > what Pax said, though it is terrified to say so in public. None of us can presume to 'know what the public thinks'. //Alif -- Those who make peaceful change impossible, make violent revolution inevitable. An American Spring is coming: one way or another. From rysiek at hackerspace.pl Thu Jan 23 16:42:10 2014 From: rysiek at hackerspace.pl (rysiek) Date: Fri, 24 Jan 2014 01:42:10 +0100 Subject: {}coin: good enough for election politics? In-Reply-To: <20140123165616.GB13459@nestor.local> References: <20140120050132.GQ3180@nl.grid.coop> <1390492558.31788.2.camel@anglachel> <20140123165616.GB13459@nestor.local> Message-ID: <1570101.OHLpTmz9Hx@lap> Dnia czwartek, 23 stycznia 2014 17:56:16 Meredith L. Patterson pisze: > On Thu, Jan 23, 2014 at 10:55:58AM -0500, Ted Smith wrote: > > On Thu, 2014-01-23 at 11:29 +1000, James A. Donald wrote: > > > For example, Pax Dickinson was fired for crimethink > > > > Pax Dickinson was fired for being a rampant misogynist. I can see how > > that would upset you, being also a rampant misogynist/racist asshole, > > So, I'm not James, nor do I have much of anything in common with him > at all, but I'm far more creeped out by Anil Dash's self-righteous > chortling over his own perception of holding Dickinson's career future > hostage than I am at Dickinson's firing. > > "What is new in our time," Bertrand Russell once said, "is the > increased power of the authorities to enforce their prejudices." Thing is, today not only authorities have increased power to enforce their prejudices. Multinationals have sometimes even bigger power and possibilities as far as this is concerned -- just consider what Facebook can do in terms of censorship. Or Google. I'm not saying authorities and governments are not dangerous. I'm saying multinationals are as dangerous and we need to do something about it. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From measl at mfn.org Thu Jan 23 23:45:51 2014 From: measl at mfn.org (J.A. Terranson) Date: Fri, 24 Jan 2014 01:45:51 -0600 (CST) Subject: {}coin: good enough for election politics? In-Reply-To: <1390543792.90788.YahooMailNeo@web164604.mail.gq1.yahoo.com> References: <20140120050132.GQ3180@nl.grid.coop> <4673167.zPLzVVGOnc@lap> <52DEE80E.5030600@echeque.com> <7523334.nATcYzJ4QX@lap> <52E0486F.6070402@echeque.com> <52E0708A.7020304@echeque.com> <1390492558.31788.2.camel@anglachel> <20140123165616.GB13459@nestor.local> <52E1A2EA.2080300@echeque.com> <20140123233054.GL14252@nestor.local> <52E1FB19.5060909@echeque.com> <1390543792.90788.YahooMailNeo@web164604.mail.gq1.yahoo.com> Message-ID: On Thu, 23 Jan 2014, Jim Bell wrote: > Hmmm, I thought that _I_ invented the concept of "Government 2.0" when I > wrote my "Assassination Politics" essay in 1995-96.  Or perhaps I should > have called it, "Government Omega.Omega". > >       Jim Bell No... It should have ben called Government Delta.Delta. ;-) //Alif -- Those who make peaceful change impossible, make violent revolution inevitable. An American Spring is coming: one way or another. From measl at mfn.org Thu Jan 23 23:49:52 2014 From: measl at mfn.org (J.A. Terranson) Date: Fri, 24 Jan 2014 01:49:52 -0600 (CST) Subject: [dsfjdssdfsd] Any plans for drafts or discussions on here? (fwd) Message-ID: Interesting thread going on at dsfjdssdfsd at ietf.org. Forwarded for our collective interest and amusement. //Alif -- Those who make peaceful change impossible, make violent revolution inevitable. An American Spring is coming: one way or another. ---------- Forwarded message ---------- Date: Thu, 23 Jan 2014 23:38:07 +0100 From: Krisztián Pintér To: Michael Hammer Cc: "dsfjdssdfsd at ietf.org" , "ietf at hosed.org" Subject: Re: [dsfjdssdfsd] Any plans for drafts or discussions on here? Michael Hammer (at Thursday, January 23, 2014, 9:49:32 PM): > This may get off-topic, but are there good software tools for testing > entropy, > that could help applications determine if the underlying system is giving > them good input? disclaimer: i'm no expert, it is just what i gathered. (i'm pretty much interested in randomness.) short answer: no long answer: in some situations yes. if you are handed a bunch of data, all you can do is to try different techniques to put an upper limit on the entropy. for example you can calculate the shannon entropy assuming independent bits. then you can hypothesize some interdependence, and see if you can compress the data. you can apply different lossless compression methods. the better compression you find puts an upper limit on the entropy. but never a lower limit. you can only do better if you have an idea about the process that created the data. for example you might assume that it is mostly thermal noise. you can assume that thermal noise has some frequency distribution, or energy or whatever, etc. within this assumption, you can determine the entropy content by measurements. but at this point, you are pretty much prone to two errors: 1, what if your assumption is wrong and 2, what if your physical model overestimates the unpredictability of the given system. example for the former: the signal might be largely controllable by an external EM interference, and then you measure not noise, but attacker controlled data. example for the latter: a smartass scientist might come up with a better physical model for thermal noise. it is also important to note that entropy is observer dependent. we actually talk about the entropy as seen by the attacker. but it is not straightforward to assess what is actually visible to an attacker and what is not. observation methods improve with time. _______________________________________________ dsfjdssdfsd mailing list dsfjdssdfsd at ietf.org https://www.ietf.org/mailman/listinfo/dsfjdssdfsd From measl at mfn.org Thu Jan 23 23:52:24 2014 From: measl at mfn.org (J.A. Terranson) Date: Fri, 24 Jan 2014 01:52:24 -0600 (CST) Subject: [dsfjdssdfsd] software tools for testing entropy (was: Any plans for drafts or discussions on here?) (fwd) Message-ID: The thread continues... //Alif -- Those who make peaceful change impossible, make violent revolution inevitable. An American Spring is coming: one way or another. ---------- Forwarded message ---------- Date: Thu, 23 Jan 2014 16:32:25 -0800 From: =JeffH To: IETF Pseudorandom Number Generator PRNG discussion list Subject: Re: [dsfjdssdfsd] software tools for testing entropy (was: Any plans for drafts or discussions on here?) > are there good software tools for testing entropy, that could help > applications determine if the underlying system is giving them good > input? well, from.. [0] Akram, Raja Naeem, Konstantinos Markantonakis, and Keith Mayes. "Pseudorandom Number Generation in Smart Cards: An Implementation, Performance and Randomness Analysis." New Technologies, Mobility and Security (NTMS), 2012 5th International Conference on. IEEE, 2012. http://digirep.rhul.ac.uk/file/315c7a7e-4963-4a62-189f-4ad198a79f30/5/Paper.pdf ..there's the sections reproduced at [1] below which may (or may not) be helpful. also, NIST has these resources.. NIST SP 800-22: A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Application. http://csrc.nist.gov/publications/nistpubs/800-22-rev1a/SP800-22rev1a.pdf Random Number Generators (RNG) Testing Requirements: http://csrc.nist.gov/groups/STM/cavp/index.html#04 RNG Test Vectors http://csrc.nist.gov/groups/STM/cavp/documents/rng/rngtestvectors.zip One could also ask the authors of [0] if they might share their impl. hth, =JeffH [1] E. Experimental Proof To provide experimental proof, the NIST statistical test suite was applied. Each algorithm was provided with a common seed file, and generated sequences from it were saved in a binary file. This binary file was used as input to the statistical test. Point to note here is that seed files given to all algorithms were the same. The reason for doing so was to analyse differences in the quality of output while using the same entropy source. For statistical analysis, each algorithm was executed to generate 1,048,578 pseudorandom sequences of 128 bits. Concatenating the outputs into a binary file that was then used for NIST SP 800-22 statistical analysis. The results of each algorithm are listed in Appendix A. Taking into account the Common Criteria AIS 20 [18], our implementation fulfils the requirements for the K4 DRNG. Below is the discussion on how our implementation satisfies these requirements. 1) K1 DRNG: Its a simple requirement that states that if the generated values is of set C =f c1, c2, c3, .., cm g then all members of the set should be distinct regardless of the statistical properties. 2) K2 DRNG: Requires that the implementation should satisfy the statistical properties such as monobit test, poker test and tests on runs. Our implementations were subjected to the NIST SP 800-22 test suite. 3) K3 DRNG: This requires that the entropy of the PRNG is at least 80. All SHA based algorithms has 440 bits seed and block cipher based algorithms has 128 bits seed. All of the seed values were chosen from an external high entropy source that is carefully tested. 4) K4 DRNG: This level requires that the PRNG should be forward-secure. A PRNG is forward-secure if after n iteration of the PRNG, a malicious user is unable to guess the internal state of the generator. The implemented PRNG feed back to the internal seed that is changing in each of the iterations. Furthermore, block cipher based implementation of the PRNG use different key in each of the iterations. Even retrieving a cryptographic key would not help a malicious user to successfully know the entire state of the seed file. In our implementations we tested SHA and block cipher based algorithms for the PRNGs. In general block cipher based algorithms, only a single key is used for the entire lifetime of the generator. However, we have tested that a PRNG could be modified to use a new key on each execution of the generator. The internal key generation mechanism of the block cipher based PRNG implementations are light weight and they do not hamper the overall performance of the generator. Therefore, it could be argued that it provides a more secure block cipher based PRNG then an PRNG that only uses a single key for entire lifetime. Table IV details the percentage of passing sequences pro duced by individual algorithms. As it is evident from table III and IV, there is not a big difference between the implemented algorithms both in terms of performance and percentage of sequence passing the NIST statistical tests. Of particular note, if we take the accumulated average of the passing sequences percentage in the table IV an interesting result emerges. The SHA-1 performs comparative better than other algorithms and AES based PRNG has the least accumulated average of passing sequence as illustrated in figure 4. This measure represents the randomness of the generated sequences - not the security of the algorithm. If we also account for the performance, SHA based algorithms perform better than the encryption based algorithms (e.g. DES and AES). V. CONCLUSION AND FUTURE RESEARCH DIRECTIONS ... Our research into the possibility of using a test suite like NIST SP 800-SP to check pseudorandom number generators in smart cards has showed that it is a workable concept. The tests listed in the NIST SP 800-22 are substantially more then the one recommended for the smart card pseudorandom number generators in AIS20 [18] and AIS31 [13]. This research has demonstrated that even with limited resources and an entropy constrained environment like a smart card, good quality pseudorandom sequences can be generated that can satisfy all the requirements for a PRNG even the ones that are used for general purpose computers. ... --- end _______________________________________________ dsfjdssdfsd mailing list dsfjdssdfsd at ietf.org https://www.ietf.org/mailman/listinfo/dsfjdssdfsd From carimachet at gmail.com Thu Jan 23 19:15:03 2014 From: carimachet at gmail.com (Cari Machet) Date: Fri, 24 Jan 2014 03:15:03 +0000 Subject: [OT] Note to new-ish subscribers: you joined a mailing list, not a "group". (fwd) In-Reply-To: <20140123230027.2DD402280C5@palinka.tinho.net> References: <3991396.Fn3xMA343Y@lap> <20140123230027.2DD402280C5@palinka.tinho.net> Message-ID: i love when they make excuses like well its better than china hahhahaha .... umn rule of law long loooooong dead ... what can we do about that? On 1/23/14, dan at geer.org wrote: > > > > On the question of retroactivity of law: > > http://www.heritage.org/constitution/articles/1/essays/62/bill-of-attainder > > On the question of selective enforcement of existing law, > Obama has turned it into an art form: > > http://www.wnd.com/2014/01/liberal-icon-urges-obama-impeachment > > > --dan > > -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. From carimachet at gmail.com Thu Jan 23 19:27:16 2014 From: carimachet at gmail.com (Cari Machet) Date: Fri, 24 Jan 2014 03:27:16 +0000 Subject: [OT] Note to new-ish subscribers: you joined a mailing list, not a "group". (fwd) In-Reply-To: References: <3991396.Fn3xMA343Y@lap> <20140123230027.2DD402280C5@palinka.tinho.net> Message-ID: On 1/24/14, Cari Machet wrote: > i love when they make excuses like well its better than china hahhahaha > .... > > umn rule of law long loooooong dead ... what can we do about that? > > > > On 1/23/14, dan at geer.org wrote: >> >> >> >> On the question of retroactivity of law: >> >> http://www.heritage.org/constitution/articles/1/essays/62/bill-of-attainder >> >> On the question of selective enforcement of existing law, >> Obama has turned it into an art form: >> >> http://www.wnd.com/2014/01/liberal-icon-urges-obama-impeachment >> >> >> --dan >> >> and you know how ppl go around thinking that they get a lawyer for free no matter what ? that its guaranteed ? legal aide ? as there was a big law passed that there is going to be representation well ... the lawmakers dont like the poor to have representation https://en.wikipedia.org/wiki/Legal_aid_in_the_United_States > > > -- > Cari Machet > NYC 646-436-7795 > carimachet at gmail.com > AIM carismachet > Syria +963-099 277 3243 > Amman +962 077 636 9407 > Berlin +49 152 11779219 > Twitter: @carimachet > > Ruh-roh, this is now necessary: This email is intended only for the > addressee(s) and may contain confidential information. If you are not the > intended recipient, you are hereby notified that any use of this > information, dissemination, distribution, or copying of this email without > permission is strictly prohibited. > -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. From fredconcklin at gmail.com Fri Jan 24 02:45:13 2014 From: fredconcklin at gmail.com (fred concklin) Date: Fri, 24 Jan 2014 05:45:13 -0500 Subject: BitCloud In-Reply-To: References: Message-ID: from https://github.com/wetube/bitcloud/blob/master/bitcloud.org#protected-routing —proof-of-bandwidth "Basically, the law is applied by judging (checking) that every node and client is doing the work as it should, so, when asked, it should answer with the truth of what is asked. If it is found that the node or client is lying, it is penalized or banned, and its transactions rejected are not included in the blockchain. Laws are written in the source code in the form of *generics* and the corresponding *methods*. A *method* is a specific application of a *generic*. For example, for the *generic* of the Law of Bandwidth there are going to be several *methods* for judging nodes, users and publishers." ---------------- It all breaks down there. You can attack by polluting the network with nodes that share no bandwidth but report fraudulent bandwidth statistics of honest nodes. Moreover, fraudulent node collections can overreport their bandwidth capabilities, thus funneling all traffic into chokepoints. You can disrupt the network as well as build attacker controlled majority routes for traffic analysis and subsequent deanonymization of hidden service protocols and/or onion routing. They are describing a MIX network but they've removed the routing properties of an effective MIX network with their prioritization of nodes (thus partitioning traffic heavily in a nonuniform manner as it passes through the MIX). If they are not mixing and instead onion routing they sacrifice the beneficial property of onion routes being difficult for an adversary to observe by performing route selection in a geospatially indiscriminate manner. In a system like Bitcoin, there is a set of transactions + the merkle tree hash of the prior blocks. The mining of a coin is computing the double SHA-256 sum of that data + an unknown Nonce such that the output is equal to a predetermined 2xSHA-256 sum output. The proof of work is guessing Nonce values and hashing. In this system there is no known value that nodes race to compute. There is an assumption that there is some QoS snapshot that all nodes will agree upon. However, all nodes must collectively remark on bandwidth of other nodes while having no penalties and/or proportional voting power relative to bandwidth. There is no computational proof of bandwidth that can be proved and synchronized across the global network state. This system therefore does not possess Byzantine Fault Tolerance. Having failed to meet this condition, the notion of anything provable in the face of an adversary upon which value can be based should be met with a high degree of skepticism. The inclusion/exclusion of transactions in the Bitcoin blockchain is based on the cryptographic integrity of the transaction (signed). In this system a blockchain entry is based on "whether or not the node is dishonest." If a node can fool the network for the duration necessary to get into a blockchain transaction (and transactions are atomic) then they have earned "value" while successfully defrauding the network. This is from a cursory review. Rebuttals welcome. Essentially, the authors presuppose that bandwidth can be mutually agreed upon by all nodes even in the presence of malicious actors. However, to determine a bandwidth metric upon which value is based, sets of heuristics are offered up in place of a definitive measure that cannot be tampered with / subverted. ----------------- A piece of advice for people looking to extend anonymity protocols having to do with decentralized value transfer systems: consider the context in which the author(s) created the Bitcoin protocol and question whether or not a given objective was achieved. One possibility is that Bitcoin was an attempt to rectify the dependence upon physical commodities in digital bearer share systems such as eCache. In that sense it was successful. However, it may have failed in that running a digital bearer share system with reserves in Bitcoin is problematic for a number of reasons. Try taking a crack at building a digital bearer share system in which Bitcoin is the reserve currency and there is a mapping of digital bearer shares to reserves in a manner such that the bank can not defraud clients by misreporting the reserves issued at any point in time. If you build a system where two separate banks can operate with reserves in Bitcoin and the client can audit the number of reserves issued without implicit trust in the bank you'll have something very impressive. You may find it is difficult to solve this lack of trust in token issuers without recursively embedding a Bitcoin model at the bank level (w.r.t shares issued). Such a system would provide low latency transactions, allow for fully anonymous banks, and provide financial transactions for clients with a higher degree of privacy enhancement than that currently offered by Bitcoin. Users of two separate banks could exchange currencies directly without ever touching the block chain. It simplifies the evasion of coin traceability and there could be both public and highly private collections of banks (where all you see is one [or more] bitcoin addresses [e.g., no real indication of their existence without prior awareness / infiltration]). On Fri, Jan 24, 2014 at 3:27 AM, Rich Jones wrote: > Tor-like anonymity network, but backed by a new cryptocurrency in order to > pay for the relay bandwidth. It's a nice thought! > > https://github.com/wetube/bitcloud > http://www.reddit.com/r/bitcloud > http://talk.bitcloudproject.org/ > Meat: https://github.com/wetube/bitcloud/blob/master/bitcloud.org > > More logos of the 'loading' interface than actual code at this point, > which is certainly a bad sign, but people are at least enthusiastic about > the idea. As an approach to solving the autonomy problem, though, I think > I'm more interested in radios than new overlay networks.. > > R > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 10149 bytes Desc: not available URL: From fredconcklin at gmail.com Fri Jan 24 02:48:25 2014 From: fredconcklin at gmail.com (fred concklin) Date: Fri, 24 Jan 2014 05:48:25 -0500 Subject: BitCloud In-Reply-To: References: Message-ID: Slight typo, banks issue tokens, not reserves. :) On Fri, Jan 24, 2014 at 5:45 AM, fred concklin wrote: > from > https://github.com/wetube/bitcloud/blob/master/bitcloud.org#protected-routing > —proof-of-bandwidth "Basically, the law is applied by judging (checking) > that every node and client is doing the work as it should, so, when asked, > it should answer with the truth of what is asked. If it is found that the > node or client is lying, it is penalized or banned, and its transactions > rejected are not included in the blockchain. > > Laws are written in the source code in the form of *generics* and the > corresponding *methods*. A *method* is a specific application of a > *generic*. For example, for the *generic* of the Law of Bandwidth there > are going to be several *methods* for judging nodes, users and > publishers." > > > ---------------- > > It all breaks down there. You can attack by polluting the network with > nodes that share no bandwidth but report fraudulent bandwidth statistics of > honest nodes. Moreover, fraudulent node collections can overreport their > bandwidth capabilities, thus funneling all traffic into chokepoints. You > can disrupt the network as well as build attacker controlled majority > routes for traffic analysis and subsequent deanonymization of hidden > service protocols and/or onion routing. They are describing a MIX network > but they've removed the routing properties of an effective MIX network with > their prioritization of nodes (thus partitioning traffic heavily in a > nonuniform manner as it passes through the MIX). If they are not mixing and > instead onion routing they sacrifice the beneficial property of onion > routes being difficult for an adversary to observe by performing route > selection in a geospatially indiscriminate manner. > > In a system like Bitcoin, there is a set of transactions + the merkle tree > hash of the prior blocks. The mining of a coin is computing the double > SHA-256 sum of that data + an unknown Nonce such that the output is equal > to a predetermined 2xSHA-256 sum output. The proof of work is guessing > Nonce values and hashing. > > In this system there is no known value that nodes race to compute. There > is an assumption that there is some QoS snapshot that all nodes will agree > upon. However, all nodes must collectively remark on bandwidth of other > nodes while having no penalties and/or proportional voting power relative > to bandwidth. There is no computational proof of bandwidth that can be > proved and synchronized across the global network state. This system > therefore does not possess Byzantine Fault Tolerance. Having failed to meet > this condition, the notion of anything provable in the face of an adversary > upon which value can be based should be met with a high degree of > skepticism. > > The inclusion/exclusion of transactions in the Bitcoin blockchain is based > on the cryptographic integrity of the transaction (signed). In this system > a blockchain entry is based on "whether or not the node is dishonest." If a > node can fool the network for the duration necessary to get into a > blockchain transaction (and transactions are atomic) then they have earned > "value" while successfully defrauding the network. > > This is from a cursory review. Rebuttals welcome. > > Essentially, the authors presuppose that bandwidth can be mutually agreed > upon by all nodes even in the presence of malicious actors. However, to > determine a bandwidth metric upon which value is based, sets of heuristics > are offered up in place of a definitive measure that cannot be tampered > with / subverted. > > ----------------- > > A piece of advice for people looking to extend anonymity protocols having > to do with decentralized value transfer systems: consider the context in > which the author(s) created the Bitcoin protocol and question whether or > not a given objective was achieved. One possibility is that Bitcoin was an > attempt to rectify the dependence upon physical commodities in digital > bearer share systems such as eCache. In that sense it was successful. > However, it may have failed in that running a digital bearer share system > with reserves in Bitcoin is problematic for a number of reasons. > > Try taking a crack at building a digital bearer share system in which > Bitcoin is the reserve currency and there is a mapping of digital bearer > shares to reserves in a manner such that the bank can not defraud clients > by misreporting the reserves issued at any point in time. > > If you build a system where two separate banks can operate with reserves > in Bitcoin and the client can audit the number of reserves issued without > implicit trust in the bank you'll have something very impressive. You may > find it is difficult to solve this lack of trust in token issuers without > recursively embedding a Bitcoin model at the bank level (w.r.t shares > issued). > > Such a system would provide low latency transactions, allow for fully > anonymous banks, and provide financial transactions for clients with a > higher degree of privacy enhancement than that currently offered by > Bitcoin. Users of two separate banks could exchange currencies directly > without ever touching the block chain. It simplifies the evasion of coin > traceability and there