From coderman at gmail.com  Wed Oct  1 04:28:02 2014
From: coderman at gmail.com (coderman)
Date: Wed, 1 Oct 2014 04:28:02 -0700
Subject: BitNation
In-Reply-To: <20141001104556.GP10467@leitl.org>
References: <20141001104556.GP10467@leitl.org>
Message-ID: <CAJVRA1QJ+m-Vh_T1i+3SBozQ6VgVDw+Lprmy_cVDb=YqDyQZ0Q@mail.gmail.com>

On 10/1/14, Eugen Leitl <eugen at leitl.org> wrote:
> ...
> BITNATION offers a full range of services traditionally done by
> governments.
> We provide a cryptographically secure ID system, blockchain based dispute
> resolution, marriage and divorce, land registry, education, insurance,
> security, diplomacy, and more through a fully distributed platform.


tried to find where i could order some diplomatic immunity, alas...




From coderman at gmail.com  Wed Oct  1 07:04:19 2014
From: coderman at gmail.com (coderman)
Date: Wed, 1 Oct 2014 07:04:19 -0700
Subject: Mu [was: How worse is the Shellshock bash bug than Heartbleed?]
In-Reply-To: <20141001134157.GA2294@sivokote.iziade.m$>
References: <CAJVRA1Q1CVpS-QoWvV7QtN7OqPBa_ZdeJ4yGC=RRHN3DyM4E-g@mail.gmail.com>
 <20141001134157.GA2294@sivokote.iziade.m$>
Message-ID: <CAJVRA1QqeRKPqNdG4eNr3QmmmmCf98+uKUyBVxkfOp4tFWdngw@mail.gmail.com>

On 10/1/14, Georgi Guninski <guninski at guninski.com> wrote:
> ...
> Suspect this is just the top of the shellshock iceberg:
> http://www.theregister.co.uk/2014/09/30/openvpn_open_to_shellshock_researcher/
> OpenVPN open to pre-auth (in certain configurations).

if you are using any of the up, down, ipchange, route-up, tls-verify,
auth-user-pass-verify,  client-connect, client-disconnect, or
learn-address scripts with openvpn you are not operating in a security
conscious manner.

to reiterate, in case anyone missed it: exposing a shell to untrusted
inputs is insanity. this is true even if you manage to make your
environment variable sanitization apparently robust.


> Btw, people scared by HB probably will get close to clinically
> paranoid if the next HB allows "write anywhere" ;) { :; } ;)

part of my intent was to convey that heartbleed easily leads to
arbitrary exec; even if not directly so ala shellshock.

so agree to disagree indeed; thus far heartbleed has medical pwnage
and altcoin pilferage to credit, while shellshock is a farce of
consumer crap and sloppy run yawn vulns; the mythical wide worm yet to
materialize...

due time will tell, of course!  :P


best regards,




From rysiek at hackerspace.pl  Wed Oct  1 01:42:45 2014
From: rysiek at hackerspace.pl (rysiek)
Date: Wed, 01 Oct 2014 10:42:45 +0200
Subject: Offering free firmware rootkits perhaps even badBIOS
In-Reply-To: <CAJVRA1RyOaG-aV-DwoHW+POCbiwtC=wo=-ONLpr9sNLPEp96Ow@mail.gmail.com>
References: <509a1f5376f144106d9159547efcfd37@openmailbox.org>
 <CAJVRA1RyOaG-aV-DwoHW+POCbiwtC=wo=-ONLpr9sNLPEp96Ow@mail.gmail.com>
Message-ID: <2340667.2DqM6Oz7sK@lapuntu>

Dnia wtorek, 30 września 2014 21:06:46 coderman pisze:
> On 9/25/14, bluelotus at openmailbox.org <bluelotus at openmailbox.org> wrote:
> > Want firmware rootkits, probably more sophisticated than FinFisher's,
> > probably BadBiOS, emailed to you?
> 
> i think it is time to throw a malware party in a faraday hanger over a
> weekend bender...

We'd get wasted, and definitely hanger-over faraday or two... Bender, done 
that.

> all in favor?

Por favor.

-- 
Pozdr
rysiek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 411 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141001/7449df67/attachment.sig>

From hozer at hozed.org  Wed Oct  1 10:28:03 2014
From: hozer at hozed.org (Troy Benjegerdes)
Date: Wed, 1 Oct 2014 12:28:03 -0500
Subject: How worse is the shellshock bash bug than Heartbleed?
In-Reply-To: <CAHWD2rKQARd=9ucDORfsyqELFB3FiDafK_Wqah7rONXyuzPigA@mail.gmail.com>
References: <20140930092602.GA2855@sivokote.iziade.m$>
 <542A8661.7070904@gmail.com>
 <20140930112528.GB2855@sivokote.iziade.m$>
 <17223152.OU4snMSJSA@lapuntu>
 <20140930132603.GC2855@sivokote.iziade.m$>
 <CAHWD2rKQARd=9ucDORfsyqELFB3FiDafK_Wqah7rONXyuzPigA@mail.gmail.com>
Message-ID: <20141001172803.GN1755@nl.grid.coop>

On Tue, Sep 30, 2014 at 03:59:33PM +0200, Lodewijk andré de la porte wrote:
> On Sep 30, 2014 3:40 PM, "Georgi Guninski" <guninski at guninski.com> wrote:
> >
> > If I had a budget for buying sploits, I would
> > pay much more for shockshell than for HB, might be wrong.
> 
> This is a really good metric. It instantly combines utility with potential
> etc.

What the world needs is a 'proof-of-exploit' based cryptocurrency that
has a bidding period, and then a 'exclusive' period where the winning 
bidder gets the sploit, and then a disclosure period where the crypto 
key to decrypt the sploit becomes public.

Then we could tell how serious software vendors are by how many sploits
for their own stuff they are the highest bidders for. You might even 
have Lloyds offering sploit insurance.....

The only sound electronic money would then be the one that creates money
by sploiting other socially-engineerinable electronic money.




From eugen at leitl.org  Wed Oct  1 03:45:56 2014
From: eugen at leitl.org (Eugen Leitl)
Date: Wed, 1 Oct 2014 12:45:56 +0200
Subject: BitNation
Message-ID: <20141001104556.GP10467@leitl.org>


http://www.bitnation.co/

BITNATION IS A FULLY INCLUSIVE GOVERNANCE SYSTEM

BITNATION offers a full range of services traditionally done by governments.
We provide a cryptographically secure ID system, blockchain based dispute
resolution, marriage and divorce, land registry, education, insurance,
security, diplomacy, and more through a fully distributed platform.




From eugen at leitl.org  Wed Oct  1 04:31:32 2014
From: eugen at leitl.org (Eugen Leitl)
Date: Wed, 1 Oct 2014 13:31:32 +0200
Subject: BitNation
In-Reply-To: <CAJVRA1QJ+m-Vh_T1i+3SBozQ6VgVDw+Lprmy_cVDb=YqDyQZ0Q@mail.gmail.com>
References: <20141001104556.GP10467@leitl.org>
 <CAJVRA1QJ+m-Vh_T1i+3SBozQ6VgVDw+Lprmy_cVDb=YqDyQZ0Q@mail.gmail.com>
Message-ID: <20141001113132.GQ10467@leitl.org>

On Wed, Oct 01, 2014 at 04:28:02AM -0700, coderman wrote:
> On 10/1/14, Eugen Leitl <eugen at leitl.org> wrote:
> > ...
> > BITNATION offers a full range of services traditionally done by
> > governments.
> > We provide a cryptographically secure ID system, blockchain based dispute
> > resolution, marriage and divorce, land registry, education, insurance,
> > security, diplomacy, and more through a fully distributed platform.
> 
> 
> tried to find where i could order some diplomatic immunity, alas...

Once they got their own nukes that's surely to follow...




From coderman at gmail.com  Wed Oct  1 14:08:56 2014
From: coderman at gmail.com (coderman)
Date: Wed, 1 Oct 2014 14:08:56 -0700
Subject: Mu [was: How worse is the Shellshock bash bug than Heartbleed?]
In-Reply-To: <20141001150541.GB2294@sivokote.iziade.m$>
References: <CAJVRA1Q1CVpS-QoWvV7QtN7OqPBa_ZdeJ4yGC=RRHN3DyM4E-g@mail.gmail.com>
 <20141001134157.GA2294@sivokote.iziade.m$>
 <CAJVRA1QqeRKPqNdG4eNr3QmmmmCf98+uKUyBVxkfOp4tFWdngw@mail.gmail.com>
 <20141001150541.GB2294@sivokote.iziade.m$>
Message-ID: <CAJVRA1QJ=5v795KnyL1CGD384Ez7WRWKZAWAS6j74OLNcRrJAA@mail.gmail.com>

On 10/1/14, Georgi Guninski <guninski at guninski.com> wrote:
>> <codermange> rant'eth: ....
>> to reiterate, in case anyone missed it: exposing a shell to untrusted
>> inputs is insanity. this is true even if you manage to make your
>> environment variable sanitization apparently robust.
>>
>
> OK :) Tell this to djb, qmail local delivery was allegedly affected ;)


even the best of us are only human.  :/

reason #75,312 that email must die in a fire!
 (i'd also note there is no httpS://cr.yp.to/ ...)


best regards,




From coderman at gmail.com  Wed Oct  1 15:04:26 2014
From: coderman at gmail.com (coderman)
Date: Wed, 1 Oct 2014 15:04:26 -0700
Subject: Fwd: [tor-talk] Tor in the media - request for unsung positive
 narratives
Message-ID: <CAJVRA1RdL9NUuiJMz6U4M-9G7OcwAZABBNCV5Vban09-KHmNXQ@mail.gmail.com>

---------- Forwarded message ----------
From: Patrick <apexcp at gmail.com>
Subject: [tor-talk] Tor in the media

Hi everyone,

Over the past few weeks, I've talked with a number of Tor people about how
the project is portrayed in the media. As a reporter on this beat, the many
legitimate criticisms the community have had strike pretty close to home
for me. I don't think I need to tell this list why Tor's portrayal in the
media is important, now more than ever. So, with the blessing and
encouragement of a couple of official Tor people, I've got a question to
ask of tor-talk (secure contact info follows at the bottom of the message):

-- What untold but important stories about Tor are you willing to share?

When writing about Tor, it's relatively easy to write about, for instance,
popular hidden services (and I've admittedly done it plenty). The drug
markets that advertise themselves and run a business are often more than
willing to talk to reporters. They're even proactive about it.

It's much tougher for a reporter to nail down important Tor stories about,
as another example, domestic abuse victims using the software or political
activists protecting their lives with it. That makes perfect sense, those
people rely on anonymity in a much different way than enterprising drug
dealers, but this reality makes it trickier for reporters to tell the full
story when it comes to Tor. The trick, then, is to be proactive as well.

I recently took a swing at writing precisely the kind of article I'm
talking about--an untold but important story about how Tor is used in the
wild--here:
http://kernelmag.dailydot.com/issue-sections/features-issue-sections/10393/tor-transgender-military-service/
... I was inspired in large part by articles like this:
http://betaboston.com/news/2014/05/07/as-domestic-abuse-goes-digital-shelters-turn-to-counter-surveillance-with-tor/.
The BetaBoston article is very good, obviously, but it's a too-rare breed.

I'd like to hear from anyone who might be willing to talk about (on the
record or off) untold but important Tor stories that can shed light on the
way the software serves its users. By design, I'll never get the full
picture, but we can surely do more than surface scratching.

If you have a story to tell, if you know someone who might, if you can
think of others who I should be talking to, or if you have a good direction
to point me in, I would love to hear from you. Or if you just want to talk
more about Tor in the media, that's a topic I'm really interested in as
well to be honest, so I'm happy to talk about that.

If you're interested in talking (again, on the record or off, it's still
valuable to hear stories I won't write about), you can find my contact info
and PGP key at http://www.patrickhowelloneill.com/contact , you can email
me here (my personal email), or at pat at dailydot.com. Obviously we can also
work out other ways of communicating if need be.

Thanks!




From guninski at guninski.com  Wed Oct  1 06:41:57 2014
From: guninski at guninski.com (Georgi Guninski)
Date: Wed, 1 Oct 2014 16:41:57 +0300
Subject: Mu [was: How worse is the Shellshock bash bug than Heartbleed?]
In-Reply-To: <CAJVRA1Q1CVpS-QoWvV7QtN7OqPBa_ZdeJ4yGC=RRHN3DyM4E-g@mail.gmail.com>
References: <CAJVRA1Q1CVpS-QoWvV7QtN7OqPBa_ZdeJ4yGC=RRHN3DyM4E-g@mail.gmail.com>
Message-ID: <20141001134157.GA2294@sivokote.iziade.m$>

On Tue, Sep 30, 2014 at 07:40:34PM -0700, coderman wrote:
> On 9/30/14, Georgi Guninski <guninski at guninski.com> wrote:
> > ...
> > I find this _much_ worse than the passive Heartbleed.
> >
> > How worse is the shellshock bash bug than Heartbleed?
> 
> 
> a simplistic "shellshock worse than heartbleed" is
> mis-characterization of the situation.
> 
> first, this presents a vulnerability without context, by itself. in
> the real world, we care about vulnerability with respect to
> exploitation. usually many vulnerabilities are leveraged together in
> exploitation of notoriety.
> 
> in the sense of best practice and conservative security posture,
> heartbleed could be worse by far. a strongly keyed, defense in depth
> surreptitiously bypassed via bleeding. e.g. bleed UDP DTLS VPN to
> access internal network, bleed intranet HTTPS for admin credentials to
> critical infrastructure services.
> 
> the ability to send things to a bash shell, even restricted shell,
> even constrained behind  application layers, was always seen as bad
> practice for security conscious configurations - insiders get shell,
> not untrusted inputs.
> 
> last but not least, this is all bullshit speculation; risk is a
> perspective and shellshock or heartbleed is better or worse depending
> on what you're looking at.
> 
> best regards,
> 
> 
> P.S. #langsec asked how long you earth humans will be exchanging risky
> bits with strangers.  i channeled djb and bet on "Forever!". [c.f.
> http://cr.yp.to/talks/2014.07.10/slides-djb-20140710-a4.pdf "Making
> sure software stays insecure"]

Might be wrong, but continue to disagree :)

Suspect this is just the top of the shellshock iceberg:
http://www.theregister.co.uk/2014/09/30/openvpn_open_to_shellshock_researcher/
OpenVPN open to pre-auth (in certain configurations).

Btw, people scared by HB probably will get close to clinically 
paranoid if the next HB allows "write anywhere" ;) { :; } ;)





From rich at openwatch.net  Wed Oct  1 17:18:10 2014
From: rich at openwatch.net (Rich Jones)
Date: Wed, 1 Oct 2014 17:18:10 -0700
Subject: Radical-safest TLDs in 2007
In-Reply-To: <542C8622.8040105@riseup.net>
References: <542967F0.4080207@riseup.net> <3183273.Nb3x7fijBc@lapuntu>
 <542C8622.8040105@riseup.net>
Message-ID: <CADJYzxLJZo9eDM=BSoWF_0cxSofFvu9z1xCCxBmM=r2UnEf1+w@mail.gmail.com>

I wrote this in 2012:
https://gun.io/blog/secure-your-domain-where-is-safe-to-register-a-domain-name/

Maybe not quite what you're after, but perhaps it could give you something
to work with.

R

On Wed, Oct 1, 2014 at 3:54 PM, Douglas Lucas <dal at riseup.net> wrote:

> On 10/01/2014 01:57 PM, rysiek wrote:
> > Dnia poniedziałek, 29 września 2014 09:08:48 Douglas Lucas pisze:
> >> I have a historical question. In 2007, anywhere from January to
> >> September, what TLDs were regarded as the most pirate-friendly or
> >> journalism-friendly or safest from takedowns of whatever stripe, e.g.
> >> the sort of DHS DMCA takedowns we have now, etc.?
> >
> > Might I enquire what could possibly the reason to ask such a question?
> >
>
> I am writing a short story. There is a scene set in 2007, roughly
> October. Two characters disagree on what TLD to get to provide material
> to others. One wants a .com to sell the stuff. The other wants the most
> non-capitalist, pro-freedom TLD possible. The difference characterizes
> the two individuals.
>
> For credibility: I attended @ClarionWest Writers Workshop in 2008, which
> is for writers of science fiction and fantasy. (To verify: The Workshop
> follows me, @DouglasLucas, on Twitter, and I wrote a series of blog
> posts about my six weeks there
> http://www.douglaslucas.com/blog/tag/clarion-west-2008/ I'm including
> more and more cyberpunk/cypherpunk elements in my fiction. Probably
> because my life has been altered over the course of getting more into
> FLOSS and writing journalism pieces as part of an investigative
> partnership with WikiLeaks, as you can see here:
> http://douglaslucas.com/nonfiction
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2381 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141001/b3ae96ef/attachment.txt>

From dal at riseup.net  Wed Oct  1 15:54:26 2014
From: dal at riseup.net (Douglas Lucas)
Date: Wed, 01 Oct 2014 17:54:26 -0500
Subject: Radical-safest TLDs in 2007
In-Reply-To: <3183273.Nb3x7fijBc@lapuntu>
References: <542967F0.4080207@riseup.net> <3183273.Nb3x7fijBc@lapuntu>
Message-ID: <542C8622.8040105@riseup.net>

On 10/01/2014 01:57 PM, rysiek wrote:
> Dnia poniedziałek, 29 września 2014 09:08:48 Douglas Lucas pisze:
>> I have a historical question. In 2007, anywhere from January to
>> September, what TLDs were regarded as the most pirate-friendly or
>> journalism-friendly or safest from takedowns of whatever stripe, e.g.
>> the sort of DHS DMCA takedowns we have now, etc.?
> 
> Might I enquire what could possibly the reason to ask such a question?
> 

I am writing a short story. There is a scene set in 2007, roughly
October. Two characters disagree on what TLD to get to provide material
to others. One wants a .com to sell the stuff. The other wants the most
non-capitalist, pro-freedom TLD possible. The difference characterizes
the two individuals.

For credibility: I attended @ClarionWest Writers Workshop in 2008, which
is for writers of science fiction and fantasy. (To verify: The Workshop
follows me, @DouglasLucas, on Twitter, and I wrote a series of blog
posts about my six weeks there
http://www.douglaslucas.com/blog/tag/clarion-west-2008/ I'm including
more and more cyberpunk/cypherpunk elements in my fiction. Probably
because my life has been altered over the course of getting more into
FLOSS and writing journalism pieces as part of an investigative
partnership with WikiLeaks, as you can see here:
http://douglaslucas.com/nonfiction




From guninski at guninski.com  Wed Oct  1 08:05:41 2014
From: guninski at guninski.com (Georgi Guninski)
Date: Wed, 1 Oct 2014 18:05:41 +0300
Subject: Mu [was: How worse is the Shellshock bash bug than Heartbleed?]
In-Reply-To: <CAJVRA1QqeRKPqNdG4eNr3QmmmmCf98+uKUyBVxkfOp4tFWdngw@mail.gmail.com>
References: <CAJVRA1Q1CVpS-QoWvV7QtN7OqPBa_ZdeJ4yGC=RRHN3DyM4E-g@mail.gmail.com>
 <20141001134157.GA2294@sivokote.iziade.m$>
 <CAJVRA1QqeRKPqNdG4eNr3QmmmmCf98+uKUyBVxkfOp4tFWdngw@mail.gmail.com>
Message-ID: <20141001150541.GB2294@sivokote.iziade.m$>

On Wed, Oct 01, 2014 at 07:04:19AM -0700, coderman wrote:
> On 10/1/14, Georgi Guninski <guninski at guninski.com> wrote:
> > ...
> > Suspect this is just the top of the shellshock iceberg:
> > http://www.theregister.co.uk/2014/09/30/openvpn_open_to_shellshock_researcher/
> > OpenVPN open to pre-auth (in certain configurations).
> 
> if you are using any of the up, down, ipchange, route-up, tls-verify,
> auth-user-pass-verify,  client-connect, client-disconnect, or
> learn-address scripts with openvpn you are not operating in a security
> conscious manner.
> 
> to reiterate, in case anyone missed it: exposing a shell to untrusted
> inputs is insanity. this is true even if you manage to make your
> environment variable sanitization apparently robust.
> 
> 

OK :) Tell this to djb, qmail local delivery was allegedly affected ;)

Cheers


> > Btw, people scared by HB probably will get close to clinically
> > paranoid if the next HB allows "write anywhere" ;) { :; } ;)
> 
> part of my intent was to convey that heartbleed easily leads to
> arbitrary exec; even if not directly so ala shellshock.
> 
> so agree to disagree indeed; thus far heartbleed has medical pwnage
> and altcoin pilferage to credit, while shellshock is a farce of
> consumer crap and sloppy run yawn vulns; the mythical wide worm yet to
> materialize...
> 
> due time will tell, of course!  :P
> 
> 
> best regards,




From rysiek at hackerspace.pl  Wed Oct  1 11:57:35 2014
From: rysiek at hackerspace.pl (rysiek)
Date: Wed, 01 Oct 2014 20:57:35 +0200
Subject: Radical-safest TLDs in 2007
In-Reply-To: <542967F0.4080207@riseup.net>
References: <542967F0.4080207@riseup.net>
Message-ID: <3183273.Nb3x7fijBc@lapuntu>

Dnia poniedziałek, 29 września 2014 09:08:48 Douglas Lucas pisze:
> I have a historical question. In 2007, anywhere from January to
> September, what TLDs were regarded as the most pirate-friendly or
> journalism-friendly or safest from takedowns of whatever stripe, e.g.
> the sort of DHS DMCA takedowns we have now, etc.?

Might I enquire what could possibly the reason to ask such a question?

-- 
Pozdr
rysiek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 411 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141001/18b85084/attachment.sig>

From rysiek at hackerspace.pl  Wed Oct  1 12:01:16 2014
From: rysiek at hackerspace.pl (rysiek)
Date: Wed, 01 Oct 2014 21:01:16 +0200
Subject: Email encryption for the wider public
In-Reply-To: <541C16E5.4080502@cathalgarvey.me>
References: <CABU-GB37qpwUuTtK15VmykzuR4_-AVQvSFUYXO=W8VC3J2hEFA@mail.gmail.com>
 <CABU-GB1p8dPE0Pq1cCGixantmHvvVqgg6igWxnM9sUiqx4LC9Q@mail.gmail.com>
 <541C16E5.4080502@cathalgarvey.me>
Message-ID: <1594763.GPpBxCuGBA@lapuntu>

Dnia piątek, 19 września 2014 12:43:33 Cathal Garvey pisze:
> > Regarding the memorability issue, all I can say is that end-to-end
> > encryption really does require sharing 100+ bit keys - it's essential!
> > You may be able to memorise your email address at the moment, but
> > that's only half the story, since you can't memorise your public key!
> 
> But you can memorise a passphrase and email address, and generate your
> public key on the fly using key generation algorithms like the one used
> in miniLock/deadLock. This deterministic key approach has its
> disadvantages, but it addresses two key issues with PGP:
> (words)

These are some fine points, I feel my brain has been scratched, in a good way. 
Thanks!

-- 
Pozdr
rysiek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 411 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141001/744e1331/attachment.sig>

From l at odewijk.nl  Wed Oct  1 13:13:38 2014
From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=)
Date: Wed, 1 Oct 2014 22:13:38 +0200
Subject: BitNation
In-Reply-To: <20141001113132.GQ10467@leitl.org>
References: <20141001104556.GP10467@leitl.org>
 <CAJVRA1QJ+m-Vh_T1i+3SBozQ6VgVDw+Lprmy_cVDb=YqDyQZ0Q@mail.gmail.com>
 <20141001113132.GQ10467@leitl.org>
Message-ID: <CAHWD2rKkRuEC83A2XwrHtK+fHxqagVqyhDdhNHnX6Zp_8PUL6w@mail.gmail.com>

A threat that strong will not be used, so it's ineffective against small
offenses.

Other than that: bad idea. It's too confused. Too many techpieces to form a
whole without real use.

But as an idea it's really cool.
On Oct 1, 2014 1:45 PM, "Eugen Leitl" <eugen at leitl.org> wrote:

> On Wed, Oct 01, 2014 at 04:28:02AM -0700, coderman wrote:
> > On 10/1/14, Eugen Leitl <eugen at leitl.org> wrote:
> > > ...
> > > BITNATION offers a full range of services traditionally done by
> > > governments.
> > > We provide a cryptographically secure ID system, blockchain based
> dispute
> > > resolution, marriage and divorce, land registry, education, insurance,
> > > security, diplomacy, and more through a fully distributed platform.
> >
> >
> > tried to find where i could order some diplomatic immunity, alas...
>
> Once they got their own nukes that's surely to follow...
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1270 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141001/1fd03d45/attachment.txt>

From grarpamp at gmail.com  Wed Oct  1 23:10:47 2014
From: grarpamp at gmail.com (grarpamp)
Date: Thu, 2 Oct 2014 02:10:47 -0400
Subject: [Cryptography] "Spy Agencies Urge Caution on Phone Deal"
In-Reply-To: <CAD2Ti28o9XWtb04k8CaArVGKWJg8NAqOsHWxCM6PT3E4LcvhDg@mail.gmail.com>
References: <31C18954-119C-4845-A747-DF1BC684F50F@lrw.com>
 <CAD2Ti28o9XWtb04k8CaArVGKWJg8NAqOsHWxCM6PT3E4LcvhDg@mail.gmail.com>
Message-ID: <CAD2Ti2_aWTpN0kc_H70Vynm=UTdyrq-HntzHMA=zHBVX0RekDA@mail.gmail.com>

Relevant, at Cryptome:

Review of Sec requirements for LNPA's...
http://cryptome.org/2014/09/neustar-chertoff-techdirt-14-0930.pdf

Also note Neustar spawned from Lockheed.

> Date: Mon, Sep 29, 2014 at 11:51 PM
> Subject: [Cryptography] "Spy Agencies Urge Caution on Phone Deal"
> To: Cryptography <cryptography at metzdowd.com>
>
> Not directly crypto-related, but an example of the tangle of
> relationships that drive surveillance:
> ...
> network/database - oddly never named in the article - that "rout[es]
> millions of phone calls and text messages in the United States".
> ...
> A small Virginia company named Neustar created the system and has
> managed it ever since.  Recently, the major carriers recommended to
> the FCC that Neustar be replaced by Telcordia, an American subsidiary
> of Ericsson, which allegedly can do the job more cheaply.  The
> "intelligence community" has been pushed to leave the job in Neustar's
> ...
> Neustar, obviously no stranger to the Washington inside game, has
> hired good ol' Michael Chertoff to represent them.
> ...
> The bullshit and inside baseball and lobbying here runs so deep you
> can't see bottom.  And underneath it all, another piece of the vast
> tapping network we've built in the US in the last 12 or so years is
> revealed, just a little bit.




From grarpamp at gmail.com  Wed Oct  1 23:54:59 2014
From: grarpamp at gmail.com (grarpamp)
Date: Thu, 2 Oct 2014 02:54:59 -0400
Subject: Radical-safest TLDs in 2007
In-Reply-To: <CADJYzxLJZo9eDM=BSoWF_0cxSofFvu9z1xCCxBmM=r2UnEf1+w@mail.gmail.com>
References: <542967F0.4080207@riseup.net> <3183273.Nb3x7fijBc@lapuntu>
 <542C8622.8040105@riseup.net>
 <CADJYzxLJZo9eDM=BSoWF_0cxSofFvu9z1xCCxBmM=r2UnEf1+w@mail.gmail.com>
Message-ID: <CAD2Ti28v-WXcdQ5aF=x7LTBM+3YxTzoiW7nvZn94wJrK+8+-hA@mail.gmail.com>

On Wed, Oct 1, 2014 at 8:18 PM, Rich Jones <rich at openwatch.net> wrote:
> I wrote this in 2012:
> https://gun.io/blog/secure-your-domain-where-is-safe-to-register-a-domain-name/
>
> Maybe not quite what you're after, but perhaps it could give you something
> to work with.

Don't forget some of the warez and other scenesters favorites
like .cc, .to, .ws, etc. And dyn dns and nntp services too.

And similar to following piratebay, there are places like parazite,
erowid, anarchy and other type sites that have had variously
stable homes and stories for over a decade.

The next decade will probably be all about .onion, .i2p and
similar things, paid for where needed with bitcoin.




From juan.g71 at gmail.com  Wed Oct  1 23:10:49 2014
From: juan.g71 at gmail.com (Juan)
Date: Thu, 2 Oct 2014 03:10:49 -0300
Subject: Radical-safest TLDs in 2007
In-Reply-To: <CADJYzxLJZo9eDM=BSoWF_0cxSofFvu9z1xCCxBmM=r2UnEf1+w@mail.gmail.com>
References: <542967F0.4080207@riseup.net> <3183273.Nb3x7fijBc@lapuntu>
 <542C8622.8040105@riseup.net>
 <CADJYzxLJZo9eDM=BSoWF_0cxSofFvu9z1xCCxBmM=r2UnEf1+w@mail.gmail.com>
Message-ID: <542cec7d.0f5b8c0a.82e0.1ede@mx.google.com>

On Wed, 1 Oct 2014 17:18:10 -0700
Rich Jones <rich at openwatch.net> wrote:

> I wrote this in 2012:
> https://gun.io/blog/secure-your-domain-where-is-safe-to-register-a-domain-name/

	sweden? they are puppets of the americunt nazis



> 
> Maybe not quite what you're after, but perhaps it could give you
> something to work with.
> 
> R
> 
> On Wed, Oct 1, 2014 at 3:54 PM, Douglas Lucas <dal at riseup.net> wrote:
> 
> > On 10/01/2014 01:57 PM, rysiek wrote:
> > > Dnia poniedziałek, 29 września 2014 09:08:48 Douglas Lucas pisze:
> > >> I have a historical question. In 2007, anywhere from January to
> > >> September, what TLDs were regarded as the most pirate-friendly or
> > >> journalism-friendly or safest from takedowns of whatever stripe,
> > >> e.g. the sort of DHS DMCA takedowns we have now, etc.?
> > >
> > > Might I enquire what could possibly the reason to ask such a
> > > question?
> > >
> >
> > I am writing a short story. There is a scene set in 2007, roughly
> > October. Two characters disagree on what TLD to get to provide
> > material to others. One wants a .com to sell the stuff. The other
> > wants the most non-capitalist, pro-freedom TLD possible. The
> > difference characterizes the two individuals.
> >
> > For credibility: I attended @ClarionWest Writers Workshop in 2008,
> > which is for writers of science fiction and fantasy. (To verify:
> > The Workshop follows me, @DouglasLucas, on Twitter, and I wrote a
> > series of blog posts about my six weeks there
> > http://www.douglaslucas.com/blog/tag/clarion-west-2008/ I'm
> > including more and more cyberpunk/cypherpunk elements in my
> > fiction. Probably because my life has been altered over the course
> > of getting more into FLOSS and writing journalism pieces as part of
> > an investigative partnership with WikiLeaks, as you can see here:
> > http://douglaslucas.com/nonfiction
> >





From jya at pipeline.com  Thu Oct  2 04:37:49 2014
From: jya at pipeline.com (John Young)
Date: Thu, 02 Oct 2014 07:37:49 -0400
Subject: Retired NSA Technical Director Explains Snowden Docs
Message-ID: <E1XZehl-0004DZ-CX@elasmtp-junco.atl.sa.earthlink.net>

Retired NSA Technical Director Explains Snowden Docs

http://www.alexaobrien.com/secondsight/wb/binney.html

Best account yet of the Snowden releases by a technically
capable person. Eventually, perhaps, the other 96% will receive
similar public disclosure to fully inform beyond opportunistic
journalism.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 453 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141002/278be0dd/attachment.txt>

From cathalgarvey at cathalgarvey.me  Thu Oct  2 00:14:47 2014
From: cathalgarvey at cathalgarvey.me (Cathal Garvey)
Date: Thu, 02 Oct 2014 08:14:47 +0100
Subject: Fwd: [tor-talk] Tor in the media - request for unsung positive
 narratives
In-Reply-To: <CAJVRA1RdL9NUuiJMz6U4M-9G7OcwAZABBNCV5Vban09-KHmNXQ@mail.gmail.com>
References: <CAJVRA1RdL9NUuiJMz6U4M-9G7OcwAZABBNCV5Vban09-KHmNXQ@mail.gmail.com>
Message-ID: <542CFB67.6030001@cathalgarvey.me>

I don't mind saying publicly that I use Tor to access websites censored
in Ireland; The Pirate Bay, chiefly. I upload some of my own work (3D
printable models, most recently) and I also find and download Free
Culture stuff from well seeded torrents.

Certainly, it's a trivial use of Tor, and I use it for other stuff too.
But it's easily forgettable that one of Tor's primary uses is
circumventing censorship, and censorship is alive and well in Ireland
thanks to former junior minister Sean Sherlock's "Irish SOPA".

It's important not to forget i2p when discussing darknets, and I see
many more positive uses of i2p than Tor hidden services; straightforward
social networks, search engines, etcetera. The developers curate a
simple list of "positive" eepsites for the preinstalled router, so it's
got a good community spirit. I've used it for email, microstatus and a
few other things besides, and there's a lot more diversity of hidden
services by other users because of the ease of setting hidden services
up (indeed, every user has one preconfigured by default).

On 01/10/14 23:04, coderman wrote:
> ---------- Forwarded message ----------
> From: Patrick <apexcp at gmail.com>
> Subject: [tor-talk] Tor in the media
> 
> Hi everyone,
> 
> Over the past few weeks, I've talked with a number of Tor people about how
> the project is portrayed in the media. As a reporter on this beat, the many
> legitimate criticisms the community have had strike pretty close to home
> for me. I don't think I need to tell this list why Tor's portrayal in the
> media is important, now more than ever. So, with the blessing and
> encouragement of a couple of official Tor people, I've got a question to
> ask of tor-talk (secure contact info follows at the bottom of the message):
> 
> -- What untold but important stories about Tor are you willing to share?
> 
> When writing about Tor, it's relatively easy to write about, for instance,
> popular hidden services (and I've admittedly done it plenty). The drug
> markets that advertise themselves and run a business are often more than
> willing to talk to reporters. They're even proactive about it.
> 
> It's much tougher for a reporter to nail down important Tor stories about,
> as another example, domestic abuse victims using the software or political
> activists protecting their lives with it. That makes perfect sense, those
> people rely on anonymity in a much different way than enterprising drug
> dealers, but this reality makes it trickier for reporters to tell the full
> story when it comes to Tor. The trick, then, is to be proactive as well.
> 
> I recently took a swing at writing precisely the kind of article I'm
> talking about--an untold but important story about how Tor is used in the
> wild--here:
> http://kernelmag.dailydot.com/issue-sections/features-issue-sections/10393/tor-transgender-military-service/
> ... I was inspired in large part by articles like this:
> http://betaboston.com/news/2014/05/07/as-domestic-abuse-goes-digital-shelters-turn-to-counter-surveillance-with-tor/.
> The BetaBoston article is very good, obviously, but it's a too-rare breed.
> 
> I'd like to hear from anyone who might be willing to talk about (on the
> record or off) untold but important Tor stories that can shed light on the
> way the software serves its users. By design, I'll never get the full
> picture, but we can surely do more than surface scratching.
> 
> If you have a story to tell, if you know someone who might, if you can
> think of others who I should be talking to, or if you have a good direction
> to point me in, I would love to hear from you. Or if you just want to talk
> more about Tor in the media, that's a topic I'm really interested in as
> well to be honest, so I'm happy to talk about that.
> 
> If you're interested in talking (again, on the record or off, it's still
> valuable to hear stories I won't write about), you can find my contact info
> and PGP key at http://www.patrickhowelloneill.com/contact , you can email
> me here (my personal email), or at pat at dailydot.com. Obviously we can also
> work out other ways of communicating if need be.
> 
> Thanks!
> 

-- 
Twitter: @onetruecathal, @formabiolabs
Phone: +353876363185
Blog: http://indiebiotech.com
miniLock.io: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x988B9099.asc
Type: application/pgp-keys
Size: 6176 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141002/1cbdda8e/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141002/1cbdda8e/attachment.sig>

From coderman at gmail.com  Thu Oct  2 12:24:17 2014
From: coderman at gmail.com (coderman)
Date: Thu, 2 Oct 2014 12:24:17 -0700
Subject: [OT] Can a combinatorial hardware circuit solve a crypto problem?
In-Reply-To: <20141002114212.GA2504@sivokote.iziade.m$>
References: <20141002114212.GA2504@sivokote.iziade.m$>
Message-ID: <CAJVRA1TX+sFx0kVrN2NrCwVB_dq=vGzQZ97trLNOUh_EimmDgw@mail.gmail.com>

On 10/2/14, Georgi Guninski <guninski at guninski.com> wrote:
> DISCLAIMER: I am noob at electronics, this is crazy or
> at best a fishing expedition...
> ...
> If you are lucky to hit stable state, you have solved
> $f(x)=x$.

what you are describing in a round about way is an adiabatic
representation of brute force. the jury is out, and certainly not with
existing fabrication, but potentially 2^64 cost for a 128 bit key.
this is why TOP SECRET demands 256 bit keys. (also Grover's algorithm,
among other reasons?)

"the literature" should be enlightening, given these terms to key on.


best regards,




From coderman at gmail.com  Thu Oct  2 12:29:52 2014
From: coderman at gmail.com (coderman)
Date: Thu, 2 Oct 2014 12:29:52 -0700
Subject: Radical-safest TLDs in 2007
In-Reply-To: <542967F0.4080207@riseup.net>
References: <542967F0.4080207@riseup.net>
Message-ID: <CAJVRA1QRir0CyCsVvsSY1FPOvgfVuy7MffmOpO9H5SV-PjVxKg@mail.gmail.com>

On 9/29/14, Douglas Lucas <dal at riseup.net> wrote:
> I have a historical question. In 2007, anywhere from January to
> September, what TLDs were regarded as the most pirate-friendly or
> journalism-friendly or safest from takedowns of whatever stripe, e.g.
> the sort of DHS DMCA takedowns we have now, etc.?

.onion

still true, too.


best regards,




From rysiek at hackerspace.pl  Thu Oct  2 04:06:13 2014
From: rysiek at hackerspace.pl (rysiek)
Date: Thu, 02 Oct 2014 13:06:13 +0200
Subject: Radical-safest TLDs in 2007
In-Reply-To: <542C8622.8040105@riseup.net>
References: <542967F0.4080207@riseup.net> <3183273.Nb3x7fijBc@lapuntu>
 <542C8622.8040105@riseup.net>
Message-ID: <17437477.MMlRoQW4tf@lapuntu>

Dnia środa, 1 października 2014 17:54:26 Douglas Lucas pisze:
> On 10/01/2014 01:57 PM, rysiek wrote:
> > Dnia poniedziałek, 29 września 2014 09:08:48 Douglas Lucas pisze:
> >> I have a historical question. In 2007, anywhere from January to
> >> September, what TLDs were regarded as the most pirate-friendly or
> >> journalism-friendly or safest from takedowns of whatever stripe, e.g.
> >> the sort of DHS DMCA takedowns we have now, etc.?
> > 
> > Might I enquire what could possibly the reason to ask such a question?
> 
> I am writing a short story. There is a scene set in 2007, roughly
> October. Two characters disagree on what TLD to get to provide material
> to others. One wants a .com to sell the stuff. The other wants the most
> non-capitalist, pro-freedom TLD possible. The difference characterizes
> the two individuals.

Cool! Thanks, would love to read your story! :)

But maybe, as garpgarp pointed out already, the more freedom-loving individual 
could remark on how any domain is a liability and they should at least have an 
alternative in the form of an .onion address. Just a thought.

-- 
Pozdr
rysiek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 411 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141002/1d7a4930/attachment.sig>

From guninski at guninski.com  Thu Oct  2 04:42:12 2014
From: guninski at guninski.com (Georgi Guninski)
Date: Thu, 2 Oct 2014 14:42:12 +0300
Subject: [OT] Can a combinatorial hardware circuit solve a crypto problem?
Message-ID: <20141002114212.GA2504@sivokote.iziade.m$>

DISCLAIMER: I am noob at electronics, this is crazy or
at best a fishing expedition...

Let $f$ be some hash function, say md5. Restrict the size of input
to be equal to the output (128 bits for md5).

Cryptographer told be it is open problem if there is
solution to $f(x)=x$ (treated as sequence of bits).

Implement $f$ as pure combinatorial circuit (NO CLOCK),
with 128 $i_k$ inputs and 128 outputs $o_k$.

For all $j$, connect $i_j$ with $o_j$ so the circuit
doesn't have neither inputs nor inputs (basically
loop the circuit $f$).

Power on.

Measure (possibly with oscilloscope) $i_j=o_j$.

If you are lucky to hit stable state, you have solved
$f(x)=x$.

In an unstable stable (no solution), maybe one will measure very
high frequency.

Probably this is well studied, though an
engineer couldn't find reference for the general case.

1. Are there references for this?

2. If it fails why will it fail?

3. If a solution exists is it known for how long it
will be found?

4. If the question is not entirely insane, is there better
forum?

---

Partial experimental results:

It wasn't easy, but me convinced an engineer to test it
on bare metal.

Take $n$ inverters (logical negation) and loop them
in a cycle (basically this corresponds to the cycle
graph $C_n$).

There are no input and no outputs.

For even $n$ the circuit has exactly 2 stable
states.

For odd $n$, there is no stable state since
the boolean formula is unsatisfiable.

The engineer worked with NAND gates on a stand.

Experimentally, for $n=4$, the engineer reached
stable state.  Depending on which NAND gates he chose,
the stable state differed.

For $n=3$ there was no stable state.
The voltage was in the middle between logical 0-1,
possibly with high frequency which his oscilloscope
couldn't measure.

The engineer told me these circuits don't make
sense in electronics. (So what?).

I wouldn't trust a software simulation for this,
might be wrong.

The experiments were too simple, so it is
possible electric current to solve easy problems
and not solve hard problems.





From juan.g71 at gmail.com  Thu Oct  2 17:53:37 2014
From: juan.g71 at gmail.com (Juan)
Date: Thu, 2 Oct 2014 21:53:37 -0300
Subject: Retired NSA Technical Director Explains Snowden Docs
In-Reply-To: <E1XZehl-0004DZ-CX@elasmtp-junco.atl.sa.earthlink.net>
References: <E1XZehl-0004DZ-CX@elasmtp-junco.atl.sa.earthlink.net>
Message-ID: <542df375.a5658c0a.0703.111f@mx.google.com>

On Thu, 02 Oct 2014 07:37:49 -0400
John Young <jya at pipeline.com> wrote:

> Retired NSA Technical Director Explains Snowden Docs
> 
> http://www.alexaobrien.com/secondsight/wb/binney.html
> 
>

" I would never be doing the United States, okay? That's what they're
doing here. Only thing I would do is-- I would be looking only at
foreign threats basically, which would mean I'd look at the
transoceanic cables " 


	these motherfucking sacks of shits seeom to think they own the
	world...






	








From coderman at gmail.com  Thu Oct  2 23:43:22 2014
From: coderman at gmail.com (coderman)
Date: Thu, 2 Oct 2014 23:43:22 -0700
Subject: Retired NSA Technical Director Explains Snowden Docs
In-Reply-To: <542df375.a5658c0a.0703.111f@mx.google.com>
References: <E1XZehl-0004DZ-CX@elasmtp-junco.atl.sa.earthlink.net>
 <542df375.a5658c0a.0703.111f@mx.google.com>
Message-ID: <CAJVRA1QLNaEiLVqkzEukR2yDwjX6ChLZEJjrZ2Y5aoVC_Q9MBg@mail.gmail.com>

On 10/2/14, Juan <juan.g71 at gmail.com> wrote:
> " ... I'd look at the
> transoceanic cables "
>
> 	these motherfucking sacks of shits seem to think they own the
> 	world...


usable, end to end crypto everywhere,
  and no longer any reason to look at the cables.

so simple, right?

:)




From coderman at gmail.com  Fri Oct  3 02:48:22 2014
From: coderman at gmail.com (coderman)
Date: Fri, 3 Oct 2014 02:48:22 -0700
Subject: Retired NSA Technical Director Explains Snowden Docs
In-Reply-To: <542e5ef0.4922e00a.1bab.1a4a@mx.google.com>
References: <E1XZehl-0004DZ-CX@elasmtp-junco.atl.sa.earthlink.net>
 <542df375.a5658c0a.0703.111f@mx.google.com>
 <CAJVRA1QLNaEiLVqkzEukR2yDwjX6ChLZEJjrZ2Y5aoVC_Q9MBg@mail.gmail.com>
 <542e5ef0.4922e00a.1bab.1a4a@mx.google.com>
Message-ID: <CAJVRA1QjGQ_qtum8qCCbD9j_a=TWoLGCvXiWBvFwOEhGhR6Nuw@mail.gmail.com>

On 10/3/14, Juan <juan.g71 at gmail.com> wrote:
> ...
> 	in a sentence : encryption only solves some problems, so not so
> 	simple.


indeed. and again the theme of eve out of business,
 then drive mallory to burglary.

[ eve sips from cable splits, while mallory middles from switches. but
bustin' ins' with black bags so very bad, as always... ]


best regards,




From juan.g71 at gmail.com  Fri Oct  3 01:32:13 2014
From: juan.g71 at gmail.com (Juan)
Date: Fri, 3 Oct 2014 05:32:13 -0300
Subject: Retired NSA Technical Director Explains Snowden Docs
In-Reply-To: <CAJVRA1QLNaEiLVqkzEukR2yDwjX6ChLZEJjrZ2Y5aoVC_Q9MBg@mail.gmail.com>
References: <E1XZehl-0004DZ-CX@elasmtp-junco.atl.sa.earthlink.net>
 <542df375.a5658c0a.0703.111f@mx.google.com>
 <CAJVRA1QLNaEiLVqkzEukR2yDwjX6ChLZEJjrZ2Y5aoVC_Q9MBg@mail.gmail.com>
Message-ID: <542e5ef0.4922e00a.1bab.1a4a@mx.google.com>

On Thu, 2 Oct 2014 23:43:22 -0700
coderman <coderman at gmail.com> wrote:

> On 10/2/14, Juan <juan.g71 at gmail.com> wrote:
> > " ... I'd look at the
> > transoceanic cables "
> >
> > 	these motherfucking sacks of shits seem to think they own
> > the world...
> 
> 
> usable, end to end crypto everywhere,
>   and no longer any reason to look at the cables.


	I thought they might want to look at the cables to do so called
	'traffic analysis'...?

	As a matter of fact this criminal binney discusses how
	they look at who talks to whom, 'metadata', bla bla bla -
	traffic analysis.

	On the other hand most of the story, or rather most of the 
	activities of these clown-spies look like bullshit. 

	I highly doubt any 'terrist' worth his salt is going to discuss
	any plans on some shitty phone from some shitty american
	company. I'm pretty sure a 'terrist' with modest means can
	come up with, say, some sort one time pad device and some
	channel that's not so easily monitored.

	What can be the real objectives of this 'mass surveillance'
	thing then? Catching people like Ulbricht perhaps? 

	Of course, the obvious objective is to extend the reach of the
	US police state into the 'digital domain' but I admit I haven't
	thought about the implementation details...

> 
> so simple, right?
> 

	in a sentence : encryption only solves some problems, so not so
	simple.



> :)




From guninski at guninski.com  Fri Oct  3 00:06:09 2014
From: guninski at guninski.com (Georgi Guninski)
Date: Fri, 3 Oct 2014 10:06:09 +0300
Subject: [OT] Can a combinatorial hardware circuit solve a crypto problem?
In-Reply-To: <CAJVRA1TX+sFx0kVrN2NrCwVB_dq=vGzQZ97trLNOUh_EimmDgw@mail.gmail.com>
References: <20141002114212.GA2504@sivokote.iziade.m$>
 <CAJVRA1TX+sFx0kVrN2NrCwVB_dq=vGzQZ97trLNOUh_EimmDgw@mail.gmail.com>
Message-ID: <20141003070609.GA2744@sivokote.iziade.m$>

On Thu, Oct 02, 2014 at 12:24:17PM -0700, coderman wrote:
> On 10/2/14, Georgi Guninski <guninski at guninski.com> wrote:
> > DISCLAIMER: I am noob at electronics, this is crazy or
> > at best a fishing expedition...
> > ...
> > If you are lucky to hit stable state, you have solved
> > $f(x)=x$.
> 
> what you are describing in a round about way is an adiabatic
> representation of brute force. the jury is out, and certainly not with
> existing fabrication, but potentially 2^64 cost for a 128 bit key.
> this is why TOP SECRET demands 256 bit keys. (also Grover's algorithm,
> among other reasons?)
> 
> "the literature" should be enlightening, given these terms to key on.
> 
> 
> best regards,


Thanks. 

By "existing fabrication" do you mean we can't manufacture 
good enough circuit for this purpose (modulo time 2^64)?
What is considered wire on the circuit in practice is resistor
and the wires will have different resistances which might influence
the unorthodoxal experiment?





From guninski at guninski.com  Fri Oct  3 00:22:16 2014
From: guninski at guninski.com (Georgi Guninski)
Date: Fri, 3 Oct 2014 10:22:16 +0300
Subject: Retired NSA Technical Director Explains Snowden Docs
In-Reply-To: <CAJVRA1QLNaEiLVqkzEukR2yDwjX6ChLZEJjrZ2Y5aoVC_Q9MBg@mail.gmail.com>
References: <E1XZehl-0004DZ-CX@elasmtp-junco.atl.sa.earthlink.net>
 <542df375.a5658c0a.0703.111f@mx.google.com>
 <CAJVRA1QLNaEiLVqkzEukR2yDwjX6ChLZEJjrZ2Y5aoVC_Q9MBg@mail.gmail.com>
Message-ID: <20141003072216.GB2744@sivokote.iziade.m$>

On Thu, Oct 02, 2014 at 11:43:22PM -0700, coderman wrote:
> On 10/2/14, Juan <juan.g71 at gmail.com> wrote:
> > " ... I'd look at the
> > transoceanic cables "
> >
> > 	these motherfucking sacks of shits seem to think they own the
> > 	world...
> 
> 
> usable, end to end crypto everywhere,
>   and no longer any reason to look at the cables.
> 
> so simple, right?
> 
> :)


I suspect crypto is not sufficient.

If they own you by some way (backdoor, client bugs, etc)
they still will have the info, probably with more efforts.




From komachi at openmailbox.org  Fri Oct  3 06:03:03 2014
From: komachi at openmailbox.org (Anton Nesterov)
Date: Fri, 03 Oct 2014 13:03:03 +0000
Subject: UPD: draft is available Re: Russia want completely ban Bitcoin and
 other cryptocurrencies
In-Reply-To: <53DBF44F.2070905@openmailbox.org>
References: <53DBF44F.2070905@openmailbox.org>
Message-ID: <542E9E87.9080002@openmailbox.org>

Anton Nesterov wrote:
> Ministry of Finance of Russia drafted a bill to ban cryptocurrencies
> with administrative or criminal penalty for mining and other operation.
> Also they want to censor bitcoin-related websites.
> 
> This will come into force in 2015.
> 
> http://top.rbc.ru/economics/01/08/2014/940521.shtml (in Russian)
> 

OK, draft is available now:
http://regulation.gov.ru/project/17205.html?point=view_project&stage=2&stage_id=13089

Draft bans surrogate money and defines this as currency, including the
electronic, used for payments or/and exchange, beside the ones described
in federal law (definitely this includes bitcoins).

Emission, creating and distribution software for emission of money
surrogates, distribution of information which can be used to emission
money surrogates and/or operation with them, operation with money
surrogates: 30-50k rubles ($750-1.25k) for citizens, 60-100k
($1.5k-2.5k) for govt officials, 500k-1m ($12.5k-25k) for legal entities.

Also it gives power to the Bank of Russia to censor websites related to
the emission and operations with money surrogates.

If any Russians read this: you can add proxy=127.0.0.1:9050 to your
bitcoin.conf/litecoin.conf/dogecoin.conf/etc., and this will proxy all
your connection via Tor network (of course you need also to run Tor for
that).

-- 
https://komachi.github.io
GPG key: 0CE8 65F1 9043 2B11 25A5 74A7 1187 6869 67AA 56E4
https://keybase.io/komachi/key.asc




From rysiek at hackerspace.pl  Fri Oct  3 04:35:28 2014
From: rysiek at hackerspace.pl (rysiek)
Date: Fri, 03 Oct 2014 13:35:28 +0200
Subject: Retired NSA Technical Director Explains Snowden Docs
In-Reply-To: <20141003072216.GB2744@sivokote.iziade.m$>
References: <E1XZehl-0004DZ-CX@elasmtp-junco.atl.sa.earthlink.net>
 <CAJVRA1QLNaEiLVqkzEukR2yDwjX6ChLZEJjrZ2Y5aoVC_Q9MBg@mail.gmail.com>
 <20141003072216.GB2744@sivokote.iziade.m$>
Message-ID: <2076232.sX2pYSPMB6@lapuntu>

Dnia piątek, 3 października 2014 10:22:16 Georgi Guninski pisze:
> I suspect crypto is not sufficient.

No, it's not. One word: metadata.

-- 
Pozdr
rysiek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 411 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141003/a8e8739d/attachment.sig>

From gfoster at entersection.org  Fri Oct  3 23:25:43 2014
From: gfoster at entersection.org (Gregory Foster)
Date: Sat, 04 Oct 2014 01:25:43 -0500
Subject: Rockefeller Commission Report (RCR, Jun 30 1976)
Message-ID: <542F92E7.5030406@entersection.org>

The James Bamford article sent along by coderman is excellent.

The Intercept (Oct 2) - "The NSA and Me" by James Bamford [ @WashAuthor ]:
https://firstlook.org/theintercept/2014/10/02/the-nsa-and-me/

I just noticed the article links to an interesting document.

Rockefeller Commission Report (RCR, 1977)
"REPORT ON INQUIRY INTO CIA-RELATED ELECTRONIC SURVEILLANCE ACTIVITIES"
http://www.documentcloud.org/documents/1304974-report-on-inquiry-into-cia-related-electronic.html#document/p1

> A 1977 Justice Department report, obtained by reporter James
> Bamford in 1981 under the Freedom of Information Act, investigating
> criminal surveillance operations conducted by the CIA and NSA.

In 1975, the executive branch under President Gerald Ford initiated
its own investigation of the CIA's and the NSA's activities in
parallel with the larger committees in the legislature.  The report
Bamford shared is a (redacted) product of the President's Commission.
http://en.wikipedia.org/wiki/United_States_President%27s_Commission_on_CIA_Activities_within_the_United_States

gf

-- 
Gregory Foster || gfoster at entersection.org
@gregoryfoster <> http://entersection.com/




From gfoster at entersection.org  Fri Oct  3 23:36:28 2014
From: gfoster at entersection.org (Gregory Foster)
Date: Sat, 04 Oct 2014 01:36:28 -0500
Subject: 1977 Justice Dept. Report on CIA (was: Rockefeller Commission Report)
In-Reply-To: <542F92E7.5030406@entersection.org>
References: <542F92E7.5030406@entersection.org>
Message-ID: <542F956C.20902@entersection.org>

Ah, I must correct myself.

On 10/4/14, 1:25 AM, Gregory Foster wrote:
> The James Bamford article sent along by coderman is excellent.
> 
> The Intercept (Oct 2) - "The NSA and Me" by James Bamford [ @WashAuthor ]:
> https://firstlook.org/theintercept/2014/10/02/the-nsa-and-me/
> 
> I just noticed the article links to an interesting document.
> 
> Rockefeller Commission Report (RCR, 1977)
> "REPORT ON INQUIRY INTO CIA-RELATED ELECTRONIC SURVEILLANCE ACTIVITIES"
> http://www.documentcloud.org/documents/1304974-report-on-inquiry-into-cia-related-electronic.html#document/p1
> 
>> A 1977 Justice Department report, obtained by reporter James
>> Bamford in 1981 under the Freedom of Information Act, investigating
>> criminal surveillance operations conducted by the CIA and NSA.
> 
> In 1975, the executive branch under President Gerald Ford initiated
> its own investigation of the CIA's and the NSA's activities in
> parallel with the larger committees in the legislature.  The report
> Bamford shared is a (redacted) product of the President's Commission.
> http://en.wikipedia.org/wiki/United_States_President%27s_Commission_on_CIA_Activities_within_the_United_States


A quick glance at the real RCR shows it is a very different document:
http://history-matters.com/archive/contents/church/contents_church_reports_rockcomm.htm

Instead, here's Bamford from the article:

> The secret investigation grew out of the final report by the Rockefeller Commission, a panel that had been set up by President Gerald Ford to parallel the Church Committee. Issued on June 6, 1975, the report noted that both the NSA and CIA had engaged in questionable and possibly illegal electronic surveillance. As a result, Attorney General Edward Levi established a secret internal task force to look into the potential for criminal prosecution. Focusing particularly on NSA, the task force probed more deeply into domestic eavesdropping than any part of the executive branch had ever done before.
> 
> I had heard rumors from several sources about such a probe, so I thought it would be worth requesting a copy of the file under FOIA. Nevertheless, I was surprised when the documents, with relatively few redactions, turned up at my door 10 months later. They included a lengthy, detailed “Report on Inquiry into CIA-Related Surveillance Activities” that laid out the investigation in stark detail, as well as a shorter draft “prosecutive summary” evaluating the potential for criminal prosecution. I was shocked that the Justice Department had released them to me without notifying the NSA. An official at Justice later told me that it was standard procedure not to notify the object of a criminal investigation (think John Gotti) once it is completed and requested under FOIA.

gf

-- 
Gregory Foster || gfoster at entersection.org
@gregoryfoster <> http://entersection.com/




From stephan.neuhaus at tik.ee.ethz.ch  Fri Oct  3 23:54:40 2014
From: stephan.neuhaus at tik.ee.ethz.ch (Stephan Neuhaus)
Date: Sat, 04 Oct 2014 08:54:40 +0200
Subject: bashing your head against nation-state social engineering
In-Reply-To: <542F11AA.5030504@cyplo.net>
References: <mailman.89.1411907116.1882.cypherpunks@cpunks.org>
 <148bc820a7e.125c6a9a537330.2596211938527105403@subrosa.io>
 <54290310.3090903@tik.ee.ethz.ch> <542F11AA.5030504@cyplo.net>
Message-ID: <542F99B0.8050703@tik.ee.ethz.ch>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2014-10-03, 23:14, cyryl wrote:
> On 29/09/14 08:58, Stephan Neuhaus wrote:
>> On 2014-09-28 15:47, Subrosa.io wrote:
>>> I think this vulnerability should have been discovered with any
>>> kind of basic fuzzing.
>> 
>> If I understand the vulnerability correctly, it occurs in very
>> specific circumstances, namely trailing data at the end of a
>> function definition that's transported in an environment
>> variable.
>> 
>> In that case, I'd venture that *no* kind of "basic fuzzing" could
>> have uncovered this; the proportion of ShellShock-inducing
>> environment variable definitions among all possible environment
>> variables is simply too small.
>> 
>> What you would need instead is very specific syntax-directed
>> fuzzing, and even then I'm not sure that you have a decent chance
>> of discovering this without knowing already that it's there.
>> 
> 
> To uncover more vulns lcamtuf fed the fuzzer with the initial
> state, but then left it there to do the work.
> 
> http://lcamtuf.blogspot.nl/2014/10/bash-bug-how-we-finally-cracked.html

Without
> 
belittling the effort that's described in this article (after
all, they found more vulnerabilities, which is good), I stand by my
original point.  If you want to fuzz the whole of bash, your chances
of uncovering ShellShock are essentially nil.  Once you know that
function definitions transported in environment variables (a feature
that I didn't even know existed, and I've been working with bash since
the late 90's) are probably bug-ridden, your work becomes much, much
easier.

Fun,

Stephan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.21 (Darwin)

iQEcBAEBAgAGBQJUL5mlAAoJEE0T/LJL2oHTGxgIAKuBg2aFEesnrAd4qWiGEqfx
0E6SWWkJLkYEGD4gDcMQW5XVUUP45kJdINKZFd/rFY3Ep47VXHJ0zD89XrP4YVHH
+ujQMH4lF7+GLiVZ/tNYZCQ0k/t/9LBUS2bcvjuqIUxlmkzZN8UFFsD1L3/t+HDD
LBAmRi28Z4TOREOdHRga9BdpAKTHy7I4toHoiiA3x1psJxwkqr9WD8C7CLABWCeC
j6Gs1U5gqhCTOg0nz9DV8owuUJG1XqyOwApqC6hf1LZFWzr9WAR0G9Y+Xot4mdlJ
8s9Dkf9iEuN5nJpOPH9Hunhpoaxu8/B/TNYFvRYjE7zac3Icd8Hj3mu0TUc6RwY=
=8VXa
-----END PGP SIGNATURE-----




From coderman at gmail.com  Sat Oct  4 19:36:23 2014
From: coderman at gmail.com (coderman)
Date: Sat, 4 Oct 2014 19:36:23 -0700
Subject: properly timing FOIPA for best results [was: 1977 Justice Dept.
 Report on CIA (was: Rockefeller Commission Report)]
Message-ID: <CAJVRA1TCvE--gjnDBxP+aT9thAVV0biU_K-mmatrnTedWxQSew@mail.gmail.com>

as per,

On 10/3/14, Gregory Foster <gfoster at entersection.org> wrote:
>> "... it was standard procedure
>> not to notify the object of a criminal investigation (think John Gotti)
>> once it is completed and requested under FOIA.


i have been pondering the question of when is the most effective time
to file a FOIPA. presumably this would be after the statute of
limitations, plus some delay, to ensure that completed/discarded
investigations are included in the scope of the disclosure.

does anyone have guidance on this timing?  perhaps 6-8 years after
initially coming under scrutiny?

best regards,




From grarpamp at gmail.com  Sat Oct  4 18:41:00 2014
From: grarpamp at gmail.com (grarpamp)
Date: Sat, 4 Oct 2014 21:41:00 -0400
Subject: Retired NSA Technical Director Explains Snowden Docs
In-Reply-To: <542e5ef0.4922e00a.1bab.1a4a@mx.google.com>
References: <E1XZehl-0004DZ-CX@elasmtp-junco.atl.sa.earthlink.net>
 <542df375.a5658c0a.0703.111f@mx.google.com>
 <CAJVRA1QLNaEiLVqkzEukR2yDwjX6ChLZEJjrZ2Y5aoVC_Q9MBg@mail.gmail.com>
 <542e5ef0.4922e00a.1bab.1a4a@mx.google.com>
Message-ID: <CAD2Ti2_Cg8Cfp9V_Z0=m3rfnmMJoOC5NUCT0X0ML3rs3WieT=Q@mail.gmail.com>

On Fri, Oct 3, 2014 at 4:32 AM, Juan <juan.g71 at gmail.com> wrote:
>         What can be the real objectives of this 'mass surveillance'
>         thing then? Catching people like Ulbricht perhaps?

The objective is ownership... of the world, of everyone, of you.
Lest those provide any offset to them, or their fantasies.

> but I admit I haven't
> thought about the implementation details...

Sorry, no time for thought, there's a six in the fridge
and the Simpsons are on TV.




From l at odewijk.nl  Sat Oct  4 13:25:24 2014
From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=)
Date: Sat, 4 Oct 2014 22:25:24 +0200
Subject: UPD: draft is available Re: Russia want completely ban Bitcoin
 and other cryptocurrencies
In-Reply-To: <542E9E87.9080002@openmailbox.org>
References: <53DBF44F.2070905@openmailbox.org>
 <542E9E87.9080002@openmailbox.org>
Message-ID: <CAHWD2r+w09g1Fnj1UDF+GVkrEHFS2H=0pNAaSxzJo+jc1LttQg@mail.gmail.com>

That would be a first! Wonder what exactly pushes their buttons. Perhaps
just that it's a surrogate? Wouldn't surprise me.

Giving the Bank of Russia censorship rights regarding alternatives is
pretty pushy, but, soon, "in Russia legal tender is only tender". Shame for
them they won't be able to actually prevent Bitcoin use, and soon only
criminals will use Bitcoin.

Might have a bad ripple effect on Bitcoin in the rest of the world. We'll
see the price jump up soon.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 678 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141004/88f1f2c2/attachment.txt>

From coderman at gmail.com  Sun Oct  5 00:35:51 2014
From: coderman at gmail.com (coderman)
Date: Sun, 5 Oct 2014 00:35:51 -0700
Subject: Mu [was: How worse is the Shellshock bash bug than Heartbleed?]
In-Reply-To: <20141001134157.GA2294@sivokote.iziade.m$>
References: <CAJVRA1Q1CVpS-QoWvV7QtN7OqPBa_ZdeJ4yGC=RRHN3DyM4E-g@mail.gmail.com>
 <20141001134157.GA2294@sivokote.iziade.m$>
Message-ID: <CAJVRA1S_rYWEC7ysO3k51J9Tm0pHAHxn6mnZpgzjK3XNa75uzA@mail.gmail.com>

On 10/1/14, Georgi Guninski <guninski at guninski.com> wrote:
> ...
> Might be wrong, but continue to disagree :)


i would note that by this time for heartbleed[0], Community Health
Systems was already hacked a long week and a half. yet shellshock
still shows muted impact.

best regards,



0. CHS was hacked roughly a week after heartbleed disclosed, see
official disclosure (to SEC) in august impacting 4,500,000 patients.