could be both public and highly private collections > of banks (where all you see is one [or more] bitcoin addresses [e.g., no > real indication of their existence without prior awareness / > infiltration]). > > > On Fri, Jan 24, 2014 at 3:27 AM, Rich Jones wrote: > >> Tor-like anonymity network, but backed by a new cryptocurrency in order >> to pay for the relay bandwidth. It's a nice thought! >> >> https://github.com/wetube/bitcloud >> http://www.reddit.com/r/bitcloud >> http://talk.bitcloudproject.org/ >> Meat: https://github.com/wetube/bitcloud/blob/master/bitcloud.org >> >> More logos of the 'loading' interface than actual code at this point, >> which is certainly a bad sign, but people are at least enthusiastic about >> the idea. As an approach to solving the autonomy problem, though, I think >> I'm more interested in radios than new overlay networks.. >> >> R >> > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 10651 bytes Desc: not available URL: From david.vorick at gmail.com Fri Jan 24 06:08:41 2014 From: david.vorick at gmail.com (David Vorick) Date: Fri, 24 Jan 2014 08:08:41 -0600 Subject: BitCloud In-Reply-To: References: Message-ID: The bitcloud project is at the very early stages of conception. I wouldn't spend too much time criticizing it unless you also intend to work on developing the project with them. I imagine that in 3 months the ideas will look very different and hold up to more substantial criticism. Right now, they are well aware of the gaps in their ideas. On Fri, Jan 24, 2014 at 4:48 AM, fred concklin wrote: > Slight typo, banks issue tokens, not reserves. :) > > > On Fri, Jan 24, 2014 at 5:45 AM, fred concklin wrote: > >> from >> https://github.com/wetube/bitcloud/blob/master/bitcloud.org#protected-routing >> —proof-of-bandwidth "Basically, the law is applied by judging (checking) >> that every node and client is doing the work as it should, so, when asked, >> it should answer with the truth of what is asked. If it is found that the >> node or client is lying, it is penalized or banned, and its transactions >> rejected are not included in the blockchain. >> >> Laws are written in the source code in the form of *generics* and the >> corresponding *methods*. A *method* is a specific application of a >> *generic*. For example, for the *generic* of the Law of Bandwidth there >> are going to be several *methods* for judging nodes, users and >> publishers." >> >> >> ---------------- >> >> It all breaks down there. You can attack by polluting the network with >> nodes that share no bandwidth but report fraudulent bandwidth statistics of >> honest nodes. Moreover, fraudulent node collections can overreport their >> bandwidth capabilities, thus funneling all traffic into chokepoints. You >> can disrupt the network as well as build attacker controlled majority >> routes for traffic analysis and subsequent deanonymization of hidden >> service protocols and/or onion routing. They are describing a MIX network >> but they've removed the routing properties of an effective MIX network with >> their prioritization of nodes (thus partitioning traffic heavily in a >> nonuniform manner as it passes through the MIX). If they are not mixing and >> instead onion routing they sacrifice the beneficial property of onion >> routes being difficult for an adversary to observe by performing route >> selection in a geospatially indiscriminate manner. >> >> In a system like Bitcoin, there is a set of transactions + the merkle >> tree hash of the prior blocks. The mining of a coin is computing the double >> SHA-256 sum of that data + an unknown Nonce such that the output is equal >> to a predetermined 2xSHA-256 sum output. The proof of work is guessing >> Nonce values and hashing. >> >> In this system there is no known value that nodes race to compute. There >> is an assumption that there is some QoS snapshot that all nodes will agree >> upon. However, all nodes must collectively remark on bandwidth of other >> nodes while having no penalties and/or proportional voting power relative >> to bandwidth. There is no computational proof of bandwidth that can be >> proved and synchronized across the global network state. This system >> therefore does not possess Byzantine Fault Tolerance. Having failed to meet >> this condition, the notion of anything provable in the face of an adversary >> upon which value can be based should be met with a high degree of >> skepticism. >> >> The inclusion/exclusion of transactions in the Bitcoin blockchain is >> based on the cryptographic integrity of the transaction (signed). In this >> system a blockchain entry is based on "whether or not the node is >> dishonest." If a node can fool the network for the duration necessary to >> get into a blockchain transaction (and transactions are atomic) then they >> have earned "value" while successfully defrauding the network. >> >> This is from a cursory review. Rebuttals welcome. >> >> Essentially, the authors presuppose that bandwidth can be mutually agreed >> upon by all nodes even in the presence of malicious actors. However, to >> determine a bandwidth metric upon which value is based, sets of heuristics >> are offered up in place of a definitive measure that cannot be tampered >> with / subverted. >> >> ----------------- >> >> A piece of advice for people looking to extend anonymity protocols having >> to do with decentralized value transfer systems: consider the context in >> which the author(s) created the Bitcoin protocol and question whether or >> not a given objective was achieved. One possibility is that Bitcoin was an >> attempt to rectify the dependence upon physical commodities in digital >> bearer share systems such as eCache. In that sense it was successful. >> However, it may have failed in that running a digital bearer share system >> with reserves in Bitcoin is problematic for a number of reasons. >> >> Try taking a crack at building a digital bearer share system in which >> Bitcoin is the reserve currency and there is a mapping of digital bearer >> shares to reserves in a manner such that the bank can not defraud clients >> by misreporting the reserves issued at any point in time. >> >> If you build a system where two separate banks can operate with reserves >> in Bitcoin and the client can audit the number of reserves issued without >> implicit trust in the bank you'll have something very impressive. You may >> find it is difficult to solve this lack of trust in token issuers without >> recursively embedding a Bitcoin model at the bank level (w.r.t shares >> issued). >> >> Such a system would provide low latency transactions, allow for fully >> anonymous banks, and provide financial transactions for clients with a >> higher degree of privacy enhancement than that currently offered by >> Bitcoin. Users of two separate banks could exchange currencies directly >> without ever touching the block chain. It simplifies the evasion of coin >> traceability and there could be both public and highly private collections >> of banks (where all you see is one [or more] bitcoin addresses [e.g., no >> real indication of their existence without prior awareness / >> infiltration]). >> >> >> On Fri, Jan 24, 2014 at 3:27 AM, Rich Jones wrote: >> >>> Tor-like anonymity network, but backed by a new cryptocurrency in order >>> to pay for the relay bandwidth. It's a nice thought! >>> >>> https://github.com/wetube/bitcloud >>> http://www.reddit.com/r/bitcloud >>> http://talk.bitcloudproject.org/ >>> Meat: https://github.com/wetube/bitcloud/blob/master/bitcloud.org >>> >>> More logos of the 'loading' interface than actual code at this point, >>> which is certainly a bad sign, but people are at least enthusiastic about >>> the idea. As an approach to solving the autonomy problem, though, I think >>> I'm more interested in radios than new overlay networks.. >>> >>> R >>> >> >> > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 11409 bytes Desc: not available URL: From jamesd at echeque.com Thu Jan 23 15:09:53 2014 From: jamesd at echeque.com (James A. Donald) Date: Fri, 24 Jan 2014 09:09:53 +1000 Subject: {}coin: good enough for election politics? In-Reply-To: <1390492558.31788.2.camel@anglachel> References: <20140120050132.GQ3180@nl.grid.coop> <4673167.zPLzVVGOnc@lap> <52DEE80E.5030600@echeque.com> <7523334.nATcYzJ4QX@lap> <52E0486F.6070402@echeque.com> <52E0708A.7020304@echeque.com> <1390492558.31788.2.camel@anglachel> Message-ID: <52E1A141.5050309@echeque.com> On 2014-01-24 01:55, Ted Smith wrote: > Pax Dickinson was fired for being a rampant misogynist. He was fired for saying things, not doing things, fired for speaking out against affirmative action. In other words, you do not want freedom of speech for corporations, because that is a way of ensuring that individual humans employed by corporations do not have freedom of speech From jamesd at echeque.com Thu Jan 23 15:12:46 2014 From: jamesd at echeque.com (James A. Donald) Date: Fri, 24 Jan 2014 09:12:46 +1000 Subject: {}coin: good enough for election politics? In-Reply-To: <1390492558.31788.2.camel@anglachel> References: <20140120050132.GQ3180@nl.grid.coop> <4673167.zPLzVVGOnc@lap> <52DEE80E.5030600@echeque.com> <7523334.nATcYzJ4QX@lap> <52E0486F.6070402@echeque.com> <52E0708A.7020304@echeque.com> <1390492558.31788.2.camel@anglachel> Message-ID: <52E1A1EE.5030805@echeque.com> On 2014-01-24 01:55, Ted Smith wrote: > That also rather obviously had nothing to do with "the state" and far > more to do with the massively bad PR that comes from employing openly > misogynist assholes. Anil was the state. Anil was not the public. The public quietly approves of what Pax said, though it is terrified to say so in public. From jamesd at echeque.com Thu Jan 23 15:16:58 2014 From: jamesd at echeque.com (James A. Donald) Date: Fri, 24 Jan 2014 09:16:58 +1000 Subject: {}coin: good enough for election politics? In-Reply-To: <20140123165616.GB13459@nestor.local> References: <20140120050132.GQ3180@nl.grid.coop> <4673167.zPLzVVGOnc@lap> <52DEE80E.5030600@echeque.com> <7523334.nATcYzJ4QX@lap> <52E0486F.6070402@echeque.com> <52E0708A.7020304@echeque.com> <1390492558.31788.2.camel@anglachel> <20140123165616.GB13459@nestor.local> Message-ID: <52E1A2EA.2080300@echeque.com> On 2014-01-24 02:56, Meredith L. Patterson wrote: > Anil Dash fancies himself an authority, and fancies his position to be > one from which enforcing his prejudices constitutes acceptable > behaviour. The only authority he actually holds is money You are factually wrong: The authority Anil holds is government money and government permissions. He is on the revolving door between regulators and regulated. From jamesd at echeque.com Thu Jan 23 15:56:33 2014 From: jamesd at echeque.com (James A. Donald) Date: Fri, 24 Jan 2014 09:56:33 +1000 Subject: {}coin: good enough for election politics? In-Reply-To: <20140123165616.GB13459@nestor.local> References: <20140120050132.GQ3180@nl.grid.coop> <4673167.zPLzVVGOnc@lap> <52DEE80E.5030600@echeque.com> <7523334.nATcYzJ4QX@lap> <52E0486F.6070402@echeque.com> <52E0708A.7020304@echeque.com> <1390492558.31788.2.camel@anglachel> <20140123165616.GB13459@nestor.local> Message-ID: <52E1AC31.7030705@echeque.com> On 2014-01-24 02:56, Meredith L. Patterson wrote: > Anil Dash fancies himself an authority, and fancies his position to be > one from which enforcing his prejudices constitutes acceptable > behaviour. The only authority he actually holds is money and > relationships with other people who have money, He has no money of his own, only the ability to influence government funding. He has governmental power over people who have money. From fre3frizt at riseup.net Fri Jan 24 10:07:24 2014 From: fre3frizt at riseup.net (fre3frizt at riseup.net) Date: Fri, 24 Jan 2014 10:07:24 -0800 Subject: dear Eve, In-Reply-To: References: Message-ID: <222736c5d317e384c9a73535958ed8c8.squirrel@fruiteater.riseup.net> On Wed, Jan 22, 2014 at 07:38:17AM -0800, coderman wrote: > consider the following, > > - BIOS attack with post-boot re-infection vector triggered once > graphics mode transitions from console to graphical display: > + target hardware is a match and supported, however, root file system > is XFS, ZFS, or other unsupported *nix variant. attempt to persist by > injection on file system using kernel fs funcs and data structures > (this gets around FDE by interacting before > luks/mdcrypt/loopaes/cryptoloop layer) thus causes kernel panic. > anomaly #0. Is there any way to save any evidence of this kind of attack, to use to help fix the vulnerability? ... and to provide to the EFF, ACLU, or other interested parties that may want to litigate? Any info, links, etc. appreciated. From jamesdbell8 at yahoo.com Fri Jan 24 11:00:20 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Fri, 24 Jan 2014 11:00:20 -0800 (PST) Subject: [dsfjdssdfsd] Any plans for drafts or discussions on here? (fwd) In-Reply-To: References: Message-ID: <1390590020.49642.YahooMailNeo@web164602.mail.gq1.yahoo.com> From: J.A. Terranson Interesting thread going on at dsfjdssdfsd at ietf.org. Forwarded for our collective interest and amusement. ---------- Forwarded message ---------- Date: Thu, 23 Jan 2014 23:38:07 +0100 From: Krisztián Pintér To: Michael Hammer Cc: "dsfjdssdfsd at ietf.org" ,     "ietf at hosed.org" Subject: Re: [dsfjdssdfsd] Any plans for drafts or discussions on here? Michael Hammer (at Thursday, January 23, 2014, 9:49:32 PM): >> This may get off-topic, but are there good software tools for testing >> entropy, >> that could help applications determine if the underlying system is giving >> them good input? >disclaimer: i'm no expert, it is just what i gathered. (i'm pretty >much interested in randomness.) >short answer: no >long answer: in some situations yes. if you are handed a bunch of >data, all you can do is to try different techniques to put an upper >limit on the entropy. for example you can calculate the shannon >entropy assuming independent bits. then you can hypothesize some >interdependence, and see if you can compress the data. you can apply >different lossless compression methods. the better compression you >find puts an upper limit on the entropy. but never a lower limit. Consider this:  Suppose I handed you the digits of pi, the digits from the millionth digit to the two-millionth digit, and I asked you to determine if they are 'random'.  By many tests, you'd conclude that they are random.  (Or, at least 'normal' http://en.wikipedia.org/wiki/Normal_numbers  )   But, in reality they are highly non-random, precisely because they are a million sequential digits of pi.  But you wouldn't know that, if you didn't know that.          Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3175 bytes Desc: not available URL: From jamesd at echeque.com Thu Jan 23 17:40:36 2014 From: jamesd at echeque.com (James A. Donald) Date: Fri, 24 Jan 2014 11:40:36 +1000 Subject: {}coin: good enough for election politics? In-Reply-To: <1570101.OHLpTmz9Hx@lap> References: <20140120050132.GQ3180@nl.grid.coop> <1390492558.31788.2.camel@anglachel> <20140123165616.GB13459@nestor.local> <1570101.OHLpTmz9Hx@lap> Message-ID: <52E1C494.8020206@echeque.com> On 2014-01-24 10:42, rysiek wrote: > Thing is, today not only authorities have increased power to enforce their > prejudices. Multinationals have sometimes even bigger power and possibilities > as far as this is concerned -- just consider what Facebook can do in terms of > censorship. Or Google. Does it not strike you as odd that all censorship by facebook and google expresses the same political agenda, that of the state. From jamesd at echeque.com Thu Jan 23 17:56:25 2014 From: jamesd at echeque.com (James A. Donald) Date: Fri, 24 Jan 2014 11:56:25 +1000 Subject: {}coin: good enough for election politics? In-Reply-To: References: <20140120050132.GQ3180@nl.grid.coop> <1390492558.31788.2.camel@anglachel> <20140123165616.GB13459@nestor.local> <1570101.OHLpTmz9Hx@lap> Message-ID: <52E1C849.3060701@echeque.com> On 2014-01-24 11:18, Juan Garofalo wrote: > 3, 2, 1, A conservative starts to pretend that 'private' censorship is not > censorship! If different corporations each had their own ideas on what should be censored, private censorship would not be censorship. The problem is that we hear one voice through a thousand megaphones. From 8mayday at gmail.com Fri Jan 24 01:15:21 2014 From: 8mayday at gmail.com (Andrey Popp) Date: Fri, 24 Jan 2014 13:15:21 +0400 Subject: BitCloud In-Reply-To: References: Message-ID: Not sure if it's not going to be a vaporware — their proof-of-bandwidth scheme is central to the whole thingy but neither specified nor complete yet. I think, it's really hard to it right. On Fri, Jan 24, 2014 at 12:27 PM, Rich Jones wrote: > Tor-like anonymity network, but backed by a new cryptocurrency in order to > pay for the relay bandwidth. It's a nice thought! > > https://github.com/wetube/bitcloud > http://www.reddit.com/r/bitcloud > http://talk.bitcloudproject.org/ > Meat: https://github.com/wetube/bitcloud/blob/master/bitcloud.org > > More logos of the 'loading' interface than actual code at this point, > which is certainly a bad sign, but people are at least enthusiastic about > the idea. As an approach to solving the autonomy problem, though, I think > I'm more interested in radios than new overlay networks.. > > R > -- Andrey Popp / 8mayday at gmail.com -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1816 bytes Desc: not available URL: From tedks at riseup.net Fri Jan 24 11:27:44 2014 From: tedks at riseup.net (Ted Smith) Date: Fri, 24 Jan 2014 14:27:44 -0500 Subject: {}coin: good enough for election politics? In-Reply-To: References: <20140120050132.GQ3180@nl.grid.coop> <4673167.zPLzVVGOnc@lap> <52DEE80E.5030600@echeque.com> <7523334.nATcYzJ4QX@lap> <52E0486F.6070402@echeque.com> <52E0708A.7020304@echeque.com> <1390492558.31788.2.camel@anglachel> <52E1A1EE.5030805@echeque.com> Message-ID: <1390591664.27916.3.camel@anglachel> On Fri, 2014-01-24 at 01:37 -0600, J.A. Terranson wrote: > On Fri, 24 Jan 2014, James A. Donald wrote: > > > On 2014-01-24 01:55, Ted Smith wrote: > > > That also rather obviously had nothing to do with "the state" and far > > > more to do with the massively bad PR that comes from employing openly > > > misogynist assholes. > > > > Anil was the state. Anil was not the public. The public quietly approves of > > what Pax said, though it is terrified to say so in public. > > None of us can presume to 'know what the public thinks'. But James does. And he's going to continue insisting on presuming to. Is this conversation really helpful for the cypherpunks list? Is it signal or noise? Please, just killfile James already and move on with your life. There's no need to keep feeding that troll. I'm sorry if once, he was a productive list member. It's too late now, Jim. We have to accept it. -- Sent from Ubuntu -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: This is a digitally signed message part URL: From demonfighter at gmail.com Fri Jan 24 12:00:47 2014 From: demonfighter at gmail.com (Steve Furlong) Date: Fri, 24 Jan 2014 15:00:47 -0500 Subject: [dsfjdssdfsd] Any plans for drafts or discussions on here? (fwd) In-Reply-To: <1390590020.49642.YahooMailNeo@web164602.mail.gq1.yahoo.com> References: <1390590020.49642.YahooMailNeo@web164602.mail.gq1.yahoo.com> Message-ID: On Fri, Jan 24, 2014 at 2:00 PM, Jim Bell wrote: > Consider this: Suppose I handed you the digits of pi, the digits from the > millionth digit to the two-millionth digit, and I asked you to determine if they > are 'random'. By many tests, you'd conclude that they are random. (Or, > at least 'normal' http://en.wikipedia.org/wiki/Normal_numbers ) But, in > reality they are highly non-random, precisely because they are a million > sequential digits of pi. But you wouldn't know that, if you didn't know that. Practically, would it matter? Maybe. If an attacker knew that you were using Pi as your "random" stream, I guess that would reduce your "random" stream to a stream cypher with a key of about 24 bits. There are a lot of random-appearing number sequences. Are there enough to add a significant number of bits to the effective key? Against an attacker with the resources to compute and store the first billion digits of a lot of sequences? Meh. I'd started this response with the plan to argue that a slice of Pi is good enough for practical purposes, but I convinced myself otherwise. It's only good enough for security-by-obscurity. Meh. -- Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2066 bytes Desc: not available URL: From jamesd at echeque.com Thu Jan 23 21:33:13 2014 From: jamesd at echeque.com (James A. Donald) Date: Fri, 24 Jan 2014 15:33:13 +1000 Subject: {}coin: good enough for election politics? In-Reply-To: <20140123233054.GL14252@nestor.local> References: <20140120050132.GQ3180@nl.grid.coop> <4673167.zPLzVVGOnc@lap> <52DEE80E.5030600@echeque.com> <7523334.nATcYzJ4QX@lap> <52E0486F.6070402@echeque.com> <52E0708A.7020304@echeque.com> <1390492558.31788.2.camel@anglachel> <20140123165616.GB13459@nestor.local> <52E1A2EA.2080300@echeque.com> <20140123233054.GL14252@nestor.local> Message-ID: <52E1FB19.5060909@echeque.com> On 2014-01-24 09:30, Meredith L. Patterson wrote: > On Fri, Jan 24, 2014 at 09:16:58AM +1000, James A. Donald wrote: >> On 2014-01-24 02:56, Meredith L. Patterson wrote: >>> Anil Dash fancies himself an authority, and fancies his position to be >>> one from which enforcing his prejudices constitutes acceptable >>> behaviour. The only authority he actually holds is money >> You are factually wrong: The authority Anil holds is government >> money and government permissions. He is on the revolving door >> between regulators and regulated. > Are you referring to the fact that whatever currency he holds is fiat > currency, or to his role as (e.g.) director of Expert Labs, or > something else? (I know little about the man's history, just glanced > at his LinkedIn.) Expert labs is a "Government 2.0 initiative that aims to connect United States government projects with citizens who want to become more involved in the political discussion". In other words, he is a political commissar. Expert labs is an NGO. NGO is code for GO, for when NGOs advertise jobs, they generally advertise those jobs as government employment. NGOs are government organizations that do stuff that is too embarrassing for the government to do, or which is illegal for the government to do. From rich at openwatch.net Fri Jan 24 17:01:45 2014 From: rich at openwatch.net (Rich Jones) Date: Fri, 24 Jan 2014 17:01:45 -0800 Subject: BurnerPhone Message-ID: https://www.burnerphone.us/ Anonymous burners for 75$ in BTC. Sweet. http://blog.burnerphone.us/ "Right now, we sell a single item: a Burner Kit, which: - Comes with a new quality disposable GSM cell phone. - Comes with a pre-installed 30 day SIM card that provides you with unlimited US calling and unlimited international SMS. - Comes with a pre-charged phone battery ready for usage when it arrives. - Comes with on demand 2-minute activation. You can *activate* your Burner when you *need* it — this way you can hold onto it until necessary, then activate it and start your 30 days of usage. - Comes with nationwide coverage in the USA — no matter where you are on our nationwide GSM network, you’ll have service. - Can be bought with Bitcoin or Bank Card for 75$. - Can be thrown away (or recycled) when you’re finished with it — making it *extremely difficult* for third parties monitoring your communications to figure out *who you are* or *where you are*." Run by the wonderful @rdegges . Could be old news, but I just found out about it and thought I'd share.. R -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1961 bytes Desc: not available URL: From rich at openwatch.net Fri Jan 24 17:37:19 2014 From: rich at openwatch.net (Rich Jones) Date: Fri, 24 Jan 2014 17:37:19 -0800 Subject: BurnerPhone In-Reply-To: <52E312F0.4050708@disman.tl> References: <52E312F0.4050708@disman.tl> Message-ID: Is there the GSM equivalent of a VPN? Seems like you could set up a public rotating proxy pretty easily with Asterix + DIDx.. Just dial 1-900-MIX-ALOT - get a tone, enter the actual recipient number, get connected through another exit point.. R On Fri, Jan 24, 2014 at 5:27 PM, Dan Staples wrote: > Keep in mind that using burner phones does little to nothing to provide > anonymity, especially when facing a state-level adversary. It's the > patterns and connections in your communications habits that give you > away, and burner phones won't hide that: > https://www.youtube.com/watch?v=bM0PmwOlifE > > d > > On 01/24/2014 08:01 PM, Rich Jones wrote: > > https://www.burnerphone.us/ > > > > Anonymous burners for 75$ in BTC. Sweet. > > > > http://blog.burnerphone.us/ > > > > "Right now, we sell a single item: a Burner Kit, which: > > > > * Comes with a new quality disposable GSM cell phone. > > * Comes with a pre-installed 30 day SIM card that provides you with > > unlimited US calling and unlimited international SMS. > > * Comes with a pre-charged phone battery ready for usage when it > arrives. > > * Comes with on demand 2-minute activation. You can /activate/ your > > Burner when you /need/ it — this way you can hold onto it until > > necessary, then activate it and start your 30 days of usage. > > * Comes with nationwide coverage in the USA — no matter where you are > > on our nationwide GSM network, you’ll have service. > > * Can be bought with Bitcoin or Bank Card for 75$. > > * Can be thrown away (or recycled) when you’re finished with it — > > making it /extremely difficult/ for third parties monitoring your > > communications to figure out /who you are/ or /where you are/." > > > > Run by the wonderful @rdegges . > > > > Could be old news, but I just found out about it and thought I'd share.. > > > > R > > > > > > -- > http://disman.tl > OpenPGP key: http://disman.tl/pgp.asc > Fingerprint: 2480 095D 4B16 436F 35AB 7305 F670 74ED BD86 43A9 > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3151 bytes Desc: not available URL: From jamesd at echeque.com Fri Jan 24 01:02:39 2014 From: jamesd at echeque.com (James A. Donald) Date: Fri, 24 Jan 2014 19:02:39 +1000 