From l at odewijk.nl  Sat Oct  4 19:57:24 2014
From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=)
Date: Sun, 5 Oct 2014 04:57:24 +0200
Subject: properly timing FOIPA for best results [was: 1977 Justice Dept.
 Report on CIA (was: Rockefeller Commission Report)]
In-Reply-To: <CAJVRA1TCvE--gjnDBxP+aT9thAVV0biU_K-mmatrnTedWxQSew@mail.gmail.com>
References: <CAJVRA1TCvE--gjnDBxP+aT9thAVV0biU_K-mmatrnTedWxQSew@mail.gmail.com>
Message-ID: <CAHWD2rLkkbZvK4=83PxouSUTnj1bSMqRFY+=TsYfRqRfyHf4jQ@mail.gmail.com>

2014-10-05 4:36 GMT+02:00 coderman <coderman at gmail.com>:

> does anyone have guidance on this timing?  perhaps 6-8 years after
> initially coming under scrutiny?


I have no specific knowledge/experience, but I'd say that you could use
"FOIA attempt" data to construct a pretty good "FOIA completion rate" over
time picture. Maybe repeating some older FOIAs can lead to interesting
completion results."Delays" would also be very variable, depending on
police investigations. But probably normally distributed.

Ultimately Data wins! And probably nothing else :(
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 949 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141005/70b1735b/attachment.txt>

From cathalgarvey at cathalgarvey.me  Sun Oct  5 02:58:16 2014
From: cathalgarvey at cathalgarvey.me (Cathal Garvey)
Date: Sun, 05 Oct 2014 10:58:16 +0100
Subject: Radical-safest TLDs in 2014
In-Reply-To: <11398908.iJM5pOxZj7@lapuntu>
References: <11398908.iJM5pOxZj7@lapuntu>
Message-ID: <54311638.1070707@cathalgarvey.me>

I have heard a very exciting rumour that Tor may become integrated into
Firefox in the near future, so that one of the most widely used browsers
in the world will be able to access .onion addresses out of the box.

If this is true it'll shake up the TLD market like nothing else ever
has, and be a big coup for Firefox; the browser you use to access new
media sources like the next popcorn time, or the next social streaming
service, who'd be more inclined to build backends on .onions and resist
copylobbyists.

On 05/10/14 10:07, rysiek wrote:
> Well,
> 
> since we had a nice thread about radical-safest TLDs in 2007, why not ask the 
> same question about present day?
> 
> Now, I know .onion is the "TLD of choice" of sorts, but if hypothetically I 
> were to register a domain for a project that would help people circumvent 
> Internet censorship and monitoring (so, potentially interesting for the 
> copyright enforcing LEAs too), which TLD should I choose for a "clearternet" 
> version of the website?
> 
> Please note: I'm not asking about *hosting*, just mere TLD for the domain.
> 

-- 
Twitter: @onetruecathal, @formabiolabs
Phone: +353876363185
Blog: http://indiebiotech.com
miniLock.io: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x988B9099.asc
Type: application/pgp-keys
Size: 6176 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141005/7a200cdc/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141005/7a200cdc/attachment.sig>

From rysiek at hackerspace.pl  Sun Oct  5 02:07:40 2014
From: rysiek at hackerspace.pl (rysiek)
Date: Sun, 05 Oct 2014 11:07:40 +0200
Subject: Radical-safest TLDs in 2014
Message-ID: <11398908.iJM5pOxZj7@lapuntu>

Well,

since we had a nice thread about radical-safest TLDs in 2007, why not ask the 
same question about present day?

Now, I know .onion is the "TLD of choice" of sorts, but if hypothetically I 
were to register a domain for a project that would help people circumvent 
Internet censorship and monitoring (so, potentially interesting for the 
copyright enforcing LEAs too), which TLD should I choose for a "clearternet" 
version of the website?

Please note: I'm not asking about *hosting*, just mere TLD for the domain.

-- 
Pozdr
rysiek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 411 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141005/9acf1a0e/attachment.sig>

From guninski at guninski.com  Sun Oct  5 02:42:30 2014
From: guninski at guninski.com (Georgi Guninski)
Date: Sun, 5 Oct 2014 12:42:30 +0300
Subject: Mu [was: How worse is the Shellshock bash bug than Heartbleed?]
In-Reply-To: <CAJVRA1S_rYWEC7ysO3k51J9Tm0pHAHxn6mnZpgzjK3XNa75uzA@mail.gmail.com>
References: <CAJVRA1Q1CVpS-QoWvV7QtN7OqPBa_ZdeJ4yGC=RRHN3DyM4E-g@mail.gmail.com>
 <20141001134157.GA2294@sivokote.iziade.m$>
 <CAJVRA1S_rYWEC7ysO3k51J9Tm0pHAHxn6mnZpgzjK3XNa75uzA@mail.gmail.com>
Message-ID: <20141005094230.GA2582@sivokote.iziade.m$>

On Sun, Oct 05, 2014 at 12:35:51AM -0700, coderman wrote:
> On 10/1/14, Georgi Guninski <guninski at guninski.com> wrote:
> > ...
> > Might be wrong, but continue to disagree :)
> 
> 
> i would note that by this time for heartbleed[0], Community Health
> Systems was already hacked a long week and a half. yet shellshock
> still shows muted impact.
> 
> best regards,
> 
> 
> 
> 0. CHS was hacked roughly a week after heartbleed disclosed, see
> official disclosure (to SEC) in august impacting 4,500,000 patients.

ok, i won't argue :)

-- 
"Whenever people agree with me I always feel I must be wrong." - Oscar
Wilde quote





From komachi at openmailbox.org  Sun Oct  5 05:55:31 2014
From: komachi at openmailbox.org (Anton Nesterov)
Date: Sun, 05 Oct 2014 12:55:31 +0000
Subject: UPD: draft is available Re: Russia want completely ban Bitcoin
 and other cryptocurrencies
In-Reply-To: <CAHWD2r+w09g1Fnj1UDF+GVkrEHFS2H=0pNAaSxzJo+jc1LttQg@mail.gmail.com>
References: <53DBF44F.2070905@openmailbox.org>
 <542E9E87.9080002@openmailbox.org>
 <CAHWD2r+w09g1Fnj1UDF+GVkrEHFS2H=0pNAaSxzJo+jc1LttQg@mail.gmail.com>
Message-ID: <54313FC3.3060206@openmailbox.org>

Lodewijk andré de la porte wrote:
> That would be a first! Wonder what exactly pushes their buttons. Perhaps
> just that it's a surrogate? Wouldn't surprise me.
Surrogates actually banned since 90s, but nobody knows what money
surrogates is, there was no lawful definition, and as far I remember,
first time it was used in a letters from Bank of Russia and Prosecutor
General which says Bitcoin is surrogates
http://www.reuters.com/article/2014/02/09/us-russia-bitcoin-idUSBREA1806620140209

Funny thing that with such definition they ban anything except ruble,
including money in computer games, some payment systems, etc.

Russian Duma acts crazy last time, they voted for many crazy bills, and
this one will just continue the trend, so there probably no real reason
for ban. Bitcoin is not so popular in Russia, it take a really little
part in drug deals or anything other, but probably they will attempt to
justify the ban with drugs, there is some talks on drugs started last
time, which very overestimated the problem.

> Giving the Bank of Russia censorship rights regarding alternatives is
> pretty pushy, but, soon, "in Russia legal tender is only tender". 
That probably will work like "we google bitcoin and ban first 20 or more
links, repeat every day/week/month", that way it works with drugs or
suicides, they banned many doorways, jokes or even slang terms not
related to any crime (like an article on boosters from EVE Online, in
Russian community it's called "drugs", or latest GitHub ban for an
article which recommends you to commit a suicide with starting WWIII,
using nanomachines from science fiction, making a nuclear bomb from your
own body, etc.) because of that.

-- 
https://komachi.github.io
GPG key: 0CE8 65F1 9043 2B11 25A5 74A7 1187 6869 67AA 56E4
https://keybase.io/komachi/key.asc




From s at ctrlc.hu  Sun Oct  5 04:28:52 2014
From: s at ctrlc.hu (stef)
Date: Sun, 5 Oct 2014 13:28:52 +0200
Subject: Radical-safest TLDs in 2014
In-Reply-To: <54311638.1070707@cathalgarvey.me>
References: <11398908.iJM5pOxZj7@lapuntu>
 <54311638.1070707@cathalgarvey.me>
Message-ID: <20141005112852.GN7687@ctrlc.hu>

On Sun, Oct 05, 2014 at 10:58:16AM +0100, Cathal Garvey wrote:
> I have heard a very exciting rumour that Tor may become integrated into
> Firefox in the near future, so that one of the most widely used browsers
> in the world will be able to access .onion addresses out of the box.

actually it is already, and all the other browsers as well. you just need to
enable name resolution for tor in torrc:

VirtualAddrNetwork 127.13.0.0/10                                                                                                                                                                                   
AutomapHostsOnResolve 1                                                                                                                                                                                             
TransPort 9042                                                                                                                                                                                                      
DNSPort 9153                                                                                                                                                                                                        

a bit of iptables settings and setup unbound to route queries for .onion to
the local tor proxy.

with a bit of googling you can fill out the missing blanks...


-- 
otr fp: https://www.ctrlc.hu/~stef/otr.txt




From coderman at gmail.com  Sun Oct  5 15:34:29 2014
From: coderman at gmail.com (coderman)
Date: Sun, 5 Oct 2014 15:34:29 -0700
Subject: Radical-safest TLDs in 2014
In-Reply-To: <11398908.iJM5pOxZj7@lapuntu>
References: <11398908.iJM5pOxZj7@lapuntu>
Message-ID: <CAJVRA1RVUb5ojJVD2utFXVXWvoDwMgZgJPLTrX=kyM1f65NR=w@mail.gmail.com>

On 10/5/14, rysiek <rysiek at hackerspace.pl> wrote:
> ... which TLD should I choose for a "clearternet"
> version of the website?


for present day, "clearnet" version,
 winner is .bit / namecoin.




From rysiek at hackerspace.pl  Sun Oct  5 07:34:57 2014
From: rysiek at hackerspace.pl (rysiek)
Date: Sun, 05 Oct 2014 16:34:57 +0200
Subject: Radical-safest TLDs in 2014
In-Reply-To: <20141005112852.GN7687@ctrlc.hu>
References: <11398908.iJM5pOxZj7@lapuntu> <54311638.1070707@cathalgarvey.me>
 <20141005112852.GN7687@ctrlc.hu>
Message-ID: <8079320.TmBfuEBRfQ@lapuntu>

Dnia niedziela, 5 października 2014 13:28:52 stef pisze:
> On Sun, Oct 05, 2014 at 10:58:16AM +0100, Cathal Garvey wrote:
> > I have heard a very exciting rumour that Tor may become integrated into
> > Firefox in the near future, so that one of the most widely used browsers
> > in the world will be able to access .onion addresses out of the box.
> 
> actually it is already, and all the other browsers as well. you just need to
> enable name resolution for tor in torrc:

Good to know. Still, the question was about non-onion TLDs. ;)

-- 
Pozdr
rysiek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 411 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141005/8109c113/attachment.sig>

From coderman at gmail.com  Mon Oct  6 02:07:11 2014
From: coderman at gmail.com (coderman)
Date: Mon, 6 Oct 2014 02:07:11 -0700
Subject: first factorization of RSA-2048?
Message-ID: <CAJVRA1QVF9PwLWRUeY-ETnacu7bwRTJyqR_RTOYXG6kqPNt=HQ@mail.gmail.com>

"Prize: 700ml 18-year scotch. Topic: first factorization of RSA-2048.
My bet: quantum algorithms. Antoine Joux's bet: non-quantum
algorithms."
 - https://twitter.com/hashbreaker/status/494867301435318273


what origin scotch?

if i am going to play for keeps, i want to know my skewing is cost effective...

;P


best regards,




From coderman at gmail.com  Mon Oct  6 02:30:30 2014
From: coderman at gmail.com (coderman)
Date: Mon, 6 Oct 2014 02:30:30 -0700
Subject: =?UTF-8?Q?This_Friday=2C_10=2DOct=2D2014_=2D_New_York_Film_Fest_Will_W?=
 =?UTF-8?Q?orld_Premiere_Laura_Poitras=E2=80=99_Edward_Snowden_Docu_=E2=80=98CITIZE?=
 =?UTF-8?Q?NFOUR=E2=80=99?=
Message-ID: <CAJVRA1SaA8ZyXaAAHt4i-Y_H3gG7BaU6aowVdh+HBKgurSuVzQ@mail.gmail.com>

will John or another distinguished agitator be present to report and
convey for this fine event?

http://deadline.com/2014/09/new-york-film-fest-will-world-premiere-laura-poitras-edward-snowden-docu-citizenfour-835041/

"""
New York Film Festival director Kent Jones said today that the Film
Society of Lincoln Center has added the world premiere of Laura
Poitras’ CITIZENFOUR to its Main Slate lineup. The presentation will
run Friday, October 10 at 6 PM at Alice Tully Hall. Poitras will also
participate in a free HBO Directors Dialogues the following day at 4
PM, at the Walter Reade Theater. The film, from RADiUS in association
with Participant Media and HBO Documentary Films, opens theatrically
October 24.

According to the festival: In January 2013, Poitras was several years
into the making of a film about abuses of national security in
post-9/11 America when she started receiving encrypted e-mails from
someone identifying himself as “citizen four,” who was ready to blow
the whistle on the massive covert surveillance programs run by the NSA
and other intelligence agencies. In June 2013, she and reporter Glenn
Greenwald flew to Hong Kong for the first of many meetings with the
man who turned out to be Snowden. She brought her camera with her. The
film that resulted from this series of tense encounters is absolutely
sui generis in the history of cinema: a 100% real-life thriller
unfolding minute by minute before our eyes.
"""




From grarpamp at gmail.com  Mon Oct  6 11:50:21 2014
From: grarpamp at gmail.com (grarpamp)
Date: Mon, 6 Oct 2014 14:50:21 -0400
Subject: dhcpd dhclient-script shell security
Message-ID: <CAD2Ti28P4RC4EdxDvFxXMLC4Kt11uZHfPw_JswyJX7XkiDjRug@mail.gmail.com>

> @ioerror says:
> Has anyone written a captive portal aware, privilege separated, uid
> zero free, security focused dhcp client in a type safe language?

One could write/compile the script in any language, use sudo within
or change the perms and/or syscall uid checks for read-writing the
tap, 67/68 port binding, ifconfig, route, etc to permit any arbitrary uid,
and run it all in a jail. Some capabilities already exist in OS's today.

Portal awareness would be a different scope.

Tails or OpenBSD might be interested, as would anyone really, in
particular if the protocol sends arbitrary data/commands, which the
client/script then fails to lint and passes out to exec/params...

Also from twitter:
http://www.codelabs.ch/adhcp/




From tbiehn at gmail.com  Mon Oct  6 13:00:09 2014
From: tbiehn at gmail.com (Travis Biehn)
Date: Mon, 6 Oct 2014 16:00:09 -0400
Subject: Radical-safest TLDs in 2014
In-Reply-To: <CAJVRA1RVUb5ojJVD2utFXVXWvoDwMgZgJPLTrX=kyM1f65NR=w@mail.gmail.com>
References: <11398908.iJM5pOxZj7@lapuntu>
 <CAJVRA1RVUb5ojJVD2utFXVXWvoDwMgZgJPLTrX=kyM1f65NR=w@mail.gmail.com>
Message-ID: <CAKtE3zch6eRqTHjzaee4Mi0u2CFq763w_WaUeQeVLLnLZkF0xA@mail.gmail.com>

Rysiek,
Can we further reduce ambiguity by reducing the set to those TLDs
recognized by ICANN?

I don't think you can 'rely' on any of them, to coderman's point.

Your best bet is to enumerate the list of TLD delegated authoritative
servers, then recursively send legal threats to each.

The one who demonstrates the most impressive apathy may be your winner :)

Of course, you may want to follow the concept of pitting two noncooperative
countries against each other.
If the threat to your name isnt specifically tied to a subset of all
jurisdictions.. You might have a problem.

You might, then, establish a protocol. The hash of the website CNN.com's
contents, for instance, may serve as a backup domain.

Realistically its really down to finding a cool registrar & TLD pair. TBP
may be your best example here.

As a final note: if you're worried about these kinds of problems you
probably shouldn't be using clearnet.

Travis
On Oct 5, 2014 6:50 PM, "coderman" <coderman at gmail.com> wrote:

> On 10/5/14, rysiek <rysiek at hackerspace.pl> wrote:
> > ... which TLD should I choose for a "clearternet"
> > version of the website?
>
>
> for present day, "clearnet" version,
>  winner is .bit / namecoin.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1705 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141006/cd684f1f/attachment.txt>

From rsw at jfet.org  Mon Oct  6 13:14:38 2014
From: rsw at jfet.org (Riad S. Wahby)
Date: Mon, 6 Oct 2014 16:14:38 -0400
Subject: dhcpd dhclient-script shell security
In-Reply-To: <CAD2Ti28P4RC4EdxDvFxXMLC4Kt11uZHfPw_JswyJX7XkiDjRug@mail.gmail.com>
References: <CAD2Ti28P4RC4EdxDvFxXMLC4Kt11uZHfPw_JswyJX7XkiDjRug@mail.gmail.com>
Message-ID: <20141006201438.GA14862@antiproton.jfet.org>

grarpamp <grarpamp at gmail.com> wrote:
> Tails or OpenBSD might be interested, as would anyone really, in
> particular if the protocol sends arbitrary data/commands, which the
> client/script then fails to lint and passes out to exec/params...

Note that OpenBSD's dhclient hasn't supported a client script since
late 2012. Even when it did, /bin/sh is ksh by default, so few if any
OpenBSD systems would be vulnerable to Shellshock-via-DHCP.

I realize this addresses symptoms rather than the meat of the question
regarding dhcp clients, but there is some evidence that the OpenBSD
folks were already concerned about the attack surface of dhclient.
It's not clear to me whether their paranoia extends to rogue DHCP
servers on the network, but since that's a pretty obvious attack it
may well be the case. Might be worth asking on the relevant OpenBSD
list.

-=rsw




From guninski at guninski.com  Mon Oct  6 06:15:34 2014
From: guninski at guninski.com (Georgi Guninski)
Date: Mon, 6 Oct 2014 16:15:34 +0300
Subject: first factorization of RSA-2048?
In-Reply-To: <CAJVRA1QVF9PwLWRUeY-ETnacu7bwRTJyqR_RTOYXG6kqPNt=HQ@mail.gmail.com>
References: <CAJVRA1QVF9PwLWRUeY-ETnacu7bwRTJyqR_RTOYXG6kqPNt=HQ@mail.gmail.com>
Message-ID: <20141006131534.GA2199@sivokote.iziade.m$>

On Mon, Oct 06, 2014 at 02:07:11AM -0700, coderman wrote:
> "Prize: 700ml 18-year scotch. Topic: first factorization of RSA-2048.
> My bet: quantum algorithms. Antoine Joux's bet: non-quantum
> algorithms."
>  - https://twitter.com/hashbreaker/status/494867301435318273
> 
> 
> what origin scotch?
> 
> if i am going to play for keeps, i want to know my skewing is cost effective...
> 
> ;P
> 
> 
> best regards,

lol, among other reasons one must have overdosed booze and/or other
stuff to do such deal :)




From grarpamp at gmail.com  Mon Oct  6 15:21:02 2014
From: grarpamp at gmail.com (grarpamp)
Date: Mon, 6 Oct 2014 18:21:02 -0400
Subject: GoldBug SF projects [was: Bittorrent Bleep]
In-Reply-To: <CAOsGNSQ5EhA6mSOJpG366h7cgN9eVqwofPLQxHUfjjV9VKg_hQ@mail.gmail.com>
References: <CAD2Ti2-BgskWH1LXfWVr89vGByu8b1k52VL84vrH3y4ZEWVnoA@mail.gmail.com>
 <CAD2Ti280QCEBo7maHvt_NkZuf7yt_so8dY45smr5ecV1eGdmAA@mail.gmail.com>
 <CADS43vCD_k0-wZ7skCsqG98vbW3Vn7Fnt4cUVzawTa0n1tSzOg@mail.gmail.com>
 <CAD2Ti28iDxVpbCFAO0RKiKRHv-bg9sdowzK6Y0FvD5tdWT6DZw@mail.gmail.com>
 <CAD2Ti2-pKewLHXtOEHpN_Y44h_dFgBBcbVoKzkAENKrytEBizA@mail.gmail.com>
 <CAD2Ti295eczCXS_7DxQX6K5f5=ZznBTuWfzHUfN7_GhnxPmfTw@mail.gmail.com>
 <CAOsGNSQ5EhA6mSOJpG366h7cgN9eVqwofPLQxHUfjjV9VKg_hQ@mail.gmail.com>
Message-ID: <CAD2Ti2_eG8NPm5nJ3YVpwmK_totjKpaLzsw1nR3xrQ5es0QHyw@mail.gmail.com>

General update/reply...

- None of the projects in question have replied to any question being
asked of them.
- Goldbug has now deleted their sourceforge mailing list altogether,
further hiding themselves from public inquiry on record.
- The goldbug page was twice deleted off wikipedia since the 23rd.
That makes at least three times now.
- 'Alexis Megas' on SF used to be called 'Calvin', that's on archive.org.

Yes, just as they link out to bogus 'reviews' for 'support', you could
put 'references', 'controversy' sections into all their articles on wikipedia,
and say the same things in the 'talk' subpages. That seems to be
within WP policy if done in objective fashion.

No, I wouldn't bother with creating a site dedicated to them. Instead,
create a site to list all the questionable crypto products being foisted
as new hotness onto the public. Further, contrasting with and
pointing to well proven ones that already exist in any similar feature
space/matrix. prism-break.org doesn't really go far in its
depth/breadth/quantity,
nor call out unconscionable practices, etc for public crypto products...
that's not their purpose. So there's project oppurtunity there for someone
who wants it.

Bowing out.




From grarpamp at gmail.com  Mon Oct  6 15:50:12 2014
From: grarpamp at gmail.com (grarpamp)
Date: Mon, 6 Oct 2014 18:50:12 -0400
Subject: Projects developed anonymously [was: goldbug, ref: btc]
Message-ID: <CAD2Ti281+GuNhRc+9Pt3U4HD2bVLPTV-Q7V=eYafehGUxu1Wvg@mail.gmail.com>

On Wed, Sep 24, 2014 at 3:38 AM, Fabio Pietrosanti (naif)
<lists at infosecurity.ch> wrote:
> The only way such "suspicious" projects will have to recover is by being
> transparent on who they are, who pay them, what's their goal ;)

There's nothing wrong with anonymous development itself, provided
it meets high standards expected of crypto related applications.

Goldbug and friends blackballed themselves with their actions, topic
dodging speech, and non-reproducible binaries. Doubtful anyone will
bother looking at their code given that.

Satoshi did anonymous well regarding bitcoin.
I2P had some anonymous large contributors I think.
Truecrypt's anonymity had some mixed results (given the situation
with their binaries).

What other projects have been largely anonymous?

Now that we have anonymous networks, it's likely that
many more anonymous projects will appear that do
pass muster.




From juan.g71 at gmail.com  Mon Oct  6 16:16:31 2014
From: juan.g71 at gmail.com (Juan)
Date: Mon, 6 Oct 2014 20:16:31 -0300
Subject: Retired NSA Technical Director Explains Snowden Docs
In-Reply-To: <CAD2Ti2_Cg8Cfp9V_Z0=m3rfnmMJoOC5NUCT0X0ML3rs3WieT=Q@mail.gmail.com>
References: <E1XZehl-0004DZ-CX@elasmtp-junco.atl.sa.earthlink.net>
 <542df375.a5658c0a.0703.111f@mx.google.com>
 <CAJVRA1QLNaEiLVqkzEukR2yDwjX6ChLZEJjrZ2Y5aoVC_Q9MBg@mail.gmail.com>
 <542e5ef0.4922e00a.1bab.1a4a@mx.google.com>
 <CAD2Ti2_Cg8Cfp9V_Z0=m3rfnmMJoOC5NUCT0X0ML3rs3WieT=Q@mail.gmail.com>
Message-ID: <543322a2.e11b8c0a.42bf.ffffd47f@mx.google.com>

On Sat, 4 Oct 2014 21:41:00 -0400
grarpamp <grarpamp at gmail.com> wrote:


> > but I admit I haven't
> > thought about the implementation details...
> 
> Sorry, no time for thought, there's a six in the fridge
> and the Simpsons are on TV.


	heh - I've never watched the simpsons. I've watched south park
	and the whitest kids, though. Speaking of which...


	http://www.youtube.com/watch?v=Q2BfqDUPL1I








From l at odewijk.nl  Mon Oct  6 16:40:37 2014
From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=)
Date: Tue, 7 Oct 2014 01:40:37 +0200
Subject: Radical-safest TLDs in 2014
In-Reply-To: <CAKtE3zch6eRqTHjzaee4Mi0u2CFq763w_WaUeQeVLLnLZkF0xA@mail.gmail.com>
References: <11398908.iJM5pOxZj7@lapuntu>
 <CAJVRA1RVUb5ojJVD2utFXVXWvoDwMgZgJPLTrX=kyM1f65NR=w@mail.gmail.com>
 <CAKtE3zch6eRqTHjzaee4Mi0u2CFq763w_WaUeQeVLLnLZkF0xA@mail.gmail.com>
Message-ID: <CAHWD2r+KhR2HUquHWxn9GZkRrhJDtdJZ9CAMH=LwnYvGD_-rRw@mail.gmail.com>

I'd say national TLD's are to be avoided, if they're known to be
anti-whateveritisyou'redoing. ".com" is kinda difficult given the US just
claims it.

Other than that I don't think anyone cares. The idea is that you're easy to
find, just focus on that. Robustness... Onion and bit are resilient, more
so than a bare IP address, so that's worth it /if you're expecting domain
name troubles/.

.io is hip right now, but it's like 35usd instead of ~10usd, and it feels
icky-hip not cool-hip.

Can't wait till we get 1-N domain names; where a domain name is like a tag
and up/downvotes and a web-of-trust regulate ordering. Democratic,
distributed, semi-/inconsistent in a good way. If you pin an identity, use
a certificate! Way better to use identities that way anyway. Have
governments certify that a certain entity (cryptographic entity) is the
natural or legal person it claims to be, allowing any government to do
that. Totally different ecosystem though. That's life :/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1084 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141007/4526ccb0/attachment.txt>

From cathalgarvey at cathalgarvey.me  Tue Oct  7 02:08:53 2014
From: cathalgarvey at cathalgarvey.me (Cathal Garvey)
Date: Tue, 07 Oct 2014 10:08:53 +0100
Subject: Radical-safest TLDs in 2014
In-Reply-To: <CAKtE3zch6eRqTHjzaee4Mi0u2CFq763w_WaUeQeVLLnLZkF0xA@mail.gmail.com>
References: <11398908.iJM5pOxZj7@lapuntu>
 <CAJVRA1RVUb5ojJVD2utFXVXWvoDwMgZgJPLTrX=kyM1f65NR=w@mail.gmail.com>
 <CAKtE3zch6eRqTHjzaee4Mi0u2CFq763w_WaUeQeVLLnLZkF0xA@mail.gmail.com>
Message-ID: <5433ADA5.9090201@cathalgarvey.me>

> Can we further reduce ambiguity by reducing the set to those TLDs
> recognized by ICANN?

Isn't it more useful to reduce the set to TLDs that the "average user"
can connect to? That's why I shared the rumours about .onion in Firefox:
who cares what ICANN thinks, if a large enough userbase can access it
OOTB without configuration?

By contrast, .onion *today*, along with .i2p and .bit, are all
configuration-heavy, meaning virtually nobody will actually access or
use them unless they're already completely dedicated customers. The Silk
Road managed to pull people in because it was essentially the only place
to buy drugs "safely" online (along with plenty of other reprehensible
things), but that's a completely exceptional case.

I'm thinking of benign web services that enrich the world in some way,
but suffer censorship or legal assault because they disturb the
status-quo. The next start-up that MPAA want to crush, or the next
whistleblowing site, or the next transborder social network. Those
people will need TLDs they can rely on. If .onion goes surprisingly
mainstream in the near future, that'd be very powerful.

Of course, .onion will remain slow as sin, but for those websites they
can use .onion with 304 redirects to non-onion TLDs for each visitor; as
their clearnet TLDs get shut down they can just register new ones and
304 redirect to them on the fly for each new visitor; whack-a-mole on a
grand scale, a total losing battle for the censors. The critical bit is
that there's one canonical URL for new visitors that will always lead to
service.

On 06/10/14 21:00, Travis Biehn wrote:
> Rysiek,
> Can we further reduce ambiguity by reducing the set to those TLDs
> recognized by ICANN?
> 
> I don't think you can 'rely' on any of them, to coderman's point.
> 
> Your best bet is to enumerate the list of TLD delegated authoritative
> servers, then recursively send legal threats to each.
> 
> The one who demonstrates the most impressive apathy may be your winner :)
> 
> Of course, you may want to follow the concept of pitting two noncooperative
> countries against each other.
> If the threat to your name isnt specifically tied to a subset of all
> jurisdictions.. You might have a problem.
> 
> You might, then, establish a protocol. The hash of the website CNN.com's
> contents, for instance, may serve as a backup domain.
> 
> Realistically its really down to finding a cool registrar & TLD pair. TBP
> may be your best example here.
> 
> As a final note: if you're worried about these kinds of problems you
> probably shouldn't be using clearnet.
> 
> Travis
> On Oct 5, 2014 6:50 PM, "coderman" <coderman at gmail.com> wrote:
> 
>> On 10/5/14, rysiek <rysiek at hackerspace.pl> wrote:
>>> ... which TLD should I choose for a "clearternet"
>>> version of the website?
>>
>>
>> for present day, "clearnet" version,
>>  winner is .bit / namecoin.
>>
> 

-- 
Twitter: @onetruecathal, @formabiolabs
Phone: +353876363185
Blog: http://indiebiotech.com
miniLock.io: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x988B9099.asc
Type: application/pgp-keys
Size: 6176 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141007/87cbf6e7/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141007/87cbf6e7/attachment.sig>

From coderman at gmail.com  Tue Oct  7 15:20:49 2014
From: coderman at gmail.com (coderman)
Date: Tue, 7 Oct 2014 15:20:49 -0700
Subject: Revocable Anonymity is Anonymity like Clipper Chip Protection - that
 is to say, it is not. [was: Another Tor is Possible, Kane/Ksec]
Message-ID: <CAJVRA1TA9_svP2-csFxDV+vmusVVckCfUtBX3F5zSTytMLkaSw@mail.gmail.com>

On 10/7/14, Nick Mathewson <nickm at alum.mit.edu> wrote:
> ...
> What's saddest: You didn't explain why you think it's broken.

"Revocable Anonymity" is a farce and distraction; Skipjack Clipper
Clip[0] equivalent in every sense to the non-starter of "key escrow"
and "government / lawful access mandated backdoors".

all backdoors, no matter how well intentioned, lead straight to hell.[1]

best regards,


0. "The Clipper chip was a chipset that was developed and promoted by
the United States National Security Agency as an encryption device,
with a built-in backdoor, intended to be adopted by telecommunications
companies for voice transmission."
 -  https://en.wikipedia.org/wiki/Clipper_chip

1. "The Athens Affair - How some extremely smart hackers pulled off
the most audacious cell-network break-in ever"
 - http://spectrum.ieee.org/telecom/security/the-athens-affair




From jya at pipeline.com  Wed Oct  8 04:59:36 2014
From: jya at pipeline.com (John Young)
Date: Wed, 08 Oct 2014 07:59:36 -0400
Subject: State Hash
Message-ID: <E1Xbpt3-0003FU-2x@elasmtp-dupuy.atl.sa.earthlink.net>

http://sphincs.cr.yp.to/

Special note to law-enforcement agents: The word "state" is
a technical term in cryptography. Typical hash-based signature
schemes need to record information, called "state", after every
signature. Google's Adam Langley refers to this as a "huge
foot-cannon" from a security perspective. By saying "eliminate
the state" we are advocating a security improvement, namely
adopting signature schemes that do not need to record information
after every signature. We are not talking about eliminating other
types of states. We love most states, especially yours! Also,
"hash" is another technical term and has nothing to do with cannabis. 





From rsw at jfet.org  Wed Oct  8 08:48:20 2014
From: rsw at jfet.org (Riad S. Wahby)
Date: Wed, 8 Oct 2014 11:48:20 -0400
Subject: State Hash
In-Reply-To: <20141008151532.GA2468@sivokote.iziade.m$>
References: <E1Xbpt3-0003FU-2x@elasmtp-dupuy.atl.sa.earthlink.net>
 <2539226.5LNr3qzgvX@lapuntu>
 <20141008151532.GA2468@sivokote.iziade.m$>
Message-ID: <20141008154820.GA596@antiproton.jfet.org>

Georgi Guninski <guninski at guninski.com> wrote:
> second, it is not known even if P ≠ NP, can a sufficiently
> powerful quantum computer solve SAT efficiently? -- if the 
> answer is ``yes'' djb & co fail.

And yet a quantum computer efficiently solving SAT would be
substantially more surprising than P=NP!

Quantum computation is not magic; the limits of quantum mechanics
already imply relatively strong lower bounds for quantum hash
collision search.

-=rsw




From rysiek at hackerspace.pl  Wed Oct  8 07:05:14 2014
From: rysiek at hackerspace.pl (rysiek)
Date: Wed, 08 Oct 2014 16:05:14 +0200
Subject: State Hash
In-Reply-To: <E1Xbpt3-0003FU-2x@elasmtp-dupuy.atl.sa.earthlink.net>
References: <E1Xbpt3-0003FU-2x@elasmtp-dupuy.atl.sa.earthlink.net>
Message-ID: <2539226.5LNr3qzgvX@lapuntu>

Dnia środa, 8 października 2014 07:59:36 John Young pisze:
> http://sphincs.cr.yp.to/
> 
> Special note to law-enforcement agents: The word "state" is
> a technical term in cryptography. Typical hash-based signature
> schemes need to record information, called "state", after every
> signature. Google's Adam Langley refers to this as a "huge
> foot-cannon" from a security perspective. By saying "eliminate
> the state" we are advocating a security improvement, namely
> adopting signature schemes that do not need to record information
> after every signature. We are not talking about eliminating other
> types of states. We love most states, especially yours! Also,
> "hash" is another technical term and has nothing to do with cannabis.

This... has to be some elaborate joke.

-- 
Pozdr
rysiek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 411 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141008/92a45bc1/attachment.sig>

From rysiek at hackerspace.pl  Wed Oct  8 08:03:51 2014
From: rysiek at hackerspace.pl (rysiek)
Date: Wed, 08 Oct 2014 17:03:51 +0200
Subject: State Hash
In-Reply-To: <2539226.5LNr3qzgvX@lapuntu>
References: <E1Xbpt3-0003FU-2x@elasmtp-dupuy.atl.sa.earthlink.net>
 <2539226.5LNr3qzgvX@lapuntu>
Message-ID: <4545524.dMo1Eg181o@lapuntu>

Dnia środa, 8 października 2014 16:05:14 rysiek pisze:
> Dnia środa, 8 października 2014 07:59:36 John Young pisze:
> > http://sphincs.cr.yp.to/
> > 
> > Special note to law-enforcement agents: The word "state" is
> > a technical term in cryptography. Typical hash-based signature
> > schemes need to record information, called "state", after every
> > signature. Google's Adam Langley refers to this as a "huge
> > foot-cannon" from a security perspective. By saying "eliminate
> > the state" we are advocating a security improvement, namely
> > adopting signature schemes that do not need to record information
> > after every signature. We are not talking about eliminating other
> > types of states. We love most states, especially yours! Also,
> > "hash" is another technical term and has nothing to do with cannabis.
> 
> This... has to be some elaborate joke.

Okay, disregard, I need more sleep.

-- 
Pozdr
rysiek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 411 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141008/5e766f00/attachment.sig>

From guninski at guninski.com  Wed Oct  8 08:15:32 2014
From: guninski at guninski.com (Georgi Guninski)
Date: Wed, 8 Oct 2014 18:15:32 +0300
Subject: State Hash
In-Reply-To: <2539226.5LNr3qzgvX@lapuntu>
References: <E1Xbpt3-0003FU-2x@elasmtp-dupuy.atl.sa.earthlink.net>
 <2539226.5LNr3qzgvX@lapuntu>
Message-ID: <20141008151532.GA2468@sivokote.iziade.m$>

On Wed, Oct 08, 2014 at 04:05:14PM +0200, rysiek wrote:
> Dnia środa, 8 października 2014 07:59:36 John Young pisze:
> > http://sphincs.cr.yp.to/
> > 
> > Special note to law-enforcement agents: The word "state" is
> > a technical term in cryptography. Typical hash-based signature
> > schemes need to record information, called "state", after every
> > signature. Google's Adam Langley refers to this as a "huge
> > foot-cannon" from a security perspective. By saying "eliminate
> > the state" we are advocating a security improvement, namely
> > adopting signature schemes that do not need to record information
> > after every signature. We are not talking about eliminating other
> > types of states. We love most states, especially yours! Also,
> > "hash" is another technical term and has nothing to do with cannabis.
> 
> This... has to be some elaborate joke.
> 
> -- 
> Pozdr
> rysiek

djb is getting better at trolling ;)

from TFA: "2^128 security even against attackers equipped
with quantum computers".

wouldn't bet much money on this. 

first, it is not known if P=NP (someone wrongly claimed in
this case "everyone will be composer". certainly
sufficiently high degree algorithm won't help at all).

second, it is not known even if P ≠ NP, can a sufficiently
powerful quantum computer solve SAT efficiently? -- if the 
answer is ``yes'' djb & co fail.

not to mention that if djb is using "qmail + csh",
"Shock-See-Shell" will screw him beyond crypto.

-- 
cheers




From guninski at guninski.com  Wed Oct  8 08:59:29 2014
From: guninski at guninski.com (Georgi Guninski)
Date: Wed, 8 Oct 2014 18:59:29 +0300
Subject: State Hash
In-Reply-To: <20141008154820.GA596@antiproton.jfet.org>
References: <E1Xbpt3-0003FU-2x@elasmtp-dupuy.atl.sa.earthlink.net>
 <2539226.5LNr3qzgvX@lapuntu>
 <20141008151532.GA2468@sivokote.iziade.m$>
 <20141008154820.GA596@antiproton.jfet.org>
Message-ID: <20141008155929.GB2468@sivokote.iziade.m$>

On Wed, Oct 08, 2014 at 11:48:20AM -0400, Riad S. Wahby wrote:
> Georgi Guninski <guninski at guninski.com> wrote:
> > second, it is not known even if P ≠ NP, can a sufficiently
> > powerful quantum computer solve SAT efficiently? -- if the 
> > answer is ``yes'' djb & co fail.
> 
> And yet a quantum computer efficiently solving SAT would be
> substantially more surprising than P=NP!
> 

ok, this is the popular scientific opinion, i am noob at
complexity theory.

just to point out that if a deity offers me crypto stuff 
that is breakable in polynomial time, but provably not less
than say O(n^1000), i wouldn't care about P vs NP and will
choose $n$ large enough, might be wrong.


> Quantum computation is not magic; the limits of quantum mechanics
> already imply relatively strong lower bounds for quantum hash
> collision search.
> 
> -=rsw




From coderman at gmail.com  Wed Oct  8 19:07:54 2014
From: coderman at gmail.com (coderman)
Date: Wed, 8 Oct 2014 19:07:54 -0700
Subject: [cryptome] State Hash (see SPHINCS: practical stateless
 hash-based signatures)
Message-ID: <CAJVRA1RKDdDupvp0nLxqhN1FBNL9SnrRJnPNcJy1LE5bTFDigg@mail.gmail.com>

On 10/8/14, Aftermath <aftermath.thegreat at gmail.com> wrote:
> english is such a funny language

perhaps the best language to be funny, ;P

strong post-quantum signatures certainly celestial; a bit big, but hey...

head of class! avoids NTRU concerns. still no NTRU-Prime. i suppose if
i pester djb for minimal privacy by default (httpS://*..cr.yp.to/) i
can't also beg for post-quantum schemes and NEON acceleration for all
ciphers and signatures. *grin*


best regards,




From ryacko at gmail.com  Thu Oct  9 08:44:40 2014
From: ryacko at gmail.com (Ryan Carboni)
Date: Thu, 9 Oct 2014 08:44:40 -0700
Subject: FOIA Backlog for State reaches one year even if you were to double
 their staff
Message-ID: <CAO7N=i3RYHJP3AUN9_0+Q48h8TP5g-Nj5rzXmaCNgF9KODr5RQ@mail.gmail.com>

FOIA Backlog for State reaches one year even if you were to double their
staff

http://foia.state.gov/Learn/Reports/Quarterly/FY2014Q3.pdf
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 243 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141009/4eb96716/attachment.txt>

From eugen at leitl.org  Thu Oct  9 05:11:33 2014
From: eugen at leitl.org (Eugen Leitl)
Date: Thu, 9 Oct 2014 14:11:33 +0200
Subject: outernet.is
Message-ID: <20141009121133.GB10467@leitl.org>


It seems the project is picking up steam, and got mentioned
in

http://www.heise.de/newsticker/meldung/Nanosatelliten-umgehen-Internet-Zensur-2403334.html

http://www.heise.de/tr/artikel/Nanosatelliten-umgehen-Internet-Zensur-2356951.html

</kraut>




From zooko at leastauthority.com  Thu Oct  9 11:12:39 2014
From: zooko at leastauthority.com (Zooko Wilcox-OHearn)
Date: Thu, 9 Oct 2014 18:12:39 +0000
Subject: Tesla Coils & Corpses, 2014-10-09 — the DOOM and GLOOM Edition
Message-ID: <CAM_a8Jy=GrtS+d99Z0-QL__r17F_LKbg7xTVv2siv24rOfFGzA@mail.gmail.com>

.. -*- coding: utf-8-with-signature-unix; fill-column: 73; -*-

Tahoe-LAFS Tesla Coils & Corpses, 2014-10-08
============================================

The DOOM and GLOOM Edition

Daira, Zooko (scribe), Nathan, Andrew (lurker), Za (briefly)

[Disclaimer: this is pretty much all just Zooko's rant that he typed
in during the meeting, and doesn't reflect anyone else's opinions very
much.]

We all sat around reading http://eprint.iacr.org/2014/452.pdf .

Then Nathan and Zooko got distracted by wondering about basic attack
incentives in Bitcoin…

Zooko used to think that block rewards and transaction fees deterred
roll-back attack, thus making transactions safer when the rewards and
fees were higher. But, maybe that's actually incorrect.

There are (at least) two cases to consider: 1. no actor controls ≥ 51%
of the hashpower, and 2. an actor controls ≥ 51% of the
hashpower. Here's the surprising fact about case 2: block rewards do
not incentivize such an actor to cooperate with the protocol, and
transaction fees incentivize that actor to defect (i.e. to attack)!

First look at the block rewards. As an actor who controls 51% of the
hashpower, you have the choice of either cooperating with the protocol
(mining atop the current longest known chain) or defecting (mining
atop a secret alternate chain and then later revealing it in order to
supplant the shorter public consensus chain).

If you cooperate, then over the next 100 blocks on the public
consensus change (the next 1000 minutes), you'll get 51 (on average)
of the block rewards. If you defect, then over the next 51 blocks on
your secret chain, which is simultaneous with the next 49 blocks on
the public chain (i.e. the next 1000 minutes), you'll get exactly 51
of the block rewards!

So block rewards do not actually incentivize an actor who controls ≥
51% of the power to cooperate.

(Also, if you cooperate then other people will get 49 block rewards,
but if you defect then other people will get 0. That's an incentive to
defect, but a very small one.)

Next look at the transaction fees. If you cooperate, then you'll get
(on average) 51% of the transaction fees that get posted over the next
1000 minutes. If you defect you'll get 100% of the transaction
fees. So transaction fees incentivize you to defect!

In addition to the consequences of reward, and of fees, of course,
there is also the benefit of double-spending, which is an additional
incentive to defect.

What does this mean? Does it mean that Bitcoin is broken? One
interpretation of the above in light of the fact that Bitcoin has
never yet been rolled-back is that Bitcoin is designed to avoid any
one actor gaining ≥ 51% (case 1 above), but that it breaks badly if
that fails (case 2 above).

Another way to interpret it is to say, well, there's another incentive
overlooked in the analysis of case 2, above, which is the value of
Bitcoin. If you are an actor who controls ≥ 51% of the power, then one
consequence of launching a large attack (such as a 49-block rollback)
would be a crash in the price of Bitcoin in terms of other currencies
(e.g. US Dollars). Would that disincentivize you from performing the
attack?

Well, there are two ways that you might be committed to the value of
Bitcoin: by holding the currency yourself or by investing in mining
capital. The former is probably not a big incentive on you as a
would-be attacker, because you can sell your Bitcoin holdings. You
have an advantage over all other traders in terms of knowledge here,
and your sell orders might even be able to race ahead of the
news/realization of what has happened.

In addition, if you can effectively short Bitcoin, then the opposite
incentive applies — the fact that the price of Bitcoin would crash is
an added incentive for you to perform the attack.

The other incentive would be if you have invested in Bitcoin mining
capital, and the product of that capital will be worth less if the
price of Bitcoin goes down. I think this is a real deterrent — the
first real incentive that I've found, in this rant, for a
51%-controller to cooperate!

One interpretation of that is that Bitcoin says “Oh, you've gained a
massive amount of mining power? That means you have the ability to
destroy the currency, and you have a monetary incentive to do so. But,
we'll give you a steady transfer of value from all current holders of
Bitcoin to you (i.e. the block reward) from now on, so that you will
choose not to do that because you anticipate future transfers of
Bitcoin value from others to you.”

That sounds kind of ugly — it sounds more like you've become an
effective rent-extractor than that you are providing any ongoing value
to anyone in return for the ongoing transfer from the public to you.

Another concern I (Zooko) have is: what if the controller of the
mining capital isn't the owner of the mining capital? Suppose you've
illicitly taken over two large mining operations, so that now you
temporarily control ≥ 51% of all of the Bitcoin the mining power. The
legitimate owners of the mining operations will probably eventually
discover your incursion and retake control of their capital. One
option you have is to go ahead and perform a massive rollback attack,
earning earning ⓑ from rewards, fees, short-sales, and double-spends,
and selling all of your newly acquired ⓑ as fast as possible because
you expect a massive price crash.


The end

P.S. Daira actually appears to have spent the whole meeting reading
the paper, so maybe she learned something entirely different from
Zooko's doom and gloom rant.


-- 
Regards,

Zooko Wilcox-O'Hearn

Founder, CEO, and Customer Support Rep
https://LeastAuthority.com
Freedom matters.
_______________________________________________
tahoe-dev mailing list
tahoe-dev at tahoe-lafs.org
https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev

----- End forwarded message -----




From demonfighter at gmail.com  Thu Oct  9 17:24:44 2014
From: demonfighter at gmail.com (Steve Furlong)
Date: Thu, 9 Oct 2014 20:24:44 -0400
Subject: Cryptography, backdoors and the Second Amendment
In-Reply-To: <1412897789.3376891.177247101.2F9CFC02@webmail.messagingengine.com>
References: <1412897789.3376891.177247101.2F9CFC02@webmail.messagingengine.com>
Message-ID: <CAOFDsm1DEfqenhuiPuoygJY4wzpYbFrgV96nSbrOpm2K9b4=sg@mail.gmail.com>

On Thu, Oct 9, 2014 at 7:36 PM, Alfie John <alfiej at fastmail.fm> wrote:

> As the US State Department classifies cryptography as a munition,
> shouldn't the use of cryptography be protected under the 2nd Amendment?

You're expecting consistency, logic, or even honesty from a government?
Your naivete is so /cute/!


-- 
Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 667 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141009/21b4381c/attachment.txt>

From alfiej at fastmail.fm  Thu Oct  9 16:36:29 2014
From: alfiej at fastmail.fm (Alfie John)
Date: Fri, 10 Oct 2014 00:36:29 +0100
Subject: Cryptography, backdoors and the Second Amendment
Message-ID: <1412897789.3376891.177247101.2F9CFC02@webmail.messagingengine.com>

After the Apple encryption announcement, we had the usual pundits bring
up the Four Horsemen of the Infocalypse [1]:

  "Attorney General Eric Holder, the US top law enforcement official,
  said it is "worrisome" that tech companies are providing default
  encryption on consumer electronics. Locking the authorities out of
  being able to physically access the contents of devices puts children
  at risk, he said.

  ...

  Holder said he wants a backdoor to defeat encryption. He urged the
  tech sector "to work with us to ensure that law enforcement retains
  the ability, with court-authorization, to lawfully obtain information
  in the course of an investigation, such as catching kidnappers and
  sexual predators."

After reading Keybase cofounder Chris Coyne's response to the backdoor
nonsense, it got me thinking about cryptography and the Second
Amendment:

  "A well regulated militia being necessary to the security of a free
  state, the right of the people to keep and bear arms shall not be
  infringed."

As the US State Department classifies cryptography as a munition,
shouldn't the use of cryptography be protected under the 2nd Amendment?
If so, as the NSA continues its concerted effort to cripple encryption
by providers [3] [4], shouldn't this be seen as the equivalent of the
Department of Justice colluding with Smith & Wesson to manufacture guns
that don't shoot straight and bullets that don't fire?

Alfie

[1]
http://arstechnica.com/tech-policy/2014/10/us-top-cop-decries-encryption-demands-backdoors/
[2] https://keybase.io/blog/2014-10-08/the-horror-of-a-secure-golden-key
[3]
http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security
[4] http://www.mail-archive.com/cryptography at metzdowd.com/msg12325.html

-- 
  Alfie John
  alfiej at fastmail.fm




From alfiej at fastmail.fm  Thu Oct  9 19:07:38 2014
From: alfiej at fastmail.fm (Alfie John)
Date: Fri, 10 Oct 2014 03:07:38 +0100
Subject: Cryptography, backdoors and the Second Amendment
In-Reply-To: <alpine.DEB.2.02.1410100438260.13501@lakka.kapsi.fi>
References: <1412897789.3376891.177247101.2F9CFC02@webmail.messagingengine.com>
 <CAOFDsm1DEfqenhuiPuoygJY4wzpYbFrgV96nSbrOpm2K9b4=sg@mail.gmail.com>
 <alpine.DEB.2.02.1410100438260.13501@lakka.kapsi.fi>
Message-ID: <1412906858.1238659.177292229.6E67D70E@webmail.messagingengine.com>

On Fri, Oct 10, 2014, at 02:49 AM, Sampo Syreeni wrote:
> So, then, as it's basically a valid argument, how about taking its 
> contraposition? "As we then already know crypto is right, and it'ss used 
> by precisely the right, righteous people all round, should it not be the 
> case those who make a claim against are simply wrong."
> 
> Should it not in fact be, that making a case against free crypto should 
> be taken as a prima facie case of the speaker being a fascist, against 
> democracy, a luddite, and an all-round bad guy? Out to get immortalized 
> as the next Hitler?

Yes, that was my entire point.

Alfie

-- 
  Alfie John
  alfiej at fastmail.fm




From decoy at iki.fi  Thu Oct  9 18:49:13 2014
From: decoy at iki.fi (Sampo Syreeni)
Date: Fri, 10 Oct 2014 04:49:13 +0300 (EEST)
Subject: Cryptography, backdoors and the Second Amendment
In-Reply-To: <CAOFDsm1DEfqenhuiPuoygJY4wzpYbFrgV96nSbrOpm2K9b4=sg@mail.gmail.com>
References: <1412897789.3376891.177247101.2F9CFC02@webmail.messagingengine.com>
 <CAOFDsm1DEfqenhuiPuoygJY4wzpYbFrgV96nSbrOpm2K9b4=sg@mail.gmail.com>
Message-ID: <alpine.DEB.2.02.1410100438260.13501@lakka.kapsi.fi>

On 2014-10-09, Steve Furlong wrote:

>> As the US State Department classifies cryptography as a munition, 
>> shouldn't the use of cryptography be protected under the 2nd 
>> Amendment?
> 
> You're expecting consistency, logic, or even honesty from a 
> government? Your naivete is so /cute/!

So is yours: obviously you can *have* and *use* it, it's just that you 
can't *export* it to the *terrorists* and the rest of the bad people who 
aren't you.

Perfectly consistent. Of course perfectly fucked up from the viewpoint 
of a foreign libertarian like me as well. But it really is fully 
consistent, and it was so from the very start, right downto the basic 
classical liberal ideology I as well share: "there is only one correct 
law, it is universal, if you don't share it then you haven't Been 
Enlightened yet, and thus we for very good reason don't Mind you too 
much". "Till you join our movement of universal rationality..."

So, then, as it's basically a valid argument, how about taking its 
contraposition? "As we then already know crypto is right, and it'ss used 
by precisely the right, righteous people all round, should it not be the 
case those who make a claim against are simply wrong."

Should it not in fact be, that making a case against free crypto should 
be taken as a prima facie case of the speaker being a fascist, against 
democracy, a luddite, and an all-round bad guy? Out to get immortalized 
as the next Hitler?
-- 
Sampo Syreeni, aka decoy - decoy at iki.fi, http://decoy.iki.fi/front
+358-40-3255353, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2




From cpunks at martin-studio.com  Fri Oct 10 07:47:18 2014
From: cpunks at martin-studio.com (Anthony Martin)
Date: Fri, 10 Oct 2014 07:47:18 -0700
Subject: =?UTF-8?Q?Re=3A_Tesla_Coils_=26_Corpses=2C_2014=2D10=2D09_=E2=80=94_the_DOOM_a?=
 =?UTF-8?Q?nd_GLOOM_Edition?=
In-Reply-To: <20141010130036.GD10467@leitl.org>
References: <20141010130036.GD10467@leitl.org>
Message-ID: <CAGJCD36biYDPxrh9OVbQrSUTa0Fmguq+FUrfs=75b1bR+eDwkg@mail.gmail.com>

>mfw, not worried

On Friday, October 10, 2014, Eugen Leitl <eugen at leitl.org> wrote:

> ----- Forwarded message from Zooko Wilcox-OHearn <zooko at leastauthority.com
> <javascript:;>> -----
>
> Date: Thu, 9 Oct 2014 18:12:39 +0000
> From: Zooko Wilcox-OHearn <zooko at leastauthority.com <javascript:;>>
> To: Tahoe-LAFS development <tahoe-dev at tahoe-lafs.org <javascript:;>>
> Subject: Tesla Coils & Corpses, 2014-10-09 — the DOOM and GLOOM Edition
> Message-ID: <CAM_a8Jy=
> GrtS+d99Z0-QL__r17F_LKbg7xTVv2siv24rOfFGzA at mail.gmail.com <javascript:;>>
>
> .. -*- coding: utf-8-with-signature-unix; fill-column: 73; -*-
>
> Tahoe-LAFS Tesla Coils & Corpses, 2014-10-08
> ============================================
>
> The DOOM and GLOOM Edition
>
> Daira, Zooko (scribe), Nathan, Andrew (lurker), Za (briefly)
>
> [Disclaimer: this is pretty much all just Zooko's rant that he typed
> in during the meeting, and doesn't reflect anyone else's opinions very
> much.]
>
> We all sat around reading http://eprint.iacr.org/2014/452.pdf .
>
> Then Nathan and Zooko got distracted by wondering about basic attack
> incentives in Bitcoin…
>
> Zooko used to think that block rewards and transaction fees deterred
> roll-back attack, thus making transactions safer when the rewards and
> fees were higher. But, maybe that's actually incorrect.
>
> There are (at least) two cases to consider: 1. no actor controls ≥ 51%
> of the hashpower, and 2. an actor controls ≥ 51% of the
> hashpower. Here's the surprising fact about case 2: block rewards do
> not incentivize such an actor to cooperate with the protocol, and
> transaction fees incentivize that actor to defect (i.e. to attack)!
>
> First look at the block rewards. As an actor who controls 51% of the
> hashpower, you have the choice of either cooperating with the protocol
> (mining atop the current longest known chain) or defecting (mining
> atop a secret alternate chain and then later revealing it in order to
> supplant the shorter public consensus chain).
>
> If you cooperate, then over the next 100 blocks on the public
> consensus change (the next 1000 minutes), you'll get 51 (on average)
> of the block rewards. If you defect, then over the next 51 blocks on
> your secret chain, which is simultaneous with the next 49 blocks on
> the public chain (i.e. the next 1000 minutes), you'll get exactly 51
> of the block rewards!
>
> So block rewards do not actually incentivize an actor who controls ≥
> 51% of the power to cooperate.
>
> (Also, if you cooperate then other people will get 49 block rewards,
> but if you defect then other people will get 0. That's an incentive to
> defect, but a very small one.)
>
> Next look at the transaction fees. If you cooperate, then you'll get
> (on average) 51% of the transaction fees that get posted over the next
> 1000 minutes. If you defect you'll get 100% of the transaction
> fees. So transaction fees incentivize you to defect!
>
> In addition to the consequences of reward, and of fees, of course,
> there is also the benefit of double-spending, which is an additional
> incentive to defect.
>
> What does this mean? Does it mean that Bitcoin is broken? One
> interpretation of the above in light of the fact that Bitcoin has
> never yet been rolled-back is that Bitcoin is designed to avoid any
> one actor gaining ≥ 51% (case 1 above), but that it breaks badly if
> that fails (case 2 above).
>
> Another way to interpret it is to say, well, there's another incentive
> overlooked in the analysis of case 2, above, which is the value of
> Bitcoin. If you are an actor who controls ≥ 51% of the power, then one
> consequence of launching a large attack (such as a 49-block rollback)
> would be a crash in the price of Bitcoin in terms of other currencies
> (e.g. US Dollars). Would that disincentivize you from performing the
> attack?
>
> Well, there are two ways that you might be committed to the value of
> Bitcoin: by holding the currency yourself or by investing in mining
> capital. The former is probably not a big incentive on you as a
> would-be attacker, because you can sell your Bitcoin holdings. You
> have an advantage over all other traders in terms of knowledge here,
> and your sell orders might even be able to race ahead of the
> news/realization of what has happened.
>
> In addition, if you can effectively short Bitcoin, then the opposite
> incentive applies — the fact that the price of Bitcoin would crash is
> an added incentive for you to perform the attack.
>
> The other incentive would be if you have invested in Bitcoin mining
> capital, and the product of that capital will be worth less if the
> price of Bitcoin goes down. I think this is a real deterrent — the
> first real incentive that I've found, in this rant, for a
> 51%-controller to cooperate!
>
> One interpretation of that is that Bitcoin says “Oh, you've gained a
> massive amount of mining power? That means you have the ability to
> destroy the currency, and you have a monetary incentive to do so. But,
> we'll give you a steady transfer of value from all current holders of
> Bitcoin to you (i.e. the block reward) from now on, so that you will
> choose not to do that because you anticipate future transfers of
> Bitcoin value from others to you.”
>
> That sounds kind of ugly — it sounds more like you've become an
> effective rent-extractor than that you are providing any ongoing value
> to anyone in return for the ongoing transfer from the public to you.
>
> Another concern I (Zooko) have is: what if the controller of the
> mining capital isn't the owner of the mining capital? Suppose you've
> illicitly taken over two large mining operations, so that now you
> temporarily control ≥ 51% of all of the Bitcoin the mining power. The
> legitimate owners of the mining operations will probably eventually
> discover your incursion and retake control of their capital. One
> option you have is to go ahead and perform a massive rollback attack,
> earning earning ⓑ from rewards, fees, short-sales, and double-spends,
> and selling all of your newly acquired ⓑ as fast as possible because
> you expect a massive price crash.
>
>
> The end
>
> P.S. Daira actually appears to have spent the whole meeting reading
> the paper, so maybe she learned something entirely different from
> Zooko's doom and gloom rant.
>
>
> --
> Regards,
>
> Zooko Wilcox-O'Hearn
>
> Founder, CEO, and Customer Support Rep
> https://LeastAuthority.com
> Freedom matters.
> _______________________________________________
> tahoe-dev mailing list
> tahoe-dev at tahoe-lafs.org <javascript:;>
> https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
>
> ----- End forwarded message -----
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 7963 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141010/d9229f55/attachment.txt>

From eugen at leitl.org  Fri Oct 10 06:00:37 2014
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 10 Oct 2014 15:00:37 +0200
Subject: Tesla Coils & Corpses, =?utf-8?Q?2014-10-0?= =?utf-8?B?OSDigJQ=?=
 the DOOM and GLOOM Edition
Message-ID: <20141010130036.GD10467@leitl.org>

----- Forwarded message from Zooko Wilcox-OHearn <zooko at leastauthority.com> -----


From grarpamp at gmail.com  Fri Oct 10 13:53:43 2014
From: grarpamp at gmail.com (grarpamp)
Date: Fri, 10 Oct 2014 16:53:43 -0400
Subject: [Cryptography] Cryptography, backdoors and the Second Amendment
In-Reply-To: <1412897789.3376891.177247101.2F9CFC02@webmail.messagingengine.com>
References: <1412897789.3376891.177247101.2F9CFC02@webmail.messagingengine.com>
Message-ID: <CAD2Ti2-QDu1rCudB5x6ZeohFJd13gxigY3v=iuH5BSNvwwCjcw@mail.gmail.com>

On Thu, Oct 9, 2014 at 7:36 PM, Alfie John <alfiej at fastmail.fm> wrote:
> After the Apple encryption announcement, we had the usual pundits bring
> up the Four Horsemen of the Infocalypse [1]:
>
>   "Attorney General Eric Holder, the US top law enforcement official,
>   said it is "worrisome" that tech companies are providing default
>   encryption on consumer electronics. Locking the authorities out of
>   being able to physically access the contents of devices puts children
>   at risk, he said.
>
>   ...
>
>   Holder said he wants a backdoor to defeat encryption. He urged the
>   tech sector "to work with us to ensure that law enforcement retains
>   the ability, with court-authorization, to lawfully obtain information
>   in the course of an investigation, such as catching kidnappers and
>   sexual predators."
>
> After reading Keybase cofounder Chris Coyne's response to the backdoor
> nonsense, it got me thinking about cryptography and the Second
> Amendment:
>
>   "A well regulated militia being necessary to the security of a free
>   state, the right of the people to keep and bear arms shall not be
>   infringed."
>
> As the US State Department classifies cryptography as a munition,
> shouldn't the use of cryptography be protected under the 2nd Amendment?

Though it is perhaps helpful for them to make such classification here:
a) that's in regards largely to exports, not internal use
b) the phrase is 'arms shall not', not 'things on our list shall not', so
any such classification list is irrelevent. Ignoring the NBC / large arms
debate, crypto is clearly small arms in this context and thus shall not
be infringed.
Crypto is also clearly necessary to the security of a free people, and thus
of/to the state being of the people. And shy of state failure requiring its use
in support of revolt, crypto is clearly a defensive arm primarily against
encroachment. In current example, mass surveillance, lack of individualized
warrant, abuse of process, abuse of implied right to privacy, of the 1st, 4th
and 5th, etc.

It would certainly be an interesting use/case/argument to explore and test.




From coderman at gmail.com  Fri Oct 10 19:00:18 2014
From: coderman at gmail.com (coderman)
Date: Fri, 10 Oct 2014 19:00:18 -0700
Subject: ECI for bypassing NOFORN
Message-ID: <CAJVRA1RfsBDxKs0ytj47C4V+MB64mn-UUp8X9uvX98tzExej4w@mail.gmail.com>

an interesting tidbit in latest docs,

"WASHBURN - ECI created for use solely with GCHQ to shield GCHQ from
CIA's NOFORN Control Channel"

are there other past incidents of ECI compartments used to bridge over
dissemination controls?




From coderman at gmail.com  Fri Oct 10 20:05:21 2014
From: coderman at gmail.com (coderman)
Date: Fri, 10 Oct 2014 20:05:21 -0700
Subject: ECI PAWLEYS and BULLRUN
Message-ID: <CAJVRA1Tp94kgmQHbHT4w1v_BDFXg_ONQec6zEus29OXbowTk7A@mail.gmail.com>

feeding the BULLRUN:

AMBULANT
APERIODIC
AUNTIE
PAINTEDEAGLE
PAWLEYS
PENDLETON
PIEDMONT
PICARESQUE [PIQ]
PITCHFORD

what else is missing?




From bluelotus at openmailbox.org  Fri Oct 10 18:20:08 2014
From: bluelotus at openmailbox.org (bluelotus at openmailbox.org)
Date: Fri, 10 Oct 2014 21:20:08 -0400
Subject: Corporate undercover nation-state agents
Message-ID: <5308c6d21247c887e0ce6dd63d98c534@openmailbox.org>

https://firstlook.org/theintercept/2014/10/10/core-secrets/

"But the briefing document suggests another category of employees—ones 
who are secretly working for the NSA without anyone else being aware. 
This kind of double game, in which the NSA works with and against its 
corporate partners, already characterizes some of the agency’s work, in 
which information or concessions that it desires are surreptitiously 
acquired if corporations will not voluntarily comply. The reference to 
“under cover” agents jumped out at two security experts who reviewed the 
NSA documents for The Intercept.

“That one bullet point, it’s really strange,” said Matthew Green, a 
cryptographer at Johns Hopkins University. “I don’t know how to 
interpret it.” He added that the cryptography community in America would 
be surprised and upset if it were the case that “people are inside [an 
American] company covertly communicating with NSA and they are not known 
to the company or to their fellow employees.”

The ACLU’s Soghoian said technology executives are already deeply 
concerned about the prospect of clandestine agents on the payroll to 
gain access to highly sensitive data, including encryption keys, that 
could make the NSA’s work “a lot easier.”

“As more and more communications become encrypted, the attraction for 
intelligence agencies of stealing an encryption key becomes 
irresistible,” he said. “It’s such a juicy target.”




From grarpamp at gmail.com  Fri Oct 10 20:56:47 2014
From: grarpamp at gmail.com (grarpamp)
Date: Fri, 10 Oct 2014 23:56:47 -0400
Subject: Crypto mechanics in ios8 and android L
Message-ID: <CAD2Ti2_V1cPeSmZs8a=8akb0D+aNqMzHf4byE3vwAtSmDuV1WA@mail.gmail.com>

http://blog.cryptographyengineering.com/2014/10/why-cant-apple-decrypt-your-iphone.html
http://nelenkov.blogspot.com/2014/10/revisiting-android-disk-encryption.html

That's the frontdoor. Baseband's still present and wide open. Thus
consider a non-cell device (a pad/laptop) tethered to cell hotspot
or another phone to provide mobile wifi voice/data (IP) to the device.

Is connecting to a cell hotspot or another phone to use the native
cell voice/data (cell) of the cell network even possible?

ie: You can drive a phone's sms over it's usb port. But that's just
sms, not cell voice or cell IP.




From carimachet at gmail.com  Sat Oct 11 01:02:18 2014
From: carimachet at gmail.com (Cari Machet)
Date: Sat, 11 Oct 2014 10:02:18 +0200
Subject: Corporate undercover nation-state agents
In-Reply-To: <5308c6d21247c887e0ce6dd63d98c534@openmailbox.org>
References: <5308c6d21247c887e0ce6dd63d98c534@openmailbox.org>
Message-ID: <CAGRDzQW5mHF45gkOgn-QHKO_CSaTcujNjqZyv1xdJ5dBUQpOJg@mail.gmail.com>

this is old news and fuck firstlook fucking ebay paypal pierre is a super
fucking neo-liberal capitalist pig that prosecuted the paypal14 asked for
millions in reparations he is a corporate warmonger

On Sat, Oct 11, 2014 at 3:20 AM, <bluelotus at openmailbox.org> wrote:

> https://firstlook.org/theintercept/2014/10/10/core-secrets/
>
> "But the briefing document suggests another category of employees--ones who
> are secretly working for the NSA without anyone else being aware. This kind
> of double game, in which the NSA works with and against its corporate
> partners, already characterizes some of the agency's work, in which
> information or concessions that it desires are surreptitiously acquired if
> corporations will not voluntarily comply. The reference to "under cover"
> agents jumped out at two security experts who reviewed the NSA documents
> for The Intercept.
>
> "That one bullet point, it's really strange," said Matthew Green, a
> cryptographer at Johns Hopkins University. "I don't know how to interpret
> it." He added that the cryptography community in America would be surprised
> and upset if it were the case that "people are inside [an American] company
> covertly communicating with NSA and they are not known to the company or to
> their fellow employees."
>
> The ACLU's Soghoian said technology executives are already deeply
> concerned about the prospect of clandestine agents on the payroll to gain
> access to highly sensitive data, including encryption keys, that could make
> the NSA's work "a lot easier."
>
> "As more and more communications become encrypted, the attraction for
> intelligence agencies of stealing an encryption key becomes irresistible,"
> he said. "It's such a juicy target."
>
>


-- 
Cari Machet
NYC 646-436-7795
carimachet at gmail.com
AIM carismachet
Syria +963-099 277 3243
Amman +962 077 636 9407
Berlin +49 152 11779219
Reykjavik +354 894 8650
Twitter: @carimachet <https://twitter.com/carimachet>

7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187

Ruh-roh, this is now necessary: This email is intended only for the
addressee(s) and may contain confidential information. If you are not the
intended recipient, you are hereby notified that any use of this
information, dissemination, distribution, or copying of this email without
permission is strictly prohibited.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3119 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141011/87991003/attachment.txt>

From l at odewijk.nl  Sat Oct 11 04:05:18 2014
From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=)
Date: Sat, 11 Oct 2014 13:05:18 +0200
Subject: Cryptography, backdoors and the Second Amendment
In-Reply-To: <1412897789.3376891.177247101.2F9CFC02@webmail.messagingengine.com>
References: <1412897789.3376891.177247101.2F9CFC02@webmail.messagingengine.com>
Message-ID: <CAHWD2rJdyi-yYepVOo+kVGMv=jcDXoizWHxSv_We8m+HG-tR8Q@mail.gmail.com>

It sure should be seen as a second amendment thing.

Although, so should drones and heavy weapons. A revolution is impossible
for the US citizens, so there's not much point.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 211 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141011/020dd427/attachment.txt>

From l at odewijk.nl  Sat Oct 11 19:28:43 2014
From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=)
Date: Sun, 12 Oct 2014 04:28:43 +0200
Subject: [Cryptography] Cryptography, backdoors and the Second Amendment
In-Reply-To: <1413045624.7378.97.camel@demonking>
References: <1412897789.3376891.177247101.2F9CFC02@webmail.messagingengine.com>
 <1413045624.7378.97.camel@demonking>
Message-ID: <CAHWD2r+e21VgwiABsJckHvKzGmpPTSEH0a6feespnSqDwZqBYg@mail.gmail.com>

On Oct 11, 2014 7:55 PM, "Benjamin Kreuter" <brk7bx at virginia.edu> wrote:
>
> On Fri, 2014-10-10 at 00:36 +0100, Alfie John wrote:
>
> > As the US State Department classifies cryptography as a munition,
> > shouldn't the use of cryptography be protected under the 2nd Amendment?
>
> 1. The second amendment is not without limits.  You cannot possess a
> machine gun without a license, for example.  The second amendment is not
> a free pass to possess or distribute arms.

I never understood this though! Doesn't it significantly weaken the second
amendment? What could weigh up to constitutional values, and who is
authorized to judge? Please don't say politicians...

> 2. The classification is only relevant for exporting a product from the
> USA.  Nothing stops you from possessing or distributing cryptography
> within the US.

Which is probably the only reason for the classification anyway (that and
how useful it is!).

> Really though, that classification is an anachronism that predates PCs
> and the Internet.  Instead of invoking it (which is a kind of
> endorsement), we should be trying to get rid of it entirely.  We need to
> make the case that cryptography is not some kind of military device, but
> a necessity in a computerized society as a low-cost safeguard against
> various abuses and crimes.  Calling cryptography "munitions" is as
> absurd as calling combination locks "munitions," and that point needs to
> be driven home.

It makes little difference. This is about current law. I'm sure the world
would be a better place if we left it to the right people, but who could
the right people be?

> > If so, as the NSA continues its concerted effort to cripple encryption
> > by providers [3] [4], shouldn't this be seen as the equivalent of the
> > Department of Justice colluding with Smith & Wesson to manufacture guns
> > that don't shoot straight and bullets that don't fire?
>
> What makes you think that laws matter when it comes to the NSA?

So, is there an accuracy difference in military and non military S&M
weapons?

> They openly ignored a court order, and nothing happened.  Their leadership
> lied to Congress, and nothing happened.  They have conspired with
> federal, state, and even local police forces and prosecutors to break
> the law, and nothing happened.  Lawsuits are shut down in the name of
> secrecy.

It's probable they had a very serious internal discussion about these
things. I also suspect many others wanted to affect change but that they
found things became very hard for them from that point forward. (Please,
someone get this reference!)

> We are past the point of legal arguments.  We should think of the NSA as
> we would think of the Chinese government: big, scary, actively working
> to subvert computer security, and beyond the reach of the law.

For me it's both foreign superpowers with nukes and a lot of people
beleving in very self-justified governments. Although, that's the US and
China, not the NSA seperately.

Thing is, the NSA is just another program on USGOV payroll. Theoretically
democratic parts of the government can indeed shut it down. I just think
the NSA is too influential and self-serving to let that happen. Which sort
of means the NSA runs the nation. But, of course, that's a carefully
curated image that may be a total fiction.

So, should we treat them as a theoretical adversary and move on? Advocate
against them at every opportunity, but just, move on?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 4047 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141012/68610e44/attachment.txt>

From coderman at gmail.com  Sun Oct 12 16:43:34 2014
From: coderman at gmail.com (coderman)
Date: Sun, 12 Oct 2014 16:43:34 -0700
Subject: Corporate undercover nation-state agents
In-Reply-To: <CAGRDzQW5mHF45gkOgn-QHKO_CSaTcujNjqZyv1xdJ5dBUQpOJg@mail.gmail.com>
References: <5308c6d21247c887e0ce6dd63d98c534@openmailbox.org>
 <CAGRDzQW5mHF45gkOgn-QHKO_CSaTcujNjqZyv1xdJ5dBUQpOJg@mail.gmail.com>
Message-ID: <CAJVRA1TFJw2UqxZhKHh6mz9YEtP5vzipO+P+UvKfZG8+u=wp=w@mail.gmail.com>

On 10/11/14, Cari Machet <carimachet at gmail.com> wrote:
> this is old news and fuck firstlook fucking ebay paypal pierre is a super
> fucking neo-liberal capitalist pig that prosecuted the paypal14 asked for
> millions in reparations he is a corporate warmonger


i hear weev likes the guy,
  http://cryptome.org/2014/10/haefer-auernheimer.jpg

my likes can be had for a modest $1,000,000,000 USD.  step right up!

see also: https://www.youtube.com/watch?v=A-Vmhih9x74&feature=youtu.be
"The Hacker Wars"


best regards,




From coderman at gmail.com  Sun Oct 12 17:03:44 2014
From: coderman at gmail.com (coderman)
Date: Sun, 12 Oct 2014 17:03:44 -0700
Subject: RC4 Forevar! [was: RC4 is dangerous in ways not yet known - heads up
 on near injection WPA2 downgrade to TKIP RC4]
Message-ID: <CAJVRA1QbVP_GQVcB0obcWz-wcfAyo0qTrwB0a2Mp6aW5rETuFQ@mail.gmail.com>

On 9/22/14, coderman <coderman at gmail.com> wrote:
> ...
>> Please elaborate.  TKIP has not been identified as a ‘active attack’
>> vector.

hi nymble,

it appears no one cares about downgrade attacks, like no one cares
about MitM (see mobile apps and software update mechanisms). [0]



> to be specific about the problems, in case not concise enough above:
> 0. lack of a way to enforce TKIP disable.
> 1. lack of visual signal of TKIP downgraded security in WPA2 to users.
> 2. insult to injury with "unspecified" bozofail TKIP transition to ON
> flaws in some hw.

i would like to clarify that #0 is a driver domain behavior, your
"suggestions" from userspace via wpa-supplicant are meaningless
against the motivated.

also, the definitive paper at http://www.isg.rhul.ac.uk/tls/ still
insists, "For WPA/TKIP, the only reasonable countermeasure is to
upgrade to WPA2." which is either incompetently incorrect, or
intentional indirection.

best regards,



0. "no one cares" - this is not strictly true; people care a bit more
if you have done significant and detailed analysis of the sort that
eats lives by the quarter-year. i have long since quit giving freebies
freely, and instead pick my disclosures carefully with significant
limitations.

perhaps i should re-state: "no one working in the public interest
cares". there is a roaring business for silence and proprietary
development, and these people care quite a bit.




From coderman at gmail.com  Sun Oct 12 17:35:15 2014
From: coderman at gmail.com (coderman)
Date: Sun, 12 Oct 2014 17:35:15 -0700
Subject: Insecurity Forevar! [was: Mu [prior to that: How worse is the
 Shellshock bash bug than Heartbleed?]]
Message-ID: <CAJVRA1ShZAD6aOd2fR29br9s8yfB=gO+BazX-XXc0fSxgLAWhA@mail.gmail.com>

On 10/5/14, Georgi Guninski <guninski at guninski.com> wrote:
> ...
> ok, i won't argue :)


one last beating of this dead horse:

"The recommended practice of blowing away the environment before
calling a shell goes back to Garfinkel & Spafford's 1991 seminal
Practical Unix Security (or at least the 1996 2nd ed., Practical Unix
& Internet Security). It's in there TWICE it is so basic."
 - https://docstrange.livejournal.com/95142.html

also relevant,
"Dear clueless assholes: stop bashing bash and GNU... You people are
pieces of shit. I am disgusted..."
 - https://weev.livejournal.com/409835.html

"These bugs that happen, these mistakes in software that lead to
vulnerabilities, they aren’t one-off problems. They’re systemic. There
are patterns to them and patterns to how people take advantage of
them. But it isn’t in any one particular company’s interest to dump a
pile of their own resources into fixing even one of the problems, much
less dump a pile of resources into an engineering effort to fight the
pattern... They’ve got even less incentive to fix entire classes of
vulnerabilities across the board. Same goes for everybody else in the
game... it’s worse than a tragedy of the commons, it’s a race to the
bottom."
 - https://medium.com/message/how-i-explained-heartbleed-to-my-therapist-4c1dbcbe1099




From l at odewijk.nl  Sun Oct 12 09:31:57 2014
From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=)
Date: Sun, 12 Oct 2014 18:31:57 +0200
Subject: [Cryptography] Cryptography, backdoors and the Second Amendment
In-Reply-To: <1413129855.7378.226.camel@demonking>
References: <1412897789.3376891.177247101.2F9CFC02@webmail.messagingengine.com>
 <1413045624.7378.97.camel@demonking>
 <CAHWD2r+e21VgwiABsJckHvKzGmpPTSEH0a6feespnSqDwZqBYg@mail.gmail.com>
 <1413129855.7378.226.camel@demonking>
Message-ID: <CAHWD2rLYZQF-+c0XPy4bpgPUvpW5tXb4_ZhjBXm4s=Ft3rAY3g@mail.gmail.com>

On Oct 12, 2014 6:04 PM, "Benjamin Kreuter" <brk7bx at virginia.edu> wrote:
>
> On Sun, 2014-10-12 at 04:28 +0200, Lodewijk andré de la porte wrote:
> >
> > I never understood this though! Doesn't it significantly weaken the
second
> > amendment? What could weigh up to constitutional values, and who is
> > authorized to judge? Please don't say politicians...
>
> Interpretation is an important component of any law, including the
> constitution.  Laws are not software, courts are not computers, and
> nobody would want to live in a society where the law is completely
> inflexible.  Laws tend to be written non-precisely, and even the bill of
> rights is not so precisely as to require no interpretation at all.

Yes and no, precision of language can be greater and smaller. It's much
overlooked. I find especially computer-related law lacks precision. I also
find that precise law is essential, lest it is not law at all. We also see
that the "intention of the lawmaker" is an important factor.
Finally, we even see laws that depend upon interpretation yet to be given
by judges that may oppose directly. Often we see "fundamental law", eg
human rights, opposing more readily changed law. And the readily changed
law wins easily if polticians interpreted laws in ways that make it simple.

> As for the authority to judge, the answer is that "judges" have that
> authority.  Courts exist to settle disputes about the meaning of the law
> and whether or not it is being followed.  I would say that some kind of
> court system is necessary for the rule of law.

Ah, but that wasn't the question. A judge must always give precedence to
constitutional laws. How could a judge explain the second amendment such
that machine guns could be illegal?

I suspect that ruling should be exceedingly controversial and dangerous.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2131 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141012/551d845c/attachment.txt>

From coderman at gmail.com  Mon Oct 13 06:32:28 2014
From: coderman at gmail.com (coderman)
Date: Mon, 13 Oct 2014 06:32:28 -0700
Subject: caring requires data
In-Reply-To: <543BAC23.2000202@iang.org>
References: <CAJVRA1QbVP_GQVcB0obcWz-wcfAyo0qTrwB0a2Mp6aW5rETuFQ@mail.gmail.com>
 <543BAC23.2000202@iang.org>
Message-ID: <CAJVRA1RwWOnEc5Srug95eEWHpfDw0tU1Cdf7d_SZzC2K1aqVxQ@mail.gmail.com>

On 10/13/14, ianG <iang at iang.org> wrote:
> ...
> No, and I argue that nobody should care about MITM nor downgrade attacks
> nor any other theoretical laboratory thing.  I also argue that people
> shouldn't worry about shark attacks, lightning or wearing body armour
> when shopping.
> ...
> What distinguishes what we should care about and what we shouldn't is
> data.  And analysis of that data.


indeed. thanks for showing me the light, ian!


Q: 'Should I disable Dual_EC_DRBG?'
A: "The data shows zero risk of an attacker compromising the known
vulnerability of a specially seed random number generator. Do not
change; keep using Dual_EC_DRBG!"

Q: 'Should I switch away from 1024 bit strength RSA keys?'
A: "The data shows zero risk of an attacker compromising the known
vulnerability of a insufficiently large RSA key as the cost is
prohibitive and no publicly demonstrated device exists. Do not change
to larger keys; keep using 1024 bit RSA!"

Q: 'Should I worry about the auto-update behavior of my devices or computers?'
A: "The data shows minimal risk of an attacker compromising your
systems via this method. Don't bother changing your vulnerable auto
update any where any time any how; you're probably safe!"


it's all so easy now... :)




From coderman at gmail.com  Mon Oct 13 06:39:55 2014
From: coderman at gmail.com (coderman)
Date: Mon, 13 Oct 2014 06:39:55 -0700
Subject: Activism questions, please reply to thread by e-mail or if you
 prefer by bitmessage [included]
In-Reply-To: <7942084.8zhfyh9Mly@lapuntu>
References: <e9cf76290ff3454e2a1581fe7eadee24@riseup.net>
 <7942084.8zhfyh9Mly@lapuntu>
Message-ID: <CAJVRA1Q+Y2Mn0OM8jnxr_wks+6dAo_qhiNDsNcqihB6TZskixQ@mail.gmail.com>

On 10/13/14, rysiek <rysiek at hackerspace.pl> wrote:
> ...
> Welp, not much answers I guess. I had a problem with distilling mine. I am
> not sure a fast would send a signal strong enough for it to matter and be worth
> the suffering, but I hope I am wrong.

a fast of three days or more recharges the immune system.

a well functioning immune system leads to better health.

a healthy cypherpunk can write more code.

thus, a periodic fast of three days or so is useful.


however, too frequent a fast will interfere with cypherpunk brain
function, and lead to less code. and should thus be avoided.


best regards,




From coderman at gmail.com  Mon Oct 13 08:45:25 2014
From: coderman at gmail.com (coderman)
Date: Mon, 13 Oct 2014 08:45:25 -0700
Subject: caring harder requires solving once for the most demanding threat
 model, to the benefit of all lesser models
Message-ID: <CAJVRA1R+ESe5C0Rh5z7_8RpVnOEPvhoc4v=3T_6+c+Pt9AvovA@mail.gmail.com>

On 10/13/14, ianG <iang at iang.org> wrote:
> ...
> your welcome ;-)

a considered and insightful response to my saber rattling diatribe.

i owe you a beer, sir!



> Ah well, there is another rule we should always bring remember:
>
>      Do not use known-crap crypto.
>
> Dual_EC_DRBG is an example of a crap RNG.  For which we have data going
> back to 2006 showing it is a bad design.

let's try another example: Intel RDRAND or RDSEED.  depend on it as
the sole source of entropy?

in theory, the only attacks that would allow to manipulate the output
are outside scope. (e.g. the data shows them as nation state level
hypothetical)

is "depending on a single entropy source" the "known-crap" part? or is
it the un-verifiable output of this specific source that is
"known-crap"?

(or am i overreaching, and you advocate direct and sole use of RDRAND
everywhere? :)



> Others in this category include:  RC4, DES, MD5, various wifi junk
> protocols, etc.

if RC4 is known-crap, then how is a downgrade to known-crap not a problem?



>> Q: 'Should I switch away from 1024 bit strength RSA keys?'
>
> I agree with that, and I'm on record for it in the print media.  I am
> not part of the NIST lemmings craze.
>
> So, assuming you think I'm crazy, let's postulate that the NSA has a box
> that can crunch a 1024 key in a day.  What's the risk?
> ...
> WYTM?  The world that is concerned about the NSA is terrified of open
> surveillance.  RSA1024 kills open surveillance dead.

consider a service provider that i use, like Google, with a
hypothetical 1024 bit RSA key to secure TLS. they don't use forward
secrecy, so recovery of their private key can recover content.

what is the risk that a Google-like provider key could be attacked? i
have no idea.  but certainly more than my risk as a single individual.

regarding open surveillance, this is a potential mechanism for it
despite the appearance of privacy.

at what point does an insufficient key length become "known-crap" vs.
needless lemming craziness?

said another way, "the data" is only useful if you or those you trust
is not an outlier.  in addition, "the data" is only retrospective; by
definition class breaks and novel attacks are not worth considering
until they become known and used.  does the difficulty in migrating
away from a new-known-crap mistake factor into how you draw the line?



> Actually, I thought there was data on this which shows that auto-update
> keeps devices more secure, suffer less problems.  I think Microsoft have
> published on this, anyone care to comment?

microsoft updates are not the standard upon which to measure all
application updates. the vast majority don't check certificates or
secure digests at all, hence the hundreds of vectors in evilgrade that
provide a seamless path from MitM at coffee shop to administrator on
your laptop.

is the "not using crypto" or "not using crypto right" parts the
"known-crap" piece of this equation?

is the MitM or DNS poison dependency "low risk" enough per the data
that the "known crap" of the update itself no longer matters?


---


thank you taking the time to address these points in depth so that i
can better understand your reasoning.

this is an interesting discussion because i arrived at the opposite
conclusion: given the reasonableness of long keys and secure designs,
and in view of ever improving attacks, the best course of action is to
solve _once_ for the hardest threat model, so that you don't rely on
past indicators to predict future security and all lesser threat
models can benefit from the protection provided.

i dream of a future where the sudden development of very many qubit
computers does not cause a panic to replace key infrastructure or
generate new keys. where the protocols have only one mode, and it is
secure. where applications don't need to be updated frequently for
security reasons. where entire classes of vulnerabilities don't exist.

in short, i dream of a future where the cooperative solution to the
most demanding threat models is pervasive, to the benefit of all
lesser models, now and into the future.


best regards,


P.S. part of the context for this bias is my perspective as developer
of fully decentralized systems. any peer in such a system is
potentially the highest profile target; the threat model for any peer
the most demanding threat model any one peer may operate under. the
usual "client vs. server", or "casual vs. professional" distinctions
in threat models no longer apply...




From coderman at gmail.com  Mon Oct 13 11:35:47 2014
From: coderman at gmail.com (coderman)
Date: Mon, 13 Oct 2014 11:35:47 -0700
Subject: RC4 Forevar! [was: RC4 is dangerous in ways not yet known - heads
 up on near injection WPA2 downgrade to TKIP RC4]
In-Reply-To: <CAJVRA1QbVP_GQVcB0obcWz-wcfAyo0qTrwB0a2Mp6aW5rETuFQ@mail.gmail.com>
References: <CAJVRA1QbVP_GQVcB0obcWz-wcfAyo0qTrwB0a2Mp6aW5rETuFQ@mail.gmail.com>
Message-ID: <CAJVRA1QGsPgC1M0_gXMOAmLUegSEmkY8Ne5GJU3Gyrx9EYiCxg@mail.gmail.com>

On 10/12/14, coderman <coderman at gmail.com> wrote:
> ...
> also, the definitive paper at http://www.isg.rhul.ac.uk/tls/ still
> insists, "For WPA/TKIP, the only reasonable countermeasure is to
> upgrade to WPA2." which is either incompetently incorrect, or
> intentional indirection.


there is a third option: innocently overlooked.

it is unreasonable of me to assume that lack of prompt corrections is
intentional, as the research is older and not recently updated.

it is unreasonable of me to assume that the lack of awareness
regarding TKIP in WPA2 is widely known, as only driver implementations
and packet disassemblers appear to act on these optional elements.

it is unreasonable of me to repay actual research implementing attacks
with criticism lamenting better information and guidance on a subset
of the research.



in sum: my assumptions of motive were incorrect, rude, and demand retraction.



best regards,
   one libelous jerk




From coderman at gmail.com  Mon Oct 13 11:54:33 2014
From: coderman at gmail.com (coderman)
Date: Mon, 13 Oct 2014 11:54:33 -0700
Subject: [liberationtech] With This Tiny Box, You Can Anonymize Everything
 You Do Online | WIRED
In-Reply-To: <CAKtE3zfziPAZ83+C8FfcqhT7ykJ1ESbNsn_N1O-PfFcMbqmDSA@mail.gmail.com>
References: <CANhci9GKaZNH+MpC+TgoEa=3ZvZUk5f+k7y7zALPYSSoSVzG5A@mail.gmail.com>
 <CAKtE3zfziPAZ83+C8FfcqhT7ykJ1ESbNsn_N1O-PfFcMbqmDSA@mail.gmail.com>
Message-ID: <CAJVRA1RuHRfB+nLs2b4W=3TuU8MqJZUqX4dKGN7diyaU4cF_hg@mail.gmail.com>

On 10/13/14, Travis Biehn <tbiehn at gmail.com> wrote:
> ...
> Interested in update mechanisms, interdiction resilience, trusted boot, web
> / other interfaces.
>
> These devices just change and expand your threat surface.


back in 2007/2008 we launched the Janus Privacy Adapter devices. first
on dual NIC gumstix, then on the now defunct Yoggie Gatekeeper Pro
hardware. both of these had a minimal footprint, two ethernet jacks
for transparent proxy in-line, and power via USB.

updates deployed via hidden service, or yourself via command line ssh.

the attack surface (on device) was minimal, as the control port was
not exposed to the network, etc.

client risk is another story, considering untrusted exit relays and
insecure protocols. for this reason we applied a number of band-aids
blocking known risky ports. this is not an effective approach, and
EPICFAIL shows how a single request not behind Tor proxy unmasks
perfectly.

best case you would use a Tor Browser on each of the hosts behind the
privacy appliance in transparent proxy mode. (e.g. TOR_TRANSPROXY=1
before launching) and block any other application or service from
communicating over the network.  this significantly impairs
functionality, however.

as also mentioned in the article, there have been other variations on
this theme, with more or less robust security posture on device and
for the users behind.

many of these considerations are outlined in the transparent proxy
page: https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy


best regards,




From tbiehn at gmail.com  Mon Oct 13 11:02:55 2014
From: tbiehn at gmail.com (Travis Biehn)
Date: Mon, 13 Oct 2014 14:02:55 -0400
Subject: [liberationtech] With This Tiny Box, You Can Anonymize Everything
 You Do Online | WIRED
In-Reply-To: <CANhci9GKaZNH+MpC+TgoEa=3ZvZUk5f+k7y7zALPYSSoSVzG5A@mail.gmail.com>
References: <CANhci9GKaZNH+MpC+TgoEa=3ZvZUk5f+k7y7zALPYSSoSVzG5A@mail.gmail.com>
Message-ID: <CAKtE3zfziPAZ83+C8FfcqhT7ykJ1ESbNsn_N1O-PfFcMbqmDSA@mail.gmail.com>

+cpunks

Interested in update mechanisms, interdiction resilience, trusted boot, web
/ other interfaces.

These devices just change and expand your threat surface.

Travis
On Oct 13, 2014 12:21 PM, "Yosem Companys" <companys at stanford.edu> wrote:

> Today a group of privacy-focused developers plans to launch a Kickstarter
> campaign for Anonabox. The $45 open-source router automatically directs all
> data that connects to it by ethernet or Wifi through the Tor network,
> hiding the user’s IP address and skirting censorship. It’s also small
> enough to hide two in a pack of cigarettes. Anonabox’s tiny size means
> users can carry the device with them anywhere, plugging it into an office
> ethernet cable to do sensitive work or in a cybercafe in China to evade the
> Great Firewall. The result, if Anonabox fulfills its security promises, is
> that it could become significantly easier to anonymize all your traffic
> with Tor—not just Web browsing, but email, instant messaging, filesharing
> and all the other miscellaneous digital exhaust that your computer leaves
> behind online.
>
> “Now all your programs, no matter what you do on your computer, are routed
> over the Tor network,” says August Germar, one of the independent IT
> consultants who spent the last four years developing the Anonabox. He says
> it was built with the intention of making Tor easier to use not just for
> the software’s Western fans, but for those who really need it more
> Internet-repressive regimes. “It was important to us that it be portable
> and small—something you can easily conceal or even throw away if you have
> to get rid of it.”
>
> http://www.wired.com/2014/10/tiny-box-can-anonymize-everything-online/
> h/t @anahi_ayala
>
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at stanford.edu.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2567 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141013/ee266f3d/attachment.txt>

From rysiek at hackerspace.pl  Mon Oct 13 06:09:43 2014
From: rysiek at hackerspace.pl (rysiek)
Date: Mon, 13 Oct 2014 15:09:43 +0200
Subject: Activism questions,
 please reply to thread by e-mail or if you prefer by bitmessage
 [included]
In-Reply-To: <e9cf76290ff3454e2a1581fe7eadee24@riseup.net>
References: <e9cf76290ff3454e2a1581fe7eadee24@riseup.net>
Message-ID: <7942084.8zhfyh9Mly@lapuntu>

Dnia piątek, 19 września 2014 19:56:43 Odinn Cyberguerrilla pisze:
> Hello,
> 
> Recent events have led me to seriously consider a fast.  In protest
> culture there has been a difference between how hunger strikes and fasts
> are looked at.  The difference is explained well enough here:
> http://wagingnonviolence.org/feature/rules-hunger-striking-radicals/
> 
> I would like to get your opinions pro or con.

Welp, not much answers I guess. I had a problem with distilling mine. I am not 
sure a fast would send a signal strong enough for it to matter and be worth 
the suffering, but I hope I am wrong. Maybe consider getting a few people to 
fast together as a larger action.

-- 
Pozdr
rysiek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 411 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141013/2a5949e7/attachment.sig>

From guninski at guninski.com  Mon Oct 13 05:15:58 2014
From: guninski at guninski.com (Georgi Guninski)
Date: Mon, 13 Oct 2014 15:15:58 +0300
Subject: Insecurity Forevar! [was: Mu [prior to that: How worse is the
 Shellshock bash bug than Heartbleed?]]
In-Reply-To: <CAJVRA1ShZAD6aOd2fR29br9s8yfB=gO+BazX-XXc0fSxgLAWhA@mail.gmail.com>
References: <CAJVRA1ShZAD6aOd2fR29br9s8yfB=gO+BazX-XXc0fSxgLAWhA@mail.gmail.com>
Message-ID: <20141013121558.GB2492@sivokote.iziade.m$>

On Sun, Oct 12, 2014 at 05:35:15PM -0700, coderman wrote:
> On 10/5/14, Georgi Guninski <guninski at guninski.com> wrote:
> > ...
> > ok, i won't argue :)
> 
> 
> one last beating of this dead horse:
> 
> "The recommended practice of blowing away the environment before
> calling a shell goes back to Garfinkel & Spafford's 1991 seminal

lol, look at the warez almost all people are using.
if you follow all such advices you'd better not power it on.

note to myself:  stay away from forks of this thread...


> Practical Unix Security (or at least the 1996 2nd ed., Practical Unix
> & Internet Security). It's in there TWICE it is so basic."
>  - https://docstrange.livejournal.com/95142.html
> 
> also relevant,
> "Dear clueless assholes: stop bashing bash and GNU... You people are
> pieces of shit. I am disgusted..."
>  - https://weev.livejournal.com/409835.html
> 
> "These bugs that happen, these mistakes in software that lead to
> vulnerabilities, they aren’t one-off problems. They’re systemic. There
> are patterns to them and patterns to how people take advantage of
> them. But it isn’t in any one particular company’s interest to dump a
> pile of their own resources into fixing even one of the problems, much
> less dump a pile of resources into an engineering effort to fight the
> pattern... They’ve got even less incentive to fix entire classes of
> vulnerabilities across the board. Same goes for everybody else in the
> game... it’s worse than a tragedy of the commons, it’s a race to the
> bottom."
>  - https://medium.com/message/how-i-explained-heartbleed-to-my-therapist-4c1dbcbe1099




From danimoth at cryptolab.net  Mon Oct 13 06:35:57 2014
From: danimoth at cryptolab.net (danimoth)
Date: Mon, 13 Oct 2014 15:35:57 +0200
Subject: Ubuntu's QA and skills at patching
In-Reply-To: <20141013125035.GC2492@sivokote.iziade.m$>
References: <20141013125035.GC2492@sivokote.iziade.m$>
Message-ID: <20141013133557.GA13932@miyamoto>

On 13/10/14 at 03:50pm, Georgi Guninski wrote:
> lol :)
> 
> https://lists.ubuntu.com/archives/ubuntu-security-announce/2014-September/002679.html
> 
> USN-2363-1 fixed a vulnerability in Bash. Due to a build issue, the
> patch
> for CVE-2014-7169 didn't get properly applied in the Ubuntu 14.04 LTS
> package. This update fixes the problem.
> 
> We apologize for the inconvenience.


Don't trust distro that do not use vanilla packages (like Debian, of
course).

Try to trust who build vanilla packages; usually developers know much
more on their software than an anonymous packager.

For example, I cite ArchLinux [1] where it is clear that they take
patches directly from [2].

Have a nice day

[1]
https://projects.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/bash&id=6faff0d7b1cc951d8bf949b142d070788a8f56e2
[2] http://ftp.gnu.org/gnu/bash/bash-4.3-patches/




From guninski at guninski.com  Mon Oct 13 05:50:35 2014
From: guninski at guninski.com (Georgi Guninski)
Date: Mon, 13 Oct 2014 15:50:35 +0300
Subject: Ubuntu's QA and skills at patching
Message-ID: <20141013125035.GC2492@sivokote.iziade.m$>

lol :)

https://lists.ubuntu.com/archives/ubuntu-security-announce/2014-September/002679.html

USN-2363-1 fixed a vulnerability in Bash. Due to a build issue, the
patch
for CVE-2014-7169 didn't get properly applied in the Ubuntu 14.04 LTS
package. This update fixes the problem.

We apologize for the inconvenience.




From tbiehn at gmail.com  Mon Oct 13 14:29:05 2014
From: tbiehn at gmail.com (Travis Biehn)
Date: Mon, 13 Oct 2014 17:29:05 -0400
Subject: [liberationtech] With This Tiny Box, You Can Anonymize Everything
 You Do Online | WIRED
In-Reply-To: <543C23E5.1060204@cathalgarvey.me>
References: <CANhci9GKaZNH+MpC+TgoEa=3ZvZUk5f+k7y7zALPYSSoSVzG5A@mail.gmail.com>
 <CAKtE3zfziPAZ83+C8FfcqhT7ykJ1ESbNsn_N1O-PfFcMbqmDSA@mail.gmail.com>
 <CAJVRA1RuHRfB+nLs2b4W=3TuU8MqJZUqX4dKGN7diyaU4cF_hg@mail.gmail.com>
 <543C23E5.1060204@cathalgarvey.me>
Message-ID: <CAKtE3zeQQ6K2HyqwQAQ4jreTh=kRKq91fvQ45x21jERbMjsDKg@mail.gmail.com>

It (and any other persistent connections such as joining an IRC server)
provides a good graph for a TLA to justify further liberties with your
liberties.

-Travis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 208 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141013/869f7373/attachment.txt>

From cathalgarvey at cathalgarvey.me  Mon Oct 13 12:08:13 2014
From: cathalgarvey at cathalgarvey.me (Cathal Garvey)
Date: Mon, 13 Oct 2014 20:08:13 +0100
Subject: Ubuntu's QA and skills at patching
In-Reply-To: <20141013133557.GA13932@miyamoto>
References: <20141013125035.GC2492@sivokote.iziade.m$>
 <20141013133557.GA13932@miyamoto>
Message-ID: <543C231D.7040206@cathalgarvey.me>

What's the security trade-off of using Arch, which gets the latest
patches and seemingly likes to rely on developers' repos, versus getting
the latest builds with new and exciting bugs?

That is, Debian has a "stable" branch that is, to most people,
excessively so. But security wise, you're pretty sure it's got less
vulns than their "testing" branch. How does this compare to Arch, which
goes for bleeding edge and unashamedly breaks now and then?

On 13/10/14 14:35, danimoth wrote:
> On 13/10/14 at 03:50pm, Georgi Guninski wrote:
>> lol :)
>>
>> https://lists.ubuntu.com/archives/ubuntu-security-announce/2014-September/002679.html
>>
>> USN-2363-1 fixed a vulnerability in Bash. Due to a build issue, the
>> patch
>> for CVE-2014-7169 didn't get properly applied in the Ubuntu 14.04 LTS
>> package. This update fixes the problem.
>>
>> We apologize for the inconvenience.
> 
> 
> Don't trust distro that do not use vanilla packages (like Debian, of
> course).
> 
> Try to trust who build vanilla packages; usually developers know much
> more on their software than an anonymous packager.
> 
> For example, I cite ArchLinux [1] where it is clear that they take
> patches directly from [2].
> 
> Have a nice day
> 
> [1]
> https://projects.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/bash&id=6faff0d7b1cc951d8bf949b142d070788a8f56e2
> [2] http://ftp.gnu.org/gnu/bash/bash-4.3-patches/
> 

-- 
Twitter: @onetruecathal, @formabiolabs
Phone: +353876363185
Blog: http://indiebiotech.com
miniLock.io: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x988B9099.asc
Type: application/pgp-keys
Size: 6176 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141013/0be7055a/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141013/0be7055a/attachment.sig>

From cathalgarvey at cathalgarvey.me  Mon Oct 13 12:11:33 2014
From: cathalgarvey at cathalgarvey.me (Cathal Garvey)
Date: Mon, 13 Oct 2014 20:11:33 +0100
Subject: [liberationtech] With This Tiny Box, You Can Anonymize Everything
 You Do Online | WIRED
In-Reply-To: <CAJVRA1RuHRfB+nLs2b4W=3TuU8MqJZUqX4dKGN7diyaU4cF_hg@mail.gmail.com>
References: <CANhci9GKaZNH+MpC+TgoEa=3ZvZUk5f+k7y7zALPYSSoSVzG5A@mail.gmail.com>
 <CAKtE3zfziPAZ83+C8FfcqhT7ykJ1ESbNsn_N1O-PfFcMbqmDSA@mail.gmail.com>
 <CAJVRA1RuHRfB+nLs2b4W=3TuU8MqJZUqX4dKGN7diyaU4cF_hg@mail.gmail.com>
Message-ID: <543C23E5.1060204@cathalgarvey.me>

Security wise, what's the deal with using VPN through Tor? Convenience
stacks up very well, you get an IP that's less likely to get
blocked/captcha'd, and you avoid evil relays (provided your VPN has
pre-shared-certs). But, does it open you up to a whole new world of
circumventing-tor's-security-hax pain?

Also, any guides out there to accomplish this? :)

On 13/10/14 19:54, coderman wrote:
> On 10/13/14, Travis Biehn <tbiehn at gmail.com> wrote:
>> ...
>> Interested in update mechanisms, interdiction resilience, trusted boot, web
>> / other interfaces.
>>
>> These devices just change and expand your threat surface.
> 
> 
> back in 2007/2008 we launched the Janus Privacy Adapter devices. first
> on dual NIC gumstix, then on the now defunct Yoggie Gatekeeper Pro
> hardware. both of these had a minimal footprint, two ethernet jacks
> for transparent proxy in-line, and power via USB.
> 
> updates deployed via hidden service, or yourself via command line ssh.
> 
> the attack surface (on device) was minimal, as the control port was
> not exposed to the network, etc.
> 
> client risk is another story, considering untrusted exit relays and
> insecure protocols. for this reason we applied a number of band-aids
> blocking known risky ports. this is not an effective approach, and
> EPICFAIL shows how a single request not behind Tor proxy unmasks
> perfectly.
> 
> best case you would use a Tor Browser on each of the hosts behind the
> privacy appliance in transparent proxy mode. (e.g. TOR_TRANSPROXY=1
> before launching) and block any other application or service from
> communicating over the network.  this significantly impairs
> functionality, however.
> 
> as also mentioned in the article, there have been other variations on
> this theme, with more or less robust security posture on device and
> for the users behind.
> 
> many of these considerations are outlined in the transparent proxy
> page: https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
> 
> 
> best regards,
> 

-- 
Twitter: @onetruecathal, @formabiolabs
Phone: +353876363185
Blog: http://indiebiotech.com
miniLock.io: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x988B9099.asc
Type: application/pgp-keys
Size: 6176 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141013/16d7c066/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141013/16d7c066/attachment.sig>

From tbiehn at gmail.com  Tue Oct 14 05:53:46 2014
From: tbiehn at gmail.com (Travis Biehn)
Date: Tue, 14 Oct 2014 08:53:46 -0400
Subject: IANA Stewardship Transition - WAS: Radical-safest TLDs in 2014
Message-ID: <CAKtE3zfAktL5M48s2qc+0tAAXYV_6SW5GxAmW-pPkqpdaviKsg@mail.gmail.com>

Survey and ML [soliciting feedback from the general public] for stewardship
transition:
https://www.surveymonkey.com/s/IANA_stewardship
http://lists.arin.net/mailman/listinfo/iana-transition

-Travis

On Tue, Oct 7, 2014 at 5:08 AM, Cathal Garvey <cathalgarvey at cathalgarvey.me>
wrote:

> > Can we further reduce ambiguity by reducing the set to those TLDs
> > recognized by ICANN?
>
> Isn't it more useful to reduce the set to TLDs that the "average user"
> can connect to? That's why I shared the rumours about .onion in Firefox:
> who cares what ICANN thinks, if a large enough userbase can access it
> OOTB without configuration?
>
> By contrast, .onion *today*, along with .i2p and .bit, are all
> configuration-heavy, meaning virtually nobody will actually access or
> use them unless they're already completely dedicated customers. The Silk
> Road managed to pull people in because it was essentially the only place
> to buy drugs "safely" online (along with plenty of other reprehensible
> things), but that's a completely exceptional case.
>
> I'm thinking of benign web services that enrich the world in some way,
> but suffer censorship or legal assault because they disturb the
> status-quo. The next start-up that MPAA want to crush, or the next
> whistleblowing site, or the next transborder social network. Those
> people will need TLDs they can rely on. If .onion goes surprisingly
> mainstream in the near future, that'd be very powerful.
>
> Of course, .onion will remain slow as sin, but for those websites they
> can use .onion with 304 redirects to non-onion TLDs for each visitor; as
> their clearnet TLDs get shut down they can just register new ones and
> 304 redirect to them on the fly for each new visitor; whack-a-mole on a
> grand scale, a total losing battle for the censors. The critical bit is
> that there's one canonical URL for new visitors that will always lead to
> service.
>
> On 06/10/14 21:00, Travis Biehn wrote:
> > Rysiek,
> > Can we further reduce ambiguity by reducing the set to those TLDs
> > recognized by ICANN?
> >
> > I don't think you can 'rely' on any of them, to coderman's point.
> >
> > Your best bet is to enumerate the list of TLD delegated authoritative
> > servers, then recursively send legal threats to each.
> >
> > The one who demonstrates the most impressive apathy may be your winner :)
> >
> > Of course, you may want to follow the concept of pitting two
> noncooperative
> > countries against each other.
> > If the threat to your name isnt specifically tied to a subset of all
> > jurisdictions.. You might have a problem.
> >
> > You might, then, establish a protocol. The hash of the website CNN.com's
> > contents, for instance, may serve as a backup domain.
> >
> > Realistically its really down to finding a cool registrar & TLD pair. TBP
> > may be your best example here.
> >
> > As a final note: if you're worried about these kinds of problems you
> > probably shouldn't be using clearnet.
> >
> > Travis
> > On Oct 5, 2014 6:50 PM, "coderman" <coderman at gmail.com> wrote:
> >
> >> On 10/5/14, rysiek <rysiek at hackerspace.pl> wrote:
> >>> ... which TLD should I choose for a "clearternet"
> >>> version of the website?
> >>
> >>
> >> for present day, "clearnet" version,
> >>  winner is .bit / namecoin.
> >>
> >
>
> --
> Twitter: @onetruecathal, @formabiolabs
> Phone: +353876363185
> Blog: http://indiebiotech.com
> miniLock.io: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM
>



-- 
Twitter <https://twitter.com/tbiehn> | LinkedIn
<http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn>
| TravisBiehn.com <http://www.travisbiehn.com> | Google Plus
<https://plus.google.com/+TravisBiehn>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 5122 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141014/4444d555/attachment.txt>

From danimoth at cryptolab.net  Tue Oct 14 01:03:27 2014
From: danimoth at cryptolab.net (danimoth)
Date: Tue, 14 Oct 2014 10:03:27 +0200
Subject: Ubuntu's QA and skills at patching
In-Reply-To: <543C231D.7040206@cathalgarvey.me>
References: <20141013125035.GC2492@sivokote.iziade.m$>
 <20141013133557.GA13932@miyamoto>
 <543C231D.7040206@cathalgarvey.me>
Message-ID: <20141014080327.GA23951@miyamoto>

Hi Cathal,

I do not want to start a flame-war, just my opinions inline.

On 13/10/14 at 08:08pm, Cathal Garvey wrote:
> What's the security trade-off of using Arch, which gets the latest
> patches and seemingly likes to rely on developers' repos, versus getting
> the latest builds with new and exciting bugs?

You're assuming that new releases == new bugs, my assumption is new
releases == new bugs fixed.
You're right (in a general sense) when the updated software has new
features; new features have always new bugs (but major number version
advancement does not often happen).

> That is, Debian has a "stable" branch that is, to most people,
> excessively so. But security wise, you're pretty sure it's got less
> vulns than their "testing" branch. How does this compare to Arch, which
> goes for bleeding edge and unashamedly breaks now and then?

What I really hate is the "I'm better than developers" mentality. What I
want is using the lastest version from official developers (e.g.
lastestes version of OpenSSL, right now at 1.0.1i) and not an old
version patched with pieces of code taken from later releases (e.g.
OpenSSL 1.0.1e in Wheezy). The focal point is really simple: I do not
trust packagers which heavily edit the software they are packaging
(Debian, Arch, Mint.. no differences here) because I consider the
software developers the only ones which can "safely" (<-- take it with a
grain of salt) make modifications to their software.

D.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141014/565d39f5/attachment.sig>

From cathalgarvey at cathalgarvey.me  Tue Oct 14 02:09:29 2014
From: cathalgarvey at cathalgarvey.me (Cathal Garvey)
Date: Tue, 14 Oct 2014 10:09:29 +0100
Subject: Ubuntu's QA and skills at patching
In-Reply-To: <20141014080327.GA23951@miyamoto>
References: <20141013125035.GC2492@sivokote.iziade.m$>
 <20141013133557.GA13932@miyamoto> <543C231D.7040206@cathalgarvey.me>
 <20141014080327.GA23951@miyamoto>
Message-ID: <543CE849.5040908@cathalgarvey.me>

No flame war called for or implied, I'm just genuinely curious to get
opinions.

> You're assuming that new releases == new bugs, my assumption is new
> releases == new bugs fixed.

Yes, granted. Although, I think where security is concerned it would be
nice for developers of the software to have their own "LTS" releases
that only get security bug-fixes and not new releases.

And, as below, that's because otherwise maintainers of stable OS
branches have to make their own LTS codebases which deviate from the
actual developers'!

> What I really hate is the "I'm better than developers" mentality.
> What I want is using the lastest version from official developers
> (e.g. lastestes version of OpenSSL, right now at 1.0.1i) and not an
> old version patched with pieces of code taken from later releases
> (e.g. OpenSSL 1.0.1e in Wheezy). The focal point is really simple: I
> do not trust packagers which heavily edit the software they are
> packaging (Debian, Arch, Mint.. no differences here) because I
> consider the software developers the only ones which can "safely"
> (<-- take it with a grain of salt) make modifications to their
> software.

Well, yes; there were occasions where bad maintainers removed the
entropy-gathering code from major crypto libraries, thinking them to be
use-after-frees! So, in general it's true that the developers should
also be the packagers.

But, what to do, then? If the devs must also facilitate packaging, that
means they must have a nod to multi-arch build/install pipelines, and
that they must support an LTS that doesn't include new "features" but
only focuses on bug-fixes and security.

How many projects do this already? Reading Smári's recent post about
working with GnuPG, and the rapidly changing, highly unstable API he has
to work with, and seeing that OpenSSL (lacking the resources, I'll grant
you!) don't seem to support a "mini-OpenSSL" with only the safe,
well-audited code, it seems that most of the fundamental code we rely on
isn't ready for LTS packaging by the developers.

So, instead the package maintainers who've volunteered for the job try
to do a patchy job of making LTS releases, and we end up with epic fail.

So what do you suggest? Arch seems to use the latest code from devs,
with all the new "features" alongside bugfixes, whereas Debian leans
toward patchy ad-hoc-LTS because official LTS is rarely available.
Neither approach is ideal for security or reliability, but the latter
approach invariably appeals more to the companies that are tasked with
handling our data!

On 14/10/14 09:03, danimoth wrote:
> Hi Cathal,
> 
> I do not want to start a flame-war, just my opinions inline.
> 
> On 13/10/14 at 08:08pm, Cathal Garvey wrote:
>> What's the security trade-off of using Arch, which gets the latest
>> patches and seemingly likes to rely on developers' repos, versus getting
>> the latest builds with new and exciting bugs?
> 
> You're assuming that new releases == new bugs, my assumption is new
> releases == new bugs fixed.
> You're right (in a general sense) when the updated software has new
> features; new features have always new bugs (but major number version
> advancement does not often happen).
> 
>> That is, Debian has a "stable" branch that is, to most people,
>> excessively so. But security wise, you're pretty sure it's got less
>> vulns than their "testing" branch. How does this compare to Arch, which
>> goes for bleeding edge and unashamedly breaks now and then?
> 
> What I really hate is the "I'm better than developers" mentality. What I
> want is using the lastest version from official developers (e.g.
> lastestes version of OpenSSL, right now at 1.0.1i) and not an old
> version patched with pieces of code taken from later releases (e.g.
> OpenSSL 1.0.1e in Wheezy). The focal point is really simple: I do not
> trust packagers which heavily edit the software they are packaging
> (Debian, Arch, Mint.. no differences here) because I consider the
> software developers the only ones which can "safely" (<-- take it with a
> grain of salt) make modifications to their software.
> 
> D.
> 

-- 
Twitter: @onetruecathal, @formabiolabs
Phone: +353876363185
Blog: http://indiebiotech.com
miniLock.io: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x988B9099.asc
Type: application/pgp-keys
Size: 6176 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141014/e17004be/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141014/e17004be/attachment.sig>

From bluelotus at openmailbox.org  Tue Oct 14 16:22:46 2014
From: bluelotus at openmailbox.org (bluelotus at openmailbox.org)
Date: Tue, 14 Oct 2014 19:22:46 -0400
Subject: Crypto mechanics in ios8 and android L
In-Reply-To: <CAD2Ti2_V1cPeSmZs8a=8akb0D+aNqMzHf4byE3vwAtSmDuV1WA@mail.gmail.com>
References: <CAD2Ti2_V1cPeSmZs8a=8akb0D+aNqMzHf4byE3vwAtSmDuV1WA@mail.gmail.com>
Message-ID: <72206d9622e3741681fe9c85806826c4@openmailbox.org>

How would tethering a tablet or laptop to a smartphone be more private 
than directly using the smartphone?

Do tablets have a secret baseband?

How to drive a phone's sms over it's usb port?

On 10/10/2014 11:56 pm, grarpamp wrote:
> http://blog.cryptographyengineering.com/2014/10/why-cant-apple-decrypt-your-iphone.html
> http://nelenkov.blogspot.com/2014/10/revisiting-android-disk-encryption.html
> 
> That's the frontdoor. Baseband's still present and wide open. Thus
> consider a non-cell device (a pad/laptop) tethered to cell hotspot
> or another phone to provide mobile wifi voice/data (IP) to the device.
> 
> Is connecting to a cell hotspot or another phone to use the native
> cell voice/data (cell) of the cell network even possible?
> 
> ie: You can drive a phone's sms over it's usb port. But that's just
> sms, not cell voice or cell IP.




From coderman at gmail.com  Tue Oct 14 22:55:27 2014
From: coderman at gmail.com (coderman)
Date: Tue, 14 Oct 2014 22:55:27 -0700
Subject: Crypto mechanics in ios8 and android L
In-Reply-To: <72206d9622e3741681fe9c85806826c4@openmailbox.org>
References: <CAD2Ti2_V1cPeSmZs8a=8akb0D+aNqMzHf4byE3vwAtSmDuV1WA@mail.gmail.com>
 <72206d9622e3741681fe9c85806826c4@openmailbox.org>
Message-ID: <CAJVRA1Q=OKTx-PVRpYAUCyHNzVE6bhGD9q1zygzva-1J4gbiCw@mail.gmail.com>

On 10/14/14, bluelotus at openmailbox.org <bluelotus at openmailbox.org> wrote:
> How would tethering a tablet or laptop to a smartphone be more private
> than directly using the smartphone?


it is more private because you are separating domains of
communication. the less trustworthy smartphone is used as a network
link (cell or other uplink) and not trusted with the content of the
encrypted communications it carries.

likewise, the cryptographic sessions live off device, on the tethered
tablet or laptop, where presumably it is beyond reach of a suspect
smartphone.

there are many attack methods which can escalate beyond the vulnerable
device, however, so this approach must be considered in the context of
threat model, and likely insufficient alone.



> Do tablets have a secret baseband?

yes, however they are fewer, and if limited to 802.11, easier to
isolate / verify with external tools.



> How to drive a phone's sms over it's usb port?

"instrumenting and automating" device behavior through remote or
programmatic means is a black art unto itself.  :P


best regards,




From cathalgarvey at cathalgarvey.me  Tue Oct 14 23:29:23 2014
From: cathalgarvey at cathalgarvey.me (Cathal (Phone))
Date: Wed, 15 Oct 2014 07:29:23 +0100
Subject: Crypto mechanics in ios8 and android L
In-Reply-To: <CAJVRA1Q=OKTx-PVRpYAUCyHNzVE6bhGD9q1zygzva-1J4gbiCw@mail.gmail.com>
References: <CAD2Ti2_V1cPeSmZs8a=8akb0D+aNqMzHf4byE3vwAtSmDuV1WA@mail.gmail.com>
 <72206d9622e3741681fe9c85806826c4@openmailbox.org>
 <CAJVRA1Q=OKTx-PVRpYAUCyHNzVE6bhGD9q1zygzva-1J4gbiCw@mail.gmail.com>
Message-ID: <6DDD23D5-DE49-487B-98B7-D7204E9D9CF2@cathalgarvey.me>

Control the phone by installing Android Scripting Layer on it and exposing the API control port. Simples.

On 15 October 2014 06:55:27 GMT+01:00, coderman <coderman at gmail.com> wrote:
>On 10/14/14, bluelotus at openmailbox.org <bluelotus at openmailbox.org>
>wrote:
>> How would tethering a tablet or laptop to a smartphone be more
>private
>> than directly using the smartphone?
>
>
>it is more private because you are separating domains of
>communication. the less trustworthy smartphone is used as a network
>link (cell or other uplink) and not trusted with the content of the
>encrypted communications it carries.
>
>likewise, the cryptographic sessions live off device, on the tethered
>tablet or laptop, where presumably it is beyond reach of a suspect
>smartphone.
>
>there are many attack methods which can escalate beyond the vulnerable
>device, however, so this approach must be considered in the context of
>threat model, and likely insufficient alone.
>
>
>
>> Do tablets have a secret baseband?
>
>yes, however they are fewer, and if limited to 802.11, easier to
>isolate / verify with external tools.
>
>
>
>> How to drive a phone's sms over it's usb port?
>
>"instrumenting and automating" device behavior through remote or
>programmatic means is a black art unto itself.  :P
>
>
>best regards,

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2163 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141015/9e23bb40/attachment.txt>

From grarpamp at gmail.com  Wed Oct 15 13:10:44 2014
From: grarpamp at gmail.com (grarpamp)
Date: Wed, 15 Oct 2014 16:10:44 -0400
Subject: Crypto mechanics in ios8 and android L
In-Reply-To: <CAJVRA1Q=OKTx-PVRpYAUCyHNzVE6bhGD9q1zygzva-1J4gbiCw@mail.gmail.com>
References: <CAD2Ti2_V1cPeSmZs8a=8akb0D+aNqMzHf4byE3vwAtSmDuV1WA@mail.gmail.com>
 <72206d9622e3741681fe9c85806826c4@openmailbox.org>
 <CAJVRA1Q=OKTx-PVRpYAUCyHNzVE6bhGD9q1zygzva-1J4gbiCw@mail.gmail.com>
Message-ID: <CAD2Ti2-7mtyvYa-FUhM1kcGMN2MpDeFYjYSyijsUiAwLb4HDyQ@mail.gmail.com>

On Wed, Oct 15, 2014 at 1:55 AM, coderman <coderman at gmail.com> wrote:
> it is more private because you are separating domains of
> communication. the less trustworthy smartphone is used as a network
> link (cell

>>> Is connecting to a cell hotspot or another phone to use the native
>>> cell voice/data (cell) of the cell network even possible?

This is why I still ask this, as being able to use the 'cell voice'
or 'cell data/IP net' from an isolated standoff would be useful. Unlike
using the common 'WiFi internet' provided by cell hotspot/tether, I've
not yet found any protocol, app or hardware for extending either of
those two cell network services (voice/data) from the infected baseband
device to your isolated secure laptop/pad.

Though cell voice/dialing may not actually matter as, unless you
needed to do it remotely, you'd just pick up the infected
baseband device and use it for only that purpose. Same
for cell data. (Cell data is not SMS, fyi).

Note this is not the same as using say your home
internet or coffee shop wifi to subscribe some voip trunk
over the internet. It is directly using/hooking to the cell
carriers voice or data channel, like your GSM phone does.

> there are many attack methods which can escalate beyond the vulnerable
> device, however, so this approach must be considered in the context of
> threat model, and likely insufficient alone.

I was referring strictly to baseband threat, not caring about what
is attempted over the WiFi/BT/NFC/audio gap from the baseband
infected device to the user's relatively more secure/isolated laptop/pad.




From guninski at guninski.com  Wed Oct 15 06:11:04 2014
From: guninski at guninski.com (Georgi Guninski)
Date: Wed, 15 Oct 2014 16:11:04 +0300
Subject: State Hash
In-Reply-To: <20141008154820.GA596@antiproton.jfet.org>
References: <E1Xbpt3-0003FU-2x@elasmtp-dupuy.atl.sa.earthlink.net>
 <2539226.5LNr3qzgvX@lapuntu>
 <20141008151532.GA2468@sivokote.iziade.m$>
 <20141008154820.GA596@antiproton.jfet.org>
Message-ID: <20141015131104.GA2875@sivokote.iziade.m$>

On Wed, Oct 08, 2014 at 11:48:20AM -0400, Riad S. Wahby wrote:
> Georgi Guninski <guninski at guninski.com> wrote:
> > second, it is not known even if P ≠ NP, can a sufficiently
> > powerful quantum computer solve SAT efficiently? -- if the 
> > answer is ``yes'' djb & co fail.
> 
> And yet a quantum computer efficiently solving SAT would be
> substantially more surprising than P=NP!
> 
> Quantum computation is not magic; the limits of quantum mechanics
> already imply relatively strong lower bounds for quantum hash
> collision search.
> 
> -=rsw

Are the limits of quantum mechanics known at all?

As I wrote it might turn out that classic computer might
break SAT efficiently, though this doesn't appear on man
pages of broken warez ;)





From carimachet at gmail.com  Thu Oct 16 00:50:01 2014
From: carimachet at gmail.com (Cari Machet)
Date: Thu, 16 Oct 2014 09:50:01 +0200
Subject: Corporate undercover nation-state agents
In-Reply-To: <CAJVRA1TFJw2UqxZhKHh6mz9YEtP5vzipO+P+UvKfZG8+u=wp=w@mail.gmail.com>
References: <5308c6d21247c887e0ce6dd63d98c534@openmailbox.org>
 <CAGRDzQW5mHF45gkOgn-QHKO_CSaTcujNjqZyv1xdJ5dBUQpOJg@mail.gmail.com>
 <CAJVRA1TFJw2UqxZhKHh6mz9YEtP5vzipO+P+UvKfZG8+u=wp=w@mail.gmail.com>
Message-ID: <CAGRDzQXxU1J7Ud4n=AEpvSgCgfD4u0qNsm_zvr+6L-R4FSv_jA@mail.gmail.com>

he is such a capitalist

no ethical clue

On Mon, Oct 13, 2014 at 1:43 AM, coderman <coderman at gmail.com> wrote:

> On 10/11/14, Cari Machet <carimachet at gmail.com> wrote:
> > this is old news and fuck firstlook fucking ebay paypal pierre is a super
> > fucking neo-liberal capitalist pig that prosecuted the paypal14 asked for
> > millions in reparations he is a corporate warmonger
>
>
> i hear weev likes the guy,
>   http://cryptome.org/2014/10/haefer-auernheimer.jpg
>
> my likes can be had for a modest $1,000,000,000 USD.  step right up!
>
> see also: https://www.youtube.com/watch?v=A-Vmhih9x74&feature=youtu.be
> "The Hacker Wars"
>
>
> best regards,
>



-- 
Cari Machet
NYC 646-436-7795
carimachet at gmail.com
AIM carismachet
Syria +963-099 277 3243
Amman +962 077 636 9407
Berlin +49 152 11779219
Reykjavik +354 894 8650
Twitter: @carimachet <https://twitter.com/carimachet>

7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187

Ruh-roh, this is now necessary: This email is intended only for the
addressee(s) and may contain confidential information. If you are not the
intended recipient, you are hereby notified that any use of this
information, dissemination, distribution, or copying of this email without
permission is strictly prohibited.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2124 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141016/6c803c38/attachment.txt>

From bluelotus at openmailbox.org  Thu Oct 16 07:30:10 2014
From: bluelotus at openmailbox.org (bluelotus at openmailbox.org)
Date: Thu, 16 Oct 2014 10:30:10 -0400
Subject: Corporate undercover nation-state agents
In-Reply-To: <CAGRDzQXxU1J7Ud4n=AEpvSgCgfD4u0qNsm_zvr+6L-R4FSv_jA@mail.gmail.com>
References: <5308c6d21247c887e0ce6dd63d98c534@openmailbox.org>
 <CAGRDzQW5mHF45gkOgn-QHKO_CSaTcujNjqZyv1xdJ5dBUQpOJg@mail.gmail.com>
 <CAJVRA1TFJw2UqxZhKHh6mz9YEtP5vzipO+P+UvKfZG8+u=wp=w@mail.gmail.com>
 <CAGRDzQXxU1J7Ud4n=AEpvSgCgfD4u0qNsm_zvr+6L-R4FSv_jA@mail.gmail.com>
Message-ID: <b4f2056c06ec3d7217ea0c7429cf1cfb@openmailbox.org>

http://www.propublica.org/article/nsa-documents-suggest-close-relationship-between-nsa-us-companies




From jya at pipeline.com  Thu Oct 16 07:34:31 2014
From: jya at pipeline.com (John Young)
Date: Thu, 16 Oct 2014 10:34:31 -0400
Subject: Corporate undercover nation-state agents
In-Reply-To: <4116036fd30dfa22ddb91ceba49d29e9@riseup.net>
References: <4116036fd30dfa22ddb91ceba49d29e9@riseup.net>
Message-ID: <E1Xem8K-0004wy-Tk@elasmtp-masked.atl.sa.earthlink.net>

While this may be an insult to cypherpunks cryptoanarchical origins
it could be saluatory to occasionally set aside state perfidy to look
more closely at the private sector which reaps most rewards from
state obsequiousness toward industry, politicians and their backers
of wealth and the "non-profit" organizational tools of the wealthy, from
mendacious very smark and crafty individuals, particularly in comsec
and infosec and above all else, natsec and anti-natsec, out to work
all sides by getting in bed with all of them, serially and simultaneously.