Subject: {}coin: good enough for election politics? In-Reply-To: References: <20140120050132.GQ3180@nl.grid.coop> <4673167.zPLzVVGOnc@lap> <52DEE80E.5030600@echeque.com> <7523334.nATcYzJ4QX@lap> <52E0486F.6070402@echeque.com> <52E0708A.7020304@echeque.com> <1390492558.31788.2.camel@anglachel> <52E1A141.5050309@echeque.com> Message-ID: <52E22C2F.90903@echeque.com> J.A. Terranson > Assuming all of your arguments to be correct (which I don't), I would want > to remove "freedom of speech" for corporations because it artificially > amplifies the voice of the corporate entity: the individuals who own the > issued shares of the corporation already have these freedoms They ought to have these freedom, but in practice they don't. Hillary Clinton does not have to obey the campaign finance laws, leftists do not have to obey the campaign finance laws, but Kirk Shelmerdine does have to obey the campaign finance laws. And because corporations do not, in practice, have these freedoms, their employees and shareholders are denied these freedoms. From jamesd at echeque.com Fri Jan 24 01:32:44 2014 From: jamesd at echeque.com (James A. Donald) Date: Fri, 24 Jan 2014 19:32:44 +1000 Subject: {}coin: good enough for election politics? In-Reply-To: References: <20140120050132.GQ3180@nl.grid.coop> <4673167.zPLzVVGOnc@lap> <52DEE80E.5030600@echeque.com> <7523334.nATcYzJ4QX@lap> <52E0486F.6070402@echeque.com> <52E0708A.7020304@echeque.com> <1390492558.31788.2.camel@anglachel> <52E1A1EE.5030805@echeque.com> Message-ID: <52E2333C.2010302@echeque.com> On 2014-01-24 17:37, J.A. Terranson wrote: > None of us can presume to 'know what the public thinks'. When one observes a massive apparatus of repression aimed at making sure the public thinks X, one can be pretty sure that public does not really think X. From danstaples at disman.tl Fri Jan 24 17:27:12 2014 From: danstaples at disman.tl (Dan Staples) Date: Fri, 24 Jan 2014 20:27:12 -0500 Subject: BurnerPhone In-Reply-To: References: Message-ID: <52E312F0.4050708@disman.tl> Keep in mind that using burner phones does little to nothing to provide anonymity, especially when facing a state-level adversary. It's the patterns and connections in your communications habits that give you away, and burner phones won't hide that: https://www.youtube.com/watch?v=bM0PmwOlifE d On 01/24/2014 08:01 PM, Rich Jones wrote: > https://www.burnerphone.us/ > > Anonymous burners for 75$ in BTC. Sweet. > > http://blog.burnerphone.us/ > > "Right now, we sell a single item: a Burner Kit, which: > > * Comes with a new quality disposable GSM cell phone. > * Comes with a pre-installed 30 day SIM card that provides you with > unlimited US calling and unlimited international SMS. > * Comes with a pre-charged phone battery ready for usage when it arrives. > * Comes with on demand 2-minute activation. You can /activate/ your > Burner when you /need/ it — this way you can hold onto it until > necessary, then activate it and start your 30 days of usage. > * Comes with nationwide coverage in the USA — no matter where you are > on our nationwide GSM network, you’ll have service. > * Can be bought with Bitcoin or Bank Card for 75$. > * Can be thrown away (or recycled) when you’re finished with it — > making it /extremely difficult/ for third parties monitoring your > communications to figure out /who you are/ or /where you are/." > > Run by the wonderful @rdegges . > > Could be old news, but I just found out about it and thought I'd share.. > > R > > -- http://disman.tl OpenPGP key: http://disman.tl/pgp.asc Fingerprint: 2480 095D 4B16 436F 35AB 7305 F670 74ED BD86 43A9 From carimachet at gmail.com Fri Jan 24 12:28:35 2014 From: carimachet at gmail.com (Cari Machet) Date: Fri, 24 Jan 2014 20:28:35 +0000 Subject: SO... APPARENTLY THEY DECIDED TO TAKE THE INTERNET In-Reply-To: References: Message-ID: you are not even remotely 'tuly' mine so should i yell at you for misspelling ? no - its not interesting why do others feel the desperation to tell others what to do? - i dont get it why do people enjoy to call others names like in elementary school? On 1/22/14, J.A. Terranson wrote: > On Wed, 22 Jan 2014, Cari Machet SCREAMED AT THE TOP OF HER LUNGS: > > Ms. Machet. please avoid using all caps, *anywhere*. Not only is impolite, > > ITS A STRAIN ON THE EYES YOU UNTHINKING HALF-WIT. > > Very Tuly Yours, > > //Alif > > -- > Those who make peaceful change impossible, > make violent revolution inevitable. > > An American Spring is coming: > one way or another. > > > > -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. From griffin at cryptolab.net Fri Jan 24 18:36:50 2014 From: griffin at cryptolab.net (Griffin Boyce) Date: Fri, 24 Jan 2014 21:36:50 -0500 Subject: BurnerPhone In-Reply-To: References: <52E312F0.4050708@disman.tl> Message-ID: <52E32342.8010108@cryptolab.net> Rich Jones wrote: > Is there the GSM equivalent of a VPN? Seems like you could set up a > public rotating proxy pretty easily with Asterix + DIDx.. > > Just dial 1-900-MIX-ALOT - get a tone, enter the actual recipient > number, get connected through another exit point.. It used to be the case that people would hack PBXs and dial them in a sequence. Feels like a lost art. =/ As for burner phones now, $10 in cash will get you a phone with ten minutes of talk time already on it. Another $20 will buy you an hour's worth of time, and so on. No ID required. The idea that people are paying $75 for a burner phone, only to totally misuse it, is annoying. Ideally, burner phones would be both disposable and used only for talking with <4 other burner phones which *also* only communicate with that same group of phones. But even then, it's problematic to say the least. Social graphing cell phone users is extremely useful. Think of your own phone habits. Who do you call? An average person might call their boyfriend, their best friend, their office, and maybe order a pizza. So how many people call those four numbers? How many people call *one* of those numbers? Less than ten on a regular basis? Also, this basic social graphing doesn't even take into account one's location. Steve Rambam has had a lot of great things to say about this as well: http://vimeo.com/21590213 (from Last Hope) And that's how people get caught being "anonymous" with cell phones. ~Griffin -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2283 bytes Desc: not available URL: From rsw at jfet.org Fri Jan 24 19:07:29 2014 From: rsw at jfet.org (Riad S. Wahby) Date: Fri, 24 Jan 2014 22:07:29 -0500 Subject: CDRv2 discussion (was: Re: Al-qaeda.net deprecated) In-Reply-To: References: <20140119181507.GA22336@antiproton.jfet.org> <1390174697.11793.72791097.3940EAF2@webmail.messagingengine.com> <20140120004239.4E674F6E6@a-pb-sasl-quonix.pobox.com> <20140120174842.GA1034@antiproton.jfet.org> Message-ID: <20140125030729.GA2713@antiproton.jfet.org> grarpamp wrote: > I mean ethically someone should do it. But unless a filtering > node agrees to forward messages filtered from its own list through > its backend and out to all the other nodes for them > to make their own choices, there will be holes... > > Similarly for carrying all backend received messages. > carries posted: yes/no > carries backend: yes/no > despam mechanism [posted/backend]: describe here > moderation [posted/backend]: policy here > peers with: who In CDRv1, all nodes would in principle forward all messages to other nodes, only filtering the feed going to that node's own users according to the local filtering policy. It makes sense to ask nodes to publish details of their local policies. I think personally I would hesitate to peer with any node that didn't forward everything and let me apply my own filter. I assume most other operators would as well, so practically speaking no one would run a node that didn't (claim to) forward everything. Next question: how paranoid are we, i.e., do we attempt to enforce this policy somehow? This goes beyond fault tolerance towards attempting to solve the problem of enforcing peering contracts with untrusted CDRv2 nodes, which is clearly a more... intersting one. I have been busy with real life, and haven't dedicated much more time to thinking about this. I'm hopeful that tomorrow I will have the opportunity to do so at least a little bit. -=rsw From measl at mfn.org Sat Jan 25 07:34:54 2014 From: measl at mfn.org (J.A. Terranson) Date: Sat, 25 Jan 2014 09:34:54 -0600 (CST) Subject: {}coin: good enough for election politics? In-Reply-To: <1390591664.27916.3.camel@anglachel> References: <20140120050132.GQ3180@nl.grid.coop> <4673167.zPLzVVGOnc@lap> <52DEE80E.5030600@echeque.com> <7523334.nATcYzJ4QX@lap> <52E0486F.6070402@echeque.com> <52E0708A.7020304@echeque.com> <1390492558.31788.2.camel@anglachel> <52E1A1EE.5030805@echeque.com> <1390591664.27916.3.camel@anglachel> Message-ID: On Fri, 24 Jan 2014, Ted Smith wrote: > Is this conversation really helpful for the cypherpunks list? At least as "helpful" as most of the other crap here. > Is it signal or noise? One man's signal is another man's noise. > Please, just killfile James already and move on with your life. There's > no need to keep feeding that troll. I think I can make my own decisions as to who I killfile, and whom I consider a troll. I've known James a very long time now (early-mid '90s IIRC), and in my opinion he may have non-sensical beliefs on some things, but, he is most certainly NOT a troll: He comes by his beliefs and arguments honestly as far as I can tell. That may make him misinformed, or possibly worse, but he's certainly no troll. > I'm sorry if once, he was a productive list member. It's too late now, > Jim. We have to accept it. "We" don't have to accept *anything* except our own *personal* beliefs! I will not participate in mob tactics such as having some loner (you or anyone else) "suggest" that "we" follow any particular course of action. If you believe that Jim or anyone else is non-productive (???), you are free to add them to YOUR killfile. But for you to try and influence others to follow your personal world view makes *you* the defacto troll here. //Alif -- Those who make peaceful change impossible, make violent revolution inevitable. An American Spring is coming: one way or another. From jamesd at echeque.com Fri Jan 24 16:22:44 2014 From: jamesd at echeque.com (James A. Donald) Date: Sat, 25 Jan 2014 10:22:44 +1000 Subject: {}coin: good enough for election politics? In-Reply-To: <1390591664.27916.3.camel@anglachel> References: <20140120050132.GQ3180@nl.grid.coop> <4673167.zPLzVVGOnc@lap> <52DEE80E.5030600@echeque.com> <7523334.nATcYzJ4QX@lap> <52E0486F.6070402@echeque.com> <52E0708A.7020304@echeque.com> <1390492558.31788.2.camel@anglachel> <52E1A1EE.5030805@echeque.com> <1390591664.27916.3.camel@anglachel> Message-ID: <52E303D4.9010108@echeque.com> On 2014-01-25 05:27, Ted Smith wrote: > Is this conversation really helpful for the cypherpunks list? You want to know who is spying on you and why they are spying on you, what they want. For an answer to that question, see blog.jim.com/politics/google-is-evil-2.html From coderman at gmail.com Sat Jan 25 10:51:31 2014 From: coderman at gmail.com (coderman) Date: Sat, 25 Jan 2014 10:51:31 -0800 Subject: dear Eve, In-Reply-To: <222736c5d317e384c9a73535958ed8c8.squirrel@fruiteater.riseup.net> References: <222736c5d317e384c9a73535958ed8c8.squirrel@fruiteater.riseup.net> Message-ID: On Fri, Jan 24, 2014 at 10:07 AM, wrote: > ... > Is there any way to save any evidence of this kind of attack, as stated earlier, you can use technical means to monitor at this level. software defined radio with the right decoding, good position, proper antennas can obtain full bits. even without specific decoding, measuring signal levels at various frequencies compared to baseline is also useful. and of course, you can always improve decoding after the fact. directly accessing flash storage and comparing firmware images in a way otherwise not possible. instrumenting and modifying software to verbosely report on anomalies and make it likely attempted attacks will fail unsuccessfully. (see also camouflage) the list goes on and on and on, > ... to use to help fix the vulnerability? help fix vulnerability? i am sympathetic to your intent, but these exploits are the product of a large, well funded process. they take advantage of positioning in the middle, or next to your endpoint. they're churned out like an assembly line. "saving evidence to fix" is like asking for a digest to add to your antivirus blacklist... in this model, success is measured by doing less badly. not by protecting or fixing. > ... and to provide to the EFF, ACLU, or other > interested parties that may want to litigate? i have alluded to this before: multiple constraints limit what i can disclose, and those groups are not likely to be helpful in specific scenarios. general efforts to eliminate public funding for CNE would be useful, however! From coderman at gmail.com Sat Jan 25 11:09:16 2014 From: coderman at gmail.com (coderman) Date: Sat, 25 Jan 2014 11:09:16 -0800 Subject: and not a single Tor hacker was surprised... In-Reply-To: <52E3DDEF.8030402@witmond.nl> References: <52DFDFCB.9090003@kjro.se> <52E3DDEF.8030402@witmond.nl> Message-ID: On Sat, Jan 25, 2014 at 7:53 AM, Guido Witmond wrote: > ... > Client certificates are part of my answer to MitM attacks. > > The other part is to forget about third-party CA's. my heart a twitter already! (these are the key points, and you hit them first.) > See http://eccentric-authentication.org/ to read more. > > I'd love to hear comments. i've come across this on other lists, and will one day provide a better response. my initial feedback relates to: - supported suites. NULL encryption is still a valid TLS mode! - end-point security (each site acting as a CA is like every bitcoin user acting as a bank. you've elevated the threat model on the unsuspecting.) - Namecoin and other decentralized alternatives to DNSSEC. best regards, From coderman at gmail.com Sat Jan 25 11:29:26 2014 From: coderman at gmail.com (coderman) Date: Sat, 25 Jan 2014 11:29:26 -0800 Subject: CDRv2 discussion (was: Re: Al-qaeda.net deprecated) In-Reply-To: <20140125030729.GA2713@antiproton.jfet.org> References: <20140119181507.GA22336@antiproton.jfet.org> <1390174697.11793.72791097.3940EAF2@webmail.messagingengine.com> <20140120004239.4E674F6E6@a-pb-sasl-quonix.pobox.com> <20140120174842.GA1034@antiproton.jfet.org> <20140125030729.GA2713@antiproton.jfet.org> Message-ID: On Fri, Jan 24, 2014 at 7:07 PM, Riad S. Wahby wrote: > ... I would hesitate to peer with any node that didn't > forward everything and let me apply my own filter. I assume most other > operators would as well, so practically speaking no one would run a node > that didn't (claim to) forward everything. keep it simple: NO FILTERING if you can read this you are tall enough to filter/tag/label your own self. > Next question: how paranoid are we, i.e., do we attempt to enforce this > policy somehow? node operators who suspect filtering should post to the other remailers and cryptome. John likes spam. if the filter is due to absurd and extreme levels of zero information DoS[0] then notify the other remailers and cryptome with the filter you used so they can follow suit. > This goes beyond fault tolerance towards attempting to > solve the problem of enforcing peering contracts with untrusted CDRv2 > nodes, which is clearly a more... intersting one. this is not simple, and not recommended. > I have been busy with real life, and haven't dedicated much more time to > thinking about this. I'm hopeful that tomorrow I will have the > opportunity to do so at least a little bit. another benefit of simple: your limited efforts more likely to reach utility :) 0. please note the intentional use of absurd, and extreme, and zero information with respect to specifically DoS. if someone is sending noise at 50/sec that should promptly and always generate a null route. "spam" is nebulous and too easy to filter. forget about it; not a problem. and of course if you've been compelled through legal pressure in your jurisdiction to cull from archives, if you publish them, notify the other remailers and cryptome so they can mirror and publicize. best regards, From coderman at gmail.com Sat Jan 25 11:50:21 2014 From: coderman at gmail.com (coderman) Date: Sat, 25 Jan 2014 11:50:21 -0800 Subject: RFP: FOIA with privacy waivers[0] for oversight In-Reply-To: References: Message-ID: On Thu, Nov 28, 2013 at 12:25 PM, coderman wrote: > Request for participants > > FOIA with privacy waivers[0] ... it is in my best interest not to pursue this effort any further. the donations received for this have gone to Cryptome instead for their FOIA efforts. if you would like to pursue your own requests please do so: "Citizen's Guide on Using the Freedom of Information Act" https://www.fas.org/sgp/foia/citizen.html and DOJ_361_revised_2-certification_of_identity.pdf if making requests on behalf other individuals. freedom of information laws are important and should be supported! perhaps i can do more at a later date... From hettinga at gmail.com Sat Jan 25 08:11:00 2014 From: hettinga at gmail.com (Robert Hettinga) Date: Sat, 25 Jan 2014 12:11:00 -0400 Subject: {}coin: good enough for election politics? In-Reply-To: References: <20140120050132.GQ3180@nl.grid.coop> <4673167.zPLzVVGOnc@lap> <52DEE80E.5030600@echeque.com> <7523334.nATcYzJ4QX@lap> <52E0486F.6070402@echeque.com> <52E0708A.7020304@echeque.com> <1390492558.31788.2.camel@anglachel> <52E1A1EE.5030805@echeque.com> <1390591664.27916.3.camel@anglachel> Message-ID: <983EA2AA-6F77-4376-A1F2-2C7C710CDB55@gmail.com> On Jan 25, 2014, at 11:34 AM, J.A. Terranson wrote: > But for you to try and influence > others to follow your personal world view makes *you* the defacto troll > here. Amen. Cypherpunks is a watering hole, pure and simple. Like any watering hole, there’s occasionally some blood in the water. Think of as extra protein. And iron. :-) Cheers, RAH -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 496 bytes Desc: Message signed with OpenPGP using GPGMail URL: From gbnewby at pglaf.org Sat Jan 25 13:14:38 2014 From: gbnewby at pglaf.org (Greg Newby) Date: Sat, 25 Jan 2014 13:14:38 -0800 Subject: HOPE X Call For Speakers Message-ID: <20140125211438.GC9360@pglaf.org> Attention all hackers, makers, whistleblowers, artists, phone phreaks, rebels, technologists, and free thinkers everywhere! Come and share your ideas, thoughts, and passions with thousands of really bright, creative, and open-minded people in New York City this summer at HOPE X. We have room for around 100 talks and panels covering a wide range of topics, limited only by our collective imagination. Past talks and panels have included: anonymity, surveillance and countersurveillance, social engineering, hardware hacking, cryptography, privacy, security, censorship, programming, democracy and law, digital protests, society hacking, copyright, phone phreaking and telecommunications, new technologies, all manner of experimentation, and so much more. We are constantly searching for innovative subjects and presentation formats. Come and show us what you've got! All types of presentations are encouraged, from solo talks to panels, debates, demonstrations, and interactive discussions. (Workshop ideas and art exhibitions are also welcome - see the applicable sections on the HOPE X site.) Most presentations will be allotted 55 minutes - including time for questions from the audience. If you would like to be a speaker, submit a title and a description of the proposed presentation (two to three paragraphs) along with a short biography (three or four sentences will suffice). Submissions should be sent by email to speakers at hope.net. Be sure to tell us why you think the topic and content are relevant to the hacker community and to HOPE X attendees. We also recommend reading our additional tips on speaker submissions which can be found at http://x.hope.net under "Call for Participants." From jamesdbell8 at yahoo.com Sat Jan 25 13:19:35 2014 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Sat, 25 Jan 2014 13:19:35 -0800 (PST) Subject: Microsoft claims to fight back against NSA Message-ID: <1390684775.38051.YahooMailNeo@web164603.mail.gq1.yahoo.com> From:    http://news.yahoo.com/microsoft-bold-plan-beat-nsa-053014453.html "Microsoft is tired of waiting for the United States government to rein in the National Security Agency so it’s taking matters into its own hands. The Financial Times reports that Microsoft “will allow foreign customers to have their personal data stored on servers outside the U.S.,” a move that other tech companies such as Google have so far resisted due to cost concerns. However, Microsoft’s general counsel Brad Smith tells The Financial Times that “people should have the ability to know whether their data are being subjected to the laws and access of governments in some other country and should have the ability to make an informed choice of where their data resides.” That Microsoft is willing to go this far shows how much the NSA spying scandal has damaged trust between American tech companies and their international customers. Microsoft even took the unusual step late last year of classifying the United States government as “advanced persistent threat” to its customers’ security, a designation that the company normally uses only cyber terrorists sponsored by foreign governments." --------------------------quote ends------------------------------------------------------- Jim Bell's comment begins:     Well, I suppose it's desirable that such big companies talk like they're fighting back against USG/NSA, but their final 'bite' had better be far more serious and definitive than their current 'bark'.              Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2907 bytes Desc: not available URL: From privarchy at gmail.com Sat Jan 25 05:39:08 2014 From: privarchy at gmail.com (Alex J. Martin) Date: Sat, 25 Jan 2014 13:39:08 +0000 Subject: An Open Letter from US Researchers in Cryptography and Information Security Message-ID: <52E3BE7C.3090405@gmail.com> # Posted to http://masssurveillance.info/ January 24, 2014 Media reports since last June have revealed that the US government conducts domestic and international surveillance on a massive scale, that it engages in deliberate and covert weakening of Internet security standards, and that it pressures US technology companies to deploy backdoors and other data-collection features. As leading members of the US cryptography and information-security research communities, we deplore these practices and urge that they be changed. Indiscriminate collection, storage, and processing of unprecedented amounts of personal information chill free speech and invite many types of abuse, ranging from mission creep to identity theft. These are not hypothetical problems; they have occurred many times in the past. Inserting backdoors, sabotaging standards, and tapping commercial data-center links provide bad actors, foreign and domestic, opportunities to exploit the resulting vulnerabilities. The value of society-wide surveillance in preventing terrorism is unclear, but the threat that such surveillance poses to privacy, democracy, and the US technology sector is readily apparent. Because transparency and public consent are at the core of our democracy, we call upon the US government to subject all mass-surveillance activities to public scrutiny and to resist the deployment of mass-surveillance programs in advance of sound technical and social controls. In finding a way forward, the five principles promulgated at http://reformgovernmentsurveillance.com/ provide a good starting point. The choice is not whether to allow the NSA to spy. The choice is between a communications infrastructure that is vulnerable to attack at its core and one that, by default, is intrinsically secure for its users. Every country, including our own, must give intelligence and law-enforcement authorities the means to pursue terrorists and criminals, but we can do so without fundamentally undermining the security that enables commerce, entertainment, personal communication, and other aspects of 21^st -century life. We urge the US government to reject society-wide surveillance and the subversion of security technology, to adopt state-of-the-art, privacy-preserving technology, and to ensure that new policies, guided by enunciated principles, support human rights, trustworthy commerce, and technical innovation. /Martín Abadi / Professor Emeritus, University of California, Santa Cruz /Hal Abelson / Professor, Massachusetts Institute of Technology /Alessandro Acquisti / Associate Professor, Carnegie Mellon University /Boaz Barak / Editorial-board member, /Journal of the ACM/^1 /Mihir Bellare / Professor, University of California, San Diego /Steven Bellovin / Professor, Columbia University /Matt Blaze/ Associate Professor, University of Pennsylvania /L. Jean Camp / Professor, Indiana University /Ran Canetti / Professor, Boston University and Tel Aviv University /Lorrie Faith Cranor / Associate Professor, Carnegie Mellon University /Cynthia Dwork / Member, US National Academy of Engineering /Joan Feigenbaum / Professor, Yale University /Edward Felten / Professor, Princeton University /Niels Ferguson / Author, /Cryptography Engineering: Design Principles and Practical Applications/ /Michael Fischer / Professor, Yale University /Bryan Ford / Assistant Professor, Yale University /Matthew Franklin / Professor, University of California, Davis /Juan Garay / Program Committee Co-Chair, CRYPTO^2 2014 /Matthew Green/ Assistant Research Professor, Johns Hopkins University /Shai Halevi / Director, International Association for Cryptologic Research /Somesh Jha / Professor, University of Wisconsin -- Madison /Ari Juels / Program Committee Co-Chair, 2013 ACM Cloud-Computing Security Workshop^1 /M. Frans Kaashoek / Professor, Massachusetts Institute of Technology /Hugo Krawczyk / Fellow, International Association for Cryptologic Research /Susan Landau / Author, /Surveillance or Security? The Risks Posed by New Wiretapping Technologies/ /Wenke Lee / Professor, Georgia Institute of Technology /Anna Lysyanskaya / Professor, Brown University /Tal Malkin / Associate Professor, Columbia University /David Mazières / Associate Professor, Stanford University /Kevin McCurley / Fellow, International Association for Cryptologic Research /Patrick McDaniel / Professor, The Pennsylvania State University /Daniele Micciancio / Professor, University of California, San Diego /Andrew Myers / Professor, Cornell University /Rafael Pass/ Associate Professor, Cornell University /Vern Paxson / Professor, University of California, Berkeley /Jon Peha / Professor, Carnegie Mellon University /Thomas Ristenpart / Assistant Professor, University of Wisconsin -- Madison /Ronald Rivest / Professor, Massachusetts Institute of Technology /Phillip Rogaway / Professor, University of California, Davis /Greg Rose / Officer, International Association for Cryptologic Research /Amit Sahai / Professor, University of California, Los Angeles /Bruce Schneier / Fellow, Berkman Center for Internet and Society, Harvard Law School /Hovav Shacham / Associate Professor, University of California, San Diego /Abhi Shelat / Associate Professor, University of Virginia /Thomas Shrimpton / Associate Professor, Portland State University /Avi Silberschatz / Professor, Yale University /Adam Smith / Associate Professor, The Pennsylvania State University /Dawn Song / Associate Professor, University of California, Berkeley /Gene Tsudik / Professor, University of California, Irvine /Salil Vadhan / Professor, Harvard University /Rebecca Wright / Professor, Rutgers University /Moti Yung / Fellow, Association for Computing Machinery^1 /Nickolai Zeldovich / Associate Professor, Massachusetts Institute of Technology ------------------------------------------------------------------------ This letter can be found at: http://MassSurveillance.info Institutional affiliations for identification purposes only. This letter represents the views of the signatories, not necessarily those of their employers or other organizations with which they are affiliated. ^1 The Association for Computing Machinery (ACM) is the premier organization of computing professionals. ^2 CRYPTO is an annual research conference sponsored by the International Association for Cryptologic Research. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 13488 bytes Desc: not available URL: From coderman at gmail.com Sat Jan 25 15:06:36 2014 From: coderman at gmail.com (coderman) Date: Sat, 25 Jan 2014 15:06:36 -0800 Subject: request for leaks: standards for secret (not published) true hardware random number generator requirements used by NSA In-Reply-To: References: Message-ID: On Sun, Jan 19, 2014 at 8:49 PM, coderman wrote: > ... could this be true by tweaking constants and > growing key bits? > AES ~= MEDLEY > ECDSA ~= SHILLELAGH > ECDH ~= BATON > SHA ~= SAVILLE > ADH ~= WALBURN > TRNG ~= JOSEKI-1 as linked, there are clues from PKCS interop which tell us about: BATON: block cipher in use since at least 1995. 320-bit key and uses a 128-bit block in most modes, and also supports a 96-bit ECB mode. 160 bits of the key are checksum material. It supports a "shuffle" mode of operation, like the NSA cipher JUNIPER. It may use up to 192 bits as an initialization vector, regardless of the block size. SAVILLE: used for voice? 128-bit key, two modes? and per http://cryptome.org/poet-acm.htm some others? ACCORDION FIREFLY KEESEE MAYFLY SHILLELAGH WEASEL (perhaps that last a stream cipher? ;) From guido at witmond.nl Sat Jan 25 07:53:19 2014 From: guido at witmond.nl (Guido Witmond) Date: Sat, 25 Jan 2014 16:53:19 +0100 Subject: and not a single Tor hacker was surprised... In-Reply-To: References: <52DFDFCB.9090003@kjro.se> Message-ID: <52E3DDEF.8030402@witmond.nl> On 01/22/14 16:44, coderman wrote: > On Wed, Jan 22, 2014 at 7:12 AM, Kelly John Rose > wrote: >> To verify though, this has no effect on someone using tor and >> staying on .onion sites or if you are using https end-to-end >> right? > > correct. > > > >> Honestly, if you use Tor and don't use SSL that seems like >> laziness to me and deserves to be caught. > > i would agree, and i would also show some sympathy towards the > unsuspecting. anything cypherpunks can do to ensure end to end > crypto everywhere by default is another MitM and eavesdropping attack > denied.... > > (someone should write more about using client-side certificates as a > method to thwart SSL MitM with a CA signing transparent proxy > adversary upstream. aka BlueCoat with "enterprise certificate" > injected or private key pilfer.) Dear coderman, Client certificates are part of my answer to MitM attacks. The other part is to forget about third-party CA's. 1. The trick is to have each (web-)site sign the client certificates for their own users. Users sign up for a site by creating a fresh public/private keypair, invent an account name, and create a CSR containing just that: the accountname and the public key. The site's own Certificate Signer (local authority) checks to see if the user's chosen account name is unique and if so signs the certificate and returns it in the same response. The site's web server is configured to only accept their own client certificates signed by their own Signer. Each site only accepts their own certificates. In addition to that, the server sports a server-certificate that has been signed by the site's Signer. When the user connects to the site, the user agent first connects without presenting any client certificates. Ie, anonymously. The agent will then offer the user to log in at the site. But it only offers those certificates that have been signed by the same local authority. The client certificate becomes the identity of the client, while the site's Certificate Signer Root Certificate becomes the identity of the site. The MitM protection so far, is all-or-nothing. The user can only be MitM'ed if Mallory sits in between all the time, right from the first connection. However, there are several mitigation strategies. 2. The first mitigation strategy is for the site-owner to publish the Site's Local Signer Root Certificate in the DNSSEC-record. I realise that "true cypherpunks" don't like centralised systems but bear with me, here it is part of the solution. The user agent does a DNSSEC lookup, validates the signature tree up to the pinned DNSSEC root key. This limits MitM attacks to those who have a copy of that root key. ie, state level spooks. This lookup needs only be done once, before the first connect. The second mitigation strategy is an independent global append-only log of created client certificates. Whenever a user agent receives a certificate, it submits it to this global log. Every once in a while, the agent queries the log for all certificates bearing the account name that the user has chosen. There must be exactly one anser. To improve security at first contact, the agent queries the log for the expected value of the sites' Certificate Signer Root certificate. There must be only one. This list must be cryptographically protected against tampering. Ideally it is a distributed, decentralised global effort. The downside of this second approach, it needs to be designed, the DNSSEC-approach can be used right now. The combination of DNSSEC and the Log make it even more robust. The DNSSEC effectively specifies the intentions of the site owner, the log measures the reality. These two should match. 3. So far, I haven't mentioned Tor. When you use this protocol, you are protected against spoiled onions. The exit nodes won't have access to any site's private key, so they cannot fake a certificate that matches the client certificates. When an exit node creates a fake certificate for a site, the user agent interprets that as either a new site, (and offering the user to create an account). Or the user agent detects that the server certificate does not match with the certificate that it has remembered for this site and raises an alarm. As users change Tor-exit-nodes regularly, there can't be a MitM at each connection. 4. As every connection is encrypted and authenticated, Tor traffic does not stand out from non-Tor traffic. Even if people use this protocol to connect to facebook and spill their lives there, they are helping activists to hide their traffic better. 5. Using this protocol, we can create an introduction-service that lets total strangers exchange and validate each other's public keys. And from there bootstrap other secure channels. Coderman (and others), does this appeal to you? See http://eccentric-authentication.org/ (via Tor, if you want) to read more. I'd love to hear comments. With regards, Guido Witmond. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 897 bytes Desc: OpenPGP digital signature URL: From odinn.cyberguerrilla at riseup.net Sat Jan 25 17:37:48 2014 From: odinn.cyberguerrilla at riseup.net (Odinn Cyberguerrilla) Date: Sat, 25 Jan 2014 17:37:48 -0800 Subject: HOPE X Call For Speakers In-Reply-To: <20140125211438.GC9360@pglaf.org> References: <20140125211438.GC9360@pglaf.org> Message-ID: While I will not be traveling to HOPE X, I do have the following submission for your consideration: https://gist.github.com/ABISprotocol/8515891 Cheers, -Odinn > Attention all hackers, makers, whistleblowers, artists, phone phreaks, > rebels, technologists, and free thinkers everywhere! Come and share your > ideas, thoughts, and passions with thousands of really bright, creative, > and open-minded people in New York City this summer at HOPE X. > > We have room for around 100 talks and panels covering a wide range of > topics, limited only by our collective imagination. Past talks and panels > have included: anonymity, surveillance and countersurveillance, social > engineering, hardware hacking, cryptography, privacy, security, > censorship, > programming, democracy and law, digital protests, society hacking, > copyright, phone phreaking and telecommunications, new technologies, all > manner of experimentation, and so much more. We are constantly searching > for innovative subjects and presentation formats. Come and show us what > you've got! > > All types of presentations are encouraged, from solo talks to panels, > debates, demonstrations, and interactive discussions. (Workshop ideas > and art exhibitions are also welcome - see the applicable sections on the > HOPE X site.) Most presentations will be allotted 55 minutes - including > time for questions from the audience. > > If you would like to be a speaker, submit a title and a description of > the proposed presentation (two to three paragraphs) along with a short > biography (three or four sentences will suffice). Submissions should be > sent by email to speakers at hope.net. Be sure to tell us why you think > the topic and content are relevant to the hacker community and to HOPE X > attendees. > > We also recommend reading our additional tips on speaker submissions which > can be found at http://x.hope.net under "Call for Participants." > From rsw at jfet.org Sat Jan 25 17:04:44 2014 From: rsw at jfet.org (Riad S. Wahby) Date: Sat, 25 Jan 2014 20:04:44 -0500 Subject: CDRv2 discussion (was: Re: Al-qaeda.net deprecated) In-Reply-To: References: <1390174697.11793.72791097.3940EAF2@webmail.messagingengine.com> <20140120004239.4E674F6E6@a-pb-sasl-quonix.pobox.com> <20140120174842.GA1034@antiproton.jfet.org> <20140125030729.GA2713@antiproton.jfet.org> Message-ID: <20140126010444.GA14089@antiproton.jfet.org> coderman wrote: > keep it simple: NO FILTERING > > if you can read this you are tall enough to filter/tag/label your own self. I'm not sure if you mean on the backend (between nodes) or on the frontend (local delivery to node subscribers). In the former case, I agree: it makes sense to just have a blanket policy that peered nodes are expected to forward everything they receive at their ingress address (allowing other nodes to apply their own local filtering policies). If you mean the latter, I disagree that zero filtering is a good approach to running a node (but the whole point is that we can make both available and let the users choose). In practice, I'm quite certain that readership on the present cypherpunks envisagement would drop precipitously if I turned off sender whitelisting. There's a difference between "I can do this" and "I will do this because it is worth my time." The fact is, once the cost of being a subscriber exceeds its utility, a rational person will unsubscribe; a node with sender whitelisting (with explicit whitelisting for anonymous remailers) achieves a balance that, empirically, is worthwhile for most people: recall the rush to LNE.com when Eric introduced this. More to the point, the willingness of a person to sink time into wading through list detritus is no indication of his or her value as a contributor. Fundamentally, subscriber lists are a good metric by which to judge whether a particular message should or should not be delivered; it is therefore useful to build the notion of cross-node sender whitelisting into CDRv2 in a way that cannot be trivially abused. Of course, all sender whitelisting leaks *some* information about subscribers; the goal is just to do no worse than a monolithic list. > > This goes beyond fault tolerance towards attempting to solve the > > problem of enforcing peering contracts with untrusted CDRv2 nodes, > > which is clearly a more... intersting one. > > this is not simple, and not recommended. No doubt about it; I'm certainly not volunteering to do any such thing! -=rsw From mixmaster at remailer.privacy.at Sat Jan 25 23:15:49 2014 From: mixmaster at remailer.privacy.at (Anonymous Remailer (austria)) Date: Sun, 26 Jan 2014 08:15:49 +0100 (CET) Subject: mixmaster with 4096-bit RSA Message-ID: There is a mixmaster version that allows RSA keys of 4096 bits. http://www.zen19351.zen.co.uk/mixmaster302/ This is compatible with current s/w at size 1024 but for larger keys uses additional HMAC integrity and AES encryption steps over the 3DES and MD5 already present. Temporary test remailers are set up (do not use for real sensitive traffic). Test this new version and be ready for remailer key upgrades. This is the error legacy mixmaster generates with a large RSA key. $ fortune | ./mixmaster --chain=carrots -s test --to=abuse at carrots.org.uk Error: Encryption failed! carrots carrots at carrots.org.uk ad5a9748f33dd704dc85ae1dd1287870 2:3.0.2 CNm 2013-11-06 2014-01-15 -----Begin Mix Key----- ad5a9748f33dd704dc85ae1dd1287870 1026 ABDgYu+FBuHFxPHl1vH23f+V4+YH2NZg4HxFGxA1 QVUlG31H9QjYCjuwpbNOnwmNG6BpGL6CglP7W6T7 bFl2Dv+ptQkASiTm4Wj87w3AdoI+mGXU2bBe4k81 holEIXlCozL+P5Sw6TBKPXkyBBnP/5BBHATl1Q4J FmpX/B7e7ZqlLdkc3wpY4QlXtMF4+KnurKAxUI7e ruVr4W93+hFpJBB6WPP4CZaVEsIuqTKDUndWCcH2 xJMW8eLrqlm/ZR/kGmFTiOio0cM6dhrpaow+OMtg xPktl2joXhJYDZ3tFNJ9MduIrbaXRe9xtD8MqA6c NQBRE9fRM6gl8MfewYPEOTnxliCqoSYEeb7FZBvF IoBQIpJqkddO+zi+pw47TKEoo4eJs74Hq8hN6sA7 7SeJn4Ej9sOxKQgeLeb+RGyCtWdgllIAgWQGuU1q xPQqxCCx6Yo4VKU8GUfE5RtLxKwWCbCWpXJrhHjt g1rL7slvDhkbVUNFj02hq5tmr22+lr3eKW81hiwe 6B8kJV8w+MtFOy1H/IamhwSJyb6xCqbPB7hbobX0 5iHY76BDJQpx8LH/9SeNOkSjO+2x+LzEt9Whz4jT Ll+kxHS6a0lJBWKvWi4ikJV+oDM+XsiuQXE5yL61 jyF/tIX9eYaz3WVZxwEPcVypGVRqrq8jlhWPYpJe mqrW4wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAQAB -----End Mix Key----- coconuts coconuts at coconuts.org.uk bb6cf51abe871947a759ecb5b97ffa3f 2:3.0.2 MCNm 2013-11-11 2014-01-30 -----Begin Mix Key----- bb6cf51abe871947a759ecb5b97ffa3f 1026 ABCiAmzGS+qdEddcI9isI5Z/7VFu5KewVGYUwhDN hqq2DP49GXEui584aeyCN5llmVGEck9hcYA9DUiw /yVU/pxfaBfjf5PvFSckG+cagcL30hwTUIzz7KEK zyr0eamM1y74kUgMbnsldSdoeS66bundJhKd4z+F xgdLWdf355UIzXq94PXOi51x85A6nUVjfUetsUhW ZbknbCjCUlKkM2zV1Ty1gcxMzE6GoVRUmymYXJda 1cWoHQvITwx/lWGLGVu0cTb09bbFTY1IghviJOaF UkMtMoDqQYFcaYBcmK/2ghmuFZsoIjiyGkvIPliV vMyX8hCUZUYpIHuF65KLfnddCYQek5DqnYNQ3aFT H34MdXWIOZwoGQmy3/JJ66UnDfPOMDQK1nFimBjr SVwDGT4tgbpYxBN7ytqxQxlVxQ99s5BnraLCVlpW BiKhHLS48zZMnlp0S3ffcmaijJ60TKJOR0gkxqAA hxBoszpN+0Z9KSOmDxP/HYM7ZBFzSyFcPGTpqTXp ZFrcIfG64rf8IfVgWryuubYUkcyy04aygSzHBMl6 yln4vGKJJ8/z/zd9HEvATKkJ4kqiscY6yV96D2hl KKtbGn2QUVCbH6v64wF0/a5d+z2ZKrEOYhL7EmPI gLGQCcv9W7m5tdaBa4LXu09dArWNPwmwpOOC787T yp42ewAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAQAB -----End Mix Key----- From jamesd at echeque.com Sat Jan 25 14:33:38 2014 From: jamesd at echeque.com (James A. Donald) Date: Sun, 26 Jan 2014 08:33:38 +1000 Subject: BitCloud In-Reply-To: References: Message-ID: <52E43BC2.9010300@echeque.com> On 2014-01-24 20:45, fred concklin wrote: > Try taking a crack at building a digital bearer share system in which > Bitcoin is the reserve currency and there is a mapping of digital bearer > shares to reserves in a manner such that the bank can not defraud > clients by misreporting the reserves issued at any point in time. Bank issues chaumian blinded tokens. Each token issued must appear in the merkle tree. If you have a blinded token that is not in the tree, not a valid token. Each node of the tree contains the sum of the value of all tokens under that node. Further you check the validity of each branch of the tree on which your tokens appear. So total number of tokens issued is correct. Each unblinded token cashed is added into the Merkle tree. If not in tree, could be recashed. So total number tokens paid out on is correct. Difference between these two numbers is bank liabilities for outstanding bearer tokens. So bank liability is known, even if bankers are lying through their teeth. From jamesd at echeque.com Sat Jan 25 15:26:41 2014 From: jamesd at echeque.com (James A. Donald) Date: Sun, 26 Jan 2014 09:26:41 +1000 Subject: Microsoft claims to fight back against NSA In-Reply-To: <1390684775.38051.YahooMailNeo@web164603.mail.gq1.yahoo.com> References: <1390684775.38051.YahooMailNeo@web164603.mail.gq1.yahoo.com> Message-ID: <52E44831.30506@echeque.com> On 2014-01-26 07:19, Jim Bell wrote: > From: http://news.yahoo.com/microsoft-bold-plan-beat-nsa-053014453.html > > > "Microsoft is tired of waiting for the United States government to rein > in the National Security Agency so it’s taking matters into its own > hands. /The Financial Times/ reports that Microsoft > “will allow foreign customers to have > their personal data stored on servers outside the U.S.,” This is not actually all that effective, since the NSA has read write access to the entire internet, due to bugs in routers. We really need a full public audit of routers. From dan at geer.org Sun Jan 26 11:17:00 2014 From: dan at geer.org (dan at geer.org) Date: Sun, 26 Jan 2014 14:17:00 -0500 Subject: here you go.(firearms resistant drone bodies ) ..Re: Infiltration/Exfiltration In-Reply-To: Your message of "Tue, 21 Jan 2014 19:25:52 EST." Message-ID: <20140126191700.44D862280DE@palinka.tinho.net> > ... It's unbannable dual use leaving crazy movielike future > bounded only by human nature. Next is radar based automatic > rooftop shotgun mounts for the home, better buy stock in Mossberg. While you are considering this, facial recognition is feasible at 500 meters, iris recognition is feasible at 50 meters, and heartbeat recognition is feasible at 5 meters -- all in packages small enough to be part of use-once drones. As to dual use, when companies from Amazon to Dominos are delivering boxes by air, for which you confirm receipt at the door with your smartphone,... As to rooftops, http://www.nbcbayarea.com/news/local/San-Jose-Councilmember-Proposes-Crowdsourcing-Surveillance-Video-241751131.html --dan From dan at geer.org Sun Jan 26 11:22:41 2014 From: dan at geer.org (dan at geer.org) Date: Sun, 26 Jan 2014 14:22:41 -0500 Subject: bitcoin In-Reply-To: Your message of "Wed, 22 Jan 2014 11:33:18 +1030." <2562159D-33FD-4D98-A5D9-AA2DB8694D6F@gmail.com> Message-ID: <20140126192241.DEAB02280DE@palinka.tinho.net> | Obvious solutions: | | * declare BTC to be presumptively evidence of drug dealing or trading CP | - possession of weakly-related artefacts being declared as sufficient | evidence has, IIRC, been ruled legal in NY in the case of a law which | made possession by a woman of multiple condoms evidence of prostitution. | * require BTC holdings to be declared to the tax authorities, and make | explicit that whatever the local tax on investment holdings applies to | BTC (I think the current question is not whether growth in value of BTC | is taxable but what kind of investment it should be taxed as). | * snarl up BTC exchanges with the same reporting requirements as normal | banks and trading houses, even though the much smaller scale will make | that extremely difficult to comply with. | * rule that BTC miners are engaging in banking by building up the record | in the block chain, and make them all responsible for reporting the | transactions they process We have proof by demonstration of item #2 in the Commodity Futures Exchange Commission driving prediction markets like Intrade and Banc de Binary out of business. [Those of us who see a regulation as a tax-by-another-name are thus again reminded that the power to tax is the power to destroy.] --dan From coderman at gmail.com Sun Jan 26 14:27:42 2014 From: coderman at gmail.com (coderman) Date: Sun, 26 Jan 2014 14:27:42 -0800 Subject: CDRv2 discussion (was: Re: Al-qaeda.net deprecated) In-Reply-To: <20140126010444.GA14089@antiproton.jfet.org> References: <1390174697.11793.72791097.3940EAF2@webmail.messagingengine.com> <20140120004239.4E674F6E6@a-pb-sasl-quonix.pobox.com> <20140120174842.GA1034@antiproton.jfet.org> <20140125030729.GA2713@antiproton.jfet.org> <20140126010444.GA14089@antiproton.jfet.org> Message-ID: On Sat, Jan 25, 2014 at 5:04 PM, Riad S. Wahby wrote: > ... > I'm not sure if you mean on the backend (between nodes) or on the > frontend (local delivery to node subscribers). correct. sender whitelisting is useful! what can others do to help? From coderman at gmail.com Sun Jan 26 14:39:41 2014 From: coderman at gmail.com (coderman) Date: Sun, 26 Jan 2014 14:39:41 -0800 Subject: and not a single Tor hacker was surprised... In-Reply-To: <52E5499A.8000804@witmond.nl> References: <52DFDFCB.9090003@kjro.se> <52E3DDEF.8030402@witmond.nl> <52E5499A.8000804@witmond.nl> Message-ID: On Sun, Jan 26, 2014 at 9:44 AM, Guido Witmond wrote: > ... Although NULL encryption is a problem, I expect that most > crypto-toolkit developers will disable these in their default > configuration... There is nothing in eccentric authentication that specifies one > branch of public key mathematics over another. I deliberately leave the > choice of either RSA, EC, or others out. As I'm not a cryptographer, I > can't make that decision. I do specify what I expect the protocol needs > to accomplish. It's up to the experts to match the appropriate parts. My > prototype used RSA/TLS/DNSSEC fair enough; my position is that this is insufficient and passes the buck. many don't agree. said another way: security is everyone's responsibility! everyone should encourage and enforce strong defaults, strong suites, and accept no less. (i pay bribes in bitcoin to adopt this position ;) > In fact, with a proper setup, the Root certificate's private key for the > site does not live at the server, for signing, it uses a subRoot. this is better; although perhaps more cumbersome key management wise. good key management always cumbersome it seems! > Now when the site gets hacked, the hackers can create more accounts for > themselves or invalidate other peoples' accounts. But the attackers can > never impersonate any of the sites user accounts at other sites, as > these use their own signing key. I believe it is more safe than hashing > passwords. absolutely better than storing hashed passwords. how many people generate long, random, unique passwords for every site? > The eccentric-protocol can use other global unique naming schemes. The > requirements are: easy and cheap enough so every website can get a > unique and human memorize-able name. Namecoin might fit the > requirements, or GNS (GnuNet). GNet NS is locally scoped to each peer as of my understanding, so not quite a strong global unique naming scheme. i do believe on further reading that Namecoin would work, and am looking at this further... thanks for the responses and clarifications! best regards, From guido at witmond.nl Sun Jan 26 09:44:58 2014 From: guido at witmond.nl (Guido Witmond) Date: Sun, 26 Jan 2014 18:44:58 +0100 Subject: and not a single Tor hacker was surprised... In-Reply-To: References: <52DFDFCB.9090003@kjro.se> <52E3DDEF.8030402@witmond.nl> Message-ID: <52E5499A.8000804@witmond.nl> On 01/25/14 20:09, coderman wrote: > On Sat, Jan 25, 2014 at 7:53 AM, Guido Witmond > wrote: >> ... Client certificates are part of my answer to MitM attacks. >> >> The other part is to forget about third-party CA's. > > my heart a twitter already! > > (these are the key points, and you hit them first.) Lurking at several cryptography mailing lists, gave me some hints :-) >> See http://eccentric-authentication.org/ to read more. >> >> I'd love to hear comments. > > i've come across this on other lists, and will one day provide a > better response. my initial feedback relates to: > > - supported suites. NULL encryption is still a valid TLS mode! 1st. Although NULL encryption is a problem, I expect that most crypto-toolkit developers will disable these in their default configuration. From there it will bubble up the stack into the distributions. That's a lesson that NSA has thought us: make defaults safe! 2nd. There is nothing in eccentric authentication that specifies one branch of public key mathematics over another. I deliberately leave the choice of either RSA, EC, or others out. As I'm not a cryptographer, I can't make that decision. I do specify what I expect the protocol needs to accomplish. It's up to the experts to match the appropriate parts. My prototype used RSA/TLS/DNSSEC > > - end-point security (each site acting as a CA is like every bitcoin > user acting as a bank. you've elevated the threat model on the > unsuspecting.) Not really. Each site signs only for itself. There is no need to trust anything else than your own systems (Or the hoster who does the work for you). That trust level is already needed for every current web site. In fact, with a proper setup, the Root certificate's private key for the site does not live at the server, for signing, it uses a subRoot. Now when the site gets hacked, the hackers can create more accounts for themselves or invalidate other peoples' accounts. But the attackers can never impersonate any of the sites user accounts at other sites, as these use their own signing key. I believe it is more safe than hashing passwords. The more worrisome part are the end-users' computers. The Posix-model is not designed to protect users against themselves. Although, every user expects that to be the case. Things like microkernels, Capsicum, Qubes-OS, Genode, Pola, least authority designs are in DIRE need. > > - Namecoin and other decentralized alternatives to DNSSEC. > DNSSEC might be just as difficult as IPsec, or its private key might have already been leaked to NSA due to compromised hardware. We need to have alternatives. The eccentric-protocol can use other global unique naming schemes. The requirements are: easy and cheap enough so every website can get a unique and human memorize-able name. Namecoin might fit the requirements, or GNS (GnuNet). I hope this sparks the curiosity. With regards, Guido. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 897 bytes Desc: OpenPGP digital signature URL: From dan at geer.org Sun Jan 26 16:05:15 2014 From: dan at geer.org (dan at geer.org) Date: Sun, 26 Jan 2014 19:05:15 -0500 Subject: Infiltration/Exfiltration In-Reply-To: Your message of "Wed, 22 Jan 2014 18:14:39 +0100." <6270827.cjgGcNSLHo@lap> Message-ID: <20140127000515.17927228087@palinka.tinho.net> > "The Police will handle that for you, Dear Farmer. Now hand over the > drone that you no longer need. You're not a terr'ist, are ya?.." A part of the plot here: _Daemon_, Zeraus --dan From juan.g71 at gmail.com Sun Jan 26 16:22:51 2014 From: juan.g71 at gmail.com (Juan Garofalo) Date: Sun, 26 Jan 2014 21:22:51 -0300 Subject: bitcoin In-Reply-To: <20140126192241.DEAB02280DE@palinka.tinho.net> References: <20140126192241.DEAB02280DE@palinka.tinho.net> Message-ID: <4480BBAA08FE403471B3CA12@F74D39FA044AA309EAEA14B9> --On Sunday, January 26, 2014 2:22 PM -0500 dan at geer.org wrote: > > | Obvious solutions: > | > | * declare BTC to be presumptively evidence of drug dealing or trading > CP | - possession of weakly-related artefacts being declared as > sufficient | evidence has, IIRC, been ruled legal in NY in the case of a > law which | made possession by a woman of multiple condoms evidence of > prostitution. | * require BTC holdings to be declared to the tax > authorities, and make | explicit that whatever the local tax on > investment holdings applies to | BTC (I think the current question is > not whether growth in value of BTC | is taxable but what kind of > investment it should be taxed as). | * snarl up BTC exchanges with the > same reporting requirements as normal | banks and trading houses, even > though the much smaller scale will make | that extremely difficult to > comply with. > | * rule that BTC miners are engaging in banking by building up the > record | in the block chain, and make them all responsible for reporting > the | transactions they process > > > We have proof by demonstration of item #2 in the Commodity Futures > Exchange Commission driving prediction markets like Intrade and > Banc de Binary out of business. > > [Those of us who see a regulation as a tax-by-another-name are thus > again reminded that the power to tax is the power to destroy.] The power to tax is the power to destroy the enemies of the Free Democratic Judeo-Christian Western Culture and Civilization. Without the power to tax, the government would lack the means to destroy the enemies of Free World. > > --dan > > From billstclair at gmail.com Sun Jan 26 20:03:02 2014 From: billstclair at gmail.com (Bill St. Clair) Date: Sun, 26 Jan 2014 23:03:02 -0500 Subject: bitcoin In-Reply-To: <4480BBAA08FE403471B3CA12@F74D39FA044AA309EAEA14B9> References: <20140126192241.DEAB02280DE@palinka.tinho.net> <4480BBAA08FE403471B3CA12@F74D39FA044AA309EAEA14B9> Message-ID: On Sunday, January 26, 2014, Juan Garofalo wrote: > > > The power to tax is the power to destroy the enemies of the Free > Democratic Judeo-Christian Western Culture and Civilization. > > Without the power to tax, the government would lack the means to > destroy the enemies of Free World. > Good. We of the free world are perfectly capable of defending ourselves, without paying tribute to a giant extortion racket. Bill -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 700 bytes Desc: not available URL: From hozer at hozed.org Sun Jan 26 21:48:00 2014 From: hozer at hozed.org (Troy Benjegerdes) Date: Sun, 26 Jan 2014 23:48:00 -0600 Subject: BitCloud In-Reply-To: References: Message-ID: <20140127054800.GC3180@nl.grid.coop> On Fri, Jan 24, 2014 at 05:45:13AM -0500, fred concklin wrote: > from > https://github.com/wetube/bitcloud/blob/master/bitcloud.org#protected-routing > —proof-of-bandwidth "Basically, the law is applied by judging (checking) > that every node and client is doing the work as it should, so, when asked, > it should answer with the truth of what is asked. If it is found that the > node or client is lying, it is penalized or banned, and its transactions > rejected are not included in the blockchain. > > Laws are written in the source code in the form of *generics* and the > corresponding *methods*. A *method* is a specific application of a *generic*. > For example, for the *generic* of the Law of Bandwidth there are going to > be several *methods* for judging nodes, users and publishers." > > > ---------------- > > It all breaks down there. You can attack by polluting the network with > nodes that share no bandwidth but report fraudulent bandwidth statistics of > honest nodes. Moreover, fraudulent node collections can overreport their > bandwidth capabilities, thus funneling all traffic into chokepoints. You > can disrupt the network as well as build attacker controlled majority > routes for traffic analysis and subsequent deanonymization of hidden > service protocols and/or onion routing. They are describing a MIX network > but they've removed the routing properties of an effective MIX network with > their prioritization of nodes (thus partitioning traffic heavily in a > nonuniform manner as it passes through the MIX). If they are not mixing and > instead onion routing they sacrifice the beneficial property of onion > routes being difficult for an adversary to observe by performing route > selection in a geospatially indiscriminate manner. I'm convinced (for the moment) that the anonymity cost is going to kill the project. For http://minco.me (which I wrote in a fit of political speech), I came to the conclusion that there must be some sort of 'local authority' as a 'method' to evaluate human-usable proof-of-work, and this would have to utilize the pre-existing legal and court infrastructure. If you can sue the operator of a node fraudulently collecting 'proof of bandwidth' rewards for theft, it might work. However, in a global network with no clear idea where (or who) the node operators are, it's going to take a lot more human mathematical and crypto work to prove bandwidth. All that being said, I'm encouraged that there is wild-eyed optimism and excitement about what's possible, so between my pet project for per-packet micropayments (I might as well call it IPv7), and bitcloud, we might collective make enough mistakes to learn how to make it happen. From rsw at jfet.org Sun Jan 26 21:49:38 2014 From: rsw at jfet.org (Riad S. Wahby) Date: Mon, 27 Jan 2014 00:49:38 -0500 Subject: CDRv2 discussion (was: Re: Al-qaeda.net deprecated) In-Reply-To: References: <20140120004239.4E674F6E6@a-pb-sasl-quonix.pobox.com> <20140120174842.GA1034@antiproton.jfet.org> <20140125030729.GA2713@antiproton.jfet.org> <20140126010444.GA14089@antiproton.jfet.org> Message-ID: <20140127054938.GA27037@antiproton.jfet.org> coderman wrote: > correct. sender whitelisting is useful! > > what can others do to help? I'm nailing down a few last details of a proposed CDRv2 architecture. I'll follow up with details tomorrow evening-ish and then we can beat up on it a bit. -=rsw From rysiek at hackerspace.pl Sun Jan 26 16:17:16 2014 From: rysiek at hackerspace.pl (rysiek) Date: Mon, 27 Jan 2014 01:17:16 +0100 Subject: and not a single Tor hacker was surprised... In-Reply-To: <52E3DDEF.8030402@witmond.nl> References: <52E3DDEF.8030402@witmond.nl> Message-ID: <23981804.u2cuQVbBpD@lap> Dnia sobota, 25 stycznia 2014 16:53:19 Guido Witmond pisze: > On 01/22/14 16:44, coderman wrote: > > On Wed, Jan 22, 2014 at 7:12 AM, Kelly John Rose > > > > wrote: > >> To verify though, this has no effect on someone using tor and > >> staying on .onion sites or if you are using https end-to-end > >> right? > > > > correct. > > > >> Honestly, if you use Tor and don't use SSL that seems like > >> laziness to me and deserves to be caught. > > > > i would agree, and i would also show some sympathy towards the > > unsuspecting. anything cypherpunks can do to ensure end to end > > crypto everywhere by default is another MitM and eavesdropping attack > > denied.... > > > > (someone should write more about using client-side certificates as a > > > > method to thwart SSL MitM with a CA signing transparent proxy > > > > adversary upstream. aka BlueCoat with "enterprise certificate" > > injected or private key pilfer.) > > Dear coderman, > > Client certificates are part of my answer to MitM attacks. > > The other part is to forget about third-party CA's. > > 1. > > The trick is to have each (web-)site sign the client certificates for > their own users. Users sign up for a site by creating a fresh > public/private keypair, invent an account name, and create a CSR > containing just that: the accountname and the public key. > > The site's own Certificate Signer (local authority) checks to see if the > user's chosen account name is unique and if so signs the certificate and > returns it in the same response. > > The site's web server is configured to only accept their own client > certificates signed by their own Signer. Each site only accepts their > own certificates. > > In addition to that, the server sports a server-certificate that has > been signed by the site's Signer. > > When the user connects to the site, the user agent first connects > without presenting any client certificates. Ie, anonymously. The agent > will then offer the user to log in at the site. But it only offers those > certificates that have been signed by the same local authority. > > The client certificate becomes the identity of the client, while the > site's Certificate Signer Root Certificate becomes the identity of the site. > > The MitM protection so far, is all-or-nothing. The user can only be > MitM'ed if Mallory sits in between all the time, right from the first > connection. However, there are several mitigation strategies. > > 2. > > The first mitigation strategy is for the site-owner to publish the > Site's Local Signer Root Certificate in the DNSSEC-record. I realise > that "true cypherpunks" don't like centralised systems but bear with me, > here it is part of the solution. > > The user agent does a DNSSEC lookup, validates the signature tree up to > the pinned DNSSEC root key. This limits MitM attacks to those who have a > copy of that root key. ie, state level spooks. > > This lookup needs only be done once, before the first connect. > > The second mitigation strategy is an independent global append-only log > of created client certificates. Whenever a user agent receives a > certificate, it submits it to this global log. Every once in a while, > the agent queries the log for all certificates bearing the account name > that the user has chosen. There must be exactly one anser. > > To improve security at first contact, the agent queries the log for the > expected value of the sites' Certificate Signer Root certificate. There > must be only one. > > This list must be cryptographically protected against tampering. Ideally > it is a distributed, decentralised global effort. The downside of this > second approach, it needs to be designed, the DNSSEC-approach can be > used right now. > > The combination of DNSSEC and the Log make it even more robust. The > DNSSEC effectively specifies the intentions of the site owner, the log > measures the reality. These two should match. > > 3. > > So far, I haven't mentioned Tor. When you use this protocol, you are > protected against spoiled onions. The exit nodes won't have access to > any site's private key, so they cannot fake a certificate that matches > the client certificates. > > When an exit node creates a fake certificate for a site, the user agent > interprets that as either a new site, (and offering the user to create > an account). Or the user agent detects that the server certificate does > not match with the certificate that it has remembered for this site and > raises an alarm. > > As users change Tor-exit-nodes regularly, there can't be a MitM at each > connection. > > 4. > > As every connection is encrypted and authenticated, Tor traffic does not > stand out from non-Tor traffic. Even if people use this protocol to > connect to facebook and spill their lives there, they are helping > activists to hide their traffic better. > > 5. > > Using this protocol, we can create an introduction-service that lets > total strangers exchange and validate each other's public keys. And from > there bootstrap other secure channels. > > > Coderman (and others), does this appeal to you? That makes sense. I'll have to look into it more. > See http://eccentric-authentication.org/ (via Tor, if you want) to read > more. Thanks. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From griffin at cryptolab.net Mon Jan 27 02:27:09 2014 From: griffin at cryptolab.net (Griffin Boyce) Date: Mon, 27 Jan 2014 05:27:09 -0500 Subject: Good books on algorithm design? Message-ID: <52E6347D.4050206@cryptolab.net> Hello all, I'm looking at books on algorithm design, and would love some recommendations. =) Algorithm Design by Kleinman/Tardos looks okay, as does Introduction to Algorithms by Cormen/Leiserson, but both are seriously like a hundred dollars. Ideally looking for something with a solid foundations section. A steep learning curve is okay though (and somewhat expected) best, Griffin From rich at openwatch.net Mon Jan 27 08:55:06 2014 From: rich at openwatch.net (Rich Jones) Date: Mon, 27 Jan 2014 08:55:06 -0800 Subject: BitInstant CEO / BTCKing Indicted for Money Laundering Message-ID: http://www.justice.gov/usao/nys/pressreleases/January14/SchremFaiellaChargesPR.php I'm considering starting a slightly-higher-than-market rate cloud mining operation to allow people to avoid the exchanges and mine their own coins to avoid situations like this.. R Manhattan U.S. Attorney Announces Charges Against Bitcoin Exchangers, Including Ceo Of Bitcoin Exchange Company, For Scheme To Sell And Launder Over $1 Million In Bitcoins Related To Silk Road Drug Trafficking *FOR IMMEDIATE RELEASE* Monday, January 27, 2014 *Defendants Sold Bitcoins to be Used to Buy and Sell Illegal Drugs Anonymously on the Silk Road Drug Trafficking Website* Preet Bharara, the United States Attorney for the Southern District of New York, James J. Hunt, the Acting Special-Agent-in-Charge of the New York Field Division of the Drug Enforcement Administration (“DEA”), and Toni Weirauch, the Special Agent-in-Charge of the New York Field Office of the Internal Revenue Service, Criminal Investigation (“IRS-CI”), announced the unsealing of criminal charges in Manhattan federal court against ROBERT M. FAIELLA, a/k/a “BTCKing,” an underground Bitcoin exchanger, and CHARLIE SHREM, the Chief Executive Officer and Compliance Officer of a Bitcoin exchange company, for engaging in a scheme to sell over $1 million in Bitcoins to users of “Silk Road,” the underground website that enabled its users to buy and sell illegal drugs anonymously and beyond the reach of law enforcement. Each defendant is charged with conspiring to commit money laundering, and operating an unlicensed money transmitting business. SHREM is also charged with willfully failing to file any suspicious activity report regarding FAIELLA’s illegal transactions through the Company, in violation of the Bank Secrecy Act. SCHREM was arrested yesterday at John F. Kennedy International Airport in New York, and is expected to be presented in Manhattan federal court later today before U.S. Magistrate Judge Henry Pitman. FAIELLA was arrested today at his residence in Cape Coral, Florida, and is expected to be presented in federal court in the Middle District of Florida. Manhattan U.S. Attorney Preet Bharara said: “As alleged, Robert Faiella and Charlie Shrem schemed to sell over $1 million in Bitcoins to criminals bent on trafficking narcotics on the dark web drug site, Silk Road. Truly innovative business models don’t need to resort to old-fashioned law-breaking, and when Bitcoins, like any traditional currency, are laundered and used to fuel criminal activity, law enforcement has no choice but to act. We will aggressively pursue those who would coopt new forms of currency for illicit purposes.” DEA Acting Special-Agent-in-Charge James J. Hunt said: “The charges announced today depict law enforcement's commitment to identifying those who promote the sale of illegal drugs throughout the world. Hiding behind their computers, both defendants are charged with knowingly contributing to and facilitating anonymous drug sales, earning substantial profits along the way. Drug law enforcement's job is to investigate and identify those who abet the illicit drug trade at all levels of production and distribution including those lining their own pockets by feigning ignorance of any wrong doing and turning a blind eye.” IRS Special-Agent-in-Charge Toni Weirauch said: “The government has been successful in swiftly identifying those responsible for the design and operation of the ‘Silk Road’ website, as well as those who helped ‘Silk Road’ customers conduct their illegal transactions by facilitating the conversion of their dollars into Bitcoins. This is yet another example of the New York Organized Crime Drug Enforcement Strike Force’s proficiency in applying financial investigative resources to the fight against illegal drugs.” According to the allegations contained in the Criminal Complaint unsealed today in Manhattan federal court: >From about December 2011 to October 2013, FAIELLA ran an underground Bitcoin exchange on the Silk Road website, a website that served as a sprawling and anonymous black market bazaar where illegal drugs of virtually every variety were bought and sold regularly by the site’s users. Operating under the username “BTCKing,” FAIELLA sold Bitcoins – the only form of payment accepted on Silk Road – to users seeking to buy illegal drugs on the site. Upon receiving orders for Bitcoins from Silk Road users, he filled the orders through a company based in New York, New York (the “Company”). The Company was designed to enable customers to exchange cash for Bitcoins anonymously, that is, without providing any personal identifying information, and it charged a fee for its service. FAIELLA obtained Bitcoins with the Company’s assistance, and then sold the Bitcoins to Silk Road users at a markup. SHREM is the Chief Executive Officer of the Company, and from about August 2011 until about July 2013, when the Company ceased operating, he was also its Compliance Officer, in charge of ensuring the Company’s compliance with federal and other anti-money laundering (“AML”) laws. SHREM is also the Vice Chairman of a foundation dedicated to promoting the Bitcoin virtual currency system. SHREM, who personally bought drugs on Silk Road, was fully aware that Silk Road was a drug-trafficking website, and through his communications with FAIELLA, SHREM also knew that FAIELLA was operating a Bitcoin exchange service for Silk Road users. Nevertheless, SHREM knowingly facilitated FAIELLA’s business with the Company in order to maintain FAIELLA’s business as a lucrative source of Company revenue. SHREM knowingly allowed FAIELLA to use the Company’s services to buy Bitcoins for his Silk Road customers; personally processed FAIELLA’s orders; gave FAIELLA discounts on his high-volume transactions; failed to file a single suspicious activity report with the United States Treasury Department about FAIELLA’s illicit activity, as he was otherwise required to do in his role as the Company’s Compliance Officer; and deliberately helped FAIELLA circumvent the Company’s AML restrictions, even though it was SHREM’s job to enforce them and even though the Company had registered with the Treasury Department as a money services business. Working together, SHREM and FAIELLA exchanged over $1 million in cash for Bitcoins for the benefit of Silk Road users, so that the users could, in turn, make illegal purchases on Silk Road. In late 2012, when the Company stopped accepting cash payments, FAIELLA ceased doing business with the Company and temporarily shut down his illegal Bitcoin exchange service on Silk Road. FAIELLA resumed operating on Silk Road in April 2013 without the Company’s assistance, and continued to exchange tens of thousands of dollars a week in Bitcoins until the Silk Road website was shut down by law enforcement in October 2013. * * * FAIELLA, 52, of Cape Coral, Florida, and SHREM, 24, of New York, New York, are each charged with one count of conspiracy to commit money laundering, which carries a maximum sentence of 20 years in prison, and one count of operating an unlicensed money transmitting business, which carries a maximum sentence of five years in prison. SHREM is also charged with one count of willful failure to file a suspicious activity report, which carries a maximum sentence of five years in prison. Mr. Bharara praised the outstanding investigative work of the DEA’s New York Organized Crime Drug Enforcement Strike Force, which is comprised of agents and officers of the U. S. Drug Enforcement Administration, the New York City Police Department, Immigration and Customs Enforcement - Homeland Security Investigations, the New York State Police, the U. S. Internal Revenue Service Criminal Investigation Division, the Federal Bureau of Investigation, the Bureau of Alcohol, Tobacco, Firearms and Explosives, U.S. Secret Service, the U.S. Marshal Service, New York National Guard, Office of Foreign Assets Control and the New York Department of Taxation and Finance. Mr. Bharara also thanked the FBI’s New York Field Office. Mr. Bharara also noted that the investigation remains ongoing. The prosecution of this case is being handled by the Office’s Complex Frauds Unit. Assistant United States Attorney Serrin Turner is in charge of the prosecution, and Assistant United States Attorney Andrew Adams of the Asset Forfeiture Unit is in charge of the forfeiture aspects of the case. The charges contained in the Complaint are merely accusations, and the defendants are presumed innocent unless and until proven guilty. 14-024 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 9572 bytes Desc: not available URL: From coderman at gmail.com Mon Jan 27 09:10:10 2014 From: coderman at gmail.com (coderman) Date: Mon, 27 Jan 2014 09:10:10 -0800 Subject: BitInstant CEO / BTCKing Indicted for Money Laundering In-Reply-To: References: Message-ID: On Mon, Jan 27, 2014 at 8:55 AM, Rich Jones wrote: > http://www.justice.gov/usao/nys/pressreleases/January14/SchremFaiellaChargesPR.php "Bitcoins, like any traditional currency..." - from a US Attorney (!?) From coderman at gmail.com Mon Jan 27 09:14:07 2014 From: coderman at gmail.com (coderman) Date: Mon, 27 Jan 2014 09:14:07 -0800 Subject: BitInstant CEO / BTCKing Indicted for Money Laundering In-Reply-To: References: Message-ID: On Mon, Jan 27, 2014 at 8:55 AM, Rich Jones wrote: > ... > IRS Special-Agent-in-Charge Toni Weirauch said: “The government has been > successful in swiftly identifying those responsible for the design and > operation of the ‘Silk Road’ website, as well as those who helped ‘Silk > Road’ customers conduct their illegal transactions by facilitating the > conversion of their dollars into Bitcoins...." aka "prosecution futures".