Private sector spit swappers are as ubiquitous and deceptive as
privacy policies, anonymizers, backdoor coders, covert device
implanters and highly reputable hustlers of public interest, the
skilled and avid publicity seekers avowing protection of the populace
against exploitive gov-com-edu-org-religion hoodlums.

Under cover, over cover, these wily coyotes switch allegiances
like hipster clothing and manufacture bar-pickup promises: take back
the net, https everwhere, fight the spies, lengthy-key encryption and
shyster key sharing, anon-routers and deep black statelessness,
black white and gray products boundlessly offered free to siphon user
data then paid for dearly by black market buyers, then blame the foreign
hackers cover-up aided by AV predators press releasing APT
proofs of countermeasures marketability right here.

What with the profileration of trade schools for coding mastery
in a few weeks, there is quick money to pound the rat button for
more hack, privacy and comsec attacks, more calls for intervention
by everybody everywhere to Ebolaize cyber plagues beyond control.

Against profitably orchestrated terrorism and disease panic attacks
Cypherpunks said it then, avow it now:

http://www.activism.net/cypherpunk/manifesto.html

"Cypherpunks write code. We know that someone has to write
software to defend privacy, and since we can't get privacy unless
we all do, we're going to write it. We publish our code so that our
fellow Cypherpunks may practice and play with it. Our code is free
for all to use, worldwide. We don't much care if you don't approve
of the software we write. We know that software can't be destroyed
and that a widely dispersed system can't be shut down.

Cypherpunks deplore regulations on cryptography, for encryption
is fundamentally a private act. The act of encryption, in fact, removes
information from the public realm. Even laws against cryptography
reach only so far as a nation's border and the arm of its violence.
Cryptography will ineluctably spread over the whole globe, and with
it the anonymous transactions systems that it makes possible.

For privacy to be widespread it must be part of a social contract.
People must come and together deploy these systems for the
common good. Privacy only extends so far as the cooperation of
one's fellows in society. We the Cypherpunks seek your questions
and your concerns and hope we may engage you so that we do
not deceive ourselves. We will not, however, be moved out of
our course because some may disagree with our goals.

The Cypherpunks are actively engaged in making the networks
safer for privacy. Let us proceed together apace.

Onward.

Eric Hughes 
<ftp://soda.berkeley.edu/pub/cypherpunks/people/hughes.html><hughes at soda.berkeley.edu> 


9 March 1993"


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3769 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141016/30caf3ba/attachment.txt>

From cathalgarvey at cathalgarvey.me  Thu Oct 16 03:30:02 2014
From: cathalgarvey at cathalgarvey.me (Cathal Garvey)
Date: Thu, 16 Oct 2014 11:30:02 +0100
Subject: Crypto mechanics in ios8 and android L
In-Reply-To: <E1Xec9z-0002zr-I7@login01.fos.auckland.ac.nz>
References: <E1Xec9z-0002zr-I7@login01.fos.auckland.ac.nz>
Message-ID: <543F9E2A.7050601@cathalgarvey.me>

> That bites both ways.  If I can get control of your Android device
> (which, given the exploit-like-it's-the-1990s state of security of
> the whole ecosystem shouldn't be that hard) then I've MITM'd your net
> connection, while doing the same for your router/access point is
> likely to be a lot harder.

I think anyone savvy enough to be separating domains in this way
*because they can't trust their router (phone)* will have taken steps to
make MitM'ing the router irrelevant. Pre-shared VPN certificates would
largely render this pointless, right? As would Tor on the computer
through the phone? Any attempt to MitM would result in failed cert checks.

Now, you could get the phone to take action on its own that might assist
in exploiting the upstream computer, so for example USB based attacks
(#BADBIOS? :P) or just port scanning the computer through the tether and
attacking open ports. So, isolating and firewalling against the phone,
and treating it as a potential attacker plugged right into the device,
is important if you're at this stage of paranoia. :)

Of course, with bluetooth tethering (or even wifi, if you can power it)
the USB bus attacks aren't as relevant. But firewalling the network
connection with the phone, then VPNning or Torifying the connection
through the phone, would be necessary for a properly "untrusted phone"
connection, IMO.

On 16/10/14 04:55, Peter Gutmann wrote:
> coderman <coderman at gmail.com> writes:
> 
>> it is more private because you are separating domains of communication. the
>> less trustworthy smartphone is used as a network link (cell or other uplink)
>> and not trusted with the content of the encrypted communications it carries.
> 
> That bites both ways.  If I can get control of your Android device (which,
> given the exploit-like-it's-the-1990s state of security of the whole ecosystem
> shouldn't be that hard) then I've MITM'd your net connection, while doing the
> same for your router/access point is likely to be a lot harder.
> 
> Peter.
> 

-- 
Twitter: @onetruecathal, @formabiolabs
Phone: +353876363185
Blog: http://indiebiotech.com
miniLock.io: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x988B9099.asc
Type: application/pgp-keys
Size: 6176 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141016/4afc55e7/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141016/4afc55e7/attachment.sig>

From odinn.cyberguerrilla at riseup.net  Thu Oct 16 11:32:51 2014
From: odinn.cyberguerrilla at riseup.net (Odinn Cyberguerrilla)
Date: Thu, 16 Oct 2014 11:32:51 -0700
Subject: Corporate undercover nation-state agents
In-Reply-To: <b4f2056c06ec3d7217ea0c7429cf1cfb@openmailbox.org>
References: <5308c6d21247c887e0ce6dd63d98c534@openmailbox.org>
 <CAGRDzQW5mHF45gkOgn-QHKO_CSaTcujNjqZyv1xdJ5dBUQpOJg@mail.gmail.com>
 <CAJVRA1TFJw2UqxZhKHh6mz9YEtP5vzipO+P+UvKfZG8+u=wp=w@mail.gmail.com>
 <CAGRDzQXxU1J7Ud4n=AEpvSgCgfD4u0qNsm_zvr+6L-R4FSv_jA@mail.gmail.com>
 <b4f2056c06ec3d7217ea0c7429cf1cfb@openmailbox.org>
Message-ID: <c78c14e847a05bde81a9677c1838d084@riseup.net>

This ProPublica story is one of the few by ProPublica that is actually 
very silly and not well researched.  It wasn't necessary to have newly 
disclosed NSA documents referred to in the article to figure out and 
report on that there are ""contractual relationships" between the NSA 
and U.S. companies, as well as the fact that the NSA has "under cover" 
spies working at or with some U.S. companies."

The reason why it wasn't necessary?  Because it's been well established 
for years and it is not a secret that this is the case.  TAREX, 
undercover agents, and of course, "corporate parters" referred to in the 
Intercept overview of the documents cited, can all claim (if pressed) 
that they are merely following the "voluntary DIB" ~ the DoD Defense 
Industrial Base Voluntary Cyber Security and Information Assurance rule, 
a.k.a. DOD-2009-OS-0183-0001 (CFR: 32 CFR Part 236; Federal Register 
Number: 2012-10651).

For details, See: http://privacysos.org/node/641 (from 5/11/2012!!!)
Some of the same language of the "administrative rule" referred to in 
the privacysos article, was later adopted by Congress, as H.Amdt.44 to 
H.R.624 (Cyber Intelligence Sharing and Protection Act) which passed the 
House in 2013, but was not enacted as there was too much opposition to 
allow it to move onto and pass the Senate.  Independent of Congress's 
legislative process, the administrative rule was finalized and continues 
to be used today as a part of the basis for the corporation-state's 
activity.

All of the corporation-state crimes against humanity are generally 
committed in full public view.  They have no shame.  You can't vote them 
out or demand they change (though it helps to publicly oppose what they 
are doing ~ I appreciate TheOpenMedia's recent efforts, for example, as 
shown at: https://openmedia.org/digitalfuture In general though, to 
address these rampant problems in a way that really alters the funding 
and ultimate disposition of resources that society has (assuming we 
don't want all our diminishing resources thrown down the gov-hole), the 
only thing we can do is empower people to remove resources from this 
deeply flawed system as we build new ones.

Cheers,

-Odinn
https://keybase.io/odinn

On 2014-10-16 07:30, bluelotus at openmailbox.org wrote:
> http://www.propublica.org/article/nsa-documents-suggest-close-relationship-between-nsa-us-companies




From nicolasbourbaki at riseup.net  Thu Oct 16 06:34:56 2014
From: nicolasbourbaki at riseup.net (Nicolas Bourbaki)
Date: Thu, 16 Oct 2014 15:34:56 +0200
Subject: Corporate undercover nation-state agents
Message-ID: <4116036fd30dfa22ddb91ceba49d29e9@riseup.net>

It should be clear now, if not long ago, that the US Government is the 
silent occupier of the stateless generation. This is true no matter the 
protest the American technological industry may attempt present in 
response to this fact. In light of this "Balkanisation" should be seen 
as a marketing term thought up by US actors to prevent the rest of the 
world from noticing that their data, sitting in or traversing the US, 
has less rights than that of a Syrian refugee.

On 11/10/2014 03:20, bluelotus at openmailbox.org wrote:
> https://firstlook.org/theintercept/2014/10/10/core-secrets/
> 
> "But the briefing document suggests another category of employees—ones 
> who are secretly working for the NSA without anyone else being aware. 
> This kind of double game, in which the NSA works with and against its 
> corporate partners, already characterizes some of the agency’s work, in 
> which information or concessions that it desires are surreptitiously 
> acquired if corporations will not voluntarily comply. The reference to 
> “under cover” agents jumped out at two security experts who reviewed 
> the NSA documents for The Intercept.
> 
> “That one bullet point, it’s really strange,” said Matthew Green, a 
> cryptographer at Johns Hopkins University. “I don’t know how to 
> interpret it.” He added that the cryptography community in America 
> would be surprised and upset if it were the case that “people are 
> inside [an American] company covertly communicating with NSA and they 
> are not known to the company or to their fellow employees.”
> 
> The ACLU’s Soghoian said technology executives are already deeply 
> concerned about the prospect of clandestine agents on the payroll to 
> gain access to highly sensitive data, including encryption keys, that 
> could make the NSA’s work “a lot easier.”
> 
> “As more and more communications become encrypted, the attraction for 
> intelligence agencies of stealing an encryption key becomes 
> irresistible,” he said. “It’s such a juicy target.”
> 




From coderman at gmail.com  Thu Oct 16 16:35:44 2014
From: coderman at gmail.com (coderman)
Date: Thu, 16 Oct 2014 16:35:44 -0700
Subject: Fwd: [whispersystems] Warrant Canary - Gag order in place right now?
In-Reply-To: <54405448.3070708@thoughtcrime.org>
References: <CADqL4Dv2ojQHEYU0EPFBW-rAbPT7wVnxbV2WYdHWDST3BdWO3Q@mail.gmail.com>
 <54405448.3070708@thoughtcrime.org>
Message-ID: <CAJVRA1QydckaAfPaCgKLr++1REqCd0bJ-sLGpFbvoLyJ7A_XJg@mail.gmail.com>

---------- Forwarded message ----------
From: Moxie Marlinspike <moxie at thoughtcrime.org>
Date: Thu, 16 Oct 2014 16:27:04 -0700
Subject: Re: [whispersystems] Warrant Canary - Gag order in place right now?
To: whispersystems at lists.riseup.net


On 10/16/2014 03:13 PM, Advocatus Diaboli wrote:
> I've been watching the development of TextSecure and other OWS apps for
> a while, and among other things wondered why there is no warrant canary.
>
> 20 Minutes ago, a comment was posted in the following issue - and
> promptly deleted again 5 Minutes ago:

As far as I can tell, nothing was deleted, you're just looking at the
wrong issue:

https://github.com/WhisperSystems/whispersystems.org/issues/34

> It has been deleted by either the author or an OWS administrator. It
> stated that, unlike moxie says in the issue, the EFF's lawyers obviously
> are of the opinion that warrant canarys do work:

There's a huge difference between the EFF taking a public position on an
untested legal concept and a lawyer providing council to a client.  Of
course the EFF is going to advocate them, their job is to take that
position.

Whether warrant canaries will work or not is not my area of expertise.
However, I don't want to experiment with them for two reasons:

1) Lawyers who provide us council have told us it's very likely they
won't work.  I don't want to advertise something that could be
interpreted as an assurance which is actually false if for some reason
it ever came down to that.

2) It's not the hill I want to die on.  We're not well positioned to
push the state of the art in legal policy or to be a test case.  It's
not what we're good at, and honestly the point of our work is to make
those kind of questions irrelevant by not having any data to provide.
That's the envelope that we *are* interested in pushing.

> If this would be the case, they should not to put up a warrant canary
> (because it would be lying), and they would also not be able to explain
> why they cannot publish a warrant canary (because that would violate the
> gag order). The only thing left do would be to find excuses why no
> warrant canary is being put up and trying to avoid public attention to
> the topic. Which is exactly what's happening.

You left out the part about the lizard people.

> So please, Moxie, if this is *not* the case, state on this mailinglist,
> publicly and in clear terms, that OWS or the server admins did not yet
> receive a subpoena / warrant / gag order related to any OWS app or service.

We have never received a subpoena, warrant, or gag order related to any
OWS app or service.  Now can we go back to writing software?

- moxie

-- 
http://www.thoughtcrime.org




From snehan.kekre612 at protonmail.ch  Thu Oct 16 13:42:34 2014
From: snehan.kekre612 at protonmail.ch (Snehan Kekre)
Date: Thu, 16 Oct 2014 16:42:34 -0400
Subject: Corporate undercover nation-state agents
Message-ID: <e5d8c9be9ffa438938401bec7d49687d@protonmail.ch>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 404 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141016/f42a191e/attachment.txt>

From pgut001 at cs.auckland.ac.nz  Wed Oct 15 20:55:31 2014
From: pgut001 at cs.auckland.ac.nz (Peter Gutmann)
Date: Thu, 16 Oct 2014 16:55:31 +1300
Subject: Crypto mechanics in ios8 and android L
In-Reply-To: <CAJVRA1Q=OKTx-PVRpYAUCyHNzVE6bhGD9q1zygzva-1J4gbiCw@mail.gmail.com>
Message-ID: <E1Xec9z-0002zr-I7@login01.fos.auckland.ac.nz>

coderman <coderman at gmail.com> writes:

>it is more private because you are separating domains of communication. the
>less trustworthy smartphone is used as a network link (cell or other uplink)
>and not trusted with the content of the encrypted communications it carries.

That bites both ways.  If I can get control of your Android device (which,
given the exploit-like-it's-the-1990s state of security of the whole ecosystem
shouldn't be that hard) then I've MITM'd your net connection, while doing the
same for your router/access point is likely to be a lot harder.

Peter.




From zen at freedbms.net  Wed Oct 15 23:47:21 2014
From: zen at freedbms.net (Zenaan Harkness)
Date: Thu, 16 Oct 2014 17:47:21 +1100
Subject: [Cryptography] Cryptography, backdoors and the Second Amendment
In-Reply-To: <CAHWD2r+2OD97v=puXefE6tdL+YDPfDQcjgXwbxgHm_BHiABfAg@mail.gmail.com>
References: <1412897789.3376891.177247101.2F9CFC02@webmail.messagingengine.com>
 <1413045624.7378.97.camel@demonking>
 <CAHWD2r+e21VgwiABsJckHvKzGmpPTSEH0a6feespnSqDwZqBYg@mail.gmail.com>
 <1413129855.7378.226.camel@demonking>
 <CAHWD2rLYZQF-+c0XPy4bpgPUvpW5tXb4_ZhjBXm4s=Ft3rAY3g@mail.gmail.com>
 <B8545728-D255-4121-9D66-CD068E462460@lrw.com>
 <CAHWD2r+2OD97v=puXefE6tdL+YDPfDQcjgXwbxgHm_BHiABfAg@mail.gmail.com>
Message-ID: <CAOsGNSQJ4uFJr=9cYpwTRcMEhPK_Xs03KGP-3fO9k=yeJ2_NYg@mail.gmail.com>

On 10/16/14, Lodewijk andré de la porte <l at odewijk.nl> wrote:
> This e-mail turned out huge enough that I think I'll not have to speak
> about the subject again any time soon. I'd still like to listen :)
>
> 2014-10-13 5:42 GMT+02:00 Jerry Leichter <leichter at lrw.com>:
>> The Second Amendment's bizarre language has been a problem pretty much
>> since it was written, and while there have been changes in interpretation
>> over the years - and there has definitely been a strong trend in recent
>> years for scholars and judges of all political persuasions to see it as a
>> stronger protector of an individualized right than was the case in the
>> past
>> - things like Miller have grown up around it and have also, for now,
>> become
>> settled law.
>
> Thank you for the dissertation. It was well received :)
>
> I think no judge can sanely claim gun regulations that restrict the right
> to bear arms to be constitutional. Specifically of paramount and
> contemporary importance is the protection against a tyranical government,
> and foreign attacks from geopolitical powers like China and Russia and,
> most Catch-22ish terrorists and murderers, in mass shootings or otherwise.
>
> I would very much appreciate people being encouraged to take arms in the
> context of militia's. A single armed man is not reliable enough, nor
> capable enough, to contribute meaningfully to the common defense or any
> such thing.
>
> I also would bid the United States' federal government to provide an
> interpretation of the second amendment that allows the states to prevent
> purchase or transfer of certain devices when not in conjunction with a
> militia. That militia's may be registered at the state or federal
> government, at no charge to them, limited only in that it requires several
> natural persons to create it and that these natural persons may only
> participate in three militia's. That militia's must in some shape or form
> encourage the discipline to comply with laws as they apply in their area of
> operation, lest they are an encouragement of criminal behavior and are
> indeed not militia's at all. And more such rules as provide a regulated
> environment in which one may justly execute his or her right to keep and
> bear arms
>
> After all, a device handled by one not trained to use it can never be arms
> at all.

There are two types of 'registration' of militia which may be useful
to consider - that by government (state or federal) and that by notice
given to government (probably to state and to federal) of the
body-of-people created by that body-of-people and named a "militia".

Begging the elected machinery to do the bidding may be successful.

Legal notice of actions on foot and of a reality "hereby established
by the people of REGION and formed as a militia in the meaning of the
federal constitution and in the name of NAME" gives notice of a (newly
created) reality.

We the people are with the right to petition our parliaments, but even
further, to give notice to the parliaments. The right to act pursuant
to our governing instruments, the constitution at the foundation (at
least in the USA), and to give notice of the formation of
body-of-people pursuant to those governing instruments, perhaps out be
exercised with caution and discretion, where the power of the people
is expanding, and where such exercise of such power might be seen as
interesting by our governments.

Legal notice, at various stages of entity-body-of-people creation,
with appropriate time frames for suitable response and ongoing
communication, engages those external government authorities in a way
which can create entitlement for, by, and of, the people. Sanction of
the force of numbers would likely also be needed to establish such
right as the right to bear (any and all) arms by an established
militia.

Such creations would of course require united intention of many of
we-the-people, over an extended period of time, along with a
willingness to handle the responses from the wider public and of the
various governments, at least state and federal.

I do not live in the USA, so good luck and $DEITY-speed :)
Zenaan

-- 
Banned for life from Debian, for suggesting Debian's CoC
is being swung in our faces a little too vigorously.




From rysiek at hackerspace.pl  Thu Oct 16 12:32:57 2014
From: rysiek at hackerspace.pl (rysiek)
Date: Thu, 16 Oct 2014 21:32:57 +0200
Subject: Corporate undercover nation-state agents
In-Reply-To: <E1Xem8K-0004wy-Tk@elasmtp-masked.atl.sa.earthlink.net>
References: <4116036fd30dfa22ddb91ceba49d29e9@riseup.net>
 <E1Xem8K-0004wy-Tk@elasmtp-masked.atl.sa.earthlink.net>
Message-ID: <24800809.JhIfP995YH@lapuntu>

Dnia czwartek, 16 października 2014 10:34:31 John Young pisze:
> While this may be an insult to cypherpunks cryptoanarchical origins
> it could be saluatory to occasionally set aside state perfidy to look
> more closely at the private sector which reaps most rewards from
> state obsequiousness toward industry, politicians and their backers
> of wealth and the "non-profit" organizational tools of the wealthy, from
> mendacious very smark and crafty individuals, particularly in comsec
> and infosec and above all else, natsec and anti-natsec, out to work
> all sides by getting in bed with all of them, serially and simultaneously.
> 
> (and more great words)

Thank you. I couldn't agree more. Apple-Disney-Fox is as dangerous and looming 
as military-industrial-complex... because they're basically the same.

I am waiting for the first multinational corporation to declare independence. 
Also: http://rys.io/en/77

-- 
Pozdr
rysiek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 411 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141016/da8ee8cb/attachment.sig>

From alfiej at fastmail.fm  Fri Oct 17 02:26:25 2014
From: alfiej at fastmail.fm (Alfie John)
Date: Fri, 17 Oct 2014 10:26:25 +0100
Subject: Fwd: [whispersystems] Warrant Canary - Gag order in place right
 now?
In-Reply-To: <CAJVRA1QydckaAfPaCgKLr++1REqCd0bJ-sLGpFbvoLyJ7A_XJg@mail.gmail.com>
References: <CADqL4Dv2ojQHEYU0EPFBW-rAbPT7wVnxbV2WYdHWDST3BdWO3Q@mail.gmail.com>
 <54405448.3070708@thoughtcrime.org>
 <CAJVRA1QydckaAfPaCgKLr++1REqCd0bJ-sLGpFbvoLyJ7A_XJg@mail.gmail.com>
Message-ID: <1413537985.1291115.180081117.257FD1CC@webmail.messagingengine.com>

On Fri, Oct 17, 2014, at 12:35 AM, coderman wrote:
> Whether warrant canaries will work or not is not my area of expertise.
> However, I don't want to experiment with them for two reasons:
>
> 1) Lawyers who provide us council have told us it's very likely they
>    won't work.  I don't want to advertise something that could be
>    interpreted as an assurance which is actually false if for some
>    reason it ever came down to that.
>
> 2) It's not the hill I want to die on.  We're not well positioned to
>    push the state of the art in legal policy or to be a test case.
>    It's not what we're good at, and honestly the point of our work is
>    to make those kind of questions irrelevant by not having any data
>    to provide. That's the envelope that we *are* interested in
>    pushing.

I think that there are a number of companies who would like to use a
warrant canary to protect their users but also do not want to be a
guinea pig of the courts. Even Apple, which had the biggest market cap
in the world so could afford to take on this fight, bowed down and
removed their warrant canary recently.

Sadly, until someone with a set of big brass ones goes all guns blazing
to specifically set precedent, everyone is going to sit on the sidelines
on this issue.

I guess the only real work around would be to relocate the company
(including all employees) to a more friendly jurisdiction.

Alfie

-- 
  Alfie John
  alfiej at fastmail.fm




From hozer at hozed.org  Fri Oct 17 09:06:10 2014
From: hozer at hozed.org (Troy Benjegerdes)
Date: Fri, 17 Oct 2014 11:06:10 -0500
Subject: Fwd: [whispersystems] Warrant Canary - Gag order in place right
 now?
In-Reply-To: <1413537985.1291115.180081117.257FD1CC@webmail.messagingengine.com>
References: <CADqL4Dv2ojQHEYU0EPFBW-rAbPT7wVnxbV2WYdHWDST3BdWO3Q@mail.gmail.com>
 <54405448.3070708@thoughtcrime.org>
 <CAJVRA1QydckaAfPaCgKLr++1REqCd0bJ-sLGpFbvoLyJ7A_XJg@mail.gmail.com>
 <1413537985.1291115.180081117.257FD1CC@webmail.messagingengine.com>
Message-ID: <20141017160610.GZ1755@nl.grid.coop>

On Fri, Oct 17, 2014 at 10:26:25AM +0100, Alfie John wrote:
> On Fri, Oct 17, 2014, at 12:35 AM, coderman wrote:
> > Whether warrant canaries will work or not is not my area of expertise.
> > However, I don't want to experiment with them for two reasons:
> >
> > 1) Lawyers who provide us council have told us it's very likely they
> >    won't work.  I don't want to advertise something that could be
> >    interpreted as an assurance which is actually false if for some
> >    reason it ever came down to that.
> >
> > 2) It's not the hill I want to die on.  We're not well positioned to
> >    push the state of the art in legal policy or to be a test case.
> >    It's not what we're good at, and honestly the point of our work is
> >    to make those kind of questions irrelevant by not having any data
> >    to provide. That's the envelope that we *are* interested in
> >    pushing.
> 
> I think that there are a number of companies who would like to use a
> warrant canary to protect their users but also do not want to be a
> guinea pig of the courts. Even Apple, which had the biggest market cap
> in the world so could afford to take on this fight, bowed down and
> removed their warrant canary recently.
> 
> Sadly, until someone with a set of big brass ones goes all guns blazing
> to specifically set precedent, everyone is going to sit on the sidelines
> on this issue.
> 
> I guess the only real work around would be to relocate the company
> (including all employees) to a more friendly jurisdiction.

There is another option. First you get some idealistic laywers who are 
stuck with half a million in student loans they can't pay back and work
out a warrant canary system and pay them equity in the company that 
will deploy it as a retainer.

However, for this to work it requires **investors** and end users to buy
the product(s) the company is going to sell that have warrant canaries.

You might even be able to work out some sort of 'proof-of-retainer' block
reward scheme on a new canarycoin so the lawyers defending the company 
can get tradeable coins, and cash them out to pay off the loans.

All of this revolves around the business models. Figure that out and the 
legal jurisdiction is irrelevant, because if you have a good enough business
model, you can buy the legislation you want.




From rich at openwatch.net  Fri Oct 17 13:34:20 2014
From: rich at openwatch.net (Rich Jones)
Date: Fri, 17 Oct 2014 13:34:20 -0700
Subject: NYPD Gets Glomar Powers
Message-ID: <CADJYzxKd46wbUKMU+Afz2yrqrRNG-WJh3Z2kb5hPqC+Duvo6OQ@mail.gmail.com>

Not sure if this is too relevant to the list, but thought I'd bring it up
anyway.

Fairly important ruling today:
http://www.rcfp.org/browse-media-law-resources/news/trial-court-allows-police-use-glomar-response-deny-records-requests

Basically, a few years ago, the NYPD hired a bunch of ex-TLA guys to handle
their freedom of information program, and then began declaring things as
being secret, even though the law mentioned nothing about the ability to do
this. Of course, they even extended their newly-created power to declare
the even the existence-or-non-existence of information secret. Today, in
horrifying fashion, the court affirmed their power to do this. FTA:

> The case, *Abdur-Rashid v. New York City Police Department
> <http://www.nycourts.gov/reporter/3dseries/2014/2014_24271.htm>*,
> involved a request by Imam Talib Abdur-Rashid for records regarding NYPD
> surveillance of himself and his mosque in New York City. The city refused
> to disclose to Mr. Abdur-Rashid whether any such records existed, and told
> him that even if they did exist, such records would be exempt under the New
> York Freedom of Information Law (“FOIL”).
>
> In its decision
> <http://www.nycourts.gov/reporter/3dseries/2014/2014_24271.htm>, the
> court somewhat perplexingly acknowledged that according to federal and
> state case law, “[i]t should follow that when a local agency such as the
> NYPD is replying to a FOIL request, the Glomar doctrine is similarly
> inapplicable.” However, it then went on to state that as this was a case of
> first impression, the NYPD’s use of a Glomar response “is in keeping with
> the spirit of similar appellate court cases.” The court determined that
> “disclosing the existence of responsive records would reveal information
> concerning operations, methodologies, and sources of information of the
> NYPD, the resulting harm of which would allow individuals or groups to take
> counter-measures to avoid detection of illegal activity, undermining
> current and future NYPD investigations.” Therefore, it granted the NYPD’s
> motion to dismiss the case.
>

This is particularly troubling as a lot of police departments look to NYPD
as an example, and we may see this as a new tactic opposing police
investigators across the country. It's a very bad day for FOIA in my
opinion.

R
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2712 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141017/adabf624/attachment.txt>

From griffin at cryptolab.net  Fri Oct 17 11:06:48 2014
From: griffin at cryptolab.net (Griffin Boyce)
Date: Fri, 17 Oct 2014 14:06:48 -0400
Subject: Legality of warrant canaries
Message-ID: <fd49a9f6822d1488b215e9441aec093d@cryptolab.net>

Hey all,

   There's been a lot of discussion around warrant canaries lately, and I 
just want to pipe in with my experience.

   Back in 2012, I talked to my attorney about setting up a warrant 
canary or a dead man's switch -- which he pointed out would have the 
same legal repercussions as just releasing the gagged warrant/NSL.  Why? 
  Because they are frequently phrased in such a way that if you do or 
fail to do a thing to somehow make it known, then you've violated the 
order.  You're in just as much trouble if you take out a billboard or 
tweet a scan of the order or use pantomime or comment out a warrant 
canary.

   The only difference is that there *might* be plausible deniability if 
you tell your partner "something happened at work today and I can't tell 
you what it is" [1], whereas you have *no* ability to deny anything if 
you remove a publicized warrant canary from a website.  I'm not saying 
don't do it, but maybe talk to a lawyer first.

~Griffin

[1] 
http://www.newyorker.com/tech/elements/what-its-like-to-get-a-national-security-letter

-- 
"I believe that usability is a security concern; systems that do
not pay close attention to the human interaction factors involved
risk failing to provide security by failing to attract users."
~Len Sassaman




From eugen at leitl.org  Fri Oct 17 05:13:43 2014
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 17 Oct 2014 14:13:43 +0200
Subject: Novena update
Message-ID: <20141017121343.GM10467@leitl.org>


Bunnie seems on track. Wonder what the price tag for rubes will be.

http://www.bunniestudios.com/blog/?p=4146




From billstclair at gmail.com  Fri Oct 17 11:26:50 2014
From: billstclair at gmail.com (Bill St. Clair)
Date: Fri, 17 Oct 2014 14:26:50 -0400
Subject: Legality of warrant canaries
In-Reply-To: <fd49a9f6822d1488b215e9441aec093d@cryptolab.net>
References: <fd49a9f6822d1488b215e9441aec093d@cryptolab.net>
Message-ID: <CAARJRB4LvRhUZZaL5W_1_XK5qvrCW1N6RR5kRUfFHLDNhSZ1fQ@mail.gmail.com>

On Fri, Oct 17, 2014 at 2:06 PM, Griffin Boyce <griffin at cryptolab.net>
wrote:


>   There's been a lot of discussion around warrant canaries lately, and I
> just want to pipe in with my experience.
>

​I'm surprised that anybody obeys these gag orders. Better to just
publicize the warrant far and wide, and make it known that you'll kill
anybody who tries to enforce the gag order. Hey. Do you want to live
forever?

-Bill​
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 983 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141017/6b90c1d0/attachment.txt>

From l at odewijk.nl  Fri Oct 17 06:28:53 2014
From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=)
Date: Fri, 17 Oct 2014 15:28:53 +0200
Subject: Fwd: [whispersystems] Warrant Canary - Gag order in place right
 now?
In-Reply-To: <1413537985.1291115.180081117.257FD1CC@webmail.messagingengine.com>
References: <CADqL4Dv2ojQHEYU0EPFBW-rAbPT7wVnxbV2WYdHWDST3BdWO3Q@mail.gmail.com>
 <54405448.3070708@thoughtcrime.org>
 <CAJVRA1QydckaAfPaCgKLr++1REqCd0bJ-sLGpFbvoLyJ7A_XJg@mail.gmail.com>
 <1413537985.1291115.180081117.257FD1CC@webmail.messagingengine.com>
Message-ID: <CAHWD2r+HROOj70Gr4vk8a3eOhtDK1wdrpoe_1=126d862pzQhg@mail.gmail.com>

2014-10-17 11:26 GMT+02:00 Alfie John <alfiej at fastmail.fm>:

> I guess the only real work around would be to relocate the company
> (including all employees) to a more friendly jurisdiction.
>

Somehow American's believe national is the new international. What was
PirateAt40 doing in the US? Why, if you run The Silk Road, do you live in
the US? All they had to do is disappear off the map for a while (say 5 to
10 years) (this means visiting somewhere remote, like China or Russia,
hell, go to Finland for all I care, this is about not dropping hints in
police hintboxes all the time; not running away), maybe reinvent themselves
with a properly faked ID (maybe!), and, well, enjoy life in all the square
meters not run by "We The People".
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1102 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141017/359ebc3f/attachment.txt>

From l at odewijk.nl  Fri Oct 17 06:34:33 2014
From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=)
Date: Fri, 17 Oct 2014 15:34:33 +0200
Subject: Novena update
In-Reply-To: <20141017121343.GM10467@leitl.org>
References: <20141017121343.GM10467@leitl.org>
Message-ID: <CAHWD2rLfQzphWTzX_DxuwzN97c1xZ5uFMO+AsUAzvuETpGFyVA@mail.gmail.com>

It's a shame that technology is always conceptiually so simple, yet
practically so ... finnicky..

The laptop was really expensive for the quality you'd get. Not by choice, I
bet. I hope they'll manage to make something more bang for buck sooner
rather than later. (Ignoring the advantages this thing brings.)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 438 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141017/c12100ef/attachment.txt>

From odinn.cyberguerrilla at riseup.net  Fri Oct 17 17:47:34 2014
From: odinn.cyberguerrilla at riseup.net (odinn)
Date: Fri, 17 Oct 2014 17:47:34 -0700
Subject: Legality of warrant canaries
In-Reply-To: <CAD2Ti2_5JfQz_N4Ung1e5TBuQbmy1zUbqoJEuWBXvK-WiFq8mg@mail.gmail.com>
References: <fd49a9f6822d1488b215e9441aec093d@cryptolab.net>
 <alpine.DEB.2.02.1410180024390.10129@lakka.kapsi.fi>
 <CAD2Ti2_5JfQz_N4Ung1e5TBuQbmy1zUbqoJEuWBXvK-WiFq8mg@mail.gmail.com>
Message-ID: <5441B8A6.1030407@riseup.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I would add to that, even though it won't change the behavior of those
engaging in surveillance, it wouldn't hurt to post a notice somewhere
on the server stating that the managers of the server / service do not
consent to warrantless searches, or something to that effect. This is
similar to the "door notice" and "safe notice" that CALGUNS and Michel
& Associates (a law firm) published to counter APPS seizures in CA,
USA. (Not many people use them, but if you're prone to receiving
visits from LEOs, it's at the very least something you should discuss
with your lawyer.) Suppose you have a "door notice" up installed as a
file somewhere on your servers - basically saying "Go Away! We don't
consent to warrantless searches" or something like that... if it then
turns out that someone has been poking into your servers you will then
be able to say "There was a warning posted...You were warned that you
shouldn't do that," and proceed to either disclose what they've done
or even (if you really want to try to use the law as a blunt
instrument, not that I recommend that, I really don't, but here it is)
either issue cease and desist (what Mozilla did on at least one
occasion) or, _prosecute_ the agents (under the DoD's voluntary DIB,
the agents could be corporate or persons directly in governmental
employ) using civil legal actions:
https://storify.com/AnonyOdinn/using-legal-actions-against-finfisher-hackbacks-an

Please note:
1) Law isn't a solution to stop malware and surveillance, though I
have in the past suggested how people could use it.
2) Nothing I post here can be construed as legal advice.  If you are
contemplating doing anything that would involve the use of law in any
way shape or form, go get a lawyer.
3) Cryptoanarchy, I think, will have a much bigger impact than people
are currently willing to admit.  The influence of those who use law,
violence, and coercion altogether, will thus fade as time goes on, IMHO.

Cheers,

- -Odinn

On 10/17/2014 03:56 PM, grarpamp wrote:
> I believe the best policy would be to determine your own belief. 
> Assuming your belief is that gag orders are bullshit and canaries
> are stupid games, then: Inform council you will be taking such
> position, identify any legal basis/test such as first amandement /
> rights. Wait for warrant, order, NSL, FISA, exigence argument. 
> Publish it, with/without whatever redactions you see fit, to 
> whomever/all you see fit. See what happens. Nothing better than a
> stand up fight. (Never underestimate the power of the 1st).
> 

- -- 
http://abis.io ~
"a protocol concept to enable decentralization
and expansion of a giving economy, and a new social good"
https://keybase.io/odinn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJUQbimAAoJEGxwq/inSG8C2TkIAL89H2aCzbK8k4qJpn32P2r1
5bi0mjTYInGIEUzRB6K1CHYEN0i4H0xaRWn0ccUe547rP8tHcZDy+QojKBELfTyc
Ch4iXxP/7Pt61jlEWLaX7g1k7j1tUr1g6f5wvZAelj/Qkba7kasyX3MaVN1lFrkp
WN6erZRcoCIi0Rfs/wZk26agJl6hwCq81Aqv2poxBFBxee9/Gq6+RiAunq9cFzlu
gMpqZe4q6kz6/52RsBS+oIndMOLhsabYPqy0cPQnuFurJHTtzVDrxm1BzYFnCEX2
iKmLHCxg5t8ekd0fr527GPR2VUmimUUfhvACZ492B0e1zfko6fSKbIvJlSIw69Y=
=Fr9F
-----END PGP SIGNATURE-----




From grarpamp at gmail.com  Fri Oct 17 15:56:51 2014
From: grarpamp at gmail.com (grarpamp)
Date: Fri, 17 Oct 2014 18:56:51 -0400
Subject: Legality of warrant canaries
In-Reply-To: <alpine.DEB.2.02.1410180024390.10129@lakka.kapsi.fi>
References: <fd49a9f6822d1488b215e9441aec093d@cryptolab.net>
 <alpine.DEB.2.02.1410180024390.10129@lakka.kapsi.fi>
Message-ID: <CAD2Ti2_5JfQz_N4Ung1e5TBuQbmy1zUbqoJEuWBXvK-WiFq8mg@mail.gmail.com>

I believe the best policy would be to determine your own belief.
Assuming your belief is that gag orders are bullshit and canaries are
stupid games, then:
Inform council you will be taking such position, identify any legal
basis/test such as first amandement / rights.
Wait for warrant, order, NSL, FISA, exigence argument.
Publish it, with/without whatever redactions you see fit, to
whomever/all you see fit.
See what happens.
Nothing better than a stand up fight.
(Never underestimate the power of the 1st).




From wb8foz at nrk.com  Fri Oct 17 19:56:31 2014
From: wb8foz at nrk.com (David)
Date: Fri, 17 Oct 2014 22:56:31 -0400
Subject: Legality of warrant canaries
In-Reply-To: <CAHWD2rLQ8fYhXxbXgLOBOCwfNPS4Qe37k76-ahp+EgQKNENtDg@mail.gmail.com>
References: <fd49a9f6822d1488b215e9441aec093d@cryptolab.net>
 <CAARJRB4LvRhUZZaL5W_1_XK5qvrCW1N6RR5kRUfFHLDNhSZ1fQ@mail.gmail.com>
 <CAHWD2rLQ8fYhXxbXgLOBOCwfNPS4Qe37k76-ahp+EgQKNENtDg@mail.gmail.com>
Message-ID: <5441D6DF.8060606@nrk.com>


I know an amusing story with the USSS and certain hardly large ISP.

They got served with the usual paper, as they had many times before. One 
thing looked different, however. They pulled file copies of past USSS 
subpoenas, and this was one paragraph of boilerplate shorter. You guessed 
it, the agent had left out the "Shhh! You can't tell..." paragraph. Oops, 
perils of cut & paste.

So they checked with their attorney, who noted that point as well. And they 
set up the vacuum cleaner on the account in question, and per instructions, 
emailed the USSS agent......and cc'ed their subscriber.

The agent was quite upset and irate, with a variety of threats.....until 
they pointed out her demand was one paragraph short. Then she got even 
nastier, as she realized she'd stepped in it.

Finally a more senior DOJ person explained to her that Pogo applied in 
spades[1] and she shut up and went away, none too happy.

The End.


1] "We have met the enemy, and he is us..."





From decoy at iki.fi  Fri Oct 17 14:29:33 2014
From: decoy at iki.fi (Sampo Syreeni)
Date: Sat, 18 Oct 2014 00:29:33 +0300 (EEST)
Subject: Legality of warrant canaries
In-Reply-To: <fd49a9f6822d1488b215e9441aec093d@cryptolab.net>
References: <fd49a9f6822d1488b215e9441aec093d@cryptolab.net>
Message-ID: <alpine.DEB.2.02.1410180024390.10129@lakka.kapsi.fi>

On 2014-10-17, Griffin Boyce wrote:

> Back in 2012, I talked to my attorney about setting up a warrant 
> canary or a dead man's switch -- which he pointed out would have the 
> same legal repercussions as just releasing the gagged warrant/NSL. 
> Why?  Because they are frequently phrased in such a way that if you do 
> or fail to do a thing to somehow make it known, then you've violated 
> the order.

Isn't the whole point that "they" will always phrase this sort of thing 
to an individual's disadvantage, against the constitution and human 
rights, and that then the only way to fight such tyranny without killing 
yourself and/or embarrasing them is to have a popular standpoint and/or 
enough of an extant legal fund. I mean, obviously not to defend 
yourself, because you can never succeed in that, but in order to make 
you an unattractive target to begin with? Mutual assurance of 
destruction, and all that.
-- 
Sampo Syreeni, aka decoy - decoy at iki.fi, http://decoy.iki.fi/front
+358-40-3255353, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2




From l at odewijk.nl  Fri Oct 17 19:00:19 2014
From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=)
Date: Sat, 18 Oct 2014 04:00:19 +0200
Subject: Legality of warrant canaries
In-Reply-To: <CAARJRB4LvRhUZZaL5W_1_XK5qvrCW1N6RR5kRUfFHLDNhSZ1fQ@mail.gmail.com>
References: <fd49a9f6822d1488b215e9441aec093d@cryptolab.net>
 <CAARJRB4LvRhUZZaL5W_1_XK5qvrCW1N6RR5kRUfFHLDNhSZ1fQ@mail.gmail.com>
Message-ID: <CAHWD2rLQ8fYhXxbXgLOBOCwfNPS4Qe37k76-ahp+EgQKNENtDg@mail.gmail.com>

2014-10-17 20:26 GMT+02:00 Bill St. Clair <billstclair at gmail.com>:

> I'm surprised that anybody obeys these gag orders. Better to just
> publicize the warrant far and wide, and make it known that you'll kill
> anybody who tries to enforce the gag order. Hey. Do you want to live
> forever?


Calm down there Spikey! Very wild west attitude. Proper governance and
peace still beat that. Contracts can be awesome!

I believe the best policy would be to determine your own belief.
> Assuming your belief is that gag orders are bullshit and canaries are
> stupid games, then:
> Inform council you will be taking such position, identify any legal
> basis/test such as first amandement / rights.
> Wait for warrant, order, NSL, FISA, exigence argument.
> Publish it, with/without whatever redactions you see fit, to
> whomever/all you see fit.
> See what happens.
> Nothing better than a stand up fight.
> (Never underestimate the power of the 1st).


Now, this is legit advice. FISA would likely wreck you though. The whole
design is pretty ripe for corruption. Thing is also, they genuinely believe
they're enhancing public safety and all that. If the Commander in Chief
thinks this is a good idea, who's to stop democracy from giving the people
what they want*?

Reg Canaries, I don't think they work. Why would they? It depends on the
phrasing of the gag order, of course, but indirectly saying you got had is
still saying it, so I agree with OP's lawyer.

* typically this somehow involves bloodshed, so I guess gag orders are a
kindness? Maybe Bill's at the right end. Sometimes I'm so happy I'm not in
a lesser democrazy.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3009 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141018/44c95f6e/attachment.txt>

From contact at subrosa.io  Sat Oct 18 04:17:05 2014
From: contact at subrosa.io (Subrosa.io)
Date: Sat, 18 Oct 2014 04:17:05 -0700
Subject: Fwd: [whispersystems] Warrant Canary - Gag order in place
In-Reply-To: <mailman.1.1413561601.31040.cypherpunks@cpunks.org>
References: <mailman.1.1413561601.31040.cypherpunks@cpunks.org>
Message-ID: <14922f99f87.12365997e86553.2364036845595854328@subrosa.io>

Alternatively, it's also possible that Apple has received an order under Section 215 of the USA Patriot Act.

>Date: Fri, 17 Oct 2014 10:26:25 +0100
>From: Alfie John <alfiej at fastmail.fm>
>To: cypherpunks at cpunks.org
>Subject: Re: Fwd: [whispersystems] Warrant Canary - Gag order in place
>    right now?
>Message-ID:
>    <1413537985.1291115.180081117.257FD1CC at webmail.messagingengine.com>
>Content-Type: text/plain
>
> Even Apple, which had the biggest market cap
>in the world so could afford to take on this fight, bowed down and
>removed their warrant canary recently.
>
>Sadly, until someone with a set of big brass ones goes all guns blazing
>to specifically set precedent, everyone is going to sit on the sidelines
>on this issue.




From ryacko at gmail.com  Sat Oct 18 21:56:50 2014
From: ryacko at gmail.com (Ryan Carboni)
Date: Sat, 18 Oct 2014 21:56:50 -0700
Subject: Malaysian Minister of Information in 2007
Message-ID: <CAO7N=i1wpQC4XaL659f_UkgoJ1qebG16k5Psb2JGkVT-=Rqi-g@mail.gmail.com>

https://www.youtube.com/watch?v=4nAWrQmTmI8

Reminds me of the current FBI director.

Actually Baghdad Bob is the best government spokesperson in the history of
fascism.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 288 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141018/c623415c/attachment.txt>

From l at odewijk.nl  Sun Oct 19 01:22:29 2014
From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=)
Date: Sun, 19 Oct 2014 10:22:29 +0200
Subject: Fwd: [whispersystems] Warrant Canary - Gag order in place right
 now?
In-Reply-To: <20141017160610.GZ1755@nl.grid.coop>
References: <CADqL4Dv2ojQHEYU0EPFBW-rAbPT7wVnxbV2WYdHWDST3BdWO3Q@mail.gmail.com>
 <54405448.3070708@thoughtcrime.org>
 <CAJVRA1QydckaAfPaCgKLr++1REqCd0bJ-sLGpFbvoLyJ7A_XJg@mail.gmail.com>
 <1413537985.1291115.180081117.257FD1CC@webmail.messagingengine.com>
 <20141017160610.GZ1755@nl.grid.coop>
Message-ID: <CAHWD2rK16SZEF0WzPCKmn4Y1zStYyNk8yj3VtsTeYoc_8SBtUQ@mail.gmail.com>

On Oct 17, 2014 6:22 PM, "Troy Benjegerdes" <hozer at hozed.org> wrote:
>
> All of this revolves around the business models. Figure that out and the
> legal jurisdiction is irrelevant, because if you have a good enough
business
> model, you can buy the legislation you want.
>

Not many business models like that.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 442 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141019/566bbd84/attachment.txt>

From coderman at gmail.com  Sun Oct 19 20:37:48 2014
From: coderman at gmail.com (coderman)
Date: Sun, 19 Oct 2014 20:37:48 -0700
Subject: shot over the bow - BIS to control crypto exports anywhere (to ensure
 backdoor enabled?)
Message-ID: <CAJVRA1T2HBkfFZV0H=sPo-+k9VRrYWY-zQ4JxoGG8T0ms6dpjg@mail.gmail.com>

http://www.theregister.co.uk/2014/10/17/intel_subsidiary_crypto_export_fine/
"""
Wind River Systems exported its software to China, Hong Kong, Russia,
Israel, South Africa, and South Korea. BIS [Bureau of Industry and
Security] significantly mitigated what would have been a much larger
fine because the company voluntarily disclosed the violations.

We believe this to be the first penalty BIS has ever issued for the
unlicensed export of encryption software that did not also involve
comprehensively sanctioned countries (e.g., Cuba, Iran, North Korea,
Sudan or Syria). This suggests a fundamental change in BIS’s treatment
of violations of the encryption regulations.

Historically, BIS has resolved voluntarily disclosed violations of the
encryption regulations with a warning letter but no material
consequence, and has shown itself unlikely to pursue such violations
that were not disclosed. This fine dramatically increases the
compliance stakes for software companies — a message that BIS seemed
intent upon making in its announcement.
"""

fuck BIS!




From grarpamp at gmail.com  Sun Oct 19 17:47:52 2014
From: grarpamp at gmail.com (grarpamp)
Date: Sun, 19 Oct 2014 20:47:52 -0400
Subject: Of Sealand, corp, and country [was: nation-state]
Message-ID: <CAD2Ti2_qK1qP_oPOit++uwmaGpyiQFjhk5zkT_+Vgri05LZg=g@mail.gmail.com>

On Sun, Oct 19, 2014 at 5:43 PM, Alfie John <alfiej at fastmail.fm> wrote:
> On Thu, Oct 16, 2014, at 08:32 PM, rysiek wrote:
>> I am waiting for the first multinational corporation to declare
>> independence.
>> Also: http://rys.io/en/77
>
> Although not a multinational, The Pirate Bay did try to buy Sealand.

Sealand is only as unique as the price Bates wants (it's also probably
structurally unsound after taking an ocean beating for 70yrs)...
How much would it cost to build, float and sink your own concrete silo?
Who's researching locations of low depth found beyond 3-12+nm/EEZ
in international waters?
How does this cost compare to building your own acres of floating
pontoon, barge, boat, or raft?
And who sayeth hoisting your flag does not make you a country be?




From dan at geer.org  Sun Oct 19 19:39:09 2014
From: dan at geer.org (dan at geer.org)
Date: Sun, 19 Oct 2014 22:39:09 -0400
Subject: Corporate undercover nation-state agents
In-Reply-To: Your message of "Thu, 16 Oct 2014 15:34:56 +0200."
 <4116036fd30dfa22ddb91ceba49d29e9@riseup.net>
Message-ID: <20141020023909.1A22A228108@palinka.tinho.net>

 > It should be clear now, if not long ago, that the US Government is the 
 > silent occupier of the stateless generation. This is true no matter the 
 > protest the American technological industry may attempt present in 
 > response to this fact. In light of this "Balkanisation" should be seen 
 > as a marketing term thought up by US actors to prevent the rest of the 
 > world from noticing that their data, sitting in or traversing the US, 
 > has less rights than that of a Syrian refugee.

I would argue that we are at a fork in the road where in the one
direction is the balkanization of the Internet in the interests of
states' sovereignties and in the other direction the Internet becomes
government, per se, and a laissez faire one at that.  Until the day
it is not.

[ Out of curiousity, are you a French mathematician? ]

--dan




From alfiej at fastmail.fm  Sun Oct 19 14:43:51 2014
From: alfiej at fastmail.fm (Alfie John)
Date: Sun, 19 Oct 2014 22:43:51 +0100
Subject: Corporate undercover nation-state agents
In-Reply-To: <24800809.JhIfP995YH@lapuntu>
References: <4116036fd30dfa22ddb91ceba49d29e9@riseup.net>
 <E1Xem8K-0004wy-Tk@elasmtp-masked.atl.sa.earthlink.net>
 <24800809.JhIfP995YH@lapuntu>
Message-ID: <1413755031.3861168.180822217.63A72772@webmail.messagingengine.com>

On Thu, Oct 16, 2014, at 08:32 PM, rysiek wrote:
> Thank you. I couldn't agree more. Apple-Disney-Fox is as dangerous and
> looming 
> as military-industrial-complex... because they're basically the same.
> 
> I am waiting for the first multinational corporation to declare
> independence. 
> Also: http://rys.io/en/77

Although not a multinational, The Pirate Bay did try to buy Sealand.

Alfie

-- 
  Alfie John
  alfiej at fastmail.fm




From odinn.cyberguerrilla at riseup.net  Sun Oct 19 23:25:48 2014
From: odinn.cyberguerrilla at riseup.net (odinn)
Date: Mon, 20 Oct 2014 06:25:48 +0000
Subject: shot over the bow - BIS to control crypto exports anywhere (to
 ensure backdoor enabled?)
In-Reply-To: <CAJVRA1T2HBkfFZV0H=sPo-+k9VRrYWY-zQ4JxoGG8T0ms6dpjg@mail.gmail.com>
References: <CAJVRA1T2HBkfFZV0H=sPo-+k9VRrYWY-zQ4JxoGG8T0ms6dpjg@mail.gmail.com>
Message-ID: <5444AAEC.5070304@riseup.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

"Any self-respecting open-source developer will establish anonymity,
develop code, and release it to the world with no authorization
whatsoever.

The code will live or die on its own merit."

~ from the 'Export Controls' section of "Darknet for Beginners"
[[ August 12, 2013 post at
https://odinn.cyberguerrilla.org/index.php/2013/08/12/darknet-for-beginners/
]]

- - Odinn

coderman wrote:
> http://www.theregister.co.uk/2014/10/17/intel_subsidiary_crypto_export_fine/
>
> 
"""
> Wind River Systems exported its software to China, Hong Kong,
> Russia, Israel, South Africa, and South Korea. BIS [Bureau of
> Industry and Security] significantly mitigated what would have been
> a much larger fine because the company voluntarily disclosed the
> violations.
> 
> We believe this to be the first penalty BIS has ever issued for
> the unlicensed export of encryption software that did not also
> involve comprehensively sanctioned countries (e.g., Cuba, Iran,
> North Korea, Sudan or Syria). This suggests a fundamental change in
> BIS’s treatment of violations of the encryption regulations.
> 
> Historically, BIS has resolved voluntarily disclosed violations of
> the encryption regulations with a warning letter but no material 
> consequence, and has shown itself unlikely to pursue such
> violations that were not disclosed. This fine dramatically
> increases the compliance stakes for software companies — a message
> that BIS seemed intent upon making in its announcement. """
> 
> fuck BIS!
> 
> 

- -- 
http://abis.io ~
"a protocol concept to enable decentralization
and expansion of a giving economy, and a new social good"
https://keybase.io/odinn
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJURKrsAAoJEGxwq/inSG8CLzIH/Anztm0IN6wLOtj4KthxJv7s
DZzbregs9UpE3CdAFs10oLJo2HCX/91gUBUNRRDdgk5ZotQey5gDMPBlO5Q3oOX2
WUMT+l3yznLOut6TDVXyXp06vtkyvXKzoqhuU3+PmGMbJKtqDhYCnKCxwGK92O9V
3vhJYS1Z8rCDDpcLLnL2BATbtc5zlOasB4KnPsmwFAvAWq+C/exGKFfJwc0XqUVK
vz2ZTKm9OUD6oZd2kbEbJRL66egbvkPZP7Jd7RYBcUGDQpEjSD1dF/pecwLX4Or4
rvy3pC7o/fEaGjFQ5QAlsoW+orh7ouoOUbZvnW0XgeKjyLfi5O+46tUFaQGI14U=
=OCc5
-----END PGP SIGNATURE-----




From odinn.cyberguerrilla at riseup.net  Mon Oct 20 00:48:20 2014
From: odinn.cyberguerrilla at riseup.net (odinn)
Date: Mon, 20 Oct 2014 07:48:20 +0000
Subject: NSA Co-Chairs of Crypto Forum Research Group, Legitimacy of WebCrypto
 API in Doubt
Message-ID: <5444BE44.5070901@riseup.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

For those of you on this list who have been watching the progress of
things relating to the W3C coordinated process for the WebCrypto API,
you know that a lot of work and thought has gone into this and it is
an impressive collaboration.

But with the IETF CFRG (Crypto Forum Research Group) still being
co-chaired by an agent of the NSA (n1), anything that passes through
that organization must be questioned at this time.  (In the unlikely
event that the CFRG page is censored after this message is sent, I've
included the names and e-mail addresses of the current co-chairs as
part of this message as they currently appear on the CFRG's site,
where their names and e-mail addresses have been sitting in full
public view for a very long time (n2)).

As some of you already know, people within the Crypto Forum Research
Group have tried (so far unsuccessfully) since last year (n1, n2, n3)
to remove the NSA Co-chair.  It should not matter who the person is,
but the issue is that having anyone who is in the employ of or
affiliated with the NSA chair (or co-chair) a research group whose
purpose it is to advise all IETF Working Groups, is highly problematic
for reasons which now should be obvious to anyone reading this message.

Currently the WebCrypto API is approaching its last call ~ it's in a
process of being finalized.  For those who are not sure what the
WebCrypto API is, it's one of those things that is designed to
basically help make ordinary webpages that you see work, and includes
the definition of cryptographic primitives that make your internet go.
 That's a terrible description actually, but if you want a better or
more comprehensive description of WebCrypto API in plain English,
consider reading poulpita's blog (n4).  It's also described at a W3C
page as a "JavaScript API for performing basic cryptographic
operations in web applications, such as hashing, signature generation
and verification, and encryption and decryption. Additionally, it
describes an API for applications to generate and/or manage the keying
material necessary to perform these operations. Uses for this API
range from user or service authentication, document or code signing,
and the confidentiality and integrity of communications." (n5)

But the WebCrypto API Doc process and, and indeed the legitimacy of
the WebCrypto API itself, should be questioned and doubted, for the
WebCrypto group has recently held off on including the widely-used
curve25519 within NamedCurve dictionaries or as part of its
extensibility and errata process, until the (NSA co-chaired) Crypto
Forum Research Group gives W3C the go-ahead.   For further information
and confirmation on this, see (n6) below.

If you are concerned about this, check out the message thread
discussing attempts to remove the NSA co-chair (n3) and consider
posting to the CFRG list (n7) about it once you subscribe.

NSA affiliated persons need to be removed from groups that influence
the direction of the entire web. I hope those who receive this message
will organize to help make that happen.

(n1) https://irtf.org/cfrg
(n2) From CFRG's public webpage (n1) as of Oct. 20, 2014:  "CFRG is
chaired by Kevin Igoe (kmigoe at nsa.gov), Kenny Paterson
(kenny.paterson at rhul.ac.uk) and Alexey Melnikov
(alexey.melnikov at isode.com)."
(n3) http://www.ietf.org/mail-archive/web/cfrg/current/msg03554.html
(n4) http://poulpita.com/2014/08/28/w3c-web-crypto-whats-next/
(n5) https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html
(n6) https://www.w3.org/Bugs/Public/show_bug.cgi?id=25839 (see in
particular: comments 11, 12, 48, and 59 through 63 on that page)
(n7) https://irtf.org/mailman/listinfo/cfrg
- -- 
http://abis.io ~
"a protocol concept to enable decentralization
and expansion of a giving economy, and a new social good"
https://keybase.io/odinn
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJURL5EAAoJEGxwq/inSG8CN6QH+wZK+J15RtA4PART46BJRuPf
6ikb/gncf1oIVqVhII1MZyni9Tz+l9fZxkEiPN7bEAZg9zEkm/UrJhpQGa+Q1Lna
vNanGyLfnVGJjsA1AxXpBnBsxqm8uwbLQNtNhLdf/UnEk92aNFgvroxSWk62aGoh
3zpzwTMioe1OWyuWk2y3adx/0WTAP9YRuM3J6MKY+Qh+mJMZJmCsnal+Dw/gqjSn
Nd5oYght6H+9Af4bwSq3Eh816ojHg6rmzgAIIyWLyeFQiSPHrZVdFXa1bYUeM2gW
8a1udtaRLfVf69IevOvbIc2RM8Lh+uAKXFk65jfpvh2TbJ6U8PP9BUR799XGfEY=
=k9SP
-----END PGP SIGNATURE-----




From l at odewijk.nl  Tue Oct 21 03:57:30 2014
From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=)
Date: Tue, 21 Oct 2014 12:57:30 +0200
Subject: Of Sealand, corp, and country [was: nation-state]
In-Reply-To: <CAD2Ti2_qK1qP_oPOit++uwmaGpyiQFjhk5zkT_+Vgri05LZg=g@mail.gmail.com>
References: <CAD2Ti2_qK1qP_oPOit++uwmaGpyiQFjhk5zkT_+Vgri05LZg=g@mail.gmail.com>
Message-ID: <CAHWD2rL1D3xqT7qgCanPAodoz_-zaJyqBnFr0oXqqoe_d3jU4g@mail.gmail.com>

On Oct 20, 2014 3:03 AM, "grarpamp" <grarpamp at gmail.com> wrote:
>
> On Sun, Oct 19, 2014 at 5:43 PM, Alfie John <alfiej at fastmail.fm> wrote:
> >
> > Although not a multinational, The Pirate Bay did try to buy Sealand.
>
> Sealand is only as unique as the price Bates wants (it's also probably
> structurally unsound after taking an ocean beating for 70yrs)...
> How much would it cost to build, float and sink your own concrete silo?
> Who's researching locations of low depth found beyond 3-12+nm/EEZ
> in international waters?
> How does this cost compare to building your own acres of floating
> pontoon, barge, boat, or raft?
> And who sayeth hoisting your flag does not make you a country be?

The UN has demands on what makes a nation. It requires land. I'm not sure
if Sealand qualifies, but I think it's overhyped.

There's plenty of island nations, why not buy one of them? If you agree to
donate shares to the government they might be all ears.

You could band together with some other corporations if you don't have the
capital/value.

Have to wonder what's the point though. Save tax? Apple already does it, no
need to own the island to profit from it. Liberty? As if Google doesn't buy
law already. It might make them too scary.

I think Google should do it. It'd be a fun project, Google Nation.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1646 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141021/b5696983/attachment.txt>

From groundhog593 at riseup.net  Tue Oct 21 17:14:29 2014
From: groundhog593 at riseup.net (Bethany)
Date: Tue, 21 Oct 2014 20:14:29 -0400
Subject: Digital security consultant willing to be based in LatAm?
Message-ID: <5446F6E5.40908@riseup.net>

Front Line Defenders (FLD) in partnership with Tactical Technology
Collective (TTC) is working to expand capacity of Human Rights Defenders
(HRDs) to manage risks associated with the use of digital
communications. We would like to offer direct, on the ground support to
HRDs with the help of a Digital Security Consultant (DSC) based in Latin
America. FLD and TTC are seeking cooperation with a consultant for a
contract finishing at the end of 2015 to help with digital security
support for HRDs and HR organisations at risk in Latin America. The
deadline for the applications is 9th November 2014.

Read more: https://www.frontlinedefenders.org/node/27505

---

Front Line Defenders (FLD) y Tactical Technology Collective (TTC) están
trabajando juntos para que defensores/as de derechos humanos (DDH)
incrementen su capacidad para el manejo de riesgos asociados con las
comunicaciones digitales. Nos gustaría ofrecer asistencia directa y en
el terreno a los/as DDH a través de la asistencia de un Asesor en
seguridad digital (ASD), con base en América Latina. FLD y TTC buscan
trabajar en cooperación con un asesor, a través de un contrato hasta
fines del 2015, para ayudar a brindar asistencia en seguridad digital
para DDH y organizaciones de derechos humanos en riesgo en América
Latina. La fecha tope para enviar las postulaciónes esta 9 de noviembre
de 2014.

Leer más: https://www.frontlinedefenders.org/es/node/27506




From ryacko at gmail.com  Wed Oct 22 08:51:39 2014
From: ryacko at gmail.com (Ryan Carboni)
Date: Wed, 22 Oct 2014 08:51:39 -0700
Subject: Of Sealand, corp, and country [was: nation-state]
Message-ID: <CAO7N=i3CK+=dbojTuZF2No3_k=5sJgAiSsL_vp0Nvhw_oTkrmw@mail.gmail.com>

Global warming is devouring island nations.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 69 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141022/f63c83c5/attachment.txt>

From juan.g71 at gmail.com  Wed Oct 22 14:45:54 2014
From: juan.g71 at gmail.com (Juan)
Date: Wed, 22 Oct 2014 18:45:54 -0300
Subject: Of Sealand, corp, and country [was: nation-state]
In-Reply-To: <CAHWD2rKwo9DYdX5uZf5pe89gqDQpOcoa5XWNsDyFbD2AvXubSQ@mail.gmail.com>
References: <CAO7N=i3CK+=dbojTuZF2No3_k=5sJgAiSsL_vp0Nvhw_oTkrmw@mail.gmail.com>
 <20141022164044.GA5242@sivokote.iziade.m$>
 <CAHWD2rKwo9DYdX5uZf5pe89gqDQpOcoa5XWNsDyFbD2AvXubSQ@mail.gmail.com>
Message-ID: <54482549.27558c0a.0ae3.0043@mx.google.com>

On Wed, 22 Oct 2014 19:21:46 +0200


> > On Wed, Oct 22, 2014 at 08:51:39AM -0700, Ryan Carboni wrote:
> > > Global warming is devouring island nations.

	evidence?




From l at odewijk.nl  Wed Oct 22 10:21:46 2014
From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=)
Date: Wed, 22 Oct 2014 19:21:46 +0200
Subject: Of Sealand, corp, and country [was: nation-state]
In-Reply-To: <20141022164044.GA5242@sivokote.iziade.m$>
References: <CAO7N=i3CK+=dbojTuZF2No3_k=5sJgAiSsL_vp0Nvhw_oTkrmw@mail.gmail.com>
 <20141022164044.GA5242@sivokote.iziade.m$>
Message-ID: <CAHWD2rKwo9DYdX5uZf5pe89gqDQpOcoa5XWNsDyFbD2AvXubSQ@mail.gmail.com>

2014-10-22 18:40 GMT+02:00 Georgi Guninski <guninski at guninski.com>:

> On Wed, Oct 22, 2014 at 08:51:39AM -0700, Ryan Carboni wrote:
> > Global warming is devouring island nations.
> ... and Ebola is a global threat, according to the black
> dude in the white house.


Either way islands are dissapearing into the ocean, and people are dying
from disease. Multinationals can buy islands still. They might be cheaper
if they let them shrink to the size of about one tarp with a
letter-forwarding dock/office.

I don't exactly see possible pandemics as nothing to worry about it,
either. But it doesn't really seem like Ebola is going out of control.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1047 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141022/b59a6669/attachment.txt>

From guninski at guninski.com  Wed Oct 22 09:40:44 2014
From: guninski at guninski.com (Georgi Guninski)
Date: Wed, 22 Oct 2014 19:40:44 +0300
Subject: Of Sealand, corp, and country [was: nation-state]
In-Reply-To: <CAO7N=i3CK+=dbojTuZF2No3_k=5sJgAiSsL_vp0Nvhw_oTkrmw@mail.gmail.com>
References: <CAO7N=i3CK+=dbojTuZF2No3_k=5sJgAiSsL_vp0Nvhw_oTkrmw@mail.gmail.com>
Message-ID: <20141022164044.GA5242@sivokote.iziade.m$>

On Wed, Oct 22, 2014 at 08:51:39AM -0700, Ryan Carboni wrote:
> Global warming is devouring island nations.
... and Ebola is a global threat, according to the black
dude in the white house.




From juan.g71 at gmail.com  Thu Oct 23 00:53:59 2014
From: juan.g71 at gmail.com (Juan)
Date: Thu, 23 Oct 2014 04:53:59 -0300
Subject: Of Sealand, corp, and country [was: nation-state]
In-Reply-To: <1678851.ZS9v9yKKeL@lapuntu>
References: <CAO7N=i3CK+=dbojTuZF2No3_k=5sJgAiSsL_vp0Nvhw_oTkrmw@mail.gmail.com>
 <CAHWD2rKwo9DYdX5uZf5pe89gqDQpOcoa5XWNsDyFbD2AvXubSQ@mail.gmail.com>
 <54482549.27558c0a.0ae3.0043@mx.google.com>
 <1678851.ZS9v9yKKeL@lapuntu>
Message-ID: <5448b3d4.0a1ee00a.558d.5fa8@mx.google.com>

On Thu, 23 Oct 2014 09:27:31 +0200
rysiek <rysiek at hackerspace.pl> wrote:

> Dnia środa, 22 października 2014 18:45:54 Juan pisze:
> > On Wed, 22 Oct 2014 19:21:46 +0200
> > 
> > > > On Wed, Oct 22, 2014 at 08:51:39AM -0700, Ryan Carboni wrote:
> > > > > Global warming is devouring island nations.
> > 
> > 	evidence?
> 
> Click the citations:
> http://en.wikipedia.org/wiki/Arctic_sea_ice_decline
	

	Sorry your wikitrash link doesn't seem to be about island
	nations being "devoured" - or sunk. 

	But feel free to link any evidence about islands going below
	sea level.

> 
> Or, in a format that should be more palatable for you:

	Sorry, I don't know why you thought I consider video to be more
	palatable when the exact opposite is true.

	Again, feel free to post any real evidence.



> http://www.youtube.com/watch?v=lPgZfhnCAdI
> http://www.youtube.com/watch?v=cjuGCJJUGsg
> 





From rysiek at hackerspace.pl  Thu Oct 23 00:27:31 2014
From: rysiek at hackerspace.pl (rysiek)
Date: Thu, 23 Oct 2014 09:27:31 +0200
Subject: Of Sealand, corp, and country [was: nation-state]
In-Reply-To: <54482549.27558c0a.0ae3.0043@mx.google.com>
References: <CAO7N=i3CK+=dbojTuZF2No3_k=5sJgAiSsL_vp0Nvhw_oTkrmw@mail.gmail.com>
 <CAHWD2rKwo9DYdX5uZf5pe89gqDQpOcoa5XWNsDyFbD2AvXubSQ@mail.gmail.com>
 <54482549.27558c0a.0ae3.0043@mx.google.com>
Message-ID: <1678851.ZS9v9yKKeL@lapuntu>

Dnia środa, 22 października 2014 18:45:54 Juan pisze:
> On Wed, 22 Oct 2014 19:21:46 +0200
> 
> > > On Wed, Oct 22, 2014 at 08:51:39AM -0700, Ryan Carboni wrote:
> > > > Global warming is devouring island nations.
> 
> 	evidence?

Click the citations:
http://en.wikipedia.org/wiki/Arctic_sea_ice_decline

Or, in a format that should be more palatable for you:
http://www.youtube.com/watch?v=lPgZfhnCAdI
http://www.youtube.com/watch?v=cjuGCJJUGsg

-- 
Pozdr
rysiek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 411 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141023/da5939d5/attachment.sig>

From cathalgarvey at cathalgarvey.me  Thu Oct 23 01:33:44 2014
From: cathalgarvey at cathalgarvey.me (Cathal Garvey)
Date: Thu, 23 Oct 2014 09:33:44 +0100
Subject: Of Sealand, corp, and country [was: nation-state]
In-Reply-To: <CAHWD2rLMx=MFXvcoz+aU5ihQecRAduegO-SDuoEsqZf2R9Vqvw@mail.gmail.com>
References: <CAO7N=i3CK+=dbojTuZF2No3_k=5sJgAiSsL_vp0Nvhw_oTkrmw@mail.gmail.com>
 <CAHWD2rKwo9DYdX5uZf5pe89gqDQpOcoa5XWNsDyFbD2AvXubSQ@mail.gmail.com>
 <54482549.27558c0a.0ae3.0043@mx.google.com> <1678851.ZS9v9yKKeL@lapuntu>
 <CAHWD2rLMx=MFXvcoz+aU5ihQecRAduegO-SDuoEsqZf2R9Vqvw@mail.gmail.com>
Message-ID: <5448BD68.2080109@cathalgarvey.me>

Any sufficiently advanced science denialism is indistinguishable from 
trolling. :)

On 23/10/14 09:04, Lodewijk andré de la porte wrote:
> On Oct 23, 2014 9:44 AM, "rysiek" <rysiek at hackerspace.pl
> <mailto:rysiek at hackerspace.pl>> wrote:
>  >
>  > Dnia środa, 22 października 2014 18:45:54 Juan pisze:
>  > > On Wed, 22 Oct 2014 19:21:46 +0200
>  > >
>  > > > > On Wed, Oct 22, 2014 at 08:51:39AM -0700, Ryan Carboni wrote:
>  > > > > > Global warming is devouring island nations.
>  > >
>  > >       evidence?
>  >
>  > Click the citations:
>  > http://en.wikipedia.org/wiki/Arctic_sea_ice_decline
>
> You shouldn't bother with Juan. He pulls this shit all the time. He
> could look for evidence by himself, he just chooses to forgo that the
> only question is into which extend it's humanity induced. And even that
> is quite settled with a bulky UN report.
>
> So, Juan, please just, I dunno, honestly. Figure it out.
>




From l at odewijk.nl  Thu Oct 23 01:04:07 2014
From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=)
Date: Thu, 23 Oct 2014 10:04:07 +0200
Subject: Of Sealand, corp, and country [was: nation-state]
In-Reply-To: <1678851.ZS9v9yKKeL@lapuntu>
References: <CAO7N=i3CK+=dbojTuZF2No3_k=5sJgAiSsL_vp0Nvhw_oTkrmw@mail.gmail.com>
 <CAHWD2rKwo9DYdX5uZf5pe89gqDQpOcoa5XWNsDyFbD2AvXubSQ@mail.gmail.com>
 <54482549.27558c0a.0ae3.0043@mx.google.com>
 <1678851.ZS9v9yKKeL@lapuntu>
Message-ID: <CAHWD2rLMx=MFXvcoz+aU5ihQecRAduegO-SDuoEsqZf2R9Vqvw@mail.gmail.com>

On Oct 23, 2014 9:44 AM, "rysiek" <rysiek at hackerspace.pl> wrote:
>
> Dnia środa, 22 października 2014 18:45:54 Juan pisze:
> > On Wed, 22 Oct 2014 19:21:46 +0200
> >
> > > > On Wed, Oct 22, 2014 at 08:51:39AM -0700, Ryan Carboni wrote:
> > > > > Global warming is devouring island nations.
> >
> >       evidence?
>
> Click the citations:
> http://en.wikipedia.org/wiki/Arctic_sea_ice_decline

You shouldn't bother with Juan. He pulls this shit all the time. He could
look for evidence by himself, he just chooses to forgo that the only
question is into which extend it's humanity induced. And even that is quite
settled with a bulky UN report.

So, Juan, please just, I dunno, honestly. Figure it out.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1001 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141023/bf59ba31/attachment.txt>

From cyberkiller8 at gmail.com  Thu Oct 23 01:33:32 2014
From: cyberkiller8 at gmail.com (=?UTF-8?B?IsWBdWthc3ogXCJDeWJlciBLaWxsZXJcIiBLb3JwYWxza2ki?=)
Date: Thu, 23 Oct 2014 10:33:32 +0200
Subject: Of Sealand, corp, and country [was: nation-state]
In-Reply-To: <5448b3d4.0a1ee00a.558d.5fa8@mx.google.com>
References: <CAO7N=i3CK+=dbojTuZF2No3_k=5sJgAiSsL_vp0Nvhw_oTkrmw@mail.gmail.com>
 <CAHWD2rKwo9DYdX5uZf5pe89gqDQpOcoa5XWNsDyFbD2AvXubSQ@mail.gmail.com>
 <54482549.27558c0a.0ae3.0043@mx.google.com> <1678851.ZS9v9yKKeL@lapuntu>
 <5448b3d4.0a1ee00a.558d.5fa8@mx.google.com>
Message-ID: <5448BD5C.7020404@gmail.com>

W dniu 23.10.2014 o 09:53, Juan pisze:
> On Thu, 23 Oct 2014 09:27:31 +0200
> rysiek <rysiek at hackerspace.pl> wrote:
> 
>> Dnia środa, 22 października 2014 18:45:54 Juan pisze:
>>> On Wed, 22 Oct 2014 19:21:46 +0200
>>>
>>>>> On Wed, Oct 22, 2014 at 08:51:39AM -0700, Ryan Carboni wrote:
>>>>>> Global warming is devouring island nations.
>>>
>>> 	evidence?
>>
>> Click the citations:
>> http://en.wikipedia.org/wiki/Arctic_sea_ice_decline
> 	
> 
> 	Sorry your wikitrash link doesn't seem to be about island
> 	nations being "devoured" - or sunk. 
> 
> 	But feel free to link any evidence about islands going below
> 	sea level.
> 
>>
>> Or, in a format that should be more palatable for you:
> 
> 	Sorry, I don't know why you thought I consider video to be more
> 	palatable when the exact opposite is true.
> 
> 	Again, feel free to post any real evidence.
> 
> 
> 
>> http://www.youtube.com/watch?v=lPgZfhnCAdI
>> http://www.youtube.com/watch?v=cjuGCJJUGsg
>>
> 
> 

Read this:
http://www.earth-policy.org/plan_b_updates/2001/update2

I also recall more recently reading a similar article about Tokelau, so
this is not a single case. Larger island nations don't notice this so
much, yet.

BTW: I made an oath last july, which was f****** unbearably hot in my
location, to punch any climate change denier that I come across in the
face. So consider yourself lucky that punches don't fly over the wire.
Climate change is a fact, not something to believe/notbelieve.

Now, that's done, let's get back on topic for this maillist.

-- 
Łukasz "Cyber Killer" Korpalski

mail: cyberkiller8 at gmail.com
xmpp: cyber_killer at jabster.pl
site: http://website.cybkil.cu.cc
gpgkey: 0x72511999 @ hkp://keys.gnupg.net

//When replying to my e-mail, kindly please
//write your message below the quoted text.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141023/ce1fd4f7/attachment.sig>

From cathalgarvey at cathalgarvey.me  Thu Oct 23 03:36:56 2014
From: cathalgarvey at cathalgarvey.me (Cathal Garvey)
Date: Thu, 23 Oct 2014 11:36:56 +0100
Subject: Of Sealand, corp, and country [was: nation-state]
In-Reply-To: <5448D4E7.90101@gmail.com>
References: <CAO7N=i3CK+=dbojTuZF2No3_k=5sJgAiSsL_vp0Nvhw_oTkrmw@mail.gmail.com>
 <CAHWD2rKwo9DYdX5uZf5pe89gqDQpOcoa5XWNsDyFbD2AvXubSQ@mail.gmail.com>
 <54482549.27558c0a.0ae3.0043@mx.google.com> <1678851.ZS9v9yKKeL@lapuntu>
 <5448b3d4.0a1ee00a.558d.5fa8@mx.google.com> <5448BD5C.7020404@gmail.com>
 <CAHWD2rLF9yUeyC0OQxnQpX08CoPCX0ajU5nnXbmzGsQ5BcgNPw@mail.gmail.com>
 <5448D4E7.90101@gmail.com>
Message-ID: <5448DA48.3000500@cathalgarvey.me>

 > forced everyone in my family to use eco stuff (I'm pretty sure
 > they are still throwing away all trash unsegregated when I'm not
 > looking though).

You'll be disappointed to hear that recycling is largely irrelevant on 
the global scale, and was favoured by green parties as a policy only 
because it gets voters involved and makes them feel important to the 
solution. Same goes for changing to efficient lightbulbs; it's helpful, 
but practically negligible compared to your daily commute, your choice 
of diet, your insulation, etcetera.

In the end, industry, and the consumer products we buy from it that fuel 
its bad behaviour, is far worse for the environment than piffling things 
like bulbs and recycling. Buying less waste is better than segregating it.

What we need is energy decline, and what that means is travelling less, 
buying less, burning less. Our energy should come from nuclear, not 
coal. Our buildings shouldn't be made from concrete. Our diets should 
use less land; less meat, and higher yields (go-go-gmo!). Our products 
should last longer and do more (cf. Bunnie's concept of "heirloom 
laptops"), instead of doing less faster and then breaking and getting 
"recycled" by impoverished kids in bangladesh.

It's a totally systemic problem, and bullying people into just recycling 
makes them think that they've done their part, and the rest is up to the 
next worst person. They need to understand that shutting down the coal 
plant in their city would do more good all-round than if everyone in the 
city recycled everything they bought.

On 23/10/14 11:13, "Łukasz \"Cyber Killer\" Korpalski" wrote:
> W dniu 23.10.2014 o 11:55, Lodewijk andré de la porte pisze:
>> 2014-10-23 10:33 GMT+02:00 "Łukasz \"Cyber Killer\" Korpalski"
>> <cyberkiller8 at gmail.com <mailto:cyberkiller8 at gmail.com>>:
>>
>>      BTW: I made an oath last july, which was f****** unbearably hot in my
>>      location, to punch any climate change denier that I come across in the
>>      face. So consider yourself lucky that punches don't fly over the wire.
>>      Climate change is a fact, not something to believe/notbelieve.
>>
>>
>> No, please, just don't, god, this is even worse!
>>
>> Providing the wrong arguments for the right conclusion DOES NOT HELP AT ALL
>>
>
> I'm not sure I follow. Being angry at people who deny clinate change,
> because of them less people care about the environment, seems like a
> good idea to me.
>
> There's not much else I can do, I already gave donations, signed
> petitions, gave my computing power to climate model research in a BOINC
> project, forced everyone in my family to use eco stuff (I'm pretty sure
> they are still throwing away all trash unsegregated when I'm not looking
> though). I lack the power to change the policies of the large most
> polluting countries, and eco terrorism is quite difficult when they
> shoot first and ask questions later.
>
> Anyway, I'll drop the subject now.
>
>> At /best/ you'll only invoke the "it can be warmer randomly, that's
>> fine, climate or just a hot year", which is the truth, at worst you're
>> giving Juan a reason to deny an overwhelmingly large body of evidence.
>>
>
> OK, I'll stop feeding the troll.
>
> (...)
>>
>> If you really care: http://www.unep.org/climatechange/ or more
>> specifically http://www.ipcc.ch/report/ar5/index.shtml
>>
> (...)
>
> Thx for these links.
>




From l at odewijk.nl  Thu Oct 23 02:55:48 2014
From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=)
Date: Thu, 23 Oct 2014 11:55:48 +0200
Subject: Of Sealand, corp, and country [was: nation-state]
In-Reply-To: <5448BD5C.7020404@gmail.com>
References: <CAO7N=i3CK+=dbojTuZF2No3_k=5sJgAiSsL_vp0Nvhw_oTkrmw@mail.gmail.com>
 <CAHWD2rKwo9DYdX5uZf5pe89gqDQpOcoa5XWNsDyFbD2AvXubSQ@mail.gmail.com>
 <54482549.27558c0a.0ae3.0043@mx.google.com> <1678851.ZS9v9yKKeL@lapuntu>
 <5448b3d4.0a1ee00a.558d.5fa8@mx.google.com> <5448BD5C.7020404@gmail.com>
Message-ID: <CAHWD2rLF9yUeyC0OQxnQpX08CoPCX0ajU5nnXbmzGsQ5BcgNPw@mail.gmail.com>

2014-10-23 10:33 GMT+02:00 "Łukasz \"Cyber Killer\" Korpalski" <
cyberkiller8 at gmail.com>:

> BTW: I made an oath last july, which was f****** unbearably hot in my
> location, to punch any climate change denier that I come across in the
> face. So consider yourself lucky that punches don't fly over the wire.
> Climate change is a fact, not something to believe/notbelieve.


No, please, just don't, god, this is even worse!

Providing the wrong arguments for the right conclusion DOES NOT HELP AT ALL

At *best* you'll only invoke the "it can be warmer randomly, that's fine,
climate or just a hot year", which is the truth, at worst you're giving
Juan a reason to deny an overwhelmingly large body of evidence.

When leaving the doors open my father used to say "we're not heating the
outside air", even as an 8 year old I thought that if all houses
collectively attempted to heat the outside air it was bound to work. I had
a pretty hard time imagining where all the heat must go. It turns out that
cities are actually ~3 degrees (celcius ofc!) warmer because the air is
heated (and slowed bc of buildings). It also turns out we lose insanely
huge amounts of energy to space, yet do not cool down because the sun
blasts in really about as much. So 8 year old me was right in his
curiosity, but ultimately his hope that heating the outside air would work
was a little ignorant of the science facts.

I thought I could at least amuse you guys with an anacdote, given we're
spewing irrelevant evidence.

If you really care: http://www.unep.org/climatechange/ or more specifically
http://www.ipcc.ch/report/ar5/index.shtml

Let me know once you've independently (in)validated the results presented
by the ~1500 people who's job it is to know. While you're doing that, I'm
just going to continue acknowledging that it's happening and not doing
anything about it because it's game theory and China/Russia are never going
to vouch for anything that hurts their bottom line more than it does
America's, given they will have hardly any trouble at all with climate
change. Hell, Russia might become a nice place to visit and China might
have some use for its desert highlands. Burn on, comrades!

Note that the solution is trivial! We have ("share") a certain amount of
destroyable earth, we can only spew so much of this and that over a certain
time period. At the scale at which it matters, global pollution at the
global level (UN), local polution at the local level (provincially or
nationally), the amount of destroyable earth should be estimated* and
auctioned. Sounds atrivial? That's because everyone's fucking incompetent
and/or corrupt and/or simply doesn't actually care. If they did, they would
have implemented this system for more-dangerous chemicals than greenhouse
gasses, in a UN that was created not to deal with issues of war but instead
with the issue of improving humanity as a whole, at or about 1900. Or
earlier or later, for all I care.

Now your best bet, if you're worried, is to:
0) Be wealthy
1) Live on ground >5 meters above sealevel. More is preferable (storms,
etc).
2) Live somewhere a few degrees underneath your preferred temperature.
3) Have solar panels
I don't think growing your own food is worth the bother, all of us on the
mailing lists are in pretty wealthy nations. I think we'll turn savage and
abuse the shit out of Africa and most of Asia before we go hungry. Not what
I'd like to see, I'd prefer them growing wealthy from getting their crops
bought, but who am I kidding? Surely, with all the anarchists here, we'd
just abandon our systems of law as soon as it becomes profitable, right?
Little doublethink and it won't even bother you at night. The solar panels
are just there to ensure you can continue using your computer, and possibly
sell electricity once the prices skyrocket because nobody would want to
ruin the environment anymore. Being wealthy is 0, because it seems like
that's always a good idea.

(Sorry about the angry tone, I found out my roof is excellent at
propagating sounds from above it. Hardly any distortion! Please play music
before 1 in the afternoon when I wake up. I won't complain, because playing
music after ~10 AM is totally socially acceptable. Thanks! I think I'll ask
them politely and calmly once I can convincingly pretend to be. To be human
♫~~)

* through a combination of politicians indicating the tolerable
environmental effects and scientists estimating the amount of specific
contaminants releasable at a certain scale to stay within those tolerable
environmental effects. Corruption tolerance is no different from other
governmental tasks, so let's not pretend this one specifically is a greater
risk, please?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 6031 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141023/4e0d22c7/attachment.txt>

From cyberkiller8 at gmail.com  Thu Oct 23 03:13:59 2014
From: cyberkiller8 at gmail.com (=?UTF-8?B?IsWBdWthc3ogXCJDeWJlciBLaWxsZXJcIiBLb3JwYWxza2ki?=)
Date: Thu, 23 Oct 2014 12:13:59 +0200
Subject: Of Sealand, corp, and country [was: nation-state]
In-Reply-To: <CAHWD2rLF9yUeyC0OQxnQpX08CoPCX0ajU5nnXbmzGsQ5BcgNPw@mail.gmail.com>
References: <CAO7N=i3CK+=dbojTuZF2No3_k=5sJgAiSsL_vp0Nvhw_oTkrmw@mail.gmail.com>
 <CAHWD2rKwo9DYdX5uZf5pe89gqDQpOcoa5XWNsDyFbD2AvXubSQ@mail.gmail.com>
 <54482549.27558c0a.0ae3.0043@mx.google.com> <1678851.ZS9v9yKKeL@lapuntu>
 <5448b3d4.0a1ee00a.558d.5fa8@mx.google.com> <5448BD5C.7020404@gmail.com>
 <CAHWD2rLF9yUeyC0OQxnQpX08CoPCX0ajU5nnXbmzGsQ5BcgNPw@mail.gmail.com>
Message-ID: <5448D4E7.90101@gmail.com>

W dniu 23.10.2014 o 11:55, Lodewijk andré de la porte pisze:
> 2014-10-23 10:33 GMT+02:00 "Łukasz \"Cyber Killer\" Korpalski"
> <cyberkiller8 at gmail.com <mailto:cyberkiller8 at gmail.com>>:
> 
>     BTW: I made an oath last july, which was f****** unbearably hot in my
>     location, to punch any climate change denier that I come across in the
>     face. So consider yourself lucky that punches don't fly over the wire.
>     Climate change is a fact, not something to believe/notbelieve.
> 
> 
> No, please, just don't, god, this is even worse!
> 
> Providing the wrong arguments for the right conclusion DOES NOT HELP AT ALL
> 

I'm not sure I follow. Being angry at people who deny clinate change,
because of them less people care about the environment, seems like a
good idea to me.

There's not much else I can do, I already gave donations, signed
petitions, gave my computing power to climate model research in a BOINC
project, forced everyone in my family to use eco stuff (I'm pretty sure
they are still throwing away all trash unsegregated when I'm not looking
though). I lack the power to change the policies of the large most
polluting countries, and eco terrorism is quite difficult when they
shoot first and ask questions later.

Anyway, I'll drop the subject now.

> At /best/ you'll only invoke the "it can be warmer randomly, that's
> fine, climate or just a hot year", which is the truth, at worst you're
> giving Juan a reason to deny an overwhelmingly large body of evidence.
> 

OK, I'll stop feeding the troll.

(...)
> 
> If you really care: http://www.unep.org/climatechange/ or more
> specifically http://www.ipcc.ch/report/ar5/index.shtml
> 
(...)

Thx for these links.

-- 
Łukasz "Cyber Killer" Korpalski

mail: cyberkiller8 at gmail.com
xmpp: cyber_killer at jabster.pl
site: http://website.cybkil.cu.cc
gpgkey: 0x72511999 @ hkp://keys.gnupg.net

//When replying to my e-mail, kindly please
//write your message below the quoted text.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141023/0d3c0ce6/attachment.sig>

From rysiek at hackerspace.pl  Thu Oct 23 05:15:06 2014
From: rysiek at hackerspace.pl (rysiek)
Date: Thu, 23 Oct 2014 14:15:06 +0200
Subject: Of Sealand, corp, and country [was: nation-state]
In-Reply-To: <5448b3d4.0a1ee00a.558d.5fa8@mx.google.com>
References: <CAO7N=i3CK+=dbojTuZF2No3_k=5sJgAiSsL_vp0Nvhw_oTkrmw@mail.gmail.com>
 <1678851.ZS9v9yKKeL@lapuntu> <5448b3d4.0a1ee00a.558d.5fa8@mx.google.com>
Message-ID: <1519066.BS9cJWOzp7@lapuntu>

Dnia czwartek, 23 października 2014 04:53:59 Juan pisze:
> On Thu, 23 Oct 2014 09:27:31 +0200
> 
> rysiek <rysiek at hackerspace.pl> wrote:
> > Dnia środa, 22 października 2014 18:45:54 Juan pisze:
> > > On Wed, 22 Oct 2014 19:21:46 +0200
> > > 
> > > > > On Wed, Oct 22, 2014 at 08:51:39AM -0700, Ryan Carboni wrote:
> > > > > > Global warming is devouring island nations.
> > > 	
> > > 	evidence?
> > 
> > Click the citations:
> > http://en.wikipedia.org/wiki/Arctic_sea_ice_decline
> 
> 	Sorry your wikitrash link doesn't seem to be about island
> 	nations being "devoured" - or sunk.

> 	But feel free to link any evidence about islands going below
> 	sea level.

You do realise that islands do not *float* on water, and rising sea levels 
*will* lead to islands sidappearing under the water, right? :)

Also, kudos on the subject-matter critique as exemplified by "wikitrash".

-- 
Pozdr
rysiek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 411 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141023/2ffb2000/attachment.sig>

From odinn.cyberguerrilla at riseup.net  Thu Oct 23 11:30:55 2014
From: odinn.cyberguerrilla at riseup.net (odinn)
Date: Thu, 23 Oct 2014 18:30:55 +0000
Subject: NSA Co-Chairs of Crypto Forum Research Group,
 Legitimacy of WebCrypto API in Doubt
In-Reply-To: <5444BE44.5070901@riseup.net>
References: <5444BE44.5070901@riseup.net>
Message-ID: <5449495F.40005@riseup.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

As a (hopefully final) note to this particular issue, please note the
resolution at:

https://www.w3.org/Bugs/Public/show_bug.cgi?id=25839#c64

The NSA co-chair is resigning, and it appears the Working Groups are
moving ahead without the involvement of that co-chair, for example:

(see comments 61 and 62 at)

https://www.w3.org/Bugs/Public/show_bug.cgi?id=25618#c61

Cheers,


- -Odinn

odinn wrote:
> For those of you on this list who have been watching the progress
> of things relating to the W3C coordinated process for the WebCrypto
> API, you know that a lot of work and thought has gone into this and
> it is an impressive collaboration.
> 
> But with the IETF CFRG (Crypto Forum Research Group) still being 
> co-chaired by an agent of the NSA (n1), anything that passes
> through that organization must be questioned at this time.  (In the
> unlikely event that the CFRG page is censored after this message is
> sent, I've included the names and e-mail addresses of the current
> co-chairs as part of this message as they currently appear on the
> CFRG's site, where their names and e-mail addresses have been
> sitting in full public view for a very long time (n2)).
> 
> As some of you already know, people within the Crypto Forum
> Research Group have tried (so far unsuccessfully) since last year
> (n1, n2, n3) to remove the NSA Co-chair.  It should not matter who
> the person is, but the issue is that having anyone who is in the
> employ of or affiliated with the NSA chair (or co-chair) a research
> group whose purpose it is to advise all IETF Working Groups, is
> highly problematic for reasons which now should be obvious to
> anyone reading this message.
> 
> Currently the WebCrypto API is approaching its last call ~ it's in
> a process of being finalized.  For those who are not sure what the 
> WebCrypto API is, it's one of those things that is designed to 
> basically help make ordinary webpages that you see work, and
> includes the definition of cryptographic primitives that make your
> internet go. That's a terrible description actually, but if you
> want a better or more comprehensive description of WebCrypto API in
> plain English, consider reading poulpita's blog (n4).  It's also
> described at a W3C page as a "JavaScript API for performing basic
> cryptographic operations in web applications, such as hashing,
> signature generation and verification, and encryption and
> decryption. Additionally, it describes an API for applications to
> generate and/or manage the keying material necessary to perform
> these operations. Uses for this API range from user or service
> authentication, document or code signing, and the confidentiality
> and integrity of communications." (n5)
> 
> But the WebCrypto API Doc process and, and indeed the legitimacy
> of the WebCrypto API itself, should be questioned and doubted, for
> the WebCrypto group has recently held off on including the
> widely-used curve25519 within NamedCurve dictionaries or as part of
> its extensibility and errata process, until the (NSA co-chaired)
> Crypto Forum Research Group gives W3C the go-ahead.   For further
> information and confirmation on this, see (n6) below.
> 
> If you are concerned about this, check out the message thread 
> discussing attempts to remove the NSA co-chair (n3) and consider 
> posting to the CFRG list (n7) about it once you subscribe.
> 
> NSA affiliated persons need to be removed from groups that
> influence the direction of the entire web. I hope those who receive
> this message will organize to help make that happen.
> 
> (n1) https://irtf.org/cfrg (n2) From CFRG's public webpage (n1) as
> of Oct. 20, 2014:  "CFRG is chaired by Kevin Igoe (kmigoe at nsa.gov),
> Kenny Paterson (kenny.paterson at rhul.ac.uk) and Alexey Melnikov 
> (alexey.melnikov at isode.com)." (n3)
> http://www.ietf.org/mail-archive/web/cfrg/current/msg03554.html 
> (n4) http://poulpita.com/2014/08/28/w3c-web-crypto-whats-next/ (n5)
> https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html
>
> 
(n6) https://www.w3.org/Bugs/Public/show_bug.cgi?id=25839 (see in
> particular: comments 11, 12, 48, and 59 through 63 on that page) 
> (n7) https://irtf.org/mailman/listinfo/cfrg
> 

- -- 
http://abis.io ~
"a protocol concept to enable decentralization
and expansion of a giving economy, and a new social good"
https://keybase.io/odinn
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJUSUlfAAoJEGxwq/inSG8CXBoH/jKUuteQ7/C74ujLvBwDU7E4
1tzrpkob/3QU1YnGkL8if1hzqdOBbSeqqfE6WNxEspFsUy0qqcrAynX7LyhxAA/4
aUZtmHOXEz3uYK3aWSAsA8FFSBYbRnnjEykINwFmnvG9owVWCohVyIzkmIkt4Ur4
0d8oHmRc+2GwW4qZUArm+N0UzedhVIRhoSG9llI61bnAQOq8+IF89B6Gq7pMgWZ1
vZO4F2iLqzyi6FxCUbI6GnSfGojIqyKTJPRz1Y686aini43if1a5+sakoBY1ss0Z
BgrLHItCO+f7088kJqNSr7jPB0BQGAUB0fBsnMlhUzDzhHIGotNP3/0ssv+qo9M=
=6FWE
-----END PGP SIGNATURE-----




From juan.g71 at gmail.com  Fri Oct 24 00:47:23 2014
From: juan.g71 at gmail.com (Juan)
Date: Fri, 24 Oct 2014 04:47:23 -0300
Subject: Of Sealand, corp, and country [was: nation-state]
In-Reply-To: <5448BD5C.7020404@gmail.com>
References: <CAO7N=i3CK+=dbojTuZF2No3_k=5sJgAiSsL_vp0Nvhw_oTkrmw@mail.gmail.com>
 <CAHWD2rKwo9DYdX5uZf5pe89gqDQpOcoa5XWNsDyFbD2AvXubSQ@mail.gmail.com>
 <54482549.27558c0a.0ae3.0043@mx.google.com>
 <1678851.ZS9v9yKKeL@lapuntu>
 <5448b3d4.0a1ee00a.558d.5fa8@mx.google.com>
 <5448BD5C.7020404@gmail.com>
Message-ID: <544a03c6.b1238c0a.6df7.6f1c@mx.google.com>

On Thu, 23 Oct 2014 10:33:32 +0200
"Łukasz \"Cyber Killer\" Korpalski" <cyberkiller8 at gmail.com> wrote:


> BTW: I made an oath last july, which was f****** unbearably hot in my
> location, to punch any climate change denier that I come across in the
> face. 


	lol - what a stupid piece of shit you are


>So consider yourself lucky that punches don't fly over the wire.
> Climate change is a fact, not something to believe/notbelieve.
> 
> Now, that's done, let's get back on topic for this maillist.
> 





From dan at geer.org  Fri Oct 24 06:40:59 2014
From: dan at geer.org (dan at geer.org)
Date: Fri, 24 Oct 2014 09:40:59 -0400
Subject: Of Sealand, corp, and country [was: nation-state]
In-Reply-To: Your message of "Wed, 22 Oct 2014 18:45:54 -0300."
 <54482549.27558c0a.0ae3.0043@mx.google.com>
Message-ID: <20141024134059.B9DE9228247@palinka.tinho.net>

For the purpose of this note, I'll stipulate that global
warming is happening without arguing why.  The question
for science would be whether it has a positive feedback
loop, as it would if rising temperature releases, say, 10%
of the carbon locked in permafrost.  Given the wild temp
excursions in geologic time scales -- "snowball earth" vs.
the Cretaceous (when there was no ice at the poles) -- it
is reasonable to imagine that some excursions have a phase
where the feedback is positive and thus if the temp heads
either north or south its velociity will, for natural reasons,
accelerate as the excursion grows more extreme.  That implies
that the present time is an unstable equilibrium, thus our
imapct, whatever it is, seems likely to be an initiator or
a potentiator but not a cause in the classical sense of,
say, a dose-response curve.

Put differently, I don't believe that we (humans) can push
the climate to a place it has not been before, but we can
change the clock.  One might then ask what government has
your confidence in its being capable of managing a comprehensive
program of compensatory global cooling and what powers would
be required to enforce same?

What this topic has to do with this list is unobvious.

--dan




From cyberkiller8 at gmail.com  Fri Oct 24 01:06:54 2014
From: cyberkiller8 at gmail.com (=?UTF-8?B?IsWBdWthc3ogXCJDeWJlciBLaWxsZXJcIiBLb3JwYWxza2ki?=)
Date: Fri, 24 Oct 2014 10:06:54 +0200
Subject: Of Sealand, corp, and country [was: nation-state]
In-Reply-To: <544a03c6.b1238c0a.6df7.6f1c@mx.google.com>
References: <CAO7N=i3CK+=dbojTuZF2No3_k=5sJgAiSsL_vp0Nvhw_oTkrmw@mail.gmail.com>
 <CAHWD2rKwo9DYdX5uZf5pe89gqDQpOcoa5XWNsDyFbD2AvXubSQ@mail.gmail.com>
 <54482549.27558c0a.0ae3.0043@mx.google.com> <1678851.ZS9v9yKKeL@lapuntu>
 <5448b3d4.0a1ee00a.558d.5fa8@mx.google.com> <5448BD5C.7020404@gmail.com>
 <544a03c6.b1238c0a.6df7.6f1c@mx.google.com>
Message-ID: <544A089E.90201@gmail.com>

W dniu 24.10.2014 o 09:47, Juan pisze:
> 
> 	lol - what a stupid piece of shit you are
> 

I would like to have the moderator of this maillist look at the above
comment and take appropriate action. Thx.

-- 
Łukasz "Cyber Killer" Korpalski

mail: cyberkiller8 at gmail.com
xmpp: cyber_killer at jabster.pl
site: http://website.cybkil.cu.cc
gpgkey: 0x72511999 @ hkp://keys.gnupg.net

//When replying to my e-mail, kindly please
//write your message below the quoted text.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141024/e211507d/attachment.sig>

From rysiek at hackerspace.pl  Fri Oct 24 02:37:16 2014
From: rysiek at hackerspace.pl (rysiek)
Date: Fri, 24 Oct 2014 11:37:16 +0200
Subject: Of Sealand, corp, and country [was: nation-state]
In-Reply-To: <544A089E.90201@gmail.com>
References: <CAO7N=i3CK+=dbojTuZF2No3_k=5sJgAiSsL_vp0Nvhw_oTkrmw@mail.gmail.com>
 <544a03c6.b1238c0a.6df7.6f1c@mx.google.com> <544A089E.90201@gmail.com>
Message-ID: <10194808.qjaneNtpPi@lapuntu>

Dnia piątek, 24 października 2014 10:06:54 Łukasz "Cyber Killer" Korpalski 
pisze:
> W dniu 24.10.2014 o 09:47, Juan pisze:
> > 	lol - what a stupid piece of shit you are
> 
> I would like to have the moderator of this maillist look at the above
> comment and take appropriate action. Thx.

I don't think there are any moderators on this list. :)
I guess one has to learn to live with the Juans of this world.

-- 
Pozdr
rysiek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 411 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141024/888d2048/attachment.sig>

From rich at openwatch.net  Fri Oct 24 11:58:22 2014
From: rich at openwatch.net (Rich Jones)
Date: Fri, 24 Oct 2014 11:58:22 -0700
Subject: CITIZENFOUR
Message-ID: <CADJYzxL0-5oq9vmFe45YUbF_cYcBkUsxm+kdSNi0c6FvPBU6Ww@mail.gmail.com>

Saw this last night - an obvious must-watch for all CPunks. I think it was
probably the most important documentary film of all time. As Roger Ebert
said, "it’s as if Daniel Ellsberg had a friend with a movie camera who
filmed his disclosure of the Pentagon Papers every step of the way. Or if
the Watergate burglars had taken along a filmmaker who shot their crimes
and the cover-up that followed. Except that the issues “Citizenfour” deals
with are, arguably, a thousand times more potent than Vietnam or
Watergate." Truly, this is the Snowden story we have been waiting for since
2013.

The main revelation of the film, however, is what an incredible boob Glenn
Greenwald is. I had some idea of this after seeing him give an extremely
disappointing talk earlier this year, but I don't think I quite understood
how useless this guy really is. He's constantly asking the wrong questions,
displays a technical ineptness (to the point of deliberate ignorance) that
obviously hampers the journalism, and at very step shows a very clear
desire to keep the document cache to himself for careerist purposes. At one
point Ewen MacAskill brings up the idea of there being a Wikileaks-esque
document explorer, and Ed says that this would be the best outcome for the
documents, and Greenwald quickly dismisses the idea to talk about his
publishing schedule. I still have immense respect for him, but I found it
very frustrating and quite cringey to watch him treat the whole event in
news-cycle terms, while everybody around him is obviously thinking in
historical context. For instance, there is a moment when they are prepping
for Ed's first on-camera interview and he asks the reporters how much
background he should give about himself, and they give different answers.
Poitras asks for as much detail as possible, and Greenwald basically says
that isn't important, just be short so we get a good soundbite.

More importantly, I think the film also misses an opportunity to talk about
*power*. This is something Edward himself has addressed, but it isn't
really covered in Greenwald's reporting or books, and the only time it's
mentioned in the film is when Jacob Appelbaum, while speaking before a
European council of some sort, quite astutely comments that surveillance
and control are one and the same. I think the film should probably have
spent another hour or so investigating, naming and confronting those who
profit from that control. Other than a few choice C-SPAN snippets, the
enemy is completely faceless, which plays well for the pervading sense
paranoia which envelops the film, but also leaves many questions unasked.
Perhaps that's left as an exercise for the viewer, but I think the general
take-away message from both the reporting and to a slightly lesser extent
the film is that any "solution" will be token reform of policy and not
dismantlement of power structures.

Also, very nice of the Russian government to let Ed have his girlfriend
back. I didn't know that had happened, and it gives a rather unexpected
happy ending to a film which otherwise made me want to cry desperately.

Anyway, I'd be very interested to hear what you lot thought of it. (JY, you
should throw a torrent up ASAP! I'm sure people will be screenshotting and
analyzing all of the new document shots the film contains.)

R
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3525 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141024/47d4dd8d/attachment.txt>

From mct at toren.net  Fri Oct 24 14:49:00 2014
From: mct at toren.net (Michael C. Toren)
Date: Fri, 24 Oct 2014 14:49:00 -0700
Subject: CITIZENFOUR
In-Reply-To: <CADJYzxL0-5oq9vmFe45YUbF_cYcBkUsxm+kdSNi0c6FvPBU6Ww@mail.gmail.com>
References: <CADJYzxL0-5oq9vmFe45YUbF_cYcBkUsxm+kdSNi0c6FvPBU6Ww@mail.gmail.com>
Message-ID: <20141024214900.GA16357@netisland.net>

On Fri, Oct 24, 2014 at 11:58:22AM -0700, Rich Jones wrote:
> At one point Ewen MacAskill brings up the idea of there being a
> Wikileaks-esque document explorer, and Ed says that this would be the
> best outcome for the documents, and Greenwald quickly dismisses the idea
> to talk about his publishing schedule.

I wasn't watching the scene with the intention of being able to recall it
fully afterwards, but I remember it rather differently.  I recall Ed saying
releasing all of the documents Wikileaks-style would an ideal outcome, but
because it included information that should be legitimately redacted, he
instead wanted to filter the material through journalists who would make
that judgement call.  Also, Greenwald said he was under a deadline, and I
think you'll agree it was in everyone's best interests to start to get the
information out as quickly as possible.

But, I could be misremembering.

-mct




From cathalgarvey at cathalgarvey.me  Fri Oct 24 07:03:59 2014
From: cathalgarvey at cathalgarvey.me (Cathal Garvey)
Date: Fri, 24 Oct 2014 15:03:59 +0100
Subject: Of Sealand, corp, and country [was: nation-state]
In-Reply-To: <20141024134059.B9DE9228247@palinka.tinho.net>
References: <20141024134059.B9DE9228247@palinka.tinho.net>
Message-ID: <544A5C4F.7000405@cathalgarvey.me>

 > excursions in geologic time scales -- "snowball earth" vs.
 > the Cretaceous (when there was no ice at the poles)
 > ...
 > push the climate to a place it has not been before,

Yea..even the places it's been before are pretty awful, for a human. I 
don't think this is a local unstable point, far from it; our current 
climate seems very stable. But, over those epochs, we've built up a huge 
store of high-energy carbon, and as the CO2 left the atmosphere since 
those epochs, the ecosystems we have right now are not accustomed to 
high-greenhouse climates. So, the fact that we're now suddenly digging 
up what amounts to eons of free solar energy, and are burning them all 
at once, is a problem.

Will the earth burn? No, that's an unlikely outcome. Venus is Venus 
because it never developed life. Will the Earth burn *us*? Maybe. 
Totally plausible possibility, though still unlikely. Will the Earth 
burn the ecosystems that civilisation (rather than humanity, per se) 
depends on? At this rate, probably.

We have fallbacks; go all-in on solar & nuclear for energy and biotech 
for efficient, lower impact food/med production, and use nuclear/biotech 
to cook up some hyperefficient carbon-capture system to try and roll 
back as much as we can.

I'll just point at this, then, as an example of what I find exciting in 
this space: 
http://www.plosone.org/article/info%3Adoi/10.1371/journal.pone.0109935 - 
That's some staple elemental inputs, CO2, and electricity ONLY, and a 
massive sequestration effect per volt/meter using bacteria. Outputs are 
hydrogen and acetate, useful energy/industrial chemicals.

Anyways, just to say doom and gloom is rarely useful, but ostrich-heads 
are worse than useless. Action can be beneficial, and action need not be 
"live like a peasant", it can be "change your tech and culture to live 
comfortably or even abundantly with less impact".

As to on/off topic-ness, it's off topic. But this list has seen people 
bitching about who is and isn't a real native American, so I find this 
at least engaging and interesting.

On 24/10/14 14:40, dan at geer.org wrote:
> For the purpose of this note, I'll stipulate that global
> warming is happening without arguing why.  The question
> for science would be whether it has a positive feedback
> loop, as it would if rising temperature releases, say, 10%
> of the carbon locked in permafrost.  Given the wild temp
> excursions in geologic time scales -- "snowball earth" vs.
> the Cretaceous (when there was no ice at the poles) -- it
> is reasonable to imagine that some excursions have a phase
> where the feedback is positive and thus if the temp heads
> either north or south its velociity will, for natural reasons,
> accelerate as the excursion grows more extreme.  That implies
> that the present time is an unstable equilibrium, thus our
> imapct, whatever it is, seems likely to be an initiator or
> a potentiator but not a cause in the classical sense of,
> say, a dose-response curve.
>
> Put differently, I don't believe that we (humans) can push
> the climate to a place it has not been before, but we can
> change the clock.  One might then ask what government has
> your confidence in its being capable of managing a comprehensive
> program of compensatory global cooling and what powers would
> be required to enforce same?
>
> What this topic has to do with this list is unobvious.
>
> --dan
>




From jya at pipeline.com  Fri Oct 24 12:32:52 2014
From: jya at pipeline.com (John Young)
Date: Fri, 24 Oct 2014 15:32:52 -0400
Subject: CITIZENFOUR
In-Reply-To: <CADJYzxL0-5oq9vmFe45YUbF_cYcBkUsxm+kdSNi0c6FvPBU6Ww@mail.g
 mail.com>
References: <CADJYzxL0-5oq9vmFe45YUbF_cYcBkUsxm+kdSNi0c6FvPBU6Ww@mail.gmail.com>
Message-ID: <E1Xhkaq-00035l-2X@elasmtp-scoter.atl.sa.earthlink.net>

Thanks for the comments.

Screenshots most welcome. cryptome[at]earthlink.net or pointers.

Greenwald's mercenary greed is why only 97% of Snowden docs
have been released. His and cohorts criminal behavior puts citizens
in harms way to protect the natsec apparatus including natsec media.


At 02:58 PM 10/24/2014, you wrote:
>Saw this last night - an obvious must-watch for 
>all CPunks. I think it was probably the most 
>important documentary film of all time. As Roger 
>Ebert said, "it’s as if Daniel Ellsberg had a 
>friend with a movie camera who filmed his 
>disclosure of the Pentagon Papers every step of 
>the way. Or if the Watergate burglars had taken 
>along a filmmaker who shot their crimes and the 
>cover-up that followed. Except that the issues 
>“Citizenfour” deals with are, arguably, a 
>thousand times more potent than Vietnam or 
>Watergate." Truly, this is the Snowden story we 
>have been waiting for since 2013.
>
>The main revelation of the film, however, is 
>what an incredible boob Glenn Greenwald is. I 
>had some idea of this after seeing him give an 
>extremely disappointing talk earlier this year, 
>but I don't think I quite understood how useless 
>this guy really is. He's constantly asking the 
>wrong questions, displays a technical ineptness 
>(to the point of deliberate ignorance) that 
>obviously hampers the journalism, and at very 
>step shows a very clear desire to keep the 
>document cache to himself for careerist 
>purposes. At one point Ewen MacAskill brings up 
>the idea of there being a Wikileaks-esque 
>document explorer, and Ed says that this would 
>be the best outcome for the documents, and 
>Greenwald quickly dismisses the idea to talk 
>about his publishing schedule. I still have 
>immense respect for him, but I found it very 
>frustrating and quite cringey to watch him treat 
>the whole event in news-cycle terms, while 
>everybody around him is obviously thinking in 
>historical context. For instance, there is a 
>moment when they are prepping for Ed's first 
>on-camera interview and he asks the reporters 
>how much background he should give about 
>himself, and they give different answers. 
>Poitras asks for as much detail as possible, and 
>Greenwald basically says that isn't important, 
>just be short so we get a good soundbite.
>
>More importantly, I think the film also misses 
>an opportunity to talk about power. This is 
>something Edward himself has addressed, but it 
>isn't really covered in Greenwald's reporting or 
>books, and the only time it's mentioned in the 
>film is when Jacob Appelbaum, while speaking 
>before a European council of some sort, quite 
>astutely comments that surveillance and control 
>are one and the same. I think the film should 
>probably have spent another hour or so 
>investigating, naming and confronting those who 
>profit from that control. Other than a few 
>choice C-SPAN snippets, the enemy is completely 
>faceless, which plays well for the pervading 
>sense paranoia which envelops the film, but also 
>leaves many questions unasked. Perhaps that's 
>left as an exercise for the viewer, but I think 
>the general take-away message from both the 
>reporting and to a slightly lesser extent the 
>film is that any "solution" will be token reform 
>of policy and not dismantlement of power structures.
>
>Also, very nice of the Russian government to let 
>Ed have his girlfriend back. I didn't know that 
>had happened, and it gives a rather unexpected 
>happy ending to a film which otherwise made me want to cry desperately.
>
>Anyway, I'd be very interested to hear what you 
>lot thought of it. (JY, you should throw a 
>torrent up ASAP! I'm sure people will be 
>screenshotting and analyzing all of the new document shots the film contains.)
>
>R
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3832 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141024/b18bbd1f/attachment.txt>

From juan.g71 at gmail.com  Fri Oct 24 12:32:52 2014
From: juan.g71 at gmail.com (Juan)
Date: Fri, 24 Oct 2014 16:32:52 -0300
Subject: Of Sealand, corp, and country [was: nation-state]
In-Reply-To: <544A089E.90201@gmail.com>
References: <CAO7N=i3CK+=dbojTuZF2No3_k=5sJgAiSsL_vp0Nvhw_oTkrmw@mail.gmail.com>
 <CAHWD2rKwo9DYdX5uZf5pe89gqDQpOcoa5XWNsDyFbD2AvXubSQ@mail.gmail.com>
 <54482549.27558c0a.0ae3.0043@mx.google.com>
 <1678851.ZS9v9yKKeL@lapuntu>
 <5448b3d4.0a1ee00a.558d.5fa8@mx.google.com>
 <5448BD5C.7020404@gmail.com>
 <544a03c6.b1238c0a.6df7.6f1c@mx.google.com>
 <544A089E.90201@gmail.com>
Message-ID: <544aa919.245d8c0a.b637.0c71@mx.google.com>

On Fri, 24 Oct 2014 10:06:54 +0200
"Łukasz \"Cyber Killer\" Korpalski" <cyberkiller8 at gmail.com> wrote:

> W dniu 24.10.2014 o 09:47, Juan pisze:
> > 
> > 	lol - what a stupid piece of shit you are
> > 
> 
> I would like to have the moderator of this maillist look at the above
> comment and take appropriate action. Thx.
> 


	LMAO!!! -  stupid scumbag threatens violence and then wants
	censorship when he's treated like the scumbag he is? LMAO,
	again.







From juan.g71 at gmail.com  Fri Oct 24 12:38:05 2014
From: juan.g71 at gmail.com (Juan)
Date: Fri, 24 Oct 2014 16:38:05 -0300
Subject: Of Sealand, corp, and country [was: nation-state]
In-Reply-To: <544A089E.90201@gmail.com>
References: <CAO7N=i3CK+=dbojTuZF2No3_k=5sJgAiSsL_vp0Nvhw_oTkrmw@mail.gmail.com>
 <CAHWD2rKwo9DYdX5uZf5pe89gqDQpOcoa5XWNsDyFbD2AvXubSQ@mail.gmail.com>
 <54482549.27558c0a.0ae3.0043@mx.google.com>
 <1678851.ZS9v9yKKeL@lapuntu>
 <5448b3d4.0a1ee00a.558d.5fa8@mx.google.com>
 <5448BD5C.7020404@gmail.com>
 <544a03c6.b1238c0a.6df7.6f1c@mx.google.com>
 <544A089E.90201@gmail.com>
Message-ID: <544aaa51.8800e00a.3527.082d@mx.google.com>



	isn't this cute
		
	http://ultraculture.org/blog/2014/10/24/climate-change-now-military-threat-says-pentagon/

	




From juan.g71 at gmail.com  Fri Oct 24 15:20:22 2014
From: juan.g71 at gmail.com (Juan)
Date: Fri, 24 Oct 2014 19:20:22 -0300
Subject: Of Sealand, corp, and country [was: nation-state]
In-Reply-To: <544AC2AD.9060308@cathalgarvey.me>
References: <CAO7N=i3CK+=dbojTuZF2No3_k=5sJgAiSsL_vp0Nvhw_oTkrmw@mail.gmail.com>
 <CAHWD2rKwo9DYdX5uZf5pe89gqDQpOcoa5XWNsDyFbD2AvXubSQ@mail.gmail.com>
 <54482549.27558c0a.0ae3.0043@mx.google.com>
 <1678851.ZS9v9yKKeL@lapuntu>
 <5448b3d4.0a1ee00a.558d.5fa8@mx.google.com>
 <5448BD5C.7020404@gmail.com>
 <544a03c6.b1238c0a.6df7.6f1c@mx.google.com>
 <544A089E.90201@gmail.com>
 <544aaa51.8800e00a.3527.082d@mx.google.com>
 <544AC2AD.9060308@cathalgarvey.me>
Message-ID: <544ad05c.e11b8c0a.532b.2dd7@mx.google.com>

On Fri, 24 Oct 2014 22:20:45 +0100
Cathal Garvey <cathalgarvey at cathalgarvey.me> wrote:

> The German military had a report years ago that found the same 
> conclusion about peak oil. Militaries are often asked to take
> long-view stances on things like resources and geopolitics, and 
> climate/resource-depletion are the sorts of things that turn up.
> 

	I guess organizations like the US military are asked by its
	corporate accomplices to do particular things, but there are
	other things that they would do on their own anyway, without
	being asked. Like looking for excuses to extend their global 
	criminal operations.

	As a side note of sorts, the german military is in a sense the
	same military that got millions of its own people killed,
	killed millions of people abroad, tried to conquer europe
	twice...and failed. 


> Not, that is, that I am a fan of militaries offering policy
> suggestions. :)

	What could possibly go wrong with that? =P


> 
> On 24/10/14 20:38, Juan wrote:
> >
> >
> > 	isn't this cute
> > 		
> > 	http://ultraculture.org/blog/2014/10/24/climate-change-now-military-threat-says-pentagon/
> >
> > 	
> >




From eric at konklone.com  Fri Oct 24 16:45:26 2014
From: eric at konklone.com (Eric Mill)
Date: Fri, 24 Oct 2014 19:45:26 -0400
Subject: CITIZENFOUR
In-Reply-To: <20141024214900.GA16357@netisland.net>
References: <CADJYzxL0-5oq9vmFe45YUbF_cYcBkUsxm+kdSNi0c6FvPBU6Ww@mail.gmail.com>
 <20141024214900.GA16357@netisland.net>
Message-ID: <CANBOYLV-tpAHP=NoyvgvD5FBixRys30nG3H6EhjNwQuo7bLLEg@mail.gmail.com>

On Fri, Oct 24, 2014 at 5:49 PM, Michael C. Toren <mct at toren.net> wrote:

> On Fri, Oct 24, 2014 at 11:58:22AM -0700, Rich Jones wrote:
> > At one point Ewen MacAskill brings up the idea of there being a
> > Wikileaks-esque document explorer, and Ed says that this would be the
> > best outcome for the documents, and Greenwald quickly dismisses the idea
> > to talk about his publishing schedule.
>
> I wasn't watching the scene with the intention of being able to recall it
> fully afterwards, but I remember it rather differently.  I recall Ed saying
> releasing all of the documents Wikileaks-style would an ideal outcome, but
> because it included information that should be legitimately redacted, he
> instead wanted to filter the material through journalists who would make
> that judgement call.  Also, Greenwald said he was under a deadline, and I
> think you'll agree it was in everyone's best interests to start to get the
> information out as quickly as possible.
>
> But, I could be misremembering.
>

That's my memory as well. I also don't remember any cognitive dissonance
between Poitras' and Greenwald's answers to Snowden's question about how
much background to go into. The film doesn't portray a lot of daylight
between Snowden and Greenwald in what they want to do, really.

But that's what you should expect from the movie, I think, given a) how
close Poitras and Greenwald are, and b) that the movie is clearly meant to
tell Snowden's story and show his motives and impact, not amplify any drama
between the people involved.

The movie didn't cover, for example, Greenwald misleading the entire world
on why David Miranda was detained at the Heathrow airport. Greenwald
initially insisted it was simply the gov't applying pressure on Greenwald
by harassing his family, lambasting the government as cruel despots, and
didn't say anything about Miranda carrying an encrypted hard drive. You can
still criticize the government for detaining him how they did, but lying
about the reasons, to get an edge on defining how the news cycle talks
about it -- that corrodes trust.

But, you know, that's fine, that's for others to tell. CITIZENFOUR is about
Snowden's decisions, not Greenwald's decisions, and it does a great job at
communicating and humanizing them.

-- Eric


> -mct
>



-- 
konklone.com | @konklone <https://twitter.com/konklone>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3393 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141024/0dab4aab/attachment.txt>

From colinmahns at riseup.net  Fri Oct 24 13:36:44 2014
From: colinmahns at riseup.net (Colin Mahns)
Date: Fri, 24 Oct 2014 20:36:44 +0000
Subject: CITIZENFOUR
In-Reply-To: <CADJYzxL0-5oq9vmFe45YUbF_cYcBkUsxm+kdSNi0c6FvPBU6Ww@mail.gmail.com>
References: <CADJYzxL0-5oq9vmFe45YUbF_cYcBkUsxm+kdSNi0c6FvPBU6Ww@mail.gmail.com>
Message-ID: <52E3F5CF-898F-4FDC-B6DB-005D950452ED@riseup.net>

Should've warned about spoilers ;)

Interesting to read your critiques of it Rich, looking forward to rereading your email after seeing the film.

Colin

On October 24, 2014 2:58:22 PM EDT, Rich Jones <rich at openwatch.net> wrote:
>Saw this last night - an obvious must-watch for all CPunks. I think it
>was
>probably the most important documentary film of all time. As Roger
>Ebert
>said, "it’s as if Daniel Ellsberg had a friend with a movie camera who
>filmed his disclosure of the Pentagon Papers every step of the way. Or
>if
>the Watergate burglars had taken along a filmmaker who shot their
>crimes
>and the cover-up that followed. Except that the issues “Citizenfour”
>deals
>with are, arguably, a thousand times more potent than Vietnam or
>Watergate." Truly, this is the Snowden story we have been waiting for
>since
>2013.
>
>The main revelation of the film, however, is what an incredible boob
>Glenn
>Greenwald is. I had some idea of this after seeing him give an
>extremely
>disappointing talk earlier this year, but I don't think I quite
>understood
>how useless this guy really is. He's constantly asking the wrong
>questions,
>displays a technical ineptness (to the point of deliberate ignorance)
>that
>obviously hampers the journalism, and at very step shows a very clear
>desire to keep the document cache to himself for careerist purposes. At
>one
>point Ewen MacAskill brings up the idea of there being a
>Wikileaks-esque
>document explorer, and Ed says that this would be the best outcome for
>the
>documents, and Greenwald quickly dismisses the idea to talk about his
>publishing schedule. I still have immense respect for him, but I found
>it
>very frustrating and quite cringey to watch him treat the whole event
>in
>news-cycle terms, while everybody around him is obviously thinking in
>historical context. For instance, there is a moment when they are
>prepping
>for Ed's first on-camera interview and he asks the reporters how much
>background he should give about himself, and they give different
>answers.
>Poitras asks for as much detail as possible, and Greenwald basically
>says
>that isn't important, just be short so we get a good soundbite.
>
>More importantly, I think the film also misses an opportunity to talk
>about
>*power*. This is something Edward himself has addressed, but it isn't
>really covered in Greenwald's reporting or books, and the only time
>it's
>mentioned in the film is when Jacob Appelbaum, while speaking before a
>European council of some sort, quite astutely comments that
>surveillance
>and control are one and the same. I think the film should probably have
>spent another hour or so investigating, naming and confronting those
>who
>profit from that control. Other than a few choice C-SPAN snippets, the
>enemy is completely faceless, which plays well for the pervading sense
>paranoia which envelops the film, but also leaves many questions
>unasked.
>Perhaps that's left as an exercise for the viewer, but I think the
>general
>take-away message from both the reporting and to a slightly lesser
>extent
>the film is that any "solution" will be token reform of policy and not
>dismantlement of power structures.
>
>Also, very nice of the Russian government to let Ed have his girlfriend
>back. I didn't know that had happened, and it gives a rather unexpected
>happy ending to a film which otherwise made me want to cry desperately.
>
>Anyway, I'd be very interested to hear what you lot thought of it. (JY,
>you
>should throw a torrent up ASAP! I'm sure people will be screenshotting
>and
>analyzing all of the new document shots the film contains.)
>
>R
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 4022 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141024/c8127b8b/attachment.txt>

From cathalgarvey at cathalgarvey.me  Fri Oct 24 14:20:45 2014
From: cathalgarvey at cathalgarvey.me (Cathal Garvey)
Date: Fri, 24 Oct 2014 22:20:45 +0100
Subject: Of Sealand, corp, and country [was: nation-state]
In-Reply-To: <544aaa51.8800e00a.3527.082d@mx.google.com>
References: <CAO7N=i3CK+=dbojTuZF2No3_k=5sJgAiSsL_vp0Nvhw_oTkrmw@mail.gmail.com>
 <CAHWD2rKwo9DYdX5uZf5pe89gqDQpOcoa5XWNsDyFbD2AvXubSQ@mail.gmail.com>
 <54482549.27558c0a.0ae3.0043@mx.google.com> <1678851.ZS9v9yKKeL@lapuntu>
 <5448b3d4.0a1ee00a.558d.5fa8@mx.google.com> <5448BD5C.7020404@gmail.com>
 <544a03c6.b1238c0a.6df7.6f1c@mx.google.com> <544A089E.90201@gmail.com>
 <544aaa51.8800e00a.3527.082d@mx.google.com>
Message-ID: <544AC2AD.9060308@cathalgarvey.me>

The German military had a report years ago that found the same 
conclusion about peak oil. Militaries are often asked to take long-view 
stances on things like resources and geopolitics, and 
climate/resource-depletion are the sorts of things that turn up.

Not, that is, that I am a fan of militaries offering policy suggestions. :)

On 24/10/14 20:38, Juan wrote:
>
>
> 	isn't this cute
> 		
> 	http://ultraculture.org/blog/2014/10/24/climate-change-now-military-threat-says-pentagon/
>
> 	
>




From odinn.cyberguerrilla at riseup.net  Fri Oct 24 16:27:00 2014
From: odinn.cyberguerrilla at riseup.net (odinn)
Date: Fri, 24 Oct 2014 23:27:00 +0000
Subject: CITIZENFOUR
In-Reply-To: <E1Xhkaq-00035l-2X@elasmtp-scoter.atl.sa.earthlink.net>
References: <CADJYzxL0-5oq9vmFe45YUbF_cYcBkUsxm+kdSNi0c6FvPBU6Ww@mail.gmail.com>
 <E1Xhkaq-00035l-2X@elasmtp-scoter.atl.sa.earthlink.net>
Message-ID: <544AE044.3060006@riseup.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello,

John, for some reason your name reminds me of someone who I think was
the ninth person to walk on the moon?  Same John Young? (long shot I
know) Just kidding though - you are the founder of Cryptome, right?

Anyway, It's not my intent here to ruffle any feathers (on this
thread), but I did want to suggest (and I'm sure someone has already
thought of this) that people be able to search for their names or IDs
in (searchable) databases of leaked info.

I think this came up in a thread on twitter some while back actually...
https://twitter.com/AnonyOdinn/status/344585372216487937

(That twitter thread was from a discussion in mid-2013[!] which
referenced MainCore and also (different than MainCore) a 'list of
targets' that Greenwald had mentioned, but regardless of if it's
MainCore or Greenwald's 'list of targets' or other such thing, I think
searchability is really important, which of course implies that really
all the data should be made available in some kind of format to allow
keyword searches.)

- -Odinn


John Young wrote:
> Thanks for the comments.
> 
> Screenshots most welcome. cryptome[at]earthlink.net or pointers.
> 
> Greenwald's mercenary greed is why only 97% of Snowden docs have
> been released. His and cohorts criminal behavior puts citizens in
> harms way to protect the natsec apparatus including natsec media.
> 
> 
> At 02:58 PM 10/24/2014, you wrote:
>> Saw this last night - an obvious must-watch for all CPunks. I
>> think it was probably the most important documentary film of all
>> time. As Roger Ebert said, "it’s as if Daniel Ellsberg had a
>> friend with a movie camera who filmed his disclosure of the
>> Pentagon Papers every step of the way. Or if the Watergate
>> burglars had taken along a filmmaker who shot their crimes and
>> the cover-up that followed. Except that the issues
>> “Citizenfour” deals with are, arguably, a thousand times more
>> potent than Vietnam or Watergate." Truly, this is the Snowden 
>> story we have been waiting for since 2013.
>> 
>> The main revelation of the film, however, is what an incredible
>> boob Glenn Greenwald is. I had some idea of this after seeing him
>> give an extremely disappointing talk earlier this year, but I
>> don't think I quite understood how useless this guy really is.
>> He's constantly asking the wrong questions, displays a technical
>> ineptness (to the point of deliberate ignorance) that obviously
>> hampers the journalism, and at very step shows a very clear
>> desire to keep the document cache to himself for careerist
>> purposes. At one point Ewen MacAskill brings up the idea of there
>> being a Wikileaks-esque document explorer, and Ed says that this
>> would be the best outcome for the documents, and Greenwald
>> quickly dismisses the idea to talk about his publishing schedule.
>> I still have immense respect for him, but I found it very 
>> frustrating and quite cringey to watch him treat the whole event
>> in news-cycle terms, while everybody around him is obviously
>> thinking in historical context. For instance, there is a moment
>> when they are prepping for Ed's first on-camera interview and he
>> asks the reporters how much background he should give about
>> himself, and they give different answers. Poitras asks for as
>> much detail as possible, and Greenwald basically says that isn't
>> important, just be short so we get a good soundbite.
>> 
>> More importantly, I think the film also misses an opportunity to
>> talk about power. This is something Edward himself has addressed,
>> but it isn't really covered in Greenwald's reporting or books,
>> and the only time it's mentioned in the film is when Jacob
>> Appelbaum, while speaking before a European council of some sort,
>> quite astutely comments that surveillance and control are one and
>> the same. I think the film should probably have spent another
>> hour or so investigating, naming and confronting those who profit
>> from that control. Other than a few choice C-SPAN snippets, the
>> enemy is completely faceless, which plays well for the pervading
>> sense paranoia which envelops the film, but also leaves many
>> questions unasked. Perhaps that's left as an exercise for the
>> viewer, but I think the general take-away message from both the
>> reporting and to a slightly lesser extent the film is that any
>> "solution" will be token reform of policy and not dismantlement
>> of power structures.
>> 
>> Also, very nice of the Russian government to let Ed have his 
>> girlfriend back. I didn't know that had happened, and it gives a 
>> rather unexpected happy ending to a film which otherwise made me
>> want to cry desperately.
>> 
>> Anyway, I'd be very interested to hear what you lot thought of
>> it. (JY, you should throw a torrent up ASAP! I'm sure people will
>> be screenshotting and analyzing all of the new document shots the
>> film contains.)
>> 
>> R
> 

- -- 
http://abis.io ~
"a protocol concept to enable decentralization
and expansion of a giving economy, and a new social good"
https://keybase.io/odinn
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJUSuBDAAoJEGxwq/inSG8C+CQIAImR/hNx/DOc+ijBL0TvHNnO
FgZ5/N3ZU7+kttHBnMTfRCTo2CQFqQLsHenynt+adKjDPiHND2cFdQ1ecBWfUvO3
H0T73M3SC8Ay4e5Y3ygNk471v2eOEBDgyxFzUbkEXb67kWl6ht6RE6qpe0egiS4s
bpGHT+DwkEkEaXoy3okFnKotBf9xZdTzRJkIDSO5O/i2ZxWKc7fyy0JsFY9ZVKrO
J29Qv3rWfQ1L2rpOxRYsd23euE/GZTLKhRazxsPzSL04F81uXNFtvg/8WJs9sxN0
LeJImrkm2UA0hganO/CxAnBJXUJN6gwQLrfdCitUK6wNduZPJXq2KGNioZF4hKI=
=4nJ+
-----END PGP SIGNATURE-----




From tigrutigru at gmail.com  Fri Oct 24 16:56:05 2014
From: tigrutigru at gmail.com (tigrutigru at gmail.com)
Date: Sat, 25 Oct 2014 01:56:05 +0200
Subject: CITIZENFOUR
In-Reply-To: <mailman.15.1414193239.1806.cypherpunks@cpunks.org>
References: <mailman.15.1414193239.1806.cypherpunks@cpunks.org>
Message-ID: <BA83CB08-0367-489D-839B-594CA1BA794C@gmail.com>

Russian gov is not nice. Though it's kind of lucky that it has to do rather nice things to piss US gov off. 

Sent from my iPhone

> On 25 Oct 2014, at 01:27, cypherpunks-request at cpunks.org wrote:
> 
> Send cypherpunks mailing list submissions to
>    cypherpunks at cpunks.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>    https://cpunks.org/mailman/listinfo/cypherpunks
> or, via email, send a message with subject or body 'help' to
>    cypherpunks-request at cpunks.org
> 
> You can reach the person managing the list at
>    cypherpunks-owner at cpunks.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of cypherpunks digest..."
> 
> 
> Today's Topics:
> 
>   1. CITIZENFOUR (Rich Jones)
>   2. Re: Of Sealand, corp, and country [was: nation-state] (Juan)
>   3. Re: CITIZENFOUR (John Young)
>   4. Re: Of Sealand, corp, and country [was: nation-state] (Juan)
>   5. Re: CITIZENFOUR (Colin Mahns)
>   6. Re: Of Sealand, corp, and country [was: nation-state]
>      (Cathal Garvey)
>   7. Re: CITIZENFOUR (Michael C. Toren)
>   8. Re: Of Sealand, corp, and country [was: nation-state] (Juan)
>   9. Re: CITIZENFOUR (odinn)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Fri, 24 Oct 2014 11:58:22 -0700
> From: Rich Jones <rich at openwatch.net>
> To: "cypherpunks at cpunks.org" <cypherpunks at cpunks.org>
> Subject: CITIZENFOUR
> Message-ID:
>    <CADJYzxL0-5oq9vmFe45YUbF_cYcBkUsxm+kdSNi0c6FvPBU6Ww at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
> 
> Saw this last night - an obvious must-watch for all CPunks. I think it was
> probably the most important documentary film of all time. As Roger Ebert
> said, "it’s as if Daniel Ellsberg had a friend with a movie camera who
> filmed his disclosure of the Pentagon Papers every step of the way. Or if
> the Watergate burglars had taken along a filmmaker who shot their crimes
> and the cover-up that followed. Except that the issues “Citizenfour” deals
> with are, arguably, a thousand times more potent than Vietnam or
> Watergate." Truly, this is the Snowden story we have been waiting for since
> 2013.
> 
> The main revelation of the film, however, is what an incredible boob Glenn
> Greenwald is. I had some idea of this after seeing him give an extremely
> disappointing talk earlier this year, but I don't think I quite understood
> how useless this guy really is. He's constantly asking the wrong questions,
> displays a technical ineptness (to the point of deliberate ignorance) that
> obviously hampers the journalism, and at very step shows a very clear
> desire to keep the document cache to himself for careerist purposes. At one
> point Ewen MacAskill brings up the idea of there being a Wikileaks-esque
> document explorer, and Ed says that this would be the best outcome for the
> documents, and Greenwald quickly dismisses the idea to talk about his
> publishing schedule. I still have immense respect for him, but I found it
> very frustrating and quite cringey to watch him treat the whole event in
> news-cycle terms, while everybody around him is obviously thinking in
> historical context. For instance, there is a moment when they are prepping
> for Ed's first on-camera interview and he asks the reporters how much
> background he should give about himself, and they give different answers.
> Poitras asks for as much detail as possible, and Greenwald basically says
> that isn't important, just be short so we get a good soundbite.
> 
> More importantly, I think the film also misses an opportunity to talk about
> *power*. This is something Edward himself has addressed, but it isn't
> really covered in Greenwald's reporting or books, and the only time it's
> mentioned in the film is when Jacob Appelbaum, while speaking before a
> European council of some sort, quite astutely comments that surveillance
> and control are one and the same. I think the film should probably have
> spent another hour or so investigating, naming and confronting those who
> profit from that control. Other than a few choice C-SPAN snippets, the
> enemy is completely faceless, which plays well for the pervading sense
> paranoia which envelops the film, but also leaves many questions unasked.
> Perhaps that's left as an exercise for the viewer, but I think the general
> take-away message from both the reporting and to a slightly lesser extent
> the film is that any "solution" will be token reform of policy and not
> dismantlement of power structures.
> 
> Also, very nice of the Russian government to let Ed have his girlfriend
> back. I didn't know that had happened, and it gives a rather unexpected
> happy ending to a film which otherwise made me want to cry desperately.
> 
> Anyway, I'd be very interested to hear what you lot thought of it. (JY, you
> should throw a torrent up ASAP! I'm sure people will be screenshotting and
> analyzing all of the new document shots the film contains.)
> 
> R
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20141024/47d4dd8d/attachment-0001.html>
> 
> ------------------------------
> 
> Message: 2
> Date: Fri, 24 Oct 2014 16:32:52 -0300
> From: Juan <juan.g71 at gmail.com>
> To: cypherpunks at cpunks.org
> Subject: Re: Of Sealand, corp, and country [was: nation-state]
> Message-ID: <544aa919.245d8c0a.b637.0c71 at mx.google.com>
> Content-Type: text/plain; charset=utf-8
> 
> On Fri, 24 Oct 2014 10:06:54 +0200
> "Łukasz \"Cyber Killer\" Korpalski" <cyberkiller8 at gmail.com> wrote:
> 
>> W dniu 24.10.2014 o 09:47, Juan pisze:
>>> 
>>>    lol - what a stupid piece of shit you are
>> 
>> I would like to have the moderator of this maillist look at the above
>> comment and take appropriate action. Thx.
> 
> 
>    LMAO!!! -  stupid scumbag threatens violence and then wants
>    censorship when he's treated like the scumbag he is? LMAO,
>    again.
> 
> 
> 
> 
> 
> 
> ------------------------------
> 
> Message: 3
> Date: Fri, 24 Oct 2014 15:32:52 -0400
> From: John Young <jya at pipeline.com>
> To: <miserlou at gmail.com>, <cypherpunks at cpunks.org>
> Subject: Re: CITIZENFOUR
> Message-ID: <E1Xhkaq-00035l-2X at elasmtp-scoter.atl.sa.earthlink.net>
> Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"
> 
> Thanks for the comments.
> 
> Screenshots most welcome. cryptome[at]earthlink.net or pointers.
> 
> Greenwald's mercenary greed is why only 97% of Snowden docs
> have been released. His and cohorts criminal behavior puts citizens
> in harms way to protect the natsec apparatus including natsec media.
> 
> 
> At 02:58 PM 10/24/2014, you wrote:
>> Saw this last night - an obvious must-watch for 
>> all CPunks. I think it was probably the most 
>> important documentary film of all time. As Roger 
>> Ebert said, "it’s as if Daniel Ellsberg had a 
>> friend with a movie camera who filmed his 
>> disclosure of the Pentagon Papers every step of 
>> the way. Or if the Watergate burglars had taken 
>> along a filmmaker who shot their crimes and the 
>> cover-up that followed. Except that the issues 
>> “Citizenfour” deals with are, arguably, a 
>> thousand times more potent than Vietnam or 
>> Watergate." Truly, this is the Snowden story we 
>> have been waiting for since 2013.
>> 
>> The main revelation of the film, however, is 
>> what an incredible boob Glenn Greenwald is. I 
>> had some idea of this after seeing him give an 
>> extremely disappointing talk earlier this year, 
>> but I don't think I quite understood how useless 
>> this guy really is. He's constantly asking the 
>> wrong questions, displays a technical ineptness 
>> (to the point of deliberate ignorance) that 
>> obviously hampers the journalism, and at very 
>> step shows a very clear desire to keep the 
>> document cache to himself for careerist 
>> purposes. At one point Ewen MacAskill brings up 
>> the idea of there being a Wikileaks-esque 
>> document explorer, and Ed says that this would 
>> be the best outcome for the documents, and 
>> Greenwald quickly dismisses the idea to talk 
>> about his publishing schedule. I still have 
>> immense respect for him, but I found it very 
>> frustrating and quite cringey to watch him treat 
>> the whole event in news-cycle terms, while 
>> everybody around him is obviously thinking in 
>> historical context. For instance, there is a 
>> moment when they are prepping for Ed's first 
>> on-camera interview and he asks the reporters 
>> how much background he should give about 
>> himself, and they give different answers. 
>> Poitras asks for as much detail as possible, and 
>> Greenwald basically says that isn't important, 
>> just be short so we get a good soundbite.
>> 
>> More importantly, I think the film also misses 
>> an opportunity to talk about power. This is 
>> something Edward himself has addressed, but it 
>> isn't really covered in Greenwald's reporting or 
>> books, and the only time it's mentioned in the 
>> film is when Jacob Appelbaum, while speaking 
>> before a European council of some sort, quite 
>> astutely comments that surveillance and control 
>> are one and the same. I think the film should 
>> probably have spent another hour or so 
>> investigating, naming and confronting those who 
>> profit from that control. Other than a few 
>> choice C-SPAN snippets, the enemy is completely 
>> faceless, which plays well for the pervading 
>> sense paranoia which envelops the film, but also 
>> leaves many questions unasked. Perhaps that's 
>> left as an exercise for the viewer, but I think 
>> the general take-away message from both the 
>> reporting and to a slightly lesser extent the 
>> film is that any "solution" will be token reform 
>> of policy and not dismantlement of power structures.
>> 
>> Also, very nice of the Russian government to let 
>> Ed have his girlfriend back. I didn't know that 
>> had happened, and it gives a rather unexpected 
>> happy ending to a film which otherwise made me want to cry desperately.
>> 
>> Anyway, I'd be very interested to hear what you 
>> lot thought of it. (JY, you should throw a 
>> torrent up ASAP! I'm sure people will be 
>> screenshotting and analyzing all of the new document shots the film contains.)
>> 
>> R
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20141024/b18bbd1f/attachment-0001.html>
> 
> ------------------------------
> 
> Message: 4
> Date: Fri, 24 Oct 2014 16:38:05 -0300
> From: Juan <juan.g71 at gmail.com>
> To: cypherpunks at cpunks.org
> Subject: Re: Of Sealand, corp, and country [was: nation-state]
> Message-ID: <544aaa51.8800e00a.3527.082d at mx.google.com>
> Content-Type: text/plain; charset=US-ASCII
> 
> 
> 
>    isn't this cute
>        
>    http://ultraculture.org/blog/2014/10/24/climate-change-now-military-threat-says-pentagon/
> 
>    
> 
> 
> ------------------------------
> 
> Message: 5
> Date: Fri, 24 Oct 2014 20:36:44 +0000
> From: Colin Mahns <colinmahns at riseup.net>
> To: "cypherpunks at cpunks.org" <cypherpunks at cpunks.org>
> Subject: Re: CITIZENFOUR
> Message-ID: <52E3F5CF-898F-4FDC-B6DB-005D950452ED at riseup.net>
> Content-Type: text/plain; charset="utf-8"
> 
> Should've warned about spoilers ;)
> 
> Interesting to read your critiques of it Rich, looking forward to rereading your email after seeing the film.
> 
> Colin
> 
>> On October 24, 2014 2:58:22 PM EDT, Rich Jones <rich at openwatch.net> wrote:
>> Saw this last night - an obvious must-watch for all CPunks. I think it
>> was
>> probably the most important documentary film of all time. As Roger
>> Ebert
>> said, "it’s as if Daniel Ellsberg had a friend with a movie camera who
>> filmed his disclosure of the Pentagon Papers every step of the way. Or
>> if
>> the Watergate burglars had taken along a filmmaker who shot their
>> crimes
>> and the cover-up that followed. Except that the issues “Citizenfour”
>> deals
>> with are, arguably, a thousand times more potent than Vietnam or
>> Watergate." Truly, this is the Snowden story we have been waiting for
>> since
>> 2013.
>> 
>> The main revelation of the film, however, is what an incredible boob
>> Glenn
>> Greenwald is. I had some idea of this after seeing him give an
>> extremely
>> disappointing talk earlier this year, but I don't think I quite
>> understood
>> how useless this guy really is. He's constantly asking the wrong
>> questions,
>> displays a technical ineptness (to the point of deliberate ignorance)
>> that
>> obviously hampers the journalism, and at very step shows a very clear
>> desire to keep the document cache to himself for careerist purposes. At
>> one
>> point Ewen MacAskill brings up the idea of there being a
>> Wikileaks-esque
>> document explorer, and Ed says that this would be the best outcome for
>> the
>> documents, and Greenwald quickly dismisses the idea to talk about his
>> publishing schedule. I still have immense respect for him, but I found
>> it
>> very frustrating and quite cringey to watch him treat the whole event
>> in
>> news-cycle terms, while everybody around him is obviously thinking in
>> historical context. For instance, there is a moment when they are
>> prepping
>> for Ed's first on-camera interview and he asks the reporters how much
>> background he should give about himself, and they give different
>> answers.
>> Poitras asks for as much detail as possible, and Greenwald basically
>> says
>> that isn't important, just be short so we get a good soundbite.
>> 
>> More importantly, I think the film also misses an opportunity to talk
>> about
>> *power*. This is something Edward himself has addressed, but it isn't
>> really covered in Greenwald's reporting or books, and the only time
>> it's
>> mentioned in the film is when Jacob Appelbaum, while speaking before a
>> European council of some sort, quite astutely comments that
>> surveillance
>> and control are one and the same. I think the film should probably have
>> spent another hour or so investigating, naming and confronting those
>> who
>> profit from that control. Other than a few choice C-SPAN snippets, the
>> enemy is completely faceless, which plays well for the pervading sense
>> paranoia which envelops the film, but also leaves many questions
>> unasked.
>> Perhaps that's left as an exercise for the viewer, but I think the
>> general
>> take-away message from both the reporting and to a slightly lesser
>> extent
>> the film is that any "solution" will be token reform of policy and not
>> dismantlement of power structures.
>> 
>> Also, very nice of the Russian government to let Ed have his girlfriend
>> back. I didn't know that had happened, and it gives a rather unexpected
>> happy ending to a film which otherwise made me want to cry desperately.
>> 
>> Anyway, I'd be very interested to hear what you lot thought of it. (JY,
>> you
>> should throw a torrent up ASAP! I'm sure people will be screenshotting
>> and
>> analyzing all of the new document shots the film contains.)
>> 
>> R
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20141024/c8127b8b/attachment-0001.html>
> 
> ------------------------------
> 
> Message: 6
> Date: Fri, 24 Oct 2014 22:20:45 +0100
> From: Cathal Garvey <cathalgarvey at cathalgarvey.me>
> To: cypherpunks at cpunks.org
> Subject: Re: Of Sealand, corp, and country [was: nation-state]
> Message-ID: <544AC2AD.9060308 at cathalgarvey.me>
> Content-Type: text/plain; charset=windows-1252; format=flowed
> 
> The German military had a report years ago that found the same 
> conclusion about peak oil. Militaries are often asked to take long-view 
> stances on things like resources and geopolitics, and 
> climate/resource-depletion are the sorts of things that turn up.
> 
> Not, that is, that I am a fan of militaries offering policy suggestions. :)
> 
>> On 24/10/14 20:38, Juan wrote:
>> 
>> 
>>    isn't this cute
>>        
>>    http://ultraculture.org/blog/2014/10/24/climate-change-now-military-threat-says-pentagon/
> 
> 
> ------------------------------
> 
> Message: 7
> Date: Fri, 24 Oct 2014 14:49:00 -0700
> From: "Michael C. Toren" <mct at toren.net>
> To: miserlou at gmail.com
> Cc: "cypherpunks at cpunks.org" <cypherpunks at cpunks.org>
> Subject: Re: CITIZENFOUR
> Message-ID: <20141024214900.GA16357 at netisland.net>
> Content-Type: text/plain; charset=us-ascii
> 
>> On Fri, Oct 24, 2014 at 11:58:22AM -0700, Rich Jones wrote:
>> At one point Ewen MacAskill brings up the idea of there being a
>> Wikileaks-esque document explorer, and Ed says that this would be the
>> best outcome for the documents, and Greenwald quickly dismisses the idea
>> to talk about his publishing schedule.
> 
> I wasn't watching the scene with the intention of being able to recall it
> fully afterwards, but I remember it rather differently.  I recall Ed saying
> releasing all of the documents Wikileaks-style would an ideal outcome, but
> because it included information that should be legitimately redacted, he
> instead wanted to filter the material through journalists who would make
> that judgement call.  Also, Greenwald said he was under a deadline, and I
> think you'll agree it was in everyone's best interests to start to get the
> information out as quickly as possible.
> 
> But, I could be misremembering.
> 
> -mct
> 
> 
> ------------------------------
> 
> Message: 8
> Date: Fri, 24 Oct 2014 19:20:22 -0300
> From: Juan <juan.g71 at gmail.com>
> To: cypherpunks at cpunks.org
> Subject: Re: Of Sealand, corp, and country [was: nation-state]
> Message-ID: <544ad05c.e11b8c0a.532b.2dd7 at mx.google.com>
> Content-Type: text/plain; charset=US-ASCII
> 
> On Fri, 24 Oct 2014 22:20:45 +0100
> Cathal Garvey <cathalgarvey at cathalgarvey.me> wrote:
> 
>> The German military had a report years ago that found the same 
>> conclusion about peak oil. Militaries are often asked to take
>> long-view stances on things like resources and geopolitics, and 
>> climate/resource-depletion are the sorts of things that turn up.
> 
>    I guess organizations like the US military are asked by its
>    corporate accomplices to do particular things, but there are
>    other things that they would do on their own anyway, without
>    being asked. Like looking for excuses to extend their global 
>    criminal operations.
> 
>    As a side note of sorts, the german military is in a sense the
>    same military that got millions of its own people killed,
>    killed millions of people abroad, tried to conquer europe
>    twice...and failed. 
> 
> 
>> Not, that is, that I am a fan of militaries offering policy
>> suggestions. :)
> 
>    What could possibly go wrong with that? =P
> 
> 
>> 
>>> On 24/10/14 20:38, Juan wrote:
>>> 
>>> 
>>>    isn't this cute
>>>        
>>>    http://ultraculture.org/blog/2014/10/24/climate-change-now-military-threat-says-pentagon/
> 
> 
> 
> ------------------------------
> 
> Message: 9
> Date: Fri, 24 Oct 2014 23:27:00 +0000
> From: odinn <odinn.cyberguerrilla at riseup.net>
> To: cypherpunks at cpunks.org
> Subject: Re: CITIZENFOUR
> Message-ID: <544AE044.3060006 at riseup.net>
> Content-Type: text/plain; charset=windows-1252
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> Hello,
> 
> John, for some reason your name reminds me of someone who I think was
> the ninth person to walk on the moon?  Same John Young? (long shot I
> know) Just kidding though - you are the founder of Cryptome, right?
> 
> Anyway, It's not my intent here to ruffle any feathers (on this
> thread), but I did want to suggest (and I'm sure someone has already
> thought of this) that people be able to search for their names or IDs
> in (searchable) databases of leaked info.
> 
> I think this came up in a thread on twitter some while back actually...
> https://twitter.com/AnonyOdinn/status/344585372216487937
> 
> (That twitter thread was from a discussion in mid-2013[!] which
> referenced MainCore and also (different than MainCore) a 'list of
> targets' that Greenwald had mentioned, but regardless of if it's
> MainCore or Greenwald's 'list of targets' or other such thing, I think
> searchability is really important, which of course implies that really
> all the data should be made available in some kind of format to allow
> keyword searches.)
> 
> - -Odinn
> 
> 
> John Young wrote:
>> Thanks for the comments.
>> 
>> Screenshots most welcome. cryptome[at]earthlink.net or pointers.
>> 
>> Greenwald's mercenary greed is why only 97% of Snowden docs have
>> been released. His and cohorts criminal behavior puts citizens in
>> harms way to protect the natsec apparatus including natsec media.
>> 
>> 
>> At 02:58 PM 10/24/2014, you wrote:
>>> Saw this last night - an obvious must-watch for all CPunks. I
>>> think it was probably the most important documentary film of all
>>> time. As Roger Ebert said, "it’s as if Daniel Ellsberg had a
>>> friend with a movie camera who filmed his disclosure of the
>>> Pentagon Papers every step of the way. Or if the Watergate
>>> burglars had taken along a filmmaker who shot their crimes and
>>> the cover-up that followed. Except that the issues
>>> “Citizenfour� deals with are, arguably, a thousand times more
>>> potent than Vietnam or Watergate." Truly, this is the Snowden 
>>> story we have been waiting for since 2013.
>>> 
>>> The main revelation of the film, however, is what an incredible
>>> boob Glenn Greenwald is. I had some idea of this after seeing him
>>> give an extremely disappointing talk earlier this year, but I
>>> don't think I quite understood how useless this guy really is.
>>> He's constantly asking the wrong questions, displays a technical
>>> ineptness (to the point of deliberate ignorance) that obviously
>>> hampers the journalism, and at very step shows a very clear
>>> desire to keep the document cache to himself for careerist
>>> purposes. At one point Ewen MacAskill brings up the idea of there
>>> being a Wikileaks-esque document explorer, and Ed says that this
>>> would be the best outcome for the documents, and Greenwald
>>> quickly dismisses the idea to talk about his publishing schedule.
>>> I still have immense respect for him, but I found it very 
>>> frustrating and quite cringey to watch him treat the whole event
>>> in news-cycle terms, while everybody around him is obviously
>>> thinking in historical context. For instance, there is a moment
>>> when they are prepping for Ed's first on-camera interview and he
>>> asks the reporters how much background he should give about
>>> himself, and they give different answers. Poitras asks for as
>>> much detail as possible, and Greenwald basically says that isn't
>>> important, just be short so we get a good soundbite.
>>> 
>>> More importantly, I think the film also misses an opportunity to
>>> talk about power. This is something Edward himself has addressed,
>>> but it isn't really covered in Greenwald's reporting or books,
>>> and the only time it's mentioned in the film is when Jacob
>>> Appelbaum, while speaking before a European council of some sort,
>>> quite astutely comments that surveillance and control are one and
>>> the same. I think the film should probably have spent another
>>> hour or so investigating, naming and confronting those who profit
>>> from that control. Other than a few choice C-SPAN snippets, the
>>> enemy is completely faceless, which plays well for the pervading
>>> sense paranoia which envelops the film, but also leaves many
>>> questions unasked. Perhaps that's left as an exercise for the
>>> viewer, but I think the general take-away message from both the
>>> reporting and to a slightly lesser extent the film is that any
>>> "solution" will be token reform of policy and not dismantlement
>>> of power structures.
>>> 
>>> Also, very nice of the Russian government to let Ed have his 
>>> girlfriend back. I didn't know that had happened, and it gives a 
>>> rather unexpected happy ending to a film which otherwise made me
>>> want to cry desperately.
>>> 
>>> Anyway, I'd be very interested to hear what you lot thought of
>>> it. (JY, you should throw a torrent up ASAP! I'm sure people will
>>> be screenshotting and analyzing all of the new document shots the
>>> film contains.)
>>> 
>>> R
> 
> - -- 
> http://abis.io ~
> "a protocol concept to enable decentralization
> and expansion of a giving economy, and a new social good"
> https://keybase.io/odinn
> -----BEGIN PGP SIGNATURE-----
> 
> iQEcBAEBCgAGBQJUSuBDAAoJEGxwq/inSG8C+CQIAImR/hNx/DOc+ijBL0TvHNnO
> FgZ5/N3ZU7+kttHBnMTfRCTo2CQFqQLsHenynt+adKjDPiHND2cFdQ1ecBWfUvO3
> H0T73M3SC8Ay4e5Y3ygNk471v2eOEBDgyxFzUbkEXb67kWl6ht6RE6qpe0egiS4s
> bpGHT+DwkEkEaXoy3okFnKotBf9xZdTzRJkIDSO5O/i2ZxWKc7fyy0JsFY9ZVKrO
> J29Qv3rWfQ1L2rpOxRYsd23euE/GZTLKhRazxsPzSL04F81uXNFtvg/8WJs9sxN0
> LeJImrkm2UA0hganO/CxAnBJXUJN6gwQLrfdCitUK6wNduZPJXq2KGNioZF4hKI=
> =4nJ+
> -----END PGP SIGNATURE-----
> 
> 
> ------------------------------
> 
> Subject: Digest Footer
> 
> _______________________________________________
> cypherpunks mailing list
> cypherpunks at cpunks.org
> https://cpunks.org/mailman/listinfo/cypherpunks
> 
> 
> ------------------------------
> 
> End of cypherpunks Digest, Vol 16, Issue 30
> *******************************************




From cyberkiller8 at gmail.com  Sat Oct 25 00:59:55 2014
From: cyberkiller8 at gmail.com (=?UTF-8?B?IsWBdWthc3ogXCJDeWJlciBLaWxsZXJcIiBLb3JwYWxza2ki?=)
Date: Sat, 25 Oct 2014 09:59:55 +0200
Subject: Of Sealand, corp, and country [was: nation-state]
In-Reply-To: <544aa919.245d8c0a.b637.0c71@mx.google.com>
References: <CAO7N=i3CK+=dbojTuZF2No3_k=5sJgAiSsL_vp0Nvhw_oTkrmw@mail.gmail.com>
 <CAHWD2rKwo9DYdX5uZf5pe89gqDQpOcoa5XWNsDyFbD2AvXubSQ@mail.gmail.com>
 <54482549.27558c0a.0ae3.0043@mx.google.com> <1678851.ZS9v9yKKeL@lapuntu>
 <5448b3d4.0a1ee00a.558d.5fa8@mx.google.com> <5448BD5C.7020404@gmail.com>
 <544a03c6.b1238c0a.6df7.6f1c@mx.google.com> <544A089E.90201@gmail.com>
 <544aa919.245d8c0a.b637.0c71@mx.google.com>
Message-ID: <544B587B.40604@gmail.com>

W dniu 24.10.2014 o 21:32, Juan pisze:
> On Fri, 24 Oct 2014 10:06:54 +0200
> "Łukasz \"Cyber Killer\" Korpalski" <cyberkiller8 at gmail.com> wrote:
> 
>> W dniu 24.10.2014 o 09:47, Juan pisze:
>>>
>>> 	lol - what a stupid piece of shit you are
>>>
>>
>> I would like to have the moderator of this maillist look at the above
>> comment and take appropriate action. Thx.
>>
> 
> 
> 	LMAO!!! -  stupid scumbag threatens violence and then wants
> 	censorship when he's treated like the scumbag he is? LMAO,
> 	again.

I wanted to write something here, but on second thought, I'll just
ignore you. That hurts trolls like you the most, doesn't it? :-P

-- 
Łukasz "Cyber Killer" Korpalski

mail: cyberkiller8 at gmail.com
xmpp: cyber_killer at jabster.pl
site: http://website.cybkil.cu.cc
gpgkey: 0x72511999 @ hkp://keys.gnupg.net

//When replying to my e-mail, kindly please
//write your message below the quoted text.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141025/b48971ee/attachment.sig>

From nicolasbourbaki at riseup.net  Sat Oct 25 03:30:59 2014
From: nicolasbourbaki at riseup.net (Nicolas Bourbaki)
Date: Sat, 25 Oct 2014 12:30:59 +0200
Subject: Of Sealand, corp, and country [was: nation-state]
Message-ID: <17c8d42b765974002bcef8b791993265@riseup.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 21/10/2014 12:57, Lodewijk andré de la porte wrote:
> I think Google should do it. It'd be a fun project, Google Nation.

Seasteading or island steading is a backward direction. Not because
it is not a good idea but because the nations people involved are
looking to build are no better than the ones they are looking to
leave. The US was founded by a bunch of rich white men that didn't
like paying taxes. The only difference with Google, or the Thiel
foundation, is that it would be rich white men that don't like
paying taxes and also happen to know how to code.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUS3vMAAoJEHi6xtksL8/utvsP/R2goFH1WEOwedX7mP3l5rhv
XWNjppAu1QpAXeIGBFSHvlaij1tQrlAn8qKEBLCJM09XEupPOe/RxH5Zrt9VNzGT
negEUY19/hzRluXohG40Rt4JxQGl/eTaMyYeklhZWQfGayfegOIa9nBmWCy4/sAw
/Oqvjvkiqd+/iMmQlBQ3tjRr6mDeTo/b8KA7DTr+AggCzAS3MtUV5f8tfyAorlpF
UbpSEAGkE4Pm2FsU3gvT4I6u9OYxwwiCDo5fkypDl7eT4gLVloqAz7x0ETb8z/pM
3WLi0e0XYE790/r83OM6sgNH48PtiFSlDOZXzYcOnpDadg+n5zaGPeCgR63ozvGC
US0UHZppNEga3KFK5HRE4zrzfypY5UiwjKjW6nXFh2Qgh8EQKQo+pyASdAaquDTc
r22t7zYd+QwB0si7mRgYbjdApfMTAtx2Ckuucpv1pn8B1BZNNWho1i/6pOJPipp+
JaAPVNZ7QsB4r0IKn9271p5cdk+anPrttyMSZg+FWy9QX/AxFxvFHq7cI9E6A9pa
oqAGTGoNwJzyrt7SVhD3XZknboVrWrVAeFjAdnIvCA65goVCSn8QZhdrGG+NjluC
MAfo7hhzjosP8GrTls5LalC5/JQ+ApvQbbRzaD6Xs82YC1M3a7uIT8ls6dhYrVQI
qEx7pRz1M7j/hmkg7zyy
=4YPn
-----END PGP SIGNATURE-----




From nicolasbourbaki at riseup.net  Sat Oct 25 04:09:45 2014
From: nicolasbourbaki at riseup.net (Nicolas Bourbaki)
Date: Sat, 25 Oct 2014 13:09:45 +0200
Subject: Time for IETF witch =?UTF-8?Q?hunt=3F=20=28was=3A=20NSA=20Co-Chai?=
 =?UTF-8?Q?rs=20of=20Crypto=20Forum=20Research=20Group=2C=20Legitimacy=20o?=
 =?UTF-8?Q?f=20WebCrypto=20API=20in=20Doubt=29?=
Message-ID: <6d9311c9877993c287931bb137178dee@riseup.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Is this a victory? Has anything been learned from the process? We know
that regime changes are meaningless if the means of governance are not
also reformed.

In July of 2013 JFC Morfin registered an appeal [1] to the IAB (IETF
governing body). He asked the IAB to consider how the concept of a
protocol should account for social and ethical requirements. The IAB's
response [2] was terse. It showed that these governing bodies lack the
means and will to consider how the tools they develop effect people.

We sit in a time where the architect of good citizenry is being
increasingly dictated by undemocratic institutions. We are quickly
trading space beholden to social contracts of the commons for those
built by neo-liberal corporations. The ethics of "the protocol" is
dictated by whichever company provides the most coffee and cake for the
next workgroup meeting. I think the argument of "GeoIP as a threat to
democracy" [3] provides an example rhetoric illustrating why concern for
this is so important and why perhaps a witch hunt within the IETF is in
order.

1.
http://www.iab.org/wp-content/IAB-uploads/2013/07/appeal-morfin-2013-07-08.pdf
2.
https://www.ietf.org/mail-archive/web/ietf-announce/current/msg11697.html
3.
https://cpunks.org/pipermail/cypherpunks/2014-July/005037.html

On 23/10/2014 20:30, odinn wrote:
> As a (hopefully final) note to this particular issue, please note
> the resolution at:
> 
> https://www.w3.org/Bugs/Public/show_bug.cgi?id=25839#c64
> 
> The NSA co-chair is resigning, and it appears the Working Groups
> are moving ahead without the involvement of that co-chair, for
> example:
> 
> (see comments 61 and 62 at)
> 
> https://www.w3.org/Bugs/Public/show_bug.cgi?id=25618#c61
> 
> Cheers,
> 
> 
> -Odinn





-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUS4SzAAoJEHi6xtksL8/uwzcP/01mXaZiWgfcR6QEo7te2iC2
ECGnIHCXmHT4amxPDtjWGWJwPaY7ZY3k4c328gx/hOewS1a2BYU1LIpv9nJ2Hq/P
B96QciRIJG4lIzaoYUE72RyvorEUOyB5VDzDTzx5McqAkW0STReJSTJKlg9G30He
vJ7wrDBS3VB1G8kY32i39fEDPJMm4vlv+1n2R9FM6lSXyD/QCuTQQQzrqA1Z9XCD
Y+8r6XNhN0+H5oMRyutQV9qJp6+BNXJLl3rQBi8JPtxtKxNCa3kbdt1bINjWy/2J
fheKL6gUynX/EpL0epNnX1OgXWHd6SjnEjPZj08w142UQT7aEL5W1WHi/nbdKx1u
uZIkEoAzJq0Gb/Bnumon0R3WA+xU2tqPF/BGr2kFCvws8PgQr6K5lZEmzLcu0AyV
dGABC921MLA2scOqRSTmaYiVgVMrp8JAkjxwHe7TSJIh94M7e2GzbVnkkzeJhyEF
pSpK6lkSJrq0lDlqN6njKB0P+myBEh3a0kPBoK93UfaFYD36elOBjvdIKN4mBMp1
1b2nC/0jrpjtfWe8gGwOhLXBeCDLunVJWLG47x4JhRy4YwTfBZicFs1rdoyOQBkd
zoPTlOoBShYV87ERdPvWrRzdwa0fcFeJhXuFHL4OIc+nPRU1ged1TPnNkjfZW6Az
E0ig0q8YefURxuz4BPBN
=5/1u
-----END PGP SIGNATURE-----




From griffin at cryptolab.net  Sat Oct 25 10:32:02 2014
From: griffin at cryptolab.net (Griffin Boyce)
Date: Sat, 25 Oct 2014 13:32:02 -0400
Subject: Time for IETF witch =?UTF-8?Q?hunt=3F=20=28was=3A=20NSA=20Co-?=
 =?UTF-8?Q?Chairs=20of=20Crypto=20Forum=20Research=20Group=2C=20Legitimacy?=
 =?UTF-8?Q?=20of=20WebCrypto=20API=20in=20Doubt=29?=
In-Reply-To: <6d9311c9877993c287931bb137178dee@riseup.net>
References: <6d9311c9877993c287931bb137178dee@riseup.net>
Message-ID: <00a8da7e2d018b867d069732bb735d9e@cryptolab.net>

   It's fairly straightforward to uncover someone's financial and public 
ties to various organizations by looking through public records.  But 
mentioning this possibility among peers is a bit of a conversation 
killer.  No one wants to risk invading the privacy of someone who 
doesn't deserve it (which is virtually everyone with NIST or IETF).

   Incidentally, when I mentioned this to a researcher who grew up in a 
horribly oppressive society, his response was "Why would you not do this 
kind of research?"  So then I was in the awkward position of explaining 
that A) most people care about their careers, B) people don't want to 
invade others' privacy, C) the risk of false-positives is non-zero.

   Do I think that people with suspicious financial ties should be outed? 
  Sure.  But no one wants to do that.  No one wants to be the messenger.

TL;DR: people love handrwringing, hate even mild risk.

best,
Griffin

ps: nah, I don't think that the legitimacy of the WebCrypto API is in 
doubt


Nicolas Bourbaki wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Is this a victory? Has anything been learned from the process? We know
> that regime changes are meaningless if the means of governance are not
> also reformed.
> 
> In July of 2013 JFC Morfin registered an appeal [1] to the IAB (IETF
> governing body). He asked the IAB to consider how the concept of a
> protocol should account for social and ethical requirements. The IAB's
> response [2] was terse. It showed that these governing bodies lack the
> means and will to consider how the tools they develop effect people.
> 
> We sit in a time where the architect of good citizenry is being
> increasingly dictated by undemocratic institutions. We are quickly
> trading space beholden to social contracts of the commons for those
> built by neo-liberal corporations. The ethics of "the protocol" is
> dictated by whichever company provides the most coffee and cake for the
> next workgroup meeting. I think the argument of "GeoIP as a threat to
> democracy" [3] provides an example rhetoric illustrating why concern 
> for
> this is so important and why perhaps a witch hunt within the IETF is in
> order.
> 
> 1.
> http://www.iab.org/wp-content/IAB-uploads/2013/07/appeal-morfin-2013-07-08.pdf
> 2.
> https://www.ietf.org/mail-archive/web/ietf-announce/current/msg11697.html
> 3.
> https://cpunks.org/pipermail/cypherpunks/2014-July/005037.html
> 
> On 23/10/2014 20:30, odinn wrote:
>> As a (hopefully final) note to this particular issue, please note
>> the resolution at:
>> 
>> https://www.w3.org/Bugs/Public/show_bug.cgi?id=25839#c64
>> 
>> The NSA co-chair is resigning, and it appears the Working Groups
>> are moving ahead without the involvement of that co-chair, for
>> example:
>> 
>> (see comments 61 and 62 at)
>> 
>> https://www.w3.org/Bugs/Public/show_bug.cgi?id=25618#c61
>> 
>> Cheers,
>> 
>> 
>> -Odinn
> 
> 
> 
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> 
> iQIcBAEBAgAGBQJUS4SzAAoJEHi6xtksL8/uwzcP/01mXaZiWgfcR6QEo7te2iC2
> ECGnIHCXmHT4amxPDtjWGWJwPaY7ZY3k4c328gx/hOewS1a2BYU1LIpv9nJ2Hq/P
> B96QciRIJG4lIzaoYUE72RyvorEUOyB5VDzDTzx5McqAkW0STReJSTJKlg9G30He
> vJ7wrDBS3VB1G8kY32i39fEDPJMm4vlv+1n2R9FM6lSXyD/QCuTQQQzrqA1Z9XCD
> Y+8r6XNhN0+H5oMRyutQV9qJp6+BNXJLl3rQBi8JPtxtKxNCa3kbdt1bINjWy/2J
> fheKL6gUynX/EpL0epNnX1OgXWHd6SjnEjPZj08w142UQT7aEL5W1WHi/nbdKx1u
> uZIkEoAzJq0Gb/Bnumon0R3WA+xU2tqPF/BGr2kFCvws8PgQr6K5lZEmzLcu0AyV
> dGABC921MLA2scOqRSTmaYiVgVMrp8JAkjxwHe7TSJIh94M7e2GzbVnkkzeJhyEF
> pSpK6lkSJrq0lDlqN6njKB0P+myBEh3a0kPBoK93UfaFYD36elOBjvdIKN4mBMp1
> 1b2nC/0jrpjtfWe8gGwOhLXBeCDLunVJWLG47x4JhRy4YwTfBZicFs1rdoyOQBkd
> zoPTlOoBShYV87ERdPvWrRzdwa0fcFeJhXuFHL4OIc+nPRU1ged1TPnNkjfZW6Az
> E0ig0q8YefURxuz4BPBN
> =5/1u
> -----END PGP SIGNATURE-----

-- 
"I believe that usability is a security concern; systems that do
not pay close attention to the human interaction factors involved
risk failing to provide security by failing to attract users."
~Len Sassaman




From l at odewijk.nl  Sat Oct 25 08:48:01 2014
From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=)
Date: Sat, 25 Oct 2014 17:48:01 +0200
Subject: Time for IETF witch hunt? (was: NSA Co-Chairs of Crypto Forum
 Research Group, Legitimacy of WebCrypto API in Doubt)
In-Reply-To: <6d9311c9877993c287931bb137178dee@riseup.net>
References: <6d9311c9877993c287931bb137178dee@riseup.net>
Message-ID: <CAHWD2rJkgyjE+w28ybA5PVhRSFbAx_GtaGaupM7SbFsVuRL7aA@mail.gmail.com>

This governance is so centralized it makes me retch. Why do we need it? We
don't! Consensus where it's not needed is detrimental anti-freedom fascist
circlejerking. Standards should merely enable interoperability, thus create
choice, and through that choice must come features, and the want for
features will enforce those standards.

Related: who's up for swapping layer 3 altogether?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 443 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141025/2da3bd6d/attachment.txt>

From jessetaylor84 at riseup.net  Sat Oct 25 19:06:01 2014
From: jessetaylor84 at riseup.net (Jesse Taylor)
Date: Sat, 25 Oct 2014 19:06:01 -0700
Subject: CITIZENFOUR
Message-ID: <544C5709.8060902@riseup.net>

After reading the Salon article you mentioned, I filed FOIA requests regarding "Main Core" with NSA, FBI, DHS, DSS, NORTHCOM, STRATCOM, CYBERCOM, and DODIIS. All I got was responses saying that there were no responsive records. Of course, this is what happens when almost any information about classified programs is requested via FOIA, so I wasn't surprised (FOIA is really just a smokescreen to make people waste their time begging for records they're never going to get, and to promote the illusion that citizens have some sort of oversight over "their" government).

I sent a letter to the editorial staff at Salon and Democracy Now, which both ran stories on this based on "anonymous sources", and pointed out to them that pretty much every intelligence agency is responding to FOIA requests saying the topic of one of their stories doesn't actually exist. Neither of them responded.

--Jesse

odinn wrote:

    /1) Who might have access to a list known as Main Core? This is such
    an old story that it would seem that some kind of list would now be
    available, but I haven't found it. Has it ever been leaked, FOIA'd,
    successfully released in partially redacted form in some other
    mechanism, or made searchable somewhere? //
    //
    //[[ Main Core notes / background: Salon reported on Main Core in
    July of 2008 with an article by Tim Shorrock. Apparently, William
    Hamilton, a former NSA intelligence officer who left the agency in
    the 1970s, had heard of Main Core at some point in 1992, according
    to the Salon article. Hamilton, who (was then, and still is)
    president of Inslaw Inc., a computer services firm that includes
    clients in government, indicated that the Bush administration's
    domestic surveillance operations used Main Core - it is not known if
    it is still used today in 2014. Main Core was first widely reported
    on in May 2008 by Christopher Ketcham and in July 2008 by Tim
    Shorrock, which included in July of 2008 an interview by Amy Goodman
    of Tim Shorrock. However, I am unaware of any release of names,
    e-mails, etc. which might be on this list, and it seemed kind of
    obvious that those who were reporting on it probably had never seen
    the Main Core list. This may involve use of PROMIS software, and
    according to Adm. Dan Murphy (a former military advisor to Elliot
    Richardson who later served under President George H.W. Bush as
    deputy director of the CIA, who 'died' shortly after his meeting in
    2001 with William Hamilton), did not specifically mention Main Core.
    But he informed Hamilton that the NSA's use of PROMIS involved
    something "so seriously wrong that money alone cannot cure the
    problem." ]]/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3436 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141025/0983440e/attachment.txt>

From odinn.cyberguerrilla at riseup.net  Sat Oct 25 12:33:07 2014
From: odinn.cyberguerrilla at riseup.net (odinn)
Date: Sat, 25 Oct 2014 19:33:07 +0000
Subject: Time for IETF witch hunt? (was: NSA Co-Chairs of Crypto Forum
 Research Group, Legitimacy of WebCrypto API in Doubt)
In-Reply-To: <6d9311c9877993c287931bb137178dee@riseup.net>
References: <6d9311c9877993c287931bb137178dee@riseup.net>
Message-ID: <544BFAF3.1040007@riseup.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hopefully this can be thought of not as a witch hunt, but as an
encouragement for people to both participate more in lists where
crypto is discussed as well as keep an eye out for these very issues
of NSA influence (as well as influence from various corporation-state
actors regardless of their geographical place of origin) on an ongoing
basis.

Nicolas Bourbaki wrote:
> Is this a victory? Has anything been learned from the process? We
> know that regime changes are meaningless if the means of governance
> are not also reformed.
> 
> In July of 2013 JFC Morfin registered an appeal [1] to the IAB
> (IETF governing body). He asked the IAB to consider how the concept
> of a protocol should account for social and ethical requirements.
> The IAB's response [2] was terse. It showed that these governing
> bodies lack the means and will to consider how the tools they
> develop effect people.
> 
> We sit in a time where the architect of good citizenry is being 
> increasingly dictated by undemocratic institutions. We are quickly 
> trading space beholden to social contracts of the commons for
> those built by neo-liberal corporations. The ethics of "the
> protocol" is dictated by whichever company provides the most coffee
> and cake for the next workgroup meeting. I think the argument of
> "GeoIP as a threat to democracy" [3] provides an example rhetoric
> illustrating why concern for this is so important and why perhaps a
> witch hunt within the IETF is in order.
> 
> 1. 
> http://www.iab.org/wp-content/IAB-uploads/2013/07/appeal-morfin-2013-07-08.pdf
>
>  2. 
> https://www.ietf.org/mail-archive/web/ietf-announce/current/msg11697.html
>
> 
3.
> https://cpunks.org/pipermail/cypherpunks/2014-July/005037.html
> 
> On 23/10/2014 20:30, odinn wrote:
>> As a (hopefully final) note to this particular issue, please
>> note the resolution at:
> 
>> https://www.w3.org/Bugs/Public/show_bug.cgi?id=25839#c64
> 
>> The NSA co-chair is resigning, and it appears the Working Groups 
>> are moving ahead without the involvement of that co-chair, for 
>> example:
> 
>> (see comments 61 and 62 at)
> 
>> https://www.w3.org/Bugs/Public/show_bug.cgi?id=25618#c61
> 
>> Cheers,
> 
> 
>> -Odinn
> 
> 
> 
> 
> 
> 

- -- 
http://abis.io ~
"a protocol concept to enable decentralization
and expansion of a giving economy, and a new social good"
https://keybase.io/odinn
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJUS/ryAAoJEGxwq/inSG8CwiUH/ik52nAumHXkOvfgIeh5ukmt
OZkMfxdDOWTRB2K8iJyLGiQCeJFK6xxg1Uxa0q3waxD26BiWLgC71waqyY3j4XDx
2jMV0ZLKNE8+csLrIwzOEPL0z4yfc7boltCQOWIkBrYzcmQ39Xmx4UPYkQmCK7tl
BIjoTjcNf1EuouyUazE7FXU3fvDseujOwK5V/c/A7vhqwdzC6YgcWD1GavEZXjgG
zBH5MTqVEZeNN0nM15p5M1+wSLVcqY0TjlI93dhxQ8RDQwu0yUpWZsgkszOuZ/9c
j3VFwqDz6N8Bpwio57NBDSVFpHSZojvq+VxomPHVJE+Q2jjKB9GGdAbuYhpcmAo=
=tHEj
-----END PGP SIGNATURE-----




From juan.g71 at gmail.com  Sat Oct 25 16:33:19 2014
From: juan.g71 at gmail.com (Juan)
Date: Sat, 25 Oct 2014 20:33:19 -0300
Subject: Of Sealand, corp, and country [was: nation-state]
In-Reply-To: <544B587B.40604@gmail.com>
References: <CAO7N=i3CK+=dbojTuZF2No3_k=5sJgAiSsL_vp0Nvhw_oTkrmw@mail.gmail.com>
 <CAHWD2rKwo9DYdX5uZf5pe89gqDQpOcoa5XWNsDyFbD2AvXubSQ@mail.gmail.com>
 <54482549.27558c0a.0ae3.0043@mx.google.com>
 <1678851.ZS9v9yKKeL@lapuntu>
 <5448b3d4.0a1ee00a.558d.5fa8@mx.google.com>
 <5448BD5C.7020404@gmail.com>
 <544a03c6.b1238c0a.6df7.6f1c@mx.google.com>
 <544A089E.90201@gmail.com>
 <544aa919.245d8c0a.b637.0c71@mx.google.com>
 <544B587B.40604@gmail.com>
Message-ID: <544c32f6.0838e00a.25ad.ffffffaa@mx.google.com>

On Sat, 25 Oct 2014 09:59:55 +0200
"Łukasz \"Cyber Killer\" Korpalski" <cyberkiller8 at gmail.com> wrote:

> W dniu 24.10.2014 o 21:32, Juan pisze:
> > On Fri, 24 Oct 2014 10:06:54 +0200
> > "Łukasz \"Cyber Killer\" Korpalski" <cyberkiller8 at gmail.com> wrote:
> > 
> >> W dniu 24.10.2014 o 09:47, Juan pisze:
> >>>
> >>> 	lol - what a stupid piece of shit you are
> >>>
> >>
> >> I would like to have the moderator of this maillist look at the
> >> above comment and take appropriate action. Thx.
> >>
> > 
> > 
> > 	LMAO!!! -  stupid scumbag threatens violence and then wants
> > 	censorship when he's treated like the scumbag he is? LMAO,
> > 	again.
> 
> I wanted to write something here, but on second thought, I'll just
> ignore you. That hurts trolls like you the most, doesn't it? :-P
> 

	Yes Korpalski, you just can't imagine how much hurting a
	non-entity like you is causing me. The pain is unbearable.



	








From admin at pilobilus.net  Sat Oct 25 18:59:35 2014
From: admin at pilobilus.net (Steve Kinney)
Date: Sat, 25 Oct 2014 21:59:35 -0400
Subject: CITIZENFOUR
In-Reply-To: <mailman.22.1414280251.1806.cypherpunks@cpunks.org>
References: <mailman.22.1414280251.1806.cypherpunks@cpunks.org>
Message-ID: <544C5587.10700@pilobilus.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In my mind the sudden appearance of that momentarily almost-famous
"pole dancer girlfriend" of Snowden's is of a piece with the rest
of The Snowden Affair:  It raises more questions than it answers,
and adds more reasons to suspect a double game.

Did the "pole dancer girlfriend" ever exist, and is that really
her?  I will assume so, for the sake of a fun story.  What are the
odds that she has travelled more than one mile in any direction
since Ed went walkabout, without that motion being logged for
analysis by a consortium of TLAs?  Other than "she has always
worked for us and is still passing polygraph exams," how could her
bona fides as a person of no interest be so confidently endorsed
by the public servants who let her walk away?  If on the other
hand Russia worked some hocus pocus on her behalf, why have public
officials and partisan propaganda mills that already call Snowden
a Russian agent remained silent on that subject?

Painting the young lady in question as a Russian agent who used
her pole dancing skills to steal U.S. secrets would not be hard:
The story sells itself.  Part two of the story would be how she
fluttered away free as a bird to the waiting welcome of her
Russian paymasters:  First Benghazi, now Boris and Natasha in a
Moscow love nest?  It's an outrageous story that would suit many
of our partisan political propagandists very nicely right about...
now.  But all I hear so far is crickets.

"Those whom heaven helps we call the sons of heaven. They do not
learn this by learning. They do not work it by working. They do
not reason it by using reason. To let understanding stop at what
cannot be understood is a high attainment. Those who cannot do it
will be destroyed on the lathe of heaven." -- Ursula K. LeGuin

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBAgAGBQJUTFWGAAoJEDZ0Gg87KR0L2eIQAInkvM+0AUswetwBk2VMHf8r
9mu/zMReznVPyGcW0+Yn5hlftTlFkGouw8Eohdc/hlH9Av66Xf65fQD0q060sU8N
eC3KuwBjcNsekZxDuinPS0ferwBkn5FQge819S9aTwAN6rJTO3d50AhtkG685udl
T+Zm4TufUU5H3a0htckJEgsgwSVUJ71bSPchOovA8uC6ZFo1kTb00AnoixHIJyP1
E26KaaqoddRekut/bmGZoWvujkbqm22DSh5I4+SI1cCesnxezcgEhGShVBazHGFb
lkwDrO29KjUHdiFY0qPrx1JBiQFa2tlk8OpeSTWrkWL8BbYgIgtBNxjS9JuljOiV
/rZqQNnW9wxhz9xFU+zL3R1WD8oqFohBz9Jj/Jw5EzD+Qws97JFmJEzKUt3u0Q4y
xGaS4Ic04pvPFGIH8FPkCTrswoN0ZzOpZyX3d4oBwKf3HO7D8FuRgmSnte4ppqUQ
wwS2oCWu8Xd/k3iKbdanCdIfQbb5Pqk3gggEgN3Jo7rIiiqzpx9tjQy+0krxszIn
mxnMusEL3vY8zdBf0Hc/n+g2erZAYjP6Lpw5WrvOaZvXj629Zv/UmguZkvF5/x37
FirG7rzAc7a72Xpr2K2P6jkV2zHtuGgeJenWnny8OcK/5mZ3dTNiWgb8F8fFyhgF
IoTcBm2ed7/1VbjxEWcB
=1T2p
-----END PGP SIGNATURE-----




From l at odewijk.nl  Sat Oct 25 14:02:54 2014
From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=)
Date: Sat, 25 Oct 2014 23:02:54 +0200
Subject: Of Sealand, corp, and country [was: nation-state]
In-Reply-To: <17c8d42b765974002bcef8b791993265@riseup.net>
References: <17c8d42b765974002bcef8b791993265@riseup.net>
Message-ID: <CAHWD2rJF_Dg3-50=WPFrHA1E3OzOzTRYFdmMqyU40Ka67xHOvw@mail.gmail.com>

2014-10-25 12:30 GMT+02:00 Nicolas Bourbaki <nicolasbourbaki at riseup.net>:

> The US was founded by a bunch of rich white men that didn't
> like paying taxes.
>

Nor the crown, and I guess they do better than the crown at least.


> The only difference with Google, or the Thiel
> foundation, is that it would be rich white men that don't like
> paying taxes and also happen to know how to code.
>

Which strikes me as a massive improvement, and a certain guarantee to their
sanity.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1051 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141025/7ac5b776/attachment.txt>

From odinn.cyberguerrilla at riseup.net  Sat Oct 25 23:04:19 2014
From: odinn.cyberguerrilla at riseup.net (odinn)
Date: Sun, 26 Oct 2014 06:04:19 +0000
Subject: CITIZENFOUR
In-Reply-To: <544C5709.8060902@riseup.net>
References: <544C5709.8060902@riseup.net>
Message-ID: <544C8EE3.9060409@riseup.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Jesse,

Thanks for sharing this. My sense is that Main Core existed but was
never leaked (and certainly couldn't be obtained via FOIA) ~ some
figures state that it had around 8 million names, and that was well
before the most recent administration ~ so assuming something like it
is still in use, and based on the source material that has been
released to date, it would seem that everyone and their dogs, cats and
guinea pigs are on some list or another.

In a strange and unlikely occurrence, I recall that recently there was
a court case of some kind where someone was able to convince a court
to tell the TSA that they had to disclose if someone was on a no-fly
list.  I can't remember the name of the case but it was the first time
I'd seen that happen.  Not that I am advocating use of law and the
force associated with it to solve vast societal problems, but
apparently someone had some luck there against all odds.

Well, now I am thinking I should just take a link to my posted
request, as John Y. seemed to suggest and send it through socmedia to
Firstlook / Greenwald and see if I get a reply.

Cheers all

Jesse Taylor wrote:
> After reading the Salon article you mentioned, I filed FOIA
> requests regarding "Main Core" with NSA, FBI, DHS, DSS, NORTHCOM,
> STRATCOM, CYBERCOM, and DODIIS. All I got was responses saying that
> there were no responsive records. Of course, this is what happens
> when almost any information about classified programs is requested
> via FOIA, so I wasn't surprised (FOIA is really just a smokescreen
> to make people waste their time begging for records they're never
> going to get, and to promote the illusion that citizens have some
> sort of oversight over "their" government).
> 
> I sent a letter to the editorial staff at Salon and Democracy Now,
> which both ran stories on this based on "anonymous sources", and
> pointed out to them that pretty much every intelligence agency is
> responding to FOIA requests saying the topic of one of their
> stories doesn't actually exist. Neither of them responded.
> 
> --Jesse
> 
> odinn wrote:
> 
> /1) Who might have access to a list known as Main Core? This is
> such an old story that it would seem that some kind of list would
> now be available, but I haven't found it. Has it ever been leaked,
> FOIA'd, successfully released in partially redacted form in some
> other mechanism, or made searchable somewhere? // // //[[ Main Core
> notes / background: Salon reported on Main Core in July of 2008
> with an article by Tim Shorrock. Apparently, William Hamilton, a
> former NSA intelligence officer who left the agency in the 1970s,
> had heard of Main Core at some point in 1992, according to the
> Salon article. Hamilton, who (was then, and still is) president of
> Inslaw Inc., a computer services firm that includes clients in
> government, indicated that the Bush administration's domestic
> surveillance operations used Main Core - it is not known if it is
> still used today in 2014. Main Core was first widely reported on in
> May 2008 by Christopher Ketcham and in July 2008 by Tim Shorrock,
> which included in July of 2008 an interview by Amy Goodman of Tim
> Shorrock. However, I am unaware of any release of names, e-mails,
> etc. which might be on this list, and it seemed kind of obvious
> that those who were reporting on it probably had never seen the
> Main Core list. This may involve use of PROMIS software, and 
> according to Adm. Dan Murphy (a former military advisor to Elliot 
> Richardson who later served under President George H.W. Bush as 
> deputy director of the CIA, who 'died' shortly after his meeting
> in 2001 with William Hamilton), did not specifically mention Main
> Core. But he informed Hamilton that the NSA's use of PROMIS
> involved something "so seriously wrong that money alone cannot cure
> the problem." ]]/
> 
> 

- -- 
http://abis.io ~
"a protocol concept to enable decentralization
and expansion of a giving economy, and a new social good"
https://keybase.io/odinn
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJUTI7jAAoJEGxwq/inSG8ChpQH/iiyS4gF3+ONdeG5y0sYmN+e
eVhA/SW1fQlIUizjGKLeCEEhEwPoTE/L/vqaa9u33p2Ej1emMMCTF7zMlB1hYaMR
/JFAK6ufoi9xRv85eGi07OjjTjnEqvOL5T8c6by5FPwpqBSzjSf0TAizGH2V+gfA
RomJKfBW9azwoH1dK3dvcZRraf5mstgeF7YvZbZP3gaTHuJbjgPaLaY3hJiIgarl
fE2xYBpqhtRQmamzGcpaD58xRWxL5DjKPIR2bJPr7mgz6vkQMZlAVovZ4eqcE2A9
sZHA86RZETG8W37XOSFSABVYvDHhBrZPwhWlypsHR6ONQIgW/lVsPh9tfsNUXKs=
=92ar
-----END PGP SIGNATURE-----




From kanzure at gmail.com  Sun Oct 26 05:58:50 2014
From: kanzure at gmail.com (Bryan Bishop)
Date: Sun, 26 Oct 2014 07:58:50 -0500
Subject: GamerGate
In-Reply-To: <E1XiMu9-0006nZ-HY@elasmtp-mealy.atl.sa.earthlink.net>
References: <CAB4-RpLRCYfcSD+Tp6bV9RCSxvLTDv8M_Y01Gtb=2MTV3-yObw@mail.gmail.com>
 <E1XiMu9-0006nZ-HY@elasmtp-mealy.atl.sa.earthlink.net>
Message-ID: <CABaSBawMcixqSuqqwUpv-9zqf0J7z1qPLmh3YzhKgWA4VFB1Pw@mail.gmail.com>

On Sun, Oct 26, 2014 at 7:26 AM, John Young <jya at pipeline.com> wrote:
> I had not followed GamerGate until today's New York Times
> article about it. Nor followed games, so the controversy is

One thing to keep in mind is that there is a strong incentive for
journalists to misreport on this topic because the GamerGate people
are extremely critical of journalists. This is one reason why
journalists originally refused to report anything real about them.

Here's an interesting take on the two sides of the topic:
http://mangotron.com/pro-vs-anti-gamergate-two-interviews

- Bryan
http://heybryan.org/
1 512 203 0507




From jya at pipeline.com  Sun Oct 26 05:26:42 2014
From: jya at pipeline.com (John Young)
Date: Sun, 26 Oct 2014 08:26:42 -0400
Subject: GamerGate
In-Reply-To: <CAB4-RpLRCYfcSD+Tp6bV9RCSxvLTDv8M_Y01Gtb=2MTV3-yObw@mail.g
 mail.com>
References: <CAB4-RpLRCYfcSD+Tp6bV9RCSxvLTDv8M_Y01Gtb=2MTV3-yObw@mail.gmail.com>
Message-ID: <E1XiMu9-0006nZ-HY@elasmtp-mealy.atl.sa.earthlink.net>

I had not followed GamerGate until today's New York Times
article about it. Nor followed games, so the controversy is
new to me. But not the issues involved, which are prevalent
online and off. Particularly in testosterone-rich enterprises like
military, spies, armaments, sports, weapons, ideology,
religion, education, society, civilization, humanity, existence
itself. In all of these, the stronger violently dominate the
weaker and do so with the psychotic belief that this is
the way it should be, natural.

In war and peace, in human exploitation of animal and earthly
domains, in climate degradation, in force-feeding "democracy,"
in cruel treatment of women's bodies and neglect of children,
in just about every aspect of torturous "advancements in
civilized peoples" in the course of inventing and applying
ever greater and more vicious ways to kill, maim, starve
and over-populate earthlings by male rape in all guises
of wargames.

Games are a reflection of the this much greater conceit
of male dominance in all institutions, all of them, even those
which spout diversity and affirmative action and grant minimal
access to privileged male sanctuaries -- no matter the skin
color, ethnicity, faith, location on earth.

It is argued that male aggression inherent and can at best
be somewhat controlled by law and social compact. That is
a comfortable apologia by male supremacists in law and
social compacts dominated by them with intellectual and
economic arrogance. All institutions measure accomplishment
by male-derived standards to tip the balance in favor of those
rigged games.

GameGate is too limited in scope, so much that it should
be seen as a male-dominated diversion, a game, to avoid
addressing the origin and sustaining influence of male
way of thinking, doing, making, competing, surviving, by
lying, cheating, killing, ruling in all aspects of existence,
simulated in games, trained for in games, monetized by
games designers and producers, applauded and lauded
in halls of power and control, in prizes and awards, in
cemetaries and statues, in art and science, in accumulation
concentration and monopolization of wealth.

No game this larger world, this wargame of "ballsy"
potentates in military, policy, spying, media, sports,
taxation, playing obsessively the "law of men enforced
by lawmen."

At 12:10 PM 10/25/2014, you wrote:
>Hello
>John, what do you think about GamerGate?
>
>cheers,
>George.





From eric at konklone.com  Sun Oct 26 17:24:49 2014
From: eric at konklone.com (Eric Mill)
Date: Sun, 26 Oct 2014 20:24:49 -0400
Subject: GamerGate
In-Reply-To: <E1XiMu9-0006nZ-HY@elasmtp-mealy.atl.sa.earthlink.net>
References: <CAB4-RpLRCYfcSD+Tp6bV9RCSxvLTDv8M_Y01Gtb=2MTV3-yObw@mail.gmail.com>
 <E1XiMu9-0006nZ-HY@elasmtp-mealy.atl.sa.earthlink.net>
Message-ID: <CANBOYLUxW9hcxfRE30Q9KDPbD+BUZB-Zud0qV8RpHZwYnuOjRQ@mail.gmail.com>

John, that was a beautiful email.

I sincerely hope it is both the introduction and the coda to this
intersection of cpunks and GamerGate. Let's just move on from here.

On Sun, Oct 26, 2014 at 8:26 AM, John Young <jya at pipeline.com> wrote:

> I had not followed GamerGate until today's New York Times
> article about it. Nor followed games, so the controversy is
> new to me. But not the issues involved, which are prevalent
> online and off. Particularly in testosterone-rich enterprises like
> military, spies, armaments, sports, weapons, ideology,
> religion, education, society, civilization, humanity, existence
> itself. In all of these, the stronger violently dominate the
> weaker and do so with the psychotic belief that this is
> the way it should be, natural.
>
> In war and peace, in human exploitation of animal and earthly
> domains, in climate degradation, in force-feeding "democracy,"
> in cruel treatment of women's bodies and neglect of children,
> in just about every aspect of torturous "advancements in
> civilized peoples" in the course of inventing and applying
> ever greater and more vicious ways to kill, maim, starve
> and over-populate earthlings by male rape in all guises
> of wargames.
>
> Games are a reflection of the this much greater conceit
> of male dominance in all institutions, all of them, even those
> which spout diversity and affirmative action and grant minimal
> access to privileged male sanctuaries -- no matter the skin
> color, ethnicity, faith, location on earth.
>
> It is argued that male aggression inherent and can at best
> be somewhat controlled by law and social compact. That is
> a comfortable apologia by male supremacists in law and
> social compacts dominated by them with intellectual and
> economic arrogance. All institutions measure accomplishment
> by male-derived standards to tip the balance in favor of those
> rigged games.
>
> GameGate is too limited in scope, so much that it should
> be seen as a male-dominated diversion, a game, to avoid
> addressing the origin and sustaining influence of male
> way of thinking, doing, making, competing, surviving, by
> lying, cheating, killing, ruling in all aspects of existence,
> simulated in games, trained for in games, monetized by
> games designers and producers, applauded and lauded
> in halls of power and control, in prizes and awards, in
> cemetaries and statues, in art and science, in accumulation
> concentration and monopolization of wealth.
>
> No game this larger world, this wargame of "ballsy"
> potentates in military, policy, spying, media, sports,
> taxation, playing obsessively the "law of men enforced
> by lawmen."
>
> At 12:10 PM 10/25/2014, you wrote:
>
>> Hello
>> John, what do you think about GamerGate?
>>
>> cheers,
>> George.
>>
>
>
>


-- 
konklone.com | @konklone <https://twitter.com/konklone>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3758 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141026/242e2377/attachment.txt>

From pgut001 at cs.auckland.ac.nz  Sun Oct 26 02:38:08 2014
From: pgut001 at cs.auckland.ac.nz (Peter Gutmann)
Date: Sun, 26 Oct 2014 22:38:08 +1300
Subject: Time for IETF witch hunt? (was: NSA Co-Chairs of Crypto Forum
 Research Group, Legitimacy of WebCrypto API in Doubt)
In-Reply-To: <20141025191158.GA15508@nestor.local>
Message-ID: <E1XiKH2-0000SY-RP@login01.fos.auckland.ac.nz>

"Meredith L. Patterson" <mlp at upstandinghackers.com> writes:

>WebCrypto is a shitshow in large part because the people at its wheel
>perceive a need for JavaScript programmers to make decisions about what
>cipher mode to use. They're dead-set on forcing developrs who write
>Javascript because C is hard to make low-level decisions that affect the
>reliability of their code in profound and non-obvious ways, and refuse to
>understand that this approach never ends well.

+1.

(But then not allowing people to make their preferred crypto fashion statement
would also be removing their freedom to shoot themselves in the foot with a
machine-gun.  In any case as a security researcher I don't know what you're
complaining about, you're getting a guaranteed lifetime supply of material for
future presentations at Defcon/Black Hat/etc).

Peter.




From griffin at cryptolab.net  Sun Oct 26 19:48:20 2014
From: griffin at cryptolab.net (Griffin Boyce)
Date: Sun, 26 Oct 2014 22:48:20 -0400
Subject: GamerGate
In-Reply-To: <CAOE4rSwfdajJbMWEa=UKa-M8-cbahs1S=C5yVnc=_cHcUtHQaQ@mail.gmail.com>
References: <CAB4-RpLRCYfcSD+Tp6bV9RCSxvLTDv8M_Y01Gtb=2MTV3-yObw@mail.gmail.com>
 <E1XiMu9-0006nZ-HY@elasmtp-mealy.atl.sa.earthlink.net>
 <CAOE4rSwfdajJbMWEa=UKa-M8-cbahs1S=C5yVnc=_cHcUtHQaQ@mail.gmail.com>
Message-ID: <45ac353359f0ad85f3a792faa499faba@cryptolab.net>

Dāvis Mosāns wrote:
> Anyway GamerGate is really complex issue and it's not only
> about journalism. My suggestion would be, look here

   If gamergaters spent half as much time trying to fix systemic problems 
that they claim to care about as they do correcting "misconceptions" 
about gamergate, I *might* start to take them seriously.

   Want to fix games journalism?  Why not start with the large 
corporations that bribe their way into getting good reviews at large 
publications that lead to millions of dollars in sales.  Target EA, who 
just this week went to court to defend against a class-action lawsuit 
filed by gamers.  While the court found in their favor, they *also* 
determined that the statements put out by EA were "puffery" and did not 
reflect reality.  How will this impact the industry going forward?  Does 
#GamerGate bother having an opinion on this?

   Targeting female indie developers is complete weaksauce.  And the fact 
that this comprises the vast majority of #GamerGate's "activism" proves 
the allegation that it's filled with whiny man-babies.

> And note, that, it's not only gamers who support GamerGate, but
> also game developers, including females (see #NotYourShield).

   You know what I *don't* care about?  People I don't know who 
supposedly shagged other people I don't know.  No one whose opinion 
matters cares about this hypothetical scandal.  It's all a 
pseudo-intellectual circlejerk.

   You either care about journalistic ethics enough to target large 
corporations and key players, or you're just fucking around.  Seriously. 
  This is as true for you (yes, you personally) as it is for the #NSA 
#GCHQ crowd.

~Griffin





From davispuh at gmail.com  Sun Oct 26 16:17:59 2014
From: davispuh at gmail.com (=?UTF-8?B?RMSBdmlzIE1vc8SBbnM=?=)
Date: Mon, 27 Oct 2014 01:17:59 +0200
Subject: GamerGate
In-Reply-To: <E1XiMu9-0006nZ-HY@elasmtp-mealy.atl.sa.earthlink.net>
References: <CAB4-RpLRCYfcSD+Tp6bV9RCSxvLTDv8M_Y01Gtb=2MTV3-yObw@mail.gmail.com>
 <E1XiMu9-0006nZ-HY@elasmtp-mealy.atl.sa.earthlink.net>
Message-ID: <CAOE4rSwfdajJbMWEa=UKa-M8-cbahs1S=C5yVnc=_cHcUtHQaQ@mail.gmail.com>

2014-10-26 14:26 GMT+02:00 John Young <jya at pipeline.com>:

> I had not followed GamerGate until today's New York Times
> article about it. Nor followed games, so the controversy is
> new to me. But not the issues involved, which are prevalent
> online and off. Particularly in testosterone-rich enterprises like
> military, spies, armaments, sports, weapons, ideology,
> religion, education, society, civilization, humanity, existence
> itself. In all of these, the stronger violently dominate the
> weaker and do so with the psychotic belief that this is
> the way it should be, natural.
>
> In war and peace, in human exploitation of animal and earthly
> domains, in climate degradation, in force-feeding "democracy,"
> in cruel treatment of women's bodies and neglect of children,
> in just about every aspect of torturous "advancements in
> civilized peoples" in the course of inventing and applying
> ever greater and more vicious ways to kill, maim, starve
> and over-populate earthlings by male rape in all guises
> of wargames.
>
> Games are a reflection of the this much greater conceit
> of male dominance in all institutions, all of them, even those
> which spout diversity and affirmative action and grant minimal
> access to privileged male sanctuaries -- no matter the skin
> color, ethnicity, faith, location on earth.
>
> It is argued that male aggression inherent and can at best
> be somewhat controlled by law and social compact. That is
> a comfortable apologia by male supremacists in law and
> social compacts dominated by them with intellectual and
> economic arrogance. All institutions measure accomplishment
> by male-derived standards to tip the balance in favor of those
> rigged games.
>
> GameGate is too limited in scope, so much that it should
> be seen as a male-dominated diversion, a game, to avoid
> addressing the origin and sustaining influence of male
> way of thinking, doing, making, competing, surviving, by
> lying, cheating, killing, ruling in all aspects of existence,
> simulated in games, trained for in games, monetized by
> games designers and producers, applauded and lauded
> in halls of power and control, in prizes and awards, in
> cemetaries and statues, in art and science, in accumulation
> concentration and monopolization of wealth.
>
> No game this larger world, this wargame of "ballsy"
> potentates in military, policy, spying, media, sports,
> taxation, playing obsessively the "law of men enforced
> by lawmen."
>
> At 12:10 PM 10/25/2014, you wrote:
>
>> Hello
>> John, what do you think about GamerGate?
>>
>> cheers,
>> George.
>>
>
>
>
It looks like you don't really understand GamerGate at all.

Nothing you said is even remotely related to GamerGate.
For me it looks like you're just slamming your own views on it
without realizing it's not even related.

I just read that New York Times article and you can
clearly see it's written by anti-GamerGate like most
mainstream media does so. This is actually exactly why
GamerGate is such big movement and it's best described
with this quote:

The issue GamerGate is attempting to address is that the majority

of games publications take an unbalanced view of the industry,

injecting their political beliefs into stories they then report on as fact.

It's like if Fox, MSNBC and CNN were all ultra right (or left) wing and

that was the only news you were able to get.
>

I'm sure we all know that media/press is fourth power (Fourth Estate)
and it's bad when it starts pushing it's own agenda. And it's
actually happening not only with just gaming journalists but everywhere.
It used to be just government which could influence us in bad ways,
but now, media have such power that it can also influence our life.
If you won't be careful, you can easily fall for this. For example
there was published atleast *34* different articles with titles such as
"Gamers are dead" within couple of day span. No, I'm not joking,
you can see list of these articles here http://goo.gl/Uu2QxC
And those articles were published from various gaming and review sites
with more than just a few readers (well, now fewer :D) and in such short
timespan that there's no much doubt it was coordinated and that they
know each other somewhat and are trying to push same views.
But this is not, how you should treat your audience.
I'm a gamer, I enjoy gaming, but it's such a diverse group that you
can't really tell anything about them individually. Only thing that's
common is that they all love to play games and are interested in them.

Anyway GamerGate is really complex issue and it's not only
about journalism. My suggestion would be, look here
http://www.historyofgamergate.com/volume-1.html for full story.
And note, that, it's not only gamers who support GamerGate, but
also game developers, including females (see #NotYourShield).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 7006 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141027/6b700327/attachment.txt>

From cathalgarvey at cathalgarvey.me  Mon Oct 27 03:11:09 2014
From: cathalgarvey at cathalgarvey.me (Cathal Garvey)
Date: Mon, 27 Oct 2014 10:11:09 +0000
Subject: GamerGate
In-Reply-To: <45ac353359f0ad85f3a792faa499faba@cryptolab.net>
References: <CAB4-RpLRCYfcSD+Tp6bV9RCSxvLTDv8M_Y01Gtb=2MTV3-yObw@mail.gmail.com>
 <E1XiMu9-0006nZ-HY@elasmtp-mealy.atl.sa.earthlink.net>
 <CAOE4rSwfdajJbMWEa=UKa-M8-cbahs1S=C5yVnc=_cHcUtHQaQ@mail.gmail.com>
 <45ac353359f0ad85f3a792faa499faba@cryptolab.net>
Message-ID: <544E1A3D.8040000@cathalgarvey.me>

 >    Targeting female indie developers is complete weaksauce.  And the
 > fact that this comprises the vast majority of #GamerGate's "activism"
 > proves the allegation that it's filled with whiny man-babies.

Not only man-babies, but principally man-babies.

 >> And note, that, it's not only gamers who support GamerGate, but
 >> also game developers, including females (see #NotYourShield).
 >
 >    You know what I *don't* care about?  People I don't know who
 > supposedly shagged other people I don't know.

Boom.

So, a 'movement' that claims to want "journalistic integrity", which 
absent press censorship means "self regulation", can't be bothered 
policing its own ranks to stop misogynistic slander and death-threats. 
How many "Gamergaters" spend time chasing others for doxxing, 
threatening and slandering women in technology? As many as actually take 
part in these acts? I doubt it, and I see no evidence of such 
self-policing at a meaningful scale.

I'm sure there are honest, decent people using the "Gamergate" flag to 
call for something-something, but the fact that they're using that flag 
after it's been so thoroughly dragged through the muck *by other 
gamergaters* shows that they are content to accept misogyny in exchange 
for trending status on Twitter, rather than forking what's become more 
of a *bowel* movement into something with a measure of the integrity 
they claim to demand of others.

As often, Chris Straub summed it up well (Warning: Allegory):
http://chainsawsuit.com/comic/2014/10/15/the-perfect-crime/


On 27/10/14 02:48, Griffin Boyce wrote:
> Dāvis Mosāns wrote:
>> Anyway GamerGate is really complex issue and it's not only
>> about journalism. My suggestion would be, look here
>
>    If gamergaters spent half as much time trying to fix systemic
> problems that they claim to care about as they do correcting
> "misconceptions" about gamergate, I *might* start to take them seriously.
>
>    Want to fix games journalism?  Why not start with the large
> corporations that bribe their way into getting good reviews at large
> publications that lead to millions of dollars in sales.  Target EA, who
> just this week went to court to defend against a class-action lawsuit
> filed by gamers.  While the court found in their favor, they *also*
> determined that the statements put out by EA were "puffery" and did not
> reflect reality.  How will this impact the industry going forward?  Does
> #GamerGate bother having an opinion on this?
>
>    Targeting female indie developers is complete weaksauce.  And the
> fact that this comprises the vast majority of #GamerGate's "activism"
> proves the allegation that it's filled with whiny man-babies.
>
>> And note, that, it's not only gamers who support GamerGate, but
>> also game developers, including females (see #NotYourShield).
>
>    You know what I *don't* care about?  People I don't know who
> supposedly shagged other people I don't know.  No one whose opinion
> matters cares about this hypothetical scandal.  It's all a
> pseudo-intellectual circlejerk.
>
>    You either care about journalistic ethics enough to target large
> corporations and key players, or you're just fucking around.  Seriously.
>   This is as true for you (yes, you personally) as it is for the #NSA
> #GCHQ crowd.
>
> ~Griffin
>
>




From adi at hexapodia.org  Mon Oct 27 14:14:27 2014
From: adi at hexapodia.org (Andy Isaacson)
Date: Mon, 27 Oct 2014 14:14:27 -0700
Subject: CITIZENFOUR
In-Reply-To: <544C5587.10700@pilobilus.net>
References: <mailman.22.1414280251.1806.cypherpunks@cpunks.org>
 <544C5587.10700@pilobilus.net>
Message-ID: <20141027211427.GO9491@hexapodia.org>

On Sat, Oct 25, 2014 at 09:59:35PM -0400, Steve Kinney wrote:
> In my mind the sudden appearance of that momentarily almost-famous
> "pole dancer girlfriend" of Snowden's is of a piece with the rest
> of The Snowden Affair:  It raises more questions than it answers,
> and adds more reasons to suspect a double game.

Whut.

> Did the "pole dancer girlfriend" ever exist, and is that really
> her?  I will assume so, for the sake of a fun story.  What are the
> odds that she has travelled more than one mile in any direction
> since Ed went walkabout, without that motion being logged for
> analysis by a consortium of TLAs?  Other than "she has always
> worked for us and is still passing polygraph exams," how could her
> bona fides as a person of no interest be so confidently endorsed
> by the public servants who let her walk away?

You know, the people who are involved in these stories are actually
humans, with real lives, families, and friendships.  If you watched
CITIZENFOUR without realizing that, I am terribly sorry for your
inability to releate to others on a human level, and I'd recommend that
you talk to someone with a more mainstream level of emotional
intelligence about these issues.

While Snowden is the object of significant official pressure, the rule
of law is still respected at least occasionally in the USA, and Lindsay
is not accused of any crimes.  There's no reason to suppose that she
would be prevented by USG from traveling, and any such restriction would
be front-page news.  (I'm not disputing that surreptitious tracking of
her and others is quite likely to be occurring, of course!)

Your insinuation that Snowden could not have had a girlfriend before his
trip to Hong Kong is baffling and inexplicable; he was leading a
perfectly normal life for someone in his position.  Both social and
economic documentation of their relationship exists.

(And your bringing up of her hobbies in this context seems to betray a
kind of naiive mistrust on your part; a majority of my friends who are
atheletic and in the 25-35 age bracket have tried out pole or other
circus arts.  It's fun!)

-andy




From grarpamp at gmail.com  Mon Oct 27 12:19:20 2014
From: grarpamp at gmail.com (grarpamp)
Date: Mon, 27 Oct 2014 15:19:20 -0400
Subject: CITIZENFOUR
In-Reply-To: <E1Xhkaq-00035l-2X@elasmtp-scoter.atl.sa.earthlink.net>
References: <CADJYzxL0-5oq9vmFe45YUbF_cYcBkUsxm+kdSNi0c6FvPBU6Ww@mail.gmail.com>
 <E1Xhkaq-00035l-2X@elasmtp-scoter.atl.sa.earthlink.net>
Message-ID: <CAD2Ti2-OV-P8Lt8ePrVC_ys2UUkMQhfXc1uxuoNATwvVhnqeaw@mail.gmail.com>

On Fri, Oct 24, 2014 at 3:32 PM, John Young <jya at pipeline.com> wrote:
> Greenwald's mercenary greed is why only 97% of Snowden docs
> have been released.

There is difference between who has held the entire cache in their
own hands, versus who has been given [or just access to] select
documents.

It seems reasonable to presume Greenwald has a copy of the entire cache.
But such statement is far from clear as applied to the rest of the names...
Poitras, MacAskill, Appelbaum, Schneier, Green, couriers, in custody of
outlets, etc.
Same for if Snowden himself retained his own copies, whether in
person, or stashed in safe places. In games, you cannot accept
statements by such parties about who has what or does what as
always true, especially by the main actor[s]. Regardless of how
true any statements on other topics may be.

Before those questions may be answered the world may need to wait
for Snowden's own legal status to be resolves.. such as permanent
Russian or other citizenship and shield from remote US prosecution,
or return to US and resolution of process there.

What can be said is that there *appears* to be a very large
cache from which rather few docs have been released. Given
that most of what has been out is not truly damaging or earth
shattering, but merely embarrasing and key confirmatory of
suspicions... games of releasing just a few is disapointing,
and the pace is falling off. Maybe that is just waiting for
US election cycles and various moments now.




From grarpamp at gmail.com  Mon Oct 27 12:58:56 2014
From: grarpamp at gmail.com (grarpamp)
Date: Mon, 27 Oct 2014 15:58:56 -0400
Subject: =?UTF-8?Q?Re=3A_=5Btor=2Dtalk=5D_Bitcoin_over_Tor_isn=E2=80=99t_a_good_idea_?=
 =?UTF-8?Q?=28Alex_Biryukov_=2F_Ivan_Pustogarov_story=29?=
In-Reply-To: <20141024103527.fd3ac8eff8862bf101b45d95@mega-nerd.com>
References: <20141023191048.17a50660@meilong>
 <20141023232921.GF21428@torproject.org>
 <20141024103527.fd3ac8eff8862bf101b45d95@mega-nerd.com>
Message-ID: <CAD2Ti2_QWc1Xq+uTvmurFLqjLVsSACMYYDzTAs7zk5SWyQE7Cw@mail.gmail.com>

On Thu, Oct 23, 2014 at 7:35 PM, Erik de Castro Lopo
<mle+tools at mega-nerd.com> wrote:

http://arxiv.org/pdf/1410.6079v1.pdf

> Could this situation be improved if people ran limited exit nodes that only
> alloed the bitcoin p2p protocol to exit? I for one don't have enough

There are about ten exit nodes that do only this today.
[One of which is run by Mike Hearn who has advocated building in
censorship capabilities to Tor, and blocking (historically) tainted coins
(such as you have now or might receive through otherwise completely
innocent transactions with you, or from your own trans/mixing with
others).]

Then there is question if your client will select such 'only *coin' nodes
versus those with high bandwidth and open exit policies.

There are also a fair number of hidden services in Tor/I2P/CJDNS
that act as bitcoin nodes.

As related tangent, yes, the bitcoin protocol needs to be encrypted
on the wire, at least bitcoin node to bitcoin node with TLS, obviously
and urgently so, particularly if you wish to guard your trans from
wire listeners.

You might be best to in fact run bitcoin always and entirely over Tor,
especially while transacting.
But then also routinely compare that received blockchain to one
you receive via alternate/trusted sources, such as clearnet or signed
bittorrent checkpoints.




From grarpamp at gmail.com  Mon Oct 27 15:38:24 2014
From: grarpamp at gmail.com (grarpamp)
Date: Mon, 27 Oct 2014 18:38:24 -0400
Subject: Of Sealand, corp, and country [was: nation-state]
In-Reply-To: <CAHWD2rL1D3xqT7qgCanPAodoz_-zaJyqBnFr0oXqqoe_d3jU4g@mail.gmail.com>
References: <CAD2Ti2_qK1qP_oPOit++uwmaGpyiQFjhk5zkT_+Vgri05LZg=g@mail.gmail.com>
 <CAHWD2rL1D3xqT7qgCanPAodoz_-zaJyqBnFr0oXqqoe_d3jU4g@mail.gmail.com>
Message-ID: <CAD2Ti2_+cN4AeAiZ0CmT-zC3unRPGZpWa1_n9-c+EUPS=7bP=Q@mail.gmail.com>

On Tue, Oct 21, 2014 at 6:57 AM, Lodewijk andré de la porte
<l at odewijk.nl> wrote:
> On Oct 20, 2014 3:03 AM, "grarpamp" <grarpamp at gmail.com> wrote:
>> On Sun, Oct 19, 2014 at 5:43 PM, Alfie John <alfiej at fastmail.fm> wrote:
>> >
>> > Although not a multinational, The Pirate Bay did try to buy Sealand.
>>
>> Sealand is only as unique as the price Bates wants (it's also probably
>> structurally unsound after taking an ocean beating for 70yrs)...
>> How much would it cost to build, float and sink your own concrete silo?
>> Who's researching locations of low depth found beyond 3-12+nm/EEZ
>> in international waters?
>> How does this cost compare to building your own acres of floating
>> pontoon, barge, boat, or raft?
>> And who sayeth hoisting your flag does not make you a country be?
>
> The UN has demands on what makes a nation. It requires land.

Is not the aim to demonstrate that by hoisting your flag wherever
that you challenge that definition and fuxor their plans? At least
to the extent that you force them to hypocritically behave in an
unfair or ungentlemanly manner against you, or declare war on you.
All of which serves to support your legitimacy. After all, if you
are 'not' a 'something' as they say, then they would have no such
interest in you at all.

> I'm not sure if
> Sealand qualifies, but I think it's overhyped.

It itself is overhyped in media (RedBull), but the idea of challenge
and independance it represents is buried as too troublesome to
publish lest people get ideas.

> There's plenty of island nations, why not buy one of them? If you agree to
> donate shares to the government they might be all ears.

It's not a purchase if you leave rights to the existing govt. That's called
a lease. Leasees always lose in the end. Look at Hong Kong.

> You could band together with some other corporations if you don't have the
> capital/value.

Dilutes your interests.

> Have to wonder what's the point though. Save tax? ... Liberty?

Independance, set your own rules, the ability to generally say fuck off
and deal with whoever you wish to deal with however. aka: DPRK,
Venezuela, Iran, China, Cuba. It's not supposed to be easy.

Being so closely tied to Britain, Sealand is probably not nearly as clear
a situation as floating a square kilometer platform hundreds of km from
any coast with many countries would be. Say off northern SouthAm,
southeast Asia, west Africa.




From griffin at cryptolab.net  Mon Oct 27 16:51:18 2014
From: griffin at cryptolab.net (Griffin Boyce)
Date: Mon, 27 Oct 2014 19:51:18 -0400
Subject: GamerGate (because censorship is dumb)
In-Reply-To: <CAOE4rSwbGqh+XMXY=55GVa_4U95F58sXtQkcuHuHYnGkR1R=vg@mail.gmail.com>
References: <CAB4-RpLRCYfcSD+Tp6bV9RCSxvLTDv8M_Y01Gtb=2MTV3-yObw@mail.gmail.com>
 <E1XiMu9-0006nZ-HY@elasmtp-mealy.atl.sa.earthlink.net>
 <CAOE4rSwfdajJbMWEa=UKa-M8-cbahs1S=C5yVnc=_cHcUtHQaQ@mail.gmail.com>
 <45ac353359f0ad85f3a792faa499faba@cryptolab.net>
 <CAOE4rSwbGqh+XMXY=55GVa_4U95F58sXtQkcuHuHYnGkR1R=vg@mail.gmail.com>
Message-ID: <1a3afa12b6a0da5c252c12e213fc1244@cryptolab.net>

Dāvis Mosāns wrote:
> GamerGate is not about that, you've read too much into some
> propaganda. I know only single such case about 1 game. And I haven't
> seen any harassers admitting that they do it for GamerGate or
> journalism, but IMO they're just trolls who like to use this
> opportunity. They like publicity (even if it's bad) and that's what
> they're getting. I'm not sure if you can imagine this mindset, but I
> can't deny that it must be exciting to read news story about death
> threats you wrote. It actually encourages to do it again. There's well
> know internet Rule 14 "Do not argue with trolls — it means that they
> win." so as usual - Don't feed the trolls.

   First of all, it is never *ever* someone's fault when random internet 
creeps stalk and harass them.  If continuing to have an opinion and be 
in an industry is "feeding the trolls" then you should seriously 
consider changing your views on the subject.

As for the rest, I'd like to quote Meredith Patterson:

"A person was cruelly emotionally abused. That person called out their 
abuser, and in overwhelming majority, a community which claims as one of 
its defining characteristics an opposition to gaslighting, siloing and 
all other forms of abuse rallied around the *perpetrator*.  Why did that 
happen?"

   By Newsweek's count, Brianna Wu and Anita Sarkeesian got nearly 80'000 
twitter comments in response to their views on GamerGate itself.  Eighty 
thousand -- that's more than all journalists and news outlets combined 
(including Kotaku).  Tell me this isn't about the ongoing harassment of 
women who have an opinion.  I don't watch AS's videos and find her 
conclusions to be quite thin at times.  Doesn't matter -- she has the 
fundamental right to voice an opinion.

   My favorite part of this whole gamergate shitstorm was when Marcia 
Hofmann pointed out inconsistencies and someone immediately said that it 
was the game devs' faults for having opinions.  They said it 
non-jokingly and completely without irony.  The underlying message is: 
"Censor yourself or be prepared to go into hiding."  That's no way to 
live and I won't support it.

   If you're serious about journalistic ethics, then you should be 
prepared to send letters and form protest around large companies.  If 
0.5% of EA's customers sent emails asking them to change policies or 
correct errors in their sales materials, their policies would change 
very quickly.


> Also if you've some recent examples of
> you're named large gaming corporation wrongdoings then tell them and
> I'll gladly share them with others.

   Well I mentioned EA's case, and that doesn't seem particularly 
thrilling to you.  There was the huge fiasco a few years ago around Kane 
and Lynch, and I would hazard a guess that GameSpot's editorial 
practices haven't changed.

   And if you don't want to be associated with abject harassment, then 
don't hitch your wagon to a cause that harasses people.  Form a group of 
sane people and pick a different hashtag.  I have literally *no* 
sympathy for sane people who aren't willing to use a different hashtag.  
They're sacrificing integrity in order to ride a wave of abjectly shitty 
publicity.

~Griffin

[1] http://chainsawsuit.com/comic/2014/10/15/the-perfect-crime/
[2] https://twitter.com/abditum/status/525624080826122241
[3] 
http://www.newsweek.com/gamergate-about-media-ethics-or-harassing-women-harassment-data-show-279736





From grarpamp at gmail.com  Mon Oct 27 17:11:36 2014
From: grarpamp at gmail.com (grarpamp)
Date: Mon, 27 Oct 2014 20:11:36 -0400
Subject: Will the Earth burn? Events to post-whatever... [was: Sealand]
Message-ID: <CAD2Ti29QxQavuzZ-saEdXit67fsYZ-EMyV3VyLN=x_sm7crZAw@mail.gmail.com>

On Fri, Oct 24, 2014 at 10:03 AM, Cathal Garvey:
> Will the earth burn? No, that's an unlikely outcome. Venus is Venus because
> it never developed life. Will the Earth burn *us*? Maybe. Totally plausible
> possibility, though still unlikely. Will the Earth burn the ecosystems that
> civilisation (rather than humanity, per se) depends on? At this rate,
> probably.

None of the above. As rate of population, resource consumption and
toxification is faster than restoration, and war is still easier in DNA
than cooperation... humanity will burn the ecosystems humanity
depends on, or burn itself. And likely far sooner than the Earth
gets around to the next of any of its own human belching cycles [1].

[1] You know, on the scale of 10k to millions of years or more...
http://en.wikipedia.org/wiki/Ice_age
http://en.wikipedia.org/wiki/Supervolcano
http://en.wikipedia.org/wiki/Extinction_event
http://en.wikipedia.org/wiki/Impact_event
http://en.wikipedia.org/wiki/Global_catastrophic_risks

> We have fallbacks; go all-in on solar & nuclear for energy and biotech for
> efficient, lower impact food/med production, and use nuclear/biotech to cook
> up some hyperefficient carbon-capture system to try and roll back as much as
> we can.

All mere delay tactics without fixing this and other things to
replacement-rate first...
http://en.wikipedia.org/wiki/Population_growth

> Anyways, just to say doom and gloom is rarely useful, but ostrich-heads are
> worse than useless.

Rarely useful? But it's so much gnarly fun ;)
http://en.wikipedia.org/wiki/End_time#See_also
http://en.wikipedia.org/wiki/Future_of_the_Earth#See_also

> As to on/off topic-ness, it's off topic. But this list has seen people
> bitching about who is and isn't a real native American, so I find this at
> least engaging and interesting.

cpunks are offtopic, engaging and interesting.

> On 24/10/14 14:40, dan at geer.org wrote:
>> is reasonable to imagine that some excursions have a phase
>> where the feedback is positive and thus if the temp heads
>> either north or south its velociity will, for natural reasons,
>> accelerate as the excursion grows more extreme.  That implies
>> that the present time is an unstable equilibrium, thus our
>> imapct, whatever it is, seems likely to be an initiator or
>> a potentiator but not a cause in the classical sense of,
>> say, a dose-response curve.
>>
>> Put differently, I don't believe that we (humans) can push
>> the climate to a place it has not been before, but we can
>> change the clock.

The only clock that matters is the time till you're off the rock.
http://en.wikipedia.org/wiki/Interstellar_travel
http://en.wikipedia.org/wiki/Warp_drive#External_links
http://en.wikipedia.org/wiki/Potential_cultural_impact_of_extraterrestrial_contact

Yes, I'm a whore, beam me up some btc:
1NE2jK3emijdBf9jhtjMadRH9MJiCzo61L




From grarpamp at gmail.com  Mon Oct 27 17:19:47 2014
From: grarpamp at gmail.com (grarpamp)
Date: Mon, 27 Oct 2014 20:19:47 -0400
Subject: Of Sealand, corp, and country [was: nation-state]
In-Reply-To: <17c8d42b765974002bcef8b791993265@riseup.net>
References: <17c8d42b765974002bcef8b791993265@riseup.net>
Message-ID: <CAD2Ti284pTLJ2_voD0_sBLue6rj5xRBmjNocxfQKN780Gpdmvw@mail.gmail.com>

On Sat, Oct 25, 2014 at 6:30 AM, Nicolas Bourbaki
<nicolasbourbaki at riseup.net> wrote:
> Seasteading or island steading is a backward direction. Not because
> it is not a good idea but because the nations people involved are
> looking to build are no better than the ones they are looking to
> leave.

Such new steadings are not backward, but are instead new
opportunities to create and refine from blank slate to see what
works. Although yes, the majority of outcomes from that are likely
to be roughly similar to themselves and to what came before.
Raise your own flag.




From grarpamp at gmail.com  Mon Oct 27 19:34:38 2014
From: grarpamp at gmail.com (grarpamp)
Date: Mon, 27 Oct 2014 22:34:38 -0400
Subject: CITIZENFOUR (of Pole Dancer Girlfriends etc.)
In-Reply-To: <544EF092.7090903@pilobilus.net>
References: <mailman.25.1414457004.1806.cypherpunks@cpunks.org>
 <544EF092.7090903@pilobilus.net>
Message-ID: <CAD2Ti2--rhJgzOe44T5YHMy3X02cz4jP90OXDYqO4sRVRKQTYQ@mail.gmail.com>

On Mon, Oct 27, 2014 at 9:25 PM, Steve Kinney <admin at pilobilus.net> wrote:
> the first corroborating evidence that this
> person ever existed.

The internet archived some photographic prehistory,
and families/friends have made a few post statements.

>  Now she appears as the most influential
> person in Ed's life during the time frame when he decided to
> abandon his entire way of life and become a fugitive facing life
> in prison for the sake of a Holy Quest.

> Questioning whether Ed Snowden was really a free agent, vs. an
> unwitting agent exploited by a U.S. (or other) intelligence
> operation, is obviously out of bounds.  So that's what I do.

No, your questioning is perfectly valid. Those who simply don't ask
or investigate questions, or fail to report answers... may in fact
wind up missing something.

In the spy/secrets game, sex, cash, travel and so on are powerful
and common tools of the trade.

She could easily be an agent (if so, why would USA let that go
silent), or even just a rat designed to troll out and capture NSA's
weak links (if so, it seems to have gone very wrong, and would also
not warrant silence).

For that matter, the documents themselves should be questioned and
verified independantly. Such as trolling through AT&T's trash,
digging up cable taps, listening to CEO's outing and trashing their
secret relationships with TLA's, and more leakers standing up now
that they see how to do it [better]. (Note, as far as deep verification
goes, there's actually not much on the record, and that's a problem.)

Do most people believe these things, no, in part because good
journalism is still generally backing up the known pre and post
history. But these and other propositions are valid questions that
must always be considered.

> http://globalresearch.ca/nsa-deception-operation-questions-surround-leaked-prism-documents-authenticity/5338673
> Is it possible that the PRISM leak was intended to mislead the American people into dramatically under-estimating the real domestic surveillance capabilities of our National Security Agency? You might well think so, but this reporter could not possibly comment.




From davispuh at gmail.com  Mon Oct 27 15:49:29 2014
From: davispuh at gmail.com (=?UTF-8?B?RMSBdmlzIE1vc8SBbnM=?=)
Date: Tue, 28 Oct 2014 00:49:29 +0200
Subject: GamerGate
In-Reply-To: <45ac353359f0ad85f3a792faa499faba@cryptolab.net>
References: <CAB4-RpLRCYfcSD+Tp6bV9RCSxvLTDv8M_Y01Gtb=2MTV3-yObw@mail.gmail.com>
 <E1XiMu9-0006nZ-HY@elasmtp-mealy.atl.sa.earthlink.net>
 <CAOE4rSwfdajJbMWEa=UKa-M8-cbahs1S=C5yVnc=_cHcUtHQaQ@mail.gmail.com>
 <45ac353359f0ad85f3a792faa499faba@cryptolab.net>
Message-ID: <CAOE4rSwbGqh+XMXY=55GVa_4U95F58sXtQkcuHuHYnGkR1R=vg@mail.gmail.com>

2014-10-27 4:48 GMT+02:00 Griffin Boyce <griffin at cryptolab.net>:

> Dāvis Mosāns wrote:
>
>> Anyway GamerGate is really complex issue and it's not only
>> about journalism. My suggestion would be, look here
>>
>
>   If gamergaters spent half as much time trying to fix systemic problems
> that they claim to care about as they do correcting "misconceptions" about
> gamergate, I *might* start to take them seriously.
>
>   Want to fix games journalism?  Why not start with the large corporations
> that bribe their way into getting good reviews at large publications that
> lead to millions of dollars in sales.  Target EA, who just this week went
> to court to defend against a class-action lawsuit filed by gamers.  While
> the court found in their favor, they *also* determined that the statements
> put out by EA were "puffery" and did not reflect reality.  How will this
> impact the industry going forward?  Does #GamerGate bother having an
> opinion on this?
>
>
I don't really see how anything could be fixed or like what steps gamers
should take to fix it? Also I haven't seen any bribing accusations and if
someone would have a proof, I'm sure there would huge backslash and
probably lawsuit. Of course gamers know that EA is 2nd worst game company,
right after Ubisoft, but there's nothing really changeable about it as a
lot of people still buy their games and will continue to do so, because
they've some good games and others just don't care about it. Anyway people
talk most about what other's share and talk about so that's exactly why
there's nothing much about anything else, people just don't talk about it.
So you really need some controversially otherwise that story won't be
talked about, because there's nothing more to say than - "that's bad".


>   Targeting female indie developers is complete weaksauce.  And the fact
> that this comprises the vast majority of #GamerGate's "activism" proves the
> allegation that it's filled with whiny man-babies.
>
> GamerGate is not about that, you've read too much into some propaganda. I
know only single such case about 1 game. And I haven't seen any harassers
admitting that they do it for GamerGate or journalism, but IMO they're just
trolls who like to use this opportunity. They like publicity (even if it's
bad) and that's what they're getting. I'm not sure if you can imagine this
mindset, but I can't deny that it must be exciting to read news story about
death threats you wrote. It actually encourages to do it again. There's
well know internet Rule 14 "Do not argue with trolls — it means that they
win." so as usual - Don't feed the trolls.


>  And note, that, it's not only gamers who support GamerGate, but
>> also game developers, including females (see #NotYourShield).
>>
>
>   You know what I *don't* care about?  People I don't know who supposedly
> shagged other people I don't know.  No one whose opinion matters cares
> about this hypothetical scandal.  It's all a pseudo-intellectual circlejerk.
>
>   You either care about journalistic ethics enough to target large
> corporations and key players, or you're just fucking around.  Seriously.
> This is as true for you (yes, you personally) as it is for the #NSA #GCHQ
> crowd.
>
> I don't really care either, but look at this thread, we're still here
writing our opinions about it. Also if you've some recent examples of
you're named large gaming corporation wrongdoings then tell them and I'll
gladly share them with others.


2014-10-27 12:11 GMT+02:00 Cathal Garvey <cathalgarvey at cathalgarvey.me>:

>
> So, a 'movement' that claims to want "journalistic integrity", which
> absent press censorship means "self regulation", can't be bothered policing
> its own ranks to stop misogynistic slander and death-threats. How many
> "Gamergaters" spend time chasing others for doxxing, threatening and
> slandering women in technology? As many as actually take part in these
> acts? I doubt it, and I see no evidence of such self-policing at a
> meaningful scale.
>
> like that would be possible. GamerGate is anonymous, leaderless movement
without precisely defined goal and means how to acquire it. It's somewhat
similar to Anonymous. Also why anti-GamerGate people can't be bothered
policing their own ranks? There are a lot of examples how they harass
GamerGate supporters, eg.
https://twitter.com/QueenyMartha/status/522531549393076224 and for a lot
more look http://gamergateharassment.tumblr.com/  Like I said, trolls are
everywhere. And actually you're wrong about this, there are so called
"#GamerGate Harassment Patrol" where they report any harassment they see,
look at this
http://www.breitbart.com/Big-Hollywood/2014/10/25/While-the-Media-Slanders-Gamers-as-Terrorists-GamerGate-Is-Hunting-Trolls-and-Abusers
while anti-GamerGate just keep claiming how misogynistic GamerGate is
without doing anything else. To be honest, I don't see their point at all.
Let's assume that GamerGate indeed is all misogynists and so what? It's not
like anything will change because some feminists are offended.



> I'm sure there are honest, decent people using the "Gamergate" flag to
> call for something-something, but the fact that they're using that flag
> after it's been so thoroughly dragged through the muck *by other
> gamergaters* shows that they are content to accept misogyny in exchange for
> trending status on Twitter, rather than forking what's become more of a
> *bowel* movement into something with a measure of the integrity they claim
> to demand of others.
>
>  It was media and new stories who smeared it all and they are not
admitting that they made mistake by presenting it as just a hate movement,
if that would be case, it would have ended a long time ago. Also about
accepting misogyny - I just don't see it. Some people have concentrated on
that so much that they don't see anything else.


Anyway I've too different opinion about this and IMO this discussion is
pointless timewaste. I would even say it could be classified as spam for
this list as I don't really see what's here related to Cyberpunk.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 8190 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141028/090185cd/attachment.txt>

From rysiek at hackerspace.pl  Mon Oct 27 17:42:51 2014
From: rysiek at hackerspace.pl (rysiek)
Date: Tue, 28 Oct 2014 01:42:51 +0100
Subject: GamerGate (because censorship is dumb)
In-Reply-To: <1a3afa12b6a0da5c252c12e213fc1244@cryptolab.net>
References: <CAB4-RpLRCYfcSD+Tp6bV9RCSxvLTDv8M_Y01Gtb=2MTV3-yObw@mail.gmail.com>
 <CAOE4rSwbGqh+XMXY=55GVa_4U95F58sXtQkcuHuHYnGkR1R=vg@mail.gmail.com>
 <1a3afa12b6a0da5c252c12e213fc1244@cryptolab.net>
Message-ID: <1640895.BsLLxZQ82P@lapuntu>

Dnia poniedziałek, 27 października 2014 19:51:18 Griffin Boyce pisze:
> Dāvis Mosāns wrote:
> > GamerGate is not about that, you've read too much into some
> > propaganda. I know only single such case about 1 game. And I haven't
> > seen any harassers admitting that they do it for GamerGate or
> > journalism, but IMO they're just trolls who like to use this
> > opportunity. They like publicity (even if it's bad) and that's what
> > they're getting. I'm not sure if you can imagine this mindset, but I
> > can't deny that it must be exciting to read news story about death
> > threats you wrote. It actually encourages to do it again. There's well
> > know internet Rule 14 "Do not argue with trolls — it means that they
> > win." so as usual - Don't feed the trolls.
> 
>    First of all, it is never *ever* someone's fault when random internet
> creeps stalk and harass them.  If continuing to have an opinion and be
> in an industry is "feeding the trolls" then you should seriously
> consider changing your views on the subject.
> 
> As for the rest, I'd like to quote Meredith Patterson:
> 
> "A person was cruelly emotionally abused. That person called out their
> abuser, and in overwhelming majority, a community which claims as one of
> its defining characteristics an opposition to gaslighting, siloing and
> all other forms of abuse rallied around the *perpetrator*.  Why did that
> happen?"
> 
>    By Newsweek's count, Brianna Wu and Anita Sarkeesian got nearly 80'000
> twitter comments in response to their views on GamerGate itself.  Eighty
> thousand -- that's more than all journalists and news outlets combined
> (including Kotaku).  Tell me this isn't about the ongoing harassment of
> women who have an opinion.  I don't watch AS's videos and find her
> conclusions to be quite thin at times.  Doesn't matter -- she has the
> fundamental right to voice an opinion.

Also, this:
http://hackthepatriarchy.tumblr.com/post/101088838567/egalitariste-pepperonideluxe-a-comic-about

-- 
Pozdr
rysiek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 411 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141028/2c8d5ca2/attachment.sig>

From odinn.cyberguerrilla at riseup.net  Mon Oct 27 19:59:36 2014
From: odinn.cyberguerrilla at riseup.net (odinn)
Date: Tue, 28 Oct 2014 02:59:36 +0000
Subject: [tor-talk] Bitcoin over Tor =?UTF-8?B?aXNu4oCZdCBhIGdvb2QgaWQ=?=
 =?UTF-8?B?ZWEgKEFsZXggQmlyeXVrb3YgLyBJdmFuIFB1c3RvZ2Fyb3Ygc3Rvcnkp?=
In-Reply-To: <CAD2Ti2_QWc1Xq+uTvmurFLqjLVsSACMYYDzTAs7zk5SWyQE7Cw@mail.gmail.com>
References: <20141023191048.17a50660@meilong>
 <20141023232921.GF21428@torproject.org>
 <20141024103527.fd3ac8eff8862bf101b45d95@mega-nerd.com>
 <CAD2Ti2_QWc1Xq+uTvmurFLqjLVsSACMYYDzTAs7zk5SWyQE7Cw@mail.gmail.com>
Message-ID: <544F0698.4090207@riseup.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

My feelings on this are as follows:

Most users of bitcoin who also use Tor can be readily deanonymized as
it exists today:
http://arxiv.org/pdf/1405.7418.pdf

Bitcoin users should (at least) consider not using Tor, and/or taking
additional privacy measures, for some other reasons that have been
covered in a different paper:
http://arxiv.org/abs/1410.6079

Most users of bitcoin are not capable of preventing any identities
they use from being correlated with their bitcoin use.  This was
described at FinCrypto14 by authors of BitIodine:
http://fc14.ifca.ai/papers/fc14_submission_11.pdf

The bitcoin protocol fingerprint is obvious even over encrypted Tor.
Yet, for most people, the only way they have of masking their location
while using bitcoin, is to use Tor with it.  This puts users in a
terrible bind, because as the authors of the papers above have clearly
ascertained, as bitcoin exists today, and as Tor currently exists, the
option is definitely not ideal.

Should bitcoin protocol be "encrypted on the wire?"  Sure.  But this
does not address the deficiencies and problems with the protocol as it
exists presently.  There is no option for anonymity (in bitcoin), and
the best advice would be to move all bitcoin resources away from web
wallets and bitcoin web-based services (none of which implement
complete zero knowledge protocols, and all of which know quite a bit
about their users).  Move your resources away from any web-based
wallets and any web-based exchanges, and move them to wallets such as
Electrum (which will soon have support for stealth, and can be
enhanced with a plugin mixer), or to Armory (which includes multisig
support), and then mix them and move them again back to yourself until
your coins' 'path' and history is at least somewhat obscured.

"Abandon hope, all ye who enter into web-based wallets and exchanges"

TISA, FATCA, and FinCen are examples of what we knew would happen (yet
even with this understanding, the developers of bitcoin based
businesses stuck their heads in the sand and huddled in support of
regulatory elements which are part of the Windhover proposals to
regulate decentralized identity, even when the Russian Federation came
out with its ban proposals - nor did they take any efforts to protect
the users through full zero knowledge configuration(s) of their
servers).  Basically, web-based businesses had the time and
opportunity to pursue server design that would keep them from knowing
anything about their users, but they did not do it as the convenience
of getting customers onboard took a higher priority than privacy or
anonymity considerations. Zerocash (an improvement over the original
zerocoin proposals, zerocash is designed [unlike bitcoin] to provide
strong anonymity at the core of its functionality), would treat
bitcoin and other currencies as 'base coins.'  Thus you could (once
zerocash is available) migrate from bitcoin to zerocash and thus
anonymize any further activity, or not, entirely at your option.

Until Zerocash is released (anticipated to occur sometime close to the
end of 2014, or possibly early 2015), the wisest course of action
might be to convert (though not on the web based exchanges, as you
should now be using decentralized exchanges) a substantial portion (if
not all) of one's bitcoin into cryptosystems which are actually
designed to allow user-specified anonymity (and which have had
favorable review from bitcoin developers).  One such example is
bytecoin.org - a.k.a. BCN, not to be mistaken for the bitcoin knockoff
also known as bytecoin.

Some resources to help those who are examining this more in detail:
On Decentralized Exchange systems (not web-based)
https://odinn.cyberguerrilla.org/index.php/2014/07/13/businesswithoutbanks/

On Bytecoin (bytecoin.org / BCN), sx, OpenBazaar, Zerocash, and
decentralizing / anonymizing finance generally
https://odinn.cyberguerrilla.org/index.php/2014/06/28/decentralizingfinance/

- -Odinn


grarpamp wrote:
> On Thu, Oct 23, 2014 at 7:35 PM, Erik de Castro Lopo 
> <mle+tools at mega-nerd.com> wrote:
> 
> http://arxiv.org/pdf/1410.6079v1.pdf
> 
>> Could this situation be improved if people ran limited exit nodes
>> that only alloed the bitcoin p2p protocol to exit? I for one
>> don't have enough
> 
> There are about ten exit nodes that do only this today. [One of
> which is run by Mike Hearn who has advocated building in censorship
> capabilities to Tor, and blocking (historically) tainted coins 
> (such as you have now or might receive through otherwise
> completely innocent transactions with you, or from your own
> trans/mixing with others).]
> 
> Then there is question if your client will select such 'only *coin'
> nodes versus those with high bandwidth and open exit policies.
> 
> There are also a fair number of hidden services in Tor/I2P/CJDNS 
> that act as bitcoin nodes.
> 
> As related tangent, yes, the bitcoin protocol needs to be
> encrypted on the wire, at least bitcoin node to bitcoin node with
> TLS, obviously and urgently so, particularly if you wish to guard
> your trans from wire listeners.
> 
> You might be best to in fact run bitcoin always and entirely over
> Tor, especially while transacting. But then also routinely compare
> that received blockchain to one you receive via alternate/trusted
> sources, such as clearnet or signed bittorrent checkpoints.
> 

- -- 
http://abis.io ~
"a protocol concept to enable decentralization
and expansion of a giving economy, and a new social good"
https://keybase.io/odinn
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJUTwaXAAoJEGxwq/inSG8CS9AH/3fAXquPqScp66hu1B+8Vu8D
GZUDz597FEEfpWQ1aV4KX7CEjk+YrH0nOAnzk60LmscTW7Mj9anb1hSKAL8KS0sW
VcqVkOdbtT7A082zLTo2A+6qtVOhngQXLP+2mk4tIAQ25Qe0Bgcu8+p5C17lEuNf
7eDgw6PNZ2m29jydCGsz7pElruayIeQrEMhI/Wq5+XxDepLNqxx9m99E82+AOX2V
Jlt3umh/jLisxyWFm3WCpJB8XRtZP8QgPj2qYeBT0WEugw0QrphGAlrup0tFUGGZ
+hmP1OXLolYOgH9Tl18f6feqP+5NlbulBC5Y5FIK3ttFO4cIDX0GVRQdOH8X9ow=
=DJk/
-----END PGP SIGNATURE-----




From odinn.cyberguerrilla at riseup.net  Tue Oct 28 00:45:16 2014
From: odinn.cyberguerrilla at riseup.net (odinn)
Date: Tue, 28 Oct 2014 07:45:16 +0000
Subject: Of Sealand, corp, and country [was: nation-state]
In-Reply-To: <CAD2Ti284pTLJ2_voD0_sBLue6rj5xRBmjNocxfQKN780Gpdmvw@mail.gmail.com>
References: <17c8d42b765974002bcef8b791993265@riseup.net>
 <CAD2Ti284pTLJ2_voD0_sBLue6rj5xRBmjNocxfQKN780Gpdmvw@mail.gmail.com>
Message-ID: <544F498C.2080706@riseup.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

"A society without art has no soul"
https://ephemerisle.github.io/

Voyage of the Libertatia
http://libertatiavoyage.blogspot.com/p/outreach.html

- -Odinn

grarpamp wrote:
> On Sat, Oct 25, 2014 at 6:30 AM, Nicolas Bourbaki 
> <nicolasbourbaki at riseup.net> wrote:
>> Seasteading or island steading is a backward direction. Not
>> because it is not a good idea but because the nations people
>> involved are looking to build are no better than the ones they
>> are looking to leave.
> 
> Such new steadings are not backward, but are instead new 
> opportunities to create and refine from blank slate to see what 
> works. Although yes, the majority of outcomes from that are likely 
> to be roughly similar to themselves and to what came before. Raise
> your own flag.
> 

- -- 
http://abis.io ~
"a protocol concept to enable decentralization
and expansion of a giving economy, and a new social good"
https://keybase.io/odinn
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJUT0mKAAoJEGxwq/inSG8CVCUH/3qezT5bH+2udtl4GbHhGo/d
ucmecW+EboPzCs8/mB41aDqesjRu42KhrFdmwVlpdHFceXNKQzRGZ14aIbruQ84X
yWf9tf9lArDRlO6P76BMEFxlADBQ7ZrMww+FG3UY87K3W5eXsZbIoVRWTG8HMuKP
RQ7XH8N4c2EnflMcBdGYslda1zsrd/0wwo0rRTgxWjPTnp3tCX3I4qFNLPw6OyH1
NZyZAqIhT0sjYLB31HfSpMbV+jTIaIORBzqxjbtEdXyvglz9zVTwvNBbt25pRpJQ
1JanWaHl+Wb2+RbL3eDz5Tjqeh+tGid5jFF25UW8X+mpS5/kuSAqdiVSXvT20vY=
=ZlGF
-----END PGP SIGNATURE-----




From davispuh at gmail.com  Tue Oct 28 11:12:15 2014
From: davispuh at gmail.com (=?UTF-8?B?RMSBdmlzIE1vc8SBbnM=?=)
Date: Tue, 28 Oct 2014 20:12:15 +0200
Subject: GamerGate (because censorship is dumb)
In-Reply-To: <1a3afa12b6a0da5c252c12e213fc1244@cryptolab.net>
References: <CAB4-RpLRCYfcSD+Tp6bV9RCSxvLTDv8M_Y01Gtb=2MTV3-yObw@mail.gmail.com>
 <E1XiMu9-0006nZ-HY@elasmtp-mealy.atl.sa.earthlink.net>
 <CAOE4rSwfdajJbMWEa=UKa-M8-cbahs1S=C5yVnc=_cHcUtHQaQ@mail.gmail.com>
 <45ac353359f0ad85f3a792faa499faba@cryptolab.net>
 <CAOE4rSwbGqh+XMXY=55GVa_4U95F58sXtQkcuHuHYnGkR1R=vg@mail.gmail.com>
 <1a3afa12b6a0da5c252c12e213fc1244@cryptolab.net>
Message-ID: <CAOE4rSwUyjDP2tQhfrEJ8qLO4Hyt2qc_1KZfL+JV3pk9pmKWiA@mail.gmail.com>

2014-10-28 1:51 GMT+02:00 Griffin Boyce <griffin at cryptolab.net>:

> Dāvis Mosāns wrote:
>
>> GamerGate is not about that, you've read too much into some
>> propaganda. I know only single such case about 1 game. And I haven't
>> seen any harassers admitting that they do it for GamerGate or
>> journalism, but IMO they're just trolls who like to use this
>> opportunity. They like publicity (even if it's bad) and that's what
>> they're getting. I'm not sure if you can imagine this mindset, but I
>> can't deny that it must be exciting to read news story about death
>> threats you wrote. It actually encourages to do it again. There's well
>> know internet Rule 14 "Do not argue with trolls — it means that they
>> win." so as usual - Don't feed the trolls.
>>
>
>   First of all, it is never *ever* someone's fault when random internet
> creeps stalk and harass them.  If continuing to have an opinion and be in
> an industry is "feeding the trolls" then you should seriously consider
> changing your views on the subject.
>
> That's not what I said nor meant. Media and those gaming "journalists" are
feeding the trolls, they can't stop writing about how many death threats
and harassers someone have acquired. I understand if it would be just one
time, but they just keep writing about it. They want more views and know
that this will gain them, but in same time it is also increasing amount of
trolls and other haters who participate in it and thus they can write about
it again :D


>   By Newsweek's count, Brianna Wu and Anita Sarkeesian got nearly 80'000
> twitter comments in response to their views on GamerGate itself.  Eighty
> thousand -- that's more than all journalists and news outlets combined
> (including Kotaku).  Tell me this isn't about the ongoing harassment of
> women who have an opinion.  I don't watch AS's videos and find her
> conclusions to be quite thin at times.  Doesn't matter -- she has the
> fundamental right to voice an opinion.
>
> Reason why journalists don't get so many tweets are because it's just not
controversial enough. Only GamerGate supporters care about that. But with
Brianna and Anita everyone talks about it - GamerGate, Anti-GamerGate,
others and trolls. That's why there's way more tweets, because it's back
and forth talk. You provoke one side and get support from other and then
vice-versa. And only small percentage of those tweets are negative. Some
people really can't stand them because of bullshit they say and that have
nothing to do with that they're women, but that other's don't like their
opinion and them as a persons. Amplify this by media coverage. Do you
really think that if this wouldn't have been so publicized, all over media,
that it would still happen? I doubt that, not much people would care if
journalists wouldn't write so much about it. Also I truly believe and could
bet that if we would swap genders, they claiming how misandrists
Gamers/GamerGate are then nothing would be different and probably would get
even more threats. Anyway I fully agree that everyone has right to say
their opinion, no matter who you are. But you can't expect that there won't
be people who won't agree with it or won't get angry over it.
But that's not what GamerGate is about and that's not the problem
(regarding GamerGate), problem is that their opinions are published on a
lot of gaming and news sites. When I'm reading news about latest game
releases or game reviews, I don't want to hear what Anita thinks about
games. But currently large part of gaming sites publish such very
opinionated articles which cover only one side of it - article writers
side. This is also one of GamerGate issues, that gaming sites publish such
trash articles which goes against some gamers beliefs and journalists don't
do any research or ask what's gamers opinion about it.

  And if you don't want to be associated with abject harassment, then don't
> hitch your wagon to a cause that harasses people.  Form a group of sane
> people and pick a different hashtag.  I have literally *no* sympathy for
> sane people who aren't willing to use a different hashtag.  They're
> sacrificing integrity in order to ride a wave of abjectly shitty publicity.
>

Again, GamerGate is not about harassment, it's not a hate movement. I
really suggest everyone interested to read
https://medium.com/@aquapendulum/my-letter-to-jason-schreier-about-gamergate-ethics-f890d357188
it's best article I've read on this topic.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 5629 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141028/ddb920d8/attachment.txt>

From pgut001 at cs.auckland.ac.nz  Tue Oct 28 02:48:50 2014
From: pgut001 at cs.auckland.ac.nz (Peter Gutmann)
Date: Tue, 28 Oct 2014 22:48:50 +1300
Subject: CITIZENFOUR (of Pole Dancer Girlfriends etc.)
In-Reply-To: <544EF092.7090903@pilobilus.net>
Message-ID: <E1Xj3OU-0003zx-NT@login01.fos.auckland.ac.nz>

Steve Kinney <admin at pilobilus.net> writes:

>Questions raised by anomalies and inconsistencies present in the original
>reports of The Snowden Affair and the PRISM documents have not been resolved.

There's an even bigger issue that's also still unresolved:

http://i.imgur.com/Ge1hS.jpg

Clearly a disinformation campaign backed by media interests with vast budgets
and government connections.  As the last frame states:

  Who is this guy?  I didn't vote for him.  What influence he exerts over our
  government.

Peter.




From tedks at riseup.net  Wed Oct 29 08:20:42 2014
From: tedks at riseup.net (Ted Smith)
Date: Wed, 29 Oct 2014 11:20:42 -0400
Subject: GamerGate (because censorship is dumb)
In-Reply-To: <CAOE4rSwUyjDP2tQhfrEJ8qLO4Hyt2qc_1KZfL+JV3pk9pmKWiA@mail.gmail.com>
References: <CAB4-RpLRCYfcSD+Tp6bV9RCSxvLTDv8M_Y01Gtb=2MTV3-yObw@mail.gmail.com>
 <E1XiMu9-0006nZ-HY@elasmtp-mealy.atl.sa.earthlink.net>
 <CAOE4rSwfdajJbMWEa=UKa-M8-cbahs1S=C5yVnc=_cHcUtHQaQ@mail.gmail.com>
 <45ac353359f0ad85f3a792faa499faba@cryptolab.net>
 <CAOE4rSwbGqh+XMXY=55GVa_4U95F58sXtQkcuHuHYnGkR1R=vg@mail.gmail.com>
 <1a3afa12b6a0da5c252c12e213fc1244@cryptolab.net>
 <CAOE4rSwUyjDP2tQhfrEJ8qLO4Hyt2qc_1KZfL+JV3pk9pmKWiA@mail.gmail.com>
Message-ID: <1414596042.2993.22.camel@anglachel>

No matter how many times you say this you will never erase the massive
amount of harassment done in the name of GamerGate.

You are the moderate fringe justifying extremists. You are the Sinn Fein
to their PIRA. 

When one of these extremists inevitably turns violent, the blood will be
on your hands.

On Tue, 2014-10-28 at 20:12 +0200, Dāvis Mosāns wrote:
> Again, GamerGate is not about harassment, it's not a hate movement

-- 
Sent from Ubuntu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141029/e665ed1c/attachment.sig>

From hashem at riseup.net  Wed Oct 29 11:02:29 2014
From: hashem at riseup.net (Hashem Nasarat)
Date: Wed, 29 Oct 2014 14:02:29 -0400
Subject: GamerGate (because censorship is dumb)
In-Reply-To: <CALiz36Oq8KiwNPjMLz8Jkd7XGRHipzKyLKHHrioUKyFsvEeR-Q@mail.gmail.com>
References: <CAB4-RpLRCYfcSD+Tp6bV9RCSxvLTDv8M_Y01Gtb=2MTV3-yObw@mail.gmail.com>
 <E1XiMu9-0006nZ-HY@elasmtp-mealy.atl.sa.earthlink.net>
 <CAOE4rSwfdajJbMWEa=UKa-M8-cbahs1S=C5yVnc=_cHcUtHQaQ@mail.gmail.com>
 <45ac353359f0ad85f3a792faa499faba@cryptolab.net>
 <CAOE4rSwbGqh+XMXY=55GVa_4U95F58sXtQkcuHuHYnGkR1R=vg@mail.gmail.com>
 <1a3afa12b6a0da5c252c12e213fc1244@cryptolab.net>
 <CAOE4rSwUyjDP2tQhfrEJ8qLO4Hyt2qc_1KZfL+JV3pk9pmKWiA@mail.gmail.com>
 <1414596042.2993.22.camel@anglachel>
 <CALiz36Oq8KiwNPjMLz8Jkd7XGRHipzKyLKHHrioUKyFsvEeR-Q@mail.gmail.com>
Message-ID: <54512BB5.1080902@riseup.net>



On 10/29/2014 12:24 PM, RKN the_PORTABLE wrote:
> 
> 
> On 10/29/2014 05:20 PM, Ted Smith wrote:> No matter how many times you
> say this you will never erase the massive
>> amount of harassment done in the name of GamerGate.
> 
> Implying anti-gamer gate idiots didn't harass and dox people too. Hell,
> feminists are known to have harassed people (most well known yet
> forgotten Erin Pizzey ) lied and made threats against themselves for
> attention. And yet you are not dismissing feminism/SJW because "few" of
> them did something bad?

That's Erin Pizzey, the MRA and writer for A Voice for Men?

> Also, prove that harassment was done not by trolls working for
> anti-gamer gate. (And FYI criticism of Anita is not harassment. She
> provably misrepresented and lied about few games.)
> 
> 
>> 
>> You are the moderate fringe justifying extremists. You are the Sinn Fein
>> to their PIRA. 
>> 
>> When one of these extremists inevitably turns violent, the blood will be
>> on your hands.
> 
> From the way GG is going I am betting on anti-gg idiots spilling first
> blood.
> 
>> 
>> On Tue, 2014-10-28 at 20:12 +0200, Dāvis Mosāns wrote:
>>> Again, GamerGate is not about harassment, it's not a hate movement
>> 
> 
> Let me sum up gg in a way that I expect cpunks to understand (but then
> again, I expected cpunks to have more brain and do better research
> rather than just go white knighting):
> "Anti-prism people are not pro privacy. They are pro terrorism and
> paeodofilia! Snowden is just a racist! He could not cope with changing
> times and the fact that new president is black so he sold out his
> country and ran away to homophobic and racist RUSSIA!"

This analogy is not very useful as USA is also homophobic and racist.

> (For those too stupid - It's play on "GG is not about journalist
> integrity! It's about white male racist/sexist males not going with
> times!" bullshit )
> 
> 
> Oh, and to genius that suggested to stop trying to fix journalist bs
> about GG and better go against eg. EA - If company bribes judge(journos)
> punishing company will just make others more careful in bribing. YOU
> HAVE TO GET NEW JUDGE.
> 
> GG is about journalist integrity. Quin shagging just made people look
> under right rocks and harassment against women is BS (3 possibilities -
> 1. gg is harassing women. 2. anti-gg is trying to make gg look bad. 3.
> someone wants some more attention)
> 
> I am out of this list.

Great! You won't be missed.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141029/cd9f33e2/attachment.sig>

From cathalgarvey at cathalgarvey.me  Wed Oct 29 08:10:00 2014
From: cathalgarvey at cathalgarvey.me (Cathal (Phone))
Date: Wed, 29 Oct 2014 15:10:00 +0000
Subject: are USB floppies toxic?
In-Reply-To: <20141029145640.GZ10467@leitl.org>
References: <20141029145640.GZ10467@leitl.org>
Message-ID: <1A729FB1-DD41-4CA3-A9EC-DB230719E8AD@cathalgarvey.me>

How hard would it be to scratch a trace or two off a USB drive to render it read-only and protect the chip from BadBIOS-style flashing? I think USB floppy is just separating the storage from the drivers, but ultimately changes nothing.

On 29 October 2014 14:56:41 GMT+00:00, Eugen Leitl <eugen at leitl.org> wrote:
>We know USB flash is is Biosafety 4, what about other sneaker-net
>suitable
>storage media? USB floppies are still around, as well as media, which
>are write-protectable.
>
>How easy to hop the air gap with these?

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 878 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141029/59427004/attachment.txt>

From l at odewijk.nl  Wed Oct 29 07:45:26 2014
From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=)
Date: Wed, 29 Oct 2014 15:45:26 +0100
Subject: Of Sealand, corp, and country [was: nation-state]
In-Reply-To: <CAD2Ti2_+cN4AeAiZ0CmT-zC3unRPGZpWa1_n9-c+EUPS=7bP=Q@mail.gmail.com>
References: <CAD2Ti2_qK1qP_oPOit++uwmaGpyiQFjhk5zkT_+Vgri05LZg=g@mail.gmail.com>
 <CAHWD2rL1D3xqT7qgCanPAodoz_-zaJyqBnFr0oXqqoe_d3jU4g@mail.gmail.com>
 <CAD2Ti2_+cN4AeAiZ0CmT-zC3unRPGZpWa1_n9-c+EUPS=7bP=Q@mail.gmail.com>
Message-ID: <CAHWD2r+pmZ=Lv4V3vmnXc-U2cqix2JMAG6b6CEXKa7Ey4NkZOg@mail.gmail.com>

2014-10-27 23:38 GMT+01:00 grarpamp <grarpamp at gmail.com>:

> Is not the aim to demonstrate that by hoisting your flag wherever
> that you challenge that definition and fuxor their plans?
>

What plans? If anything I find "their" plans to be highly turbulent and
confused. It's as if speech disintegrates completely into white noise, and
then people become soldiers and start marching in unison. Pretty insane, if
you ask me. It's all build on the conceptions of God, King and Country. Now
with God gone, Kings dead, and Country integrated with all the others, it
becomes exceedingly unclear what people fight for. Economy? Terrorism? You
tell me.


> At least to the extent that you force them to hypocritically behave in an
> unfair or ungentlemanly manner against you, or declare war on you.
>

They send a Coast Guard Cutter and a squad of marines to escort you back
home forcefully. Or just leave you, without giving a damn. They couldn't
declare war without first declaring you a nation, which they won't, because
internationallylegally you aren't.

Unfair doesn't factor into it, if you ask me. Being a gentleman... well..
You'll probably be the offender in their eyes.

The thing is, violence is difficult. You're not allowed to harm a foreign
national (I'd be Dutch, you'd be whatever you'd be) for no reason
whatsoever. So maybe the coast guard will trick you into doing something
wrong, like shooting them first. There's no territorial waters when you're
not a nation, so they'll be allowed to ship right in.

But either they don't have a reason to care (and why would you do it?) or
they cannot do something (which is highly circumstantial) or you're just
not their match and lose. You'd say there's a chance you'd win, but there
probably isn't without being huge (Cuba is big enough though).


> All of which serves to support your legitimacy. After all, if you
> are 'not' a 'something' as they say, then they would have no such
> interest in you at all.
>

Somehow many nations still have never admitted to recognize Taiwan as an
independent nation, nor recognized it to be part of China. Taiwan still
claims to be the original and legitimate China, but sits on it's own seat
in the UN. Bottom line? Who know what will happen! Sealand exists because
at some point they were clearing it with a helicopter, but they had AA guns
on the platform (wtf?!), so the helicopter went away again and Britain
really isn't going to risk lives for winning Sealand back.


> > I'm not sure if
> > Sealand qualifies, but I think it's overhyped.
>
> It itself is overhyped in media (RedBull), but the idea of challenge
> and independance it represents is buried as too troublesome to
> publish lest people get ideas.
>

Like how a believe in a nation is similar to superstition?


> > There's plenty of island nations, why not buy one of them? If you agree
> to
> > donate shares to the government they might be all ears.
>
> It's not a purchase if you leave rights to the existing govt. That's called
> a lease. Leasees always lose in the end. Look at Hong Kong.
>

Well, Hong Kong's future is yet unsettled. It's held up surprisingly well,
if you ask me. It sure is o-so-British to invent some kind of
in-between-ownership-or-independence deal for 100 years. They always have a
ton of fun, those British lads. See also: Kowloon
<https://en.wikipedia.org/wiki/Kowloon_Walled_City>.


> > You could band together with some other corporations if you don't have
> the
> > capital/value.
>
> Dilutes your interests.
>

Interests can be shared.


> > Have to wonder what's the point though. Save tax? ... Liberty?
>
> Independance, set your own rules, the ability to generally say fuck off
> and deal with whoever you wish to deal with however. aka: DPRK,
> Venezuela, Iran, China, Cuba. It's not supposed to be easy.
>

So, those nations are doing well? I'm not sure what this does for you.
Internally, the nations you mentioned give much less security, wealth,
freedom and sometimes privacy to it's people. Internationally these nations
have posed large national security risks time and time again, seemingly to
very little avail other than to remain isolated, poor and sad.

I really (really) think we have huge *huge* first world problems. But, I
don't think the mentioned nations are doing any better.

Will this independence be better? How, why? These aren't trivial questions.
I believe the right conclusion for the wrong reasons is still wrong.
Independence seems like the right conclusion, but you must know why.


> Being so closely tied to Britain, Sealand is probably not nearly as clear
> a situation as floating a square kilometer platform hundreds of km from
> any coast with many countries would be. Say off northern SouthAm,
> southeast Asia, west Africa.
>

Power of law is a security as much as it is a risk. Humans act strangely
around things such as "duty", "honor", "law", "allegiance", "right", etc.
Haven't quite found the pattern, although one's own profit is a pretty
constant factor. Sometimes honor is the act of defying game theory for the
global better, but often it's not. (Also, let's stay away from the DPRK, k?)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 7450 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141029/b3dbc45b/attachment.txt>

From eugen at leitl.org  Wed Oct 29 07:56:41 2014
From: eugen at leitl.org (Eugen Leitl)
Date: Wed, 29 Oct 2014 15:56:41 +0100
Subject: are USB floppies toxic?
Message-ID: <20141029145640.GZ10467@leitl.org>

We know USB flash is is Biosafety 4, what about other sneaker-net suitable
storage media? USB floppies are still around, as well as media, which
are write-protectable.

How easy to hop the air gap with these?




From ryacko at gmail.com  Wed Oct 29 18:01:11 2014
From: ryacko at gmail.com (Ryan Carboni)
Date: Wed, 29 Oct 2014 18:01:11 -0700
Subject: FBI demands new powers to hack into computers and carry out
 surveillance
Message-ID: <CAO7N=i19f3hhC+jNZrHQGe=DCuvUMeYkeowg5EdRtODkGcYTKg@mail.gmail.com>

http://www.theguardian.com/us-news/2014/oct/29/fbi-powers-hacking-computers-surveillance

"

The FBI <http://www.theguardian.com/us-news/fbi> is attempting to persuade
an obscure regulatory body in Washington to change its rules of engagement
in order to seize significant new powers to hack into and carry out
surveillance of computers throughout the US and around the world.

Civil liberties groups warn that the proposed rule change amounts to a
power grab by the agency that would ride roughshod over strict limits to
searches and seizures laid out under the fourth amendment of the US
constitution, as well as violate first amendment privacy rights. They have
protested that the FBI is seeking to transform its cyber capabilities with
minimal public debate and with no congressional oversight."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 990 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141029/4e7ba18a/attachment.txt>

From wadsok at gmail.com  Wed Oct 29 09:24:14 2014
From: wadsok at gmail.com (RKN the_PORTABLE)
Date: Wed, 29 Oct 2014 18:24:14 +0200
Subject: GamerGate (because censorship is dumb)
In-Reply-To: <1414596042.2993.22.camel@anglachel>
References: <CAB4-RpLRCYfcSD+Tp6bV9RCSxvLTDv8M_Y01Gtb=2MTV3-yObw@mail.gmail.com>
 <E1XiMu9-0006nZ-HY@elasmtp-mealy.atl.sa.earthlink.net>
 <CAOE4rSwfdajJbMWEa=UKa-M8-cbahs1S=C5yVnc=_cHcUtHQaQ@mail.gmail.com>
 <45ac353359f0ad85f3a792faa499faba@cryptolab.net>
 <CAOE4rSwbGqh+XMXY=55GVa_4U95F58sXtQkcuHuHYnGkR1R=vg@mail.gmail.com>
 <1a3afa12b6a0da5c252c12e213fc1244@cryptolab.net>
 <CAOE4rSwUyjDP2tQhfrEJ8qLO4Hyt2qc_1KZfL+JV3pk9pmKWiA@mail.gmail.com>
 <1414596042.2993.22.camel@anglachel>
Message-ID: <CALiz36Oq8KiwNPjMLz8Jkd7XGRHipzKyLKHHrioUKyFsvEeR-Q@mail.gmail.com>

On 10/29/2014 05:20 PM, Ted Smith wrote:> No matter how many times you say
this you will never erase the massive
> amount of harassment done in the name of GamerGate.

Implying anti-gamer gate idiots didn't harass and dox people too. Hell,
feminists are known to have harassed people (most well known yet forgotten
Erin Pizzey ) lied and made threats against themselves for attention. And
yet you are not dismissing feminism/SJW because "few" of them did something
bad?
Also, prove that harassment was done not by trolls working for anti-gamer
gate. (And FYI criticism of Anita is not harassment. She provably
misrepresented and lied about few games.)


>
> You are the moderate fringe justifying extremists. You are the Sinn Fein
> to their PIRA.
>
> When one of these extremists inevitably turns violent, the blood will be
> on your hands.

>From the way GG is going I am betting on anti-gg idiots spilling first
blood.

>
> On Tue, 2014-10-28 at 20:12 +0200, Dāvis Mosāns wrote:
>> Again, GamerGate is not about harassment, it's not a hate movement
>

Let me sum up gg in a way that I expect cpunks to understand (but then
again, I expected cpunks to have more brain and do better research rather
than just go white knighting):
"Anti-prism people are not pro privacy. They are pro terrorism and
paeodofilia! Snowden is just a racist! He could not cope with changing
times and the fact that new president is black so he sold out his country
and ran away to homophobic and racist RUSSIA!"
(For those too stupid - It's play on "GG is not about journalist integrity!
It's about white male racist/sexist males not going with times!" bullshit )


Oh, and to genius that suggested to stop trying to fix journalist bs about
GG and better go against eg. EA - If company bribes judge(journos)
punishing company will just make others more careful in bribing. YOU HAVE
TO GET NEW JUDGE.

GG is about journalist integrity. Quin shagging just made people look under
right rocks and harassment against women is BS (3 possibilities - 1. gg is
harassing women. 2. anti-gg is trying to make gg look bad. 3. someone wants
some more attention)

I am out of this list.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2695 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141029/9c950c4b/attachment.txt>

From l at odewijk.nl  Wed Oct 29 12:19:27 2014
From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=)
Date: Wed, 29 Oct 2014 20:19:27 +0100
Subject: are USB floppies toxic?
In-Reply-To: <1A729FB1-DD41-4CA3-A9EC-DB230719E8AD@cathalgarvey.me>
References: <20141029145640.GZ10467@leitl.org>
 <1A729FB1-DD41-4CA3-A9EC-DB230719E8AD@cathalgarvey.me>
Message-ID: <CAHWD2rKG3Xzzh1qPmHZpGXvQoENNDo4JOz=Raysm0zmyDFHung@mail.gmail.com>

These fail together, I'd call them equally safe. Using an unusual (and
small) stack is safer as exploits would be more expensive to obtain.

Probably better to airgap by having a secure microkernel (L4, how are you?)
do the USB and another protocol (Ethernet for all I care) carry sanitized
payload to the actual machine. Think of it as wearing a condom. Whatever
the transferred payload is, making sure it's sanitized is vital and
non-trivial. Probably would require interpreting and serializing it again,
to unify the formatting.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 585 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141029/b5c67964/attachment.txt>

From cyberkiller8 at gmail.com  Wed Oct 29 23:13:08 2014
From: cyberkiller8 at gmail.com (=?ISO-8859-2?Q?=22=A3ukasz_=5C=22Cyber_Killer=5C=22_Korpalski?= =?ISO-8859-2?Q?=22?=)
Date: Thu, 30 Oct 2014 07:13:08 +0100
Subject: FBI demands new powers to hack into computers and carry out
 surveillance
In-Reply-To: <1414639337.909144.184956041.1D3E5CFC@webmail.messagingengine.com>
References: <CAO7N=i19f3hhC+jNZrHQGe=DCuvUMeYkeowg5EdRtODkGcYTKg@mail.gmail.com>
 <1414636465.894967.184938209.7AFC95C5@webmail.messagingengine.com>
 <1414639337.909144.184956041.1D3E5CFC@webmail.messagingengine.com>
Message-ID: <5451D6F4.9050104@gmail.com>

W dniu 30.10.2014 o 04:22, Alfie John pisze:
(...)
> 
> I don't get it. The Four Horsemen of the Infocalypse are already using
> Tails and Tor so this is not going to affect them. All this will do is
> slowly push the general populace using them as well. Is the government
> shooting their own intelligence agencies in the foot by helping more and
> more people get onto the Cyphernet?
> 

It would be awesome if it did, but most people don't care. They will be
spied on and think "it's ok, I'm not doing anything illegal, I'm not a
terrorist and I trust the police, they wouldn't do anything bad with my
data". :-/

-- 
Łukasz "Cyber Killer" Korpalski

mail: cyberkiller8 at gmail.com
xmpp: cyber_killer at jabster.pl
site: http://website.cybkil.cu.cc
gpgkey: 0x72511999 @ hkp://keys.gnupg.net

//When replying to my e-mail, kindly please
//write your message below the quoted text.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141030/9d4284cd/attachment.sig>

From eugen at leitl.org  Thu Oct 30 02:16:12 2014
From: eugen at leitl.org (Eugen Leitl)
Date: Thu, 30 Oct 2014 10:16:12 +0100
Subject: FBI demands new powers to hack into computers and carry out
 surveillance
In-Reply-To: <1414639337.909144.184956041.1D3E5CFC@webmail.messagingengine.com>
References: <CAO7N=i19f3hhC+jNZrHQGe=DCuvUMeYkeowg5EdRtODkGcYTKg@mail.gmail.com>
 <1414636465.894967.184938209.7AFC95C5@webmail.messagingengine.com>
 <1414639337.909144.184956041.1D3E5CFC@webmail.messagingengine.com>
Message-ID: <20141030091611.GB10467@leitl.org>

On Thu, Oct 30, 2014 at 02:22:17PM +1100, Alfie John wrote:

> I don't get it. The Four Horsemen of the Infocalypse are already using
> Tails and Tor so this is not going to affect them. All this will do is

This is obviously about mass surveillance for social control. The
deviants are already accounted for.

> slowly push the general populace using them as well. Is the government

What makes you think it will? The massive criminal malware load so far 
failed to do it, and federal malware will be a lot more considerate/stealthy 
than that. Why should they even notice? Or use unpatriotic ("Negative, I 
am a meat popsicle") antimalware systems?

But of couse mass appearance of malware would hit the honeypots, and result
in more secure systems overall.

> shooting their own intelligence agencies in the foot by helping more and
> more people get onto the Cyphernet?




From alfiej at fastmail.fm  Wed Oct 29 19:34:25 2014
From: alfiej at fastmail.fm (Alfie John)
Date: Thu, 30 Oct 2014 13:34:25 +1100
Subject: FBI demands new powers to hack into computers and carry out
 surveillance
In-Reply-To: <CAO7N=i19f3hhC+jNZrHQGe=DCuvUMeYkeowg5EdRtODkGcYTKg@mail.gmail.com>
References: <CAO7N=i19f3hhC+jNZrHQGe=DCuvUMeYkeowg5EdRtODkGcYTKg@mail.gmail.com>
Message-ID: <1414636465.894967.184938209.7AFC95C5@webmail.messagingengine.com>

On Thu, Oct 30, 2014, at 12:01 PM, Ryan Carboni wrote:
> http://www.theguardian.com/us-news/2014/oct/29/fbi-powers-hacking-computers-surveillance
>
> The FBI <http://www.theguardian.com/us-news/fbi> is attempting to
> persuade an obscure regulatory body in Washington to change its rules
> of engagement in order to seize significant new powers to hack into
> and carry out surveillance of computers throughout the US and around
> the world.

Australia's counterpart ASIO unfortunately got it passed:

  http://www.smh.com.au/digital-life/consumer-security/terror-laws-clear-senate-enabling-entire-australian-web-to-be-monitored-and-whistleblowers-to-be-jailed-20140926-10m8ih.html

  "Australian spies will soon have the power to monitor the entire
  Australian internet with just one warrant, and journalists and
  whistleblowers will face up to 10 years' jail for disclosing
  classified information."

Here's the kicker:

  "Anyone - including journalists, whistleblowers and bloggers - who
  "recklessly" discloses "information ... [that] relates to a special
  intelligence operation" faces up to 10 years' jail. Any operation can
  be declared "special" by an authorised ASIO officer"

What would be great to see would be if all Australian journalists banded
together to counter the new laws, by self-imposing a gag order on _all_
information that the government wanted to put out. In other words, stop
being a conduit for government propaganda i.e. no questions, no
interviews, no articles, no opinion pieces etc. and _only_ give air time
to those who opposed the new laws. This would be even better if we were
in an election cycle.

Unfortunately however, the FBI will get it what they want one way or
another.

I, for one, welcome our new surveillance overlords /s

Alfie

-- 
  Alfie John
  alfiej at fastmail.fm




From alfiej at fastmail.fm  Wed Oct 29 20:22:17 2014
From: alfiej at fastmail.fm (Alfie John)
Date: Thu, 30 Oct 2014 14:22:17 +1100
Subject: FBI demands new powers to hack into computers and carry out
 surveillance
In-Reply-To: <1414636465.894967.184938209.7AFC95C5@webmail.messagingengine.com>
References: <CAO7N=i19f3hhC+jNZrHQGe=DCuvUMeYkeowg5EdRtODkGcYTKg@mail.gmail.com>
 <1414636465.894967.184938209.7AFC95C5@webmail.messagingengine.com>
Message-ID: <1414639337.909144.184956041.1D3E5CFC@webmail.messagingengine.com>

On Thu, Oct 30, 2014, at 01:34 PM, Alfie John wrote:
> I, for one, welcome our new surveillance overlords /s

And now this just came through my feeds:

  http://www.theage.com.au/federal-politics/political-news/malcolm-turnbull-introduces-legislation-for-metadata-retention-scheme-20141030-11e101.html

  "A new federal government scheme requiring telecommunications
  companies to store customer records for two years could "absolutely"
  be used to target the illicit downloading of movies or music,
  according to the Australian Federal Police commissioner."

I don't get it. The Four Horsemen of the Infocalypse are already using
Tails and Tor so this is not going to affect them. All this will do is
slowly push the general populace using them as well. Is the government
shooting their own intelligence agencies in the foot by helping more and
more people get onto the Cyphernet?

Alfie

-- 
  Alfie John
  alfiej at fastmail.fm




From rtomek at ceti.pl  Thu Oct 30 08:21:28 2014
From: rtomek at ceti.pl (Tomasz Rola)
Date: Thu, 30 Oct 2014 16:21:28 +0100
Subject: are USB floppies toxic?
In-Reply-To: <CAHWD2rKG3Xzzh1qPmHZpGXvQoENNDo4JOz=Raysm0zmyDFHung@mail.gmail.com>
References: <20141029145640.GZ10467@leitl.org>
 <1A729FB1-DD41-4CA3-A9EC-DB230719E8AD@cathalgarvey.me>
 <CAHWD2rKG3Xzzh1qPmHZpGXvQoENNDo4JOz=Raysm0zmyDFHung@mail.gmail.com>
Message-ID: <20141030152127.GA26790@tau1.ceti.pl>

On Wed, Oct 29, 2014 at 08:19:27PM +0100, Lodewijk andré de la porte wrote:
> These fail together, I'd call them equally safe. Using an unusual
> (and small) stack is safer as exploits would be more expensive to
> obtain.
> 
> Probably better to airgap by having a secure microkernel (L4, how
> are you?)  do the USB and another protocol (Ethernet for all I care)
> carry sanitized payload to the actual machine. Think of it as
> wearing a condom. Whatever the transferred payload is, making sure
> it's sanitized is vital and non-trivial. Probably would require
> interpreting and serializing it again, to unify the formatting.

USB condom, great name :-).

Last time I amused myself with such idea (say, few months ago), I
ended up reading specs of stm32f4 family of single board
microcontrollers, mostly because my local shop sells them. They have
like 1MB of flash, my fav has 192kB of ram (not sure, in one piece or
banks? and yes, it's kilo-bytes, not kilo-bits, according to web
page), I guess they have enough io pins to solder usb and/or ether
connectors to them. Plus, ARM Cortex-M cpu @80+ MHz. Very very cute,
for me.

It's a bit of overkill but I really dislike boards with 512 bytes of
ram (what kind of compiler could I fit into this? binary lambda self
interpreter, maybe, cool, but what else besides it - and how much
could I use it for computing rather than led blinking, although leds
could make it look sexier).

:-)

Also, I myself would not use L4. No bad feelings about it but, sounds
a bit too huge for this task, meybe? Since I don't know too much about
all this stuff, I guess I'd start with C or Forth on bare metal. I had
not enough time to make sure I could develop for it using Linux/BSD,
since other OSes are no-no.

-- 
Regards,
Tomasz Rola

--
** A C programmer asked whether computer had Buddha's nature.      **
** As the answer, master did "rm -rif" on the programmer's home    **
** directory. And then the C programmer became enlightened...      **
**                                                                 **
** Tomasz Rola          mailto:tomasz_rola at bigfoot.com             **




From l at odewijk.nl  Thu Oct 30 09:01:28 2014
From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=)
Date: Thu, 30 Oct 2014 17:01:28 +0100
Subject: are USB floppies toxic?
In-Reply-To: <20141030152127.GA26790@tau1.ceti.pl>
References: <20141029145640.GZ10467@leitl.org>
 <1A729FB1-DD41-4CA3-A9EC-DB230719E8AD@cathalgarvey.me>
 <CAHWD2rKG3Xzzh1qPmHZpGXvQoENNDo4JOz=Raysm0zmyDFHung@mail.gmail.com>
 <20141030152127.GA26790@tau1.ceti.pl>
Message-ID: <CAHWD2rJnfbhQkTaMxDh1yKwsaO7eUFu2cbbkYEa606BB1bDTVw@mail.gmail.com>

2014-10-30 16:21 GMT+01:00 Tomasz Rola <rtomek at ceti.pl>:

> Also, I myself would not use L4. No bad feelings about it but, sounds
> a bit too huge for this task, meybe? Since I don't know too much about
> all this stuff, I guess I'd start with C or Forth on bare metal. I had
> not enough time to make sure I could develop for it using Linux/BSD,
> since other OSes are no-no.
>

For me the reason for a kernel is existing drivers and a proven
infrastructure. You want to make the protocol and data as non-native as
possible, change it around as much as you can, to remove potential
exploits. There's just too many exploits though :(... No way to protect
against an exploited PDF, unless you want to reformat the PDF's (maybe into
JPG?). You could theoretically do that on the fly with L4, but with
bare-metal you'd be hurting yourself a lot.

Which also brings us back to Eugen, Eugen, for what is USB flash Biosafety
4? What do you want to do with these drives? Just moving data in, without
moving data out? Or just preventing some magical build-into-the-chipset
exploits (like is possible with Firewire)?

All of those could be brought with an L4-running device with USB and
another protocol, allowing better connectivity, too. But depending on the
threat model, less might be enough (or more!).

I think an air-gap is supposed to be gapped both ways. one could create a
purpose-specific data format, that can be re-interpreted by the software
running on the L4 device. Then, when transferring a file, the L4 device
will read the stuff from the USB, reinterpret it to ensure correct
formatting, write it out to the other side in whatever way chosen.

Depending on volume it might be feasible to transfer manually, just mash it
into a (radiation isolated!) keyboard.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2360 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141030/60266b63/attachment.txt>

From rtomek at ceti.pl  Thu Oct 30 09:32:54 2014
From: rtomek at ceti.pl (Tomasz Rola)
Date: Thu, 30 Oct 2014 17:32:54 +0100
Subject: are USB floppies toxic?
In-Reply-To: <CAHWD2rJnfbhQkTaMxDh1yKwsaO7eUFu2cbbkYEa606BB1bDTVw@mail.gmail.com>
References: <20141029145640.GZ10467@leitl.org>
 <1A729FB1-DD41-4CA3-A9EC-DB230719E8AD@cathalgarvey.me>
 <CAHWD2rKG3Xzzh1qPmHZpGXvQoENNDo4JOz=Raysm0zmyDFHung@mail.gmail.com>
 <20141030152127.GA26790@tau1.ceti.pl>
 <CAHWD2rJnfbhQkTaMxDh1yKwsaO7eUFu2cbbkYEa606BB1bDTVw@mail.gmail.com>
Message-ID: <20141030163254.GC26790@tau1.ceti.pl>

On Thu, Oct 30, 2014 at 05:01:28PM +0100, Lodewijk andré de la porte wrote:
> 2014-10-30 16:21 GMT+01:00 Tomasz Rola <rtomek at ceti.pl>:
> 
> > Also, I myself would not use L4. No bad feelings about it but, sounds
> > a bit too huge for this task, meybe? Since I don't know too much about
> > all this stuff, I guess I'd start with C or Forth on bare metal. I had
> > not enough time to make sure I could develop for it using Linux/BSD,
> > since other OSes are no-no.
> >
> 
> For me the reason for a kernel is existing drivers and a proven
> infrastructure. You want to make the protocol and data as non-native as
> possible, change it around as much as you can, to remove potential
> exploits. There's just too many exploits though :(... No way to protect
> against an exploited PDF, unless you want to reformat the PDF's (maybe into
> JPG?). You could theoretically do that on the fly with L4, but with
> bare-metal you'd be hurting yourself a lot.

Oh I see. Using L4 makes sense then. But, if concern goes as far as
files prepared with hostile intent, I again mused myself once (what a
muser I am) with idea of filtering this stuff through
software/converter running on non-386 emulator, like PDP-10 (simh or
something, running TOPS-* is optional), vax (again simh, some modern
bsd should fit) or even S/380 (modified Hercules emulator, modern
variation on S360 mainframe, hobby project, gnu software ported to
MVS/380 which itself descends from one commercial mainframe os, which
at one point of time became public domain - if memory serves, of
course).

Since those are all musings and no hard work, I cannot claim any kind
of success or if this makes any sense or not at all. Seems doable,
requires time and reading some old manuals written on typewriter and
scanned, and the font is ugly and scales poorly on 6'' ebook reader...

-- 
Regards,
Tomasz Rola

--
** A C programmer asked whether computer had Buddha's nature.      **
** As the answer, master did "rm -rif" on the programmer's home    **
** directory. And then the C programmer became enlightened...      **
**                                                                 **
** Tomasz Rola          mailto:tomasz_rola at bigfoot.com             **




From griffin at cryptolab.net  Thu Oct 30 20:03:59 2014
From: griffin at cryptolab.net (Griffin Boyce)
Date: Thu, 30 Oct 2014 23:03:59 -0400
Subject: are USB floppies toxic?
In-Reply-To: <E1Xk0DX-00026v-8l@login01.fos.auckland.ac.nz>
References: <E1Xk0DX-00026v-8l@login01.fos.auckland.ac.nz>
Message-ID: <35c1bf01-a193-4784-8f05-4a21a6bfafe9@email.android.com>

I use surge protector wall outlets that have USB ports in them to charge my phones:

http://www.amazon.com/gp/aw/d/B00ATZJ606/ref=mp_s_a_1_1/175-6650613-8456264?qid=1414724024&sr=8-1

There are travel versions that are handy too. I partly got these as an alternative to traditional long surge protectors and have found them to be really useful at conferences and coffee shops.

~ Griffin


On October 30, 2014 8:37:27 PM EST, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
>mroq qorm <mroqorm at gmail.com> writes:
>>On Thu, Oct 30, 2014 at 3:21 PM, Tomasz Rola <rtomek at ceti.pl> wrote:
>>> USB condom, great name :-).
>>http://syncstop.com/ - there was an open hardware version of this
>somewhere,
>>but maybe all that went away when they got a new name and a hipster
>website
>>... not for the purpose you are discussing but still useful.
>
>More generally, search for "charge only usb cable" and you'll find lots
>of things like this, e.g:
>
>http://www.ebay.com/itm/2M-6ft-LONG-THICK-Fast-Charging-ONLY-USB-Cable-WHITE-4-iPad-Air-2-mini-3-Retina-/291161982615?pt=US_Tablet_eReader_Chargers_Sync_Cables&hash=item43ca9b4697
>http://www.ebay.com/itm/High-Speed-Charge-Only-Micro-USB-Charging-Cable-Android-Quality-Fast-Charger-/221266793926?pt=UK_MobilePhones_MobilePhoneAccessories_MobilePhoneChargers&hash=item33848755c6
>http://www.ebay.com/itm/GYRRH-Micro-USB-Power-Charge-Only-Cable-3ft-91cm-Yellow-/131304066524?pt=US_USB_Cables_Hubs_Adapters&hash=item1e92550ddc
>
>Something like this, $1.99 including shipping:
>
>http://www.ebay.com/itm/Micro-USB-2-0-Charging-Charge-Only-Cable-For-Samsung-Galaxy-HTC-Nexus-Android-63-/111283024587?pt=US_Cell_Phone_PDA_Cables_Adapters&var=&hash=item19e8fc32cb
>
>is great for carrying around for charging your phone when you're
>travelling, 
>just mark it in some way so you don't get frustrated when you can't
>sync your 
>phone with it...
>
>Peter.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3480 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141030/e7986ae3/attachment.txt>

From mroqorm at gmail.com  Thu Oct 30 16:41:48 2014
From: mroqorm at gmail.com (mroq qorm)
Date: Thu, 30 Oct 2014 23:41:48 +0000
Subject: are USB floppies toxic?
In-Reply-To: <20141030152127.GA26790@tau1.ceti.pl>
References: <20141029145640.GZ10467@leitl.org>
 <1A729FB1-DD41-4CA3-A9EC-DB230719E8AD@cathalgarvey.me>
 <CAHWD2rKG3Xzzh1qPmHZpGXvQoENNDo4JOz=Raysm0zmyDFHung@mail.gmail.com>
 <20141030152127.GA26790@tau1.ceti.pl>
Message-ID: <CAC-Vat6FRUVtFGhG-VJdjBvM4DnoaNCjygCkqAxpG4HrmLJrzA@mail.gmail.com>

On Thu, Oct 30, 2014 at 3:21 PM, Tomasz Rola <rtomek at ceti.pl> wrote:
> USB condom, great name :-).

http://syncstop.com/ - there was an open hardware version of this
somewhere, but maybe all that went away when they got a new name and a
hipster website ... not for the purpose you are discussing but still
useful.




From drwho at virtadpt.net  Fri Oct 31 12:04:23 2014
From: drwho at virtadpt.net (The Doctor)
Date: Fri, 31 Oct 2014 12:04:23 -0700
Subject: https://facebookcorewwwi.onion/
In-Reply-To: <5281479.Q3Ro4k0Ycc@lapuntu>
References: <5281479.Q3Ro4k0Ycc@lapuntu>
Message-ID: <5453DD37.2050106@virtadpt.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 10/31/2014 07:58 AM, rysiek wrote:

> 1. HTTPS to TOR Hidden Service? Why?

- From the official announcement:

"We decided to use SSL atop this service due in part to architectural
considerations - for example, we use the Tor daemon as a reverse proxy
into a load balancer and Facebook traffic requires the protection of
SSL over that link. As a result, we have provided an SSL certificate
which cites our onion address; this mechanism removes the Tor
Browser's ''SSL Certificate Warning'' for that onion address and
increases confidence that this service really is run by Facebook.
Issuing an SSL certificate for a Tor implementation is - in the Tor
world - a novel solution to attribute ownership of an onion address;
other solutions for attribution are ripe for consideration, but we
believe that this one provides an appropriate starting point for such
discussion."

Source:
https://www.facebook.com/notes/protect-the-graph/making-connections-to-facebook-more-secure/1526085754298237

> 2. How did they get to control 15 characters (I assume the "i" was
> random) in the .onion address? That's a *LOT* of number crunching.
> If they are able to do this, it means they are able (or are very
> close to) bascially spoof *any* .onion address.

They definitely have the processing power to brute-force a vanity
.onion address - who-knows-how-many data centers around the world
worth of processing power.  We don't know how long they've been trying
to generate a memorable one, either.  It could have been weeks or months.

Reportedly, Runa Sandvik and Steven Murdoch advised them on this
project.  Maybe they can shed some light on this.

- --
The Doctor [412/724/301/703] [ZS]
Developer, Project Byzantium: http://project-byzantium.org/

PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F  DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/

Media devices have off switches. Your mind doesn't.

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJUU903AAoJED1np1pUQ8RkfSQP/iD+L6S8izlC3FwUhgCXchw3
or6SnSvr7hqsosdZvRD7RRuzP6OUb6/1wFt4M/ZQJP4B4qV2TYWKHjDbpB4XBuG/
QWmfK/nHAMHf7aYM0Ix7WW4/3SkEqEcw8Lej+3h+01p/h8+SXk9NVJnJmEBJYjX5
FVsp1n6x7XWPqbDLgc1yIaf/lqKf0CCEsSbOfakzzddKoYIdLiUeJCBaiyiG/hi3
nqnkZP/GX9dV4yP+/2Pzw6883RsZqFatJDJLMFlNIpXwMNirXKxWICHUa0ZA6P9+
tV7zs5eKxZNHkmK34hPvqsu2+UoqBLS/ugjuecpMu9OJcCprgosejIfTloqKpVzX
cr4iLFjhxXuBu+PwuDYlOJP14jOUP7cKtdIBshExwajaM7BY7TOPZOQ7D2C6PL/s
s/HmsN9FjLkUR5WLsLxTMmM/ooWh6jvEqwu+3QunegWIHs3LjkgzkXYoiASQVYiK
5R0CER2yyVa+P4YMzL/F5PxFFV6tblUxasgS6Ut75/Y/Y4dmomOY/6sbiACfJKyw
QLM0ShiRnIiuUcVgRFOBWHV6ZHL21n6vrDRLzJzaGD2etTrLb+PPs98HDVmZIoiu
Omfyz4i6/kZ/trGtzcYmn/sAo7UtSet3OBEEHEUPKWp17YcaKhObFc6PT7tyI3IO
wKTn0Li+fygGiQmak4Q4
=d9Oc
-----END PGP SIGNATURE-----




From drwho at virtadpt.net  Fri Oct 31 12:06:50 2014
From: drwho at virtadpt.net (The Doctor)
Date: Fri, 31 Oct 2014 12:06:50 -0700
Subject: https://facebookcorewwwi.onion/
In-Reply-To: <5453AE25.8060900@gmail.com>
References: <5281479.Q3Ro4k0Ycc@lapuntu> <5453AE25.8060900@gmail.com>
Message-ID: <5453DDCA.8080709@virtadpt.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 10/31/2014 08:43 AM, MrBiTs wrote:

> Why in hell somebody in TOR network will access facecrap? If TOR
> intent to give anonymous networking, why to use a service where you
> get anything but be anonymous? Do this make sense?

Whether we on the cypherpunks list like it or not, people organize
protests and direct action on Facebook.  That is one of the reasons
why FB gets filtered occasionally around the world.  While this does
not provide much in the way of anonymity, it does provide censorship
circumvention to those who want it.

- -- 
The Doctor [412/724/301/703] [ZS]
Developer, Project Byzantium: http://project-byzantium.org/

PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F  DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/

Media devices have off switches. Your mind doesn't.

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJUU93KAAoJED1np1pUQ8RkdK4QAIksKOHNvK0SfWcNivGP2oGy
JOTO7PtoytUaRohBzptTSDqDliVLDfPHQfMZIWfCotqywKlSCy138BkpJuI+lBO0
nkomFXNHdsAeWZZyt9QjpzLWaVTnFBNjetxGMxzklCBhviPF5xMZNbj3zQIwjxjV
J63gjbC8gPLJOFXndOELKTuECgK96KWlrWPMhHkI8bOcTi+mgUVfOK9WIUOipWfd
zndZJx4ViaX5Di45WW1Q2FLMNBSxRcXFc/v6XjwK2supUUjYqrQ6wLRLq3IF9W8T
A35Q8lUSRlKDlW3nlvAKQ25u7Cfoaes2gGXS5R7X6+k6S2ehBIvrC3F25oSLvjq6
Vk+cqR37NcGkw2xfH0VdpOSaKr0kVHH18wOq86wAjdlv8umauzfIQtU2vSCA4ci/
5iiu1HuNuXNCg44M4nRsaT7eMxV5koY6QOh1MQ82sCUXJLx6uaseF03N3uPKle+6
B3M/lSX5cLqtd3afvDSLjIwZW7xTFQTKB8p3hWBmRDp+HJ9zmM5sbhsqh+AKyLxU
zDfFRR1M6nweqyZdZCWStB4TwBSaW983IbRH4HFvNR1TE1mJU8XbIQ8ttrKZxnG+
Xyey11oL7cIJOlU9qGBtLyqO0rcY22q9yZPkDPwuuhsiX1bgGgGELkZjRw9WQ40F
cDL09SuWchu7XwbnCHvb
=LGrs
-----END PGP SIGNATURE-----




From pgut001 at cs.auckland.ac.nz  Thu Oct 30 17:37:27 2014
From: pgut001 at cs.auckland.ac.nz (Peter Gutmann)
Date: Fri, 31 Oct 2014 13:37:27 +1300
Subject: are USB floppies toxic?
In-Reply-To: <CAC-Vat6FRUVtFGhG-VJdjBvM4DnoaNCjygCkqAxpG4HrmLJrzA@mail.gmail.com>
Message-ID: <E1Xk0DX-00026v-8l@login01.fos.auckland.ac.nz>

mroq qorm <mroqorm at gmail.com> writes:
>On Thu, Oct 30, 2014 at 3:21 PM, Tomasz Rola <rtomek at ceti.pl> wrote:
>> USB condom, great name :-).
>http://syncstop.com/ - there was an open hardware version of this somewhere,
>but maybe all that went away when they got a new name and a hipster website
>... not for the purpose you are discussing but still useful.

More generally, search for "charge only usb cable" and you'll find lots
of things like this, e.g:

http://www.ebay.com/itm/2M-6ft-LONG-THICK-Fast-Charging-ONLY-USB-Cable-WHITE-4-iPad-Air-2-mini-3-Retina-/291161982615?pt=US_Tablet_eReader_Chargers_Sync_Cables&hash=item43ca9b4697
http://www.ebay.com/itm/High-Speed-Charge-Only-Micro-USB-Charging-Cable-Android-Quality-Fast-Charger-/221266793926?pt=UK_MobilePhones_MobilePhoneAccessories_MobilePhoneChargers&hash=item33848755c6
http://www.ebay.com/itm/GYRRH-Micro-USB-Power-Charge-Only-Cable-3ft-91cm-Yellow-/131304066524?pt=US_USB_Cables_Hubs_Adapters&hash=item1e92550ddc

Something like this, $1.99 including shipping:

http://www.ebay.com/itm/Micro-USB-2-0-Charging-Charge-Only-Cable-For-Samsung-Galaxy-HTC-Nexus-Android-63-/111283024587?pt=US_Cell_Phone_PDA_Cables_Adapters&var=&hash=item19e8fc32cb

is great for carrying around for charging your phone when you're travelling, 
just mark it in some way so you don't get frustrated when you can't sync your 
phone with it...

Peter.




From mrbits.dcf at gmail.com  Fri Oct 31 08:43:33 2014
From: mrbits.dcf at gmail.com (MrBiTs)
Date: Fri, 31 Oct 2014 13:43:33 -0200
Subject: https://facebookcorewwwi.onion/
In-Reply-To: <5281479.Q3Ro4k0Ycc@lapuntu>
References: <5281479.Q3Ro4k0Ycc@lapuntu>
Message-ID: <5453AE25.8060900@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 10/31/2014 12:58 PM, rysiek wrote:
> Hi all,
> 
> so, you've probably seen this: 
> http://venturebeat.com/2014/10/31/facebook-announced-it-is-now-providing-direct-access-to-its-service-over-the-tor-network/
> 
> Apart from being torn about the move (good on Facebook to support TOR, but I don't really feel like praising Facebook for
> anything I guess), there are two WTFs here: https://facebookcorewwwi.onion/
> 
> 1. HTTPS to TOR Hidden Service? Why? /that's the smaller one/
> 
> 2. How did they get to control 15 characters (I assume the "i" was random) in the .onion address? That's a *LOT* of number
> crunching. If they are able to do this, it means they are able (or are very close to) bascially spoof *any* .onion address.
> 
> Am I missing something?
> 

We're talking about it the entire morning. Nice news for a halloween.

You got two great points. First of all I think they didn't catch the main point of TOR network. Otherwise, who's certifying SSL key?

About second question, or they made a commercial agreement with people in TOR OR they are able to spoof any .onion address. My
guess is for second one.

Why in hell somebody in TOR network will access facecrap? If TOR intent to give anonymous networking, why to use a service where
you get anything but be anonymous? Do this make sense?

In other hands, this is Chewbacca...

- -- 
echo
920680245503158263821824753325972325831728150312428342077412537729420364909318736253880971145983128276953696631956862757408858710644955909208239222408534030331747172248238293509539472164571738870818862971439246497991147436431430964603600458631758354381402352368220521740203494788796697543569807851284795072334480481413675418412856581412376640379241258356436205061541557366641602992820546646995466P
| dc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCAAGBQJUU64lAAoJEG7IGPwrPKWrj0MIAIz3Cd+4Hy9vyMGh/NdbjOm2
YDh8d3VtzbBjVEBAu2ZmmPAnpbQ8JFR5Xr/Kv3w1czQ6cqXSO4V88FElLuJ+bG+/
iAEx8ElIfQF78g9Hh1RyR+nsHMpMudNMQZCFkjfK69pJllAXHW4qHFHP336yHpli
Bpg8sg4EMfXxjnlJUoh/AA/6qw7GGOI+1qeFPBvFjHqxbvoi2doy0Jy2CsMi/D6A
XYm3ntusWCQkvp/bYMJQ9trBTCXEGAVsKuPEE/35dWIb06Lp9CL1RVK1IAPF7Sdi
wvxWcYzS/uWP44eF+5s3SRvhKKC0bv45h7xw9n0X8utvOPvJrDE+mngvKVgYelE=
=oifW
-----END PGP SIGNATURE-----




From aestetix at aestetix.com  Fri Oct 31 15:55:41 2014
From: aestetix at aestetix.com (aestetix)
Date: Fri, 31 Oct 2014 15:55:41 -0700
Subject: https://facebookcorewwwi.onion/
In-Reply-To: <5453DDCA.8080709@virtadpt.net>
References: <5281479.Q3Ro4k0Ycc@lapuntu> <5453AE25.8060900@gmail.com>
 <5453DDCA.8080709@virtadpt.net>
Message-ID: <5454136D.3070905@aestetix.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Including anti-surveillance rallies, which is about as ironic as you
can get.

On 10/31/14 12:06 PM, The Doctor wrote:
> On 10/31/2014 08:43 AM, MrBiTs wrote:
> 
>> Why in hell somebody in TOR network will access facecrap? If TOR 
>> intent to give anonymous networking, why to use a service where
>> you get anything but be anonymous? Do this make sense?
> 
> Whether we on the cypherpunks list like it or not, people organize 
> protests and direct action on Facebook.  That is one of the
> reasons why FB gets filtered occasionally around the world.  While
> this does not provide much in the way of anonymity, it does provide
> censorship circumvention to those who want it.
> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJUVBNrAAoJEOrRfDwkjbpTJHgIAKq3E9pnmQB3TQedoqFDGwa8
9BBOqLRZOpLkWi85H59C7XCDNYPRhIDc9+rz/WF57BGH5CS2vuIVd5PRvWfM6udD
pAwXYHJIOAgqjE01+sOMKUM6Ay3OeDQJEVAohPH/w09jT9r/pdDUUl60ARlEUmGX
IqOpZZ5tiyS4EqcKDgG8phswfenbPff/BXK6ukl46Mp3Un7keJ8bbIU2PI8XWkAR
9zQMhtjqKG6zIzMadtp2SxjB87pyq9hdPpKztYU8BL2hj4ELnms5bSph8/DMfQBM
qgcHdOZTiVYEVQWrl+gN6C+94i5VrcI8Dxv+JHoX7kjxoG6WSuMIMqmdCiITiao=
=TiF+
-----END PGP SIGNATURE-----




From cathalgarvey at cathalgarvey.me  Fri Oct 31 08:56:10 2014
From: cathalgarvey at cathalgarvey.me (Cathal Garvey)
Date: Fri, 31 Oct 2014 15:56:10 +0000
Subject: https://facebookcorewwwi.onion/
In-Reply-To: <5281479.Q3Ro4k0Ycc@lapuntu>
References: <5281479.Q3Ro4k0Ycc@lapuntu>
Message-ID: <5453B11A.7060806@cathalgarvey.me>

Technically, it's easier to crunch "something with the word facebook and 
otherwise consisting only of words, whether meaningful or not" than it 
is to spoof a desired address.

That is, they could have crunched the above and resulted in a list like:
elffacebookfarts.onion
bottlefacebookerr.onion
facebookifred.onion
facebookcorewwwi.onion

And of course, the last one is the best fit.

Mind you, the entropy in onion addresses is a tad low, so it's been 
suggested before I believe that spoofing them isn't impossible in the 
long run..just hard.

On 31/10/14 14:58, rysiek wrote:
> Hi all,
>
> so, you've probably seen this:
> http://venturebeat.com/2014/10/31/facebook-announced-it-is-now-providing-direct-access-to-its-service-over-the-tor-network/
>
> Apart from being torn about the move (good on Facebook to support TOR, but I
> don't really feel like praising Facebook for anything I guess), there are two
> WTFs here:
> https://facebookcorewwwi.onion/
>
> 1. HTTPS to TOR Hidden Service? Why?
> /that's the smaller one/
>
> 2. How did they get to control 15 characters (I assume the "i" was random) in
> the .onion address? That's a *LOT* of number crunching. If they are able to do
> this, it means they are able (or are very close to) bascially spoof *any*
> .onion address.
>
> Am I missing something?
>




From rysiek at hackerspace.pl  Fri Oct 31 07:58:18 2014
From: rysiek at hackerspace.pl (rysiek)
Date: Fri, 31 Oct 2014 15:58:18 +0100
Subject: https://facebookcorewwwi.onion/
Message-ID: <5281479.Q3Ro4k0Ycc@lapuntu>

Hi all,

so, you've probably seen this:
http://venturebeat.com/2014/10/31/facebook-announced-it-is-now-providing-direct-access-to-its-service-over-the-tor-network/

Apart from being torn about the move (good on Facebook to support TOR, but I 
don't really feel like praising Facebook for anything I guess), there are two 
WTFs here:
https://facebookcorewwwi.onion/

1. HTTPS to TOR Hidden Service? Why?
/that's the smaller one/

2. How did they get to control 15 characters (I assume the "i" was random) in 
the .onion address? That's a *LOT* of number crunching. If they are able to do 
this, it means they are able (or are very close to) bascially spoof *any* 
.onion address.

Am I missing something?

-- 
Pozdr
rysiek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 411 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141031/4a0087ea/attachment.sig>

From s at ctrlc.hu  Fri Oct 31 08:40:51 2014
From: s at ctrlc.hu (stef)
Date: Fri, 31 Oct 2014 16:40:51 +0100
Subject: https://facebookcorewwwi.onion/
In-Reply-To: <5281479.Q3Ro4k0Ycc@lapuntu>
References: <5281479.Q3Ro4k0Ycc@lapuntu>
Message-ID: <20141031154051.GH6827@ctrlc.hu>

On Fri, Oct 31, 2014 at 03:58:18PM +0100, rysiek wrote:
> 2. How did they get to control 15 characters (I assume the "i" was random) in 
> the .onion address? That's a *LOT* of number crunching. If they are able to do 
> this, it means they are able (or are very close to) bascially spoof *any* 
> .onion address.
> 
> Am I missing something?

they were searching for the facebook prefix, with anything that makes
sense as a postfix:
https://lists.torproject.org/pipermail/tor-talk/2014-October/035412.html

at least this is how i generate pgp vanity ids.

-- 
otr fp: https://www.ctrlc.hu/~stef/otr.txt




From natanael.l at gmail.com  Fri Oct 31 09:07:51 2014
From: natanael.l at gmail.com (Natanael)
Date: Fri, 31 Oct 2014 17:07:51 +0100
Subject: https://facebookcorewwwi.onion/
In-Reply-To: <5453AE25.8060900@gmail.com>
References: <5281479.Q3Ro4k0Ycc@lapuntu>
	<5453AE25.8060900@gmail.com>
Message-ID: <CAAt2M18iHSp6BTmYwPEFEDZ-kOZVL+qoEk7txBNeNCqOj2UMpA@mail.gmail.com>

Den 31 okt 2014 17:00 skrev "MrBiTs" <mrbits.dcf at gmail.com>:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 10/31/2014 12:58 PM, rysiek wrote:
> > Hi all,
> >
> > so, you've probably seen this:
> >
http://venturebeat.com/2014/10/31/facebook-announced-it-is-now-providing-direct-access-to-its-service-over-the-tor-network/
> >
> > Apart from being torn about the move (good on Facebook to support TOR,
but I don't really feel like praising Facebook for
> > anything I guess), there are two WTFs here:
https://facebookcorewwwi.onion/
> >
> > 1. HTTPS to TOR Hidden Service? Why? /that's the smaller one/
> >
> > 2. How did they get to control 15 characters (I assume the "i" was
random) in the .onion address? That's a *LOT* of number
> > crunching. If they are able to do this, it means they are able (or are
very close to) bascially spoof *any* .onion address.
> >
> > Am I missing something?
> >
>
> We're talking about it the entire morning. Nice news for a halloween.
>
> You got two great points. First of all I think they didn't catch the main
point of TOR network. Otherwise, who's certifying SSL key?

You got those assumptions wrong, actually. But it isn't very intuitive to
begin with, so nothing to feel sad about.

They use a load balancer, where traffic needs to be encrypted. Tor network
- Facebook's Tor node - load balancer - SSL acceleration machine (?) -
Facebook servers. That load balancer might sit outside Facebook's server
halls.

> About second question, or they made a commercial agreement with people in
TOR OR they are able to spoof any .onion address. My
> guess is for second one.

Vanity address. They bruteforced few dozen addresses with the first half
(Facebook*), the second half was one of the lucky outputs.

If you're wondering if this makes Tor weak - not very, but partially yes.
Bruteforcing the full address is waaay harder (about 80 bits), but Tor will
still move forwards to making these addresses longer in the future with
stronger algorithms.

> Why in hell somebody in TOR network will access facecrap? If TOR intent
to give anonymous networking, why to use a service where
> you get anything but be anonymous? Do this make sense?

Public announcements while hiding your location?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2911 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141031/bcdfa2e9/attachment.txt>

From mroqorm at gmail.com  Fri Oct 31 10:40:00 2014
From: mroqorm at gmail.com (mroq qorm)
Date: Fri, 31 Oct 2014 17:40:00 +0000
Subject: https://facebookcorewwwi.onion/
In-Reply-To: <5453AE25.8060900@gmail.com>
References: <5281479.Q3Ro4k0Ycc@lapuntu> <5453AE25.8060900@gmail.com>
Message-ID: <CAC-Vat79nQXDL7+j-4e8QxKczE99_GdSJt19HJrp_CKRYe3V-Q@mail.gmail.com>

On Fri, Oct 31, 2014 at 3:43 PM, MrBiTs <mrbits.dcf at gmail.com> wrote:
> You got two great points. First of all I think they didn't catch the main point of TOR network. Otherwise, who's certifying SSL key?

the security you get from an .onion address isn't all that great, you
know. new hidden service names will be a lot longer. also having some
certification that it is actually run by them is useful (but ... but
... ca trust! i don't give a fuck right now)

> Why in hell somebody in TOR network will access facecrap? If TOR intent to give anonymous networking, why to use a service where
> you get anything but be anonymous? Do this make sense?

there are enough reasons for people to use this - while people
apparently have their accounts locked when they try to log in through
this, i assume that is a kink they will deal with better in the
future. in a hostile network, i'd trust a tls secured hidden service
more than anything else i have at my disposal

also, facebook may be crap but it is just another platform to be used
to communicate with people - you may not want what you post associated
with your network location or your person - a lot of people also use
twitter "anonymously" in the same way, why discriminate platforms it
is all the same shit (i said to a fellow gmail user)

not everything is about hiding - if you wanted that, say goodbye to
modern society




From sdw at lig.net  Fri Oct 31 23:30:03 2014
From: sdw at lig.net (Stephen Williams)
Date: Fri, 31 Oct 2014 23:30:03 -0700
Subject: GamerGate (because censorship is dumb)
In-Reply-To: <54512BB5.1080902@riseup.net>
References: <CAB4-RpLRCYfcSD+Tp6bV9RCSxvLTDv8M_Y01Gtb=2MTV3-yObw@mail.gmail.com>
 <E1XiMu9-0006nZ-HY@elasmtp-mealy.atl.sa.earthlink.net>
 <CAOE4rSwfdajJbMWEa=UKa-M8-cbahs1S=C5yVnc=_cHcUtHQaQ@mail.gmail.com>
 <45ac353359f0ad85f3a792faa499faba@cryptolab.net>
 <CAOE4rSwbGqh+XMXY=55GVa_4U95F58sXtQkcuHuHYnGkR1R=vg@mail.gmail.com>
 <1a3afa12b6a0da5c252c12e213fc1244@cryptolab.net>
 <CAOE4rSwUyjDP2tQhfrEJ8qLO4Hyt2qc_1KZfL+JV3pk9pmKWiA@mail.gmail.com>
 <1414596042.2993.22.camel@anglachel>
 <CALiz36Oq8KiwNPjMLz8Jkd7XGRHipzKyLKHHrioUKyFsvEeR-Q@mail.gmail.com>
 <54512BB5.1080902@riseup.net>
Message-ID: <54547DEB.4010201@lig.net>

On 10/29/14, 11:02 AM, Hashem Nasarat wrote:
>
> On 10/29/2014 12:24 PM, RKN the_PORTABLE wrote:
>> ...
>> Let me sum up gg in a way that I expect cpunks to understand (but then
>> again, I expected cpunks to have more brain and do better research
>> rather than just go white knighting):
>> "Anti-prism people are not pro privacy. They are pro terrorism and
>> paeodofilia! Snowden is just a racist! He could not cope with changing
>> times and the fact that new president is black so he sold out his
>> country and ran away to homophobic and racist RUSSIA!"
> This analogy is not very useful as USA is also homophobic and racist.

Not really the same at all.  Russia's government is still actively oppressing people in these ways while the US is:

A) Far less homophobic and racist than it used to be.  In some areas, hardly at all.
B) Has gone from the government homophobia hunting people to fire from government jobs in the 1950's to complete legality and 
usually legal protection now.
C) The Millennials as a group are not homophobic or racist to any measurable degree.  Remaining pockets are becoming more 
isolated and their youth are changing too, as far as anyone can tell.

The whole culture is rapidly changing in many ways.  Music, Internet, Hollywood, legal cases, politicians (because many have 
been voted out), etc. have all been changing people's opinions.  The rate of evolution, or at least the rate of maturation of 
active cycles has been apparently increasing each year.

Pervasive cell phone video, major cases of corruption and overstepping bounds and tragedy have caused major pull back of 
longstanding troublesome trends.

This is how all of this ties into cypherpunks:  Observing how opinions, public sentiment, then enforcement, regulations, and 
market options evolve in each of these cycles should be instructive when trying to induce important change.  How can you 
position things to improve better outcomes when inflection points happen?

sdw

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2560 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141031/ffc79c6f/attachment.txt>

From grarpamp at gmail.com  Fri Oct 31 22:45:10 2014
From: grarpamp at gmail.com (grarpamp)
Date: Sat, 1 Nov 2014 01:45:10 -0400
Subject: Fwd: [Cryptography] EFF, ACLU to Present Oral Argument in NSA Spying
 Case on Nov. 4
In-Reply-To: <201410311840.s9VIe7Cl001584@new.toad.com>
References: <201410311840.s9VIe7Cl001584@new.toad.com>
Message-ID: <CAD2Ti29bQJc9QsnvyET+5yWMdQRhSJC_+1GVX5MpKR6rho6Bkw@mail.gmail.com>

---------- Forwarded message ----------
From: John Gilmore <gnu at toad.com>
Date: Fri, Oct 31, 2014 at 2:40 PM
Subject: [Cryptography] EFF, ACLU to Present Oral Argument in NSA
Spying Case on Nov. 4
To: cryptography at metzdowd.com, gnu at toad.com


Cryptography followers are invited to attend this court hearing in
Washington, DC on November 4, opposing NSA's mass collection of
telephone records.  Observe government lawyers using twisted arguments
and new meanings of simple words to justify spooky outrageous
behavior!  Support civil rights attorneys using principled arguments
rooted in constitutional and societal norms to defend YOUR rights!
Perceive the wheels of justice or just-us grinding the constitution
into effect or into irrelevance!  Show the judges and the press that
the public cares whether NSA gets away with using totalitarian
methods!  See the constitutional issues around mass surveillance
actually be discussed in an open, public court that actually hears
from someone other than the government!  The good guys won this case
at the district court (the judge declared the NSA's actions
unconstitutional), and the government had to appeal it to stop the
ruling from killing off the program.  This case could be very
interesting, and these judges could make the final decision if the
Supreme Court decides not to review their decision.

Please be respectful, wear a costume (banker or politician duds
suggested), and arrive without contraband, weapons, penknives,
cameras, nor most other tools for resisting official oppression.
Bring either a lawyer (who can sign you in) or bring
unconstitutionally required identifying documents, or the US Marshals
at the door will not admit you to this "public trial".

I won't be there (wrong coast), but perhaps a DC local will organize a
nearby place to have lunch afterward and discuss the hearing.

        John Gilmore

Electronic Frontier Foundation Media Release

For Immediate Release: Friday, October 31, 2014

Contact:

Dave Maass
  Media Relations Coordinator
  Electronic Frontier Foundation
  press at eff.org
  +1 415 436-9333 x177

Media Alert: EFF, ACLU to Present Oral Argument in NSA
Spying Case on Nov. 4

Court Should Rule That Mass Telephone Records Collection Is
Unconstitutional in Klayman v. Obama

Washington, D.C. - The Electronic Frontier Foundation (EFF)
will appear before a federal appeals court next week to
argue the National Security Agency (NSA) should be barred
from its mass collection of telephone records of million of
Americans.  The hearing in Klayman v. Obama is set for 9:30
am on Tuesday, Nov. 4 in Washington, D.C.

Appearing as an amicus, EFF Legal Director Cindy Cohn will
present oral argument at the U.S. Court of Appeals for the
District of Columbia Circuit on behalf of EFF and the
American Civil Liberties Union (ACLU), which submitted a
joint brief in the case.

Conservative activist and lawyer Larry Klayman filed the
suit in the aftermath of the first Edward Snowden
disclosure, in which The Guardian revealed how the NSA was
collecting telephone records on a massive scale from the
telecommunications company Verizon.  In December, District
Court Judge Richard Leon issued a preliminary injunction in
the case, declaring that the mass surveillance program was
likely unconstitutional.

EFF argues that the call-records collection, which the NSA
conducts with claimed authority under Section 215 of the
USA PATRIOT Act, violates the Fourth Amendment rights of
millions of Americans.  Separately, EFF is counsel in two
other lawsuits against the program -- Jewel v. NSA and First
Unitarian Church of Los Angeles v. NSA -- and is co-counsel
with the ACLU in a third, Smith v. Obama.

What: Oral Argument in Klayman v. Obama

Who: EFF Legal Director Cindy Cohn

When: 9:30 am (ET), Nov. 4, 2014

Where: E. Barrett Prettyman U.S. Courthouse and William B.
Bryant Annex
Courtroom 20
333 Constitution Ave., NW
Washington, D.C. 20001

For background and legal documents:
https://www.eff.org/cases/klayman-v-obama

The audio of the oral arguments is expected to be available
on the court's website sometime after the
hearing:
http://www.cadc.uscourts.gov/recordings/recordings.nsf/

For this release:
https://www.eff.org/press/releases/media-alert-eff-aclu-present-oral-argument-nsa-spying-case-nov-4

About EFF

The Electronic Frontier Foundation is the leading
organization protecting civil liberties in the digital
world. Founded in 1990, we defend free speech online, fight
illegal surveillance, promote the rights of digital
innovators, and work to ensure that the rights and freedoms
we enjoy are enhanced, rather than eroded, as our use of
technology grows. EFF is a member-supported organization.
Find out more at https://www.eff.org.
_______________________________________________
The cryptography mailing list
cryptography at metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography




From grarpamp at gmail.com  Fri Oct 31 23:51:55 2014
From: grarpamp at gmail.com (grarpamp)
Date: Sat, 1 Nov 2014 02:51:55 -0400
Subject: [Cryptography] Best internet crypto clock: hmmmmm...
In-Reply-To: <alpine.BSF.2.00.1411010544030.84102@aneurin.horsfall.org>
References: <E1XiUsD-0007kF-3q@login01.fos.auckland.ac.nz>
 <CA2619CF-6FA2-4BFF-8F2C-DC711087C922@lrw.com>
 <E1XiZ05-0002XD-MO@elasmtp-curtail.atl.sa.earthlink.net>
 <alpine.BSF.2.00.1410271439430.57132@aneurin.horsfall.org>
 <5453845C.1000508@math.ntnu.no>
 <alpine.BSF.2.00.1411010544030.84102@aneurin.horsfall.org>
Message-ID: <CAD2Ti290r4Y6nMA-ZoyWGrvmubS56i4C351oOVU8sQBu_VCwBQ@mail.gmail.com>

On Fri, Oct 31, 2014 at 2:57 PM, Dave Horsfall <dave at horsfall.org> wrote:
> On Fri, 31 Oct 2014, Harald Hanche-Olsen wrote:
>
>> Are you perhaps thinking of the so-called EURion constellation?
>>
>> https://en.wikipedia.org/wiki/EURion_constellation
>
> That *could* be it; I'd heard a few different versions of the story that
> some copiers would not do currency, and naturally the banks themselves are
> going to be less than forthcoming about their techniques (just like in the
> crypto world).

http://www.secretservice.gov/know_your_money.shtml

Quality counterfeiters of US notes don't care what BEP/FED/TREAS
discloses, they just reverse engineer the bills. Also note that bills before
1990 have nearly trivial security and are still legal tender. There is a model
year vs. timespan "ain't seen one of those lately" acceptance risk with
older bills but that's about it. Either way, don't worry, your average gov't
deflates bill value by printing, more than any counterfeit factory ever
would want to.

Note that paper money can be cloned with far less cost than
any known attack on say Bitcoin, and with more profit since
you still have the bills, but unless you can steal a tiny percent
of the coins quietly all you'd do is bring the network trust to zero.