[0] 0. where did this term originate in respect to Bitcoin? From rich at openwatch.net Mon Jan 27 09:17:04 2014 From: rich at openwatch.net (Rich Jones) Date: Mon, 27 Jan 2014 09:17:04 -0800 Subject: TorMail completely compromised, FBI using accounts in unrelated investigations Message-ID: http://www.wired.com/threatlevel/2014/01/tormail/ Bonus link for y'all. Hope you used PGP. Happy monday! R If You Used This Secure Webmail Site, the FBI Has Your Inbox - By Kevin Poulsen - 01.27.14 - 6:30 AM While investigating a hosting company known for sheltering child porn last year the FBI incidentally seized the entire e-mail database of a popular anonymous webmail service called TorMail. Now the FBI is tapping that vast trove of e-mail in unrelated investigations. The bureau's data windfall, seized from a company called Freedom Hosting, surfaced in court papers last week when prosecutors indicted a Florida man for allegedly selling counterfeit credit cards online. The filings show the FBI built its case in part by executing a search warrant on a Gmail account used by the counterfeiters, where they found that orders for forged cards were being sent to a TorMail e-mail account: "platplus at tormail.net." Acting on that lead in September, the FBI obtained a search warrant for the TorMail account, and then accessed it from the bureau's own copy of "data and information from the TorMail e-mail server, including the content of TorMail e-mail accounts," according to the complaint(.pdf) sworn out by U.S. Postal Inspector Eric Malecki. The tactic suggests the FBI is adapting to the age of big-data with an NSA-style collect-everything approach, gathering information into a virtual lock box, and leaving it there until it can obtain specific authority to tap it later. There's no indication that the FBI searched the trove for incriminating evidence before getting a warrant. But now that it has a copy of TorMail's servers, the bureau can execute endless search warrants on a mail service that once boasted of being immune to spying. "We have no information to give you or to respond to any subpoenas or court orders," read TorMail's homepage. "Do not bother contacting us for information on, or to view the contents of a TorMail user inbox, you will be ignored." In another e-mail case, the FBI last year won a court order compelling secure e-mail provider Lavabit to turn over the master encryption keysfor its website, which would have given agents the technical ability to spy on all of Lavabit's 400,000 users - though the government said it was interested only in one. (Rather than comply, Lavabit shut down and is appealing the surveillance order). TorMail was the webmail provider of choice for denizens of the so-called Darknet of anonymous and encrypted websites and services, making the FBI's cache extraordinarily valuable. The affair also sheds a little more light on the already-strange story of the FBI's broad attack on Freedom Hosting, once a key service provider for untraceable websites. Freedom Hosting specialized in providing turnkey "Tor hidden service" sites -- special sites, with addresses ending in .onion, that hide their geographic location behind layers of routing, and can be reached only over the Tor anonymity network. Tor hidden services are used by those seeking to evade surveillance or protect users' privacy to an extraordinary degree - human rights groups and journalists as well as serious criminal elements. By some estimates, Freedom Hosting backstopped fully half of all hidden services at the time it was shut down last year -- TorMail among them. But it had a reputation for tolerating child pornography on its servers. In July, the FBI moved on the company and had the alleged operator, Eric Eoin Marques, arrested at his home in Ireland. The U.S. is now seeking his extradition for allegedly facilitating child porn on a massive scale; hearings are set to begin in Dublin this week. According to the new document, the FBI obtained the data belonging to Freedom Hosting's customers through a Mutual Legal Assistance request to France - where the company leased its servers - between July 22, 2013 and August 2 of last year. That's two days before all the sites hosted by Freedom Hosting , including TorMail, began serving an error message with hidden code embedded in the page, on August 4. Security researchers dissected the code and found it exploited a security hole in Firefox to de-anonymize users with slightly outdated versions of Tor Browser Bundle, reporting back to a mysterious server in Northern Virginia. Though the FBI hasn't commented (and declined to speak for this story), the malware's behavior was consistent with the FBI's spyware deployments, now known as a "Network Investigative Technique." No mass deployment of the FBI's malware had ever before been spotted in the wild. The attack through TorMail alarmed many in the Darknet, including the underground's most notorious figure -- Dread Pirate Roberts, the operator of the Silk Road drug forum, who took the unusual step of posting a warning on the Silk Road homepage. An analysis he wrote on the associated forum now seems prescient. "I know that MANY people, vendors included, used TorMail," he wrote. "You must think back through your TorMail usage and assume everything you wrote there and didn't encrypt can be read by law enforcement at this point and take action accordingly. I personally did not use the service for anything important, and hopefully neither did any of you." Two months later the FBI arrestedSan Francisco man Ross William Ulbricht as the alleged Silk Road operator. The connection, if any, between the FBI obtaining Freedom Hosting's data and apparently launching the malware campaign through TorMail and the other sites isn't spelled out in the new document. The bureau could have had the cooperation of the French hosting company that Marques leased his servers from. Or it might have set up its own Tor hidden services using the private keys obtained from the seizure, which would allow it to adopt the same .onion addresses used by the original sites. The French company also hasn't been identified. But France's largest hosting company, OVH, announced on July 29, in the middle of the FBI's then-secret Freedom Hosting seizure, that it would no longer allow Tor software on its servers. A spokesman for the company says he can't comment on specific cases, and declined to say whether Freedom Hosting was a customer. "Wherever the data center is located, we conduct our activities in conformity with applicable laws, and as a hosting company, we obey search warrants or disclosure orders," OVH spokesman Benjamin Bongoat told WIRED. "This is all we can say as we usually don't make any comments on hot topics." -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 8076 bytes Desc: not available URL: From coderman at gmail.com Mon Jan 27 09:50:02 2014 From: coderman at gmail.com (coderman) Date: Mon, 27 Jan 2014 09:50:02 -0800 Subject: format transforming encryption with regular expressions (FTE) Message-ID: https://kpdyer.com/publications/ccs2013-fte.pdf and https://fteproxy.org/about """ Format-Transforming Encryption (FTE) is a novel cryptographic primitive that extends traditional encryption... FTE takes a key, message and format (a compact set descriptor) as input and outputs a ciphertext in the format set. As an example, a format may describe the set of valid HTTP messages. fteproxy bootstraps FTE to relay arbitrary data streams. In turn, this enables fteproxy to use a regular expression that captures an uncensored protocol (e.g., HTTP), then employ fteproxy to tunnel a censored protocol (e.g., Tor, TLS, SSH, etc.) To the network monitor, traffic looks like HTTP, even though it's actually a censored protocol. """ git clone https://github.com/kpdyer/fteproxy.git fteproxy-unstable cd fteproxy-unstable make ./bin/fteproxy From rsw at jfet.org Mon Jan 27 06:53:44 2014 From: rsw at jfet.org (Riad S. Wahby) Date: Mon, 27 Jan 2014 09:53:44 -0500 Subject: Good books on algorithm design? In-Reply-To: <52E6347D.4050206@cryptolab.net> References: <52E6347D.4050206@cryptolab.net> Message-ID: <20140127145344.GA31050@antiproton.jfet.org> Griffin Boyce wrote: > I'm looking at books on algorithm design, and would love some > recommendations. All the books you've been recommended so far are good ones. Another to consider is Skiena's Algorithm Design Manual. Note, however, that its focus leans toward application over theory. -=rsw From coderman at gmail.com Mon Jan 27 10:07:49 2014 From: coderman at gmail.com (coderman) Date: Mon, 27 Jan 2014 10:07:49 -0800 Subject: TorMail completely compromised, FBI using accounts in unrelated investigations In-Reply-To: References: <52E69CD9.5060709@cryptolab.net> Message-ID: On Mon, Jan 27, 2014 at 10:00 AM, Kelly John Rose wrote: > .... > I just find it continually amazing how many people think that just being on > Tor somehow makes them anonymous, even when they use their own name, address > and some even post pictures of themselves on it. hashtag YOLO like share rt From rich at openwatch.net Mon Jan 27 10:16:02 2014 From: rich at openwatch.net (Rich Jones) Date: Mon, 27 Jan 2014 10:16:02 -0800 Subject: BitInstant CEO / BTCKing Indicted for Money Laundering In-Reply-To: References: Message-ID: Does anybody have any more information about what constitutes "operating an unlicensed money transmitting business"? Would my cloud-mining operation count? Relevant: http://www.law.cornell.edu/uscode/text/18/1960 http://www.law.cornell.edu/uscode/text/31/5330 Oh, just in case anybody was wondering why Coinbase hasn't been touched.. they're snitches. FOIA pending: https://www.muckrock.com/foi/united-states-of-america-10/coinbase-fbi-9727/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 780 bytes Desc: not available URL: From privarchy at gmail.com Mon Jan 27 04:06:45 2014 From: privarchy at gmail.com (Privarchy) Date: Mon, 27 Jan 2014 12:06:45 +0000 Subject: Good books on algorithm design? In-Reply-To: <52E6347D.4050206@cryptolab.net> References: <52E6347D.4050206@cryptolab.net> Message-ID: <52E64BD5.4090009@gmail.com> On 27/01/2014 10:27, Griffin Boyce wrote: > both are seriously like a hundred dollars. Kleinberg & Tardos: http://www.icsd.aegean.gr/kaporisa/index_files/Algorithm_Design.pdf Cormen & Leiserson & Rivest & Stein: http://tberg.dk/books/Introduction_to_algorithms_3rd_edition.pdf I'm sorry I can't be of more help./Introduction to Algorithms 3rd Ed/ looks very good, though. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 984 bytes Desc: not available URL: From iam at kjro.se Mon Jan 27 09:24:04 2014 From: iam at kjro.se (Kelly John Rose) Date: Mon, 27 Jan 2014 12:24:04 -0500 Subject: TorMail completely compromised, FBI using accounts in unrelated investigations In-Reply-To: References: Message-ID: Tor is a great honeypot for people who don't know tradecraft. On Mon, Jan 27, 2014 at 12:17 PM, Rich Jones wrote: > http://www.wired.com/threatlevel/2014/01/tormail/ > > Bonus link for y'all. Hope you used PGP. Happy monday! > > R > If You Used This Secure Webmail Site, the FBI Has Your Inbox > > - By Kevin Poulsen > - 01.27.14 > - 6:30 AM > > While investigating a hosting company known for sheltering child porn last > year the FBI incidentally seized the entire e-mail database of a popular > anonymous webmail service called TorMail. > > Now the FBI is tapping that vast trove of e-mail in unrelated > investigations. > > The bureau’s data windfall, seized from a company called Freedom Hosting, > surfaced in court papers last week when prosecutors indicted a Florida man > for allegedly selling counterfeit credit cards online. The filings show the > FBI built its case in part by executing a search warrant on a Gmail account > used by the counterfeiters, where they found that orders for forged cards > were being sent to a TorMail e-mail account: “platplus at tormail.net.” > > Acting on that lead in September, the FBI obtained a search warrant for > the TorMail account, and then accessed it from the bureau’s own copy of > “data and information from the TorMail e-mail server, including the content > of TorMail e-mail accounts,” according to the complaint(.pdf) sworn out by U.S. Postal Inspector Eric Malecki. > > The tactic suggests the FBI is adapting to the age of big-data with an > NSA-style collect-everything approach, gathering information into a virtual > lock box, and leaving it there until it can obtain specific authority to > tap it later. There’s no indication that the FBI searched the trove for > incriminating evidence before getting a warrant. But now that it has a copy > of TorMail’s servers, the bureau can execute endless search warrants on a > mail service that once boasted of being immune to spying. > > “We have no information to give you or to respond to any subpoenas or > court orders,” read TorMail’s homepage. “Do not bother contacting us for > information on, or to view the contents of a TorMail user inbox, you will > be ignored.” > > In another e-mail case, the FBI last year won a court order compelling > secure e-mail provider Lavabit to turn over the master encryption keysfor its website, which would have given agents the technical ability to spy > on all of Lavabit’s 400,000 users – though the government said it was > interested only in one. (Rather than comply, Lavabit shut down and is > appealing the surveillance order). > > TorMail was the webmail provider of choice for denizens of the so-called > Darknet of anonymous and > encrypted websites and services, making the FBI’s cache extraordinarily > valuable. The affair also sheds a little more light on the already-strange > story of the FBI’s broad attack on Freedom Hosting, once a key service > provider for untraceable websites. > > Freedom Hosting specialized in providing turnkey “Tor hidden service” > sites — special sites, with addresses ending in .onion, that hide their > geographic location behind layers of routing, and can be reached only over > the Tor anonymity network. Tor hidden services are used by those seeking to > evade surveillance or protect users’ privacy to an extraordinary degree – > human rights groups and journalists as well as serious criminal elements. > > By some estimates, Freedom Hosting backstopped fully half of all hidden > services at the time it was shut down last year — TorMail among them. But > it had a reputation for tolerating child pornography on its servers. In > July, the FBI moved on the company and had the alleged operator, Eric Eoin > Marques, arrested at his home in Ireland. The U.S. is now seeking his > extradition for allegedly facilitating child porn on a massive scale; > hearings are set to begin in Dublin this week. > > According to the new document, the FBI obtained the data belonging to > Freedom Hosting’s customers through a Mutual Legal Assistance request to > France – where the company leased its servers – between July 22, 2013 and > August 2 of last year. > > That’s two days before all the sites hosted by Freedom Hosting , including > TorMail, began serving an error message with hidden code embedded in the > page, on August 4. > > Security researchers dissected the code and found it exploited a security > hole in > Firefox to de-anonymize users with slightly outdated versions of Tor > Browser Bundle, reporting back to a mysterious server in Northern Virginia. > Though the FBI hasn’t commented (and declined to speak for this story), the > malware’s behavior was consistent with the FBI’s spyware deployments, > now known as a “Network Investigative Technique.” > > No mass deployment of the FBI’s malware had ever before been spotted in > the wild. > > The attack through TorMail alarmed many in the Darknet, including the > underground’s most notorious figure — Dread Pirate Roberts, the operator of > the Silk Road drug forum, who took the unusual step of posting a warning on > the Silk Road homepage. An analysis he wrote on the associated forum now > seems prescient. > > “I know that MANY people, vendors included, used TorMail,” > he wrote. “You must think back through your TorMail usage and assume > everything you wrote there and didn’t encrypt can be read by law > enforcement at this point and take action accordingly. I personally did not > use the service for anything important, and hopefully neither did any of > you.” Two months later the FBI arrestedSan Francisco man Ross William Ulbricht as the alleged Silk Road operator. > > The connection, if any, between the FBI obtaining Freedom Hosting’s data > and apparently launching the malware campaign through TorMail and the other > sites isn’t spelled out in the new document. The bureau could have had the > cooperation of the French hosting company that Marques leased his servers > from. Or it might have set up its own Tor hidden services using the private > keys obtained from the seizure, which would allow it to adopt the same > .onion addresses used by the original sites. > > The French company also hasn’t been identified. But France’s largest > hosting company, OVH, announced on July 29, > in the middle of the FBI’s then-secret Freedom Hosting seizure, that it > would no longer allow Tor software on its servers. A spokesman for the > company says he can’t comment on specific cases, and declined to say > whether Freedom Hosting was a customer. > > “Wherever the data center is located, we conduct our activities in > conformity with applicable laws, and as a hosting company, we obey search > warrants or disclosure orders,” OVH spokesman Benjamin Bongoat told WIRED. > “This is all we can say as we usually don’t make any comments on hot > topics." > -- Kelly John Rose Toronto, ON Phone: +1 647 638-4104 Twitter: @kjrose Skype: kjrose.pr Gtalk: iam at kjro.se MSN: msn at kjro.se Document contents are confidential between original recipients and sender. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 8694 bytes Desc: not available URL: From joseph.g.tag at gmail.com Mon Jan 27 09:41:43 2014 From: joseph.g.tag at gmail.com (Joseph Tag) Date: Mon, 27 Jan 2014 12:41:43 -0500 Subject: request for leaks: standards for secret (not published) Message-ID: All I know is that L3-Communications ( Comm.Sys.-East Division ) was at least one company who built/used Local Management Device/Key Processor ( LMD/KP ) combo ( LINUX Server ? ) . Another website of interest is the US Navy SPAWAR Info Assurance site in Charleston, South Carolina. Joe Tag --- you wrote --- Subject: Re: request for leaks: standards for secret (not published) true hardware random number generator requirements used by NSA Message-ID: Content-Type: text/plain; charset=ISO-8859-1 On Sun, Jan 19, 2014 at 8:49 PM, coderman wrote: > ... could this be true by tweaking constants and > growing key bits? > AES ~= MEDLEY > ECDSA ~= SHILLELAGH > ECDH ~= BATON > SHA ~= SAVILLE > ADH ~= WALBURN > TRNG ~= JOSEKI-1 as linked, there are clues from PKCS interop which tell us about: BATON: block cipher in use since at least 1995. 320-bit key and uses a 128-bit block in most modes, and also supports a 96-bit ECB mode. 160 bits of the key are checksum material. It supports a "shuffle" mode of operation, like the NSA cipher JUNIPER. It may use up to 192 bits as an initialization vector, regardless of the block size. SAVILLE: used for voice? 128-bit key, two modes? and per http://cryptome.org/poet-acm.htm some others? ACCORDION FIREFLY KEESEE MAYFLY SHILLELAGH WEASEL (perhaps that last a stream cipher? ;) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1937 bytes Desc: not available URL: From rich at openwatch.net Mon Jan 27 12:50:50 2014 From: rich at openwatch.net (Rich Jones) Date: Mon, 27 Jan 2014 12:50:50 -0800 Subject: BitInstant CEO / BTCKing Indicted for Money Laundering In-Reply-To: References: Message-ID: Here are the docs: http://www.scribd.com/doc/202555785/United-States-vs-Charles-Shrem-and-Robert-M-Faiella Page 11: safe-mail, not so safe! On Mon, Jan 27, 2014 at 10:16 AM, Rich Jones wrote: > Does anybody have any more information about what constitutes "operating > an unlicensed money transmitting business"? Would my cloud-mining operation > count? Relevant: http://www.law.cornell.edu/uscode/text/18/1960 > http://www.law.cornell.edu/uscode/text/31/5330 > > Oh, just in case anybody was wondering why Coinbase hasn't been touched.. > they're snitches. FOIA pending: > https://www.muckrock.com/foi/united-states-of-america-10/coinbase-fbi-9727/ > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1436 bytes Desc: not available URL: From griffin at cryptolab.net Mon Jan 27 09:52:25 2014 From: griffin at cryptolab.net (Griffin Boyce) Date: Mon, 27 Jan 2014 12:52:25 -0500 Subject: TorMail completely compromised, FBI using accounts in unrelated investigations In-Reply-To: References: Message-ID: <52E69CD9.5060709@cryptolab.net> Kelly John Rose wrote: > Tor is a great honeypot for people who don't know tradecraft. Tor won't help people with shitty overall security practices. However, I don't see how this is Tor's failing. ~Griffin From iam at kjro.se Mon Jan 27 10:00:18 2014 From: iam at kjro.se (Kelly John Rose) Date: Mon, 27 Jan 2014 13:00:18 -0500 Subject: TorMail completely compromised, FBI using accounts in unrelated investigations In-Reply-To: <52E69CD9.5060709@cryptolab.net> References: <52E69CD9.5060709@cryptolab.net> Message-ID: It isn't. I just find it continually amazing how many people think that just being on Tor somehow makes them anonymous, even when they use their own name, address and some even post pictures of themselves on it. On Mon, Jan 27, 2014 at 12:52 PM, Griffin Boyce wrote: > Kelly John Rose wrote: > >> Tor is a great honeypot for people who don't know tradecraft. >> > > Tor won't help people with shitty overall security practices. However, I > don't see how this is Tor's failing. > > ~Griffin > -- Kelly John Rose Toronto, ON Phone: +1 647 638-4104 Twitter: @kjrose Skype: kjrose.pr Gtalk: iam at kjro.se MSN: msn at kjro.se Document contents are confidential between original recipients and sender. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1530 bytes Desc: not available URL: From stephan.neuhaus at tik.ee.ethz.ch Mon Jan 27 04:54:01 2014 From: stephan.neuhaus at tik.ee.ethz.ch (Stephan Neuhaus) Date: Mon, 27 Jan 2014 13:54:01 +0100 Subject: Good books on algorithm design? In-Reply-To: <52E6347D.4050206@cryptolab.net> References: <52E6347D.4050206@cryptolab.net> Message-ID: <52E656E9.7000001@tik.ee.ethz.ch> On 01/27/2014 11:27 AM, Griffin Boyce wrote: > Hello all, > > I'm looking at books on algorithm design, and would love some > recommendations. =) Algorithm Design by Kleinman/Tardos looks okay, as > does Introduction to Algorithms by Cormen/Leiserson, but both are > seriously like a hundred dollars. Why not The Art of Computer Programming? Vols 1-3 + 4A in a box set from Amazon for USD 109? Worth every cent, and cheaper than buying the volumes independently. Also very likely to contain fewer mistakes than any other textbook, given Mr Knuth's unique approach to error-finding. Fun, Stephan From l at odewijk.nl Mon Jan 27 06:30:42 2014 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Mon, 27 Jan 2014 15:30:42 +0100 Subject: Good books on algorithm design? In-Reply-To: <52E656E9.7000001@tik.ee.ethz.ch> References: <52E6347D.4050206@cryptolab.net> <52E656E9.7000001@tik.ee.ethz.ch> Message-ID: I have the Introduction to Algorithms book. It's pretty darn good. The usual material for universities around the world. If your nation's laws permit it you may consider downloading a full copy for free. In The Netherlands it is legal, as making a copy for user at home is legal. Take care not to use something like torrentz.eu though, torrents are also uploading and thus illegal in NL. You might instead consider using Google. A quick search for "introduction to algorithms +.pdf" finds us: http://ldc.usb.ve/~xiomara/ci2525/ALG_3rd.pdf http://www.slideshare.net/hiepkhach_1006/introduction-to-algorithms-3rd-edition-thomas-h-cormen-charles-e-leiserson-ronald-l-rivest-clifford-stein and http://cs.gzu.edu.cn/lab/upload/cont/%E8%B5%84%E6%96%99%E4%B8%AD%E5%BF%83/%E7%AE%97%E6%B3%95%E5%AF%BC%E8%AE%BA.pdf And it works for just about every good book out there. Of course, use it only legally! It is important that publisher's rights are respected. As a community we come to find the optimal set of rules through our well designed systems of consent. If law follows from it, it must be respected. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2163 bytes Desc: not available URL: From mlp at upstandinghackers.com Mon Jan 27 14:16:02 2014 From: mlp at upstandinghackers.com (Meredith L. Patterson) Date: Mon, 27 Jan 2014 23:16:02 +0100 Subject: format transforming encryption with regular expressions (FTE) In-Reply-To: References: Message-ID: <20140127221602.GB23904@nestor.local> Hah! I was wondering when someone was going to start throwing parse tree differentials at regex-based DPI. Obviously the next step in the arms race is DPI systems that use correct parsers, but this is hard to do at wire speed. For now, anyway. Cheers, --mlp On Mon, Jan 27, 2014 at 09:50:02AM -0800, coderman wrote: > https://kpdyer.com/publications/ccs2013-fte.pdf > and > https://fteproxy.org/about > """ > Format-Transforming Encryption (FTE) is a novel cryptographic > primitive that extends traditional encryption... FTE takes a key, > message and format (a compact set descriptor) as input and outputs a > ciphertext in the format set. As an example, a format may describe the > set of valid HTTP messages. > > fteproxy bootstraps FTE to relay arbitrary data streams. In turn, this > enables fteproxy to use a regular expression that captures an > uncensored protocol (e.g., HTTP), then employ fteproxy to tunnel a > censored protocol (e.g., Tor, TLS, SSH, etc.) To the network monitor, > traffic looks like HTTP, even though it's actually a censored > protocol. > """ > > > git clone https://github.com/kpdyer/fteproxy.git fteproxy-unstable > cd fteproxy-unstable > make > ./bin/fteproxy From grarpamp at gmail.com Mon Jan 27 20:39:26 2014 From: grarpamp at gmail.com (grarpamp) Date: Mon, 27 Jan 2014 23:39:26 -0500 Subject: MaidSafe: p2p encrypted anonymous drivesharing homedir network? Message-ID: Lots of unknown popups making bold claims lately that should be looked into... discuss? ---------- Forwarded message ---------- From: David Irvine Date: Sun, Jan 26, 2014 at 10:51 AM Subject: [bitcoin-list] Meeting place to discuss 'the decentralised internet' projects To: bitcoin-list at lists.sourceforge.net Hi sorry for barging in, but with all of the projects now based around decentralisation, I thought a common place to exchange ideas would be good. I have created a subreddit http://www.reddit.com/r/decentralisedinternet as a place for as many projects to collaborate and share experiences, research and general comments. I am hoping to make this an open environment for discussion and technical debate, but not a place of project wars. This is essential and to that end I would like to engage with you and have you all sign up to the subreddit. I believe as we recodnise more projects then at least one person from each project should be a moderator. This should add stability and ensure that each project is protected as they all have their own path to follow. I suggest each project puts forward an admin and I will add them immediately. I believe there is enough of a push now to decentralise services and working together to achieve all of our goals can only be a good thing. Below is the sidebar text as it stands, this is all open for debate. ######################## This is a reddit of logic and not emotion, please base all debate on logic. We do not want project wars here, so no vim/emacs type debate between projects. Keep focussed and logical if at all possible. Whilst people will prefer one project over another, the point of this subreddit is to find the technically best solutions to the miriad of issues and share technology and discussion between projects. Advertising is not a goal of this subreddit, although new information about projects is encouraged. Submissions that are mostly about some other server based solutions belong elsewhere. Please avoid repetition — /r/decentralisedinternet is a subreddit devoted to new information and discussion about decentralisation of the Internet. New projects are welcome to announce themselves via this reddit, but after those have been announced they are no longer news and should not be re-posted. New news will be accepted. Aside from new project announcements, those interested in advertising to our audience should consider Reddit's self-serve advertising system. Projects so far (please request to be added by posting a link to your project, if it is upvoted and agreed by redditors to be accepted it will be added here) Freenet Tahoe bitcoin MaidSafe bitcloud twister ########################## I am sending this message to each of the projects mentioned and any others that should be included as we progress. -- David Irvine maidsafe.net twitter: @metaquestions blog: http://metaquestions.me ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ bitcoin-list mailing list bitcoin-list at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-list From rsw at jfet.org Mon Jan 27 21:45:41 2014 From: rsw at jfet.org (Riad S. Wahby) Date: Tue, 28 Jan 2014 00:45:41 -0500 Subject: CDRv2 discussion (was: Re: Al-qaeda.net deprecated) In-Reply-To: <20140127054938.GA27037@antiproton.jfet.org> References: <20140120174842.GA1034@antiproton.jfet.org> <20140125030729.GA2713@antiproton.jfet.org> <20140126010444.GA14089@antiproton.jfet.org> <20140127054938.GA27037@antiproton.jfet.org> Message-ID: <20140128054541.GA11334@antiproton.jfet.org> "Riad S. Wahby" wrote: > I'm nailing down a few last details of a proposed CDRv2 architecture. > I'll follow up with details tomorrow evening-ish and then we can beat up > on it a bit. As proposed, a description of my proposed architecture. I actually have a bit more of the details worked out in my head already, but let's start here. http://github.com/kwantam/CDRv2 -=rsw From rsw at jfet.org Mon Jan 27 21:47:43 2014 From: rsw at jfet.org (Riad S. Wahby) Date: Tue, 28 Jan 2014 00:47:43 -0500 Subject: CDRv2 discussion (was: Re: Al-qaeda.net deprecated) In-Reply-To: <20140128054541.GA11334@antiproton.jfet.org> References: <20140120174842.GA1034@antiproton.jfet.org> <20140125030729.GA2713@antiproton.jfet.org> <20140126010444.GA14089@antiproton.jfet.org> <20140127054938.GA27037@antiproton.jfet.org> <20140128054541.GA11334@antiproton.jfet.org> Message-ID: <20140128054743.GA11449@antiproton.jfet.org> "Riad S. Wahby" wrote: > As proposed, a description of my proposed architecture. I actually have Erm, "as promised." -=rsw From coderman at gmail.com Tue Jan 28 15:25:18 2014 From: coderman at gmail.com (coderman) Date: Tue, 28 Jan 2014 15:25:18 -0800 Subject: Fwd: [Dailydave] Understanding BIOS & SMM In-Reply-To: References: Message-ID: ---------- Forwarded message ---------- From: Xeno Kovah Date: Sun, Jan 26, 2014 at 7:45 AM Subject: [Dailydave] Understanding BIOS & SMM Our research team at MITRE has been looking into BIOS security for the past couple years and starting to publish our results in the last year. We described BIOS exploits and an in-BIOS defensive system called BIOS Chronomancy at venues like BlackHat and ACM CCS. We also released a free tool called Copernicus[1] which lets you detect if a BIOS is writable, and dump the contents of the BIOS from a Windows system (which makes enterprise-wide configuration and integrity checking possible.) But the question is, let's say you have a BIOS dump and it shows differences. How are you going to interpret those differences? How do you distinguish natural changes from malicious ones? We wanted to get a basic inspection capability out there, but we recognized that people were going to need to know a lot more about system internals, hardware quirks, and UEFI before they'd be able to make full use of it. So we made a class to help bootstrap people faster. Currently the class is scheduled for CanSecWest[2] and Syscan[3] (and the prices are going up starting Feb 1). It would be nice if people wanted to understand how the deep system architecture worked for it's own sake, because we of course think it's super interesting and fulfilling to know things others don't. But hopefully the news of the past couple months has made people realize that "out of sight, out of mind" isn't a great strategy for BIOS security. First there was #badBIOS (which was kicked off by Dragos experimenting with Copernicus[4]). Then there was NSA's defensive side saying they had caught the Chinese making BIOS bricking attacks[5]. Then there was NSA's offensive side being caught having their own BIOS backdoor capabilities[6]. And of course there were a whole lot of people letting their FUD flags fly around all of it. So if you'd like to get a more technical and quantitative view of what the BIOS/SMM security landscape looks like, you should check out our classes and watch for talks by Corey Kallenberg, John Butterworth, and myself over the next 6 months where we'll be describing 2 new BIOS memory-corruption-to-reflash exploits, 2 new SecureBoot-breaking tricks, and trustworthy computing extensions to Copernicus that will counter many classes of attacks against BIOS dumping software that would let an attacker hide his BIOS presence. Xeno [1]http://www.mitre.org/capabilities/cybersecurity/overview/cybersecurity-blog/copernicus-question-your-assumptions-about [2]https://cansecwest.com/dojo.html [3]http://syscan.org/index.php/sg/training [4]https://plus.google.com/103470457057356043365/posts/exuXRz5C3L3 [5]http://www.cbsnews.com/news/nsa-speaks-out-on-snowden-spying/ [6]http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html From blibbet at gmail.com Tue Jan 28 17:02:24 2014 From: blibbet at gmail.com (Blibbet) Date: Tue, 28 Jan 2014 17:02:24 -0800 Subject: Understanding BIOS & SMM In-Reply-To: References: Message-ID: <52E85320.3090709@gmail.com> > So if you'd like to get a more technical and quantitative view of what> the BIOS/SMM security landscape looks like, you should check out our > classes and watch for talks by Corey Kallenberg, John Butterworth, and > myself over the next 6 months where we'll be describing 2 new BIOS > memory-corruption-to-reflash exploits, 2 new SecureBoot-breaking > tricks, and trustworthy computing extensions to Copernicus that will > counter many classes of attacks against BIOS dumping software that > would let an attacker hide his BIOS presence. Sounds interesting. Intel has a 3-day UEFI training course for employes/partners. They put their courseware and labs online, and recent builds work with Linux and not just Windows/VisualStudio. Targets IHV audience, not security-centric. http://sourceforge.net/projects/edk2/files/Training/TrainingMaterial/ The above-mentioned Butterworth recently spoke at Perdue on BIOS security: http://www.cerias.purdue.edu/news_and_events/events/security_seminar/details/index/qa8g9li61m3ip5olpjm8pkgh58 If you're in the Seatle area I'll be doing another half-day dev intro to UEFI at the local univerisity capture-the-flag team in March, and I think non-students are welcome to attend. From gwen at cypherpunks.to Wed Jan 29 17:33:53 2014 From: gwen at cypherpunks.to (gwen hastings) Date: Wed, 29 Jan 2014 17:33:53 -0800 Subject: facial mesh tracking and subsitution Message-ID: <52E9AC01.6090700@cypherpunks.to> https://github.com/auduno/clmtrackr -- Tentacle #99 ecc public key curve p25519(pcp 0.15) 1l0$WoM5C8z=yeZG7?$]f^Uu8.g>4rf#t^6mfW9(rr910 Governments are instituted among men, deriving their just powers from the consent of the governed, that whenever any form of government becomes destructive of these ends, it is the right of the people to alter or abolish it, and to institute new government, laying its foundation on such principles, and organizing its powers in such form, as to them shall seem most likely to effect their safety and happiness.’ https://github.com/TLINDEN/pcp.git to get pcp(curve25519 cli) https://github.com/stef/pbp.git (curve 25519 python based cli) -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x42AA24D5.asc Type: application/pgp-keys Size: 70878 bytes Desc: not available URL: From carimachet at gmail.com Wed Jan 29 14:24:21 2014 From: carimachet at gmail.com (Cari Machet) Date: Wed, 29 Jan 2014 22:24:21 +0000 Subject: Jim Bell comes to Cypherpunks? In-Reply-To: <1388654366.20212.YahooMailNeo@web141206.mail.bf1.yahoo.com> References: <1388522481.31937.YahooMailNeo@web141205.mail.bf1.yahoo.com> <201401011908.s01J8Vtl016061@new.toad.com> <5936A644-1145-4ED7-A10A-90CB4A85990E@riseup.net> <1388622376.69491.YahooMailNeo@web141205.mail.bf1.yahoo.com> <1388652575.95433.YahooMailNeo@web160704.mail.bf1.yahoo.com> <1388654366.20212.YahooMailNeo@web141206.mail.bf1.yahoo.com> Message-ID: ok found some beautiful people in san fran to help you with the matter of handing off your key so i will be emailing them and you to connect you up FYI the eff declined to help in this matter - for future reference ... On Thu, Jan 2, 2014 at 9:19 AM, Jim Bell wrote: > Yes, as I understand it the address on my patent application was changed > about August 2013. However, the site "freepatentsonline.com" may not > have gotten the word. > Jim Bell > > ------------------------------ > *From:* Joe Wang > *To:* Jim Bell ; cypherpunks < > cypherpunks at riseup.net>; "barlow at eff.org" ; " > cypherpunks at cpunks.org" ; "gnu at toad.com" < > gnu at toad.com> > *Sent:* Thursday, January 2, 2014 12:49 AM > > *Subject:* Re: Jim Bell comes to Cypherpunks? > > > Yeah stay away from Twitter Jim. Its bunch of junks and rants (including > mine) follow up with more rants uh, tweets. > > By the way I check out your fiber invention link below. The address on > file is still back at the prison, you probably want to change that just as > an fyi. > > -Joe > > ------------------------------ > *From:* Jim Bell > *To:* cypherpunks ; "barlow at eff.org" < > barlow at eff.org>; "cypherpunks at cpunks.org" ; " > gnu at toad.com" > *Sent:* Thursday, January 2, 2014 8:26 AM > *Subject:* Re: Jim Bell comes to Cypherpunks? > > Twitter for me? My impression is that this is more for issues where > seconds, minutes, or hours count. I don't know who I'd want to follow so > closely as to monitor Twitter. > As for me saying something? Well, I don't know if I have that much to > say. It's not like I don't have opinions...I have many of them. But, > right now the world is awash in opinions, from blogs to twitter. What > would I talk about...uh...other than the obvious? What, in general, would > people want ME to talk about? > Further, right now my main interest is in promoting and developing my > isotope-modified fiber optic invention. http://www.freepatentsonline.com/WO2013101261A1.html > > Jim Bell > > ------------------------------ > *From:* cypherpunks > *To:* John Gilmore > *Cc:* "barlow at eff.org" ; Bell Jim ; > "cypherpunks at riseup.net" > *Sent:* Wednesday, January 1, 2014 1:45 PM > *Subject:* Re: Jim Bell comes to Cypherpunks? > > I've no idea if there're any physical cpunks meetings. Living in Europe > and visiting some hacker conferences and hackerspaces from time to time. > Guess - it would be you Golden State guys to do some. > On the other side - Jim, how about open a twitter account and be part > of the social media thingy too? :) > > --Michael > > > Am 01.01.2014 um 20:08 schrieb John Gilmore : > > > Are there physical cypherpunks meetings these days? I don't know of any. > > There are many hackerspaces in various cities that have regular meetings, > > but I don't attend any and don't know which ones relate to cypherpunk > > topics. > > > > We (or anybody) could restart such meetings, I suppose... > > > > John > > > > > > -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 9812 bytes Desc: not available URL: From jya at pipeline.com Thu Jan 30 04:32:38 2014 From: jya at pipeline.com (John Young) Date: Thu, 30 Jan 2014 07:32:38 -0500 Subject: NSA Redactions Fail, Fail and Fail Again In-Reply-To: <52E8DF8B.7040400@riseup.net> References: <51F30B31.6010204@gmail.com> <52E8DF8B.7040400@riseup.net> Message-ID: Humorous Snowden media inept infosec redactions: NSA Redactions Fail, Fail and Fail Again: http://cryptome.org/2014/01/nsa-redaction-fails.pdf From jamesdbell9 at yahoo.com Thu Jan 30 09:44:51 2014 From: jamesdbell9 at yahoo.com (jim bell) Date: Thu, 30 Jan 2014 09:44:51 -0800 (PST) Subject: Fw: Jim Bell's Email crash In-Reply-To: <1391072079.73173.YahooMailNeo@web126205.mail.ne1.yahoo.com> References: <1391068981.93832.YahooMailNeo@web126205.mail.ne1.yahoo.com> <1391072079.73173.YahooMailNeo@web126205.mail.ne1.yahoo.com> Message-ID: <1391103891.57065.YahooMailNeo@web126206.mail.ne1.yahoo.com> My email provider, the idiots at Yahoo.com, crashed my email address account 'jamesdbell8 at yahoo.com' last Sunday.   I have lost my email addresses, as well as all emails.  For now, I will have to operate on a new email address, 'jamesdbell9 at yahoo.com'.   At this point, Yahoo is my #1 enemy, and I expect them to be "The first against the wall when the revolution comes".          Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1886 bytes Desc: not available URL: From jamesdbell9 at yahoo.com Thu Jan 30 11:20:54 2014 From: jamesdbell9 at yahoo.com (jim bell) Date: Thu, 30 Jan 2014 11:20:54 -0800 (PST) Subject: Fw: Jim Bell's Email crash In-Reply-To: References: <1391068981.93832.YahooMailNeo@web126205.mail.ne1.yahoo.com> <1391072079.73173.YahooMailNeo@web126205.mail.ne1.yahoo.com> <1391103891.57065.YahooMailNeo@web126206.mail.ne1.yahoo.com> Message-ID: <1391109654.21886.YahooMailNeo@web126201.mail.ne1.yahoo.com> >From:  Cari Machet >i wondered what happened - i tried to send you a note about getting ur pgp key validated in san fran - will send again >why are you using them as an email provider again?     About my email crash:  I am merely temporarily going to 'jamesdbell9 at yahoo.com', to allow me to communicate with yahoo, hopefully to restore my past emails and address book.  Once things are back in place, I will probably migrate to a Gmail account, or something else if people recommend it. (Raising the question:  Is there a reasonably straightforward mechanism to allow a disgusted user to (easily and automatically) transfer all of his emails from one system to another?  Obviously, email service providers are motivated to try to lock in users, but maybe there's a way to fight this.)  When I think that the hard drive on my computer has probably 300 gigabytes of freespace left, and I doubt whether the space necessary to store ALL of my inbox emails (and a large folder as well) probably wouldn't require 1 gigabyte!  One of the major problems with dealing with the 'cloud' computing is that we become dependent on the incompetence of third parties, for storing and maintaining services.  In principle, such people might be _more_ competent and capable, but at this point I very much long for the possibility of maintaining a 'personal backup' of email on my own computer, in parallel with anything stored elsewhere.     So far, Yahoo has reflexively claimed that the account was terminated for 'abuse', but I think I understand what happened.,  It gave me a request to re-login since it had been a long time since I'd done that (maybe 2 weeks?); cautious about 'phishing', I opened a new window and pointed to 'Yahoo.com' and tried to log in.  I think that the system was confused, because (presumably) I was still logged onto Yahoo, the window requesting that I re-log-in.  (It is possible that this is what the computer interpreted as 'abuse'; in any case the first-level staffers have, so far, merely repeated what their software claimed.)     In hindsight, what I suspect I SHOULD have done was to completely log off Yahoo, and THEN open up a new window and log back on.  Yahoo had some major outages about December 11, 2013   http://allthingsd.com/20131211/kick-the-can-yahoo-mail-is-a-consumer-disaster-but-companys-response-is-even-worse/    At least then, they said they'd work to restore people's data; I intend to use that promise against them.     As for a PGP key:  I have not made a PGP key yet.  I will do so before I come down to the SF area to get it signed.  However, understand that I don't really view any PGP key I generate as being 'safe':  I am virtually assuming that my computer is, inherently, a major honey-pot (simply because it is owned by "Jim Bell"), which means that there are probably a few dozen instances of national-level malware in it, transmitting my every keystroke to NSA, GCHQ, and just about everyone else who cares.  Including, of course, my passphrases.    One thing I will want to have happen in San Francisco is to allow the meeting to exercise their anti-cracker skills to find out just how many nations have compromised my computer.  Might as well.     I renew my offer to engage in Skype video calls with anyone, as a reasonably good proof of my identity.  It occurred to me that I could disconnect my computer from power and wired (ethernet) Internet service, maintaining WiFi, and walk out the front door of my house, all the while during said Skype call, and show (behind me) my house and car (1995 Suzuki Sidekick JLX), at the address 7214 Corregidor, Vancouver WA 98664 USA.  Anyone who installs Google Earth should be able to 'Streetview', verifying what the house looks like, etc.         Jim Bell A picture of me from the web:  (I still wear this sweater:  I didn't have access to it, and thus didn't wear it out, during my vacation(s) at the Federal "gated communities" during most of 1997-2012.  I probably still have the shirt, too!) On Thursday, January 30, 2014 10:34 AM, Cari Machet wrote: i wondered what happened - i tried to send you a note about getting ur pgp key validated in san fran - will send again why are you using them as an email provider again? On Thu, Jan 30, 2014 at 5:44 PM, jim bell wrote: My email provider, the idiots at Yahoo.com, crashed my email address account 'jamesdbell8 at yahoo.com' last Sunday.   I have lost my email addresses, as well as all emails.  For now, I will have to operate on a new email address, 'jamesdbell9 at yahoo.com'.   At this point, Yahoo is my #1 enemy, and I expect them to be "The first against the wall when the revolution comes". >         Jim Bell > > > > > -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 16638 bytes Desc: not available URL: From rysiek at hackerspace.pl Thu Jan 30 03:19:51 2014 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 30 Jan 2014 12:19:51 +0100 Subject: {}coin: good enough for election politics? In-Reply-To: References: <20140120050132.GQ3180@nl.grid.coop> <1390543792.90788.YahooMailNeo@web164604.mail.gq1.yahoo.com> Message-ID: <2169683.8EgNDhh3nY@lap> Dnia piątek, 24 stycznia 2014 01:45:51 J.A. Terranson pisze: > On Thu, 23 Jan 2014, Jim Bell wrote: > > Hmmm, I thought that _I_ invented the concept of "Government 2.0" when I > > wrote my "Assassination Politics" essay in 1995-96. Or perhaps I should > > have called it, "Government Omega.Omega". > > > > Jim Bell > > No... It should have ben called Government Delta.Delta. ;-) Aren't govenments and their agents often/usually Delta-Iota-Kappas? -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Thu Jan 30 03:24:11 2014 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 30 Jan 2014 12:24:11 +0100 Subject: {}coin: good enough for election politics? In-Reply-To: <52E1C849.3060701@echeque.com> References: <20140120050132.GQ3180@nl.grid.coop> <52E1C849.3060701@echeque.com> Message-ID: <1786224.yaMagj8Sfj@lap> Dnia piątek, 24 stycznia 2014 11:56:25 James A. Donald pisze: > On 2014-01-24 11:18, Juan Garofalo wrote: > > 3, 2, 1, A conservative starts to pretend that 'private' censorship is > > not > > > > censorship! > > If different corporations each had their own ideas on what should be > censored, private censorship would not be censorship. That, and one more condition: that we could choose different kinds of services and products independently. Unfortunately, different kinds of services and products are bundled in ways making it impossible for us to make informed choices, let alone choose them independently. For instance, if I go to food chain X, I only get soda Y. This is a very simple example of a huge problem, seen everywhere, esp. in the ICT sector. And it will only get more evident if net neutrality is not enforced. > The problem is that we hear one voice through a thousand megaphones. For once, we agree. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Thu Jan 30 03:30:50 2014 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 30 Jan 2014 12:30:50 +0100 Subject: {}coin: good enough for election politics? In-Reply-To: <52E1C494.8020206@echeque.com> References: <20140120050132.GQ3180@nl.grid.coop> <1570101.OHLpTmz9Hx@lap> <52E1C494.8020206@echeque.com> Message-ID: <3435928.Zz7P1lzMsI@lap> Dnia piątek, 24 stycznia 2014 11:40:36 James A. Donald pisze: > On 2014-01-24 10:42, rysiek wrote: > > Thing is, today not only authorities have increased power to enforce their > > prejudices. Multinationals have sometimes even bigger power and > > possibilities as far as this is concerned -- just consider what Facebook > > can do in terms of censorship. Or Google. > > Does it not strike you as odd that all censorship by facebook and google > expresses the same political agenda, that of the state. No, because it does not, at least not always. For instance, in Poland there were several cases of Facebook censoring/removing profiles that bashed large corporations for their actions. Of course multinationals and governments cooperate very closely on this, but it does not mean that for such censorship the government is solely responsible. And even if that would be the case -- even if ANY AND ALL cases of censorship and self-censorship in large, centralised, corporate communication and information platforms like Facebook or Google where government-ordered, my take on this would still be that we need to decentralise and spread them out, so as to make it so much harder for governments to censor. Because instead of going to a few one-stop-shops like Google, Microsoft, Facebook, AT&T, Crapple and getting 95% of communication censored, the government would have to reach out to thousands upon thousands of private companies and persons and make them censor their infrastructure. Some would agree. Some would not. The latter group is why it's worthwhile. So any way you look at it, large multinationals are dangerous -- either on their own account, or through the simple fact that they make governments' "work" much, much easier. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Thu Jan 30 03:31:51 2014 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 30 Jan 2014 12:31:51 +0100 Subject: {}coin: good enough for election politics? In-Reply-To: <52E22C2F.90903@echeque.com> References: <20140120050132.GQ3180@nl.grid.coop> <52E22C2F.90903@echeque.com> Message-ID: <2848561.mnuODIgjtt@lap> Dnia piątek, 24 stycznia 2014 19:02:39 James A. Donald pisze: > J.A. Terranson > > > Assuming all of your arguments to be correct (which I don't), I would want > > to remove "freedom of speech" for corporations because it artificially > > amplifies the voice of the corporate entity: the individuals who own the > > issued shares of the corporation already have these freedoms > > They ought to have these freedom, but in practice they don't. Hillary > Clinton does not have to obey the campaign finance laws, leftists do not > have to obey the campaign finance laws, but Kirk Shelmerdine does have > to obey the campaign finance laws. > > And because corporations do not, in practice, have these freedoms, their > employees and shareholders are denied these freedoms. Maybe instead of giving the voice to a legal fiction we should work towards restoring the voice of real persons, eh?.. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Thu Jan 30 03:34:48 2014 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 30 Jan 2014 12:34:48 +0100 Subject: MaidSafe: p2p encrypted anonymous drivesharing homedir network? In-Reply-To: References: Message-ID: <7958658.0nmrdcl9qu@lap> Dnia poniedziałek, 27 stycznia 2014 23:39:26 grarpamp pisze: > Lots of unknown popups making bold claims lately > that should be looked into... discuss? > > > ---------- Forwarded message ---------- > From: David Irvine > Date: Sun, Jan 26, 2014 at 10:51 AM > Subject: [bitcoin-list] Meeting place to discuss 'the decentralised > internet' projects > To: bitcoin-list at lists.sourceforge.net > > > Hi sorry for barging in, but with all of the projects now based around > decentralisation, I thought a common place to exchange ideas would be good. > I have created a subreddit > http://www.reddit.com/r/decentralisedinternet as a place for as many > projects to collaborate and share experiences, > research and general comments. Cue scumbag activist meme: TALKS ABOUT DECENTRALISATION CHOOSES A CENTRALISED SERVICE AS MAIN COMMUNICATION CHANNEL -_-' There is no hope. -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From jamesdbell9 at yahoo.com Thu Jan 30 13:24:41 2014 From: jamesdbell9 at yahoo.com (jim bell) Date: Thu, 30 Jan 2014 13:24:41 -0800 (PST) Subject: Fw: Jim Bell's Email crash In-Reply-To: <1391110481.3784.77371437.0FEEB11E@webmail.messagingengine.com> References: <1391068981.93832.YahooMailNeo@web126205.mail.ne1.yahoo.com> <1391072079.73173.YahooMailNeo@web126205.mail.ne1.yahoo.com> <1391103891.57065.YahooMailNeo@web126206.mail.ne1.yahoo.com> <1391110481.3784.77371437.0FEEB11E@webmail.messagingengine.com> Message-ID: <1391117081.22762.YahooMailNeo@web126204.mail.ne1.yahoo.com> By Moon Jones: >Actually the idiot is someone who just does not back up important data. >A double idiot I see. I guess that's the trouble with large providers: >they let anybody in. Hence the bad publicity.  I assume Yahoo DOES 'back up important data'.  The problem here is different:  The Yahoo computer system probably (falsely) figured that there was suspicious activity going on.  (It probably saw my logon Sunday, while I was still logged on in another window, as being suspicious).  I did not anticipate that my doing what I did was going to be a problem.  The big problem is that the Yahoo computer system precipitately reacted, quite improperly, by not merely suspending the account, but by actually deleting the entire account!   This is the computer equivalent of 'insanity'. I have heard it said that computer features that are infrequently (or even rarely) used do not tend to be perfected.  ("Software rot"; see    http://en.wikipedia.org/wiki/Software_rot   )   Since only rarely would this kind of situation occur, a bug in the system would tend not to be quickly found.  Also, you are wrong for a second reason.  Yahoo (or any other email provider) could easily set up their system to keep a backup of the email data on the user's computer.  While that data, too, would be vulnerable to various events, the probability that BOTH the 'cloud'-kept data AND the user-computer-kept data becoming unavailable simultaneously should be exceedingly low.  Probably one of the reasons Yahoo doesn't take this precaution is that they are trying to lock-in users to their system.  If they gave a user's computer a copy of the entire content of the user's data, it would be too easy (for Yahoo's purposes) for the user to transfer his data to another email system:  Competing email systems would be motivated to write software to adopt such data into a new account. Even so, I have done a Google search for an email-account transfer service.  (Turns out they exist!).  What I'd really like to do is to obtain a new email address, but simultaneously maintain 'jamesdbell8' as one email address, instructing yahoo to automatically transfer any incoming mail to a second address.  This feature would greatly ease the difficulty of transferring to a different email account.         Jim Bell  On Thursday, January 30, 2014 12:02 PM, Moon Jones wrote: Actually the idiot is someone who just does not back up important data. A double idiot I see. I guess that's the trouble with large providers: they let anybody in. Hence the bad publicity. On Thu, Jan 30, 2014, at 18:44, jim bell wrote: > My email provider, the idiots at Yahoo.com, crashed my email address > account 'jamesdbell8 at yahoo.com' last Sunday.   I have lost my email > addresses, as well as all emails.  For now, I will have to operate on a > new email address, 'jamesdbell9 at yahoo.com'.   At this point, Yahoo is my > #1 enemy, and I expect them to be "The first against the wall when the > revolution comes". >          Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5861 bytes Desc: not available URL: From carimachet at gmail.com Thu Jan 30 06:04:55 2014 From: carimachet at gmail.com (Cari Machet) Date: Thu, 30 Jan 2014 14:04:55 +0000 Subject: NSA Redactions Fail, Fail and Fail Again In-Reply-To: References: <51F30B31.6010204@gmail.com> <52E8DF8B.7040400@riseup.net> Message-ID: <7B48FB48-684E-4DE1-A6EE-09C46D759F04@gmail.com> Yes I sent one to the list before as well - gobermint don't knows how to redact with the digits 0 1 0 1 no worky ... On 30.01.2014, at 12:32, John Young wrote: > Humorous Snowden media inept infosec redactions: > > NSA Redactions Fail, Fail and Fail Again: > > http://cryptome.org/2014/01/nsa-redaction-fails.pdf > > From shelley at misanthropia.info Thu Jan 30 14:17:03 2014 From: shelley at misanthropia.info (shelley at misanthropia.info) Date: Thu, 30 Jan 2014 14:17:03 -0800 Subject: Fw: Jim Bell's Email crash In-Reply-To: <1391117081.22762.YahooMailNeo@web126204.mail.ne1.yahoo.com> Message-ID: <20140130221709.5E9A068026C@frontend2.nyi.mail.srv.osa> Why not just get your own domain? For about $10/yr or so, you can set up your DNS/MX records to use any provider you want & fw your yahoo mail  (Stay away from GoDaddy.) You should have a local backup of your own emails, is what Moon Jones was trying to say in a rude way.  Easily done with thunderbird. Would be happy to help you set it up or advise if you need.  On Jan 30, 2014 2:10 PM, jim bell <jamesdbell9 at yahoo.com> wrote: By Moon Jones:>Actually the idiot is someone who just does not back up important data.>A double idiot I see. I guess that's the trouble with large providers:>they let anybody in. Hence the bad publicity.  I assume Yahoo DOES 'back up important data'.  The problem here is different:  The Yahoo computer system probably (falsely) figured that there was suspicious activity going on.  (It probably saw my logon Sunday, while I was still logged on in another window, as being suspicious).  I did not anticipate that my doing what I did was going to be a problem.  The big problem is that the Yahoo computer system precipitately reacted, quite improperly, by not merely suspending the account, but by actually deleting the entire account!   This is the computer equivalent of 'insanity'. I have heard it said that computer features that are infrequently (or even rarely) used do not tend to be perfected.  ("Software rot"; see    http://en.wikipedia.org/wiki/Software_rot   )   Since only rarely would this kind of situation occur, a bug in the system would tend not to be quickly found.  Also, you are wrong for a second reason.  Yahoo (or any other email provider) could easily set up their system to keep a backup of the email data on the user's computer.  While that data, too, would be vulnerable to various events, the probability that BOTH the 'cloud'-kept data AND the user-computer-kept data becoming unavailable simultaneously should be exceedingly low.  Probably one of the reasons Yahoo doesn't take this precaution is that they are trying to lock-in users to their system.  If they gave a user's computer a copy of the entire content of the user's data, it would be too easy (for Yahoo's purposes) for the user to transfer his data to another email system:  Competing email systems would be motivated to write software to adopt such data into a new account.Even so, I have done a Google search for an email-account transfer service.  (Turns out they exist!).  What I'd really like to do is to obtain a new email address, but simultaneously maintain 'jamesdbell8' as one email address, instructing yahoo to automatically transfer any incoming mail to a second address.  This feature would greatly ease the difficulty of transferring to a different email account.         Jim Bell  On Thursday, January 30, 2014 12:02 PM, Moon Jones <mjones at pencil.allmail.net> wrote: Actually the idiot is someone who just does not back up important data.A double idiot I see. I guess that's the trouble with large providers:they let anybody in. Hence the bad publicity.On Thu, Jan 30, 2014, at 18:44, jim bell wrote:> My email provider, the idiots at Yahoo.com, crashed my email address> account 'jamesdbell8 at yahoo.com' last Sunday.   I have lost my email> addresses, as well as all emails.  For now, I will have to operate on a> new email address, 'jamesdbell9 at yahoo.com'.   At this point, Yahoo is my> #1 enemy, and I expect them to be "The first against the wall when the> revolution comes".>          Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 6609 bytes Desc: not available URL: From bmanning at isi.edu Thu Jan 30 15:32:06 2014 From: bmanning at isi.edu (manning bill) Date: Thu, 30 Jan 2014 15:32:06 -0800 Subject: Jim Bell's Email crash In-Reply-To: <52EADE13.7080206@nrk.com> References: <1391068981.93832.YahooMailNeo@web126205.mail.ne1.yahoo.com> <1391072079.73173.YahooMailNeo@web126205.mail.ne1.yahoo.com> <1391103891.57065.YahooMailNeo@web126206.mail.ne1.yahoo.com> <1391109654.21886.YahooMailNeo@web126201.mail.ne1.yahoo.com> <52EADE13.7080206@nrk.com> Message-ID: <41D64507-0771-405E-80E4-2FDE1FF8CA87@isi.edu> http://techcrunch.com/2014/01/30/yahoo-detects-mass-hack-attempt-on-yahoo-mail-resets-all-affected-passwords/ its not just jim... /bill Neca eos omnes. Deus suos agnoscet. On 30January2014Thursday, at 15:19, David wrote: > On 1/30/14 2:20 PM, jim bell wrote: > >> (Raising the question: Is there a reasonably straightforward mechanism >> to allow a disgusted user to (easily and automatically) transfer all of >> his emails from one system to another? Obviously, email service >> providers are motivated to try to lock in users, but maybe there's a way >> to fight this.) > > > IMAP. > > I have IMAP set up on my Yahoo account: > > Server: imap.mail.yahoo.com > Port: 993 > Username: xxx at yahoo.com > SSL/TLS > > > Then I can just transfer messages to another IMAP account. > > > > > > From jamesdbell9 at yahoo.com Thu Jan 30 16:24:40 2014 From: jamesdbell9 at yahoo.com (jim bell) Date: Thu, 30 Jan 2014 16:24:40 -0800 (PST) Subject: Jim Bell's Email crash In-Reply-To: <41D64507-0771-405E-80E4-2FDE1FF8CA87@isi.edu> References: <1391068981.93832.YahooMailNeo@web126205.mail.ne1.yahoo.com> <1391072079.73173.YahooMailNeo@web126205.mail.ne1.yahoo.com> <1391103891.57065.YahooMailNeo@web126206.mail.ne1.yahoo.com> <1391109654.21886.YahooMailNeo@web126201.mail.ne1.yahoo.com> <52EADE13.7080206@nrk.com> <41D64507-0771-405E-80E4-2FDE1FF8CA87@isi.edu> Message-ID: <1391127880.39275.YahooMailNeo@web126204.mail.ne1.yahoo.com> Thank you for posting this.  You know the old saying, "misery loves company".  This fact should apply additional pressure to Yahoo to fix the problem for 'everybody' including me.  I will cite this material to Yahoo, hopefully to shame them into claiming that I 'abused' my email account.  (They STILL haven't explained what the nature of the 'abuse' was.) 'Somebody' needs to solve the 'password problem'.   Others (but not me) may be strongly tempted to re-use the same password in many sites.  I always thought that was foolish to the highest degree:  It would powerfully motivate people to set up 'honey-pot' websites, if for no other purpose that to collect passwords, figuring (correctly, unfortunately) that a large segment of society would re-use passwords.  Maybe this is already a well-discussed matter,  and I understand that a partial solution includes the use of fingerprint readers, rings, and possibly retina-scans.          Jim Bell On Thursday, January 30, 2014 4:00 PM, manning bill wrote: http://techcrunch.com/2014/01/30/yahoo-detects-mass-hack-attempt-on-yahoo-mail-resets-all-affected-passwords/ its not just jim... /bill Neca eos omnes.  Deus suos agnoscet. On 30January2014Thursday, at 15:19, David wrote: > On 1/30/14 2:20 PM, jim bell wrote: > >> (Raising the question:  Is there a reasonably straightforward mechanism >> to allow a disgusted user to (easily and automatically) transfer all of >> his emails from one system to another?  Obviously, email service >> providers are motivated to try to lock in users, but maybe there's a way >> to fight this.) > > > IMAP. > > I have IMAP set up on my Yahoo account: > > Server: imap.mail.yahoo.com > Port: 993 > Username: xxx at yahoo.com > SSL/TLS > > > Then I can just transfer messages to another IMAP account. > > > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3942 bytes Desc: not available URL: From wb8foz at nrk.com Thu Jan 30 15:19:47 2014 From: wb8foz at nrk.com (David) Date: Thu, 30 Jan 2014 18:19:47 -0500 Subject: Fw: Jim Bell's Email crash In-Reply-To: <1391109654.21886.YahooMailNeo@web126201.mail.ne1.yahoo.com> References: <1391068981.93832.YahooMailNeo@web126205.mail.ne1.yahoo.com> <1391072079.73173.YahooMailNeo@web126205.mail.ne1.yahoo.com> <1391103891.57065.YahooMailNeo@web126206.mail.ne1.yahoo.com> <1391109654.21886.YahooMailNeo@web126201.mail.ne1.yahoo.com> Message-ID: <52EADE13.7080206@nrk.com> On 1/30/14 2:20 PM, jim bell wrote: > (Raising the question: Is there a reasonably straightforward mechanism > to allow a disgusted user to (easily and automatically) transfer all of > his emails from one system to another? Obviously, email service > providers are motivated to try to lock in users, but maybe there's a way > to fight this.) IMAP. I have IMAP set up on my Yahoo account: Server: imap.mail.yahoo.com Port: 993 Username: xxx at yahoo.com SSL/TLS Then I can just transfer messages to another IMAP account. From dan at geer.org Thu Jan 30 15:26:39 2014 From: dan at geer.org (dan at geer.org) Date: Thu, 30 Jan 2014 18:26:39 -0500 Subject: {}coin: good enough for election politics? In-Reply-To: Your message of "Fri, 24 Jan 2014 11:56:25 +1000." <52E1C849.3060701@echeque.com> Message-ID: <20140130232639.1F5D1228104@palinka.tinho.net> > 3, 2, 1, A conservative starts to pretend that 'private' censorship is > not censorship! The great distinction: A conservative is a socialist who worships order. A liberal is a socialist who worships safety. -- Victor Milan', 1999 From carimachet at gmail.com Thu Jan 30 10:33:43 2014 From: carimachet at gmail.com (Cari Machet) Date: Thu, 30 Jan 2014 18:33:43 +0000 Subject: Fw: Jim Bell's Email crash In-Reply-To: <1391103891.57065.YahooMailNeo@web126206.mail.ne1.yahoo.com> References: <1391068981.93832.YahooMailNeo@web126205.mail.ne1.yahoo.com> <1391072079.73173.YahooMailNeo@web126205.mail.ne1.yahoo.com> <1391103891.57065.YahooMailNeo@web126206.mail.ne1.yahoo.com> Message-ID: i wondered what happened - i tried to send you a note about getting ur pgp key validated in san fran - will send again why are you using them as an email provider again? On Thu, Jan 30, 2014 at 5:44 PM, jim bell wrote: > My email provider, the idiots at Yahoo.com, crashed my email address > account 'jamesdbell8 at yahoo.com' last Sunday. I have lost my email > addresses, as well as all emails. For now, I will have to operate on a new > email address, 'jamesdbell9 at yahoo.com'. At this point, Yahoo is my #1 > enemy, and I expect them to be "The first against the wall when the > revolution comes". > Jim Bell > > > > > -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2908 bytes Desc: not available URL: From eric at konklone.com Thu Jan 30 15:40:39 2014 From: eric at konklone.com (Eric Mill) Date: Thu, 30 Jan 2014 18:40:39 -0500 Subject: Fw: Jim Bell's Email crash In-Reply-To: <52EADE13.7080206@nrk.com> References: <1391068981.93832.YahooMailNeo@web126205.mail.ne1.yahoo.com> <1391072079.73173.YahooMailNeo@web126205.mail.ne1.yahoo.com> <1391103891.57065.YahooMailNeo@web126206.mail.ne1.yahoo.com> <1391109654.21886.YahooMailNeo@web126201.mail.ne1.yahoo.com> <52EADE13.7080206@nrk.com> Message-ID: Maybe related to this semi-breach? http://yahoo.tumblr.com/post/75083532312/important-security-update-for-yahoo-mail-users Looks like someone took a previously leaked DB of emails/passwords and ran it against Yahoo's servers. On Thu, Jan 30, 2014 at 6:19 PM, David wrote: > On 1/30/14 2:20 PM, jim bell wrote: > > (Raising the question: Is there a reasonably straightforward mechanism >> to allow a disgusted user to (easily and automatically) transfer all of >> his emails from one system to another? Obviously, email service >> providers are motivated to try to lock in users, but maybe there's a way >> to fight this.) >> > > > IMAP. > > I have IMAP set up on my Yahoo account: > > Server: imap.mail.yahoo.com > Port: 993 > Username: xxx at yahoo.com > SSL/TLS > > > Then I can just transfer messages to another IMAP account. > > > > > > > -- konklone.com | @konklone -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1835 bytes Desc: not available URL: From lists at silent1.net Thu Jan 30 11:59:27 2014 From: lists at silent1.net (Silent1) Date: Thu, 30 Jan 2014 19:59:27 -0000 Subject: Jim Bell's Email crash In-Reply-To: <1391103891.57065.YahooMailNeo@web126206.mail.ne1.yahoo.com> References: <1391068981.93832.YahooMailNeo@web126205.mail.ne1.yahoo.com> <1391072079.73173.YahooMailNeo@web126205.mail.ne1.yahoo.com> <1391103891.57065.YahooMailNeo@web126206.mail.ne1.yahoo.com> Message-ID: <004201cf1df5$c87186b0$59549410$@net> Why do you not use a hosting provider and or host your own email server? From: cypherpunks [mailto:cypherpunks-bounces at cpunks.org] On Behalf Of jim bell Sent: Thursday, January 30, 2014 5:45 PM To: cypherpunks at cpunks.org Subject: Fw: Jim Bell's Email crash My email provider, the idiots at Yahoo.com, crashed my email address account 'jamesdbell8 at yahoo.com' last Sunday. I have lost my email addresses, as well as all emails. For now, I will have to operate on a new email address, 'jamesdbell9 at yahoo.com'. At this point, Yahoo is my #1 enemy, and I expect them to be "The first against the wall when the revolution comes". Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3828 bytes Desc: not available URL: From mjones at pencil.allmail.net Thu Jan 30 11:34:41 2014 From: mjones at pencil.allmail.net (Moon Jones) Date: Thu, 30 Jan 2014 20:34:41 +0100 Subject: Fw: Jim Bell's Email crash In-Reply-To: <1391103891.57065.YahooMailNeo@web126206.mail.ne1.yahoo.com> References: <1391068981.93832.YahooMailNeo@web126205.mail.ne1.yahoo.com> <1391072079.73173.YahooMailNeo@web126205.mail.ne1.yahoo.com> <1391103891.57065.YahooMailNeo@web126206.mail.ne1.yahoo.com> Message-ID: <1391110481.3784.77371437.0FEEB11E@webmail.messagingengine.com> Actually the idiot is someone who just does not back up important data. A double idiot I see. I guess that's the trouble with large providers: they let anybody in. Hence the bad publicity. On Thu, Jan 30, 2014, at 18:44, jim bell wrote: > My email provider, the idiots at Yahoo.com, crashed my email address > account 'jamesdbell8 at yahoo.com' last Sunday.   I have lost my email > addresses, as well as all emails.  For now, I will have to operate on a > new email address, 'jamesdbell9 at yahoo.com'.   At this point, Yahoo is my > #1 enemy, and I expect them to be "The first against the wall when the > revolution comes". >          Jim Bell From rysiek at hackerspace.pl Thu Jan 30 13:17:21 2014 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 30 Jan 2014 22:17:21 +0100 Subject: Fw: Jim Bell's Email crash In-Reply-To: <1391109654.21886.YahooMailNeo@web126201.mail.ne1.yahoo.com> References: <1391068981.93832.YahooMailNeo@web126205.mail.ne1.yahoo.com> <1391109654.21886.YahooMailNeo@web126201.mail.ne1.yahoo.com> Message-ID: <2433168.vjrPc7SUyq@lap> Dnia czwartek, 30 stycznia 2014 11:20:54 jim bell pisze: > >From: Cari Machet > >i wondered what happened - i tried to send you a note about getting ur pgp > >key validated in san fran - will send again why are you using them as an > >email provider again? > > About my email crash: I am merely temporarily going to > 'jamesdbell9 at yahoo.com', to allow me to communicate with yahoo, hopefully > to restore my past emails and address book. Once things are back in place, > I will probably migrate to a Gmail account, or something else if people > recommend it. IMAP/POP? -- Pozdr rysiek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 316 bytes Desc: This is a digitally signed message part. URL: From grarpamp at gmail.com Thu Jan 30 20:34:29 2014 From: grarpamp at gmail.com (grarpamp) Date: Thu, 30 Jan 2014 23:34:29 -0500 Subject: [Cryptography] The crypto behind the blackphone In-Reply-To: <7DFE3277-2ED4-492F-B5DF-F00F01A32B13@callas.org> References: <2A1FFA4B-9768-48A7-8838-4AB6729CB8B5@callas.org> <7DFE3277-2ED4-492F-B5DF-F00F01A32B13@callas.org> Message-ID: On Mon, Jan 27, 2014 at 4:10 PM, Jon Callas wrote: > My truest personal goal for Blackphone is read an Android hardening guide sometime in the future that will give a list of the things you should do to lock down your Android phone, and at the end it will say, "Or you could just buy a Blackphone." I want it to come out of the box the way that serious people like us on this list would want it. > It will also have a set of software and services that people like us would like to have, which is part of the hardening, in my opinion. How would this be any different than what the guardian (and other phone SW projects) are developing, other than shipment of a phone preloaded with your flavor of Android OS? (And perhaps also offering IMEI/SIM cell service?) As opposed to the user flashing Android-ROM-OS into any compatible phone and choosing their service. Thus, save that convenience, why? This question shouldn't imply such products aren't needed. Note some open phone HW projects are selling hardware to which you apply your droid SW rom. Though we're likely at least a handful of years away from seeing a genuinely 'open design' baseband HW layer in a phone, they are talking about approaching it. From matej.kovacic at owca.info Fri Jan 31 00:52:29 2014 From: matej.kovacic at owca.info (Matej Kovacic) Date: Fri, 31 Jan 2014 09:52:29 +0100 Subject: Fw: Jim Bell's Email crash In-Reply-To: <1391117081.22762.YahooMailNeo@web126204.mail.ne1.yahoo.com> References: <1391068981.93832.YahooMailNeo@web126205.mail.ne1.yahoo.com> <1391072079.73173.YahooMailNeo@web126205.mail.ne1.yahoo.com> <1391103891.57065.YahooMailNeo@web126206.mail.ne1.yahoo.com> <1391110481.3784.77371437.0FEEB11E@webmail.messagingengine.com> <1391117081.22762.YahooMailNeo@web126204.mail.ne1.yahoo.com> Message-ID: <52EB644D.7070703@owca.info> Hi, > I assume Yahoo DOES 'back up important data'. The problem here is > different: The Yahoo computer system probably (falsely) figured that > there was suspicious activity going on. (It probably saw my logon That is why you should use local mail client for reading e-mail and not webmail. You can also set that your local client stores a copy of your mail locally (for instance with POP3). With IMAP you can move e-mails from one provider to anothe easily. So in that case it is very easy to move from one mail provider to another. Then you can use a cloud and send your *encrypted copy* of local mail there. Ubuntu for instance offers 2Gb for free. And they also have a tool called Duplicity, which is able so make an encrypted backup - you just set it up and it works automatically. Regards, M. From jon at callas.org Fri Jan 31 13:13:10 2014 From: jon at callas.org (Jon Callas) Date: Fri, 31 Jan 2014 13:13:10 -0800 Subject: [Cryptography] The crypto behind the blackphone In-Reply-To: References: <2A1FFA4B-9768-48A7-8838-4AB6729CB8B5@callas.org> <7DFE3277-2ED4-492F-B5DF-F00F01A32B13@callas.org> Message-ID: <90C99BDF-BDA5-4D04-9C79-CF5AA2D91629@callas.org> > How would this be any different than what the guardian (and > other phone SW projects) are developing, other than shipment > of a phone preloaded with your flavor of Android OS? > (And perhaps also offering IMEI/SIM cell service?) > As opposed to the user flashing Android-ROM-OS into any > compatible phone and choosing their service. Thus, save that > convenience, why? We *are* using some of the Guardian Project's software. Also software that we're building for Blackphone will be available for other people to use on their own ROMs. And heck, you can go to Github, get the Silent Circle apps and put them on your own device. We're finally to the point that we've QA'ed people who aren't us building them and using them. (And if you can't, it's a bug.) Let me answer your question with a question. What's the difference between going to a restaurant as opposed to going to the grocery store and buying a bunch of ingredients and making the same meal? There are groups devoted to making food the way the Child or Keller might. You can't have a meal by Child because she's gone, but you could make a Keller meal as well as Keller's people can. Why go to the restaurant? Now to comment on that line of both our questions, we all have a set time in this existence and some people might like to write their own compilers so they can write their own software, just as some people grow their own food so they can make their own meals. But some people don't want to do that, and every single one of us trades off the things we want to do against things we're happy to pay other people to do. > > This question shouldn't imply such products aren't needed. > No offense taken. I may be a smartass, but I like tough questions. > Note some open phone HW projects are selling hardware > to which you apply your droid SW rom. Though we're likely > at least a handful of years away from seeing a genuinely > 'open design' baseband HW layer in a phone, they are > talking about approaching it. If/when they do, I'd love to see it. I don't have time to make an open, secure baseband, but want to include one. The world needs one. Maybe we can arrange some sort of trade. Jon From guido at witmond.nl Fri Jan 31 05:33:27 2014 From: guido at witmond.nl (Guido Witmond) Date: Fri, 31 Jan 2014 14:33:27 +0100 Subject: Solving the password problem was: Jim Bell's Email crash In-Reply-To: <1391127880.39275.YahooMailNeo@web126204.mail.ne1.yahoo.com> References: <1391068981.93832.YahooMailNeo@web126205.mail.ne1.yahoo.com> <1391072079.73173.YahooMailNeo@web126205.mail.ne1.yahoo.com> <1391103891.57065.YahooMailNeo@web126206.mail.ne1.yahoo.com> <1391109654.21886.YahooMailNeo@web126201.mail.ne1.yahoo.com> <52EADE13.7080206@nrk.com> <41D64507-0771-405E-80E4-2FDE1FF8CA87@isi.edu> <1391127880.39275.YahooMailNeo@web126204.mail.ne1.yahoo.com> Message-ID: <52EBA627.3090705@witmond.nl> On 01/31/14 01:24, jim bell wrote: > 'Somebody' needs to solve the 'password problem'. > Maybe this is already a well-discussed matter, and I understand that a > partial solution includes the use of fingerprint readers, rings, and > possibly retina-scans. Plugging my ideas on client certificates once more: I've come up with a way how to get away from passwords into the realm of pseudonymous client certificates. It uses the centralised DNSSEC structure to create decentralised, zooko-squared names. Each site signs the client certificates for it's own visitors. People will acquire as many certificates as people have passwords nowadays. Each certificate is an independent identity. A user agent takes care of all these identities and the cryptography involved. Other benefits: the user agents prevent MitM attacks, making the spoiled-onions Tor problem a thing of the past. The subversive part is that no site can prevent any two members from communicating directly. Imagine two people using their faceboogle-signed client-certificates to authenticate each other with OTR over XMPP using PFS. With DNSSEC, it can be implemented right now. The DNSSEC part might be replaced with a Namecoin or other central naming system when the need arises. I thought cypherpunks might appreciate a design like that, but I could be mistaken. Regards, Guido Witmond. See: http://eccentric-authentication.org. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 897 bytes Desc: OpenPGP digital signature URL: