From demonfighter at gmail.com Thu Jan 1 09:02:32 2015 From: demonfighter at gmail.com (Steve Furlong) Date: Thu, 1 Jan 2015 12:02:32 -0500 Subject: [cryptography] NSA Attacks on VPN, SSL, TLS, SSH, Tor In-Reply-To: References: <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org> <54A10A7C.20106@cathalgarvey.me> Message-ID: On Wed, Dec 31, 2014 at 9:20 AM, Cari Machet wrote: > also seth it appears that dark web is 80 % estimated to be used for child porn If I read the report correctly (and the report reported the findings correctly), the estimate was that 83% of dark web searches related to child porn. That's plausible, I suppose, though I'm certainly not taking it at face value. If I wanted to buy drugs, I already know the marketplaces to go to and don't need to search for them. Anyway, I just did my part to keep the kidzor pr0n searches up. I typed "lolita", "loli", or "loil" into a handful of onion search engines. (That last one was a typo, but the engine took it well enough.) -- Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1011 bytes Desc: not available URL: From juan.g71 at gmail.com Thu Jan 1 10:10:49 2015 From: juan.g71 at gmail.com (Juan) Date: Thu, 1 Jan 2015 15:10:49 -0300 Subject: [cryptography] NSA Attacks on VPN, SSL, TLS, SSH, Tor In-Reply-To: References: <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org> <54A10A7C.20106@cathalgarvey.me> Message-ID: <54a58d18.0910e00a.6060.ffff8945@mx.google.com> On Tue, 30 Dec 2014 09:06:45 +0100 Cari Machet wrote: > juan it is common knowledge that the snowden so called fucking leaks > are given to the US gov before publication > Yes - I should have worded my comment a bit differently. What I was getting at is that they are not even pretending to somewhat hide the fact. Or even slightly obscure it? =P Then again, perhaps to the 'general public' the 'leaked' stuff looks oh so top secret... > always remember and never forget gg was fully behind the war in iraq > and why was he fully behind it ? revenge ... that tells you the mind > that is working on the so called leaks > > also laura she was an embed journo in iraq - something an activist > journo wouldnt even think about doing lets not even fully talk about > that she blindly backs the assange wikileaks 'merger' into one entity > > and jeremy scahill did a selfie (among other ethical violations > against woman) in samalia with a dead body in a morgue for his little > movie, again something journalists dont do - even pond scum > journalists dont get their picture took with dead bodies for camera - > these are the ethical parameters of the people working with the info > > On Tue, Dec 30, 2014 at 8:50 AM, Cari Machet > wrote: > > > john likes to be poetic as a wall - dear john please listen to the > > smart people and have a small bit of humility - it will make you > > better at your job and we need EVERYONE to step up and be better at > > their jobs > > > > On Tue, Dec 30, 2014 at 7:38 AM, grarpamp > > wrote: > > > >> On Mon, Dec 29, 2014 at 8:20 AM, John Young > >> wrote: > >> > Hash this motherfucker, said math to germ. > >> > >> JYA, you, as the original publisher of various and valued > >> datasets... the responsibility to calculate, sign, and publish > >> said hashes rests with you alone. Please consult with any trusted > >> parties should you need assistance in such matters. A future of > >> archivers, disseminators, and analysts will thank you. > >> > > > > > > > > -- > > Cari Machet > > NYC 646-436-7795 > > carimachet at gmail.com > > AIM carismachet > > Syria +963-099 277 3243 > > Amman +962 077 636 9407 > > Berlin +49 152 11779219 > > Reykjavik +354 894 8650 > > Twitter: @carimachet > > > > 7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187 > > > > Ruh-roh, this is now necessary: This email is intended only for the > > addressee(s) and may contain confidential information. If you are > > not the intended recipient, you are hereby notified that any use of > > this information, dissemination, distribution, or copying of this > > email without permission is strictly prohibited. > > > > > > > > From juan.g71 at gmail.com Thu Jan 1 10:26:27 2015 From: juan.g71 at gmail.com (Juan) Date: Thu, 1 Jan 2015 15:26:27 -0300 Subject: [cryptography] NSA Attacks on VPN, SSL, TLS, SSH, Tor In-Reply-To: References: <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org> <54A10A7C.20106@cathalgarvey.me> Message-ID: <54a590c2.11158c0a.71ab.0e75@mx.google.com> On Thu, 1 Jan 2015 18:45:48 +0100 Cari Machet wrote: > good point - so, the US government is interested in supporting > (through practice) the society doing drugs and watching kiddie porn > sounds accurate to me - keep the populous stupid and fucked up then > you are left to your own devices to do whatever the fuck you want - > perfect plan... You seem to be missing the poing...Legislation against 'drugs' and so called 'age of consent' 'laws' are prime examples of statism. "you are left to your own devices to do whatever the fuck you want" Yeah, it's called freedom. > > On Thu, Jan 1, 2015 at 6:02 PM, Steve Furlong > wrote: > > > On Wed, Dec 31, 2014 at 9:20 AM, Cari Machet > > wrote: > > > also seth it appears that dark web is 80 % estimated to be used > > > for > > child porn > > > > If I read the report correctly (and the report reported the findings > > correctly), the estimate was that 83% of dark web searches related > > to child porn. That's plausible, I suppose, though I'm certainly > > not taking it at face value. If I wanted to buy drugs, I already > > know the marketplaces to go to and don't need to search for them. > > > > Anyway, I just did my part to keep the kidzor pr0n searches up. I > > typed "lolita", "loli", or "loil" into a handful of onion search > > engines. (That last one was a typo, but the engine took it well > > enough.) > > > > -- > > Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209 > > > > > From carimachet at gmail.com Thu Jan 1 09:45:48 2015 From: carimachet at gmail.com (Cari Machet) Date: Thu, 1 Jan 2015 18:45:48 +0100 Subject: [cryptography] NSA Attacks on VPN, SSL, TLS, SSH, Tor In-Reply-To: References: <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org> <54A10A7C.20106@cathalgarvey.me> Message-ID: good point - so, the US government is interested in supporting (through practice) the society doing drugs and watching kiddie porn sounds accurate to me - keep the populous stupid and fucked up then you are left to your own devices to do whatever the fuck you want - perfect plan... On Thu, Jan 1, 2015 at 6:02 PM, Steve Furlong wrote: > On Wed, Dec 31, 2014 at 9:20 AM, Cari Machet wrote: > > also seth it appears that dark web is 80 % estimated to be used for > child porn > > If I read the report correctly (and the report reported the findings > correctly), the estimate was that 83% of dark web searches related to child > porn. That's plausible, I suppose, though I'm certainly not taking it at > face value. If I wanted to buy drugs, I already know the marketplaces to go > to and don't need to search for them. > > Anyway, I just did my part to keep the kidzor pr0n searches up. I typed > "lolita", "loli", or "loil" into a handful of onion search engines. (That > last one was a typo, but the engine took it well enough.) > > -- > Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209 > -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Reykjavik +354 894 8650 Twitter: @carimachet 7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187 Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2627 bytes Desc: not available URL: From carimachet at gmail.com Thu Jan 1 13:10:41 2015 From: carimachet at gmail.com (Cari Machet) Date: Thu, 1 Jan 2015 22:10:41 +0100 Subject: [cryptography] NSA Attacks on VPN, SSL, TLS, SSH, Tor In-Reply-To: <54a590c2.11158c0a.71ab.0e75@mx.google.com> References: <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org> <54A10A7C.20106@cathalgarvey.me> <54a590c2.11158c0a.71ab.0e75@mx.google.com> Message-ID: the state is left to its own devices to do whatever the fuck it wants because the people are morons is the point ... freedom is over rated ... it like the word candy to children ... i prefer structures of community agreements and i can clearly state as an anarchist, that that kind of structure has nothing to do with the state plus the state has long been extra judicial so... On Thu, Jan 1, 2015 at 7:26 PM, Juan wrote: > On Thu, 1 Jan 2015 18:45:48 +0100 > Cari Machet wrote: > > > good point - so, the US government is interested in supporting > > (through practice) the society doing drugs and watching kiddie porn > > sounds accurate to me - keep the populous stupid and fucked up then > > you are left to your own devices to do whatever the fuck you want - > > perfect plan... > > You seem to be missing the poing...Legislation against > 'drugs' and so called 'age of consent' 'laws' are prime > examples of statism. > > > "you are left to your own devices to do whatever the fuck you > want" > > Yeah, it's called freedom. > > > > > > > On Thu, Jan 1, 2015 at 6:02 PM, Steve Furlong > > wrote: > > > > > On Wed, Dec 31, 2014 at 9:20 AM, Cari Machet > > > wrote: > > > > also seth it appears that dark web is 80 % estimated to be used > > > > for > > > child porn > > > > > > If I read the report correctly (and the report reported the findings > > > correctly), the estimate was that 83% of dark web searches related > > > to child porn. That's plausible, I suppose, though I'm certainly > > > not taking it at face value. If I wanted to buy drugs, I already > > > know the marketplaces to go to and don't need to search for them. > > > > > > Anyway, I just did my part to keep the kidzor pr0n searches up. I > > > typed "lolita", "loli", or "loil" into a handful of onion search > > > engines. (That last one was a typo, but the engine took it well > > > enough.) > > > > > > -- > > > Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209 > > > > > > > > > > > -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Reykjavik +354 894 8650 Twitter: @carimachet 7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187 Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3890 bytes Desc: not available URL: From mirimir at riseup.net Fri Jan 2 04:40:18 2015 From: mirimir at riseup.net (Mirimir) Date: Fri, 02 Jan 2015 05:40:18 -0700 Subject: [cryptography] NSA Attacks on VPN, SSL, TLS, SSH, Tor In-Reply-To: <54A65790.5020607@cathalgarvey.me> References: <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org> <54A10A7C.20106@cathalgarvey.me> <54a590c2.11158c0a.71ab.0e75@mx.google.com> <54A65790.5020607@cathalgarvey.me> Message-ID: <54A691B2.5070605@riseup.net> On 01/02/2015 01:32 AM, Cathal Garvey wrote: > Cool, the "we should be free to rape children" brand of libertarianism. > I'd entirely forgotten to add you to my devnull when I switched > hardware, thx. No, it's the "children should be free to decide when they're ready to have sex, in consultation with their parents and/or guardians" brand of libertarianism. In my experience, young men fuck literally anything that let's them, while young women have far better sense. But maybe that reflects my patriarchic childhood. > On 01/01/15 18:26, Juan wrote: >> On Thu, 1 Jan 2015 18:45:48 +0100 >> Cari Machet wrote: >> >>> good point - so, the US government is interested in supporting >>> (through practice) the society doing drugs and watching kiddie porn >>> sounds accurate to me - keep the populous stupid and fucked up then >>> you are left to your own devices to do whatever the fuck you want - >>> perfect plan... >> >> You seem to be missing the poing...Legislation against >> 'drugs' and so called 'age of consent' 'laws' are prime >> examples of statism. >> >> >> "you are left to your own devices to do whatever the fuck you >> want" >> >> Yeah, it's called freedom. >> >> >> >>> >>> On Thu, Jan 1, 2015 at 6:02 PM, Steve Furlong >>> wrote: >>> >>>> On Wed, Dec 31, 2014 at 9:20 AM, Cari Machet >>>> wrote: >>>>> also seth it appears that dark web is 80 % estimated to be used >>>>> for >>>> child porn >>>> >>>> If I read the report correctly (and the report reported the findings >>>> correctly), the estimate was that 83% of dark web searches related >>>> to child porn. That's plausible, I suppose, though I'm certainly >>>> not taking it at face value. If I wanted to buy drugs, I already >>>> know the marketplaces to go to and don't need to search for them. >>>> >>>> Anyway, I just did my part to keep the kidzor pr0n searches up. I >>>> typed "lolita", "loli", or "loil" into a handful of onion search >>>> engines. (That last one was a typo, but the engine took it well >>>> enough.) >>>> >>>> -- >>>> Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209 >>>> >>> >>> >>> >> > From cathalgarvey at cathalgarvey.me Fri Jan 2 00:32:16 2015 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Fri, 02 Jan 2015 08:32:16 +0000 Subject: [cryptography] NSA Attacks on VPN, SSL, TLS, SSH, Tor In-Reply-To: <54a590c2.11158c0a.71ab.0e75@mx.google.com> References: <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org> <54A10A7C.20106@cathalgarvey.me> <54a590c2.11158c0a.71ab.0e75@mx.google.com> Message-ID: <54A65790.5020607@cathalgarvey.me> Cool, the "we should be free to rape children" brand of libertarianism. I'd entirely forgotten to add you to my devnull when I switched hardware, thx. On 01/01/15 18:26, Juan wrote: > On Thu, 1 Jan 2015 18:45:48 +0100 > Cari Machet wrote: > >> good point - so, the US government is interested in supporting >> (through practice) the society doing drugs and watching kiddie porn >> sounds accurate to me - keep the populous stupid and fucked up then >> you are left to your own devices to do whatever the fuck you want - >> perfect plan... > > You seem to be missing the poing...Legislation against > 'drugs' and so called 'age of consent' 'laws' are prime > examples of statism. > > > "you are left to your own devices to do whatever the fuck you > want" > > Yeah, it's called freedom. > > > >> >> On Thu, Jan 1, 2015 at 6:02 PM, Steve Furlong >> wrote: >> >>> On Wed, Dec 31, 2014 at 9:20 AM, Cari Machet >>> wrote: >>>> also seth it appears that dark web is 80 % estimated to be used >>>> for >>> child porn >>> >>> If I read the report correctly (and the report reported the findings >>> correctly), the estimate was that 83% of dark web searches related >>> to child porn. That's plausible, I suppose, though I'm certainly >>> not taking it at face value. If I wanted to buy drugs, I already >>> know the marketplaces to go to and don't need to search for them. >>> >>> Anyway, I just did my part to keep the kidzor pr0n searches up. I >>> typed "lolita", "loli", or "loil" into a handful of onion search >>> engines. (That last one was a typo, but the engine took it well >>> enough.) >>> >>> -- >>> Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209 >>> >> >> >> > From juan.g71 at gmail.com Fri Jan 2 11:47:43 2015 From: juan.g71 at gmail.com (Juan) Date: Fri, 2 Jan 2015 16:47:43 -0300 Subject: [cryptography] NSA Attacks on VPN, SSL, TLS, SSH, Tor In-Reply-To: <54A65790.5020607@cathalgarvey.me> References: <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org> <54A10A7C.20106@cathalgarvey.me> <54a590c2.11158c0a.71ab.0e75@mx.google.com> <54A65790.5020607@cathalgarvey.me> Message-ID: <54a6f54e.4b318c0a.79a1.ffff96e2@mx.google.com> On Fri, 02 Jan 2015 08:32:16 +0000 Cathal Garvey wrote: > Cool, the "we should be free to rape children" brand of > libertarianism. I'd entirely forgotten to add you to my devnull when > I switched hardware, thx. So Cathal was even more of a retard than I originally thought. Then again Cathal likes to argue against online markets for drugs in a cypherpunk mailing list, so I shouldn't be surprised. > > On 01/01/15 18:26, Juan wrote: > > On Thu, 1 Jan 2015 18:45:48 +0100 > > Cari Machet wrote: > > > >> good point - so, the US government is interested in supporting > >> (through practice) the society doing drugs and watching kiddie porn > >> sounds accurate to me - keep the populous stupid and fucked up then > >> you are left to your own devices to do whatever the fuck you want - > >> perfect plan... > > > > You seem to be missing the poing...Legislation against > > 'drugs' and so called 'age of consent' 'laws' are prime > > examples of statism. > > > > > > "you are left to your own devices to do whatever the fuck > > you want" > > > > Yeah, it's called freedom. > > > > > > > >> > >> On Thu, Jan 1, 2015 at 6:02 PM, Steve Furlong > >> wrote: > >> > >>> On Wed, Dec 31, 2014 at 9:20 AM, Cari Machet > >>> wrote: > >>>> also seth it appears that dark web is 80 % estimated to be used > >>>> for > >>> child porn > >>> > >>> If I read the report correctly (and the report reported the > >>> findings correctly), the estimate was that 83% of dark web > >>> searches related to child porn. That's plausible, I suppose, > >>> though I'm certainly not taking it at face value. If I wanted to > >>> buy drugs, I already know the marketplaces to go to and don't > >>> need to search for them. > >>> > >>> Anyway, I just did my part to keep the kidzor pr0n searches up. I > >>> typed "lolita", "loli", or "loil" into a handful of onion search > >>> engines. (That last one was a typo, but the engine took it well > >>> enough.) > >>> > >>> -- > >>> Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209 > >>> > >> > >> > >> > > From grarpamp at gmail.com Fri Jan 2 14:50:10 2015 From: grarpamp at gmail.com (grarpamp) Date: Fri, 2 Jan 2015 17:50:10 -0500 Subject: [Cryptography] New Encryption Standard of the Russian Federation GOST Grasshopper In-Reply-To: <54A6E5F2.9090506@iang.org> References: <54A6E5F2.9090506@iang.org> Message-ID: On Fri, Jan 2, 2015 at 1:39 PM, ianG wrote: > On 2/01/2015 11:37 am, Eric Filiol wrote: >> The Russian Federation has recently published (in Russian only) the >> tchnical description of its new Encryption Standard. >> I have translated the document into English and implemented this >> algorithm in C (under GPLv3). >> http://cvo-lab.blogspot.fr/2015/01/the-new-gost-standard-from-russian.html > > *Interesting* and it would be very interesting to hear what the real > cryptographers think of the Russian cryptographer's invention! Good work! So there are no real Russian cryptos? Umm. > fair and open competition) did the net voluntarily swing to AES. The competition was part of the swing, so was govt's saying AES(256) was good for TOP SECRET (not that they use it over their own suites), so was it's speed/hardware/simplicity. > What do people say? Should GOST be supported in SSL? Is there any merit in > the "national government mandates" argument? There are govt laws for what the govt itself will only use. (Are you going to not sell to and profit from that govt?) There are govt laws for what the populace will only use. (Are you going to jail for breaking that ban, or will you bow?) There are paths between all the laws for what obediant users can use. And rebels will use whatever they want. If you personally use crap ciphers, that's your own problem. If you support (absent force of law) crap ciphers, or more than the best few in each class such that community has no time to properly analyze them all, that's a community problem. If you don't resist crap law, crap ciphers, or the spawning of endless new ciphers of the month just because, that's a community problem. From cathalgarvey at cathalgarvey.me Fri Jan 2 09:53:38 2015 From: cathalgarvey at cathalgarvey.me (Cathal (Phone)) Date: Fri, 02 Jan 2015 17:53:38 +0000 Subject: [cryptography] NSA Attacks on VPN, SSL, TLS, SSH, Tor In-Reply-To: References: <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org> <54A10A7C.20106@cathalgarvey.me> <54a590c2.11158c0a.71ab.0e75@mx.google.com> <54A65790.5020607@cathalgarvey.me> <54A691B2.5070605@riseup.net> Message-ID: <1BA9D52F-75CB-479F-8EEB-6198C71D0C05@cathalgarvey.me> It is of course well understood, these days, that paedophilia is exclusively the domain of white men. On 2 January 2015 17:37:33 GMT+00:00, Cari Machet wrote: >that is a seriously narrow scope of a side topic - considering we were >talking specifically about kiddie porn watching ... by old white fat >men >basically > >On Fri, Jan 2, 2015 at 1:40 PM, Mirimir wrote: > >> On 01/02/2015 01:32 AM, Cathal Garvey wrote: >> > Cool, the "we should be free to rape children" brand of >libertarianism. >> > I'd entirely forgotten to add you to my devnull when I switched >> > hardware, thx. >> >> No, it's the "children should be free to decide when they're ready to >> have sex, in consultation with their parents and/or guardians" brand >of >> libertarianism. In my experience, young men fuck literally anything >that >> let's them, while young women have far better sense. But maybe that >> reflects my patriarchic childhood. >> >> > On 01/01/15 18:26, Juan wrote: >> >> On Thu, 1 Jan 2015 18:45:48 +0100 >> >> Cari Machet wrote: >> >> >> >>> good point - so, the US government is interested in supporting >> >>> (through practice) the society doing drugs and watching kiddie >porn >> >>> sounds accurate to me - keep the populous stupid and fucked up >then >> >>> you are left to your own devices to do whatever the fuck you want >- >> >>> perfect plan... >> >> >> >> You seem to be missing the poing...Legislation against >> >> 'drugs' and so called 'age of consent' 'laws' are prime >> >> examples of statism. >> >> >> >> >> >> "you are left to your own devices to do whatever the fuck you >> >> want" >> >> >> >> Yeah, it's called freedom. >> >> >> >> >> >> >> >>> >> >>> On Thu, Jan 1, 2015 at 6:02 PM, Steve Furlong > >> >>> wrote: >> >>> >> >>>> On Wed, Dec 31, 2014 at 9:20 AM, Cari Machet > >> >>>> wrote: >> >>>>> also seth it appears that dark web is 80 % estimated to be used >> >>>>> for >> >>>> child porn >> >>>> >> >>>> If I read the report correctly (and the report reported the >findings >> >>>> correctly), the estimate was that 83% of dark web searches >related >> >>>> to child porn. That's plausible, I suppose, though I'm certainly >> >>>> not taking it at face value. If I wanted to buy drugs, I already >> >>>> know the marketplaces to go to and don't need to search for >them. >> >>>> >> >>>> Anyway, I just did my part to keep the kidzor pr0n searches up. >I >> >>>> typed "lolita", "loli", or "loil" into a handful of onion search >> >>>> engines. (That last one was a typo, but the engine took it well >> >>>> enough.) >> >>>> >> >>>> -- >> >>>> Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209 >> >>>> >> >>> >> >>> >> >>> >> >> >> > >> > > > >-- >Cari Machet >NYC 646-436-7795 >carimachet at gmail.com >AIM carismachet >Syria +963-099 277 3243 >Amman +962 077 636 9407 >Berlin +49 152 11779219 >Reykjavik +354 894 8650 >Twitter: @carimachet > >7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187 > >Ruh-roh, this is now necessary: This email is intended only for the >addressee(s) and may contain confidential information. If you are not >the >intended recipient, you are hereby notified that any use of this >information, dissemination, distribution, or copying of this email >without >permission is strictly prohibited. -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4419 bytes Desc: not available URL: From grarpamp at gmail.com Fri Jan 2 15:31:12 2015 From: grarpamp at gmail.com (grarpamp) Date: Fri, 2 Jan 2015 18:31:12 -0500 Subject: TrueCrypt, GostCrypt, *Crypt - status? Message-ID: After TrueCrypt, many tens of proposed continuations, and even brand new competing projects appeared, such as: https://www.gostcrypt.org/ Have any of those many projects gained following, review, support, opensource license, and ongoing development work such that they can now be considered the in fact TrueCrypt successor / new independant solution? From carimachet at gmail.com Fri Jan 2 09:37:33 2015 From: carimachet at gmail.com (Cari Machet) Date: Fri, 2 Jan 2015 18:37:33 +0100 Subject: [cryptography] NSA Attacks on VPN, SSL, TLS, SSH, Tor In-Reply-To: <54A691B2.5070605@riseup.net> References: <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org> <54A10A7C.20106@cathalgarvey.me> <54a590c2.11158c0a.71ab.0e75@mx.google.com> <54A65790.5020607@cathalgarvey.me> <54A691B2.5070605@riseup.net> Message-ID: that is a seriously narrow scope of a side topic - considering we were talking specifically about kiddie porn watching ... by old white fat men basically On Fri, Jan 2, 2015 at 1:40 PM, Mirimir wrote: > On 01/02/2015 01:32 AM, Cathal Garvey wrote: > > Cool, the "we should be free to rape children" brand of libertarianism. > > I'd entirely forgotten to add you to my devnull when I switched > > hardware, thx. > > No, it's the "children should be free to decide when they're ready to > have sex, in consultation with their parents and/or guardians" brand of > libertarianism. In my experience, young men fuck literally anything that > let's them, while young women have far better sense. But maybe that > reflects my patriarchic childhood. > > > On 01/01/15 18:26, Juan wrote: > >> On Thu, 1 Jan 2015 18:45:48 +0100 > >> Cari Machet wrote: > >> > >>> good point - so, the US government is interested in supporting > >>> (through practice) the society doing drugs and watching kiddie porn > >>> sounds accurate to me - keep the populous stupid and fucked up then > >>> you are left to your own devices to do whatever the fuck you want - > >>> perfect plan... > >> > >> You seem to be missing the poing...Legislation against > >> 'drugs' and so called 'age of consent' 'laws' are prime > >> examples of statism. > >> > >> > >> "you are left to your own devices to do whatever the fuck you > >> want" > >> > >> Yeah, it's called freedom. > >> > >> > >> > >>> > >>> On Thu, Jan 1, 2015 at 6:02 PM, Steve Furlong > >>> wrote: > >>> > >>>> On Wed, Dec 31, 2014 at 9:20 AM, Cari Machet > >>>> wrote: > >>>>> also seth it appears that dark web is 80 % estimated to be used > >>>>> for > >>>> child porn > >>>> > >>>> If I read the report correctly (and the report reported the findings > >>>> correctly), the estimate was that 83% of dark web searches related > >>>> to child porn. That's plausible, I suppose, though I'm certainly > >>>> not taking it at face value. If I wanted to buy drugs, I already > >>>> know the marketplaces to go to and don't need to search for them. > >>>> > >>>> Anyway, I just did my part to keep the kidzor pr0n searches up. I > >>>> typed "lolita", "loli", or "loil" into a handful of onion search > >>>> engines. (That last one was a typo, but the engine took it well > >>>> enough.) > >>>> > >>>> -- > >>>> Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209 > >>>> > >>> > >>> > >>> > >> > > > -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Reykjavik +354 894 8650 Twitter: @carimachet 7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187 Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4646 bytes Desc: not available URL: From cathalgarvey at cathalgarvey.me Fri Jan 2 10:43:41 2015 From: cathalgarvey at cathalgarvey.me (Cathal (Phone)) Date: Fri, 02 Jan 2015 18:43:41 +0000 Subject: [cryptography] NSA Attacks on VPN, SSL, TLS, SSH, Tor In-Reply-To: References: <54A10A7C.20106@cathalgarvey.me> <54a590c2.11158c0a.71ab.0e75@mx.google.com> <54A65790.5020607@cathalgarvey.me> <54A691B2.5070605@riseup.net> <1BA9D52F-75CB-479F-8EEB-6198C71D0C05@cathalgarvey.me> Message-ID: <96FF15D2-2A11-4796-B6C2-2DCB7FF06529@cathalgarvey.me> ... On 2 January 2015 17:59:48 GMT+00:00, Cari Machet wrote: >hence the liberatarian protectionism of old fat white men doing >anything >they fucking want to whoever the fuck they want no matter what ... THEY >ARE >WHITE MEN SO... its like a syndicate - WHITE MEN UNITE !!!! KILL >EVERYONES >SOUL!!!! BECAUSE LIBERATARIANISM!!! > >On Fri, Jan 2, 2015 at 6:53 PM, Cathal (Phone) >> wrote: > >> It is of course well understood, these days, that paedophilia is >> exclusively the domain of white men. >> >> >> On 2 January 2015 17:37:33 GMT+00:00, Cari Machet > >> wrote: >>> >>> that is a seriously narrow scope of a side topic - considering we >were >>> talking specifically about kiddie porn watching ... by old white fat >men >>> basically >>> >>> On Fri, Jan 2, 2015 at 1:40 PM, Mirimir wrote: >>> >>>> On 01/02/2015 01:32 AM, Cathal Garvey wrote: >>>> > Cool, the "we should be free to rape children" brand of >libertarianism. >>>> > I'd entirely forgotten to add you to my devnull when I switched >>>> > hardware, thx. >>>> >>>> No, it's the "children should be free to decide when they're ready >to >>>> have sex, in consultation with their parents and/or guardians" >brand of >>>> libertarianism. In my experience, young men fuck literally anything >that >>>> let's them, while young women have far better sense. But maybe that >>>> reflects my patriarchic childhood. >>>> >>>> > On 01/01/15 18:26, Juan wrote: >>>> >> On Thu, 1 Jan 2015 18:45:48 +0100 >>>> >> Cari Machet wrote: >>>> >> >>>> >>> good point - so, the US government is interested in supporting >>>> >>> (through practice) the society doing drugs and watching kiddie >porn >>>> >>> sounds accurate to me - keep the populous stupid and fucked up >then >>>> >>> you are left to your own devices to do whatever the fuck you >want - >>>> >>> perfect plan... >>>> >> >>>> >> You seem to be missing the poing...Legislation against >>>> >> 'drugs' and so called 'age of consent' 'laws' are prime >>>> >> examples of statism. >>>> >> >>>> >> >>>> >> "you are left to your own devices to do whatever the fuck >you >>>> >> want" >>>> >> >>>> >> Yeah, it's called freedom. >>>> >> >>>> >> >>>> >> >>>> >>> >>>> >>> On Thu, Jan 1, 2015 at 6:02 PM, Steve Furlong < >>>> demonfighter at gmail.com> >>>> >>> wrote: >>>> >>> >>>> >>>> On Wed, Dec 31, 2014 at 9:20 AM, Cari Machet > >>>> >>>> wrote: >>>> >>>>> also seth it appears that dark web is 80 % estimated to be >used >>>> >>>>> for >>>> >>>> child porn >>>> >>>> >>>> >>>> If I read the report correctly (and the report reported the >findings >>>> >>>> correctly), the estimate was that 83% of dark web searches >related >>>> >>>> to child porn. That's plausible, I suppose, though I'm >certainly >>>> >>>> not taking it at face value. If I wanted to buy drugs, I >already >>>> >>>> know the marketplaces to go to and don't need to search for >them. >>>> >>>> >>>> >>>> Anyway, I just did my part to keep the kidzor pr0n searches >up. I >>>> >>>> typed "lolita", "loli", or "loil" into a handful of onion >search >>>> >>>> engines. (That last one was a typo, but the engine took it >well >>>> >>>> enough.) >>>> >>>> >>>> >>>> -- >>>> >>>> Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209 >>>> >>>> >>>> >>> >>>> >>> >>>> >>> >>>> >> >>>> > >>>> >>> >>> >>> >> -- >> Sent from my Android device with K-9 Mail. Please excuse my brevity. >> > > > >-- >Cari Machet >NYC 646-436-7795 >carimachet at gmail.com >AIM carismachet >Syria +963-099 277 3243 >Amman +962 077 636 9407 >Berlin +49 152 11779219 >Reykjavik +354 894 8650 >Twitter: @carimachet > >7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187 > >Ruh-roh, this is now necessary: This email is intended only for the >addressee(s) and may contain confidential information. If you are not >the >intended recipient, you are hereby notified that any use of this >information, dissemination, distribution, or copying of this email >without >permission is strictly prohibited. -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 6497 bytes Desc: not available URL: From carimachet at gmail.com Fri Jan 2 09:59:48 2015 From: carimachet at gmail.com (Cari Machet) Date: Fri, 2 Jan 2015 18:59:48 +0100 Subject: [cryptography] NSA Attacks on VPN, SSL, TLS, SSH, Tor In-Reply-To: <1BA9D52F-75CB-479F-8EEB-6198C71D0C05@cathalgarvey.me> References: <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org> <54A10A7C.20106@cathalgarvey.me> <54a590c2.11158c0a.71ab.0e75@mx.google.com> <54A65790.5020607@cathalgarvey.me> <54A691B2.5070605@riseup.net> <1BA9D52F-75CB-479F-8EEB-6198C71D0C05@cathalgarvey.me> Message-ID: hence the liberatarian protectionism of old fat white men doing anything they fucking want to whoever the fuck they want no matter what ... THEY ARE WHITE MEN SO... its like a syndicate - WHITE MEN UNITE !!!! KILL EVERYONES SOUL!!!! BECAUSE LIBERATARIANISM!!! On Fri, Jan 2, 2015 at 6:53 PM, Cathal (Phone) wrote: > It is of course well understood, these days, that paedophilia is > exclusively the domain of white men. > > > On 2 January 2015 17:37:33 GMT+00:00, Cari Machet > wrote: >> >> that is a seriously narrow scope of a side topic - considering we were >> talking specifically about kiddie porn watching ... by old white fat men >> basically >> >> On Fri, Jan 2, 2015 at 1:40 PM, Mirimir wrote: >> >>> On 01/02/2015 01:32 AM, Cathal Garvey wrote: >>> > Cool, the "we should be free to rape children" brand of libertarianism. >>> > I'd entirely forgotten to add you to my devnull when I switched >>> > hardware, thx. >>> >>> No, it's the "children should be free to decide when they're ready to >>> have sex, in consultation with their parents and/or guardians" brand of >>> libertarianism. In my experience, young men fuck literally anything that >>> let's them, while young women have far better sense. But maybe that >>> reflects my patriarchic childhood. >>> >>> > On 01/01/15 18:26, Juan wrote: >>> >> On Thu, 1 Jan 2015 18:45:48 +0100 >>> >> Cari Machet wrote: >>> >> >>> >>> good point - so, the US government is interested in supporting >>> >>> (through practice) the society doing drugs and watching kiddie porn >>> >>> sounds accurate to me - keep the populous stupid and fucked up then >>> >>> you are left to your own devices to do whatever the fuck you want - >>> >>> perfect plan... >>> >> >>> >> You seem to be missing the poing...Legislation against >>> >> 'drugs' and so called 'age of consent' 'laws' are prime >>> >> examples of statism. >>> >> >>> >> >>> >> "you are left to your own devices to do whatever the fuck you >>> >> want" >>> >> >>> >> Yeah, it's called freedom. >>> >> >>> >> >>> >> >>> >>> >>> >>> On Thu, Jan 1, 2015 at 6:02 PM, Steve Furlong < >>> demonfighter at gmail.com> >>> >>> wrote: >>> >>> >>> >>>> On Wed, Dec 31, 2014 at 9:20 AM, Cari Machet >>> >>>> wrote: >>> >>>>> also seth it appears that dark web is 80 % estimated to be used >>> >>>>> for >>> >>>> child porn >>> >>>> >>> >>>> If I read the report correctly (and the report reported the findings >>> >>>> correctly), the estimate was that 83% of dark web searches related >>> >>>> to child porn. That's plausible, I suppose, though I'm certainly >>> >>>> not taking it at face value. If I wanted to buy drugs, I already >>> >>>> know the marketplaces to go to and don't need to search for them. >>> >>>> >>> >>>> Anyway, I just did my part to keep the kidzor pr0n searches up. I >>> >>>> typed "lolita", "loli", or "loil" into a handful of onion search >>> >>>> engines. (That last one was a typo, but the engine took it well >>> >>>> enough.) >>> >>>> >>> >>>> -- >>> >>>> Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209 >>> >>>> >>> >>> >>> >>> >>> >>> >>> >> >>> > >>> >> >> >> > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity. > -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Reykjavik +354 894 8650 Twitter: @carimachet 7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187 Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5899 bytes Desc: not available URL: From griffin at cryptolab.net Fri Jan 2 20:02:17 2015 From: griffin at cryptolab.net (Griffin Boyce) Date: Fri, 02 Jan 2015 23:02:17 -0500 Subject: TrueCrypt, GostCrypt, *Crypt - =?UTF-8?Q?status=3F?= In-Reply-To: <54A754F2.1040208@riseup.net> References: <54A754F2.1040208@riseup.net> Message-ID: I hear good things about Zulucrypt, probably because it can also manage truecrypt volumes and devices. I've got truecrypt-encrypted drives that I use truecrypt for, so I'm also really curious to see what the best solution will be long-term. (Preferably awesome and usable and audited). ~Griffin On 2015-01-02 21:33, odinn wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > see the thing on cryptsetup discussed in part here: > > http://grugq.tumblr.com/post/60464139008/alternative-truecrypt-implementations > (this is a older post from just before mid-2014 I think) > > I had suggested cryptsetup actually to a few people. I still think it > is a good thing. > > > grarpamp: >> After TrueCrypt, many tens of proposed continuations, and even >> brand new competing projects appeared, such as: >> https://www.gostcrypt.org/ >> >> Have any of those many projects gained following, review, support, >> opensource license, and ongoing development work such that they can >> now be considered the in fact TrueCrypt successor / new independant >> solution? -- "The apparent safety of modern life is just a shallow skin atop an ocean of blood, guts and bricked devices." ~Pearce Delphin From odinn.cyberguerrilla at riseup.net Fri Jan 2 17:07:59 2015 From: odinn.cyberguerrilla at riseup.net (odinn) Date: Sat, 03 Jan 2015 01:07:59 +0000 Subject: [Cryptography] New Encryption Standard of the Russian Federation GOST Grasshopper In-Reply-To: References: <54A6E5F2.9090506@iang.org> Message-ID: <54A740EF.7050900@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Five things 1) Please publish suggested guid(es) here in Russian and English for how people should install and maintain Gnupg - gpg - seems like after many years that program is not getting the support it needs - so here is the fundraiser link again for it. (Look at all the payment methods!) https://www.wauland.de/en/donation.html#61 Some suggestions are in English here at only the most basic level and not dealing with any complexities, but I suggest people start talking about standards for how to reply to lists and forums as well as how to communicate amongst each other just one on one for example: https://securityinabox.org/thunderbird_main http://futureboy.us/pgp.html#GettingStarted http://www.g-loaded.eu/2010/11/01/change-expiration-date-gpg-key/ 2) I know someone here will say "off topic" but there is nothing off topic about having people address what needs to be addressed, like hopefully getting more people talking about the possibilities of learning different and better ways of strong (and hopefully easier to use) crypto. 2.a) if you don't like seeing it here please start new thread, which is probably a great idea. If questions about that, please see prior item, if that does not address the issue of OT, please see item 3 below. 3) You think this is off topic? see number 2.a above. 4) More back OT: People will use what they want to use no matter where they are in the world. There are Russians using Gnupg, but it would be not a good idea for me to say who I've observed does so. There are Russians examining this GOST thing. Russian Federation / Waasenaar arrangment (a stupid idea meant to appease people who think that gov't controls on cryptography actually have meaning or purpose) - - involves import, export, and use. Anyway, no matter what country you are in, do what you want, and take care that you are not harmed in the process, basically. And this gets back to my push for Gnupg - gpg. Using that to the best of one's ability and hopefully encouraging others to do so is going to be useful in terms of securing communications in 2015. Thank you and excuse the longish post. - -O grarpamp: > On Fri, Jan 2, 2015 at 1:39 PM, ianG wrote: >> On 2/01/2015 11:37 am, Eric Filiol wrote: >>> The Russian Federation has recently published (in Russian only) >>> the tchnical description of its new Encryption Standard. I have >>> translated the document into English and implemented this >>> algorithm in C (under GPLv3). >>> http://cvo-lab.blogspot.fr/2015/01/the-new-gost-standard-from-russian.html >> >> >>> *Interesting* and it would be very interesting to hear what the real >> cryptographers think of the Russian cryptographer's invention! >> Good work! > > So there are no real Russian cryptos? Umm. > >> fair and open competition) did the net voluntarily swing to AES. > > The competition was part of the swing, so was govt's saying > AES(256) was good for TOP SECRET (not that they use it over their > own suites), so was it's speed/hardware/simplicity. > >> What do people say? Should GOST be supported in SSL? Is there >> any merit in the "national government mandates" argument? > > There are govt laws for what the govt itself will only use. (Are > you going to not sell to and profit from that govt?) There are govt > laws for what the populace will only use. (Are you going to jail > for breaking that ban, or will you bow?) There are paths between > all the laws for what obediant users can use. And rebels will use > whatever they want. > > If you personally use crap ciphers, that's your own problem. If you > support (absent force of law) crap ciphers, or more than the best > few in each class such that community has no time to properly > analyze them all, that's a community problem. If you don't resist > crap law, crap ciphers, or the spawning of endless new ciphers of > the month just because, that's a community problem. > - -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJUp0DvAAoJEGxwq/inSG8CxxkIAKAqlg9WlIQIaz6f+IYmxGg7 HDYpH9ZJBEvi2xU5eCHAP9sFoBbDG7KrrLqG3T8cMH3CodpnxKFpoTM1aySNWN+j R6ljQ2G6Ugjl5cTGZwGTK+rQvYZoyhitX84MKd5wGCeAcQKpxYkxJANA+itRwMhQ kp+hB0AYBUdm0uAw36Z1pZx5iDhZvMGNJo3BZtNHK8UlENiK2bQwgaX10FKzYgpi npXFq7MJk9A2uQGh0zxAuc0jkFAGmxOn9QM5F1pO2ipTr7pE+CYA8WcLqkCpo6J9 Su8/xr41uuyDzE/jUndoWOZyhAuhyZ+SgGB2N0CDa9mJgCcqwQzl+0WVypFrddY= =x3GJ -----END PGP SIGNATURE----- From odinn.cyberguerrilla at riseup.net Fri Jan 2 18:33:22 2015 From: odinn.cyberguerrilla at riseup.net (odinn) Date: Sat, 03 Jan 2015 02:33:22 +0000 Subject: TrueCrypt, GostCrypt, *Crypt - status? In-Reply-To: References: Message-ID: <54A754F2.1040208@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 see the thing on cryptsetup discussed in part here: http://grugq.tumblr.com/post/60464139008/alternative-truecrypt-implementations (this is a older post from just before mid-2014 I think) I had suggested cryptsetup actually to a few people. I still think it is a good thing. Some discussion of this in May 2014 led to I think, led to some question about what to select? https://tails.boum.org/blueprint/replace_truecrypt/ (this is dated 21 July 2014) Anyway this seemed nice: https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions But what is in TAILS at the moment so far as the link to the LUKS and cryptsetup stuff that's being used, it's a little hard to see through to the links to find that exact code (where, what exactly to look for, for the average person / user who just wants to see it). It's probably something obvious I missed becasuse I'm tired. If you know exactly what to link to please drop it here. grarpamp: > After TrueCrypt, many tens of proposed continuations, and even > brand new competing projects appeared, such as: > https://www.gostcrypt.org/ > > Have any of those many projects gained following, review, support, > opensource license, and ongoing development work such that they can > now be considered the in fact TrueCrypt successor / new independant > solution? > - -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJUp1TyAAoJEGxwq/inSG8CwxAH/j5QjM7uVLhVfXiaUSlPD+i1 ajKaaTn/FN6oGX+e9xfpKqP8zpJcJM+XX8AYpL8cRI+vP3dM5qQXfPQGgJpuMR7g vhKmwgfZXCpWSPkMw0X/ORN+UhwHQYOuci3MvbjjhFIozBHg+wNXeyvIDIFpikg4 lBGi5V9CWosd5PXc0NZwEulBI0jwVcyM7GV7jd3A1weodqkhKgNkoj/toiaca0qu QgC1zr/7d9tQZZzsBF0hHdwnDaxX9p3IImvC7qo5HEnlRGuacr8PlW4iyeA9XhnY ZITlKm6K9wghSsRqMEQvfTIPml5iDdevziMO7a4MkwLfVVQYMOOOon8vjy+LdbQ= =NT72 -----END PGP SIGNATURE----- From skquinn at rushpost.com Sat Jan 3 02:18:58 2015 From: skquinn at rushpost.com (Shawn K. Quinn) Date: Sat, 03 Jan 2015 04:18:58 -0600 Subject: TrueCrypt, GostCrypt, *Crypt - status? In-Reply-To: References: Message-ID: <1420280338.8889.7.camel@klax> On Fri, 2015-01-02 at 18:31 -0500, grarpamp wrote: > After TrueCrypt, many tens of proposed continuations, > and even brand new competing projects appeared, such as: > https://www.gostcrypt.org/ > > Have any of those many projects gained following, review, > support, opensource license, and ongoing development > work such that they can now be considered the in fact > TrueCrypt successor / new independant solution? The thing that really irks me the most about TrueCrypt being withdrawn was that it was the only true multi-platform (GNU/Linux and Windows at least, was there a Mac OS X version?) full-disk encryption software available under a free software license. Every other full disk encryption solution out there is either proprietary, only available for one operating system, or both. To me, any true successor to TrueCrypt will be available under GPLv3 (not sure I like the idea of someone forking a BSD/MIT licensed clone and then not sharing the source, aka the "BSD/MIT Tuck And Run"), and for at least GNU/Linux and Windows (ideally Mac OS X as well). While I never really needed something like TrueCrypt while it was maintained, that doesn't mean I won't in the future, and I know there are others who need TrueCrypt (including multi-platform support). -- Shawn K. Quinn From coderman at gmail.com Sat Jan 3 04:42:59 2015 From: coderman at gmail.com (coderman) Date: Sat, 3 Jan 2015 04:42:59 -0800 Subject: full year 2014 corpus Message-ID: > ... > "This is a trap, witting and unwitting. > Do not use it or use at own risk. > Source and this host is out to pwon and phuck you in complicity > with global Internet authorities. > > Signed Batshit Cryptome and Host, > ^H^H^H^H Dec 2014 it is: 47G, 63504 files, sig attached. https://peertech.org/files/fy2014lst.txt hidden service distribution to begin soon. we'll be collecting and reporting on performance results obtained. e.g. https://bugs.torproject.org/8902 -------------- next part -------------- A non-text attachment was scrubbed... Name: fy2014lst.txt.sig Type: application/pgp-signature Size: 343 bytes Desc: not available URL: From blibbet at gmail.com Sat Jan 3 09:26:17 2015 From: blibbet at gmail.com (Blibbet) Date: Sat, 03 Jan 2015 09:26:17 -0800 Subject: TrueCrypt, GostCrypt, *Crypt - status? In-Reply-To: References: <54A754F2.1040208@riseup.net> Message-ID: <54A82639.9050104@gmail.com> > https://.codeplex.com/ > Not bad at all. Microsoft runs CodePlex.com, ...so don't trust any project binaries, only perhaps the project's sources. And it'll likely not last long term, so someone will eventually need to make a snapshot of the sources and put them on another FOSS hosting site, when Microsoft kills off CodePlex. So starting a mirror would be useful. From afalex169 at gmail.com Sat Jan 3 01:40:56 2015 From: afalex169 at gmail.com (=?UTF-8?B?INCQ0LvQtdC60YHQsNC90LTRgCA=?=) Date: Sat, 3 Jan 2015 11:40:56 +0200 Subject: TrueCrypt, GostCrypt, *Crypt - status? In-Reply-To: References: <54A754F2.1040208@riseup.net> Message-ID: https://veracrypt.codeplex.com/ Not bad at all. https://ciphershed.org/ On 15.12.2014 - pre-Alpha tested strted. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 231 bytes Desc: not available URL: From cathalgarvey at cathalgarvey.me Sat Jan 3 09:23:48 2015 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Sat, 03 Jan 2015 17:23:48 +0000 Subject: TrueCrypt, GostCrypt, *Crypt - status? In-Reply-To: <1420280338.8889.7.camel@klax> References: <1420280338.8889.7.camel@klax> Message-ID: <54A825A4.8010104@cathalgarvey.me> Truecrypt itself actually wasn't licensed under an OSI/FSF approved license, was it? I recall reading it had some strange clauses in there that they never elaborated upon that made it unsuitable for packaging. What are the critical truecrypt features people actually want, that made it special? Trivial symmetric file encryption? That could be hacked together pretty simply. Or something more esoteric? Deniable volumes? Detachable headers? Keyfiles? On 03/01/15 10:18, Shawn K. Quinn wrote: > On Fri, 2015-01-02 at 18:31 -0500, grarpamp wrote: >> After TrueCrypt, many tens of proposed continuations, >> and even brand new competing projects appeared, such as: >> https://www.gostcrypt.org/ >> >> Have any of those many projects gained following, review, >> support, opensource license, and ongoing development >> work such that they can now be considered the in fact >> TrueCrypt successor / new independant solution? > > The thing that really irks me the most about TrueCrypt being withdrawn > was that it was the only true multi-platform (GNU/Linux and Windows at > least, was there a Mac OS X version?) full-disk encryption software > available under a free software license. Every other full disk > encryption solution out there is either proprietary, only available for > one operating system, or both. > > To me, any true successor to TrueCrypt will be available under GPLv3 > (not sure I like the idea of someone forking a BSD/MIT licensed clone > and then not sharing the source, aka the "BSD/MIT Tuck And Run"), and > for at least GNU/Linux and Windows (ideally Mac OS X as well). While I > never really needed something like TrueCrypt while it was maintained, > that doesn't mean I won't in the future, and I know there are others who > need TrueCrypt (including multi-platform support). > From grarpamp at gmail.com Sat Jan 3 17:37:35 2015 From: grarpamp at gmail.com (grarpamp) Date: Sat, 3 Jan 2015 20:37:35 -0500 Subject: TrueCrypt, GostCrypt, *Crypt - status? In-Reply-To: <54A825A4.8010104@cathalgarvey.me> References: <1420280338.8889.7.camel@klax> <54A825A4.8010104@cathalgarvey.me> Message-ID: On Sat, Jan 3, 2015 at 12:23 PM, Cathal Garvey wrote: > What are the critical truecrypt features people actually want, that made it > special? Windows + third party + opensource + gui + full disk encryption. I doubt its volumes were portable like ZFS. You could Windows mount iSCSI/SMB/NFS from a VM of FreeBSD+GELI+ZFS. Please stop top posting. > On 03/01/15 10:18, Shawn K. Quinn wrote: >> To me, any true successor to TrueCrypt will be available under GPLv3 >> (not sure I like the idea of someone forking a BSD/MIT licensed clone >> and then not sharing the source, aka the "BSD/MIT Tuck And Run") This is a bogus argument. If you don't like that someone has copied it, closed it, and gone off and done their own thing with it... make your own copy and continue open development. BSD is about honoring freedom, not about ramming freedom down your throat under threat of suit. World of difference there. Make no mistake, the more freedom a license gives YOU, the more free it is. What you do with the freedoms you are given is up to you... if you choose to jerk people around, no one will care, they'll just ignore and route around you. Though not as free as BSD, take similar CDDL ZFS example... Sun opened it, FreeBSD ported it, Oracle closed it, open and free people ignored Oracle and eventually congregated at open-zfs.org. Both Oracle and open-zfs won. If it were GPL only open-zfs would have. That's not very free. From grarpamp at gmail.com Sat Jan 3 17:49:09 2015 From: grarpamp at gmail.com (grarpamp) Date: Sat, 3 Jan 2015 20:49:09 -0500 Subject: TrueCrypt, GostCrypt, *Crypt - status? In-Reply-To: References: <1420280338.8889.7.camel@klax> <54A825A4.8010104@cathalgarvey.me> Message-ID: On Sat, Jan 3, 2015 at 8:37 PM, grarpamp wrote: > On Sat, Jan 3, 2015 at 12:23 PM, Cathal Garvey >> What are the critical truecrypt features people actually want, that made it >> special? > > Windows + third party + opensource + gui + full disk encryption. That being the minimal basics on that platform. > Trivial symmetric file encryption? ... Deniable volumes? Detachable headers? Keyfiles? Icing in conjunction with basic above. Maybe it'll be a few more years before a post truecrypt Windows solution settles out and is widely adopted and recommended. From cyberkiller8 at gmail.com Sun Jan 4 01:13:23 2015 From: cyberkiller8 at gmail.com (=?UTF-8?B?xYF1a2FzeiAnQ3liZXIgS2lsbGVyJyBLb3JwYWxza2k=?=) Date: Sun, 04 Jan 2015 10:13:23 +0100 Subject: TrueCrypt, GostCrypt, *Crypt - status? In-Reply-To: References: <1420280338.8889.7.camel@klax> <54A825A4.8010104@cathalgarvey.me> Message-ID: <54A90433.3040606@gmail.com> W dniu 04.01.2015 o 02:49, grarpamp pisze: > On Sat, Jan 3, 2015 at 8:37 PM, grarpamp wrote: >> On Sat, Jan 3, 2015 at 12:23 PM, Cathal Garvey >>> What are the critical truecrypt features people actually want, that made it >>> special? >> >> Windows + third party + opensource + gui + full disk encryption. > > That being the minimal basics on that platform. > >> Trivial symmetric file encryption? ... Deniable volumes? Detachable headers? Keyfiles? > > Icing in conjunction with basic above. > I'd say the killer feature was that it was trustworthy and it had an easy way of backing up the volume header with the key and password. Use case: in a company an employee forgets their password or something messes up the volume header, comes to the IT dept for help and they can easily restore that. So basically saying it was pretty disaster-proof, at least for typical cases (because people never fuc**** make backups, especially the company vips). -- Łukasz "Cyber Killer" Korpalski mail: cyberkiller8 at gmail.com xmpp: cyber_killer at jabster.pl site: http://website.cybkil.cu.cc gpgkey: 0x72511999 @ hkp://keys.gnupg.net //When replying to my e-mail, kindly please //write your message below the quoted text. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: From cathalgarvey at cathalgarvey.me Sun Jan 4 02:52:55 2015 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Sun, 04 Jan 2015 10:52:55 +0000 Subject: TrueCrypt, GostCrypt, *Crypt - status? In-Reply-To: References: <1420280338.8889.7.camel@klax> <54A825A4.8010104@cathalgarvey.me> Message-ID: <54A91B87.8020603@cathalgarvey.me> > Please stop top posting. When replies are excessive, I will trim them. When a particular snippet of quoted text is immediately relevant (as above) I will top-quote. However, sorry, but I'll continue emailing as I always have done; if I come from a different internet culture to you, and if top-posting is anathema to you but not I, that's just a difference we'll have to reconcile to stay high-signal and on-topic. However, in the spirit of 2015, which will consist mostly of code-golf and optimism, here's a Python one-liner in the most brutalist sense that will solve your problem, at least for the "offending" email to which you were replying. It may be broken across lines by my or your email client or an ignorant intermediary; filter newlines to resolve. Sorry it's so verbose, inlining those imports might help, but by now I'm bored. (lambda P=__import__('email',fromlist=['parser']).parser.Parser(),A=__import__('sys').argv,Re=__import__('re'):(lambda E=P.parse(open(A[1])),B=P.parse(open(A[1])).get_payload(),R=Re.compile('On.+?wrote:(?=\n>[^>])'),O=open(A[2],'w'):(E.is_multipart()and str(E))or(O.write('\n'.join([': '.join(i)for i in E.items()]+['']+[R.search(B).group()if R.search(B)else ""]+[L for L in B.splitlines()if Re.match('>[^>]',L)]+['']+[L for L in B.splitlines()if(not L)or(not Re.match('(>|On.+?wrote:)',L))])+"\n")))())() On 04/01/15 01:37, grarpamp wrote: > Windows + third party + opensource + gui + full disk encryption. > I doubt its volumes were portable like ZFS. You could Windows > mount iSCSI/SMB/NFS from a VM of FreeBSD+GELI+ZFS. > > Please stop top posting. From rysiek at hackerspace.pl Sun Jan 4 03:30:52 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 04 Jan 2015 12:30:52 +0100 Subject: TrueCrypt, GostCrypt, *Crypt - status? In-Reply-To: <54A82639.9050104@gmail.com> References: <54A82639.9050104@gmail.com> Message-ID: <9628759.BC7S4tvaQR@lapuntu> Dnia sobota, 3 stycznia 2015 09:26:17 Blibbet pisze: > > https://.codeplex.com/ > > Not bad at all. > > Microsoft runs CodePlex.com, ...so don't trust any project binaries, > only perhaps the project's sources. > > And it'll likely not last long term, so someone will eventually need to > make a snapshot of the sources and put them on another FOSS hosting > site, when Microsoft kills off CodePlex. So starting a mirror would be > useful. Also, take note of licensing there, Microsot pushes the Ms-PL hard for CodePlex projects: https://en.wikipedia.org/wiki/Shared_source#Microsoft_Public_License_.28Ms-PL.29 Guess what? Ms-PL is not compatible with GPL. Of course. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Sun Jan 4 04:00:37 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 04 Jan 2015 13:00:37 +0100 Subject: Good ol' BSD vs. GPL (was: Re: TrueCrypt, GostCrypt, *Crypt - status?) In-Reply-To: References: <54A825A4.8010104@cathalgarvey.me> Message-ID: <2657116.6mg9LyzkaY@lapuntu> Dnia sobota, 3 stycznia 2015 20:37:35 grarpamp pisze: > > On 03/01/15 10:18, Shawn K. Quinn wrote: > >> To me, any true successor to TrueCrypt will be available under GPLv3 > >> (not sure I like the idea of someone forking a BSD/MIT licensed clone > >> and then not sharing the source, aka the "BSD/MIT Tuck And Run") > > This is a bogus argument. If you don't like that someone has copied it, > closed it, and gone off and done their own thing with it... make your > own copy and continue open development. BSD is about honoring > freedom, not about ramming freedom down your throat under threat > of suit. World of difference there. Make no mistake, the more freedom > a license gives YOU, the more free it is. What you do with the freedoms > you are given is up to you... if you choose to jerk people around, no one > will care, they'll just ignore and route around you. The good old BSD vs. GPL, eh? The problem with this simplified view is that there are a number of good reasons for copyleft clauses, and many of them were verified during Heartbleed, for instance. Apparently Facebook used a modified OpenSSL version that was accidentally not vulnerable. Had OpenSSL been licensed under a copyleft license, maybe we wouldn't have Heartbleed at all. Another reason is a bit broader. In the digital world selling *products* (think: Windows licenses) simply does not work -- the basic operation here is *copying*, trying to make copying hard is not really that smart, is it. We all know how well DRM schemes work, right? The answer here is to move towards selling *services* -- something that is not easily copy-able. Services like support, deployment, etc. But I guess we all know that already, don't we? So why exactly does anybody here feel the need to retain the right to close their (or anybody else's, for that matter) software? That doesn't seem like it's required for selling services based on a given software, moreover -- getting it out on a strong copyleft license (like GPLv3 or AGPL) makes it *harder* for large corporations to close that work and out-sell it, and at the same time makes it easier to get all the patches/fixes/etc other people made in particular software. I see huge practical and economical benefits from using copyleft licenses, and the only argument *against* them is -- as far as I can see -- the "MUH FREEDUMS" aka "I might want to close-off some of my (or somebody else's) work". I actually feel copyleft licenses give me *more* freedom: I am at least sure nobody can close-off any version of a given (including: mine) program from me. I have no problem with people advocating BSD/MIT-style licenses as long as we can have a civil discussion about it. This: > BSD is about honoring freedom, not about ramming freedom down your throat > under threat of suit. ...is not exactly what I am talking about here. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From afalex169 at gmail.com Sun Jan 4 03:54:19 2015 From: afalex169 at gmail.com (=?UTF-8?B?INCQ0LvQtdC60YHQsNC90LTRgCA=?=) Date: Sun, 4 Jan 2015 13:54:19 +0200 Subject: TrueCrypt, GostCrypt, *Crypt - status? In-Reply-To: <9628759.BC7S4tvaQR@lapuntu> References: <54A82639.9050104@gmail.com> <9628759.BC7S4tvaQR@lapuntu> Message-ID: > > Microsoft runs CodePlex.com, ...so don't trust any project binaries, > only perhaps the project's sources. > > Also, take note of licensing there. > Guess what? Ms-PL is not compatible with GPL. Of course. > Oh, didnt pay attention to that one. Thank you, rysiek. So lets watch the CipherShed team (https://ciphershed.org/) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 545 bytes Desc: not available URL: From guninski at guninski.com Sun Jan 4 07:29:01 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sun, 4 Jan 2015 17:29:01 +0200 Subject: John Gilmore: Cryptography list is censoring my emails In-Reply-To: References: Message-ID: <20150104152901.GC2498@sivokote.iziade.m$> On Wed, Dec 31, 2014 at 07:16:04AM -0500, John Young wrote: > http://cryptome.org/2014/12/gilmore-crypto-censored.htm Didn't follow all details, but the same happened to me on Fyodor's full disclosure last time I checked several? months ago. If you ask me, admins like these deserve to lose their backup (if any) say due to cosmic rays. -- cheers From grarpamp at gmail.com Sun Jan 4 17:02:12 2015 From: grarpamp at gmail.com (grarpamp) Date: Sun, 4 Jan 2015 20:02:12 -0500 Subject: Good ol' BSD vs. GPL (was: Re: TrueCrypt, GostCrypt, *Crypt - status?) In-Reply-To: <2657116.6mg9LyzkaY@lapuntu> References: <54A825A4.8010104@cathalgarvey.me> <2657116.6mg9LyzkaY@lapuntu> Message-ID: On Sun, Jan 4, 2015 at 7:00 AM, rysiek wrote: > Apparently Facebook used a modified OpenSSL version that was accidentally not > vulnerable. Had OpenSSL been licensed under a copyleft license, maybe we > wouldn't have Heartbleed at all. No. GPL does not require redistribution of mods used privately, only if redistribution occurs are such mods required to be redistributed. Facebook chose not to redistribute, therefore GPL would have made no difference because it would not trigger. > makes it easier to get all the patches/fixes/etc other people made No, not unless redistribution triggers. All these giant companies modifying GPL code to their internal purposes, not so many @bigcorp.com's present on the mailing lists. > In the digital world selling *products* (think: Windows licenses) > simply does not work Yeah, apparently not... https://www.google.com/finance/related?q=MSFT https://www.google.com/finance/related?q=FOX Restrictions on piracy are what does not work. Neither GPL or any other license apply in that realm. > The answer here is to move towards selling *services* No, people are free to choose their careers. > [GPL] makes it *harder* for large corporations to close that work > and out-sell it Both GPL and BSD can dual license and make millions as their own corporations. > So why exactly does anybody here feel the need to retain the right to close > their [own software] People are free to choose that for their own software. It's "all rights reserved", an inalienable moral right. Berne says so... http://en.wikipedia.org/wiki/Berne_Convention https://lists.debian.org/debian-legal/2007/06/msg00252.html > (or [close] anybody else's, for that matter) software? No, that is not what happens with BSD. You cannot close the authors own rights, or replace their license with your own, it's "all rights reserved". You can only close your copy of the BSD work the author gave you. http://lucumr.pocoo.org/2009/2/12/are-you-sure-you-want-to-use-gpl/ Tomorrow, Linus/Stallman could, via Berne, slap a Microsoft style license on all their own work contributions they ever subsequently released to Linux/GNU under the GPL and seed their own companies with it and be under no obligation to ever let you see it or any future mods they make to it. You, having already received an earlier GPL copy, can keep on with that. "copyleft" GPL is, in fact, a restriction of freedom. "permissive" BSD is, in fact, a granting of freedom. There can be no argument there. NetBSD says... "We don't think it's right to require people who add to our work and want to distribute the results (for profit or otherwise) to give away the source to their additions; they made the additions, and they should be free to do with them as they wish." http://en.wikipedia.org/wiki/Permissive_free_software_licence http://en.wikipedia.org/wiki/BSD_licenses http://www.openbsd.org/policy.html http://www.netbsd.org/about/redistribution.html#why-berkeley https://www.freebsd.org/doc/en/articles/committers-guide/article.html#pref-license http://en.wikipedia.org/wiki/WTFPL http://en.wikipedia.org/wiki/Public_domain http://en.wikipedia.org/wiki/University_of_Illinois/NCSA_Open_Source_License The BSD is about freedom. If someone copies BSD work and closes it, griping happens, yet the BSD community doesn't really care because they granted and expected that beforehand, and they keep on developing openly. That honoring and/or supporting of free choice is their ethos. Turns out, after getting out from under the AT&T issues, and doing lots of cleanroom work (eg: LLVM/CLANG, adoption of BSD utils over GPL), and enforcing what work they will accept, they're getting that returned to them more and more and won't be disappearing anytime soon... https://www.freebsdfoundation.org/ http://www.openbsdfoundation.org/ http://www.netbsd.org/foundation/ > economical benefits BSD folks also enjoy making BSD products and working for BSD companies that GPL folks like to falsely claim "stole" BSD licensed software. http://en.wikipedia.org/wiki/List_of_products_based_on_FreeBSD https://www.freebsd.org/commercial/commercial.html http://www.netbsd.org/gallery/products.html http://www.openbsd.org/products.html Not being able to sell software because it's been forced open largely wipes out an entire economic sector. > I see [...] benefits from [GPL ...] ... so do perhaps communists/communals and say religious believers. In a way, GPL folks could be seen as a bit afraid, lacking independance or confidence, so as action in commons, (or even if not seen that way but instead only on a mission to push and test new social paradigm). they slap on the GPL to chain others to their belief under threat. That doesn't seem very free. > This: ["MUH FREEDUMS" ...] >> BSD is about honoring freedom, not about ramming freedom down your throat >> under threat of suit. ... is the boiled down distinction between BSD and GPL. GPL is pushing something on you once you touch it, BSD lets you choose freely as suits you best, including from among the social paradigm GPL is pushing. Laws do not prevent people from doing bad things, neither do people need licensed to do good things. From cathalgarvey at cathalgarvey.me Sun Jan 4 13:11:06 2015 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Sun, 04 Jan 2015 21:11:06 +0000 Subject: Good ol' BSD vs. GPL In-Reply-To: <2657116.6mg9LyzkaY@lapuntu> References: <54A825A4.8010104@cathalgarvey.me> <2657116.6mg9LyzkaY@lapuntu> Message-ID: <54A9AC6A.8040502@cathalgarvey.me> > The problem with this simplified view is that there are a number of > good reasons for copyleft clauses, and many of them were verified > during Heartbleed, for instance. Earlier, in fact. The phrase "tragedy of the commons" derives from nobel-prize-winning research that found that unregulated commons more often than not are abused to the point of collapse. It's hard to see how this can happen to a source-code commons, but only as far as you see the "commons" in source code being the code itself, rather than the free labour it represents on the part of well-meaning programmers. By propping up proprietary shitware with your lovingly crafted code, you are undermining not only yourself, but the others out there lovingly crafting and then freeing their code. Of course, the shitware doesn't develop as quickly as the "real" curated stuff, so we see Linux thriving in so many ways technically versus Windows and Mac..but then, the lack of protections against theft of the commons is the reason Mac is doing so well in the first place. Where'd they get that Kernel again? Hmm. On 04/01/15 12:00, rysiek wrote: > Dnia sobota, 3 stycznia 2015 20:37:35 grarpamp pisze: >>> On 03/01/15 10:18, Shawn K. Quinn wrote: >>>> To me, any true successor to TrueCrypt will be available under GPLv3 >>>> (not sure I like the idea of someone forking a BSD/MIT licensed clone >>>> and then not sharing the source, aka the "BSD/MIT Tuck And Run") >> >> This is a bogus argument. If you don't like that someone has copied it, >> closed it, and gone off and done their own thing with it... make your >> own copy and continue open development. BSD is about honoring >> freedom, not about ramming freedom down your throat under threat >> of suit. World of difference there. Make no mistake, the more freedom >> a license gives YOU, the more free it is. What you do with the freedoms >> you are given is up to you... if you choose to jerk people around, no one >> will care, they'll just ignore and route around you. > > The good old BSD vs. GPL, eh? > > The problem with this simplified view is that there are a number of good > reasons for copyleft clauses, and many of them were verified during > Heartbleed, for instance. > > Apparently Facebook used a modified OpenSSL version that was accidentally not > vulnerable. Had OpenSSL been licensed under a copyleft license, maybe we > wouldn't have Heartbleed at all. > > Another reason is a bit broader. In the digital world selling *products* > (think: Windows licenses) simply does not work -- the basic operation here is > *copying*, trying to make copying hard is not really that smart, is it. We all > know how well DRM schemes work, right? > > The answer here is to move towards selling *services* -- something that is not > easily copy-able. Services like support, deployment, etc. But I guess we all > know that already, don't we? > > So why exactly does anybody here feel the need to retain the right to close > their (or anybody else's, for that matter) software? That doesn't seem like > it's required for selling services based on a given software, moreover -- > getting it out on a strong copyleft license (like GPLv3 or AGPL) makes it > *harder* for large corporations to close that work and out-sell it, and at the > same time makes it easier to get all the patches/fixes/etc other people made > in particular software. > > I see huge practical and economical benefits from using copyleft licenses, and > the only argument *against* them is -- as far as I can see -- the "MUH > FREEDUMS" aka "I might want to close-off some of my (or somebody else's) > work". > > I actually feel copyleft licenses give me *more* freedom: I am at least sure > nobody can close-off any version of a given (including: mine) program from me. > > > > I have no problem with people advocating BSD/MIT-style licenses as long as we > can have a civil discussion about it. > > This: >> BSD is about honoring freedom, not about ramming freedom down your throat >> under threat of suit. > > ...is not exactly what I am talking about here. > From rob at robmyers.org Sun Jan 4 21:35:33 2015 From: rob at robmyers.org (Rob Myers) Date: Sun, 04 Jan 2015 21:35:33 -0800 Subject: Good ol' BSD vs. GPL In-Reply-To: References: <54A825A4.8010104@cathalgarvey.me> <2657116.6mg9LyzkaY@lapuntu> Message-ID: <54AA22A5.4060306@robmyers.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/01/15 05:02 PM, grarpamp wrote: > > "copyleft" GPL is, in fact, a restriction of freedom. "permissive" > BSD is, in fact, a granting of freedom. There can be no argument > there. There can. Both restore rights that copyright otherwise restricts. The GPL ensures that you are free to use the software even if you receive it from a third party. BSD doesn't do that. Therefore BSD "grants" less freedom than the GPL. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUqiKlAAoJECciMUAZd2dZXBQH/RIIYunfo5YKUXr3kAaBJCen VX3W83XFgjIfs7V1HcKW9EbRNOOyPyFJbdPRA1UDiK/R8f/z94jmq6lo8jdFM8mo R8GKK+Y79m8Jqk0kYvOwoAROqf/Etk6obsT9BEBc9gzzBN4H+46KrsEPmuLyQkgN Uy7pYpLe5146OhR6nfrzojqET207cIGCr0KgrtRXvThVN9Tg1kUcBtrW8jEiv1mq fQS476UCJU/IlQeFZ9tJL4+CFK6bCHKtRCRO1to95jzXUIGqWwa+/OfCN71UZJ5L SAM8WD6twoNh7zDJsfPoCpyl8r2ZLZfWLs13G4VQ5I39NPxn3FvHt740OR4rDsI= =9mQO -----END PGP SIGNATURE----- From odinn.cyberguerrilla at riseup.net Sun Jan 4 16:23:22 2015 From: odinn.cyberguerrilla at riseup.net (odinn) Date: Mon, 05 Jan 2015 00:23:22 +0000 Subject: John Gilmore: Cryptography list is censoring my emails In-Reply-To: <20150104152901.GC2498@sivokote.iziade.m$> References: <20150104152901.GC2498@sivokote.iziade.m$> Message-ID: <54A9D97A.9000900@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 It's unclear to me what exactly is causing said censorship lately. But I've seen some unusual amount of what (in my eyes) is censorship occur across totally different lists and forums over the past few weeks. It's hard to say "oh that occured here, here and here!" because your thought may be way different than mine on where that actually occurred, so I'll just shut up on that threshold piece. (IMHO it's when someone keeps your content from appearing or just disappears something you've posted, in a very simplistic overview, of the list question) However... In each case the common thread which seemed to actually result in censorship being initiated (wherever you might think it was), was someone posting something (or trying to express something) relating to crypto, identity, or anonymity related. No surprise there. It also seemed to occur in the last few weeks of this year, or more recently which was kind of odd. I disagree with anyone who might propose the whole "lizard theory" of censorship, as I think that any list or forum censorship (where it does occur) has nothing (or almost zero) to do with any lizard antics and much more to do with underlying "earth core displacement" issues that touch on major differences both within crypto communities themselves and also within (probably overly) curious members of investigatory / LEO communities. Finally, it has not escaped my attention that the recent attacks on Tor or portions of the Tor network, could have been enough to broaden block lists (whether this block list / spam effect bit would be intentional or not) which would result in delivery of information to - - http://www.sorbs.net/ and http://barracudacentral.org/ (see http://cryptome.org/2014/12/gilmore-crypto-censored.htm) - where sorbs and barracudacentral for example might then become recipients (inexpensively and quickly) of even larger amounts of IP addresses than before, which could be in certain situations shown as spam addresses, at least during the time of the brief and limited attacks on Tor late last year. See for example: http://barracudacentral.org/rbl/how-to-use and look towards bottom of page thing. This might have briefly caused some (Tor) users, for example, to have had limited accessibility to some sites, in some circumstances - even if unintentional. I am not going to go on some long ass rantarola on how this could or could not happen. It hurts my back to be sitting here typing so I'll slow down and stop real soon. Tear me to shreds on this idea if you wish, but it is entirely possible that this could have occurred in some parts of the network(s). As to the actual result of this process in _intentional_ censorship, wherever and however that actually occurs: Unacceptable. I have also noticed that pybitmessage / bitmessage has been having more lag issues lately esp. when the messages are being sent / received to / from China. This is less a problem if sent from a "free-er" zone (e.g. Macao, Japan... the latter of which is, well... really not freeish at all) but still... can be issues. Not sure if anyone here has experienced same things so I've been encouraging people to be cautious with pybitmessage / bitmessage atm and use gpg more in 2015. Best encryption is best thing... I truly hope gnupg - gpg will get fully funded soon ( hey! see this! includes bitcoin as option for donation to gpg project: https://www.wauland.de/en/donation.html#61 ) Then that which is is decentralized is best thing. This is why I will keep yammering about why we should be using truly decentralized solutions such as... not just btc but also things like bcn, hopefully we will see zerocash in early 2015 sometime, and openbazaar is already working. We have models which will work without requiring a state model, but which don't require that we participate in the same tiresome and violent struggles time and time again either. T. May's thoughts in 1992 seemed crazy to most people who would have read them at that time. Now they just sort of seem like a first step in whatever's next. So. What's next? Just kind of rolling this around in my brain, by the way: [EN] http://en.flossmanuals.net/bypassing-censorship/ch011_get-creative/ [EN/CH] http://qz.com/131368/how-to-beat-chinas-great-firewall-one-salvaged-weibo-message-at-a-time/ openbazaar.org abis.io (my microgiving project) some announcements to come about that soon I hope. cheers. Georgi Guninski: > On Wed, Dec 31, 2014 at 07:16:04AM -0500, John Young wrote: >> http://cryptome.org/2014/12/gilmore-crypto-censored.htm > > Didn't follow all details, but the same happened to me on Fyodor's > full disclosure last time I checked several? months ago. > > If you ask me, admins like these deserve to lose their backup (if > any) say due to cosmic rays. > - -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJUqdl6AAoJEGxwq/inSG8COQwIAJPSula0po8lSKk3fk4Mzrxv dcF4EzHdyeT/yLAT+O0xJre48VAOB5whZtSbkZLpi4VSmj80JlxlRoY0g/j7SbIn WYNFCcqEEMy1jPa/5a4ceNTUlUV9EfQp9qOLhoL1AdDGm3aI/sYKT9O24t1QCQ4u DSrWhumt1U9iO+wtIhVnfEQ9/vGrsXDlN1hAcg7PPZgdHyEcgxefiFbslnvy0vZ4 92eQn4rASUSnPiwFT+I0b6GyEUo643NBS74SKiERlB3evtCFipoyDhpF2K/4g8SR rnJ7MMo4yshQc/mD/8Bol2tVYAiQC59BMzmom/yhf+apjVLA2FJ/vw9+G5OUPeI= =hE0f -----END PGP SIGNATURE----- From grarpamp at gmail.com Sun Jan 4 23:59:33 2015 From: grarpamp at gmail.com (grarpamp) Date: Mon, 5 Jan 2015 02:59:33 -0500 Subject: Good ol' BSD vs. GPL In-Reply-To: <54AA22A5.4060306@robmyers.org> References: <54A825A4.8010104@cathalgarvey.me> <2657116.6mg9LyzkaY@lapuntu> <54AA22A5.4060306@robmyers.org> Message-ID: On Mon, Jan 5, 2015 at 12:35 AM, Rob Myers wrote: > Both restore rights that copyright otherwise restricts. No. Copyright exists automatically in default state of "all rights reserved". Any "restoration" you may wish or take for yourself within that is an abuse of the author's rights as you have none. Any rights to the author's work you may have are granted to you as the author chooses. Subject to various limited notions... https://en.wikipedia.org/wiki/Traditional_safety_valves https://en.wikipedia.org/wiki/Fair_dealing > The GPL ensures that you are free to use the software even if you > receive it from a third party. > BSD doesn't do that. Yes it does. The author can slap BSD or GPL on it, give it to Alice who gives it to Bob who gives it Carl who gives it to you which you then "use". There's no difference between the two there. > Therefore BSD "grants" less freedom than the GPL. No it doesn't. This has already been explained. GPL people often confuse freedom vs force(d open source redistribution), and permissive vs restrictive. Don't get confused. https://en.wikipedia.org/wiki/Copyright https://en.wikipedia.org/wiki/List_of_parties_to_international_copyright_treaties https://en.wikipedia.org/wiki/Philosophy_of_copyright https://en.wikipedia.org/wiki/Anti-copyright Yarr! From jesse at jbcrawford.us Mon Jan 5 17:28:14 2015 From: jesse at jbcrawford.us (Jesse B. Crawford) Date: Mon, 05 Jan 2015 17:28:14 -0800 Subject: Good ol' BSD vs. GPL In-Reply-To: <54AAF446.3050605@riseup.net> References: <54A825A4.8010104@cathalgarvey.me> <2657116.6mg9LyzkaY@lapuntu> <54AA22A5.4060306@robmyers.org> <54AAF446.3050605@riseup.net> Message-ID: <54AB3A2E.5030106@jbcrawford.us> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2015-01-05 12:29, odinn wrote: > This led me to ask if maybe there was just a way to release it > into domain (public domain) without the whole licensing system and > multitude of restrictions and competing licensing restrictions > (including Unlicense) coming into play, depending on the project / > projects being considered. (Again I think we are twirling in > circles here) This isn't unheard of, the main example would be SQLite which is completely public domain to great success. Although it depends on jurisdiction, they explain this licensing arrangement as "Anyone is free to copy, modify, publish, use, compile, sell, or distribute the original SQLite code, either in source code form or as a compiled binary, for any purpose, commercial or non-commercial, and by any means," which sounds about as free as it can get to me. I had a discussion with RMS about this not that long ago. In fact, the discussion began with the BSD project, which he seems to view primarily as an attempt to undermine the work of the FSF (an opinion that he expresses in some of his public talks as well). Anyway, I think it is apparent from talking to RMS that he feels that it is a goal of GPL to prevent "user-subjugating" software vendors ever obtaining any commercial advantage from GPL-licensed code. The theory of it is a bit like not selling ammunition to KKK members or something, RMS does not want to allow his enemies to use the tools he creates. Of course I don't agree with him in this regard, but that's because I don't feel that closed-source software is intrinsically evil. From RMS's perspective, that closed-source software is fundamentally a violation of the rights of the user, it makes a great deal of sense. I think that even FSF advocates increasingly don't align fully with RMS on this issue, but his ideas have certainly influenced the GPL. jc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJUqzotAAoJEBPrCUVAhb3Bn+kH+gLE/UOT4KPtf41ZKDr8L4UC wl6F2GD6Pph7IFFzctpG4L5X84onFX45785Q3l56fmheIrt/FrBQJRmIkaLj3l0P K7nRtHo0pAxrixTPc9CZ/6wnrVg0jHhayqnnXMKJjL6JqX/AUj9eE3qmG9X5EhmW bHpmsl6tmqAMWGWUktEfRdjBpaAMnTCiOIzrSn3SXpILaPU1plK3XHP/pxlHdhnc ULVZ2GbCNPwCU7LgZOHeCZyaC6yFez2VwsxtFO04vLPh9KCoe7cPO+6G/sO5dLrq Mu06kiSUla08eLLTa6soR3meMGGfbQAQq/IkRCKdzLnWz4bH4n6r+t7AsX26ItQ= =ytXp -----END PGP SIGNATURE----- From odinn.cyberguerrilla at riseup.net Mon Jan 5 12:29:58 2015 From: odinn.cyberguerrilla at riseup.net (odinn) Date: Mon, 05 Jan 2015 20:29:58 +0000 Subject: Good ol' BSD vs. GPL In-Reply-To: References: <54A825A4.8010104@cathalgarvey.me> <2657116.6mg9LyzkaY@lapuntu> <54AA22A5.4060306@robmyers.org> Message-ID: <54AAF446.3050605@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I read this and I just get more confused. One I feel like this is topic drift (but don't worry about that, I'm glad for a little drift here) and two... what about bitcoin which is.... MIT right? I don't mean to drift it further... but I feel like this gets to be a circular thing. M. Gogulski had an argument (not sure if on this list but maybe it was on Unsystem) sometime I think early last year in which he had some arguments I hadn't considered for different types of unlicensing approaches. Which again, I just hadn't considered before he had elaborated on it at length. In comparison the whole thing I found at the time a bit befuddling. This led me to ask if maybe there was just a way to release it into domain (public domain) without the whole licensing system and multitude of restrictions and competing licensing restrictions (including Unlicense) coming into play, depending on the project / projects being considered. (Again I think we are twirling in circles here) But part of this in the final analysis should be what software projects have succeeded and really circled the globe (and resisted various kinds of intrusions/attacks) regardless of what labels we have slapped on them? Well, they have been: Non-corporate, generally non-organizational also open source Consider some of the conclusions from both 30c3 and 31c3 I'm repeating the obvious now so I'll shut up grarpamp: > On Mon, Jan 5, 2015 at 12:35 AM, Rob Myers > wrote: >> Both restore rights that copyright otherwise restricts. > > No. Copyright exists automatically in default state of "all rights > reserved". Any "restoration" you may wish or take for yourself > within that is an abuse of the author's rights as you have none. > Any rights to the author's work you may have are granted to you as > the author chooses. Subject to various limited notions... > https://en.wikipedia.org/wiki/Traditional_safety_valves > https://en.wikipedia.org/wiki/Fair_dealing > >> The GPL ensures that you are free to use the software even if >> you receive it from a third party. BSD doesn't do that. > > Yes it does. The author can slap BSD or GPL on it, give it to > Alice who gives it to Bob who gives it Carl who gives it to you > which you then "use". There's no difference between the two there. > >> Therefore BSD "grants" less freedom than the GPL. > > No it doesn't. This has already been explained. GPL people often > confuse freedom vs force(d open source redistribution), and > permissive vs restrictive. Don't get confused. > > > https://en.wikipedia.org/wiki/Copyright > https://en.wikipedia.org/wiki/List_of_parties_to_international_copyright_treaties > > https://en.wikipedia.org/wiki/Philosophy_of_copyright > https://en.wikipedia.org/wiki/Anti-copyright Yarr! > - -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJUqvRGAAoJEGxwq/inSG8CQ7oIAJl6FTr0D9nKKoh4mDOofQtb t4W25ma/aNb0QSMp51Xc18S5EoqCsnHAShkOr4ebzssnNYXYr2M746DjmflwnpXZ xF9OtlSR6CT/17AOFrEXUwgEsDFngdJzumv8Fi09xbJ09PwNVa6x3tZ4jMmv8tPx x57K7fN6VbceMimRQRA24g19z9I8mBF/yW1bdh5+3STmdnR0ASrjnzgywZLoF9Q4 X8tj6E9oZ0cooDRhzDfGwo3lCirYazmHwjK6Y5qHwcRCkyOy2eyDLumKDbeQNEBS 5e64G/6AQfCA6HG1q/2/qpcaf6X8OYVFsX70DQws1q+S5W6rVRaD5K/3MkyeOEU= =px75 -----END PGP SIGNATURE----- From juan.g71 at gmail.com Mon Jan 5 16:35:20 2015 From: juan.g71 at gmail.com (Juan) Date: Mon, 5 Jan 2015 21:35:20 -0300 Subject: Good ol' BSD vs. GPL In-Reply-To: References: <54A825A4.8010104@cathalgarvey.me> <2657116.6mg9LyzkaY@lapuntu> <54AA22A5.4060306@robmyers.org> Message-ID: <54ab2d35.6e608c0a.788a.7e84@mx.google.com> On Mon, 5 Jan 2015 02:59:33 -0500 grarpamp wrote: > On Mon, Jan 5, 2015 at 12:35 AM, Rob Myers wrote: > > Both restore rights that copyright otherwise restricts. > > No. Copyright exists automatically in default state of "all rights > reserved". No. Copyright is just a state-granted privilege. A part of the fake 'intellectual property' collection of 'rights'. > Any "restoration" you may wish or take for yourself > within that is an abuse of the author's rights as you have none. Any > rights to the author's work you may have are granted to you as the > author chooses. Subject to various limited notions... > https://en.wikipedia.org/wiki/Traditional_safety_valves > https://en.wikipedia.org/wiki/Fair_dealing > > > The GPL ensures that you are free to use the software even if you > > receive it from a third party. > > BSD doesn't do that. > > Yes it does. The author can slap BSD or GPL on it, give it to Alice > who gives it to Bob who gives it Carl who gives it to you which you > then "use". There's no difference between the two there. > > > Therefore BSD "grants" less freedom than the GPL. > > No it doesn't. This has already been explained. GPL people often > confuse freedom vs force(d open source redistribution), and permissive > vs restrictive. Don't get confused. > > > https://en.wikipedia.org/wiki/Copyright > https://en.wikipedia.org/wiki/List_of_parties_to_international_copyright_treaties > https://en.wikipedia.org/wiki/Philosophy_of_copyright > https://en.wikipedia.org/wiki/Anti-copyright > Yarr! From cathalgarvey at cathalgarvey.me Mon Jan 5 13:38:24 2015 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Mon, 05 Jan 2015 21:38:24 +0000 Subject: Good ol' BSD vs. GPL In-Reply-To: References: <54A825A4.8010104@cathalgarvey.me> <2657116.6mg9LyzkaY@lapuntu> <54A9AC6A.8040502@cathalgarvey.me> Message-ID: <54AB0450.7040304@cathalgarvey.me> It's worth pointing out for clarity that I wasn't rabbiting the point used by the powerful to enclose commons, where regulation means enclosure, but rather referring to enclosure itself as the tragedy. I will happily read the directed Manifesto, thanks. But I think it's also clear that commons are often abused, though the classical abuse appears uncommon.. because unregulated commons simply collapse early. Those that appear "unregulated" are more often regulated by social structures; no less significant than threats of reprisal in the right context! However, online, we lack the means to enforce social censure effectively, particularly against large enclosing actors. On 05/01/15 20:52, Chrrles Paul wrote: > It might be good to give Peter Linebaugh's "Magna Carta Manifesto" a > read for some understanding both on how the "tragedy of the commons" > never actually happened, and how the popular struggle for access to > the commons is what eventually gave rise to Parliament and > participatory democracy. > > On Sun, Jan 4, 2015 at 10:11 PM, Cathal Garvey > wrote: > >> Earlier, in fact. The phrase "tragedy of the commons" derives from >> nobel-prize-winning research that found that unregulated commons more often >> than not are abused to the point of collapse. From charles.paul at gmail.com Mon Jan 5 12:52:51 2015 From: charles.paul at gmail.com (Chrrles Paul) Date: Mon, 5 Jan 2015 21:52:51 +0100 Subject: Good ol' BSD vs. GPL In-Reply-To: <54A9AC6A.8040502@cathalgarvey.me> References: <54A825A4.8010104@cathalgarvey.me> <2657116.6mg9LyzkaY@lapuntu> <54A9AC6A.8040502@cathalgarvey.me> Message-ID: It might be good to give Peter Linebaugh's "Magna Carta Manifesto" a read for some understanding both on how the "tragedy of the commons" never actually happened, and how the popular struggle for access to the commons is what eventually gave rise to Parliament and participatory democracy. On Sun, Jan 4, 2015 at 10:11 PM, Cathal Garvey wrote: > Earlier, in fact. The phrase "tragedy of the commons" derives from > nobel-prize-winning research that found that unregulated commons more often > than not are abused to the point of collapse. From odinn.cyberguerrilla at riseup.net Mon Jan 5 23:29:05 2015 From: odinn.cyberguerrilla at riseup.net (odinn) Date: Tue, 06 Jan 2015 07:29:05 +0000 Subject: Good ol' BSD vs. GPL In-Reply-To: <54AB3A2E.5030106@jbcrawford.us> References: <54A825A4.8010104@cathalgarvey.me> <2657116.6mg9LyzkaY@lapuntu> <54AA22A5.4060306@robmyers.org> <54AAF446.3050605@riseup.net> <54AB3A2E.5030106@jbcrawford.us> Message-ID: <54AB8EC1.1090005@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello Jesse, Jesse B. Crawford: > On 2015-01-05 12:29, odinn wrote: >> This led me to ask if maybe there was just a way to release it >> into domain (public domain) without the whole licensing system >> and multitude of restrictions and competing licensing >> restrictions (including Unlicense) coming into play, depending on >> the project / projects being considered. (Again I think we are >> twirling in circles here) > > This isn't unheard of, the main example would be SQLite which is > completely public domain to great success. Hmm. > Although it depends on jurisdiction, Here, then. Why would it necessarily depend on jurisdiction? Isn't the jurisdiction primarily something that really is something that one imagines and then imposes? Or is the imagination and imposition something that occurs simultaneously? Past, present, future, "necessarily" chosen perceptions in order to prevent one's mind from popping before the realization that it is not the spoon that bends, it is you. :-) In any event, are our notions of "jurisdiction" regardless of how they are implemented or put into practice in what we consider to be "real world," practical and reasonable, or are they merely part of a mental prison which we routinely impose upon ourselves? Too many words, though. Wrapping up: The Gateless Gate (1228) by Mumon, translated by Nyogen Koan number 29 out of 49 in this work (published 1228, translated 1934) Two monks were arguing about a flag. One said: "The flag is moving." The other said: "The wind is moving." The sixth patriarch happened to be passing by. He told them: "Not the wind, not the flag; mind is moving." Mumon’s comment: The sixth patriarch said: "The wind is not moving, the flag is not moving. Mind is moving." What did he mean? If you understand this intimately, you will see the two monks there trying to buy iron and gaining gold. The sixth patriarch could not bear to see those two dull heads, so he made such a bargain. Wind, flag, mind moves, The same understanding. When the mouth opens All are wrong. Then, here. > they explain this licensing arrangement as "Anyone is free to copy, > modify, publish, use, compile, sell, or distribute the original > SQLite code, either in source code form or as a compiled binary, > for any purpose, commercial or non-commercial, and by any means," > which sounds about as free as it can get to me. > > I had a discussion with RMS about this not that long ago. In fact, > the discussion began with the BSD project, which he seems to view > primarily as an attempt to undermine the work of the FSF (an > opinion that he expresses in some of his public talks as well). > Anyway, I think it is apparent from talking to RMS that he feels > that it is a goal of GPL to prevent "user-subjugating" software > vendors ever obtaining any commercial advantage from GPL-licensed > code. The theory of it is a bit like not selling ammunition to KKK > members or something, RMS does not want to allow his enemies to use > the tools he creates. > > Of course I don't agree with him in this regard, but that's because > I don't feel that closed-source software is intrinsically evil. > From RMS's perspective, that closed-source software is > fundamentally a violation of the rights of the user, it makes a > great deal of sense. > > I think that even FSF advocates increasingly don't align fully > with RMS on this issue, but his ideas have certainly influenced the > GPL. > > jc > - -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJUq47BAAoJEGxwq/inSG8CB1MIAMBHwYOJBLNJiXPLA20G7coS aj3qAT3GjwFcIZSxM4PODIUiozEY1mDrgOf0MSq+3UByAVDh51IbGrDo7D4aApNM +BjD/AuajtTUYZz9+exSBnRynYsDZfBmDi3HPBIwYyWnDfdlasmSvI/jT+9bByl6 0Jnx+8knTQXBOgJF76Gsk2QNwHYyj5AM79wg59z+I4Afhbr2JqZafRtWvD8r/emm CCmxhOxhiiPSCHQ7dde+/4k66gLUBb6Xmvr6pK4GvXxGhVHkC+lAaNziIdZ+Vs3M wTYf7viT4VcBV1rD3u/KbpBj/lUjU7RYPWAods+5dEuJw/KYhWx5HRJ1SBn4s4g= =EhS/ -----END PGP SIGNATURE----- From cathalgarvey at cathalgarvey.me Tue Jan 6 00:43:18 2015 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Tue, 06 Jan 2015 08:43:18 +0000 Subject: Good ol' BSD vs. GPL In-Reply-To: <54AB3A2E.5030106@jbcrawford.us> References: <54A825A4.8010104@cathalgarvey.me> <2657116.6mg9LyzkaY@lapuntu> <54AA22A5.4060306@robmyers.org> <54AAF446.3050605@riseup.net> <54AB3A2E.5030106@jbcrawford.us> Message-ID: <54ABA026.7020100@cathalgarvey.me> > RMS does not want to allow his enemies to use the tools he > creates. Well, no; he wants them to use it as much as they like, as long as they give back to the commons on which they built their foundations. There's nothing at all wrong with asking that. RMS would likely be insulted at the idea that he would forbid essential freedoms to *anyone*, including the companies he hates. There's an undercurrent in some patches of this discussion, if I may, that suggests that openness is orthogonal to commercial success; the idea being that GPL is "anti-business" and weaker licenses are "pro-business". I'll just throw in "citation needed" with the reminder that correlation does not imply causation. Users (more like "Used") buy Windows all the time even though everyone knows it can be had for free. Music lovers continue to pay for music even though it's common knowledge that it can be had with less malware on torrent sites, or simply cribbed from friends. Same for books, same for everything. Artificial scarcity creates artificial demand, but a natural abundance does not diminish natural demand. And if you want to sell open code, it had better be GPL, or your competitors will steal all your best ideas and leave you with an inferior product. With GPL, you *invite* your competitors to improve with you, while you both crib one another's work and get better and more usefully distinct over time. On 06/01/15 01:28, Jesse B. Crawford wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 2015-01-05 12:29, odinn wrote: >> This led me to ask if maybe there was just a way to release it >> into domain (public domain) without the whole licensing system and >> multitude of restrictions and competing licensing restrictions >> (including Unlicense) coming into play, depending on the project / >> projects being considered. (Again I think we are twirling in >> circles here) > > This isn't unheard of, the main example would be SQLite which is > completely public domain to great success. Although it depends on > jurisdiction, they explain this licensing arrangement as "Anyone is > free to copy, modify, publish, use, compile, sell, or distribute the > original SQLite code, either in source code form or as a compiled > binary, for any purpose, commercial or non-commercial, and by any > means," which sounds about as free as it can get to me. > > I had a discussion with RMS about this not that long ago. In fact, the > discussion began with the BSD project, which he seems to view > primarily as an attempt to undermine the work of the FSF (an opinion > that he expresses in some of his public talks as well). Anyway, I > think it is apparent from talking to RMS that he feels that it is a > goal of GPL to prevent "user-subjugating" software vendors ever > obtaining any commercial advantage from GPL-licensed code. The theory > of it is a bit like not selling ammunition to KKK members or > something, RMS does not want to allow his enemies to use the tools he > creates. > > Of course I don't agree with him in this regard, but that's because I > don't feel that closed-source software is intrinsically evil. From > RMS's perspective, that closed-source software is fundamentally a > violation of the rights of the user, it makes a great deal of sense. > > I think that even FSF advocates increasingly don't align fully with > RMS on this issue, but his ideas have certainly influenced the GPL. > > jc > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQEcBAEBAgAGBQJUqzotAAoJEBPrCUVAhb3Bn+kH+gLE/UOT4KPtf41ZKDr8L4UC > wl6F2GD6Pph7IFFzctpG4L5X84onFX45785Q3l56fmheIrt/FrBQJRmIkaLj3l0P > K7nRtHo0pAxrixTPc9CZ/6wnrVg0jHhayqnnXMKJjL6JqX/AUj9eE3qmG9X5EhmW > bHpmsl6tmqAMWGWUktEfRdjBpaAMnTCiOIzrSn3SXpILaPU1plK3XHP/pxlHdhnc > ULVZ2GbCNPwCU7LgZOHeCZyaC6yFez2VwsxtFO04vLPh9KCoe7cPO+6G/sO5dLrq > Mu06kiSUla08eLLTa6soR3meMGGfbQAQq/IkRCKdzLnWz4bH4n6r+t7AsX26ItQ= > =ytXp > -----END PGP SIGNATURE----- > From zen at freedbms.net Mon Jan 5 16:57:04 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Tue, 6 Jan 2015 11:57:04 +1100 Subject: Good ol' BSD vs. GPL In-Reply-To: References: <54A825A4.8010104@cathalgarvey.me> <2657116.6mg9LyzkaY@lapuntu> <54AA22A5.4060306@robmyers.org> Message-ID: On 1/5/15, grarpamp wrote: > On Mon, Jan 5, 2015 at 12:35 AM, Rob Myers wrote: >> Both restore rights that copyright otherwise restricts. > > No. Copyright exists automatically in default state of "all rights > reserved". But that shifts the ground on what Rob was speaking to. Sure you can say 'in the default state of "all rights reserved"', that 'copyright exists automatically', and we can even go so far as to say the --current legal regime-- grants 'copyright protection by default', which in jurisdictions I am aware of, is the case. BUT, copyright itself, is a legal fiction. THIS (as I read it) is the foundation on which Rob makes his point. So, we most of us do in fact live in an artificial statutory regime of various legal fictions, one of which is called copyright, the right to make copies, and the right to grant (or restrict, by default or otherwise) others the right to make "copies". In THIS regime (default statutory fiction rights, re copying), the BSD and GPL licenses "restore rights that copyright otherwise restricts" - Rob's words are precise, correct, and clear. > Any "restoration" you may wish or take for yourself > within that is an abuse of the author's rights as you have none. This is a non-argument, and I'm not sure you're making a point, or making your point in a way I can understand. The "restoration" that Rob speaks to is **the author's** choice of license, the *author*, who by "statutory legal fiction right by default" is granted exclusive right to make copies of --author's own work--, chooses, of --his own free will-- to "restore" to recipients of author's said works, certain rights otherwise restricted by said statute fiction rights. Rob's words are clear and simple. Mine are verbose. Grarpamp, am I understanding your position correctly, or am I missing something (as in, from my viewpoint, you were missing Rob's point)? > Any > rights to the author's work you may have are granted to you as the > author chooses. In the regime of legal fiction rights, yes... > Subject to various limited notions... > https://en.wikipedia.org/wiki/Traditional_safety_valves > https://en.wikipedia.org/wiki/Fair_dealing > >> The GPL ensures that you are free to use the software even if you >> receive it from a third party. >> BSD doesn't do that. > > Yes it does. No it does not. GPL ensures that recipients may not -further restrict- the freedoms 'granted' by the GPL (which is presumably the author's desire and reason for choosing to license under GPL); BSD only ensures -first recipient- has "GPL like" freedoms, in addition to the "freedom to futher distribute under proprietary license", which some of us consider to be a freedom that ought not be granted, and for those who consider this way, the GPL is therefore a much better choice - the point being, if the -first recipient- of BSD licensed software thereafter distributes under freedom-removing license (proprietary), said recipients are no longer using free/libre software, but proprietary software - this is what GPL attempts to handle/ improve upon, and yes, some people prefer to distribute their software with the right for recipients to distribute as proprietary ("the freedom to take away freedom"). > The author can slap BSD or GPL on it, give it to Alice > who gives it to Bob who gives it Carl who gives it to you which you > then "use". There's no difference between the two there. :) Your liberal viewpoint is technically correct, -for the example you give-; but as you must well know, Alice or Bob may "remove the BSD license when they distribute" (or to use your term, "slap on a proprietary license") to Bob and Carl respectively. Ignoring this alternative pathway in your argument, does not make that pathway non-existent. >> Therefore BSD "grants" less freedom than the GPL. > > No it doesn't. This has already been explained. GPL people often > confuse freedom vs force(d open source redistribution), and permissive > vs restrictive. Don't get confused. On this point I agree with you. BSD grants all the freedoms that GPL does, -as well as- the freedom for the recipient to add restrictions of any sort when he further distributes. So in that technical sense, the BSD license provides "more freedom". GPL proponents (which include myself), consider that the GPL's 'hack' of the legal fiction rights granted by statute law, is a useful mechanism to work towards maximising the amount of free/libre software available in the world, over the long term. It is a valid, and apparently effective, strategy. And one I wholeheartedly support :) I welcome reviews of my new play, Pirates of the Commons: > https://en.wikipedia.org/wiki/Copyright > https://en.wikipedia.org/wiki/List_of_parties_to_international_copyright_treaties > https://en.wikipedia.org/wiki/Philosophy_of_copyright Pirates of the Commons. ================= A play by the freedom-deprived, of the freedom-deprived, and for the freedom-deprived. Arr! No freedom. No freedom. Arr. Arr. > https://en.wikipedia.org/wiki/Anti-copyright > Yarr! Arrgh me hardies, let us pillage and plunderrr the code of the mighty ship BSD Commons. She sits with her sails a flappin' promiscuously in the breeze tharrr! Arr. Ay lads, she's sittin' vulnerable in them tharr waters of statutory easy lays and a wealth of booty for us 'n' us alone does she provide. Arr. Code laddies, code! No slack till the walled garrrden is done lads! No freedom. No freedom. Arr. Arr. END. From jerry at jerryrw.com Tue Jan 6 09:31:55 2015 From: jerry at jerryrw.com (Jerry) Date: Tue, 6 Jan 2015 12:31:55 -0500 Subject: TrueCrypt, GostCrypt, *Crypt - status? In-Reply-To: <54A825A4.8010104@cathalgarvey.me> References: <1420280338.8889.7.camel@klax> <54A825A4.8010104@cathalgarvey.me> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Jan 3, 2015, at 12:23 PM, Cathal Garvey wrote: > > What are the critical truecrypt features people actually want, that made it special? For me the features were many but mainly; Near seamless big three multi platform compatibility, TC volumes on thumb drives and in the dropbox open pretty much everywhere. While I nver had the need to use them the deniable containers seemed useful for travelers. The consternation that governments have had with it is a bonus. If they can break it, they are classifying it high enough to not break it in public. Would make it seem to be fairly secure. -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJUrBwSAAoJEBuh/pdhlD51x5UH/j32ihiczMta14Ms+GGkOAdH 0eO5jF4nOA9fjvMo4yKvB79IOXKoxyKDB9g9tBXzBMzmukYGb4OXtWAZo4Unhgfn T8rlunOnsM0f3c0Esv8fimC9nyjWshpsKUI1ZJhPBbp2r++8lpJW/WF5HwVtOsEO CB0OdcjcfYSccvU12rgvY7EsD4EOob0ylHBPW6hcVIEevGbO6snbNnvqAOwc1JOu XaWgDIK6nEsN+yfEsqhEHkmiGhq/+I7h7C1R8jSDhfjNqArVUdEltgyD9gzj7Uj5 OUD7vMQbGG7ZOKepsGbnM58kvTmQc5jWMmEkVp0PoXwx9uzvXuz2iluX7ElHp5w= =cPF1 -----END PGP SIGNATURE----- From dwhite at olp.net Tue Jan 6 11:21:22 2015 From: dwhite at olp.net (Dan White) Date: Tue, 6 Jan 2015 13:21:22 -0600 Subject: Rant on BSD vs GPL was [Good ol' BSD vs. GPL] In-Reply-To: <20150106175102.GA2495@sivokote.iziade.m$> References: <20150106175102.GA2495@sivokote.iziade.m$> Message-ID: <20150106192121.GC3976@dan.olp.net> On 01/06/15 19:51 +0200, Georgi Guninski wrote: >Let me make a rant on BSD vs GPL licenses. > >It is well known fact that Micro$oft used *BSD TCP stack in earlier >versions of their shit. In addition on _old_ versions of windows, >grepping for "Berkeley" returned the bsd license in userland, likely >in the shit called "ftp.exe". > >I am not a coder, though have released some non-destructive stuff. > >If I were a coder, I would have been pissed off if micro$oft >profited from my codeZ$ (though a lot a of sheeple don't care about >this). My googlefu is failing me, but I recall that Microsoft came to some sort of agreement back in the 90s with the Regents of the University of California, meaning someone got payed. >If I were a coder, GPL is assumed to guarantee me that shit like m$ >can't profit from codeZ$. https://www.google.com/search?q=microsoft+making+money+from+linux -- Dan White vi, debian, C, mutt, sysvinit, /usr/local/, su -, and I dress to the right From john at johnlgrubbs.net Tue Jan 6 11:29:39 2015 From: john at johnlgrubbs.net (John) Date: Tue, 06 Jan 2015 13:29:39 -0600 Subject: Good ol' BSD vs. GPL In-Reply-To: <54ABA026.7020100@cathalgarvey.me> References: <54A825A4.8010104@cathalgarvey.me> <2657116.6mg9LyzkaY@lapuntu> <54AA22A5.4060306@robmyers.org> <54AAF446.3050605@riseup.net> <54AB3A2E.5030106@jbcrawford.us> <54ABA026.7020100@cathalgarvey.me> Message-ID: <414FAC59-21EC-49DC-8D63-3FB071EE3BE6@johnlgrubbs.net> Yay! Bikeshed! /getspopcorn On January 6, 2015 2:43:18 AM CST, Cathal Garvey wrote: > > RMS does not want to allow his enemies to use the tools he > > creates. > >Well, no; he wants them to use it as much as they like, as long as they > >give back to the commons on which they built their foundations. There's > >nothing at all wrong with asking that. > >RMS would likely be insulted at the idea that he would forbid essential > >freedoms to *anyone*, including the companies he hates. > >There's an undercurrent in some patches of this discussion, if I may, >that suggests that openness is orthogonal to commercial success; the >idea being that GPL is "anti-business" and weaker licenses are >"pro-business". I'll just throw in "citation needed" with the reminder >that correlation does not imply causation. > >Users (more like "Used") buy Windows all the time even though everyone >knows it can be had for free. Music lovers continue to pay for music >even though it's common knowledge that it can be had with less malware >on torrent sites, or simply cribbed from friends. Same for books, same >for everything. > >Artificial scarcity creates artificial demand, but a natural abundance >does not diminish natural demand. And if you want to sell open code, it > >had better be GPL, or your competitors will steal all your best ideas >and leave you with an inferior product. With GPL, you *invite* your >competitors to improve with you, while you both crib one another's work > >and get better and more usefully distinct over time. > >On 06/01/15 01:28, Jesse B. Crawford wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On 2015-01-05 12:29, odinn wrote: >>> This led me to ask if maybe there was just a way to release it >>> into domain (public domain) without the whole licensing system and >>> multitude of restrictions and competing licensing restrictions >>> (including Unlicense) coming into play, depending on the project / >>> projects being considered. (Again I think we are twirling in >>> circles here) >> >> This isn't unheard of, the main example would be SQLite which is >> completely public domain to great success. Although it depends on >> jurisdiction, they explain this licensing arrangement as "Anyone is >> free to copy, modify, publish, use, compile, sell, or distribute the >> original SQLite code, either in source code form or as a compiled >> binary, for any purpose, commercial or non-commercial, and by any >> means," which sounds about as free as it can get to me. >> >> I had a discussion with RMS about this not that long ago. In fact, >the >> discussion began with the BSD project, which he seems to view >> primarily as an attempt to undermine the work of the FSF (an opinion >> that he expresses in some of his public talks as well). Anyway, I >> think it is apparent from talking to RMS that he feels that it is a >> goal of GPL to prevent "user-subjugating" software vendors ever >> obtaining any commercial advantage from GPL-licensed code. The theory >> of it is a bit like not selling ammunition to KKK members or >> something, RMS does not want to allow his enemies to use the tools he >> creates. >> >> Of course I don't agree with him in this regard, but that's because I >> don't feel that closed-source software is intrinsically evil. From >> RMS's perspective, that closed-source software is fundamentally a >> violation of the rights of the user, it makes a great deal of sense. >> >> I think that even FSF advocates increasingly don't align fully with >> RMS on this issue, but his ideas have certainly influenced the GPL. >> >> jc >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v2 >> >> iQEcBAEBAgAGBQJUqzotAAoJEBPrCUVAhb3Bn+kH+gLE/UOT4KPtf41ZKDr8L4UC >> wl6F2GD6Pph7IFFzctpG4L5X84onFX45785Q3l56fmheIrt/FrBQJRmIkaLj3l0P >> K7nRtHo0pAxrixTPc9CZ/6wnrVg0jHhayqnnXMKJjL6JqX/AUj9eE3qmG9X5EhmW >> bHpmsl6tmqAMWGWUktEfRdjBpaAMnTCiOIzrSn3SXpILaPU1plK3XHP/pxlHdhnc >> ULVZ2GbCNPwCU7LgZOHeCZyaC6yFez2VwsxtFO04vLPh9KCoe7cPO+6G/sO5dLrq >> Mu06kiSUla08eLLTa6soR3meMGGfbQAQq/IkRCKdzLnWz4bH4n6r+t7AsX26ItQ= >> =ytXp >> -----END PGP SIGNATURE----- >> -- Sent from my Android device with K-9 Mail. Please excuse my brevity. From l at odewijk.nl Tue Jan 6 12:45:16 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Tue, 6 Jan 2015 14:45:16 -0600 Subject: Rant on BSD vs GPL was [Good ol' BSD vs. GPL] In-Reply-To: <20150106175102.GA2495@sivokote.iziade.m$> References: <20150106175102.GA2495@sivokote.iziade.m$> Message-ID: 2015-01-06 18:51 GMT+01:00 Georgi Guninski : > Haskell language shit depending on GCC and claiming they "compile with > portable > assembler" don't make sense to me too, fuck Haskelli and its monads, > sorry. > Not really sure how this factors into it. There's more than one Haskell compiler, you know? Haskell and monads are languages, and do not depend upon compilation to have meaning. Monads are like, kinda inevitable. You have them in your code, you just don't know. As for the rest, GPL when something is everyone's property, BSD when you're actually just a company pushing a product or just don't care. There's not much between GPL and BSD. I'd like a structure where you have to pay to get in, but once you're in it's like GPL (but only with others who are "in"), instead of every closed source license out there. Meanwhile we must not depend upon the bullshit copyright system to provide us with compensation. Distribution is no longer a challenge and no profit can be extracted from it anymore. Stop it already. Please stop ruining reality to create artificial scarcity, I want it not. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1638 bytes Desc: not available URL: From coderman at gmail.com Tue Jan 6 15:51:10 2015 From: coderman at gmail.com (coderman) Date: Tue, 6 Jan 2015 15:51:10 -0800 Subject: What the hell can be done with this trinity? In-Reply-To: References: Message-ID: On 1/6/15, Peter Gutmann wrote: >>Could you email me your past posts on FIPS 140 ... > > Uhh, I don't keep records of them, or at least there are mail logs but... i was awaiting Peter's response to this. unfortunately (fortunately?) it did not turn out as exhaustive authoritative reference :P best regards from 2015, most crypto ever end-to-end across the planet! From cryptography at patrickmylund.com Tue Jan 6 16:46:20 2015 From: cryptography at patrickmylund.com (Patrick Mylund Nielsen) Date: Tue, 6 Jan 2015 19:46:20 -0500 Subject: TrustLeap: provably-secure, "forever unbreakable" security In-Reply-To: <20150107000404.c912ec189145511fef0faaf8@enigmabox.net> References: <20150107000404.c912ec189145511fef0faaf8@enigmabox.net> Message-ID: On Tue, Jan 6, 2015 at 6:04 PM, 42 <42 at enigmabox.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > The CEO of TrustLeap contacted me recently to boast about his > "unbreakable" security, and that 'we' are doing everything wrong and > "all open source software is backdoored". > > Quotes from the website: > > > TrustLeap can mathematically prove that it has "unbreakable > > encryption" against unlimited computing power, forever, and by-design. > > > As a result, "modern" cryptography (all the algorithms used today, > > either standard or custom) is _provably unsafe_. > http://twd-industries.com/faq.html#tab3 > > What do you think about that? > > There is a challenge: http://twd-industries.com/challenge.html > > This is a page for real experts in cryptography > ...so I thought I'll share it with you guys. > All that text and I still have no idea what this thing does. The exercise is pointless: I could give you some plaintext and blob of random garbage (or just use a one-time pad) and make all the same claims. And the customers listed on their Customers page are using their Remote Desktop product, not this. But all you really need to know is they're only offering $1,000 as a reward to people who break their provably-secure-everybody-else-is-an-idiot-yadda-yadda system. Maybe they should convince themselves that it's secure first. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2233 bytes Desc: not available URL: From guninski at guninski.com Tue Jan 6 09:51:02 2015 From: guninski at guninski.com (Georgi Guninski) Date: Tue, 6 Jan 2015 19:51:02 +0200 Subject: Rant on BSD vs GPL was [Good ol' BSD vs. GPL] Message-ID: <20150106175102.GA2495@sivokote.iziade.m$> Let me make a rant on BSD vs GPL licenses. It is well known fact that Micro$oft used *BSD TCP stack in earlier versions of their shit. In addition on _old_ versions of windows, grepping for "Berkeley" returned the bsd license in userland, likely in the shit called "ftp.exe". I am not a coder, though have released some non-destructive stuff. If I were a coder, I would have been pissed off if micro$oft profited from my codeZ$ (though a lot a of sheeple don't care about this). If I were a coder, GPL is assumed to guarantee me that shit like m$ can't profit from codeZ$. As an aside, appears to me because of GCC (C compliler) BSD exists in its current form. It it still fun trolling *BSD fanatics "Dudes, you still using GPL GCC?")). Haskell language shit depending on GCC and claiming they "compile with portable assembler" don't make sense to me too, fuck Haskelli and its monads, sorry. cheers, -- j From pgut001 at cs.auckland.ac.nz Tue Jan 6 02:17:38 2015 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Tue, 06 Jan 2015 23:17:38 +1300 Subject: What the hell can be done with this trinity? In-Reply-To: Message-ID: >Could you email me your past posts on FIPS 140 and the NSA rule? I would like >to include them in a future post on /r/badBIOS on reddit.com. Thanks. Uhh, I don't keep records of them, or at least there are mail logs but that's an awful lot of stuff to cover. In addition others have commented on it as well not just me, the best way to find it would be to search the cryptography list archives for "FIPS 140". Peter. From 42 at enigmabox.net Tue Jan 6 15:04:04 2015 From: 42 at enigmabox.net (42) Date: Wed, 7 Jan 2015 00:04:04 +0100 Subject: TrustLeap: provably-secure, "forever unbreakable" security Message-ID: <20150107000404.c912ec189145511fef0faaf8@enigmabox.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The CEO of TrustLeap contacted me recently to boast about his "unbreakable" security, and that 'we' are doing everything wrong and "all open source software is backdoored". Quotes from the website: > TrustLeap can mathematically prove that it has "unbreakable > encryption" against unlimited computing power, forever, and by-design. > As a result, "modern" cryptography (all the algorithms used today, > either standard or custom) is _provably unsafe_. http://twd-industries.com/faq.html#tab3 What do you think about that? There is a challenge: http://twd-industries.com/challenge.html > This is a page for real experts in cryptography ...so I thought I'll share it with you guys. - -- 42 <42 at enigmabox.net> -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJUrGnlAAoJELqmW1wGWUSY2aMP/1qGTSdnqZZLRqFH/ZHS1XkY vVwSbR7H8L1vKMFYxxBgQcgMrB3ky+He1xYjX5B/6Pfwi3aFYH/5xgJMdx75fTYP EVIF8SHctbWs49g6+dynLgcdCwHrLtF35BIj3QmIgBo8vYUMtS1JQ7/iwbwLZlw3 3+s7ycMEW2U/ltdhG6dV1xL+oXBHpVv3EeW7LHNL5RvcAN6SFU1YNkvjedfqnKxB so6gh7adcsFf5aij6ofkQKHYyTTdkilGwQa06Xj5Ht3gBWi+NIbglkVsgS/+/Xwx mq8trrlz3MO3eCt/atpseeWwgThfaTf9B/dgnd7JuRQzK+Vmvtrj/d6wjbW2wmQW yCXz3n2Y0WxozipHJSd1yXL2SuumB3YSZ06ZLVUg0RmEluGCXVg7oALri+srEKUs PBLWJmWKpQM/8DsA8cqUEvyELFs1WBjzIQg2Bsg0j1IvMrXZSAApoMxEXxibSf0V oOiqApPUThlfB1V1CCU0jRgW2mYmKvU2eq05iYx1ZyyUid4gQlFt0KsO3Hh2e0VK 57XJjNwFeg7iSbJ7kIGduryVxDulu7SqabLKr7WUpQfCYxP0kTjTqXI44R5fHr00 4D6nb/mzPF3IxSfQ2Wv/SJ4AFeYTe8d1tdVdLqF8z4n6Noo4yExArD6VwVT6wF5r Kyyxt5DAcslRFZbOJA/6 =wU4H -----END PGP SIGNATURE----- From grarpamp at gmail.com Tue Jan 6 22:57:25 2015 From: grarpamp at gmail.com (grarpamp) Date: Wed, 7 Jan 2015 01:57:25 -0500 Subject: Rant on BSD vs GPL was [Good ol' BSD vs. GPL] In-Reply-To: References: <20150106175102.GA2495@sivokote.iziade.m$> Message-ID: > Georgi write: > Dudes, you still using GPL GCC? Actually, no. https://bitrig.org/10.html http://wiki.netbsd.org/tutorials/pkgsrc/clang/ https://wiki.freebsd.org/BuildingFreeBSDWithClang http://unix.stackexchange.com/questions/49906/why-is-freebsd-deprecating-gcc-in-favor-of-clang-llvm http://www.dragonflydigest.com/2014/10/22/14942.html http://www.dragonflybsd.org/docs/developer/clang/ http://www.thejemreport.com/more-on-openbsds-new-compiler/ http://undeadly.org/cgi?action=article&sid=20091228231142 http://marc.info/?l=openbsd-misc&m=137530560232232&w=2 http://clang.debian.net/ http://llvm.linuxfoundation.org/ https://wiki.debian.org/Debian_GNU/kFreeBSD http://www.gentoo.org/proj/en/gentoo-alt/bsd/fbsd/ On Tue, Jan 6, 2015 at 3:45 PM, Lodewijk andré de la porte wrote: > GPL when something is everyone's property, Unless you're not "in", then suddenly they get ugly like you broke their communal bong hit or something. They used to cry if you didn't pass the code around, now they sic their lawyers on you. That's not very free. > BSD when you ... just don't care. Exactly, everyone is in, do whatever you want. And it's almost as unlimited as you can get under today's mandatory law for those who say copyright is fiction. These days BSD says basically two things: 1) Do what you want. 2) Author disclaims liability. It's hard to be more free than that under current law, yet... http://en.wikipedia.org/wiki/WTFPL From coderman at gmail.com Sun Jan 11 16:32:33 2015 From: coderman at gmail.com (coderman) Date: Sun, 11 Jan 2015 16:32:33 -0800 Subject: full year 2014 corpus - better concurrent continue Message-ID: "why this format?" - it is lowest common denominator, in a sense. the rest explained later... but first, a fix. there is an issue with commands that won't continue past the PDF and small file bundles. use fix below to run or more continuation downloaders: ### The gist of a quick continue download: (many can be run in parallel) # # Update torsunget.sh and run dl-fy2014.sh to complete. # # assumes a copy of https://peertech.org/files/fy2014lst.txt # or 84fe6b33e5b6f2478523432514fcb24b844105c4a38635ba97543e9c7152f90e # in current working directory where ./dl-fy2014.sh is run. # # E.g.: curl -x http://127.0.0.1:8778/ -o fy2014lst.txt \ # http://bigsun36arflx75h.onion/shid/84f/e6b/84fe6b33e5b6f247..7543e9c7152f90e # rm -f torsunget.sh >/dev/null 2>&1 curl -x http://127.0.0.1:8778/ -o torsunget.sh \ http://bigsundaawafn36e.onion/torsunget.sh.txt \ && chmod +x torsunget.sh curl -x http://127.0.0.1:8778/ -o dl-fy2014.sh \ http://bigsundaawafn36e.onion/dl-fy2014.sh.txt \ && chmod +x dl-fy2014.sh time ./dl-fy2014.sh From grarpamp at gmail.com Sun Jan 11 20:00:38 2015 From: grarpamp at gmail.com (grarpamp) Date: Sun, 11 Jan 2015 23:00:38 -0500 Subject: Rant on BSD vs GPL was [Good ol' BSD vs. GPL] In-Reply-To: <54b2ebcb.8641e00a.70b7.13e2@mx.google.com> References: <20150106175102.GA2495@sivokote.iziade.m$> <4707594.I3Idj6CXql@lapuntu> <54b06d42.4380e00a.7a70.ffff961b@mx.google.com> <2535522.7yjQvbBdOJ@lapuntu> <54b2ebcb.8641e00a.70b7.13e2@mx.google.com> Message-ID: On Sun, Jan 11, 2015 at 4:34 PM, Juan wrote: > about serious stuff like constantly invoking freedom > while being a crass statist. It's a trap! From skquinn at rushpost.com Sun Jan 11 23:17:15 2015 From: skquinn at rushpost.com (Shawn K. Quinn) Date: Mon, 12 Jan 2015 01:17:15 -0600 Subject: Rant on BSD vs GPL was [Good ol' BSD vs. GPL] In-Reply-To: <54b2fb93.8ca1e00a.5c2f.46ab@mx.google.com> References: <20150106175102.GA2495@sivokote.iziade.m$> <2535522.7yjQvbBdOJ@lapuntu> <54b2ebcb.8641e00a.70b7.13e2@mx.google.com> <25843553.h0z12NAziY@lapuntu> <54b2fb93.8ca1e00a.5c2f.46ab@mx.google.com> Message-ID: <1421047035.15245.2.camel@klax> On Sun, 2015-01-11 at 19:41 -0300, Juan wrote: > As to who 'owns' it, the > question doesn't make much sense because, again, intellectual > 'property' doesn't really work liky physical property. More correctly stated: there is really no such thing as "intellectual property" at all. Copyright, trademark, patent, and whatever else really have little to nothing in common with each other, and have very little to nothing in common with property laws. -- Shawn K. Quinn From juan.g71 at gmail.com Sun Jan 11 21:36:27 2015 From: juan.g71 at gmail.com (Juan) Date: Mon, 12 Jan 2015 02:36:27 -0300 Subject: Rant on BSD vs GPL was [Good ol' BSD vs. GPL] In-Reply-To: References: <20150106175102.GA2495@sivokote.iziade.m$> <4707594.I3Idj6CXql@lapuntu> <54b06d42.4380e00a.7a70.ffff961b@mx.google.com> <2535522.7yjQvbBdOJ@lapuntu> <54b2ebcb.8641e00a.70b7.13e2@mx.google.com> Message-ID: <54b35cc9.a9288c0a.4794.ffff8fc6@mx.google.com> On Sun, 11 Jan 2015 23:00:38 -0500 grarpamp wrote: > On Sun, Jan 11, 2015 at 4:34 PM, Juan wrote: > > about serious stuff like constantly invoking freedom > > while being a crass statist. > > It's a trap! Well if it is trap, it is a poorly designed trap. From juan.g71 at gmail.com Sun Jan 11 21:39:31 2015 From: juan.g71 at gmail.com (Juan) Date: Mon, 12 Jan 2015 02:39:31 -0300 Subject: Rant on BSD vs GPL was [Good ol' BSD vs. GPL] In-Reply-To: References: <20150106175102.GA2495@sivokote.iziade.m$> <4707594.I3Idj6CXql@lapuntu> <54b06d42.4380e00a.7a70.ffff961b@mx.google.com> <2535522.7yjQvbBdOJ@lapuntu> <54b2ebcb.8641e00a.70b7.13e2@mx.google.com> Message-ID: <54b35d82.0950e00a.2192.ffff9e33@mx.google.com> On Sun, 11 Jan 2015 23:00:38 -0500 grarpamp wrote: > On Sun, Jan 11, 2015 at 4:34 PM, Juan wrote: > > about serious stuff like constantly invoking freedom > > while being a crass statist. > > It's a trap! Ha. Wait! https://stallman.org/articles/why-we-need-a-state.html When I first read it I missed this line "Copyright (c) 2013 Richard Stallman Verbatim copying and redistribution of this entire page are permitted provided this notice is preserved. " LMAO! unintentional self-parody at its best. From rysiek at hackerspace.pl Sun Jan 11 22:22:51 2015 From: rysiek at hackerspace.pl (rysiek) Date: Mon, 12 Jan 2015 07:22:51 +0100 Subject: Rant on BSD vs GPL was [Good ol' BSD vs. GPL] In-Reply-To: <54b2fb93.8ca1e00a.5c2f.46ab@mx.google.com> References: <20150106175102.GA2495@sivokote.iziade.m$> <25843553.h0z12NAziY@lapuntu> <54b2fb93.8ca1e00a.5c2f.46ab@mx.google.com> Message-ID: <2063435.zT1b51l2R7@lapuntu> Dnia niedziela, 11 stycznia 2015 19:41:44 Juan pisze: > On Sun, 11 Jan 2015 23:09:41 +0100 > > rysiek wrote: > > Dnia niedziela, 11 stycznia 2015 18:34:24 Juan pisze: > > > > I would say: that individuals should have the right to use their > > > > *tools* however they like, including fixing them, modifying them > > > > and helping their neighbours by lending them. > > > > > > Which boils down to : this is my stuff - I do with it > > > > > > whatever I want. > > > > So, if I write a program, whose "stuff" is it? Mine? Yours if you're > > using it? the "boils down to" is a bit simplified, isn't it. > > I was referring to physical property - computer hardware in this > case. Again, the argument is that since people own the hardware > they should control it (otherwise they don't really own it). Hence we agree (and Stallman, too). > If you write a program you are the author. You can keep it > secret but you can't prevent people from copying it/using it > if you somehow make it public. As to who 'owns' it, the > question doesn't make much sense because, again, intellectual > 'property' doesn't really work liky physical property. So again, agreed. :) -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From guninski at guninski.com Sun Jan 11 21:38:10 2015 From: guninski at guninski.com (Georgi Guninski) Date: Mon, 12 Jan 2015 07:38:10 +0200 Subject: Microsoft patch batch pre-alerts now for paying customers ONLY In-Reply-To: References: <20150109132018.GA2552@sivokote.iziade.m$> Message-ID: <20150112053810.GB2645@sivokote.iziade.m$> On Sun, Jan 11, 2015 at 03:09:08PM -0800, coderman wrote: > On 1/9/15, Georgi Guninski wrote: > > http://www.theregister.co.uk/2015/01/09/ms_restricts_security_pre_alerts/ > > > > Microsoft is facing fierce criticism over its decision to > > make pre-notification of upcoming patches available only to > > paid subscribers. > > > can you pay extra for priority rank in the notification queue? Won't be surprised if at least part of this leaks on torrents and the like. Though not sure about leaking SYSTEM preauth. From gfoster at entersection.org Mon Jan 12 06:26:22 2015 From: gfoster at entersection.org (Gregory Foster) Date: Mon, 12 Jan 2015 08:26:22 -0600 Subject: Ronen Horowitz on "needles in the haystack" in Israel Message-ID: <54B3D98E.1090607@entersection.org> Israel Defense (Jan 3) - '"Quite a few Terrorists lost their lives owing to Big Data"': http://www.israeldefense.com/?CategoryID=484&ArticleID=3288 > An exclusive interview granted to Israel Defense by Ronen Horowitz, the Head of the Information Technology Division of [Israel Security Agency], provides a rare glimpse (at least to the extent that may be revealed) at one of the least familiar aspects of counterintelligence work: advanced information technology methods enabling the mining of significant bits of intelligence from the infinite ocean of information that flows in the present era through countless cellular telephones, computers, wireless communication channels, WhatsApp messages and even encrypted messages exchanged through social networks. > > This is Horowitz's first-ever public interview. He completed his term in office in October 2014. So far, his activity has been taking place only behind the shadows of the national defense system. Even his name was a secret. Horowitz was awarded several prizes during his career, including the Israel Security Prize. Following his retirement he has taken up a position in the private sector as head of technologies at the credit company Visa CAL. gf -- Gregory Foster || gfoster at entersection.org @gregoryfoster <> http://entersection.com/ From mirimir at riseup.net Mon Jan 12 09:07:05 2015 From: mirimir at riseup.net (Mirimir) Date: Mon, 12 Jan 2015 10:07:05 -0700 Subject: Rant on BSD vs GPL was [Good ol' BSD vs. GPL] In-Reply-To: <54b35d82.0950e00a.2192.ffff9e33@mx.google.com> References: <20150106175102.GA2495@sivokote.iziade.m$> <4707594.I3Idj6CXql@lapuntu> <54b06d42.4380e00a.7a70.ffff961b@mx.google.com> <2535522.7yjQvbBdOJ@lapuntu> <54b2ebcb.8641e00a.70b7.13e2@mx.google.com> <54b35d82.0950e00a.2192.ffff9e33@mx.google.com> Message-ID: <54B3FF39.6070509@riseup.net> On 01/11/2015 10:39 PM, Juan wrote: > On Sun, 11 Jan 2015 23:00:38 -0500 > grarpamp wrote: > >> On Sun, Jan 11, 2015 at 4:34 PM, Juan wrote: >>> about serious stuff like constantly invoking freedom >>> while being a crass statist. >> >> It's a trap! > > > Ha. Wait! > > https://stallman.org/articles/why-we-need-a-state.html Stallman opines therein: | Above all, we need a state in order to have democracy, which | is the system by which the many non-rich [aka beta, weak, | clueless, stupid, etc] join together to overcome the power | of the rich [aka alpha, powerful, skilled, smart, etc] and | thus deny them control over society. I agree, but only provisionally, and only if the alphas don't control the state. However, alphas typically do end up controlling the state, and that's the fatal defect. What's needed long term is conversion of betas into gammas. With enough gammas, the state will arguably wither away. But I'll be dead long before then, so I focus on the process. > When I first read it I missed this line > > "Copyright (c) 2013 Richard Stallman Verbatim copying and > redistribution of this entire page are permitted provided this > notice is preserved. " > > LMAO! unintentional self-parody at its best. No, he's just saying that he'll track you down and kick your ass if you fuck with his shit. There's no state required for that ;) From grarpamp at gmail.com Mon Jan 12 10:12:43 2015 From: grarpamp at gmail.com (grarpamp) Date: Mon, 12 Jan 2015 13:12:43 -0500 Subject: What is offtopic and what should be avoided on this list? In-Reply-To: <20150112152040.GD2645@sivokote.iziade.m$> References: <20150107120553.GC2512@sivokote.iziade.m$> <54B3C531.7070802@squimp.com> <20150112152040.GD2645@sivokote.iziade.m$> Message-ID: Un Georgi Guninski escrit Wed, 7 Jan 2015 14:05:53: > I would like to know what is offtopic and what should be avoided > on this list. The current official charter on the homepage is: "The Cypherpunks mailing list is a mailing list for discussing cryptography and its effect on society." > Appears to me wide variety of topics are discussed. That's probably because a wide variety of topics are applicable to charter. Understanding and merits of various licenses? Certainly applies to crypto licensing, society's use of crypto, and surrounding trappings. History of computing? Surely if you want to understand where crypto runs and came from. Traditional message formatting, plain text, English language? Yes if you want to communicate broadly and effectively, especially with people who were around well before you, to learn and carry on. > commercial spam. Spam is filtered from lists everywhere. People selling and tagging every post with their own crypto related wares? They are often technically debunked, look dumb, and end up going home. > gross nonsense The decades of cypherpunks list has plenty of moments and characters... radicals, pros and antis, corporates, govts, citizens, assholes, frauds, dreamers, tinhatters, philosophers, savants, ALT's, shills/SP's, notorious actors, and more. All part of its history and makes it what it is. A few people bitching or leaving is nothing out of the ordinary in that context, in fact, that's a compliment to the list. Unless you think Cypherpunk is all about happy homogenized pasteurized consensus and submission, particularly with and regarding the enemy... governments, oppressives, monitors, privacy invaders and whatever else. Ain't no punk in that. Oi! The magic of unmoderated lists, outside of literal spam, is that they're usually self moderating and come back around before long. Of further relevance to your query... Recent thread "The Muslim Problem". http://en.wikipedia.org/wiki/Cypherpunk#Cypherpunk_mailing_list http://cryptome.org/cpunks/cpunks-92-98.zip > Just trying to avoid being banned from unmoderated list ;) Doubt anyone here has anything to worry about in that regard. > the way the heavily censored (in theory small moderated) > Fyodor's full disclosure blocked me at SMTP level. Forking a similarly strict cypherpunks is not restricted by any "license" if people want that (maybe the same conformists and sheeple who complained about al-qaeda.net). Cypherpunk, Oi! From mirimir at riseup.net Mon Jan 12 12:35:52 2015 From: mirimir at riseup.net (Mirimir) Date: Mon, 12 Jan 2015 13:35:52 -0700 Subject: Rant on BSD vs GPL was [Good ol' BSD vs. GPL] In-Reply-To: <9DA4621F-6086-4936-88A9-069BC1E438DB@cathalgarvey.me> References: <20150106175102.GA2495@sivokote.iziade.m$> <4707594.I3Idj6CXql@lapuntu> <54b06d42.4380e00a.7a70.ffff961b@mx.google.com> <2535522.7yjQvbBdOJ@lapuntu> <54b2ebcb.8641e00a.70b7.13e2@mx.google.com> <54b35d82.0950e00a.2192.ffff9e33@mx.google.com> <54B3FF39.6070509@riseup.net> <9DA4621F-6086-4936-88A9-069BC1E438DB@cathalgarvey.me> Message-ID: <54B43028.1070106@riseup.net> On 01/12/2015 12:47 PM, Cathal (Phone) wrote: > I think it inappropriate to insert your own text in a quoted > block without making it clear that you're misquoting someone > deliberately. Whatever your (provably false with well established > psych/sociological research) notions of personal merit vs. wealth, > they are not Stallman's: keep them out of the block, or don't > pretend it's a quote. My condolences if you were misled. Enclosing insertions in quotes between square brackets is standard practice, I believe. I'm not arguing strongly that non-wealth reflects weakness, cluelessness or stupidity. The game is clearly rigged. And there are many worthy goals besides money. But I do believe strongly that victimhood is maladaptive. > On 12 January 2015 17:07:05 GMT+00:00, Mirimir wrote: >> On 01/11/2015 10:39 PM, Juan wrote: >>> On Sun, 11 Jan 2015 23:00:38 -0500 >>> grarpamp wrote: >>> >>>> On Sun, Jan 11, 2015 at 4:34 PM, Juan wrote: >>>>> about serious stuff like constantly invoking freedom >>>>> while being a crass statist. >>>> >>>> It's a trap! >>> >>> >>> Ha. Wait! >>> >>> https://stallman.org/articles/why-we-need-a-state.html >> >> Stallman opines therein: >> >> | Above all, we need a state in order to have democracy, which >> | is the system by which the many non-rich [aka beta, weak, >> | clueless, stupid, etc] join together to overcome the power >> | of the rich [aka alpha, powerful, skilled, smart, etc] and >> | thus deny them control over society. >> >> I agree, but only provisionally, and only if the alphas don't control >> the state. However, alphas typically do end up controlling the state, >> and that's the fatal defect. What's needed long term is conversion of >> betas into gammas. With enough gammas, the state will arguably wither >> away. But I'll be dead long before then, so I focus on the process. >> >>> When I first read it I missed this line >>> >>> "Copyright (c) 2013 Richard Stallman Verbatim copying and >>> redistribution of this entire page are permitted provided this >>> notice is preserved. " >>> >>> LMAO! unintentional self-parody at its best. >> >> No, he's just saying that he'll track you down and kick your ass if you >> fuck with his shit. There's no state required for that ;) > From demonfighter at gmail.com Mon Jan 12 10:42:35 2015 From: demonfighter at gmail.com (Steve Furlong) Date: Mon, 12 Jan 2015 13:42:35 -0500 Subject: What is offtopic and what should be avoided on this list? In-Reply-To: <20150107120553.GC2512@sivokote.iziade.m$> References: <20150107120553.GC2512@sivokote.iziade.m$> Message-ID: On Wed, Jan 7, 2015 at 7:05 AM, Georgi Guninski wrote: > > Though the list is unmoderated, I suspect the dudes in > charge of the list might take action against flooding with > gross nonsense ... Years ago, some people were warning that the NSA and other agencies were monitoring *every* electronic communication, were running half of the TOR nodes, had bribed crypto companies to insert weaknesses, and I don't know what else. Real tin foil hat conspiracy nonsense. Except it wasn't. Revelations from Snowden and others shows that not only were the "nonsense" claims correct, they didn't go far enough. I don't know about anyone else, but I'm going to be very cautious before calling anything nonsense. -- Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1106 bytes Desc: not available URL: From nathan at squimp.com Mon Jan 12 04:59:29 2015 From: nathan at squimp.com (Nathan Andrew Fain) Date: Mon, 12 Jan 2015 13:59:29 +0100 Subject: What is offtopic and what should be avoided on this list? In-Reply-To: <20150107120553.GC2512@sivokote.iziade.m$> References: <20150107120553.GC2512@sivokote.iziade.m$> Message-ID: <54B3C531.7070802@squimp.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I am not authoritative here but I can say how I consume this list. It's different from any other list I know. Consumption is more similar to IRC. There is no real structure and many write under pseudonyms. I don't think you can have a serious discussion of topics that hover around anonymity without accepting the cruft that comes with anonymous contributions. Some people use these "qualities" in this environment and simply masturbate intellectually with. On IRC one develops a way to find interesting comments in-between this noise. And over time one develops interesting mental reflexes and intuitions from these space. This might seem like a description for "how to survive the cypherpunk mailinglist" but these reflexes, once developed, then apply in very interesting ways in other areas of society. One example is the application of anonymous behavior and hierarchies to political science. That is, the role of non-branded ideology and action in politics. or to put simply in some ways the cypherpunks mailing list is 4chan via smtp. thus far I dont think you would find yourself getting banned. though some may just add a mute filter for you if you spam. On 07/01/2015 13:05, Georgi Guninski wrote: > What is offtopic and what should be avoided on this list? > > I would like to know what is offtopic and what should be avoided on > this list. > > Looking for an answer from authoritative source, not a subscriber > of doubtful quality. > > Appears to me wide variety of topics are discussed. > > Though the list is unmoderated, I suspect the dudes in charge of > the list might take action against flooding with gross nonsense or > commercial spam. > > Just trying to avoid being banned from unmoderated list ;), the way > the heavily censored (in theory small moderated) Fyodor's full > disclosure blocked me at SMTP level. > > Best of luck, > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlSzxTEACgkQveagdEkPM4CGQQCg9Eufk2DquCj54krPvW/cqnFD nxwAoP2zVLYp1cc8Y9AJPvbIF4F4Oc+s =nvHy -----END PGP SIGNATURE----- From jya at pipeline.com Mon Jan 12 11:25:46 2015 From: jya at pipeline.com (John Young) Date: Mon, 12 Jan 2015 14:25:46 -0500 Subject: What is offtopic and what should be avoided on this list? In-Reply-To: References: <20150107120553.GC2512@sivokote.iziade.m$> Message-ID: At 01:42 PM 1/12/2015, you wrote: >Except it wasn't. Revelations from Snowden and others shows that not >only were the "nonsense" claims correct, they didn't go far enough. > >I don't know about anyone else, but I'm going to be very cautious >before calling anything nonsense. Excellent reminder those who claim to know, don't. Or won't tell all they know, just enough to build a reputation of responsibility. This applies to Snowden's team of "responsible" releases of a tiny fraction of the full dump Snowden says he gave to the public, then was hi-jacked in transit, most of it in private storage to enhance its value of restricted access. Meanwhile, replacment spy tools are being developed in order that Snowden's gift can be dimissed as nonsense -- a process well underway: NSA head now claims that the Snowden material was not as damaging to natsec as first alleged. Could be psyop to hide the damage, or indicates new means and methods are coming along just fine. From rich at openwatch.net Mon Jan 12 11:28:26 2015 From: rich at openwatch.net (Rich Jones) Date: Mon, 12 Jan 2015 14:28:26 -0500 Subject: USCENTCOM Social Accounts Hacked Message-ID: Not sure if anybody else here has been paying attention to the incredibly weird USCENTCOM social media accounts, but they both just got taken over by ISIS supporters: https://twitter.com/CENTCOM https://www.youtube.com/user/centcom (both now suspended). Likely connected to the (now also suspended) @CyberCaliphate. Now how will CENTCOM selectively release war footage to the public? This was the only public-facing source of direct footage of the current bombing campaign I knew about and now it's gone. I guess we're just going to be kept completely in the dark now if they don't bring the account back online. R ps - if anybody has a few spare bucks, I've got an outstanding related FOIA that needs payment: https://www.muckrock.com/foi/united-states-of-america-10/kill-death-youtube-us-centcom-13572/#files -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1141 bytes Desc: not available URL: From grarpamp at gmail.com Mon Jan 12 12:04:23 2015 From: grarpamp at gmail.com (grarpamp) Date: Mon, 12 Jan 2015 15:04:23 -0500 Subject: [Cryptography] open hardware as a defence against state-level attacks In-Reply-To: <54B3A5F7.8020608@iang.org> References: <54ACE91A.3050808@iang.org> <54B3A5F7.8020608@iang.org> Message-ID: On Mon, Jan 12, 2015 at 5:46 AM, ianG wrote: > > mathematics. We’ve also built an open-source processor with security > features designed to protect both the Tor relay and slow market > applications. This is achieved by separating those processes from the host > operating system with hardware-anchored cryptographic isolation. The system > on chip is based on an OpenSPARC T1 by Sun Microsystems with substantial > enhancements to the hypervisor and two cryptographic co-processors. That > will be released in about a month and the designs for the development board > and the logic of the system on chip will be of course open source. > On 12/01/2015 05:49 am, grarpamp wrote: >> Sorry, but unless your own trusted third party observers are following >> your >> "open" hardware at every step from design to microcode to lithography >> fab through to binary exhaustive test vectors... you are subject to >> potential >> compromise at any step along the way. Please stop claiming otherwise. > Seems like you are letting the perfect be the enemy of the good. Defence in > depth. Defence against fierce & persistent attacks is not about defeating > the enemy totally & utterly but about raising the cost of the easy attacks > to just above the cost of the next easy attack. Rinse & repeat. Yes, incremental helps. Yet let me open another related line of thinking... Where are the open fabs for makers instead of submitting open designs to closed fabs? It's 2015, crowdfunding, open source, non-profits, and public monitoring are done. We're not talking TSMC scale tech here, but a basic backyard shed capability to print useable, useful, marketable silicon. ie: Print off some USB RNG's, radios, DACs/ADCs, even 74 series and discretes, whatever works. Then with that open initial platform, start taking commercial production contracts (even private runs) to pay for growing the open fab. Even including openly replicating yourself. What is the minimum capital and endowment needed to gear up to put 1k, 100k, 500k, 1M, 100M, 1B gates that someone, including makers, would buy down on silicon? From rsw at jfet.org Mon Jan 12 12:13:21 2015 From: rsw at jfet.org (Riad S. Wahby) Date: Mon, 12 Jan 2015 15:13:21 -0500 Subject: What is offtopic and what should be avoided on this list? In-Reply-To: References: <20150107120553.GC2512@sivokote.iziade.m$> Message-ID: <20150112201321.GA13669@antiproton.jfet.org> This list has no moderation other than requiring messages to be from either a subscriber or a known remailer exit. There's also no policy on banning people for "misbehaving." The only addresses I remove from the list are those that become undeliverable. People on the list are expected to be sufficiently internet-savvy that they're able to deal with blacklisting on their end. I suppose if a person decided to DoS the machine running the mailing list I'd do what I could to mitigate, though that's mostly a game of whack-a-mole and, for a sufficiently dedicated adversary, not a game I would win. I've given some thought to an alternative setup, i.e., a new version of the CDR. At some point I hope to find more time for that project. -=rsw From demonfighter at gmail.com Mon Jan 12 12:33:55 2015 From: demonfighter at gmail.com (Steve Furlong) Date: Mon, 12 Jan 2015 15:33:55 -0500 Subject: What is offtopic and what should be avoided on this list? In-Reply-To: <20150112201321.GA13669@antiproton.jfet.org> References: <20150107120553.GC2512@sivokote.iziade.m$> <20150112201321.GA13669@antiproton.jfet.org> Message-ID: On Mon, Jan 12, 2015 at 3:13 PM, Riad S. Wahby wrote: > > At some point I hope to find more time for that project. When you find or make a time dilator, let me know. I could use one. Two, even. -- Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 454 bytes Desc: not available URL: From juan.g71 at gmail.com Mon Jan 12 11:22:35 2015 From: juan.g71 at gmail.com (Juan) Date: Mon, 12 Jan 2015 16:22:35 -0300 Subject: Rant on BSD vs GPL was [Good ol' BSD vs. GPL] In-Reply-To: <54B3FF39.6070509@riseup.net> References: <20150106175102.GA2495@sivokote.iziade.m$> <4707594.I3Idj6CXql@lapuntu> <54b06d42.4380e00a.7a70.ffff961b@mx.google.com> <2535522.7yjQvbBdOJ@lapuntu> <54b2ebcb.8641e00a.70b7.13e2@mx.google.com> <54b35d82.0950e00a.2192.ffff9e33@mx.google.com> <54B3FF39.6070509@riseup.net> Message-ID: <54b41e65.8ca1e00a.5c2f.5a28@mx.google.com> On Mon, 12 Jan 2015 10:07:05 -0700 Mirimir wrote: > > https://stallman.org/articles/why-we-need-a-state.html > > Stallman opines therein: > > | Above all, we need a state in order to have democracy, which > | is the system by which the many non-rich [aka beta, weak, > | clueless, stupid, etc] join together to overcome the power > | of the rich [aka alpha, powerful, skilled, smart, etc] and > | thus deny them control over society. > > I agree, but only provisionally, and only if the alphas don't control > the state. However, alphas typically do end up controlling the state, > and that's the fatal defect. Yep. You quoted and refuted (a part of) Stallman's more general theory. What first caught my attention though was that somebody who's allegedly concerned with freedom, is an advocate of, among other things, public education and 'national' 'defense'. Also, all the rest of 'free' socialist programs he favors require high levels of taxation. But of course, robbery is freedom. > What's needed long term is conversion of > betas into gammas. With enough gammas, the state will arguably wither > away. But I'll be dead long before then, so I focus on the process. > > > When I first read it I missed this line > > > > "Copyright (c) 2013 Richard Stallman Verbatim copying and > > redistribution of this entire page are permitted provided > > this notice is preserved. " > > > > LMAO! unintentional self-parody at its best. > > No, he's just saying that he'll track you down and kick your ass if > you fuck with his shit. There's no state required for that ;) Well, the copyright notice looks like a US government copyright notice. But that's not what I was getting at anyway. The thing is, as Rysiek pointed out, Stallman's position doesn't seem fully consistent. And Mirimir, you've just violated Stallman's copyright! It says "verbatim copying" but you added a comment of your own inside Stallman's text. Brace yourself! From guninski at guninski.com Mon Jan 12 07:20:40 2015 From: guninski at guninski.com (Georgi Guninski) Date: Mon, 12 Jan 2015 17:20:40 +0200 Subject: What is offtopic and what should be avoided on this list? In-Reply-To: <54B3C531.7070802@squimp.com> References: <20150107120553.GC2512@sivokote.iziade.m$> <54B3C531.7070802@squimp.com> Message-ID: <20150112152040.GD2645@sivokote.iziade.m$> Replying to top post with the same. As I clearly wrote, "not a subscriber of doubtful quality", so I consider yours borderline spam. Nothing personal against you (don't know you), but if this list is of enough importance, it likely has paid whore subscribers and me definitely doesn't want advice from them. Cheers, -- georgi On Mon, Jan 12, 2015 at 01:59:29PM +0100, Nathan Andrew Fain wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I am not authoritative here but I can say how I consume this list. > It's different from any other list I know. Consumption is more similar > to IRC. There is no real structure and many write under pseudonyms. I > don't think you can have a serious discussion of topics that hover > around anonymity without accepting the cruft that comes with anonymous > contributions. Some people use these "qualities" in this environment > and simply masturbate intellectually with. On IRC one develops a way > to find interesting comments in-between this noise. And over time one > develops interesting mental reflexes and intuitions from these space. > This might seem like a description for "how to survive the cypherpunk > mailinglist" but these reflexes, once developed, then apply in very > interesting ways in other areas of society. One example is the > application of anonymous behavior and hierarchies to political > science. That is, the role of non-branded ideology and action in politics. > > or to put simply > in some ways the cypherpunks mailing list is 4chan via smtp. > > thus far I dont think you would find yourself getting banned. though > some may just add a mute filter for you if you spam. > > > On 07/01/2015 13:05, Georgi Guninski wrote: > > What is offtopic and what should be avoided on this list? > > > > I would like to know what is offtopic and what should be avoided on > > this list. > > > > Looking for an answer from authoritative source, not a subscriber > > of doubtful quality. > > > > Appears to me wide variety of topics are discussed. > > > > Though the list is unmoderated, I suspect the dudes in charge of > > the list might take action against flooding with gross nonsense or > > commercial spam. > > > > Just trying to avoid being banned from unmoderated list ;), the way > > the heavily censored (in theory small moderated) Fyodor's full > > disclosure blocked me at SMTP level. > > > > Best of luck, > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iEYEARECAAYFAlSzxTEACgkQveagdEkPM4CGQQCg9Eufk2DquCj54krPvW/cqnFD > nxwAoP2zVLYp1cc8Y9AJPvbIF4F4Oc+s > =nvHy > -----END PGP SIGNATURE----- From cathalgarvey at cathalgarvey.me Mon Jan 12 11:47:37 2015 From: cathalgarvey at cathalgarvey.me (Cathal (Phone)) Date: Mon, 12 Jan 2015 19:47:37 +0000 Subject: Rant on BSD vs GPL was [Good ol' BSD vs. GPL] In-Reply-To: <54B3FF39.6070509@riseup.net> References: <20150106175102.GA2495@sivokote.iziade.m$> <4707594.I3Idj6CXql@lapuntu> <54b06d42.4380e00a.7a70.ffff961b@mx.google.com> <2535522.7yjQvbBdOJ@lapuntu> <54b2ebcb.8641e00a.70b7.13e2@mx.google.com> <54b35d82.0950e00a.2192.ffff9e33@mx.google.com> <54B3FF39.6070509@riseup.net> Message-ID: <9DA4621F-6086-4936-88A9-069BC1E438DB@cathalgarvey.me> I think it inappropriate to insert your own text in a quoted block without making it clear that you're misquoting someone deliberately. Whatever your (provably false with well established psych/sociological research) notions of personal merit vs. wealth, they are not Stallman's: keep them out of the block, or don't pretend it's a quote. On 12 January 2015 17:07:05 GMT+00:00, Mirimir wrote: >On 01/11/2015 10:39 PM, Juan wrote: >> On Sun, 11 Jan 2015 23:00:38 -0500 >> grarpamp wrote: >> >>> On Sun, Jan 11, 2015 at 4:34 PM, Juan wrote: >>>> about serious stuff like constantly invoking freedom >>>> while being a crass statist. >>> >>> It's a trap! >> >> >> Ha. Wait! >> >> https://stallman.org/articles/why-we-need-a-state.html > >Stallman opines therein: > >| Above all, we need a state in order to have democracy, which >| is the system by which the many non-rich [aka beta, weak, >| clueless, stupid, etc] join together to overcome the power >| of the rich [aka alpha, powerful, skilled, smart, etc] and >| thus deny them control over society. > >I agree, but only provisionally, and only if the alphas don't control >the state. However, alphas typically do end up controlling the state, >and that's the fatal defect. What's needed long term is conversion of >betas into gammas. With enough gammas, the state will arguably wither >away. But I'll be dead long before then, so I focus on the process. > >> When I first read it I missed this line >> >> "Copyright (c) 2013 Richard Stallman Verbatim copying and >> redistribution of this entire page are permitted provided this >> notice is preserved. " >> >> LMAO! unintentional self-parody at its best. > >No, he's just saying that he'll track you down and kick your ass if you >fuck with his shit. There's no state required for that ;) -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2970 bytes Desc: not available URL: From cypherpunks at cheiraminhavirilha.com Mon Jan 12 12:22:12 2015 From: cypherpunks at cheiraminhavirilha.com (Virilha) Date: Mon, 12 Jan 2015 20:22:12 +0000 Subject: Hohoho, m$ calls google "irresponsible" :)))) In-Reply-To: <20150112135108.GC2645@sivokote.iziade.m$> Message-ID: <20150112202212.Horde.QyocpcGTlgnS9-3j765Kyw1@127.0.0.1> if a company can not fix an issue in 90 days, they should not be writing software. +1 for google, this 90 days policy also prevents m$ feeding 3-letters agencies with 0-days. --Virilha ----- Message from Georgi Guninski --------- Date: Mon, 12 Jan 2015 15:51:08 +0200 From: Georgi Guninski Subject: Hohoho, m$ calls google "irresponsible" :)))) To: cypherpunks at cpunks.org > http://www.theregister.co.uk/2015/01/12/google_microsoft_coordinated_vulnerability_disclosure_policy_battle/ > > Microsoft's feels Google's acted irresponsibly because it not only > planned a fix for the problem on January 13th but also asked Google not > to go public until that day. > ----- > > As i wrote on my blog: > Hohohoh, I am enjoying this :)))) > > Hope they enter a deadly fight on all fronts :)))) > > Once upon a time the shits used the same words for me. ----- End message from Georgi Guninski ----- From rich at openwatch.net Mon Jan 12 20:29:26 2015 From: rich at openwatch.net (Rich Jones) Date: Mon, 12 Jan 2015 23:29:26 -0500 Subject: USCENTCOM Social Accounts Hacked In-Reply-To: References: Message-ID: Screenies: https://imgur.com/a/8XtnR#0 Honestly, the "i love you isis" makes me think this is just a kid hanving a laugh.. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 200 bytes Desc: not available URL: From politynews at gmx.com Mon Jan 12 21:05:03 2015 From: politynews at gmx.com (Polity News) Date: Tue, 13 Jan 2015 00:05:03 -0500 Subject: CISPA 2015 posted online Message-ID: <54B4A77F.1050204@gmx.com> A copy of the CISPA 2015 bill has been posted online. Article http://piratetimes.net/exclusive-a-sneak-peek-at-cispa-2015/ Link to new CISPA bill http://piratetimes.net/wp-uploads/news/2015/01/RUPPER_001_xml-1.pdf From grarpamp at gmail.com Tue Jan 13 00:30:59 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 13 Jan 2015 03:30:59 -0500 Subject: What is offtopic and what should be avoided on this list? In-Reply-To: <20150112152040.GD2645@sivokote.iziade.m$> References: <20150107120553.GC2512@sivokote.iziade.m$> <54B3C531.7070802@squimp.com> <20150112152040.GD2645@sivokote.iziade.m$> Message-ID: On Mon, Jan 12, 2015 at 10:20 AM, Georgi Guninski wrote: > Replying to top post with the same. Is no license to follow nor clear rebuke. > As I clearly wrote, "not a subscriber of doubtful quality", > so I consider yours borderline spam. Cyphunk is welcome here. > if this > list is of enough importance, it likely has paid whore > subscribers and me definitely doesn't want advice from them. A high class whore occupies the subconscious and controls therein. Cheap whores just stand out on the corner. Rubber up. From grarpamp at gmail.com Tue Jan 13 01:10:28 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 13 Jan 2015 04:10:28 -0500 Subject: Cryptography Intellectual Property: Formalities of Cypherpunk Message-ID: How, if at all, should cryptography IP be licensed, patented, and incentivised? (Hardware, software, books, etc.) How, if at all, to tune such formalities to Cypherpunk Theory? Are things like HESSLA of relevant basis? From demonfighter at gmail.com Tue Jan 13 05:57:37 2015 From: demonfighter at gmail.com (Steve Furlong) Date: Tue, 13 Jan 2015 08:57:37 -0500 Subject: Cryptography Intellectual Property: Formalities of Cypherpunk In-Reply-To: <9C09A84C-FA60-4288-BD20-46346C37C934@gmail.com> References: <9C09A84C-FA60-4288-BD20-46346C37C934@gmail.com> Message-ID: On Tue, Jan 13, 2015 at 8:39 AM, Robert Hettinga wrote: > > If it’s encrypted, and I have the key, it’s my property. That’s it. Unless the NSA has backdoored the algorithm or Google/Apple/Amazon have their own keys to your cloud storage or the TLAs have tapped the unencrypted communications channels or ... -- Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 627 bytes Desc: not available URL: From hettinga at gmail.com Tue Jan 13 05:39:06 2015 From: hettinga at gmail.com (Robert Hettinga) Date: Tue, 13 Jan 2015 09:39:06 -0400 Subject: Cryptography Intellectual Property: Formalities of Cypherpunk In-Reply-To: References: Message-ID: <9C09A84C-FA60-4288-BD20-46346C37C934@gmail.com> If it’s encrypted, and I have the key, it’s my property. That’s it. Cheers, RAH From guninski at guninski.com Tue Jan 13 00:29:58 2015 From: guninski at guninski.com (Georgi Guninski) Date: Tue, 13 Jan 2015 10:29:58 +0200 Subject: How come search engines don't crawl the list and I can't find 'robots.txt'? In-Reply-To: <20140413135352.GA2487@sivokote.iziade.m$> References: <20140413135352.GA2487@sivokote.iziade.m$> Message-ID: <20150113082958.GA2589@sivokote.iziade.m$> On Sun, Apr 13, 2014 at 04:53:52PM +0300, Georgi Guninski wrote: > AFAICT the list archives don't show in search engines > and in addition don't see /robots.txt. > > How so? As of now this list appears archived on gmane and is indexed on google: http://blog.gmane.org/gmane.comp.security.cypherpunks From hettinga at gmail.com Tue Jan 13 06:33:11 2015 From: hettinga at gmail.com (Robert Hettinga) Date: Tue, 13 Jan 2015 10:33:11 -0400 Subject: Cryptography Intellectual Property: Formalities of Cypherpunk In-Reply-To: References: <9C09A84C-FA60-4288-BD20-46346C37C934@gmail.com> Message-ID: <2D0C2244-80A7-4B42-90F3-6DAB298BA35B@gmail.com> > On Jan 13, 2015, at 9:57 AM, Steve Furlong wrote: > > Unless the NSA has backdoored the algorithm or Google/Apple/Amazon have their own keys to your cloud storage or the TLAs have tapped the unencrypted communications channels or ... > Then it’s not encrypted, is it? Cheers, RAH http://en.wikipedia.org/wiki/No_true_Scotsman ;-) From cathalgarvey at cathalgarvey.me Tue Jan 13 02:43:17 2015 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Tue, 13 Jan 2015 10:43:17 +0000 Subject: Review appreciated: Golang Crypto/Cert system Message-ID: <54B4F6C5.6000904@cathalgarvey.me> Hi all, This is intended for use in a larger project but I felt the need to abstract and containerise some of the crypto. It uses ECDSA and NaCl as provided in the Golang libraries, and I've tried to join them in as sensible a way as possible without making too many assumptions. Would appreciate some review to make sure I'm not screwing anything up: https://github.com/cathalgarvey/easykeys Thanks, Cathal From drwho at virtadpt.net Tue Jan 13 12:20:54 2015 From: drwho at virtadpt.net (The Doctor) Date: Tue, 13 Jan 2015 12:20:54 -0800 Subject: USCENTCOM Social Accounts Hacked In-Reply-To: References: Message-ID: <54B57E26.5080506@virtadpt.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 01/13/2015 10:46 AM, Daniel Van Wagenen wrote: > Does anyone else find it odd that they posted personnel data on > senior US military officials yet the US Government denies that any > military networks were compromised? Not at all. It is possible (maybe even likely) that whoever wrote the press release about it was told to omit any mention of the personnel data in an attempt to downplay it. People will remember what was talked about, not what was conveniently not talked about. - -- The Doctor [412/724/301/703/415] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "You leave Jack Burton alone!" --Egg Shen, _Big Trouble In Little China_ -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJUtX4hAAoJED1np1pUQ8RkK6wP/0EPGEcFaKAD+c0p/Zb7bbs6 5YG2RWGZXfQDb8JVZqFaBfgHWP0PWG7IDHJi8ycl1FXAS0Wgpr7lrflMmw5c5WCm 7qBmLcJX8pHvBd522t5y/W5DoJu+YRJwMHYAPq4xwnFdwWZ3tEdLxlPZ7YwNp7tg 1RdrZyaEYIlzx3fVBahhHnVRI+9+v7m2mJW8mKkoNXbU2ajX8YwCojxVhgQTbNT/ lNYrVwxSYJKGfyPs2YeN3BWyYvPXm1wdVUSgeBrGC5uPTZCCEWzWrlqRRr3+Kmne IetwlosYUebgN8v83RDRjvSCz+rOZmx67Z3v41e7l+VysShc5B1rdsRp4S0uq9v7 V+osI6uZ4dXWfXnOIUGvmsiA/fwIKr2No35i64hQYHw100Poqn1lMq7L4gvBbK5r n6bqMTYlm4k3Qq2SEblVatwe9Qdc3Sos3PaGZvcHRWfoK5HxSsGr0FG7+QJy2Elm l/yc55lViRT/skX/IF90jnqpjX5Kl9c7oHcjHFNxc2Ji/MeASj5IbjAJ/uudJdAE 0KCXfro+CIetvTl7TezhfrV3hFnIwRPi7vPyrv7gAdC4pRU9/oBPJ6CczUsdpSfS sXeUG7ALmIxMbKvLIgTJsBfdTwlxz2LC/uo8CMB1MVtVdviy4sSzGUa/7AxiHr4i 86ewbMl+hTxHHknuFDGf =ol4q -----END PGP SIGNATURE----- From komachi at openmailbox.org Tue Jan 13 05:12:25 2015 From: komachi at openmailbox.org (Anton Nesterov) Date: Tue, 13 Jan 2015 13:12:25 +0000 Subject: 3 Bitcoin-related websites blocked in Russia, including bitcoin.org Message-ID: <54B519B9.8040002@openmailbox.org> So today bitcoin.org (208.64.123.130), bitcoin.it (162.159.245.241, 162.159.246.241) and btcsec.com (188.40.102.131 was blocked country-wide, because Neviansky's court of Sverdlovsk oblast rule 2-978/2014 on 30 September 2014. Text of this judgment is not known, it's not on their website yet (Russian laws force courts to publish their judgments on the Internet), so this is hard to say what for exactly this websites was blocked. The bill that allow to block Bitcoin-related websites is still a draft. http://tjournal.ru/paper/bitcoin-org-rkn (Russian) -- https://nesterov.pw GPG key: 0CE8 65F1 9043 2B11 25A5 74A7 1187 6869 67AA 56E4 https://keybase.io/komachi/key.asc From mirimir at riseup.net Tue Jan 13 12:14:05 2015 From: mirimir at riseup.net (Mirimir) Date: Tue, 13 Jan 2015 13:14:05 -0700 Subject: Rant on BSD vs GPL was [Good ol' BSD vs. GPL] In-Reply-To: <54b41e65.8ca1e00a.5c2f.5a28@mx.google.com> References: <20150106175102.GA2495@sivokote.iziade.m$> <4707594.I3Idj6CXql@lapuntu> <54b06d42.4380e00a.7a70.ffff961b@mx.google.com> <2535522.7yjQvbBdOJ@lapuntu> <54b2ebcb.8641e00a.70b7.13e2@mx.google.com> <54b35d82.0950e00a.2192.ffff9e33@mx.google.com> <54B3FF39.6070509@riseup.net> <54b41e65.8ca1e00a.5c2f.5a28@mx.google.com> Message-ID: <54B57C8D.1080302@riseup.net> On 01/12/2015 12:22 PM, Juan wrote: > On Mon, 12 Jan 2015 10:07:05 -0700 > Mirimir wrote: > >>> https://stallman.org/articles/why-we-need-a-state.html >> >> Stallman opines therein: >> >> | Above all, we need a state in order to have democracy, which >> | is the system by which the many non-rich [aka beta, weak, >> | clueless, stupid, etc] join together to overcome the power >> | of the rich [aka alpha, powerful, skilled, smart, etc] and >> | thus deny them control over society. >> >> I agree, but only provisionally, and only if the alphas don't control >> the state. However, alphas typically do end up controlling the state, >> and that's the fatal defect. > > Yep. > > You quoted and refuted (a part of) Stallman's more general > theory. > > What first caught my attention though was that somebody who's > allegedly concerned with freedom, is an advocate of, among other > things, public education and 'national' 'defense'. > > Also, all the rest of 'free' socialist programs he favors > require high levels of taxation. But of course, robbery is > freedom. Right, all of that stuff ought to be funded by voluntary contributions, either from self-interest or compassion and generosity. Robbery is unprovoked aggression. >> What's needed long term is conversion of >> betas into gammas. With enough gammas, the state will arguably wither >> away. But I'll be dead long before then, so I focus on the process. >> >>> When I first read it I missed this line >>> >>> "Copyright (c) 2013 Richard Stallman Verbatim copying and >>> redistribution of this entire page are permitted provided >>> this notice is preserved. " >>> >>> LMAO! unintentional self-parody at its best. >> >> No, he's just saying that he'll track you down and kick your ass if >> you fuck with his shit. There's no state required for that ;) > > > Well, the copyright notice looks like a US government copyright > notice. But that's not what I was getting at anyway. Yes, you're right. He could have used non-state terminology. > The thing is, as Rysiek pointed out, Stallman's position > doesn't seem fully consistent. > > And Mirimir, you've just violated Stallman's copyright! It says > "verbatim copying" but you added a comment of your own inside > Stallman's text. Brace yourself! Not at all. Short quotes in reviews etc are fair use. From mirimir at riseup.net Tue Jan 13 12:21:21 2015 From: mirimir at riseup.net (Mirimir) Date: Tue, 13 Jan 2015 13:21:21 -0700 Subject: What is offtopic and what should be avoided on this list? In-Reply-To: References: <20150107120553.GC2512@sivokote.iziade.m$> <54B3C531.7070802@squimp.com> <20150112152040.GD2645@sivokote.iziade.m$> Message-ID: <54B57E41.2080509@riseup.net> On 01/12/2015 11:12 AM, grarpamp wrote: > Un Georgi Guninski escrit Wed, 7 Jan 2015 14:05:53: >> I would like to know what is offtopic and what should be avoided >> on this list. > > The current official charter on the homepage is: > > "The Cypherpunks mailing list is a mailing list for discussing > cryptography and its effect on society." > >> Appears to me wide variety of topics are discussed. > > That's probably because a wide variety of topics are applicable to > charter. >> gross nonsense > > The decades of cypherpunks list has plenty of moments and characters... > radicals, pros and antis, corporates, govts, citizens, assholes, > frauds, dreamers, tinhatters, philosophers, savants, ALT's, > shills/SP's, notorious actors, and more. All part of its history > and makes it what it is. A few people bitching or leaving is nothing > out of the ordinary in that context, in fact, that's a compliment > to the list. Unless you think Cypherpunk is all about happy > homogenized pasteurized consensus and submission, particularly with > and regarding the enemy... governments, oppressives, monitors, > privacy invaders and whatever else. Ain't no punk in that. Oi! I recall toto, with great fondness :) From dvanwag at gmail.com Tue Jan 13 10:46:37 2015 From: dvanwag at gmail.com (Daniel Van Wagenen) Date: Tue, 13 Jan 2015 13:46:37 -0500 Subject: USCENTCOM Social Accounts Hacked In-Reply-To: References: Message-ID: Does anyone else find it odd that they posted personnel data on senior US military officials yet the US Government denies that any military networks were compromised? On Mon, Jan 12, 2015 at 11:29 PM, Rich Jones wrote: > Screenies: https://imgur.com/a/8XtnR#0 Honestly, the "i love you isis" makes > me think this is just a kid hanving a laugh.. From hozer at hozed.org Tue Jan 13 11:52:32 2015 From: hozer at hozed.org (Troy Benjegerdes) Date: Tue, 13 Jan 2015 13:52:32 -0600 Subject: What is offtopic and what should be avoided on this list? In-Reply-To: References: <20150107120553.GC2512@sivokote.iziade.m$> <54B3C531.7070802@squimp.com> <20150112152040.GD2645@sivokote.iziade.m$> Message-ID: <20150113195232.GA14804@nl.grid.coop> On Tue, Jan 13, 2015 at 03:30:59AM -0500, grarpamp wrote: > On Mon, Jan 12, 2015 at 10:20 AM, Georgi Guninski wrote: > > Replying to top post with the same. > > Is no license to follow nor clear rebuke. > > > As I clearly wrote, "not a subscriber of doubtful quality", > > so I consider yours borderline spam. > > Cyphunk is welcome here. > > > if this > > list is of enough importance, it likely has paid whore > > subscribers and me definitely doesn't want advice from them. > > A high class whore occupies the subconscious and controls therein. > Cheap whores just stand out on the corner. Rubber up. Such flattery. Use the data force luke and put a rubber on your smtp if you are worried about catching something From hozer at hozed.org Tue Jan 13 12:01:41 2015 From: hozer at hozed.org (Troy Benjegerdes) Date: Tue, 13 Jan 2015 14:01:41 -0600 Subject: bitcoin tinfoil-hattery Message-ID: <20150113200141.GB14804@nl.grid.coop> Theory of the day: 1) Naked short bitcoin (not sure how, but I'm sure some bankster did) 2) http://blog.cex.io/news/cex-io-temporarily-suspends-cloud-mining-services/ 3) use profits from shorting to hire cex.io 'idled' capacity 4) double-spend on competing exchanges (or against competing investors funds) 5) buy an island or three, or a politician or 5 Plausibility on a scale of 1-5 .. I say 4, what say you all? From demonfighter at gmail.com Tue Jan 13 11:08:27 2015 From: demonfighter at gmail.com (Steve Furlong) Date: Tue, 13 Jan 2015 14:08:27 -0500 Subject: USCENTCOM Social Accounts Hacked In-Reply-To: References: Message-ID: On Tue, Jan 13, 2015 at 1:46 PM, Daniel Van Wagenen wrote: > > Does anyone else find it odd that they posted personnel data on senior > US military officials yet the US Government denies that any military > networks were compromised? The government spokesman is ignorant or dishonest. What's odd about that? -- Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 647 bytes Desc: not available URL: From grarpamp at gmail.com Tue Jan 13 11:09:26 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 13 Jan 2015 14:09:26 -0500 Subject: Does Cypherpunk need a Church? Message-ID: Does Cypherpunk need a Church? If so, what should it look like? Who are its priests? What are its idols? What happens to alms? For whom is its mission? How does it go about things and/or serve its people in the famliar (or unfamiliar) ways of other churches? Is it purely internal or does it have political or other external elements? Etc... https://en.wikipedia.org/wiki/Missionary_Church_of_Kopimism https://en.wikipedia.org/wiki/Jediism https://en.wikipedia.org/wiki/Anonymous_(group) https://en.wikipedia.org/wiki/Raelism https://en.wikipedia.org/wiki/Religious_organization https://en.wikipedia.org/wiki/Classifications_of_religious_movements https://en.wikipedia.org/wiki/New_religious_movement https://en.wikipedia.org/wiki/List_of_new_religious_movements From hozer at hozed.org Tue Jan 13 12:19:41 2015 From: hozer at hozed.org (Troy Benjegerdes) Date: Tue, 13 Jan 2015 14:19:41 -0600 Subject: Cryptography Imaginary Property: Formalities of Cypherpunk In-Reply-To: <5807656.bEsV81r7Cy@lapuntu> References: <3932827.c1u7vRUG6D@lapuntu> <5807656.bEsV81r7Cy@lapuntu> Message-ID: <20150113201941.GC14804@nl.grid.coop> On Tue, Jan 13, 2015 at 08:31:03PM +0100, rysiek wrote: > Hi there, > > Dnia wtorek, 13 stycznia 2015 15:14:06 Robert Hettinga pisze: > > > The question is not about encrypted materials, but about encryption > > > algorithms and tools, as far as I understand. > > > > Patents and copyrights aren’t property. They’re government granted > > monopolies. They’re no more property than your driver’s license. > > Well, I have posted this link on this list at least several times, but here it > goes again: > http://copyspeak.org/intellectual-property > > tl;dr we're agreed here > > > Property is the application of mind to *matter*, to quote a great Flash > > animation. > > Yes. > > > An idea can not be property. Ever. > > Absolutely. > > > So. Again. If it’s *encrypted*, and I have the key, it’s my property. I > > control the physical bits. > > Otherwise it’s not my property. > > It is not, actually. If you're going for such a strong definition of property, > with which I can agree, than let's stay coherent, shall we? The property of > yours is the physical device the bits are saved on. The harddrive, DVD, > pendrive, whatever. That's your *property*. The encrypted data is just this: > encrypted data. > > Otherwise you would find yourself in an interesting world where applying > encryption to data (both of which are not property, right) magically > transforms something immaterial and "not-property" into "property". If I have an image I took of my farm, turn it into digital bits, and put the DVD in a safe, so nothing can copy it, it's my property. If encrypt the image, and keep the private key in my safe, so nothing can copy the original image, it's my property. Now maybe I install some robots with guns to defend the safe too.... If I slap a creative commons license on the image... well, that's asking the government (which is a lot like a robot) to hold a gun to anyone's head who tries to modify the image and pass it off as their 'property'. Is the last one still my property? I guess that depends on your viewpoint on the validity of the robots of buearocracy, and if they have their guns pointed at you or not. > That's the world the MPAA's/RIAA's/MAFIAA's are trying to create, look no > further than the DMCA, under which even the simplest encryption algorithm > (say, ROT13) applied to copyrighted material by the rights holder makes it > illegal for others to publish the key (in this case, 13), as it becomes the > "property" of the encrypting party. Look it up. > > Data, encrypted or not, are not property; however, they can fall under a > number of state-granted monopolies, as you have said. Here, I even changed the > topic of this e-mail for your convenience. > > And in this vein my previous mail has been written -- as far as I understand, > the original question was about how encryption *algorithms* (and *not* > encrypted data itself) should be handled from the Imaginary Property Law > standpoint (so: patents, copyrights, etc). > > And I have provided an answer from my perspective in said previous mail. > > -- > Pozdrawiam, > Michał "rysiek" Woźniak > > Zmieniam klucz GPG :: http://rys.io/pl/147 > GPG Key Transition :: http://rys.io/en/147 -- ---------------------------------------------------------------------------- Troy Benjegerdes 'da hozer' hozer at hozed.org 7 elements earth::water::air::fire::mind::spirit::soul grid.coop Never pick a fight with someone who buys ink by the barrel, nor try buy a hacker who makes money by the megahash From kyboren at riseup.net Tue Jan 13 06:03:12 2015 From: kyboren at riseup.net (Andrew) Date: Tue, 13 Jan 2015 15:03:12 +0100 Subject: CISPA 2015 posted online In-Reply-To: <54B4A77F.1050204@gmx.com> References: <54B4A77F.1050204@gmx.com> Message-ID: <54B525A0.6080600@riseup.net> On 01/13/15 06:05, Polity News wrote: > A copy of the CISPA 2015 bill has been posted online. Article > http://piratetimes.net/exclusive-a-sneak-peek-at-cispa-2015/ > > Link to new CISPA bill > http://piratetimes.net/wp-uploads/news/2015/01/RUPPER_001_xml-1.pdf > Thanks for this. IANAL, and I only quickly perused the draft bill. However, I'm having trouble wrapping my head around what this bill is really *about*. It seems vague, and as far as I can see has no clear purpose. It smells of being written to look like one thing, while providing legal cover for something totally different. I have a lot of questions. Maybe those with more experience or cynicism can answer. I'll start with the definitions: > 9 (2) CYBER THREAT INFORMATION, CYBER > 10 THREAT INTELLIGENCE, CYBERSECURITY CRIMES, > 11 CYBERSECURITY PROVIDER, CYBERSECURITY PUR- > 12 POSE, AND SELF-PROTECTED ENTITY.The terms > 13 ‘‘cyber threat information’’, ‘‘cyber threat intel- > 14 ligence’’, ‘‘cybersecurity crimes’’, ‘‘cybersecurity pro- > 15 vider’’, ‘‘cybersecurity purpose’’, and ‘‘self-protected > 16 entity’’ have the meaning given those terms in sec- > 17 tion 1104 of the National Security Act of 1947, as > 18 added by section 3(a) of this Act. CYBER THREAT INFORMATION: > 13 ‘‘(A) IN GENERAL. The term ‘cyber > 14 threat information’ means information directly > 15 pertaining to > 16 ‘‘(i) a vulnerability of a system or net- > 17 work of a government or private entity or > 18 utility; > 19 ‘‘(ii) a threat to the integrity, con- > 20 fidentiality, or availability of a system or > 21 network of a government or private entity > 22 or utility or any information stored on, > 23 processed on, or transiting such a system > 24 or network; > 1 ‘‘(iii) efforts to deny access to or de- > 2 grade, disrupt, or destroy a system or net- > 3 work of a government or private entity or > 4 utility; or > 5 ‘‘(iv) efforts to gain unauthorized ac- > 6 cess to a system or network of a govern- > 7 ment or private entity or utility, including > 8 to gain such unauthorized access for the > 9 purpose of exfiltrating information stored > 10 on, processed on, or transiting a system or > 11 network of a government or private entity > 12 or utility. > 13 ‘‘(B) EXCLUSION. Such term does not in > 14 clude information pertaining to efforts to gain > 15 unauthorized access to a system or network of > 16 a government or private entity or utility that > 17 solely involve violations of consumer terms of > 18 service or consumer licensing agreements and > 19 do not otherwise constitute unauthorized access. This appears identical (as far as I can see) to the language used for "cybersecurity intelligence", which is the same thing but origination from the "intelligence community" (so, NSA). So, information "directly pertaining to" a vulnerability, a threat to a network, DoS attacks, efforts to gain "unauthorized access" (but not to be construed as including ToS violations). What kind of information is "directly pertaining to" these? Why does the bill provide for "anonymization and minimization" of such data? And most of all, what prevented the sharing of such information before? The third party doctrine means any entity could share nearly any information at hand with the Feds and they could still use it in court. But this talk of excluding ToS violations and "minimizing" this information smacks a lot like a concern about criminal matters. Further, this bill does not appear to give or modify any FedGov authority to use its cybersecurity systems on private networks *for the protection of those networks*: > 14 ‘‘(4) LIMITATION ON FEDERAL GOVERNMENT > 15 USE OF CYBERSECURITY SYSTEMS. Nothing in this > 16 section shall be construed to provide additional au- > 17 thority to, or modify an existing authority of, any > 18 entity to use a cybersecurity system owned or con- > 19 trolled by the Federal Government on a private-sec- > 20 tor system or network to protect such private-sector > 21 system or network. Did I miss something about giving authority to place systems on private networks for the protection of FedGov networks? Also interesting to note that it defines "cybersecurity crime" as anything that violates CFAA *or* state law--IMO a very bad idea, as legislators in states like Mississippi have even less experience in computer security than Federal legislators, and fewer resources to make informed decisions--if they even intend to. CYBERSECURITY CRIME: > 4 ‘‘(6) CYBERSECURITY CRIME. The term > 5 ‘cybersecurity crime’ means > 6 ‘‘(A) a crime under a Federal or State law > 7 that involves > 8 ‘‘(i) efforts to deny access to or de- > 9 grade, disrupt, or destroy a system or net- > 10 work; > 11 ‘‘(ii) efforts to gain unauthorized ac- > 12 cess to a system or network; or > 13 ‘‘(iii) efforts to exfiltrate information > 14 from a system or network without author- > 15 ization; or > 16 ‘‘(B) the violation of a provision of Federal > 17 law relating to computer crimes, including a > 18 violation of any provision of title 18, United > 19 States Code, created or amended by the Com- > 20 puter Fraud and Abuse Act of 1986 (Public > 21 Law 99474). And of course, our corporate overlords are the only ones this applies to; individuals cannot avail themselves of the new information sharing bonanza. What's the reason (both claimed and ulterior) for excluding individuals? > 15 ‘‘(11) PROTECTED ENTITY. The term ‘pro > 16 tected entity’ means an entity, other than an indi- > 17 vidual, that contracts with a cybersecurity provider > 18 for goods or services to be used for cybersecurity > 19 purposes. > 20 ‘‘(12) SELF-PROTECTED ENTITY. The term > 21 ‘self-protected entity’ means an entity, other than an > 22 individual, that provides goods or services for > 23 cybersecurity purposes to itself. Maybe I missed something, but the very last page is concerning: > 5 Nothing in this Act or the amendments made by this > 6 Act shall be construed to provide authority to a depart- > 7 ment or agency of the Federal Government to require a > 8 cybersecurity provider that has contracted with the Fed- > 9 eral Government to provide information services to provide > 10 information about cybersecurity incidents that do not pose > 11 a threat to the Federal Government’s information. So: there's no obligation to provide information about incidents that do not pose a threat to the FedGov. Is there a section which *does* obligate these corporations to share information about incidents which *do* pose a threat to FedGov?!? Now, about the use of the data.... > 12 ‘‘(7) LIMITATION ON SURVEILLANCE. Nothing > 13 in this section shall be construed to authorize the > 14 Department of Defense or the National Security > 15 Agency or any other element of the intelligence com- > 16 munity to target a United States person for surveil- > 17 lance. This paragraph, as we all know, is completely meaningless, as the surveillance machine is untargeted. If you target everyone rather than someone in particular, this "restriction" is totally useless. Very interesting language here: > 19 ‘‘(2) AFFIRMATIVE RESTRICTION. > 20 The Federal Government may not affirmatively > 21 search cyber threat information shared with the > 22 Federal Government under subsection (b) for a pur- > 23 pose other than a purpose referred to in paragraph > 24 (1). What is an "affirmative search", and how is it different from "search"? Is this another weasel-term to prohibit "human" searches while allowing automated searches? In any case, the FedGov is allowed to use the information for: > 18 ‘‘(c) FEDERAL GOVERNMENT USE OF INFORMA- > 19 TION . > 20 ‘‘(1) LIMITATION.The Federal Government > 21 may use cyber threat information shared with the > 22 Federal Government in accordance with subsection > 23 (b) > 24 ‘‘(A) for cybersecurity purposes; > 1 ‘‘(B) for the investigation and prosecution > 2 of cybersecurity crimes; > 3 ‘‘(C) for the protection of individuals from > 4 the danger of death or serious bodily harm and > 5 the investigation and prosecution of crimes in- > 6 volving such danger of death or serious bodily > 7 harm; or > 8 ‘‘(D) for the protection of minors from > 9 child pornography, any risk of sexual exploi- > 10 tation, and serious threats to the physical safe- > 11 ty of minors, including kidnapping and traf- > 12 ficking and the investigation and prosecution of > 13 crimes involving child pornography, any risk of > 14 sexual exploitation, and serious threats to the > 15 physical safety of minors, including kidnapping > 16 and trafficking, and any crime referred to in > 17 section 2258A(a)(2) of title 18, United States > 18 Code. So, protecting minors from "any risk of sexual exploitation" and generally "thinking of the children", preventing murder and kidnapping, for protection against any of the four "cyber threats" defined in the first quote above, and... drumroll please... for prosecuting hackers. I'm guessing (B) is the real key here. ---------- It's hard to piece this all together, and I really want to hear others' impressions. My impression is that: 1) DNI collected by NSA can be very useful in investigations, but prosecutors cannot use the evidence without disclosing sources and methods. 1a) The old solution to this problem was "parallel construction". 1b) Parallel construction is now under scrutiny, and they can't use it as easily as before. 2) But what if that data wasn't collected in an intelligence operation--what if organizations gave us this data directly? 3) Then FBI/NSA can still use the same DNI they've always been collecting, and acquired in the same way it always has benn, but they can now just claim that the organization concerned gave it to them, so a) it can be used in court without 4th amd. challenges, and b) there's no risk of disclosing sources and methods. What does everyone else think? From grarpamp at gmail.com Tue Jan 13 12:09:05 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 13 Jan 2015 15:09:05 -0500 Subject: Does Cypherpunk need a Church? In-Reply-To: References: Message-ID: > Does Cypherpunk need a Church? Having been informed of potentially relevant links/models, be they serious, officially recognized, related to tech or not, discuss the cypherpunk... https://en.wikipedia.org/wiki/UFO_religion https://en.wikipedia.org/wiki/Parody_religion https://en.wikipedia.org/wiki/Church_of_the_SubGenius https://en.wikipedia.org/wiki/Modern_paganism From hettinga at gmail.com Tue Jan 13 11:14:06 2015 From: hettinga at gmail.com (Robert Hettinga) Date: Tue, 13 Jan 2015 15:14:06 -0400 Subject: Cryptography Intellectual Property: Formalities of Cypherpunk In-Reply-To: <3932827.c1u7vRUG6D@lapuntu> References: <9C09A84C-FA60-4288-BD20-46346C37C934@gmail.com> <3932827.c1u7vRUG6D@lapuntu> Message-ID: > On Jan 13, 2015, at 2:34 PM, rysiek wrote: > > The question is not about encrypted materials, but about encryption algorithms > and tools, as far as I understand. Patents and copyrights aren’t property. They’re government granted monopolies. They’re no more property than your driver’s license. Property is the application of mind to *matter*, to quote a great Flash animation. An idea can not be property. Ever. So. Again. If it’s *encrypted*, and I have the key, it’s my property. I control the physical bits. Otherwise it’s not my property. Cheers, RAH From demonfighter at gmail.com Tue Jan 13 12:20:09 2015 From: demonfighter at gmail.com (Steve Furlong) Date: Tue, 13 Jan 2015 15:20:09 -0500 Subject: Does Cypherpunk need a Church? In-Reply-To: References: Message-ID: On Tue, Jan 13, 2015 at 2:09 PM, grarpamp wrote: > > Does Cypherpunk need a Church? Maybe 15 years ago I put together the paperwork for the Church of Cybernetic Certainty. The IRS (IIRC; it may have been the NYS tax department) basically told me to screw off. On the plus side, it was amusing to put together my church's policies and it didn't cost anything to put in the paperwork, and it annoyed a bureaucrat. -- Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 733 bytes Desc: not available URL: From grarpamp at gmail.com Tue Jan 13 12:35:14 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 13 Jan 2015 15:35:14 -0500 Subject: bitcoin tinfoil-hattery In-Reply-To: <20150113200141.GB14804@nl.grid.coop> References: <20150113200141.GB14804@nl.grid.coop> Message-ID: On Tue, Jan 13, 2015 at 3:01 PM, Troy Benjegerdes wrote: > Theory of the day: > > 1) Naked short bitcoin (not sure how, but I'm sure some bankster did) > 3) use profits from shorting to hire cex.io 'idled' capacity > 4) double-spend on competing exchanges (or against competing investors funds) > 5) buy an island or three, or a politician or 5 > > Plausibility on a scale of 1-5 .. I say 4, what say you all? There are certainly some people with a plan... make money on both the up and down. Mining is experiencing a hiccup but not affecting tx flow or fees yet. What will the next Bitcoin peak and return look like? The path new currencies and economic models take to stady state is interesting. It's good to have them appear once in a while. If you're buying politicians from your Bitcoin plays, both of you probably need Bitcoin to continue to exist. Longer existance results in better legitimacy, stability, and more participants in the average... making some games a bit harder to play. From grarpamp at gmail.com Tue Jan 13 12:50:45 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 13 Jan 2015 15:50:45 -0500 Subject: Cryptography Intellectual Property: Formalities of Cypherpunk In-Reply-To: <3932827.c1u7vRUG6D@lapuntu> References: <9C09A84C-FA60-4288-BD20-46346C37C934@gmail.com> <3932827.c1u7vRUG6D@lapuntu> Message-ID: On Tue, Jan 13, 2015 at 1:34 PM, rysiek wrote: > Dnia wtorek, 13 stycznia 2015 09:39:06 Robert Hettinga pisze: >> If it’s encrypted, and I have the key, it’s my property. That’s it. > > The question is not about encrypted materials, but about encryption algorithms > and tools, as far as I understand. As in OP, it is. ,,,the ideas, expressed, and tuning their license etc to cypherpunk the same way gpl tunes to their vision of 'freedom'. Hessla theirs, etc. Robert could be viewed as that key is itself the definition of one plain answer to the question. From mirimir at riseup.net Tue Jan 13 15:00:07 2015 From: mirimir at riseup.net (Mirimir) Date: Tue, 13 Jan 2015 16:00:07 -0700 Subject: Does Cypherpunk need a Church? In-Reply-To: References: <3954649.aPyGTqJOMT@lapuntu> Message-ID: <54B5A377.7020008@riseup.net> On 01/13/2015 02:08 PM, grarpamp wrote: > On Tue, Jan 13, 2015 at 2:47 PM, rysiek wrote: >> Dnia wtorek, 13 stycznia 2015 14:09:26 grarpamp pisze: >>> Does Cypherpunk need a Church? >> >> Don't we have more pressing issues to deal with? >> >> Here, let's get this over with: >> http://en.wikipedia.org/wiki/Invisible_Pink_Unicorn >> http://en.wikipedia.org/wiki/Discordianism > > Many people have a need to identify with, participate in, and derive > support from, a formal structure or at least a well defined meme... > before they can independantly or collectively deal with issues. > Even if what they follow ends up being Invisible Discordia. I'm an agnostic Discordian. All Hail Eris! Or maybe All Hail Popper ;) From komachi at openmailbox.org Tue Jan 13 08:03:53 2015 From: komachi at openmailbox.org (Anton Nesterov) Date: Tue, 13 Jan 2015 16:03:53 +0000 Subject: 3 Bitcoin-related websites blocked in Russia, including bitcoin.org In-Reply-To: <54B519B9.8040002@openmailbox.org> References: <54B519B9.8040002@openmailbox.org> Message-ID: <54B541E9.3030409@openmailbox.org> coinspot.io and indacoin.com was blocked too, so it's 5 websites. Quote from the judgment posted by RKN: "As article 27 of Federal law "On Central bank of Russian Federation" says, official monetary unit (currency) of Russian Federation is ruble. Introduction others monetary units and issuing money surrogates on the territory of Russia is prohibited. Under such conditions, cryptocurrencies, including "Bitcoin", are money surrogates, they contribute to the rise of underground economy, and can't be used by citizens and entitles on the territory of Russian Federation" https://vk.com/wall-76229642_16558 Anton Nesterov: > So today bitcoin.org (208.64.123.130), bitcoin.it (162.159.245.241, > 162.159.246.241) and btcsec.com (188.40.102.131 was blocked > country-wide, because Neviansky's court of Sverdlovsk oblast rule > 2-978/2014 on 30 September 2014. Text of this judgment is not known, > it's not on their website yet (Russian laws force courts to publish > their judgments on the Internet), so this is hard to say what for > exactly this websites was blocked. The bill that allow to block > Bitcoin-related websites is still a draft. > > > http://tjournal.ru/paper/bitcoin-org-rkn (Russian) > -- https://nesterov.pw GPG key: 0CE8 65F1 9043 2B11 25A5 74A7 1187 6869 67AA 56E4 https://keybase.io/komachi/key.asc From grarpamp at gmail.com Tue Jan 13 13:08:11 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 13 Jan 2015 16:08:11 -0500 Subject: Does Cypherpunk need a Church? In-Reply-To: <3954649.aPyGTqJOMT@lapuntu> References: <3954649.aPyGTqJOMT@lapuntu> Message-ID: On Tue, Jan 13, 2015 at 2:47 PM, rysiek wrote: > Dnia wtorek, 13 stycznia 2015 14:09:26 grarpamp pisze: >> Does Cypherpunk need a Church? > > Don't we have more pressing issues to deal with? > > Here, let's get this over with: > http://en.wikipedia.org/wiki/Invisible_Pink_Unicorn > http://en.wikipedia.org/wiki/Discordianism Many people have a need to identify with, participate in, and derive support from, a formal structure or at least a well defined meme... before they can independantly or collectively deal with issues. Even if what they follow ends up being Invisible Discordia. From 4chaos.onelove at gmail.com Tue Jan 13 14:20:47 2015 From: 4chaos.onelove at gmail.com (Henry Rivera) Date: Tue, 13 Jan 2015 17:20:47 -0500 Subject: USCENTCOM Social Accounts Hacked In-Reply-To: <54B57E26.5080506@virtadpt.net> References: <54B57E26.5080506@virtadpt.net> Message-ID: Media I saw reported that the personnel info published was all publicly available. Thus the intent was to create the impression that networks were compromised. Govt line however is that the info was not confidential. I haven't done any research however to confirm even the face validity of that. On Tue, Jan 13, 2015 at 3:20 PM, The Doctor wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > On 01/13/2015 10:46 AM, Daniel Van Wagenen wrote: > > Does anyone else find it odd that they posted personnel data on > > senior US military officials yet the US Government denies that any > > military networks were compromised? > > Not at all. It is possible (maybe even likely) that whoever wrote the > press release about it was told to omit any mention of the personnel > data in an attempt to downplay it. People will remember what was > talked about, not what was conveniently not talked about. > > - -- > The Doctor [412/724/301/703/415] [ZS] > Developer, Project Byzantium: http://project-byzantium.org/ > > PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 > WWW: https://drwho.virtadpt.net/ > > "You leave Jack Burton alone!" --Egg Shen, _Big Trouble In Little China_ > > -----BEGIN PGP SIGNATURE----- > > iQIcBAEBCgAGBQJUtX4hAAoJED1np1pUQ8RkK6wP/0EPGEcFaKAD+c0p/Zb7bbs6 > 5YG2RWGZXfQDb8JVZqFaBfgHWP0PWG7IDHJi8ycl1FXAS0Wgpr7lrflMmw5c5WCm > 7qBmLcJX8pHvBd522t5y/W5DoJu+YRJwMHYAPq4xwnFdwWZ3tEdLxlPZ7YwNp7tg > 1RdrZyaEYIlzx3fVBahhHnVRI+9+v7m2mJW8mKkoNXbU2ajX8YwCojxVhgQTbNT/ > lNYrVwxSYJKGfyPs2YeN3BWyYvPXm1wdVUSgeBrGC5uPTZCCEWzWrlqRRr3+Kmne > IetwlosYUebgN8v83RDRjvSCz+rOZmx67Z3v41e7l+VysShc5B1rdsRp4S0uq9v7 > V+osI6uZ4dXWfXnOIUGvmsiA/fwIKr2No35i64hQYHw100Poqn1lMq7L4gvBbK5r > n6bqMTYlm4k3Qq2SEblVatwe9Qdc3Sos3PaGZvcHRWfoK5HxSsGr0FG7+QJy2Elm > l/yc55lViRT/skX/IF90jnqpjX5Kl9c7oHcjHFNxc2Ji/MeASj5IbjAJ/uudJdAE > 0KCXfro+CIetvTl7TezhfrV3hFnIwRPi7vPyrv7gAdC4pRU9/oBPJ6CczUsdpSfS > sXeUG7ALmIxMbKvLIgTJsBfdTwlxz2LC/uo8CMB1MVtVdviy4sSzGUa/7AxiHr4i > 86ewbMl+hTxHHknuFDGf > =ol4q > -----END PGP SIGNATURE----- > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2604 bytes Desc: not available URL: From adi at hexapodia.org Tue Jan 13 17:56:32 2015 From: adi at hexapodia.org (Andy Isaacson) Date: Tue, 13 Jan 2015 17:56:32 -0800 Subject: [Cryptography] open hardware as a defence against state-level attacks In-Reply-To: References: <54ACE91A.3050808@iang.org> <54B3A5F7.8020608@iang.org> Message-ID: <20150114015632.GM13243@hexapodia.org> On Mon, Jan 12, 2015 at 03:04:23PM -0500, grarpamp wrote: > Yet let me open another related line of thinking... > > Where are the open fabs for makers instead of submitting open > designs to closed fabs? It's 2015, crowdfunding, open source, > non-profits, and public monitoring are done. The LowRISC project aims to build a complete open SoC based on the RISC-V architecture and get chips fabbed. http://www.lowrisc.org/ -andy From groundhog593 at riseup.net Tue Jan 13 15:26:54 2015 From: groundhog593 at riseup.net (Bethany) Date: Tue, 13 Jan 2015 18:26:54 -0500 Subject: Does Cypherpunk need a Church? In-Reply-To: <1421187348.570082.213528425.7D1BB7F1@webmail.messagingengine.com> References: <3954649.aPyGTqJOMT@lapuntu> <1421187348.570082.213528425.7D1BB7F1@webmail.messagingengine.com> Message-ID: <54B5A9BE.1000107@riseup.net> On 13/01/15 05:15 PM, Alfie John wrote: > On Wed, Jan 14, 2015, at 08:08 AM, grarpamp wrote: >> Many people have a need to identify with, participate in, and derive >> support from, a formal structure or at least a well defined meme... >> before they can independantly or collectively deal with issues. Even >> if what they follow ends up being Invisible Discordia. > Isn't this antithesis to idea of cypherpunks in general? Once there is a > formal structure, it can be controlled. A religion is not necessarily a structure. Look at the Eastern religions for example. Or at Quakerism. > >> Who are its priests? What are its idols? > Priests can be discredited and marginalised leading to abandonment by > the followers. That's why Anonymous has it right - with nobody at the > top to take down, you can't collapse the group. Their power comes from > shared idealism, not a dogmatic religion. > > Alfie It would have no need for priests ... better to call them "philosophers" anyway. As an example, a Socratic question: what is the difference according to you between a "shared idealism" and a "dogma"? Can you explain with examples? From grarpamp at gmail.com Tue Jan 13 16:02:54 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 13 Jan 2015 19:02:54 -0500 Subject: 3 Bitcoin-related websites blocked in Russia, including bitcoin.org In-Reply-To: <54B58C28.1020503@openmailbox.org> References: <54B519B9.8040002@openmailbox.org> <54B541E9.3030409@openmailbox.org> <54B58C28.1020503@openmailbox.org> Message-ID: On Tue, Jan 13, 2015 at 4:20 PM, Anton Nesterov wrote: > prohibited by Russian law, and the law allow courts to prohibit > distribution of any information in Russia. This is sad. Forget about cryptocurrency law for minute. Where are the status of Russian populace voices in making these speech prohibition laws? Are they rebelling? wtf, serious biz. From mirimir at riseup.net Tue Jan 13 18:22:04 2015 From: mirimir at riseup.net (Mirimir) Date: Tue, 13 Jan 2015 19:22:04 -0700 Subject: 3 Bitcoin-related websites blocked in Russia, including bitcoin.org In-Reply-To: <1421196433.600399.213577109.4BB3C1EA@webmail.messagingengine.com> References: <54B519B9.8040002@openmailbox.org> <54B58C28.1020503@openmailbox.org> <54B5A93E.3010205@riseup.net> <3085397.QYFgBRiLbh@lapuntu> <1421196433.600399.213577109.4BB3C1EA@webmail.messagingengine.com> Message-ID: <54B5D2CC.9030008@riseup.net> On 01/13/2015 05:47 PM, Alfie John wrote: > On Wed, Jan 14, 2015, at 11:17 AM, rysiek wrote: >> Dnia wtorek, 13 stycznia 2015 23:24:46 odinn pisze: >> Tel that to David Censormoron, or whatever his surname really is. >> http://www.theregister.co.uk/2015/01/12/iranuk_in_accord_as_pm_promises_to_block_encrypted_comms_after_election/ >> >> Seriously, anybody from the UK here? How's the situation on the Isles, >> is there any chance to stop this madness? > > Don't try to stop it. In fact, we should all be rallying the people of > the UK to champion this and put this in affect. Once the election > results are over, the new government are sworn in, and the laws are > passed, encryption is turned off throughout the UK. Awesome job. Pat on > the back. Then watch how the banking sector no longer guarantee online > transactions safe, the proles stop using credit cards online for > ecommerce, and businesses stop using their company VPNs. > > Be careful what you wish for David. > > Alfie I'm sure that the UK would just require registration for using SSH, TLS, IPsec, OpenVPN, etc, etc. Consider Iran's approach in 2013.[0] | "Within the last few days illegal VPN ports in the country have | been blocked," Ramezanali Sobhani-Fard, the head of the Iranian | parliament's information and communications technology committee, | told Mehr news agency, according to Reuters. "Only legal and | registered VPNs can from now on be used." [0] http://www.theregister.co.uk/2013/03/11/iran_blocks_vpns_facebook_youtube_down/ From rysiek at hackerspace.pl Tue Jan 13 10:34:41 2015 From: rysiek at hackerspace.pl (rysiek) Date: Tue, 13 Jan 2015 19:34:41 +0100 Subject: Cryptography Intellectual Property: Formalities of Cypherpunk In-Reply-To: <9C09A84C-FA60-4288-BD20-46346C37C934@gmail.com> References: <9C09A84C-FA60-4288-BD20-46346C37C934@gmail.com> Message-ID: <3932827.c1u7vRUG6D@lapuntu> Dnia wtorek, 13 stycznia 2015 09:39:06 Robert Hettinga pisze: > If it’s encrypted, and I have the key, it’s my property. That’s it. The question is not about encrypted materials, but about encryption algorithms and tools, as far as I understand. Anybody reading the BSD vs GPL thread knows what I would say: no patents; licensing under a strong colyleft free software license with patent granting/shielding clauses and clauses against TiVoization[1]. But hey, that's just me. [1] https://en.wikipedia.org/wiki/Tivoization -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Tue Jan 13 11:31:03 2015 From: rysiek at hackerspace.pl (rysiek) Date: Tue, 13 Jan 2015 20:31:03 +0100 Subject: Cryptography Imaginary Property: Formalities of Cypherpunk In-Reply-To: References: <3932827.c1u7vRUG6D@lapuntu> Message-ID: <5807656.bEsV81r7Cy@lapuntu> Hi there, Dnia wtorek, 13 stycznia 2015 15:14:06 Robert Hettinga pisze: > > The question is not about encrypted materials, but about encryption > > algorithms and tools, as far as I understand. > > Patents and copyrights aren’t property. They’re government granted > monopolies. They’re no more property than your driver’s license. Well, I have posted this link on this list at least several times, but here it goes again: http://copyspeak.org/intellectual-property tl;dr we're agreed here > Property is the application of mind to *matter*, to quote a great Flash > animation. Yes. > An idea can not be property. Ever. Absolutely. > So. Again. If it’s *encrypted*, and I have the key, it’s my property. I > control the physical bits. > Otherwise it’s not my property. It is not, actually. If you're going for such a strong definition of property, with which I can agree, than let's stay coherent, shall we? The property of yours is the physical device the bits are saved on. The harddrive, DVD, pendrive, whatever. That's your *property*. The encrypted data is just this: encrypted data. Otherwise you would find yourself in an interesting world where applying encryption to data (both of which are not property, right) magically transforms something immaterial and "not-property" into "property". That's the world the MPAA's/RIAA's/MAFIAA's are trying to create, look no further than the DMCA, under which even the simplest encryption algorithm (say, ROT13) applied to copyrighted material by the rights holder makes it illegal for others to publish the key (in this case, 13), as it becomes the "property" of the encrypting party. Look it up. Data, encrypted or not, are not property; however, they can fall under a number of state-granted monopolies, as you have said. Here, I even changed the topic of this e-mail for your convenience. And in this vein my previous mail has been written -- as far as I understand, the original question was about how encryption *algorithms* (and *not* encrypted data itself) should be handled from the Imaginary Property Law standpoint (so: patents, copyrights, etc). And I have provided an answer from my perspective in said previous mail. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From juan.g71 at gmail.com Tue Jan 13 15:33:30 2015 From: juan.g71 at gmail.com (Juan) Date: Tue, 13 Jan 2015 20:33:30 -0300 Subject: Does Cypherpunk need a Church? In-Reply-To: References: Message-ID: <54b5aab8.95538c0a.7a80.ffffff95@mx.google.com> On Tue, 13 Jan 2015 15:20:09 -0500 Steve Furlong wrote: > On Tue, Jan 13, 2015 at 2:09 PM, grarpamp wrote: > > > > Does Cypherpunk need a Church? > > Maybe 15 years ago I put together the paperwork for the Church of > Cybernetic Certainty. The IRS (IIRC; it may have been the NYS tax > department) basically told me to screw off. On the plus side, it was > amusing to put together my church's policies and it didn't cost > anything to put in the paperwork, and it annoyed a bureaucrat. > Things seem to be somewhat different in sweden =P https://www.youtube.com/watch?v=W-kANR1vJkM (there's a woman from the swedish government commenting on the church of kopimism) From cathalgarvey at cathalgarvey.me Tue Jan 13 12:46:24 2015 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Tue, 13 Jan 2015 20:46:24 +0000 Subject: Bittorrent Mainline DHT and Tor Message-ID: <54B58420.50009@cathalgarvey.me> Hey all, I'm aware that (for pretty good reasons) bittorrent is "blocked" by most exits on Tor. However, I'm unsure how this blockage is implemented, and it just emerged as a relevant item in my thought-process: the Bittorrent "Mainline" DHT is not necessarily useful to Bittorrent alone, but is frequently used as an experimental platform for other P2P applications. Is the bittorrent DHT blocked by Tor exits, or just the Bittorrent file-transfer protocol? If the latter, how is that block enacted when most bittorrent apps support protocol obfuscation and dynamic ports? From rysiek at hackerspace.pl Tue Jan 13 11:47:58 2015 From: rysiek at hackerspace.pl (rysiek) Date: Tue, 13 Jan 2015 20:47:58 +0100 Subject: Does Cypherpunk need a Church? In-Reply-To: References: Message-ID: <3954649.aPyGTqJOMT@lapuntu> Dnia wtorek, 13 stycznia 2015 14:09:26 grarpamp pisze: > Does Cypherpunk need a Church? Don't we have more pressing issues to deal with? Here, let's get this over with: http://en.wikipedia.org/wiki/Invisible_Pink_Unicorn http://en.wikipedia.org/wiki/Discordianism -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From juan.g71 at gmail.com Tue Jan 13 15:49:03 2015 From: juan.g71 at gmail.com (Juan) Date: Tue, 13 Jan 2015 20:49:03 -0300 Subject: 3 Bitcoin-related websites blocked in Russia, including bitcoin.org In-Reply-To: <54B519B9.8040002@openmailbox.org> References: <54B519B9.8040002@openmailbox.org> Message-ID: <54b5ae59.0424e00a.58ff.fffff52a@mx.google.com> On Tue, 13 Jan 2015 13:12:25 +0000 Anton Nesterov wrote: > So today bitcoin.org (208.64.123.130), bitcoin.it (162.159.245.241, > 162.159.246.241) and btcsec.com (188.40.102.131 was blocked > country-wide, What about proxies? Are all blocked too? because Neviansky's court of Sverdlovsk oblast rule > 2-978/2014 on 30 September 2014. Text of this judgment is not known, > it's not on their website yet (Russian laws force courts to publish > their judgments on the Internet), so this is hard to say what for > exactly this websites was blocked. The bill that allow to block > Bitcoin-related websites is still a draft. > > > http://tjournal.ru/paper/bitcoin-org-rkn (Russian) > From rysiek at hackerspace.pl Tue Jan 13 11:50:49 2015 From: rysiek at hackerspace.pl (rysiek) Date: Tue, 13 Jan 2015 20:50:49 +0100 Subject: USCENTCOM Social Accounts Hacked In-Reply-To: References: Message-ID: <1899313.jkYk46Lx2Z@lapuntu> Dnia wtorek, 13 stycznia 2015 14:08:27 Steve Furlong pisze: > On Tue, Jan 13, 2015 at 1:46 PM, Daniel Van Wagenen > > wrote: > > Does anyone else find it odd that they posted personnel data on senior > > US military officials yet the US Government denies that any military > > networks were compromised? > > The government spokesman is ignorant or dishonest. What's odd about that? The fact that they're not using this to trump-up the to-be-expected "HURR DURR ISIS SUCH DANGEROUS HERP DERP WE NEED MORE SURVEILLANCE GOBBLY-GOOP TERRISTS ARE CYBERWARRING MURICAH!!1!" tripe. Either they have not caught up with what's up, or they're trying to *actually play it down*, which might or might not be indicative of the importance of data posted. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From komachi at openmailbox.org Tue Jan 13 13:20:40 2015 From: komachi at openmailbox.org (Anton Nesterov) Date: Tue, 13 Jan 2015 21:20:40 +0000 Subject: 3 Bitcoin-related websites blocked in Russia, including bitcoin.org In-Reply-To: <54B541E9.3030409@openmailbox.org> References: <54B519B9.8040002@openmailbox.org> <54B541E9.3030409@openmailbox.org> Message-ID: <54B58C28.1020503@openmailbox.org> Full judgment is avalable, thanks to Russian Pirate Party http://www.slideshare.net/temychk/bitcoin-43468448 All in all, there is 7 websites, two others is bitcoinconf.ru and hashbitcoin.ru. That two addresses not blocked (yet?), but presented in the judgment. One of them shows just parked domain page, the other one is a website of Russian Bitcoin conference set to 2 April 2015 in Moscow. Judgment basically says it's illegal to use Bitcoin because the only one currency in Russia is ruble, and Bitcoin is a money surrogate, which is prohibited by Russian law, and the law allow courts to prohibit distribution of any information in Russia. For reason, it says that: "Free distribution of information about electronic currency causes active use of cryptocurrencies for drug, arms, and forgery dealing and other criminal activity. These facts, as well as ability to uncontrollable transboundary money transfer followed by cashing in, are hight-risk approaches for potential using cryptocurrencies in schemes for legalization (money laundering) incomes from criminal activity, and the financing of the terrorism." http://rublacklist.net/9833/ Anton Nesterov: > coinspot.io and indacoin.com was blocked too, so it's 5 websites. > > Quote from the judgment posted by RKN: > > "As article 27 of Federal law "On Central bank of Russian Federation" > says, official monetary unit (currency) of Russian Federation is ruble. > Introduction others monetary units and issuing money surrogates on the > territory of Russia is prohibited. > > Under such conditions, cryptocurrencies, including "Bitcoin", are money > surrogates, they contribute to the rise of underground economy, and > can't be used by citizens and entitles on the territory of Russian > Federation" > > https://vk.com/wall-76229642_16558 > > Anton Nesterov: >> So today bitcoin.org (208.64.123.130), bitcoin.it (162.159.245.241, >> 162.159.246.241) and btcsec.com (188.40.102.131 was blocked >> country-wide, because Neviansky's court of Sverdlovsk oblast rule >> 2-978/2014 on 30 September 2014. Text of this judgment is not known, >> it's not on their website yet (Russian laws force courts to publish >> their judgments on the Internet), so this is hard to say what for >> exactly this websites was blocked. The bill that allow to block >> Bitcoin-related websites is still a draft. >> >> >> http://tjournal.ru/paper/bitcoin-org-rkn (Russian) >> > > -- https://nesterov.pw GPG key: 0CE8 65F1 9043 2B11 25A5 74A7 1187 6869 67AA 56E4 https://keybase.io/komachi/key.asc From komachi at openmailbox.org Tue Jan 13 14:28:09 2015 From: komachi at openmailbox.org (Anton Nesterov) Date: Tue, 13 Jan 2015 22:28:09 +0000 Subject: Bittorrent Mainline DHT and Tor In-Reply-To: <54B58420.50009@cathalgarvey.me> References: <54B58420.50009@cathalgarvey.me> Message-ID: <54B59BF9.3080105@openmailbox.org> With "Reduced Exit Policy" that allows connections only on some ports, so dynamic ports are the reason why it works https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy Cathal Garvey: > Hey all, > I'm aware that (for pretty good reasons) bittorrent is "blocked" by most > exits on Tor. However, I'm unsure how this blockage is implemented, and > it just emerged as a relevant item in my thought-process: the Bittorrent > "Mainline" DHT is not necessarily useful to Bittorrent alone, but is > frequently used as an experimental platform for other P2P applications. > > Is the bittorrent DHT blocked by Tor exits, or just the Bittorrent > file-transfer protocol? If the latter, how is that block enacted when > most bittorrent apps support protocol obfuscation and dynamic ports? > -- https://nesterov.pw GPG key: 0CE8 65F1 9043 2B11 25A5 74A7 1187 6869 67AA 56E4 https://keybase.io/komachi/key.asc From demonfighter at gmail.com Tue Jan 13 20:08:04 2015 From: demonfighter at gmail.com (Steve Furlong) Date: Tue, 13 Jan 2015 23:08:04 -0500 Subject: Does Cypherpunk need a Church? In-Reply-To: References: Message-ID: On Tue, Jan 13, 2015 at 3:20 PM, Steve Furlong wrote: > > Maybe 15 years ago I put together the paperwork for the Church of Cybernetic > Certainty. The IRS (IIRC; it may have been the NYS tax department) basically > told me to screw off. On the plus side, it was amusing to put together my > church's policies and it didn't cost anything to put in the paperwork, and it > annoyed a bureaucrat. Several people emailed me, asking if I had any of the paperwork. No, I don't. The computer that had the documents was disposed of when I wasn't looking (It's amazing how much of my stuff mysteriously gets thrown away or goes missing when I'm out of state or otherwise away from home for several days. Truly astounding.) and the backup tapes were encrypted and I can't remember the password. (Lesson for all: Yes, encrypt your backups. No, don't lose the passwords.) The actual tax department paperwork was nothing much. It was either paper forms sent by the department or PDFs I printed. Just a few pages either way. The supporting documentation was the credo, rites, and so on. I made up stuff supporting the idea of worship through writing code and collecting donations in exchange for receiving the blessing of working code, and programming education under the name of training in the sacred rites. Don't look for any deep theological meaning, as this was somewhere between a prank and an attempted tax scam. Also, don't look to my work for guidance, as I didn't get anywhere with it. -- Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1947 bytes Desc: not available URL: From odinn.cyberguerrilla at riseup.net Tue Jan 13 15:24:46 2015 From: odinn.cyberguerrilla at riseup.net (odinn) Date: Tue, 13 Jan 2015 23:24:46 +0000 Subject: 3 Bitcoin-related websites blocked in Russia, including bitcoin.org In-Reply-To: <54B58C28.1020503@openmailbox.org> References: <54B519B9.8040002@openmailbox.org> <54B541E9.3030409@openmailbox.org> <54B58C28.1020503@openmailbox.org> Message-ID: <54B5A93E.3010205@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Anyone's use of encryption for any purpose is beyond the means of any state to control, this should have been obvious in 1992, but it seems various states "missed the memo" and are now waking up (though they'll always be asleep at the wheel) http://www.activism.net/cypherpunk/crypto-anarchy.html I honestly think everyone will be better off as the people begin to reclaim more of their ability to work together using new and technological capabilities that are growing well beyond the capacity of governmental systems that were popularized around the world in systems that grew in popularity and "revolution-arity" approximately 226 years ago. In other words, governments will be needed less and less and we'll understand we need each other more and more. It may not be clear when governments will diminish (or disappear) and to what extent that will happen, but I don't think obedience to them is helpful at all. Even so, with trustless systems, I still consider that for many circumstances, "the relationship is the ultimate technology," though one system or another we create may fail, we work together mindful of the necessity to create new communities and systems that look forward. Anton Nesterov: > Full judgment is avalable, thanks to Russian Pirate Party > http://www.slideshare.net/temychk/bitcoin-43468448 All in all, > there is 7 websites, two others is bitcoinconf.ru and > hashbitcoin.ru. That two addresses not blocked (yet?), but > presented in the judgment. One of them shows just parked domain > page, the other one is a website of Russian Bitcoin conference set > to 2 April 2015 in Moscow. > > Judgment basically says it's illegal to use Bitcoin because the > only one currency in Russia is ruble, and Bitcoin is a money > surrogate, which is prohibited by Russian law, and the law allow > courts to prohibit distribution of any information in Russia. > > For reason, it says that: "Free distribution of information about > electronic currency causes active use of cryptocurrencies for > drug, arms, and forgery dealing and other criminal activity. These > facts, as well as ability to uncontrollable transboundary money > transfer followed by cashing in, are hight-risk approaches for > potential using cryptocurrencies in schemes for legalization (money > laundering) incomes from criminal activity, and the financing of > the terrorism." > > > http://rublacklist.net/9833/ > > Anton Nesterov: >> coinspot.io and indacoin.com was blocked too, so it's 5 >> websites. >> >> Quote from the judgment posted by RKN: >> >> "As article 27 of Federal law "On Central bank of Russian >> Federation" says, official monetary unit (currency) of Russian >> Federation is ruble. Introduction others monetary units and >> issuing money surrogates on the territory of Russia is >> prohibited. >> >> Under such conditions, cryptocurrencies, including "Bitcoin", are >> money surrogates, they contribute to the rise of underground >> economy, and can't be used by citizens and entitles on the >> territory of Russian Federation" >> >> https://vk.com/wall-76229642_16558 >> >> Anton Nesterov: >>> So today bitcoin.org (208.64.123.130), bitcoin.it >>> (162.159.245.241, 162.159.246.241) and btcsec.com >>> (188.40.102.131 was blocked country-wide, because Neviansky's >>> court of Sverdlovsk oblast rule 2-978/2014 on 30 September >>> 2014. Text of this judgment is not known, it's not on their >>> website yet (Russian laws force courts to publish their >>> judgments on the Internet), so this is hard to say what for >>> exactly this websites was blocked. The bill that allow to >>> block Bitcoin-related websites is still a draft. >>> >>> >>> http://tjournal.ru/paper/bitcoin-org-rkn (Russian) >>> >> >> > > - -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJUtak+AAoJEGxwq/inSG8ChKwIAKNlAXuxicWrlZJoeE8deZ8G 7A/CjJJIWF57/2snfPjiW0sfAVo5AiiMoMeAVkXoEtxkl4Tqc33Z4hm46R5Maknk GkLfwzfEqiGimbdVuWmEfW7HNlU+1H4hPQe5FQmczrzbQDSvNg42ilrlvQ2RAIiQ oF20VNkgL2qb3fjIYfNzGgu59Yq4ZOYQBBcQDaH7tqyZ6QsZTC7xreQOmlUulBp3 ZtCtoOPqcbkX+aWL4kpH4V8Sr0X8/fD+rTIsS8Z3GHnpNtupyRWeiQGjnHkZRlzS Mikp6ankGgB4RTbMu/Fhg+KVglOhhAtUPHjJbynOs+9PL8EoUIFi5g8XAUQQLRQ= =kz0F -----END PGP SIGNATURE----- From plaunit61398 at gmail.com Tue Jan 13 15:34:52 2015 From: plaunit61398 at gmail.com (bh) Date: Tue, 13 Jan 2015 23:34:52 +0000 Subject: Bittorrent Mainline DHT and Tor In-Reply-To: <54B58420.50009@cathalgarvey.me> References: <54B58420.50009@cathalgarvey.me> Message-ID: <54B5AB9C.40204@gmail.com> The DHT uses UDP(not TCP) as its transport, which Tor does not support. Some references: DHT spec: http://bittorrent.org/beps/bep_0005.html Tor and other transports: https://www.torproject.org/docs/faq#TransportIPnotTCP On 2015-01-13 20:46, Cathal Garvey wrote: > Hey all, > I'm aware that (for pretty good reasons) bittorrent is "blocked" by most > exits on Tor. However, I'm unsure how this blockage is implemented, and > it just emerged as a relevant item in my thought-process: the Bittorrent > "Mainline" DHT is not necessarily useful to Bittorrent alone, but is > frequently used as an experimental platform for other P2P applications. > > Is the bittorrent DHT blocked by Tor exits, or just the Bittorrent > file-transfer protocol? If the latter, how is that block enacted when > most bittorrent apps support protocol obfuscation and dynamic ports? > From rysiek at hackerspace.pl Tue Jan 13 14:58:12 2015 From: rysiek at hackerspace.pl (rysiek) Date: Tue, 13 Jan 2015 23:58:12 +0100 Subject: Does Cypherpunk need a Church? In-Reply-To: References: <3954649.aPyGTqJOMT@lapuntu> Message-ID: <1653173.Gnp7AIyXMM@lapuntu> Dnia wtorek, 13 stycznia 2015 16:08:11 grarpamp pisze: > On Tue, Jan 13, 2015 at 2:47 PM, rysiek wrote: > > Dnia wtorek, 13 stycznia 2015 14:09:26 grarpamp pisze: > >> Does Cypherpunk need a Church? > > > > Don't we have more pressing issues to deal with? > > > > Here, let's get this over with: > > http://en.wikipedia.org/wiki/Invisible_Pink_Unicorn > > http://en.wikipedia.org/wiki/Discordianism > > Many people have a need to identify with, participate in, and derive > support from, a formal structure or at least a well defined meme... > before they can independantly or collectively deal with issues. > Even if what they follow ends up being Invisible Discordia. That's Invisible *Pink* Discordia, you insensitive clod! ;) -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Tue Jan 13 15:00:26 2015 From: rysiek at hackerspace.pl (rysiek) Date: Wed, 14 Jan 2015 00:00:26 +0100 Subject: Does Cypherpunk need a Church? In-Reply-To: References: Message-ID: <17125317.24pVrax2ye@lapuntu> Dnia wtorek, 13 stycznia 2015 15:09:05 grarpamp pisze: > > Does Cypherpunk need a Church? > > Having been informed of potentially relevant links/models, > be they serious, officially recognized, related to tech or not, > discuss the cypherpunk... > > https://en.wikipedia.org/wiki/UFO_religion > https://en.wikipedia.org/wiki/Parody_religion > https://en.wikipedia.org/wiki/Church_of_the_SubGenius > https://en.wikipedia.org/wiki/Modern_paganism Let's not forget His Noodlyness and his Pastafarians. https://en.wikipedia.org/wiki/Flying_Spaghetti_Monster -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Tue Jan 13 16:17:28 2015 From: rysiek at hackerspace.pl (rysiek) Date: Wed, 14 Jan 2015 01:17:28 +0100 Subject: 3 Bitcoin-related websites blocked in Russia, including bitcoin.org In-Reply-To: <54B5A93E.3010205@riseup.net> References: <54B519B9.8040002@openmailbox.org> <54B58C28.1020503@openmailbox.org> <54B5A93E.3010205@riseup.net> Message-ID: <3085397.QYFgBRiLbh@lapuntu> Dnia wtorek, 13 stycznia 2015 23:24:46 odinn pisze: > Anyone's use of encryption for any purpose is beyond the means of any > state to control, this should have been obvious in 1992, but it seems > various states "missed the memo" and are now waking up (though they'll > always be asleep at the wheel) Tel that to David Censormoron, or whatever his surname really is. http://www.theregister.co.uk/2015/01/12/iranuk_in_accord_as_pm_promises_to_block_encrypted_comms_after_election/ Seriously, anybody from the UK here? How's the situation on the Isles, is there any chance to stop this madness? -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From lblissett at paranoici.org Tue Jan 13 19:39:42 2015 From: lblissett at paranoici.org (L) Date: Wed, 14 Jan 2015 01:39:42 -0200 Subject: NSA Attacks on VPN, SSL, TLS, SSH, Tor In-Reply-To: <1731342.CgRZqsvXkn@lapuntu> References: <54A0F5A8.5050708@metaverse.org> <20141230150908.GY29130@nl.grid.coop> <20141230164610.GB2519@sivokote.iziade.m$> <1731342.CgRZqsvXkn@lapuntu> Message-ID: <20150114033942.GA31197@tagesuhu-pc.batista.in> On Sat, Jan 10, 2015 at 02:13:33AM +0100, rysiek wrote: > Dnia wtorek, 30 grudnia 2014 18:46:10 Georgi Guninski pisze: > > On Tue, Dec 30, 2014 at 09:09:08AM -0600, Troy Benjegerdes wrote: > > > The US government benefits greatly from dissidents in North Korea, > > > China, Russia, Japan, and Germany being able to effectively use Tor > > > to exfiltrate business intelligence and leak it to the people that > > > run this country, the campaign contributors. > > > > Sorry, but I don't believe this. > > > > I agree with juan that tor has many bugs and quite likely is > > _heavily_ backdoored, the bugs we see are probably just the top of > > the iceberg. > > > > I suppose sufficiently many people got busted because of trusting tor > > naively. > > Show us the bugs, the backdoors, the examples of busted people, eh? Well, I for one, have been busted real hard. They call it PITA. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From komachi at openmailbox.org Tue Jan 13 17:58:55 2015 From: komachi at openmailbox.org (Anton Nesterov) Date: Wed, 14 Jan 2015 01:58:55 +0000 Subject: 3 Bitcoin-related websites blocked in Russia, including bitcoin.org In-Reply-To: <54b5ae59.0424e00a.58ff.fffff52a@mx.google.com> References: <54B519B9.8040002@openmailbox.org> <54b5ae59.0424e00a.58ff.fffff52a@mx.google.com> Message-ID: <54B5CD5F.8010507@openmailbox.org> No, proxies still not blocked, as well as websites of Tor/I2P/VPN providers/etc. There was some rumors about a bill to block proxies for years (FSB said that they want to write it, then MP Yaroslav Nilov, then FSB again, leaked emails of MP Robert Shlegel contained some discussion, etc.), but still no draft. Juan: > On Tue, 13 Jan 2015 13:12:25 +0000 > Anton Nesterov wrote: > >> So today bitcoin.org (208.64.123.130), bitcoin.it (162.159.245.241, >> 162.159.246.241) and btcsec.com (188.40.102.131 was blocked >> country-wide, > > What about proxies? Are all blocked too? > > > > because Neviansky's court of Sverdlovsk oblast rule >> 2-978/2014 on 30 September 2014. Text of this judgment is not known, >> it's not on their website yet (Russian laws force courts to publish >> their judgments on the Internet), so this is hard to say what for >> exactly this websites was blocked. The bill that allow to block >> Bitcoin-related websites is still a draft. >> >> >> http://tjournal.ru/paper/bitcoin-org-rkn (Russian) >> > > -- https://nesterov.pw GPG key: 0CE8 65F1 9043 2B11 25A5 74A7 1187 6869 67AA 56E4 https://keybase.io/komachi/key.asc From komachi at openmailbox.org Tue Jan 13 19:03:11 2015 From: komachi at openmailbox.org (Anton Nesterov) Date: Wed, 14 Jan 2015 03:03:11 +0000 Subject: 3 Bitcoin-related websites blocked in Russia, including bitcoin.org In-Reply-To: References: <54B519B9.8040002@openmailbox.org> <54B541E9.3030409@openmailbox.org> <54B58C28.1020503@openmailbox.org> Message-ID: <54B5DC6F.9090502@openmailbox.org> First law Internet censorship law (2012) was met by some protest, Russian Wikipedia was closed for a day, Russian Google & Yandex placed censorship doodle, the law was criticized hardly by everyone in the industry, etc., but it was passed anyway. There was mass rallies followed election fraud in 2011-2012 https://en.wikipedia.org/wiki/2011%E2%80%9313_Russian_protests , and it was probably the reason for all these crazy laws. 2011-2012 rallies didn't brought to any positive changes, but made it clear that there is many people who can go on the streets. Rallies still going on (latest was on 30 December, organized all of sudden in a day http://www.theguardian.com/world/2014/dec/30/alexei-navalny-sentenced-thousands-expected-protest-putin http://www.nytimes.com/2014/12/31/world/europe/aleksei-navalny-convicted.html , and there will be more). And of course there is special law that allows general prosecutor to immediately block websites with calls for unsanctioned rallies and extremist activities. grarpamp: > On Tue, Jan 13, 2015 at 4:20 PM, Anton Nesterov wrote: >> prohibited by Russian law, and the law allow courts to prohibit >> distribution of any information in Russia. > > This is sad. Forget about cryptocurrency law for minute. Where > are the status of Russian populace voices in making these > speech prohibition laws? Are they rebelling? wtf, serious biz. > -- https://nesterov.pw GPG key: 0CE8 65F1 9043 2B11 25A5 74A7 1187 6869 67AA 56E4 https://keybase.io/komachi/key.asc From grarpamp at gmail.com Wed Jan 14 01:03:54 2015 From: grarpamp at gmail.com (grarpamp) Date: Wed, 14 Jan 2015 04:03:54 -0500 Subject: 3 Bitcoin-related websites blocked in Russia, including bitcoin.org In-Reply-To: <54B5DC6F.9090502@openmailbox.org> References: <54B519B9.8040002@openmailbox.org> <54B541E9.3030409@openmailbox.org> <54B58C28.1020503@openmailbox.org> <54B5DC6F.9090502@openmailbox.org> Message-ID: On Tue, Jan 13, 2015 at 10:03 PM, Anton Nesterov wrote: > There was mass rallies followed election fraud in 2011-2012 > https://en.wikipedia.org/wiki/2011%E2%80%9313_Russian_protests , and it I remember this history now. thx. From alfiej at fastmail.fm Tue Jan 13 14:15:48 2015 From: alfiej at fastmail.fm (Alfie John) Date: Wed, 14 Jan 2015 09:15:48 +1100 Subject: Does Cypherpunk need a Church? In-Reply-To: References: <3954649.aPyGTqJOMT@lapuntu> Message-ID: <1421187348.570082.213528425.7D1BB7F1@webmail.messagingengine.com> On Wed, Jan 14, 2015, at 08:08 AM, grarpamp wrote: > Many people have a need to identify with, participate in, and derive > support from, a formal structure or at least a well defined meme... > before they can independantly or collectively deal with issues. Even > if what they follow ends up being Invisible Discordia. Isn't this antithesis to idea of cypherpunks in general? Once there is a formal structure, it can be controlled. > Who are its priests? What are its idols? Priests can be discredited and marginalised leading to abandonment by the followers. That's why Anonymous has it right - with nobody at the top to take down, you can't collapse the group. Their power comes from shared idealism, not a dogmatic religion. Alfie -- Alfie John alfiej at fastmail.fm From marksteward at gmail.com Wed Jan 14 01:58:20 2015 From: marksteward at gmail.com (Mark Steward) Date: Wed, 14 Jan 2015 09:58:20 +0000 Subject: 3 Bitcoin-related websites blocked in Russia, including bitcoin.org In-Reply-To: <3085397.QYFgBRiLbh@lapuntu> References: <54B519B9.8040002@openmailbox.org> <54B58C28.1020503@openmailbox.org> <54B5A93E.3010205@riseup.net> <3085397.QYFgBRiLbh@lapuntu> Message-ID: On 14 Jan 2015 00:31, "rysiek" wrote: > > Tel that to David Censormoron, or whatever his surname really is. > http://www.theregister.co.uk/2015/01/12/iranuk_in_accord_as_pm_promises_to_block_encrypted_comms_after_election/ > > Seriously, anybody from the UK here? How's the situation on the Isles, is > there any chance to stop this madness? > We're mostly still laughing at it. Mark -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 706 bytes Desc: not available URL: From billstclair at gmail.com Wed Jan 14 07:10:14 2015 From: billstclair at gmail.com (Bill St. Clair) Date: Wed, 14 Jan 2015 10:10:14 -0500 Subject: peerio.com In-Reply-To: <54B67B98.6050608@cathalgarvey.me> References: <54B67B98.6050608@cathalgarvey.me> Message-ID: On Wed, Jan 14, 2015 at 9:22 AM, Cathal Garvey wrote: > Just landed beta: open source, minilock-based crypto, really nice design. > Server side storage of end-to-end encrypted files and messages, 1.3Gb of > storage for free. No ads. > > https://peerio.com ​Promise of no ads ever. No sign of any usage fees. May be good technology, but I see no business plan.​ -Bill St. Clair -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1001 bytes Desc: not available URL: From mirimir at riseup.net Wed Jan 14 10:24:39 2015 From: mirimir at riseup.net (Mirimir) Date: Wed, 14 Jan 2015 11:24:39 -0700 Subject: 3 Bitcoin-related websites blocked in Russia, including bitcoin.org In-Reply-To: <3072189.BWStVeFPzq@lapuntu> References: <54B519B9.8040002@openmailbox.org> <1421196433.600399.213577109.4BB3C1EA@webmail.messagingengine.com> <54B5D2CC.9030008@riseup.net> <3072189.BWStVeFPzq@lapuntu> Message-ID: <54B6B467.9060009@riseup.net> On 01/14/2015 07:12 AM, rysiek wrote: > Dnia wtorek, 13 stycznia 2015 19:22:04 Mirimir pisze: >> On 01/13/2015 05:47 PM, Alfie John wrote: >>> On Wed, Jan 14, 2015, at 11:17 AM, rysiek wrote: >>>> Dnia wtorek, 13 stycznia 2015 23:24:46 odinn pisze: >>>> Tel that to David Censormoron, or whatever his surname really is. >>>> http://www.theregister.co.uk/2015/01/12/iranuk_in_accord_as_pm_promises_t >>>> o_block_encrypted_comms_after_election/ >>>> >>>> Seriously, anybody from the UK here? How's the situation on the Isles, >>>> is there any chance to stop this madness? >>> >>> Don't try to stop it. In fact, we should all be rallying the people of >>> the UK to champion this and put this in affect. Once the election >>> results are over, the new government are sworn in, and the laws are >>> passed, encryption is turned off throughout the UK. Awesome job. Pat on >>> the back. Then watch how the banking sector no longer guarantee online >>> transactions safe, the proles stop using credit cards online for >>> ecommerce, and businesses stop using their company VPNs. >>> >>> Be careful what you wish for David. >>> >>> Alfie >> >> I'm sure that the UK would just require registration for using SSH, TLS, >> IPsec, OpenVPN, etc, etc. Consider Iran's approach in 2013.[0] >> >> | "Within the last few days illegal VPN ports in the country have >> | been blocked," Ramezanali Sobhani-Fard, the head of the Iranian >> | parliament's information and communications technology committee, >> | told Mehr news agency, according to Reuters. "Only legal and >> | registered VPNs can from now on be used." > > Exactly. I'm sure the banking sector and the government would find some > amicable solution. For instance, banks could be exempt, as they already > provide any and all info the government asks them to. > > Be careful what you wish for, Alfie. This, like many other laws, would be a > classic example of "give me a man and I'll find a crime". Magically, *some* > users of encryption would not be hindered/persecuted, and some would be to the > full extent permissible by law -- and far beyond. This is the way with all weapons that threaten state monopoly of force. From mirimir at riseup.net Wed Jan 14 10:32:25 2015 From: mirimir at riseup.net (Mirimir) Date: Wed, 14 Jan 2015 11:32:25 -0700 Subject: peerio.com In-Reply-To: <54B67B98.6050608@cathalgarvey.me> References: <54B67B98.6050608@cathalgarvey.me> Message-ID: <54B6B639.4030001@riseup.net> On 01/14/2015 07:22 AM, Cathal Garvey wrote: > Just landed beta: open source, minilock-based crypto, really nice > design. Server side storage of end-to-end encrypted files and messages, > 1.3Gb of storage for free. No ads. > > https://peerio.com Very cool. Thanks :) > I expect that the "product" will end up being "storage space", which is > fine by me! Right now the server code isn't open, though the protocol > (and therefore API) is very well documented in the git source: > > https://github.com/PeerioTechnologies/peerio-client > > Expect to see it banned in the UK soon. :) It's an obvious vulnerability to use a domain that's controlled by the US and its allies. From alfiej at fastmail.fm Tue Jan 13 16:47:13 2015 From: alfiej at fastmail.fm (Alfie John) Date: Wed, 14 Jan 2015 11:47:13 +1100 Subject: 3 Bitcoin-related websites blocked in Russia, including bitcoin.org In-Reply-To: <3085397.QYFgBRiLbh@lapuntu> References: <54B519B9.8040002@openmailbox.org> <54B58C28.1020503@openmailbox.org> <54B5A93E.3010205@riseup.net> <3085397.QYFgBRiLbh@lapuntu> Message-ID: <1421196433.600399.213577109.4BB3C1EA@webmail.messagingengine.com> On Wed, Jan 14, 2015, at 11:17 AM, rysiek wrote: > Dnia wtorek, 13 stycznia 2015 23:24:46 odinn pisze: > Tel that to David Censormoron, or whatever his surname really is. > http://www.theregister.co.uk/2015/01/12/iranuk_in_accord_as_pm_promises_to_block_encrypted_comms_after_election/ > > Seriously, anybody from the UK here? How's the situation on the Isles, > is there any chance to stop this madness? Don't try to stop it. In fact, we should all be rallying the people of the UK to champion this and put this in affect. Once the election results are over, the new government are sworn in, and the laws are passed, encryption is turned off throughout the UK. Awesome job. Pat on the back. Then watch how the banking sector no longer guarantee online transactions safe, the proles stop using credit cards online for ecommerce, and businesses stop using their company VPNs. Be careful what you wish for David. Alfie -- Alfie John alfiej at fastmail.fm From aestetix at aestetix.com Wed Jan 14 11:49:42 2015 From: aestetix at aestetix.com (aestetix) Date: Wed, 14 Jan 2015 11:49:42 -0800 Subject: peerio.com In-Reply-To: <54B6C45D.1020103@cathalgarvey.me> References: <54B67B98.6050608@cathalgarvey.me> <54B6B639.4030001@riseup.net> <54B6C45D.1020103@cathalgarvey.me> Message-ID: <54B6C856.1040905@aestetix.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It's also worth noting that they are using Cloudflare. Has Cloudflare made any statements about whether they log traffic and/or hand over data to governments? On 1/14/15 11:32 AM, Cathal Garvey wrote: >> It's an obvious vulnerability to use a domain that's controlled >> by the US and its allies. > > More good reasons to implement an open server! :) > > On 14/01/15 18:32, Mirimir wrote: >> On 01/14/2015 07:22 AM, Cathal Garvey wrote: >>> Just landed beta: open source, minilock-based crypto, really >>> nice design. Server side storage of end-to-end encrypted files >>> and messages, 1.3Gb of storage for free. No ads. >>> >>> https://peerio.com >> >> Very cool. Thanks :) >> >>> I expect that the "product" will end up being "storage space", >>> which is fine by me! Right now the server code isn't open, >>> though the protocol (and therefore API) is very well documented >>> in the git source: >>> >>> https://github.com/PeerioTechnologies/peerio-client >>> >>> Expect to see it banned in the UK soon. :) >> >> It's an obvious vulnerability to use a domain that's controlled >> by the US and its allies. >> > -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJUtshUAAoJEOrRfDwkjbpTDKkIALHPT+y3enTfO3OU3m3rIEU5 gHf3ZEqoN1cbryHZq3UrZMMMOVUGDzL/OzU9N5cq0HoQTUw9jCfgrYRmnYxJDjTP chppyMeMFZkrckL+UaksjhyB0N+uPhgWsqfwbmw54xcWeYLY8eGD7xzOsdInsNsu +tzaYCNd6CKSm4lnxARaPa6wOB875vJLsJ5SeoKVHDUyMZrgQHRNtxnN3sOW7paM gQ8IJGqD3tgUyv1VTcUv37XEeyLAOJqqn5Xzt1C7h9Jss8bIYodWkTS9Mglm9kek lmtdYuDLmLNmSonMFfLOxt5uj9Y1KEzd5HmNfgQPnYBimxtmxgY/isgnfRBUdjc= =X26g -----END PGP SIGNATURE----- From chgans at gna.org Tue Jan 13 14:59:51 2015 From: chgans at gna.org (Christian Gagneraud) Date: Wed, 14 Jan 2015 11:59:51 +1300 Subject: Bittorrent Mainline DHT and Tor In-Reply-To: <54B58420.50009@cathalgarvey.me> References: <54B58420.50009@cathalgarvey.me> Message-ID: <54B5A367.6050004@gna.org> On 14/01/15 09:46, Cathal Garvey wrote: > Hey all, > I'm aware that (for pretty good reasons) bittorrent is "blocked" by most > exits on Tor. However, I'm unsure how this blockage is implemented, and > it just emerged as a relevant item in my thought-process: the Bittorrent > "Mainline" DHT is not necessarily useful to Bittorrent alone, but is > frequently used as an experimental platform for other P2P applications. > > Is the bittorrent DHT blocked by Tor exits, or just the Bittorrent > file-transfer protocol? If the latter, how is that block enacted when > most bittorrent apps support protocol obfuscation and dynamic ports? TOR exit nodes allow/forbid a fixed set of TCP port, that all they do AFAIK. Chris From dwhite at olp.net Wed Jan 14 10:29:25 2015 From: dwhite at olp.net (Dan White) Date: Wed, 14 Jan 2015 12:29:25 -0600 Subject: Comsec Dream In-Reply-To: References: Message-ID: <20150114182925.GC21463@dan.olp.net> On 01/14/15 11:30 -0500, John Young wrote: >Comsec dream: secure means uniquely controllable by each person. >Free of faith, scripture, authorities, investors, apologists, exploiters. http://en.wikipedia.org/wiki/Zero-knowledge_proof -- Dan White From tbiehn at gmail.com Wed Jan 14 11:17:12 2015 From: tbiehn at gmail.com (Travis Biehn) Date: Wed, 14 Jan 2015 14:17:12 -0500 Subject: Comsec Dream In-Reply-To: <20150114182925.GC21463@dan.olp.net> References: <20150114182925.GC21463@dan.olp.net> Message-ID: John might consider applied cryptography to be: faith, scripture, authorities, investors, apologists, exploiters. It's the best scripture we've got. -Travis On Wed, Jan 14, 2015 at 1:29 PM, Dan White wrote: > On 01/14/15 11:30 -0500, John Young wrote: > >> Comsec dream: secure means uniquely controllable by each person. >> Free of faith, scripture, authorities, investors, apologists, exploiters. >> > > http://en.wikipedia.org/wiki/Zero-knowledge_proof > > -- > Dan White > -- Twitter | LinkedIn | GitHub | TravisBiehn.com | Google Plus -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1639 bytes Desc: not available URL: From cathalgarvey at cathalgarvey.me Wed Jan 14 06:22:16 2015 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Wed, 14 Jan 2015 14:22:16 +0000 Subject: peerio.com Message-ID: <54B67B98.6050608@cathalgarvey.me> Just landed beta: open source, minilock-based crypto, really nice design. Server side storage of end-to-end encrypted files and messages, 1.3Gb of storage for free. No ads. https://peerio.com I expect that the "product" will end up being "storage space", which is fine by me! Right now the server code isn't open, though the protocol (and therefore API) is very well documented in the git source: https://github.com/PeerioTechnologies/peerio-client Expect to see it banned in the UK soon. :) From drwho at virtadpt.net Wed Jan 14 14:39:34 2015 From: drwho at virtadpt.net (The Doctor) Date: Wed, 14 Jan 2015 14:39:34 -0800 Subject: Does Cypherpunk need a Church? In-Reply-To: <20150114124155.GA18002@sivokote.iziade.m$> References: <20150114124155.GA18002@sivokote.iziade.m$> Message-ID: <54B6F026.5090002@virtadpt.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 01/14/2015 04:41 AM, Georgi Guninski wrote: > An admin I trolled about religion countertrolled he believes in the > "god of servers". The rantmedia.ca folks used to talk semi-seriously about SERVER, and whether or not it had the Buddha nature. - -- The Doctor [412/724/301/703/415] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "So light your candles, and may SERVER protect us all." --Sean Kennedy VI -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJUtvAhAAoJED1np1pUQ8RkaH4P/id10gwi8ebn1DLbw0lVckeb SeWTd/0Cpai8qxdrzspMlp9xCLNYixo/6xAXPn2+P3ytFGrJh9vu3Dn+IMWycrWn jSioqYFXlWgOVDZnDL7WsV/uuS3nkHjDEOnkXz5n/qND4CADBWk61xU+iP46k+uj rZbDX9TYqHY+dE/GVaQstjAesJpsi2mVmeDom1lvVMRnykUkjIusanEDMylCxZ5E QIUeWJs52+9Ajd0ldb2ggIMPkxzBDCt/JiW8fsvhZID4PeNZu/mPFn69iXsMjR21 AP1tj153SXaQoYzL8VtNkZGnZyevWJlUtlHaKZUz1Hvov427g4GaIurHmTXDrqpV YhlyKlq6qwNek58YskU8mefjsK+GjTV4cl6zV93axSgXD4Ho4FvGb05amimNtZwn ijMM4vFmsPcl+3FIKgkski+ioCBSqJpPepTLU/v+oFg7LWiWaM1FxE4MmV4uD4zb SKKQNxerPWNrbymG6jqn2afuUn/IsluZXSUk7M8zP0oYfHH3HbivTP9yDiAEnO7z leGSlzFQLFw5JFFuPGFPcgNOgxqbv2VPhqTGnEIpq352w86vjiUNxCZR/gtxambl XphMW9fhWcR6Hlxv6WXw9s1uf/DIWNjzMutlDFkEaCdQAOnb/iBfzRo+1F0JzOcz dobebLb+7GO7dpgAD4sZ =suvY -----END PGP SIGNATURE----- From guninski at guninski.com Wed Jan 14 04:41:55 2015 From: guninski at guninski.com (Georgi Guninski) Date: Wed, 14 Jan 2015 14:41:55 +0200 Subject: Does Cypherpunk need a Church? In-Reply-To: References: Message-ID: <20150114124155.GA18002@sivokote.iziade.m$> On Tue, Jan 13, 2015 at 02:09:26PM -0500, grarpamp wrote: > Does Cypherpunk need a Church? > If so, what should it look like? Who are its priests? What are its > idols? What happens to alms? For whom is its mission? How does it > go about things and/or serve its people in the famliar (or unfamiliar) > ways of other churches? Is it purely internal or does it have > political or other external elements? Etc... > > https://en.wikipedia.org/wiki/Missionary_Church_of_Kopimism > https://en.wikipedia.org/wiki/Jediism > https://en.wikipedia.org/wiki/Anonymous_(group) > https://en.wikipedia.org/wiki/Raelism > > https://en.wikipedia.org/wiki/Religious_organization > https://en.wikipedia.org/wiki/Classifications_of_religious_movements > https://en.wikipedia.org/wiki/New_religious_movement > https://en.wikipedia.org/wiki/List_of_new_religious_movements I suppose if this religion needs a deity, the heterogeneous crowd will have hard time agreeing on deity/deities :) An admin I trolled about religion countertrolled he believes in the "god of servers". From mirimir at riseup.net Wed Jan 14 13:52:00 2015 From: mirimir at riseup.net (Mirimir) Date: Wed, 14 Jan 2015 14:52:00 -0700 Subject: peerio.com In-Reply-To: <54B6CB0D.1050706@cathalgarvey.me> References: <54B67B98.6050608@cathalgarvey.me> <54B6B639.4030001@riseup.net> <54B6C45D.1020103@cathalgarvey.me> <54B6C856.1040905@aestetix.com> <54B6CB0D.1050706@cathalgarvey.me> Message-ID: <54B6E500.30400@riseup.net> On 01/14/2015 01:01 PM, Cathal Garvey wrote: >> Has Cloudflare made any statements about whether they log traffic >> and/or hand over data to governments? > > Well, anyone with a brain knows they do, and that statements from a US > company are meaningless because nobody wants to go to jail over an NSL. :) > What a top-level observer can see (AFAIK) is who's logged in, probably > what their username/keyID is, and how much they're talking to the server. > > Because peerio uses miniLock formatted messages, the potential exists > for minimal-knowledge service, but from the github docs it seems the > server maintains an entry for which user is allowed to access which > encrypted files, and therefore reveals to an observer who's the recipient. > > So, it's a metadata-rich service, little better in that regard than > email.. although the encryption is pretty well designed and unless you > set up a "PIN" there's no permanent storage of private keys even on your > computer, so it's also quite secure when crossing borders. So it would be prudent to use pseudonyms, and to access via some mix of VPN(s), JonDonym and Tor (according to ones need for anonymity vs speed). And using devices with removable local storage, there would be no traces to be inspected by adversaries. Cool. But still, how is peerio more secure spideroak, for example? > Also, there is a feature that clearly relies on compliant clients, where > you can delete files from the server including copies sent to clients. > Obviously if the attached files are downloaded from the system, this > can't reach them, but it will destroy any "authenticated" copies of the > messages from the server, if it works (you're trusting the server). > OPSEC wise, this is a nice feature because it means you can clean up > after yourself and keep the authenticated-data-at-rest on either end of > a conversation to a minimum. > > On 14/01/15 19:49, aestetix wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> It's also worth noting that they are using Cloudflare. Has Cloudflare >> made any statements about whether they log traffic and/or hand over >> data to governments? > From rysiek at hackerspace.pl Wed Jan 14 06:08:32 2015 From: rysiek at hackerspace.pl (rysiek) Date: Wed, 14 Jan 2015 15:08:32 +0100 Subject: Does Cypherpunk need a Church? In-Reply-To: <20150114124155.GA18002@sivokote.iziade.m$> References: <20150114124155.GA18002@sivokote.iziade.m$> Message-ID: <4971932.UYAX8xIp6F@lapuntu> Dnia środa, 14 stycznia 2015 14:41:55 Georgi Guninski pisze: > On Tue, Jan 13, 2015 at 02:09:26PM -0500, grarpamp wrote: > > Does Cypherpunk need a Church? > > If so, what should it look like? Who are its priests? What are its > > idols? What happens to alms? For whom is its mission? How does it > > go about things and/or serve its people in the famliar (or unfamiliar) > > ways of other churches? Is it purely internal or does it have > > political or other external elements? Etc... > > > > https://en.wikipedia.org/wiki/Missionary_Church_of_Kopimism > > https://en.wikipedia.org/wiki/Jediism > > https://en.wikipedia.org/wiki/Anonymous_(group) > > https://en.wikipedia.org/wiki/Raelism > > > > https://en.wikipedia.org/wiki/Religious_organization > > https://en.wikipedia.org/wiki/Classifications_of_religious_movements > > https://en.wikipedia.org/wiki/New_religious_movement > > https://en.wikipedia.org/wiki/List_of_new_religious_movements > > I suppose if this religion needs a deity, the heterogeneous > crowd will have hard time agreeing on deity/deities :) I think the diety should be anonymous, nameless, but it should be imperative to create and use as many impromptu names for it as possible. I would also consider a rule saying that it is imperative for the faithful to draw caricatures of said deity at least once a year, and publish them. > An admin I trolled about religion countertrolled he believes > in the "god of servers". I can see that. Come Monday morning, an admin comes to his workplace, notices there's, say, some random leakage of water from a pipe above the server room and goes: "oh god, the servers!" -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Wed Jan 14 06:12:25 2015 From: rysiek at hackerspace.pl (rysiek) Date: Wed, 14 Jan 2015 15:12:25 +0100 Subject: 3 Bitcoin-related websites blocked in Russia, including bitcoin.org In-Reply-To: <54B5D2CC.9030008@riseup.net> References: <54B519B9.8040002@openmailbox.org> <1421196433.600399.213577109.4BB3C1EA@webmail.messagingengine.com> <54B5D2CC.9030008@riseup.net> Message-ID: <3072189.BWStVeFPzq@lapuntu> Dnia wtorek, 13 stycznia 2015 19:22:04 Mirimir pisze: > On 01/13/2015 05:47 PM, Alfie John wrote: > > On Wed, Jan 14, 2015, at 11:17 AM, rysiek wrote: > >> Dnia wtorek, 13 stycznia 2015 23:24:46 odinn pisze: > >> Tel that to David Censormoron, or whatever his surname really is. > >> http://www.theregister.co.uk/2015/01/12/iranuk_in_accord_as_pm_promises_t > >> o_block_encrypted_comms_after_election/ > >> > >> Seriously, anybody from the UK here? How's the situation on the Isles, > >> is there any chance to stop this madness? > > > > Don't try to stop it. In fact, we should all be rallying the people of > > the UK to champion this and put this in affect. Once the election > > results are over, the new government are sworn in, and the laws are > > passed, encryption is turned off throughout the UK. Awesome job. Pat on > > the back. Then watch how the banking sector no longer guarantee online > > transactions safe, the proles stop using credit cards online for > > ecommerce, and businesses stop using their company VPNs. > > > > Be careful what you wish for David. > > > > Alfie > > I'm sure that the UK would just require registration for using SSH, TLS, > IPsec, OpenVPN, etc, etc. Consider Iran's approach in 2013.[0] > > | "Within the last few days illegal VPN ports in the country have > | been blocked," Ramezanali Sobhani-Fard, the head of the Iranian > | parliament's information and communications technology committee, > | told Mehr news agency, according to Reuters. "Only legal and > | registered VPNs can from now on be used." Exactly. I'm sure the banking sector and the government would find some amicable solution. For instance, banks could be exempt, as they already provide any and all info the government asks them to. Be careful what you wish for, Alfie. This, like many other laws, would be a classic example of "give me a man and I'll find a crime". Magically, *some* users of encryption would not be hindered/persecuted, and some would be to the full extent permissible by law -- and far beyond. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Wed Jan 14 06:19:21 2015 From: rysiek at hackerspace.pl (rysiek) Date: Wed, 14 Jan 2015 15:19:21 +0100 Subject: NSA Attacks on VPN, SSL, TLS, SSH, Tor In-Reply-To: <20150114033942.GA31197@tagesuhu-pc.batista.in> References: <54A0F5A8.5050708@metaverse.org> <1731342.CgRZqsvXkn@lapuntu> <20150114033942.GA31197@tagesuhu-pc.batista.in> Message-ID: <1613935.gg0MLHGOQg@lapuntu> Dnia środa, 14 stycznia 2015 01:39:42 L pisze: > On Sat, Jan 10, 2015 at 02:13:33AM +0100, rysiek wrote: > > Dnia wtorek, 30 grudnia 2014 18:46:10 Georgi Guninski pisze: > > > On Tue, Dec 30, 2014 at 09:09:08AM -0600, Troy Benjegerdes wrote: > > > > The US government benefits greatly from dissidents in North Korea, > > > > China, Russia, Japan, and Germany being able to effectively use Tor > > > > to exfiltrate business intelligence and leak it to the people that > > > > run this country, the campaign contributors. > > > > > > Sorry, but I don't believe this. > > > > > > I agree with juan that tor has many bugs and quite likely is > > > > > > _heavily_ backdoored, the bugs we see are probably just the top of > > > > > > the iceberg. > > > > > > I suppose sufficiently many people got busted because of trusting tor > > > naively. > > > > Show us the bugs, the backdoors, the examples of busted people, eh? > > Well, I for one, have been busted real hard. They call it PITA. Great. Can we try to locate and identify the backdoor? The code is open, so it *should* be possible, right? inb4 trusting trust, use your own compiler or something ;) -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From cathalgarvey at cathalgarvey.me Wed Jan 14 07:25:06 2015 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Wed, 14 Jan 2015 15:25:06 +0000 Subject: peerio.com In-Reply-To: References: <54B67B98.6050608@cathalgarvey.me> Message-ID: <54B68A52.7070605@cathalgarvey.me> Which mildly concerns me also, however it's in Beta so I suspect when 1.0 lands it'll be "additional disk space" plus additional features. Besides, the threat model is pretty transparent (content is invisible but senders/recipients/times all visible to server owner) and the client is open source and runs on a vetted crypto-scheme. The server is not open (yet?) but the documentation on the github makes the entire protocol very clear, so re-implementing would be time consuming but straightforward. Implementing a third-party server that federates, and extending the code to allow for cross-domain messages could make this a nice websocket-based standard replacement for email that's crypto-first, at last. In the mean-while, I'm happy to use Nadim's server and see where he takes it. On 14/01/15 15:10, Bill St. Clair wrote: > On Wed, Jan 14, 2015 at 9:22 AM, Cathal Garvey > > wrote: > > Just landed beta: open source, minilock-based crypto, really nice > design. Server side storage of end-to-end encrypted files and > messages, 1.3Gb of storage for free. No ads. > > https://peerio.com > > > ​Promise of no ads ever. No sign of any usage fees. May be good > technology, but I see no business plan.​ > > -Bill St. Clair -- Twitter: @onetruecathal Phone: +353876363185 miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM peerio.com: Use email or phone. Uses above miniLock key. From juan.g71 at gmail.com Wed Jan 14 10:47:33 2015 From: juan.g71 at gmail.com (Juan) Date: Wed, 14 Jan 2015 15:47:33 -0300 Subject: bitcomedy Message-ID: <54b6b92f.c733e00a.0da7.ffffcd45@mx.google.com> https://www.bitstamp.net/article/relaunch-faq/ What law enforcement agencies are involved in the investigation? Bitstamp is working closely with US and international law enforcement agencies specializing in digital-currency. From mirimir at riseup.net Wed Jan 14 15:40:37 2015 From: mirimir at riseup.net (Mirimir) Date: Wed, 14 Jan 2015 16:40:37 -0700 Subject: Pond and Keybase [was peerio.com] In-Reply-To: <54B6E908.9010509@cathalgarvey.me> References: <54B67B98.6050608@cathalgarvey.me> <54B6B639.4030001@riseup.net> <54B6C45D.1020103@cathalgarvey.me> <54B6C856.1040905@aestetix.com> <54B6CB0D.1050706@cathalgarvey.me> <54B6E500.30400@riseup.net> <54B6E908.9010509@cathalgarvey.me> Message-ID: <54B6FE75.3090902@riseup.net> On 01/14/2015 03:09 PM, Cathal Garvey wrote: >> So it would be prudent to use pseudonyms, and to access via some mix >> of VPN(s), JonDonym and Tor (according to ones need for anonymity vs >> speed). And using devices with removable local storage, there would be >> no traces to be inspected by adversaries. > > Well, I use my real name in most places and communicate a lot with > real-world friends and family by email, su using Peerio is therefore a > step up in security for me even if I continue to go by my usual name and > use my usual IPs. > > If you need hard anonymity, this is only a marginal gain over regular > email because metadata (when, who, how, where) is a significant threat > to anonymity. So yea, use a burner email when setting up a peerio > account (no longer required after setup, probably a throwback to > email-as-salt in miniLock plus contact discovery by known email > address), then use through Tor (do research whether websockets are > tor-safe?). > >> Cool. But still, how is peerio more secure spideroak, for example? > > Spideroak appears to be more about file storage and sync, whereas Peerio > seems to me to simply be a better approach to server:client email. It's > down to the bone: message-passing with attachments, and a nice UI. How about Pond as email replacement? > As a crypto-app, it's targeted at the mainstream, and people who > interact with the mainstream. People on this list will have better, more > secure ways of communicating, but Nadim (to his credit) excels at making > crypto-apps that can appeal to normal users while adding a significant > privacy. It's an easier sell from "us" to "them". I'm curious what you (and others here) think about Keybase, which also seems heavily targeted at normal users. There was some discussion here in mid 2014, but Keybase has been tweaked a lot since then. I'm quite impressed with its usability, but I don't have the expertise to properly evaluate its security. I am uncomfortable with the option of uploading private GnuPG keys, and counting on symmetric encryption for securing them. Better I think would be helping users understand how to properly migrate keys between devices, or perhaps to use smartcards. > On 14/01/15 21:52, Mirimir wrote: >> On 01/14/2015 01:01 PM, Cathal Garvey wrote: >>> Well, anyone with a brain knows they do, and that statements from a US >>> company are meaningless because nobody wants to go to jail over an NSL. >> >> :) >> >>> What a top-level observer can see (AFAIK) is who's logged in, probably >>> what their username/keyID is, and how much they're talking to the >>> server. >>> >>> Because peerio uses miniLock formatted messages, the potential exists >>> for minimal-knowledge service, but from the github docs it seems the >>> server maintains an entry for which user is allowed to access which >>> encrypted files, and therefore reveals to an observer who's the >>> recipient. >>> >>> So, it's a metadata-rich service, little better in that regard than >>> email.. although the encryption is pretty well designed and unless you >>> set up a "PIN" there's no permanent storage of private keys even on your >>> computer, so it's also quite secure when crossing borders. >> >> So it would be prudent to use pseudonyms, and to access via some mix of >> VPN(s), JonDonym and Tor (according to ones need for anonymity vs >> speed). And using devices with removable local storage, there would be >> no traces to be inspected by adversaries. >> >> Cool. But still, how is peerio more secure spideroak, for example? >> >>> Also, there is a feature that clearly relies on compliant clients, where >>> you can delete files from the server including copies sent to clients. >>> Obviously if the attached files are downloaded from the system, this >>> can't reach them, but it will destroy any "authenticated" copies of the >>> messages from the server, if it works (you're trusting the server). >>> OPSEC wise, this is a nice feature because it means you can clean up >>> after yourself and keep the authenticated-data-at-rest on either end of >>> a conversation to a minimum. > From chgans at gna.org Tue Jan 13 20:26:27 2015 From: chgans at gna.org (Christian Gagneraud) Date: Wed, 14 Jan 2015 17:26:27 +1300 Subject: [Cryptography] open hardware as a defence against state-level attacks In-Reply-To: <20150114015632.GM13243@hexapodia.org> References: <54ACE91A.3050808@iang.org> <54B3A5F7.8020608@iang.org> <20150114015632.GM13243@hexapodia.org> Message-ID: <54B5EFF3.2050105@gna.org> On 14/01/15 14:56, Andy Isaacson wrote: > On Mon, Jan 12, 2015 at 03:04:23PM -0500, grarpamp wrote: >> Yet let me open another related line of thinking... >> >> Where are the open fabs for makers instead of submitting open >> designs to closed fabs? It's 2015, crowdfunding, open source, >> non-profits, and public monitoring are done. Chip fabs are not cheap, you need billions of dollars/euros to start one up[1]. A more reasonable approach would be to buy an old one, but you would still need lot of millions. And this is without taking running costs into account. Running a fabrication plant is quite different from running a fablab or a hacker space.... Having micro-electonics background and being an open-source proponent, i have been thinking about this kind of problems for a while. Before going for a semiconductor fabrication plant, maybe it would be better to start with something more simple like resistors, capacitors, diodes, transistors, ... (Look at the GNU project, they bootstrapped their "complete free Unix-like system" with gcc, make, libc and the likes, they didn't start with gimp or gnome) 10/20 years ago, you would make your PCBs yourself (Printed Circuit Board [2]), the technology started with single layer PCB, and then came the 2 layers (double-sided) PCBs, it was a bit more difficult, but it was still doable. By 2015 the standard is 4, 6, 8+ layers, and I've never heard of DIY method to make such 4+ layers PCBs. Single and double layers PCBs are still useful, and i'm sure there's plenty of fablabs/hackespaces with the right gears to help you make them. But if your goal is to make a phone, a PC, ... you need way more advanced technology. I see Open-Hardware as a myth and an utopia (I'm OK with this I am an utopian myself): - A myth because so far people have created open electronics design with proprietary physical electronics and electro-mechnical components. I could go for hours on this one, just get one of this board in your hand (a Pi, beagleborad, arduino, ...) and look at it, every single physical part is proprietary, every single one! They usually used proprietary EDA software, with proprietary 3rd party libraries, they certainly sent their open designs to the PCB manufacturer using a proprietary format. And then they load it with open-source software and claim the thing to be open-hardware... (don't get me wrong, hat off to these awesome guys!) - An utopia because we are light-years away from being able to produce 100.0% open-hardware. As I said, a 100.0% open-hardware piece of equipment means that you have access to the technology of all parts being used to produce the final product (the equivalent of the source code of all open-source projects (and standards) needed to create a Linux distro for example). but as of today, nothing is open-technology, even a simple plastic connector or a ceramic capacitor are protected by patents all over the place! The manufacturers of these parts usually kindly provides you with models of their components (electronic symbol, 3D model, PCB footprint, Ibis model, spice models, ...), nice, isn't it? Well, no, their license are not even compatible with any open-source ones, which mean you cannot use them to make an open-design, you have to start from scratch, almost each time! To go towards a world where 100.0% open-hardware (electronics) is thinkable we would need: - open technology to fabricate multi-layers PCBs ([3] looks promising) - open technology to fabricate simple electronic and mechanical components (think resistors, capacitors, transistors, connectors, LEDs, ...) - open technology to fabricate complex chips (CPU, memories, FPGAs, ...) - open SW technology to create these electronics designs (using SW called EDA, CAD, ...)[4] - And above all we need open standards! Fuck IEEE, IEC, IPC, etc... (As an exercise to the reader: try to imagine how the internet and the web would be if W3C and IETF were producing only closed and pricey standards) Some interesting projects in case you don't know them: http://opensourceecology.org http://opencores.org/ http://www.ohwr.org/ PS: I know you started with open-source micro-electronics projects like a CPU chip, and i replied more on the above level (make a motherboard with the said CPU), but I think my point still stands: We first need open basic physical blocks (components) with which we will then create open complex parts. Chris [1] https://en.wikipedia.org/wiki/List_of_semiconductor_fabrication_plants [2] https://en.wikipedia.org/wiki/Printed_circuit_board [3] Sorry can't find the link, but it's about printed carbon tracks on a piece of paper instead of using chemical process to create copper tracks on flame retardant material... [4] If you're interested in these, just compare FreeCAD against SolidWorks and KiCAD against Altium, both FreeCAD and KiCAD are lacking far, far, far behind: FreeCAD (open source): http://www.freecadweb.org/ SolidWorks (proprietary): http://www.solidworks.com/ KiCAD (open source): http://www.kicad-pcb.org Altium (proprietary): http://www.altium.com/ And I didn't even talk about monsters like Cadence () to make your own IC (chip), there's virtually nothing to compare to in the free world! > > The LowRISC project aims to build a complete open SoC based on the > RISC-V architecture and get chips fabbed. > > http://www.lowrisc.org/ > > -andy > From cathalgarvey at cathalgarvey.me Wed Jan 14 11:32:45 2015 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Wed, 14 Jan 2015 19:32:45 +0000 Subject: peerio.com In-Reply-To: <54B6B639.4030001@riseup.net> References: <54B67B98.6050608@cathalgarvey.me> <54B6B639.4030001@riseup.net> Message-ID: <54B6C45D.1020103@cathalgarvey.me> > It's an obvious vulnerability to use a domain that's controlled by the > US and its allies. More good reasons to implement an open server! :) On 14/01/15 18:32, Mirimir wrote: > On 01/14/2015 07:22 AM, Cathal Garvey wrote: >> Just landed beta: open source, minilock-based crypto, really nice >> design. Server side storage of end-to-end encrypted files and messages, >> 1.3Gb of storage for free. No ads. >> >> https://peerio.com > > Very cool. Thanks :) > >> I expect that the "product" will end up being "storage space", which is >> fine by me! Right now the server code isn't open, though the protocol >> (and therefore API) is very well documented in the git source: >> >> https://github.com/PeerioTechnologies/peerio-client >> >> Expect to see it banned in the UK soon. :) > > It's an obvious vulnerability to use a domain that's controlled by the > US and its allies. > -- Twitter: @onetruecathal Phone: +353876363185 miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM peerio.com: Use email or phone. Uses above miniLock key. From cathalgarvey at cathalgarvey.me Wed Jan 14 12:01:17 2015 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Wed, 14 Jan 2015 20:01:17 +0000 Subject: peerio.com In-Reply-To: <54B6C856.1040905@aestetix.com> References: <54B67B98.6050608@cathalgarvey.me> <54B6B639.4030001@riseup.net> <54B6C45D.1020103@cathalgarvey.me> <54B6C856.1040905@aestetix.com> Message-ID: <54B6CB0D.1050706@cathalgarvey.me> > Has Cloudflare made any statements about whether they log traffic > and/or hand over data to governments? Well, anyone with a brain knows they do, and that statements from a US company are meaningless because nobody wants to go to jail over an NSL. What a top-level observer can see (AFAIK) is who's logged in, probably what their username/keyID is, and how much they're talking to the server. Because peerio uses miniLock formatted messages, the potential exists for minimal-knowledge service, but from the github docs it seems the server maintains an entry for which user is allowed to access which encrypted files, and therefore reveals to an observer who's the recipient. So, it's a metadata-rich service, little better in that regard than email.. although the encryption is pretty well designed and unless you set up a "PIN" there's no permanent storage of private keys even on your computer, so it's also quite secure when crossing borders. Also, there is a feature that clearly relies on compliant clients, where you can delete files from the server including copies sent to clients. Obviously if the attached files are downloaded from the system, this can't reach them, but it will destroy any "authenticated" copies of the messages from the server, if it works (you're trusting the server). OPSEC wise, this is a nice feature because it means you can clean up after yourself and keep the authenticated-data-at-rest on either end of a conversation to a minimum. On 14/01/15 19:49, aestetix wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > It's also worth noting that they are using Cloudflare. Has Cloudflare > made any statements about whether they log traffic and/or hand over > data to governments? From cathalgarvey at cathalgarvey.me Wed Jan 14 14:09:12 2015 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Wed, 14 Jan 2015 22:09:12 +0000 Subject: peerio.com In-Reply-To: <54B6E500.30400@riseup.net> References: <54B67B98.6050608@cathalgarvey.me> <54B6B639.4030001@riseup.net> <54B6C45D.1020103@cathalgarvey.me> <54B6C856.1040905@aestetix.com> <54B6CB0D.1050706@cathalgarvey.me> <54B6E500.30400@riseup.net> Message-ID: <54B6E908.9010509@cathalgarvey.me> > So it would be prudent to use pseudonyms, and to access via some mix > of VPN(s), JonDonym and Tor (according to ones need for anonymity vs > speed). And using devices with removable local storage, there would be > no traces to be inspected by adversaries. Well, I use my real name in most places and communicate a lot with real-world friends and family by email, su using Peerio is therefore a step up in security for me even if I continue to go by my usual name and use my usual IPs. If you need hard anonymity, this is only a marginal gain over regular email because metadata (when, who, how, where) is a significant threat to anonymity. So yea, use a burner email when setting up a peerio account (no longer required after setup, probably a throwback to email-as-salt in miniLock plus contact discovery by known email address), then use through Tor (do research whether websockets are tor-safe?). > Cool. But still, how is peerio more secure spideroak, for example? Spideroak appears to be more about file storage and sync, whereas Peerio seems to me to simply be a better approach to server:client email. It's down to the bone: message-passing with attachments, and a nice UI. As a crypto-app, it's targeted at the mainstream, and people who interact with the mainstream. People on this list will have better, more secure ways of communicating, but Nadim (to his credit) excels at making crypto-apps that can appeal to normal users while adding a significant privacy. It's an easier sell from "us" to "them". On 14/01/15 21:52, Mirimir wrote: > On 01/14/2015 01:01 PM, Cathal Garvey wrote: >> Well, anyone with a brain knows they do, and that statements from a US >> company are meaningless because nobody wants to go to jail over an NSL. > > :) > >> What a top-level observer can see (AFAIK) is who's logged in, probably >> what their username/keyID is, and how much they're talking to the server. >> >> Because peerio uses miniLock formatted messages, the potential exists >> for minimal-knowledge service, but from the github docs it seems the >> server maintains an entry for which user is allowed to access which >> encrypted files, and therefore reveals to an observer who's the recipient. >> >> So, it's a metadata-rich service, little better in that regard than >> email.. although the encryption is pretty well designed and unless you >> set up a "PIN" there's no permanent storage of private keys even on your >> computer, so it's also quite secure when crossing borders. > > So it would be prudent to use pseudonyms, and to access via some mix of > VPN(s), JonDonym and Tor (according to ones need for anonymity vs > speed). And using devices with removable local storage, there would be > no traces to be inspected by adversaries. > > Cool. But still, how is peerio more secure spideroak, for example? > >> Also, there is a feature that clearly relies on compliant clients, where >> you can delete files from the server including copies sent to clients. >> Obviously if the attached files are downloaded from the system, this >> can't reach them, but it will destroy any "authenticated" copies of the >> messages from the server, if it works (you're trusting the server). >> OPSEC wise, this is a nice feature because it means you can clean up >> after yourself and keep the authenticated-data-at-rest on either end of >> a conversation to a minimum. -- Twitter: @onetruecathal Phone: +353876363185 miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM peerio.com: Use email or phone. Uses above miniLock key. From hozer at hozed.org Wed Jan 14 20:24:27 2015 From: hozer at hozed.org (Troy Benjegerdes) Date: Wed, 14 Jan 2015 22:24:27 -0600 Subject: bitcoin tinfoil-hattery In-Reply-To: <20150115034640.8D080228211@palinka.tinho.net> References: <20150113200141.GB14804@nl.grid.coop> <20150115034640.8D080228211@palinka.tinho.net> Message-ID: <20150115042427.GD14804@nl.grid.coop> On Wed, Jan 14, 2015 at 10:46:40PM -0500, dan at geer.org wrote: > > Plausibility on a scale of 1-5 .. I say 4, what say you all? > > When trying to execute a pump&dump scheme, it is more effective > to attack something thinly traded, assuming, of course, that there > are enough marks available to fleece. In other words, pick a > different coin: > > http://alt19.com/19/cryptocurrency.php > > > --dan > Interesting, what do they mean by 'capitalization hard limit' A couple of those coins have ongoing block rewards that never drop to zero, or proof-of stake, so there's not really a hard limit. And then there are non-obvious bugs that can blow up.. And it's rather important to read the code and not the coins marketing. Some of this stuff is kinda hilarious https://github.com/fourtytwo42/42/blob/master/src/main.cpp#L835 From rysiek at hackerspace.pl Wed Jan 14 14:54:02 2015 From: rysiek at hackerspace.pl (rysiek) Date: Wed, 14 Jan 2015 23:54:02 +0100 Subject: peerio.com In-Reply-To: <54B6E908.9010509@cathalgarvey.me> References: <54B67B98.6050608@cathalgarvey.me> <54B6E500.30400@riseup.net> <54B6E908.9010509@cathalgarvey.me> Message-ID: <1510607.vrVj6zLLcz@lapuntu> Dnia środa, 14 stycznia 2015 22:09:12 Cathal Garvey pisze: > > So it would be prudent to use pseudonyms, and to access via some mix > > of VPN(s), JonDonym and Tor (according to ones need for anonymity vs > > speed). And using devices with removable local storage, there would be > > no traces to be inspected by adversaries. > > Well, I use my real name in most places and communicate a lot with > real-world friends and family by email, su using Peerio is therefore a > step up in security for me even if I continue to go by my usual name and > use my usual IPs. > > If you need hard anonymity, this is only a marginal gain over regular > email because metadata (when, who, how, where) is a significant threat > to anonymity. So yea, use a burner email when setting up a peerio > account (no longer required after setup, probably a throwback to > email-as-salt in miniLock plus contact discovery by known email > address), then use through Tor (do research whether websockets are > tor-safe?). > > > Cool. But still, how is peerio more secure spideroak, for example? > > Spideroak appears to be more about file storage and sync, whereas Peerio > seems to me to simply be a better approach to server:client email. It's > down to the bone: message-passing with attachments, and a nice UI. > > As a crypto-app, it's targeted at the mainstream, and people who > interact with the mainstream. People on this list will have better, more > secure ways of communicating, but Nadim (to his credit) excels at making > crypto-apps that can appeal to normal users while adding a significant > privacy. It's an easier sell from "us" to "them". With server code closed, it doesn't make sense to me to "sell" it to anybody. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From ryacko at gmail.com Thu Jan 15 01:57:56 2015 From: ryacko at gmail.com (Ryan Carboni) Date: Thu, 15 Jan 2015 01:57:56 -0800 Subject: Russian blockade of common bitcoin sites Message-ID: > > This is a different issue. As I read the Perspecsys piece, it's about > protecting Russian users' data from the NSA etc, and not about censoring > online activity. And the Nazi invasion of Poland was to protect ethnic Germans from Polish atrocities. The same goes for the Russian invasion of Ukraine. I think Putin is trustworthy. His most trustworthy moment was when Snowden called in to his yearly TV show and he told Snowden that Russia does not spy on it's citizens like the NSA. Let's take the word of a politician at face value, what could go wrong? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 798 bytes Desc: not available URL: From cathalgarvey at cathalgarvey.me Thu Jan 15 03:20:22 2015 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Thu, 15 Jan 2015 11:20:22 +0000 Subject: peerio.com In-Reply-To: <1510607.vrVj6zLLcz@lapuntu> References: <54B67B98.6050608@cathalgarvey.me> <54B6E500.30400@riseup.net> <54B6E908.9010509@cathalgarvey.me> <1510607.vrVj6zLLcz@lapuntu> Message-ID: <54B7A276.9010705@cathalgarvey.me> If the server code were open, how would you know the server was actually running that code anyway? Having the protocol documented so thoroughly makes the task of writing an alternative server trivial if time-consuming. I'd obviously prefer the server were AGPL, and I hope someone will write an AGPL'd server and federation. For now though, the client is open source, the crypto doesn't suck, the UX is excellent, and the threat model is pretty transparent. I'm *never* going to inflict PGP on friends, but I'll happily inflict this on them. On 14/01/15 22:54, rysiek wrote: > Dnia środa, 14 stycznia 2015 22:09:12 Cathal Garvey pisze: >> > So it would be prudent to use pseudonyms, and to access via some mix >> > of VPN(s), JonDonym and Tor (according to ones need for anonymity vs >> > speed). And using devices with removable local storage, there would be >> > no traces to be inspected by adversaries. >> >> Well, I use my real name in most places and communicate a lot with >> real-world friends and family by email, su using Peerio is therefore a >> step up in security for me even if I continue to go by my usual name and >> use my usual IPs. >> >> If you need hard anonymity, this is only a marginal gain over regular >> email because metadata (when, who, how, where) is a significant threat >> to anonymity. So yea, use a burner email when setting up a peerio >> account (no longer required after setup, probably a throwback to >> email-as-salt in miniLock plus contact discovery by known email >> address), then use through Tor (do research whether websockets are >> tor-safe?). >> >> > Cool. But still, how is peerio more secure spideroak, for example? >> >> Spideroak appears to be more about file storage and sync, whereas Peerio >> seems to me to simply be a better approach to server:client email. It's >> down to the bone: message-passing with attachments, and a nice UI. >> >> As a crypto-app, it's targeted at the mainstream, and people who >> interact with the mainstream. People on this list will have better, more >> secure ways of communicating, but Nadim (to his credit) excels at making >> crypto-apps that can appeal to normal users while adding a significant >> privacy. It's an easier sell from "us" to "them". > > With server code closed, it doesn't make sense to me to "sell" it to anybody. > -- Twitter: @onetruecathal Phone: +353876363185 miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM peerio.com: Use email or phone. Uses above miniLock key. From cathalgarvey at cathalgarvey.me Thu Jan 15 03:24:43 2015 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Thu, 15 Jan 2015 11:24:43 +0000 Subject: Pond and Keybase [was peerio.com] In-Reply-To: <54B6FE75.3090902@riseup.net> References: <54B67B98.6050608@cathalgarvey.me> <54B6B639.4030001@riseup.net> <54B6C45D.1020103@cathalgarvey.me> <54B6C856.1040905@aestetix.com> <54B6CB0D.1050706@cathalgarvey.me> <54B6E500.30400@riseup.net> <54B6E908.9010509@cathalgarvey.me> <54B6FE75.3090902@riseup.net> Message-ID: <54B7A37B.5010609@cathalgarvey.me> > How about Pond as email replacement? I've looked at Pond long enough to see that it calls upon Tor for most of the anonymity heavy-lifting, and that it is clearly targeted at technical users. Most of the people in my life who I speak privately to are not technical. I don't think trivial UX is near in Pond's development roadmap. > I'm curious what you (and others here) think about Keybase, which also > seems heavily targeted at normal users. There was some discussion here > in mid 2014, but Keybase has been tweaked a lot since then. I'm quite > impressed with its usability, but I don't have the expertise to properly > evaluate its security. I am uncomfortable with the option of uploading > private GnuPG keys, and counting on symmetric encryption for securing > them. Better I think would be helping users understand how to properly > migrate keys between devices, or perhaps to use smartcards. Keybase could have been a great way to encourage PGP uptake among normal people years ago when things were accepted to be difficult universally, but PGP's days are behind us. PGP makes a good way to sign code but remains a terrible way to communicate securely, because although it's "uncrackable" when used correctly, it's very easy to accidentally screw up using PGP on either end of the conversation. Also, the lack of PFS ignores parts of the modern threat model that were speculative when PGP was created. Suffice to say that, even ignoring the issues with Keybase encouraging key escrow by "allowing" or encouraging key upload (!!!), I don't think it helps. Perhaps as a basis on which to build a web-of-trust that can be transposed into newer cryptosystems, but the key escrow part makes falsification of trust a real possibility. Anyway, maybe that's just me. -- Twitter: @onetruecathal Phone: +353876363185 miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM peerio.com: Use email or phone. Uses above miniLock key. From cathalgarvey at cathalgarvey.me Thu Jan 15 03:26:22 2015 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Thu, 15 Jan 2015 11:26:22 +0000 Subject: bitcoin tinfoil-hattery In-Reply-To: <20150115042427.GD14804@nl.grid.coop> References: <20150113200141.GB14804@nl.grid.coop> <20150115034640.8D080228211@palinka.tinho.net> <20150115042427.GD14804@nl.grid.coop> Message-ID: <54B7A3DE.5030404@cathalgarvey.me> > A couple of those coins have ongoing block rewards that never > drop to zero, or proof-of stake, so there's not really a hard > limit. And then there are non-obvious bugs that can blow up.. To a libertarian, inflation is a "bug", but not necessarily to others. Models that allow infinite inflation over a long time-period are different economic models, rather than badly implemented crypto-code. Personally, I think inherently deflationary is a bad economic model, so I'd be more inclined towards an inflationary currency. On 15/01/15 04:24, Troy Benjegerdes wrote: > On Wed, Jan 14, 2015 at 10:46:40PM -0500, dan at geer.org wrote: >> > Plausibility on a scale of 1-5 .. I say 4, what say you all? >> >> When trying to execute a pump&dump scheme, it is more effective >> to attack something thinly traded, assuming, of course, that there >> are enough marks available to fleece. In other words, pick a >> different coin: >> >> http://alt19.com/19/cryptocurrency.php >> >> >> --dan >> > > Interesting, what do they mean by 'capitalization hard limit' > > A couple of those coins have ongoing block rewards that never > drop to zero, or proof-of stake, so there's not really a hard > limit. And then there are non-obvious bugs that can blow up.. > > And it's rather important to read the code and not the coins > marketing. Some of this stuff is kinda hilarious > > https://github.com/fourtytwo42/42/blob/master/src/main.cpp#L835 > -- Twitter: @onetruecathal Phone: +353876363185 miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM peerio.com: Use email or phone. Uses above miniLock key. From mirimir at riseup.net Thu Jan 15 10:57:55 2015 From: mirimir at riseup.net (Mirimir) Date: Thu, 15 Jan 2015 11:57:55 -0700 Subject: Russian blockade of common bitcoin sites In-Reply-To: References: Message-ID: <54B80DB3.7090409@riseup.net> On 01/15/2015 02:57 AM, Ryan Carboni wrote: >> >> This is a different issue. As I read the Perspecsys piece, it's about >> protecting Russian users' data from the NSA etc, and not about censoring >> online activity. > > > And the Nazi invasion of Poland was to protect ethnic Germans from Polish > atrocities. The same goes for the Russian invasion of Ukraine. Given how many nations are recreating their stuff to protect their citizens' data from NSA etc, the Russian efforts are not unusual. But of course Russia has a long history of social repression. One can argue that it's all defensive, and driven by fear of the Allies. Or instead, one can argue that it's just Russian mafia/oligarchs protecting their turf and sheeple. Reality is probably some mix of all that, with maybe even some idealism thrown in. > I think Putin is trustworthy. His most trustworthy moment was when Snowden > called in to his yearly TV show and he told Snowden that Russia does not > spy on it's citizens like the NSA. > > Let's take the word of a politician at face value, what could go wrong? Calling Putin a politician is in itself amusing :) From comzeradd at fsfe.org Thu Jan 15 04:12:26 2015 From: comzeradd at fsfe.org (Nikos Roussos) Date: Thu, 15 Jan 2015 12:12:26 +0000 Subject: peerio.com In-Reply-To: <54B7A276.9010705@cathalgarvey.me> References: <54B67B98.6050608@cathalgarvey.me> <54B6E500.30400@riseup.net> <54B6E908.9010509@cathalgarvey.me> <1510607.vrVj6zLLcz@lapuntu> <54B7A276.9010705@cathalgarvey.me> Message-ID: On January 15, 2015 1:20:22 PM EET, Cathal Garvey wrote: >If the server code were open, how would you know the server was >actually >running that code anyway? Having the protocol documented so thoroughly >makes the task of writing an alternative server trivial if >time-consuming. I'd obviously prefer the server were AGPL, and I hope >someone will write an AGPL'd server and federation. > >For now though, the client is open source, the crypto doesn't suck, the > >UX is excellent, and the threat model is pretty transparent. I'm >*never* >going to inflict PGP on friends, but I'll happily inflict this on them. Since this is mostly for synchronous communication, you can inflict jabber+otr, which has all the benefits you mention above. From dan at geer.org Thu Jan 15 09:20:33 2015 From: dan at geer.org (dan at geer.org) Date: Thu, 15 Jan 2015 12:20:33 -0500 Subject: Comsec Dream In-Reply-To: Your message of "Wed, 14 Jan 2015 11:30:15 -0500." Message-ID: <20150115172033.557B82280ED@palinka.tinho.net> John Young writes: | Comsec dream: secure means uniquely controllable by each person. | Free of faith, scripture, authorities, investors, apologists, exploiters. Civilization is the progress toward a society of privacy. The savage's whole existence is public, ruled by the laws of his tribe. Civilization is the process of setting man free from men. -- Ayn Rand, The Fountainhead (1943) From cathalgarvey at cathalgarvey.me Thu Jan 15 04:35:00 2015 From: cathalgarvey at cathalgarvey.me (Cathal (Phone)) Date: Thu, 15 Jan 2015 12:35:00 +0000 Subject: peerio.com In-Reply-To: References: <54B67B98.6050608@cathalgarvey.me> <54B6E500.30400@riseup.net> <54B6E908.9010509@cathalgarvey.me> <1510607.vrVj6zLLcz@lapuntu> <54B7A276.9010705@cathalgarvey.me> Message-ID: <63D2B3A6-FFA1-419D-8906-5C252CF45AAE@cathalgarvey.me> Who said synchronous? It's a chatlike, but this is server-hosted async message and file storage. Also, the failure of xmpp/jabber to attract the masses in the last decade is no accident. On 15 January 2015 12:12:26 GMT+00:00, Nikos Roussos wrote: > > >On January 15, 2015 1:20:22 PM EET, Cathal Garvey > wrote: >>If the server code were open, how would you know the server was >>actually >>running that code anyway? Having the protocol documented so thoroughly > >>makes the task of writing an alternative server trivial if >>time-consuming. I'd obviously prefer the server were AGPL, and I hope >>someone will write an AGPL'd server and federation. >> >>For now though, the client is open source, the crypto doesn't suck, >the >> >>UX is excellent, and the threat model is pretty transparent. I'm >>*never* >>going to inflict PGP on friends, but I'll happily inflict this on >them. > >Since this is mostly for synchronous communication, you can inflict >jabber+otr, which has all the benefits you mention above. -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1607 bytes Desc: not available URL: From juan.g71 at gmail.com Thu Jan 15 09:52:22 2015 From: juan.g71 at gmail.com (Juan) Date: Thu, 15 Jan 2015 14:52:22 -0300 Subject: bitcoin tinfoil-hattery In-Reply-To: <54B7A3DE.5030404@cathalgarvey.me> References: <20150113200141.GB14804@nl.grid.coop> <20150115034640.8D080228211@palinka.tinho.net> <20150115042427.GD14804@nl.grid.coop> <54B7A3DE.5030404@cathalgarvey.me> Message-ID: <54b7fdbf.4778e00a.0f02.ffffbd2a@mx.google.com> On Thu, 15 Jan 2015 11:26:22 +0000 Cathal Garvey wrote: > > A couple of those coins have ongoing block rewards that never > > drop to zero, or proof-of stake, so there's not really a hard > > limit. And then there are non-obvious bugs that can blow up.. > > To a libertarian, inflation is a "bug", but not necessarily to > others. LMAO!!!! Of course. To a parasite, the ability to steal isn't a 'bug' but a feature. > Models that allow infinite inflation over a long time-period > are different economic models, rather than badly implemented > crypto-code. > > Personally, I think inherently deflationary is a bad economic model, > so I'd be more inclined towards an inflationary currency. > > On 15/01/15 04:24, Troy Benjegerdes wrote: > > On Wed, Jan 14, 2015 at 10:46:40PM -0500, dan at geer.org wrote: > >> > Plausibility on a scale of 1-5 .. I say 4, what say you all? > >> > >> When trying to execute a pump&dump scheme, it is more effective > >> to attack something thinly traded, assuming, of course, that there > >> are enough marks available to fleece. In other words, pick a > >> different coin: > >> > >> http://alt19.com/19/cryptocurrency.php > >> > >> > >> --dan > >> > > > > Interesting, what do they mean by 'capitalization hard limit' > > > > A couple of those coins have ongoing block rewards that never > > drop to zero, or proof-of stake, so there's not really a hard > > limit. And then there are non-obvious bugs that can blow up.. > > > > And it's rather important to read the code and not the coins > > marketing. Some of this stuff is kinda hilarious > > > > https://github.com/fourtytwo42/42/blob/master/src/main.cpp#L835 > > > From list at sysfu.com Thu Jan 15 15:19:21 2015 From: list at sysfu.com (Seth) Date: Thu, 15 Jan 2015 15:19:21 -0800 Subject: DHS fingered Mt. Gox's Mark Karpales as original Silk Road founder Message-ID: Hat tip to UnSYSTEM mailing list http://www.dailydot.com/crime/ross-ulbricht-silk-road-mark-karpales-fbi/ http://www.reddit.com/r/Bitcoin/comments/2sjuvu/defense_in_silk_road_trial_arguing_mark_karpeles/cnq7f3i From guninski at guninski.com Thu Jan 15 05:42:33 2015 From: guninski at guninski.com (Georgi Guninski) Date: Thu, 15 Jan 2015 15:42:33 +0200 Subject: Official RFC: Opportunistic Security: Some Protection Most of the Time Message-ID: <20150115134233.GA2557@sivokote.iziade.m$> Official RFC: http://www.rfc-editor.org/rfc/rfc7435.txt Opportunistic Security: Some Protection Most of the Time V. Dukhovni Two Sigma December 2014 From hozer at hozed.org Thu Jan 15 15:04:56 2015 From: hozer at hozed.org (Troy Benjegerdes) Date: Thu, 15 Jan 2015 17:04:56 -0600 Subject: Comsec Dream In-Reply-To: <20150115172033.557B82280ED@palinka.tinho.net> References: <20150115172033.557B82280ED@palinka.tinho.net> Message-ID: <20150115230456.GE14804@nl.grid.coop> On Thu, Jan 15, 2015 at 12:20:33PM -0500, dan at geer.org wrote: > John Young writes: > | Comsec dream: secure means uniquely controllable by each person. > | Free of faith, scripture, authorities, investors, apologists, exploiters. > > > Civilization is the progress toward a society of privacy. The > savage's whole existence is public, ruled by the laws of his tribe. > Civilization is the process of setting man free from men. > -- Ayn Rand, The Fountainhead (1943) >From each according to his ability, to each according to his need Does this not describe the copyleft and copyfree software? Or maybe it describes a world where farmers figure out they can make more money by giving away all the food the world needs, and knowing when to sell the rest for profit? But I have a hard time believing that mathematics is anything other than a testable shared belief, in which we all share faith. From hozer at hozed.org Thu Jan 15 15:14:10 2015 From: hozer at hozed.org (Troy Benjegerdes) Date: Thu, 15 Jan 2015 17:14:10 -0600 Subject: bitcoin tinfoil-hattery In-Reply-To: <54b7fdbf.4778e00a.0f02.ffffbd2a@mx.google.com> References: <20150113200141.GB14804@nl.grid.coop> <20150115034640.8D080228211@palinka.tinho.net> <20150115042427.GD14804@nl.grid.coop> <54B7A3DE.5030404@cathalgarvey.me> <54b7fdbf.4778e00a.0f02.ffffbd2a@mx.google.com> Message-ID: <20150115231410.GF14804@nl.grid.coop> On Thu, Jan 15, 2015 at 02:52:22PM -0300, Juan wrote: > On Thu, 15 Jan 2015 11:26:22 +0000 > Cathal Garvey wrote: > > > > A couple of those coins have ongoing block rewards that never > > > drop to zero, or proof-of stake, so there's not really a hard > > > limit. And then there are non-obvious bugs that can blow up.. > > > > To a libertarian, inflation is a "bug", but not necessarily to > > others. > > > LMAO!!!! > > Of course. To a parasite, the ability to steal isn't a 'bug' > but a feature. Libertarians are such easy marks... http://quickercoins.com/42coins/ Can you tell if 42coin is inflationary, or follows proper orthodoxy and actually has a hard limit? The problem with Ultra-orthadox religious libertarians is they can't seem to believe that the code might do anything other than what the marketing says it does. From grarpamp at gmail.com Thu Jan 15 14:29:31 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 15 Jan 2015 17:29:31 -0500 Subject: Cypherpunk reviews of products [was: peerio.com] Message-ID: Regarding peerio.com thread... The issue there is that so far it appears they're just another commercial startup of the day trying to figure out if they can monetize it by witholding the server. Their interest does not yet appear to be in you, but in holding your accounts. Which they or govt can cancel (censor) at any time. Just like any other centralized commercial service on the net. While not the content, they apparently have access to all your messaging and storage metadata and friend lists, so that's a non improvement. And non-optional read message notification back to the sender? Well, if you like being trapped by senders. They claim to be 'peer reviewed' and "professionally audited' in big letters but provide no such backing papers anywhere. They say "tested and proven security" and all sorts of other marketing drivel and hype (look at their github site commits) and provide few self-caveats. Their source probably doesn't match the binaries they're distributing. How exactly do they plan on being "free and ad-free and not selling you" while existing past year one. Wasn't one of the author's Cryptocat flawed too? Etc. Here's another classic game being played... "we [...] require the user to confirm their email or phone number." Really, wtf, default to that if you want for the masses security/recovery illusion, but make it optional for those that don't want the tracking reality. Don't forget, their "invites" are not just a fun party and name reservation, but tracking too. Interesting API/model, it may even be a step in the game such that you might consider inflicting on your friends, or even paying for yourself (because free isn't free so you will pay somehow), nothing wrong with that. But just saying its neat looks good and whatever other two-bit reviews were made is not doing the public much service. Cypherpunks should in fact review and endorse "step in the game" commercial services as they come along, if they're worthy. (All the upstart browser based on the fly crypto central email services not being one of them, that's what Thunderbird and Enigmail are for.) Just know that in this field, a good review needs to call out the marketing BS and be seriously candid about what exactly the stepwise advances in the game are, what they defeat, how any caveats make them moot in particular or on the whole compared to more mature solutions, and where if anything can be improved. This isn't email, texting, facebook, using the phone or giving a speech in public. Privacy and crypto assertions and statements to uses for such purposes made by products to a new and clueless user base are serious business and have highly different needs requiring careful analysis (even if the bottom line summary attached to it is "looks good"). And as cypherpunks, why not also swipe parts of its model, replace the backend with some sort of distributed anonymous p2p storage grid where you get what you donate over it. Similarly, with a $10 shell account and the server side you could have an analog to the group messaging and storage of peerio. Further what about RetroShare and other similar things that already exist. It's clear that with many new products appearing, there needs to be the emergence of reviews by reviewers that are steeped in the same space. Consider what could be done similar to this: https://www.prism-break.org/ with review centric nature of these (before they went pop) https://www.anandtech.com/ mashed with more detailed facts and tables and openness like this https://en.wikipedia.org/wiki/Anonymous_P2P https://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software https://en.wikipedia.org/wiki/Comparison_of_file_sharing_applications https://en.wikipedia.org/wiki/Comparison_of_webmail_providers From shelley at misanthropia.info Thu Jan 15 17:40:37 2015 From: shelley at misanthropia.info (shelley at misanthropia.info) Date: Thu, 15 Jan 2015 17:40:37 -0800 Subject: Does Cypherpunk need a Church? In-Reply-To: <20150116000502.GG14804@nl.grid.coop> References: <20150114124155.GA18002@sivokote.iziade.m$> <54B6F026.5090002@virtadpt.net> <20150116000502.GG14804@nl.grid.coop> Message-ID: <1421372437.1959955.214567793.03FDBCDF@webmail.messagingengine.com> On Thu, Jan 15, 2015, at 04:05 PM, Troy Benjegerdes wrote: > Or cats. > > Ceiling Cat > Basement Cat > Catoshi, the patron of low-market altcoins Catoshi! Good one. Of course, our sabbath would be Caturday, at the altar of LongCat. From rysiek at hackerspace.pl Thu Jan 15 08:44:19 2015 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 15 Jan 2015 17:44:19 +0100 Subject: peerio.com In-Reply-To: <54B7A276.9010705@cathalgarvey.me> References: <54B67B98.6050608@cathalgarvey.me> <1510607.vrVj6zLLcz@lapuntu> <54B7A276.9010705@cathalgarvey.me> Message-ID: <1863566.54vnLKHria@lapuntu> Dnia czwartek, 15 stycznia 2015 11:20:22 Cathal Garvey pisze: > If the server code were open, how would you know the server was actually > running that code anyway? Not much. But it would allow others to run the server code and offer similar service, at the very least. > Having the protocol documented so thoroughly makes the task of writing an > alternative server trivial if time-consuming. I'd obviously prefer the > server were AGPL, and I hope someone will write an AGPL'd server and > federation. Of course. The "time-consuming" part is what bothers me. I *could* throw in an hour or two to set-up a peerio server had the code been available; I have absolutely *no way in hell* of throwing in days or weeks of work to implement their protocol. > For now though, the client is open source, the crypto doesn't suck, the > UX is excellent, and the threat model is pretty transparent. I'm *never* > going to inflict PGP on friends, but I'll happily inflict this on them. So far, as far as I can see, you're not even inflicting PGP on us here, let alone your friends. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From hozer at hozed.org Thu Jan 15 16:05:02 2015 From: hozer at hozed.org (Troy Benjegerdes) Date: Thu, 15 Jan 2015 18:05:02 -0600 Subject: Does Cypherpunk need a Church? In-Reply-To: <54B6F026.5090002@virtadpt.net> References: <20150114124155.GA18002@sivokote.iziade.m$> <54B6F026.5090002@virtadpt.net> Message-ID: <20150116000502.GG14804@nl.grid.coop> On Wed, Jan 14, 2015 at 02:39:34PM -0800, The Doctor wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > On 01/14/2015 04:41 AM, Georgi Guninski wrote: > > > An admin I trolled about religion countertrolled he believes in the > > "god of servers". > > The rantmedia.ca folks used to talk semi-seriously about SERVER, and > whether or not it had the Buddha nature. > > - -- > The Doctor [412/724/301/703/415] [ZS] > Developer, Project Byzantium: http://project-byzantium.org/ > > PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 > WWW: https://drwho.virtadpt.net/ > > "So light your candles, and may SERVER protect us all." --Sean Kennedy VI Or cats. Ceiling Cat Basement Cat Catoshi, the patron of low-market altcoins From cathalgarvey at cathalgarvey.me Thu Jan 15 11:45:59 2015 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Thu, 15 Jan 2015 19:45:59 +0000 Subject: peerio.com In-Reply-To: <1863566.54vnLKHria@lapuntu> References: <54B67B98.6050608@cathalgarvey.me> <1510607.vrVj6zLLcz@lapuntu> <54B7A276.9010705@cathalgarvey.me> <1863566.54vnLKHria@lapuntu> Message-ID: <54B818F7.9070307@cathalgarvey.me> > So far, as far as I can see, you're not even inflicting PGP on us > here, let alone your friends. I did for a while, but then I moved hardware and didn't see any reason to set up PGP again. At best, it was a signal to people that I cared about security/privacy, at worst it was making everything I posted non-repudiable for no useful reason. The fact that miniLock is authenticated but repudiable makes it a better bet for PGP-usecase purposes *anyway*, and my minilock ID is in my signature (again, had lapsed by accident) for people who want to use miniLock outside of peerio. But, miniLock isn't (opportunistic pun) "turn-key", it requires launching, authenticating, dropping a file to encrypt, typing in a miniLock ID to encrypt to (encrypting to yourself probably makes it non-repudiable if someone acquires your private key, beware!), downloading the encrypted file, and then transmitting the encrypted file out-of-band. Now, implementing Peerio server is something I endorse. If I weren't too busy, I'd investigate doing it myself, it looks like fun. If anyone does feel like it, they have miniLock for JS-based servers, and deadLock for Python-based servers (needs some work/bugfixes). On 15/01/15 16:44, rysiek wrote: > Dnia czwartek, 15 stycznia 2015 11:20:22 Cathal Garvey pisze: >> If the server code were open, how would you know the server was actually >> running that code anyway? > > Not much. But it would allow others to run the server code and offer similar > service, at the very least. > >> Having the protocol documented so thoroughly makes the task of writing an >> alternative server trivial if time-consuming. I'd obviously prefer the >> server were AGPL, and I hope someone will write an AGPL'd server and >> federation. > > Of course. The "time-consuming" part is what bothers me. I *could* throw in an > hour or two to set-up a peerio server had the code been available; I have > absolutely *no way in hell* of throwing in days or weeks of work to implement > their protocol. > >> For now though, the client is open source, the crypto doesn't suck, the >> UX is excellent, and the threat model is pretty transparent. I'm *never* >> going to inflict PGP on friends, but I'll happily inflict this on them. > > So far, as far as I can see, you're not even inflicting PGP on us here, let > alone your friends. > -- Twitter: @onetruecathal Phone: +353876363185 miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM peerio.com: Use email or phone. Uses above miniLock key. From tbiehn at gmail.com Thu Jan 15 17:02:21 2015 From: tbiehn at gmail.com (Travis Biehn) Date: Thu, 15 Jan 2015 20:02:21 -0500 Subject: Comsec Dream In-Reply-To: <20150115230456.GE14804@nl.grid.coop> References: <20150115172033.557B82280ED@palinka.tinho.net> <20150115230456.GE14804@nl.grid.coop> Message-ID: The distinction is crypto is applied. The axioms and rules don't require belief or faith - applied crypto has shown time and time again to require belief and faith. Crypto is opaque - but open. DES was once thought to be secure. RSA was once thought to be secure. PKI was once thought to be secure. -Travis On Thu, Jan 15, 2015 at 6:04 PM, Troy Benjegerdes wrote: > On Thu, Jan 15, 2015 at 12:20:33PM -0500, dan at geer.org wrote: > > John Young writes: > > | Comsec dream: secure means uniquely controllable by each person. > > | Free of faith, scripture, authorities, investors, apologists, > exploiters. > > > > > > Civilization is the progress toward a society of privacy. The > > savage's whole existence is public, ruled by the laws of his tribe. > > Civilization is the process of setting man free from men. > > -- Ayn Rand, The Fountainhead (1943) > > From each according to his ability, to each according to his need > > Does this not describe the copyleft and copyfree software? Or maybe > it describes a world where farmers figure out they can make more > money by giving away all the food the world needs, and knowing > when to sell the rest for profit? > > But I have a hard time believing that mathematics is anything other > than a testable shared belief, in which we all share faith. > -- Twitter | LinkedIn | GitHub | TravisBiehn.com | Google Plus -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2371 bytes Desc: not available URL: From odinn.cyberguerrilla at riseup.net Fri Jan 16 01:11:05 2015 From: odinn.cyberguerrilla at riseup.net (odinn) Date: Fri, 16 Jan 2015 09:11:05 +0000 Subject: peerio.com In-Reply-To: <54B818F7.9070307@cathalgarvey.me> References: <54B67B98.6050608@cathalgarvey.me> <1510607.vrVj6zLLcz@lapuntu> <54B7A276.9010705@cathalgarvey.me> <1863566.54vnLKHria@lapuntu> <54B818F7.9070307@cathalgarvey.me> Message-ID: <54B8D5A9.2090206@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On this whole point of Gnupg (gpg) and some of the issues with using it (and transitions etc), may I (well, I just will) recommend this, from sources I've compiled in a way that people seem to like and have found helpful: Crazy Strong: @gnupg "learn or die" in 2015 #31c3 All systems https://securityinabox.org/thunderbird_main See also http://futureboy.us/pgp.html#GettingStarted http://www.g-loaded.eu/2010/11/01/change-expiration-date-gpg-key/ on twitter as: https://twitter.com/AnonyOdinn/status/550826144014934016 which has caused Gnupg / thunderbird / etc. awareness to reach 14,685 accounts that might otherwise not have seen it. based on an analysis from http://tweetreach.com/reports/12801475 Learn or die folks. but you may ask, what about the transitions? new machine? older key issues? proper use? getting stronger new key? etc. valid questions! which is what I am asking myself right now (since I have some old key issues that I am trying to work through and I didn't have good answers). fortunately, rysiek came to the rescue in a very timely way, and gave me permission to republish (rysiek's) statement which appears below: rysiek explains: GPG Key Transition: http://rys.io/en/147 Zmieniam klucz GPG: http://rys.io/pl/147 twitter: https://twitter.com/AnonyOdinn/status/552630836747456512 The instructions are very clear and helpful. (Thank you rysiek!) I'll be developing my own transition statement at some point soon using rysiek's page as a guide. Not sure of when, but rysiek's page will be my guide. Cathal Garvey: >> So far, as far as I can see, you're not even inflicting PGP on >> us here, let alone your friends. > > I did for a while, but then I moved hardware and didn't see any > reason to set up PGP again. At best, it was a signal to people that > I cared about security/privacy, at worst it was making everything I > posted non-repudiable for no useful reason. > > The fact that miniLock is authenticated but repudiable makes it a > better bet for PGP-usecase purposes *anyway*, and my minilock ID is > in my signature (again, had lapsed by accident) for people who want > to use miniLock outside of peerio. > > But, miniLock isn't (opportunistic pun) "turn-key", it requires > launching, authenticating, dropping a file to encrypt, typing in a > miniLock ID to encrypt to (encrypting to yourself probably makes > it non-repudiable if someone acquires your private key, beware!), > downloading the encrypted file, and then transmitting the encrypted > file out-of-band. > > Now, implementing Peerio server is something I endorse. If I > weren't too busy, I'd investigate doing it myself, it looks like > fun. If anyone does feel like it, they have miniLock for JS-based > servers, and deadLock for Python-based servers (needs some > work/bugfixes). > > On 15/01/15 16:44, rysiek wrote: >> Dnia czwartek, 15 stycznia 2015 11:20:22 Cathal Garvey pisze: >>> If the server code were open, how would you know the server was >>> actually running that code anyway? >> >> Not much. But it would allow others to run the server code and >> offer similar service, at the very least. >> >>> Having the protocol documented so thoroughly makes the task of >>> writing an alternative server trivial if time-consuming. I'd >>> obviously prefer the server were AGPL, and I hope someone will >>> write an AGPL'd server and federation. >> >> Of course. The "time-consuming" part is what bothers me. I >> *could* throw in an hour or two to set-up a peerio server had the >> code been available; I have absolutely *no way in hell* of >> throwing in days or weeks of work to implement their protocol. >> >>> For now though, the client is open source, the crypto doesn't >>> suck, the UX is excellent, and the threat model is pretty >>> transparent. I'm *never* going to inflict PGP on friends, but >>> I'll happily inflict this on them. >> >> So far, as far as I can see, you're not even inflicting PGP on >> us here, let alone your friends. >> > - -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJUuNWoAAoJEGxwq/inSG8Cww8H/1EwN1FZ9ghrvsNlf+BcfoO4 EGVz2zuT7fkz6zNUahf6VPHIWeYJszspEv3e6a9Kn7m9Hbt6YPPBc22o/aeadaFi jQjgj7dSfx5eYJbhw+fNANh4VLgpgxhqTn6rmkj+VuFveebYoFkAivGok7hX8B7r nO4jgAy9xq4jyw6ovWSpCkBfC7YemmZeYQbFtuxlTBHe4/RBbwG0xNukYvxfWZbM SA0a7RQTFXWN3r0YhPSbKGlsToyhdYK+f6wCqbzQQUpCmG7mZ+mk/VatV3dYsM84 OzIjrLzSHYM+0Ds9SG2X+PVsSkPjYlTQ3qWbRFgVrc3ypTDOjfUx+yXVngUN24Q= =6gAV -----END PGP SIGNATURE----- From odinn.cyberguerrilla at riseup.net Fri Jan 16 01:48:02 2015 From: odinn.cyberguerrilla at riseup.net (odinn) Date: Fri, 16 Jan 2015 09:48:02 +0000 Subject: Gnupg (gpg) [was Re: Pond and Keybase [was peerio.com]] In-Reply-To: <54B7A37B.5010609@cathalgarvey.me> References: <54B67B98.6050608@cathalgarvey.me> <54B6B639.4030001@riseup.net> <54B6C45D.1020103@cathalgarvey.me> <54B6C856.1040905@aestetix.com> <54B6CB0D.1050706@cathalgarvey.me> <54B6E500.30400@riseup.net> <54B6E908.9010509@cathalgarvey.me> <54B6FE75.3090902@riseup.net> <54B7A37B.5010609@cathalgarvey.me> Message-ID: <54B8DE52.4080901@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 tl'dr Look... Cathal, I do like what you've done in the tiny realm of code ~ short, simple, and to the point, some examples being: Deadlock ~ dead simple encryption https://pypi.python.org/pypi/deadlock P2P, serverless microstatus system in 30 lines of pure python https://github.com/cathalgarvey/tinystatus (slooooowwwwww claaaaaaaappssssss) So with that out of the way, I have to say, though, your criticism which has appeared on my TL before of PGP is in my view, unwarranted, because, GnuPGP just aren't getting the funding need(ed) to get what should be done, done. It's been done essentially by one person. And frankly they could use a bit of help in getting out the word. Here's a thoughtful post from bytemark on this subject: (Please read it) https://blog.bytemark.co.uk/2014/12/31/gnupg-funding-drive (from Dec. 31, 2014) Then go on to read this thing: https://gnupg.org/donate/index.html As you see they accept all kinds of payment vehicles (and also bitcoin is one of them) And now here's the kicker: This two-person team which they are trying to get funded, IS NOT FUNDED! Take a look here: https://gnupg.org/index.html Again: NOT. FUNDED. And yes, interfaces like Keybase.io _are_ the future (I've been playing around with it and currently have it in my signature, though I use a different key block (not keybase) for people to use for to import in association with my e-mail), because they make it easier for a larger number of people to access keys either through something like keybase service where they host keys, or through a CLI where you hold all that closely. Merkle tree, blockchain, etc. But this begins in my view with a strong froundation, which we have from the work which was done from Gnupg. (In fact, Keybase.io, and any business like it in the future, relies on Gnupg.) If I was rolling in dough ($$) right now I would dump a giant fat amount of 86,000 € that they are missing so that they would be able to get going on the Gnupg second developer's work right away. So... enough of the rambling on, can someone who knows someone who has benefited from this economic ups and downs, please forward this e-mail on to them and ask them if they'd be willing to contribute to https://gnupg.org/donate/index.html I have absolutely zero financial interest in seeing this happen but I know it would help make a better world. - -O Cathal Garvey: >> How about Pond as email replacement? > > I've looked at Pond long enough to see that it calls upon Tor for > most of the anonymity heavy-lifting, and that it is clearly > targeted at technical users. Most of the people in my life who I > speak privately to are not technical. I don't think trivial UX is > near in Pond's development roadmap. > >> I'm curious what you (and others here) think about Keybase, which >> also seems heavily targeted at normal users. There was some >> discussion here in mid 2014, but Keybase has been tweaked a lot >> since then. I'm quite impressed with its usability, but I don't >> have the expertise to properly evaluate its security. I am >> uncomfortable with the option of uploading private GnuPG keys, >> and counting on symmetric encryption for securing them. Better I >> think would be helping users understand how to properly migrate >> keys between devices, or perhaps to use smartcards. > > Keybase could have been a great way to encourage PGP uptake among > normal people years ago when things were accepted to be difficult > universally, but PGP's days are behind us. PGP makes a good way to > sign code but remains a terrible way to communicate securely, > because although it's "uncrackable" when used correctly, it's very > easy to accidentally screw up using PGP on either end of the > conversation. Also, the lack of PFS ignores parts of the modern > threat model that were speculative when PGP was created. > > Suffice to say that, even ignoring the issues with Keybase > encouraging key escrow by "allowing" or encouraging key upload > (!!!), I don't think it helps. Perhaps as a basis on which to build > a web-of-trust that can be transposed into newer cryptosystems, but > the key escrow part makes falsification of trust a real > possibility. > > Anyway, maybe that's just me. > - -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJUuN5SAAoJEGxwq/inSG8CdKAH/2/gttWAuEztLTgK5OnrGwQR Qe0kBfxRr8rlG64jtVvRp9nJODiCOMZdQczbN1Vs4GvKmTEAfULLj/m3PbRMkfSB lJw6sXZtF2XjjstqWgvrFpi49htRtlxT+xa9kMc26jxatR9ux62mcdQLyKPx78NW sjv/Hhd1xGLGsWm0o2so3f+9SX6cfBJS50OvgxEHyZqX/S/4AK6F+td1lurt0H+K haTAR3VssPVmz2g+jXcakLUoD1EdCW1t57ODFul+93y2QyOBUReLbAvkdLXyY8fl BNu+fQnSIKrUMQScu87XKqews1VBt3BqeEmYmGdacQt1f545RrJTNyzd9tJL/+Q= =ntrD -----END PGP SIGNATURE----- From rysiek at hackerspace.pl Fri Jan 16 01:04:12 2015 From: rysiek at hackerspace.pl (rysiek) Date: Fri, 16 Jan 2015 10:04:12 +0100 Subject: Does Cypherpunk need a Church? In-Reply-To: <1421372437.1959955.214567793.03FDBCDF@webmail.messagingengine.com> References: <20150116000502.GG14804@nl.grid.coop> <1421372437.1959955.214567793.03FDBCDF@webmail.messagingengine.com> Message-ID: <43090368.ccXnftFsfm@lapuntu> Dnia czwartek, 15 stycznia 2015 17:40:37 shelley at misanthropia.info pisze: > On Thu, Jan 15, 2015, at 04:05 PM, Troy Benjegerdes wrote: > > Or cats. > > > > Ceiling Cat > > Basement Cat > > Catoshi, the patron of low-market altcoins > > Catoshi! Good one. Of course, our sabbath would be Caturday, at the > altar of LongCat. And for the moral relativists among us that would be Unsigned LongCat. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From list at sysfu.com Fri Jan 16 10:11:48 2015 From: list at sysfu.com (Seth) Date: Fri, 16 Jan 2015 10:11:48 -0800 Subject: Gnupg (gpg) [was Re: Pond and Keybase [was peerio.com]] In-Reply-To: <54B8DE52.4080901@riseup.net> References: <54B67B98.6050608@cathalgarvey.me> <54B6B639.4030001@riseup.net> <54B6C45D.1020103@cathalgarvey.me> <54B6C856.1040905@aestetix.com> <54B6CB0D.1050706@cathalgarvey.me> <54B6E500.30400@riseup.net> <54B6E908.9010509@cathalgarvey.me> <54B6FE75.3090902@riseup.net> <54B7A37B.5010609@cathalgarvey.me> <54B8DE52.4080901@riseup.net> Message-ID: On Fri, 16 Jan 2015 01:48:02 -0800, odinn wrote: > And now here's the kicker: This two-person team which they are trying > to get funded, IS NOT FUNDED! > > Take a look here: > > https://gnupg.org/index.html > > Again: > > NOT. FUNDED. This line of argument seems to imply that throwing money at GnuPG will somehow fix its well-known usability issues. http://secushare.org/PGP From cypher at cpunk.us Fri Jan 16 10:02:33 2015 From: cypher at cpunk.us (Cypher) Date: Fri, 16 Jan 2015 12:02:33 -0600 Subject: Replacing email with XMPP...why not? In-Reply-To: <20150116175722.GB7630@ctrlc.hu> References: <54B94B0E.2090306@cpunk.us> <20150116175722.GB7630@ctrlc.hu> Message-ID: <54B95239.9030304@cpunk.us> On 01/16/2015 11:57 AM, stef wrote: > On Fri, Jan 16, 2015 at 11:31:58AM -0600, Cypher wrote: >> Thoughts? > > you want to avoid xml based "solutions". langsec should be > considered from the beginning. also i'm unsure of the > store-and-forward-properties of xmpp. Agreed. From running an XMPP server, XMPP does (or can) have store and forward capabilities but that is something that would need to be addressed. For maximum security, there needs to be a way for the messages to be encrypted to a key controlled by only the recipient while it's sitting on the server. I suppose using PKI could accomplish that. Cypher From drwho at virtadpt.net Fri Jan 16 14:25:18 2015 From: drwho at virtadpt.net (The Doctor) Date: Fri, 16 Jan 2015 14:25:18 -0800 Subject: Does Cypherpunk need a Church? In-Reply-To: <1421372437.1959955.214567793.03FDBCDF@webmail.messagingengine.com> References: <20150114124155.GA18002@sivokote.iziade.m$> <54B6F026.5090002@virtadpt.net> <20150116000502.GG14804@nl.grid.coop> <1421372437.1959955.214567793.03FDBCDF@webmail.messagingengine.com> Message-ID: <54B98FCE.8020503@virtadpt.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 01/15/2015 05:40 PM, shelley at misanthropia.info wrote: > Catoshi! Good one. Of course, our sabbath would be Caturday, at > the altar of LongCat. The altars of Longcat are all rooms devoid of ladders, for Longcat is Long, and capable of stretching to reach all the high things. Though not necessarily the tops of the curtains, those require climbing (which is much more entertaining). - -- The Doctor [412/724/301/703/415] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ YOUR ROBOTIC SEEKER HAS ENTERED A ROOM THAT IS FILLED WITH A DEADLY NARCOTIC GAS -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJUuY/JAAoJED1np1pUQ8Rk/yQP/2ONi/Typeq2VBZRH33InBHm PQ1EX8GyfjRE6mXvGSEUJP0laBAM5oJQPdHRXMUmUHt1zSz4vryC3DsKRwZQA8Jh 9+ytLMhocl+An+QOYw2xvbU1IQAdNgyBnx8guA5kkmcE31Wu9RoXDa9E3opYNV6y g/suR2mdqgMtQNwr0eeI6sR8j6shZ0auwVOyI/lj2qehwFcxuqrn90eHxBjpeKRb FbtQCk6foiRwGSkTQoVnPNDvbW/+6uAc0IAZa39Zy7Dkgq9nyfWa6tPKyCaQqEqM 7e1iwJw68zFkngBwT9N7V476Y/cgL3JkTlm1QFSnWrbp1Qf/mNhqhWie6oEz3CTh kQl7B0mSfH2W9fFhjmNJZA2GgaddLsb3cGj0cArIhod1S9KTMi9bhMOORWHgO6hx RXyc63zIrqRiaeqHCmqr8HxL+AxVWS1RcNe/N2LEfNSssQbIAIMKqfHQfOKgUZJP ddo1SWypvWbj6NIZtMyU3/0hdu1BF5lckXM3CKH3ItBfWs2NLAHuKOy9+ygGFe1U myMlcaDUAfHRGg1xnUXTLG+iJDqJAKNWRFmSBZvR09KThwaNBAh6GZ0rNWVL7ZTW 4Hz50+CL545fxq28ub82a3406Ibv/qUQVKIkfFONYl4oz1LwXXZGJce7yq4mizrz uS1PyXx9yp7aPW17Smt6 =HEeT -----END PGP SIGNATURE----- From drwho at virtadpt.net Fri Jan 16 14:25:46 2015 From: drwho at virtadpt.net (The Doctor) Date: Fri, 16 Jan 2015 14:25:46 -0800 Subject: Does Cypherpunk need a Church? In-Reply-To: <43090368.ccXnftFsfm@lapuntu> References: <20150116000502.GG14804@nl.grid.coop> <1421372437.1959955.214567793.03FDBCDF@webmail.messagingengine.com> <43090368.ccXnftFsfm@lapuntu> Message-ID: <54B98FEA.7090204@virtadpt.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 01/16/2015 01:04 AM, rysiek wrote: > And for the moral relativists among us that would be Unsigned > LongCat. Well played, sapient. Well played. - -- The Doctor [412/724/301/703/415] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ YOUR ROBOTIC SEEKER HAS ENTERED A ROOM THAT IS FILLED WITH A DEADLY NARCOTIC GAS -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJUuY/qAAoJED1np1pUQ8RkPkkP/jNClsWct7Kpzaef8edSkYVU Iiz/IZlhUZMpiTzV+PPR4Pza3rnX7N8Kt0YIgL55V7muC8I73WHTySNPOAynbgwp zrcJlp3c1F1R4J1sb1BdD1Zz5RmXO+5isFpDwoieY3GbKY6xQ6X5nnBkEmLIoCbr d6UGUgkGPEBtl0XobMIZ8TNuO7INSB2qqtsI2dz+zdCAWbGoMkj2XK2VNm8Vbdwr 4XJXsccBV4Hut/YjgB6eX3tjwqVZw9j04zEfcWMyNBjaoy4xO4BBnGmN6+cPFVLJ TS1cJX7rvnFasCMb8jIB/SAvwqkuErRxNUzw3R1XxMIINbdxcXb+4OTPm5SNEfWf CgHbUCIYfb0hSZEmesiqP+UH1vcyqd8d8LpaqxdB23HfvW661FUaMAKR59wI3RIf HbEFxVmwYEF4hv9TWXhP8jp7wkTIH4kPgvbsCAQISPte9NhlNr1onG5VQdID6gFY CQMUYerEpo6bWZbacA4LOj2iiDpNiqrb+3N0My41VOXYfbnegJvj/b3r6RSE1bYS l4HzHoGTBzJkKy0rPT1B1gFGL5fWyYdEbx+4OOykohkzdfB2RNVGDA9IjA2NRawx vM0L0eeFb8EmjT9d1w30RzY1NFt/tFR99I8Mj6XOgySz9fua7JzbgDWLr49l6CAg RC7sJ2YjYz+kqinrmHbx =MVn3 -----END PGP SIGNATURE----- From loki at obscura.com Fri Jan 16 15:50:09 2015 From: loki at obscura.com (Lance Cottrell) Date: Fri, 16 Jan 2015 15:50:09 -0800 Subject: Replacing email with XMPP...why not? In-Reply-To: <20150116221346.A4967EA9FE@snorky.mixmin.net> References: <54B94B0E.2090306@cpunk.us> <20150116221346.A4967EA9FE@snorky.mixmin.net> Message-ID: <4B723E1C-96A7-4519-A8AF-5F27B71707C2@obscura.com> Anonymity is much easier and much stronger in a uni-directional store and forward environment. Real time is a killer and creates all kinds of attack paths. -Lance -- Lance Cottrell loki at obscura.com > On Jan 16, 2015, at 2:13 PM, StealthMonger wrote: > > Cypher writes: > >> I've been reading a lot about the need to replace email and I'm not >> quite sure why we're not moving to an XMPP based model. > > Because it's /connection based/ and therefore low latency, so cannot be > used by an untraceable pseudonym (endpoint IP packet correlation). > > Contrast with email, where the security is /message based/ and can use > anonymizing remailers having deliberately long, random latency. > > > -- > > > -- StealthMonger > Long, random latency is part of the price of Internet anonymity. > > > Key: mailto:stealthsuite[..]nym.mixmin.net?subject=send%20stealthmonger-key > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2993 bytes Desc: not available URL: From mirimir at riseup.net Fri Jan 16 17:02:40 2015 From: mirimir at riseup.net (Mirimir) Date: Fri, 16 Jan 2015 18:02:40 -0700 Subject: Gnupg (gpg) [was Re: Pond and Keybase [was peerio.com]] In-Reply-To: References: <54B67B98.6050608@cathalgarvey.me> <54B6B639.4030001@riseup.net> <54B6C45D.1020103@cathalgarvey.me> <54B6C856.1040905@aestetix.com> <54B6CB0D.1050706@cathalgarvey.me> <54B6E500.30400@riseup.net> <54B6E908.9010509@cathalgarvey.me> <54B6FE75.3090902@riseup.net> <54B7A37B.5010609@cathalgarvey.me> <54B8DE52.4080901@riseup.net> Message-ID: <54B9B4B0.3070101@riseup.net> On 01/16/2015 11:11 AM, Seth wrote: > On Fri, 16 Jan 2015 01:48:02 -0800, odinn > wrote: >> And now here's the kicker: This two-person team which they are trying >> to get funded, IS NOT FUNDED! >> >> Take a look here: >> >> https://gnupg.org/index.html >> >> Again: >> >> NOT. FUNDED. > > This line of argument seems to imply that throwing money at GnuPG will > somehow fix its well-known usability issues. http://secushare.org/PGP OK, I'll bite :) | 1. Downgrade Attack: The risk of using it wrong. ... | The mere existence of an e-mail address in the process is a problem. ... | 2. The OpenPGP Format: You might as well run around the city naked. ... | 3. Transaction Data: Mallory knows who you are talking to. Well, correspondents ought to: 1) always use pseudonyms if they care about attribution; 2) avoid meaningful subject lines; and 3) use VPNs, JonDonym and Tor to obscure network connectivity. Given that, why care that adversaries see OpenPGP? | 4. No Forward Secrecy: It makes sense to collect it all. So what? Just secure your shit properly! | 5. Cryptogeddon: Time to upgrade cryptography itself? Smart folk who care about attribution never put anything online that links their pseudonyms to their real names. Just sayin'. And they rotate their pseudonyms periodically. So stored messages go stale within a year or two, tops. | 6. Federation: Get off the inter-server super-highway. That's prudent for stuff that matters. But OpenPGP is still good within the transport layers. | 7. Discovery: A Web of Trust you can't trust. I've never used WoT, and tend to agree. WoT is especially impractical because I don't at all mix meatspace and online activity. I am starting to like Keybase, however. I don't worry very much about sharing publicly who my conversation partners are. I always use pseudonyms, and so do many of my conversation partners. Sometimes we all use multiple pseudonyms, just for fun :) | 8. PGP conflates non-repudiation and authentication. Again, use those pseudonyms! | 9. Statistical Analysis: Guessing on the size of messages. Having my pseudonyms profiled doesn't worry me greatly. | 10. Workflow: Group messaging with PGP is impractical. Why bother? Just set up a Tor hidden-service forum, or whatever. | 11. Complexity: Storing a draft in clear text on the server I use both IMAP and POP, and I've never seen plaintext drafts stored on the server. I believe that Enigmail's "convenient encryption settings" (in particular "auto send encrypted") prevent this, as long as you have the public key of the person whom you're drafting a message to. It's also prudent to switch to manual mode, and to set "confirm before sending" to "Always". | 12. Overhead: DNS and X.509 require so much work. Who's enslaved? One uses whatever tools are appropriate. | 13. Targeted attacks against PGP key ids are possible This is an advantage of Keybase. Then we're not depending on the KeyID, or even on the fingerprint, but rather on an identity that's multiply and independently authenticated. | 14. TL;DR: I don't care. I've got nothing to hide. I hide in many ways, and don't depend on message encryption ;) My "preferences, habits and political views" are fragmented among multiple unlinked personas. How to do that is one of my key soapbox topics ;) | 15. The Bootstrap Fallacy: But my friends already have e-mail! Again, it's a tool. But of course it's not the only tool. From s at ctrlc.hu Fri Jan 16 09:57:22 2015 From: s at ctrlc.hu (stef) Date: Fri, 16 Jan 2015 18:57:22 +0100 Subject: Replacing email with XMPP...why not? In-Reply-To: <54B94B0E.2090306@cpunk.us> References: <54B94B0E.2090306@cpunk.us> Message-ID: <20150116175722.GB7630@ctrlc.hu> On Fri, Jan 16, 2015 at 11:31:58AM -0600, Cypher wrote: > Thoughts? you want to avoid xml based "solutions". langsec should be considered from the beginning. also i'm unsure of the store-and-forward-properties of xmpp. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt From StealthMonger at nym.mixmin.net Fri Jan 16 14:13:46 2015 From: StealthMonger at nym.mixmin.net (StealthMonger) Date: Fri, 16 Jan 2015 22:13:46 +0000 (GMT) Subject: Replacing email with XMPP...why not? In-Reply-To: <54B94B0E.2090306@cpunk.us> (cypher@cpunk.us's message of "Fri, 16 Jan 2015 11:31:58 -0600") References: <54B94B0E.2090306@cpunk.us> Message-ID: <20150116221346.A4967EA9FE@snorky.mixmin.net> Cypher writes: > I've been reading a lot about the need to replace email and I'm not > quite sure why we're not moving to an XMPP based model. Because it's /connection based/ and therefore low latency, so cannot be used by an untraceable pseudonym (endpoint IP packet correlation). Contrast with email, where the security is /message based/ and can use anonymizing remailers having deliberately long, random latency. -- -- StealthMonger Long, random latency is part of the price of Internet anonymity. Key: mailto:stealthsuite[..]nym.mixmin.net?subject=send%20stealthmonger-key -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From rysiek at hackerspace.pl Fri Jan 16 14:16:17 2015 From: rysiek at hackerspace.pl (rysiek) Date: Fri, 16 Jan 2015 23:16:17 +0100 Subject: peerio.com In-Reply-To: <54B8D5A9.2090206@riseup.net> References: <54B67B98.6050608@cathalgarvey.me> <54B818F7.9070307@cathalgarvey.me> <54B8D5A9.2090206@riseup.net> Message-ID: <1787840.WkblaVRWtp@lapuntu> Dnia piątek, 16 stycznia 2015 09:11:05 odinn pisze: > (...) > but you may ask, what about the transitions? new machine? older key > issues? proper use? getting stronger new key? etc. > > valid questions! which is what I am asking myself right now (since I > have some old key issues that I am trying to work through and I didn't > have good answers). > > fortunately, rysiek came to the rescue in a very timely way, and gave > me permission to republish (rysiek's) statement which appears below: > rysiek explains: > GPG Key Transition: http://rys.io/en/147 > Zmieniam klucz GPG: http://rys.io/pl/147 Now hold on a minute, while I appreciate the spotlight, the instructions are not really mine, I stole them from Teh Intertubes (well, linked them, rather). If somebody finds it useful, great, but I am not the person to credit. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 P.S. This footer is now awkward. Damn. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Fri Jan 16 14:19:27 2015 From: rysiek at hackerspace.pl (rysiek) Date: Fri, 16 Jan 2015 23:19:27 +0100 Subject: Gnupg (gpg) [was Re: Pond and Keybase [was peerio.com]] In-Reply-To: References: <54B67B98.6050608@cathalgarvey.me> <54B8DE52.4080901@riseup.net> Message-ID: <2207880.jHoTrlyqB6@lapuntu> Dnia piątek, 16 stycznia 2015 10:11:48 Seth pisze: > On Fri, 16 Jan 2015 01:48:02 -0800, odinn > > wrote: > > And now here's the kicker: This two-person team which they are trying > > to get funded, IS NOT FUNDED! > > > > Take a look here: > > > > https://gnupg.org/index.html > > > > Again: > > > > NOT. FUNDED. > > This line of argument seems to imply that throwing money at GnuPG will > somehow fix its well-known usability issues. http://secushare.org/PGP Some of those issues are not easily fixable (or at all, because of how e-mail works); but some of them are fixable, if only the right incentives show up. Maybe we could find a way to fund GnuPG/Enigmail/MailPile in a way that would incentivise good UI/UX? I don't know... we seem to have a _crowd_ here, maybe we could find a way _fund_ such an endaevour? -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From ryacko at gmail.com Sat Jan 17 05:26:50 2015 From: ryacko at gmail.com (Ryan Carboni) Date: Sat, 17 Jan 2015 05:26:50 -0800 Subject: on money /2 (resend) Message-ID: so.... Bitcoin gift cards? Blah, all criminals know that gift cards and loadable debit cards are all the rage for laundering. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 187 bytes Desc: not available URL: From grarpamp at gmail.com Sat Jan 17 02:44:18 2015 From: grarpamp at gmail.com (grarpamp) Date: Sat, 17 Jan 2015 05:44:18 -0500 Subject: Fwd: [secu-share] A GNU Internet, the missing videos In-Reply-To: <20150117001600.GA28477@lo.psyced.org> References: <20150117001600.GA28477@lo.psyced.org> Message-ID: ---------- Forwarded message ---------- From: carlo von lynX Date: Fri, Jan 16, 2015 at 7:16 PM Subject: [secu-share] A GNU Internet, the missing videos To: secu-share at lists.tgbit.net Since 31c3 has been very interesting in terms of politics and hacking, but not as much concerning technologies that are supposed to lead us out of the broken Internet, here are the missing videos from the #youbroketheinternet sessions, exploring the options for a GNU Internet built from scratch. Routing panel feat. I2P, cjdns, secushare and others: http://cdn.media.ccc.de/congress/2013/workshops/30c3-WS-en-YBTI_Routing-Panel_I2P_GNUnet_Tor_secushare.webm Sybil-attack resistant mesh routing using GNUnet: http://cdn.media.ccc.de/congress/2013/workshops/30c3-WS-en-YBTI_Mesh-Bart_Polot-GNUnet_Wireless_Mesh_DHT.webm cjdns, Hyperboria and Project Meshnet: http://cdn.media.ccc.de/congress/2013/workshops/30c3-WS-en-YBTI_Mesh-Caleb_J_Delisle-cjdns-Hyperboria.webm Mesh networking panel feat. Freifunk, cjdns and GNUnet: http://cdn.media.ccc.de/congress/2013/workshops/30c3-WS-en-YBTI_Mesh_Routing-Panel-cjdns_freifunk_GNUnet_net2o.webm NaCl, a Networking and Cryptography library: http://cdn.media.ccc.de/congress/2013/workshops/30c3-WS-en-YBTI_OS-Bernstein_Lange_Schwabe-NaCl_and_TweetNaCl.webm "We'll make ourselves a GNU one" - YBTI project presentation in German at Easterhegg 2014: http://cdn.media.ccc.de/events/eh2014/webm/eh14-5808-de-Well_make_ourselves_a_GNU_one_webm.webm in English at ThinkTwice 2014: https://www.youtube.com/watch?v=iGxjN-lfr_Y Enjoy, and keep your mind open for exciting new thinking. -- http://youbroketheinternet.org ircs://psyced.org/youbroketheinternet -- secu-share at lists.secushare.org https://lists.secushare.org/mailman/listinfo.cgi/secu-share From rysiek at hackerspace.pl Fri Jan 16 23:55:50 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sat, 17 Jan 2015 08:55:50 +0100 Subject: Replacing email with XMPP...why not? In-Reply-To: <54B94B0E.2090306@cpunk.us> References: <54B94B0E.2090306@cpunk.us> Message-ID: <18970754.4CNqRHk4zu@lapuntu> Dnia piątek, 16 stycznia 2015 11:31:58 Cypher pisze: > I've been reading a lot about the need to replace email and I'm not > quite sure why we're not moving to an XMPP based model. Because these are two completely different beasts, used for two completely different things. Also, if I were to replace e-mail with something, I'd go with something serverless. RetroShare is an interesting project, for instance. It needs some love, but the direction is right, AFAIK. Also, one does not simply replace e-mail... -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From electromagnetize at gmail.com Sat Jan 17 07:35:27 2015 From: electromagnetize at gmail.com (brian carroll) Date: Sat, 17 Jan 2015 09:35:27 -0600 Subject: on money /2 (resend) In-Reply-To: References: Message-ID: > Bitcoin gift cards? I don't know know enough to know, though what would actually be gained in comparison to an existing mainstream credit card (Visa, Am-Ex, Mastercard) and a Square or other device for point-to-point or horizontal transfers? Seemingly, not going through a central system to exchange money. And would the state itself implement such a system in terms of a US electronic currency model, or allow an alternative currency to exist within a context of taxation that could exist outside centralized banking as mediators. It seems the issues of routing and sustaining money inside/outside the banking system involves all the connected issues of financing, loans, predatory monetary practices that benefit some more than others, and thus the existing institutionalization of standardized or legitimate money then is effected by these forces, which if electronic currency could stay outside of then perhaps would function differently, autonomously in regards to these controlling if not exploitative forces, in certain parameters. What is gained by Bitcoin or other cryptocurrency if outside the banking system: supposedly privacy and autonomy, perhaps a security gain in certain factors and a loss of security (guarantees) in others. If Bitcoin were an electronic currency model enacted by the State, how would that differ from existing USD in electronic form, except to provide a monetary system operating outside the global banking infrastructure. This is why it appears to have more in common with existing welfare payment systems (EBT cards) than the existing credit/debit cards, because those can be parallel systems, both cash payments that allow access to money and also food support, where the money is only virtual or electronic (dollar sign) that can be used at a cash register in exchange for food, yet seemingly is like a stored value or exists in a private account in a state system of food support accounting. It is to bring up the issue of parameters or zones where cards may or may not function, and in different terms, such as prepaid, and how this may be a particular realm where alternative currencies could exist, or if implemented by government, could be operational yet outside the banking system altogether (via same principle, disconnected from money system, more like barter, in that what if Bitcoin was not tied to USD and instead food or services.) Others know lots about these things, though a larger framework may help consider the options or dynamics involved especially as there is not a default single approach for any of the issues though 'cryptocurrency' seems to imply a replacement for an existing monetary system or to become the standard e-currency, and if that is the premise, how would this relate to the US government using such a system, inside or outside the operational context of the Federal Reserve, or in various capacities, or globally. Or is it just against all this. (My guess is that Bitcoin is on the inside of these dynamics and is thoroughly embedded in all of these scenarios, part of a strategic planning and development experiment, and I would not underestimate the role of economists to be on the side of humanity in these issues, nor the government, nor many in banking and finance, despite the existing gaming of systems. Perhaps it all is leading towards resolving this electronic currency question in terms of equity, security, privacy, and grounding of information as a currency model.) From electromagnetize at gmail.com Sat Jan 17 08:13:00 2015 From: electromagnetize at gmail.com (brian carroll) Date: Sat, 17 Jan 2015 10:13:00 -0600 Subject: on money /2 (resend) EX. Message-ID: here is an example of how cryptocurrency could be approached in a different framework than simply the default 'replace global monetary standard' via new alternative electronic currency... which has a good/bad utopian aspect where realism ranges from the potential to the impossible, and if not differentiating these, could bring about its own destruction as a model if not streamlining and doing what it is best at or focusing on its innovative aspects versus trying to be everything to all people. In this way what if Bitcoin were applied in specific controlled contexts or closed ecosystems where its symbolic value as 'symbolic money' or rather -currency- (which could span data-to-money and vice versa) could function as or mediate electronic ~banknotes (sans bank, or state as bank minus the middlemen and middle-management layer) and function in parallel to the US dollar, outside the system instead of tied into it. Like an island ecosystem that is self-sustaining in its own terms and not directly connected to other existing systems beyond environmental influences, systemic ebbs & flows. Troy Benjegerdes wrote: > Does this not describe the copyleft and copyfree software? Or maybe > it describes a world where farmers figure out they can make more > money by giving away all the food the world needs, and knowing > when to sell the rest for profit? What if the food supply and issue of government subsidization of farming, where money is pad *not to distribute* food, to maintain market conditions, were instead brought into a parallel system that is detached from the US dollar as the mediating currency, and that if farmers can indeed provide all the food necessary, if this were a closed system or a chain of interactions that could be mediated (within certain parameters, perhaps not all) where there are barter or other contracts, say between those connected in a functional ecosystem or food system ecology, (from chemical & product manufacturing to grocers and food-based manufacturers) where an alternative currency like Bitcoin mediated these exchanges in terms of contracts, based on volume and quality per exchange, which could remove entire volatile sectors from the existing speculative monetary system and stabilize these relations, to have a beet farmer trade 100% of their output, and have grocery stores receive this fresh produce at a much lower cost (if not at cost, feasibly) and then resell produce this way, perhaps more like organic coop approaches of bags of vegetables for a fixed price or as a subscription approach to produce, where it would be cashed out or mediated as dollars -- or even better, if the USG has the same symbolic currency, it could be loaded onto EBT or citizen electronic cards and exchanged for every citizen at the grocery store (via Bitcoin/other) for what has already been paid for by the government once already, the citizens then gaining access to food, instead of paying multiple times (akin to multiple taxation, though multiple payments as per the standard realm of public-private overlap and repurchasing scenarios). What if grocers had certain early-chain or direct-link inventories (fresh produce infrastructure moving from farms to stores) and that this was outside the existing money system and yet everything would be okay, remain balanced otherwise, because it is a closed loop, and does not require cashing out within that dynamic. In that an island of interconnections, exchanges, could be mediated in non-monetary though currency terms, and make fair equitable trades. Such that perhaps farmers could trade between themselves this way, or for government services or support via this same system. And stabilize or regulate markets or livelihoods versus using middlemen corporations to do this, in terms of US currency which then is the maximal exploitation of this same chained system, to global biased markets and dynamics, moving money and power away from people into concentrated groups for maximal leverage that functions against people in the system, as a form of subjugation. In other words, what if bitcoin were Farmcoin, etc. Or foodcoin. And what kind of systems could function like this, and how would *value* be determined if it is actually based on information and data, and not relegated to definition in an ever-fluctuating condition of volatile /price/, which is chaos compared to a stable ordering of interactions and fair exchange. From mirimir at riseup.net Sat Jan 17 10:22:02 2015 From: mirimir at riseup.net (Mirimir) Date: Sat, 17 Jan 2015 11:22:02 -0700 Subject: Keybase In-Reply-To: <129233355.dY2XzABZFc@lapuntu> References: <129233355.dY2XzABZFc@lapuntu> Message-ID: <54BAA84A.1010002@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/17/2015 03:52 AM, rysiek wrote: > So, > > Mirmir wrote: >> | 13. Targeted attacks against PGP key ids are possible >> >> This is an advantage of Keybase. Then we're not depending on the KeyID, >> or even on the fingerprint, but rather on an identity that's multiply >> and independently authenticated. > > I keep hearing more and more about keybase, and I have a problem with it. It's > a centralised service, owned and controlled by a single entity; moreover, the > keys are tied to online identities controlled by corporate third parties > (Twitter, Facebook, et al). I don't see a Diaspora/The Federation support, for > instance. As I understand it, Keybase is an API. The website/service is merely a demonstration. The developers are aiming for mass adoption, and so they've targeted the most popular sites. With some coding, arbitrary sites could be used, with two requirements. First, it must be possible for users to post persistent signed proofs. Second, it must be possible for the API to access those signed proofs, in order to verify them. > My problem with this is two-fold: > > 1. It might allow abuse, esp. MITM attacks. If Keybase becomes a /de facto/ > standard of acquiring keys, it seems trivial to me for them to replace a > valued target's key with something a LEA would provide. That's the value of trackers. Those tracking such a comprised target would see that various public signed proofs are no longer valid for the target's key on Keybase. The adversary could alter all of the target's public signed proofs. But even that wouldn't suffice, because trackers have independent snapshot histories of public proofs. And furthermore, snapshot histories are embedded in the Bitcoin blockchain. > 2. It still promotes the closed, walled-gardens. Diaspora or GNU Social > support would not be that hard to implement. Signed proofs could be placed anywhere that's accessible to the API. But that takes coding, and developers have priorities. One can request. Anyway, I've created a test identity: https://keybase.io/Proba. Once I've added enough proofs, and have enough trackers, I plan to mess with it by replacing the public key held by Keybase, altering some of the proofs, and so on. Then we can see how that shows up for its trackers, and for other users. I'll also explore impacts of malicious trackers. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAEBAgAGBQJUuqg5AAoJEGINZVEXwuQ+WGMIAISP/IMu0gZeuGoNJLtIgAgE R1KEv0dpU6egwzM97vJYOHvgHkGdt+mvqGOSf9C7Xnvzb/ksGKbpWoOpc2mufQq2 MZ+p2/Fp7XAJoLHn5dXaImaFt4RLQCVkBdbc3UXaoXNf59btWiOOm6VcRrKXeSNd SUedVOU+PGP2p/HO22VbdJ/uTOwPzXR9cq1q0LZ/XNODzoHi7iRz91FdNNx3dMgw FjCWXwIKfihHYfScYE8NFQ7ORZauu/DlErd92wiyRo5TEP4BhoImGUzL9Cvwm2bA pRYFxXWOsk5a4vYfVh6CMsLTlH9M7adhv08Vs+wEDuIjDLFgUR6H+u3c8NdWd5w= =6k0+ -----END PGP SIGNATURE----- From mirimir at riseup.net Sat Jan 17 10:27:59 2015 From: mirimir at riseup.net (Mirimir) Date: Sat, 17 Jan 2015 11:27:59 -0700 Subject: on money /2 (resend) In-Reply-To: References: Message-ID: <54BAA9AF.4050001@riseup.net> On 01/17/2015 06:26 AM, Ryan Carboni wrote: > so.... > > Bitcoin gift cards? > > Blah, all criminals know that gift cards and loadable debit cards are all > the rage for laundering. How statist of you! Or are you referring to the state as criminals? From rysiek at hackerspace.pl Sat Jan 17 02:35:33 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sat, 17 Jan 2015 11:35:33 +0100 Subject: Comsec Dream In-Reply-To: References: <20150115230456.GE14804@nl.grid.coop> Message-ID: <2693943.9GdGxRsQyl@lapuntu> Dnia czwartek, 15 stycznia 2015 20:02:21 Travis Biehn pisze: > The distinction is crypto is applied. The axioms and rules don't require > belief or faith - applied crypto has shown time and time again to require > belief and faith. > > Crypto is opaque - but open. > > DES was once thought to be secure. > RSA was once thought to be secure. > PKI was once thought to be secure. Secure to protect what and from whom? The threat model changes. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Sat Jan 17 02:52:21 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sat, 17 Jan 2015 11:52:21 +0100 Subject: Keybase Message-ID: <129233355.dY2XzABZFc@lapuntu> So, Mirmir wrote: > | 13. Targeted attacks against PGP key ids are possible > > This is an advantage of Keybase. Then we're not depending on the KeyID, > or even on the fingerprint, but rather on an identity that's multiply > and independently authenticated. I keep hearing more and more about keybase, and I have a problem with it. It's a centralised service, owned and controlled by a single entity; moreover, the keys are tied to online identities controlled by corporate third parties (Twitter, Facebook, et al). I don't see a Diaspora/The Federation support, for instance. My problem with this is two-fold: 1. It might allow abuse, esp. MITM attacks. If Keybase becomes a /de facto/ standard of acquiring keys, it seems trivial to me for them to replace a valued target's key with something a LEA would provide. 2. It still promotes the closed, walled-gardens. Diaspora or GNU Social support would not be that hard to implement. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From mirimir at riseup.net Sat Jan 17 14:12:07 2015 From: mirimir at riseup.net (Mirimir) Date: Sat, 17 Jan 2015 15:12:07 -0700 Subject: Keybase In-Reply-To: <1625866.9aqJqEUJAd@lapuntu> References: <129233355.dY2XzABZFc@lapuntu> <54BAA84A.1010002@riseup.net> <1625866.9aqJqEUJAd@lapuntu> Message-ID: <54BADE37.9020405@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/17/2015 01:34 PM, rysiek wrote: > Dnia sobota, 17 stycznia 2015 11:22:02 Mirimir pisze: >> On 01/17/2015 03:52 AM, rysiek wrote: >>> So, >>> >>> Mirmir wrote: >>>> | 13. Targeted attacks against PGP key ids are possible >>>> >>>> This is an advantage of Keybase. Then we're not depending on the KeyID, >>>> or even on the fingerprint, but rather on an identity that's multiply >>>> and independently authenticated. >>> >>> I keep hearing more and more about keybase, and I have a problem with it. >>> It's a centralised service, owned and controlled by a single entity; >>> moreover, the keys are tied to online identities controlled by corporate >>> third parties (Twitter, Facebook, et al). I don't see a Diaspora/The >>> Federation support, for instance. >> >> As I understand it, Keybase is an API. The website/service is merely a >> demonstration. The developers are aiming for mass adoption, and so >> they've targeted the most popular sites. With some coding, arbitrary >> sites could be used, with two requirements. First, it must be possible >> for users to post persistent signed proofs. Second, it must be possible >> for the API to access those signed proofs, in order to verify them. >> >>> My problem with this is two-fold: >>> >>> 1. It might allow abuse, esp. MITM attacks. If Keybase becomes a /de >>> facto/ >>> standard of acquiring keys, it seems trivial to me for them to replace a >>> valued target's key with something a LEA would provide. >> >> That's the value of trackers. Those tracking such a comprised target >> would see that various public signed proofs are no longer valid for the >> target's key on Keybase. The adversary could alter all of the target's >> public signed proofs. But even that wouldn't suffice, because trackers >> have independent snapshot histories of public proofs. And furthermore, >> snapshot histories are embedded in the Bitcoin blockchain. > > Wait, how/where does Bitcoin come into this? Did I miss it somehow? I admit I > didn't dive into keybase increadibly deep, but still... See and re the blockchain . | Every public announcement you make on Keybase is now verifiably | signed by Keybase and hashed into the Bitcoin blockchain. To be | specific, all of these: | | o announcing your Keybase username and your public key | o identity proofs (twitter, github, your website, etc.) | o public bitcoin address announcements | o public tracking statements | o revocations of any of these >>> 2. It still promotes the closed, walled-gardens. Diaspora or GNU Social >>> support would not be that hard to implement. >> >> Signed proofs could be placed anywhere that's accessible to the API. But >> that takes coding, and developers have priorities. One can request. > > Right. > >> Anyway, I've created a test identity: https://keybase.io/Proba. Once >> I've added enough proofs, and have enough trackers, I plan to mess with >> it by replacing the public key held by Keybase, altering some of the >> proofs, and so on. Then we can see how that shows up for its trackers, >> and for other users. I'll also explore impacts of malicious trackers. > > Oh, great, I really appreciate that effort. Please keep me posted! Thanks. If you join, you can play :) I'm and the test account is . -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAEBAgAGBQJUut40AAoJEGINZVEXwuQ+3zAH/A7f9GqRi3T3P+viT6M46pXw 4TcxxWGmWtqGz6fbtkYN5AMuedG1hgSRSaqoznpdVhC82kzv6oljC5DyGDJ96Rqv UH0d3xAtiDHO2xN8v7nzE8NmQj7MPRHD0/dZouVaryEAmlFxmsEm0EUGYWhNyIr8 6r6aSCpLgfQi26AhdUdc2PhGf+bAnLnWVQHmpFVaEddi6Vws8MCEeCqhtRmNsoGJ E9wDxhciVcMQKthATgo7K9a8yfEY5jglyFlK38qMrcGrE0TZ/f3wmShQGQqI7B4E aQ4AXCc1X09DwuzEoCiYZQpCixkteH9ZKOMXCWR834SHYcEUNu7lV2eMowXv6OM= =1QmD -----END PGP SIGNATURE----- From list at sysfu.com Sat Jan 17 15:27:26 2015 From: list at sysfu.com (Seth) Date: Sat, 17 Jan 2015 15:27:26 -0800 Subject: Obama joins against crypto aka freedom In-Reply-To: References: Message-ID: On Sat, 17 Jan 2015 14:34:42 -0800, grarpamp wrote: > President Barack Obama said Friday that police and spies should not > be locked out of encrypted smartphones and messaging apps... > > http://blogs.wsj.com/digits/2015/01/16/obama-sides-with-cameron-in-encryption-fight/ > http://yro.slashdot.org/story/15/01/17/2156204/obama-govt-shouldnt-be-hampered-by-encrypted-communica > tions We all knew this was coming. Apex predators never appreciate their prey having the ability to communicate (privately!), organize and resist their predations. > American should be in the streets over talk like this. Taking it to the streets in my observation mostly results in innocent people getting viciously attacked by police. I feel that it would be more effective long term to channel that anger into something productive. Something that tangibly tilts the balance of power back to the people, such as building out community owned networks, wireless or otherwise. [1] Or supporting open phone initiatives like Indie. [2] Growing your own food. Getting off the grid. etc. A self sufficient population is less easily brought to heel. [1] http://peerproduction.net/issues/issue-6-disruption-and-the-law/peer-reviewed-articles/expanding-the-internet-commons-the-subversive-potential-of-wireless-community-networks/ [2] https://ind.ie/about/manifesto/ From badbiosvictim at ruggedinbox.com Sat Jan 17 12:49:49 2015 From: badbiosvictim at ruggedinbox.com (Badbiosvictim) Date: Sat, 17 Jan 2015 15:49:49 -0500 Subject: RedPhone Removed from Google Play Store In-Reply-To: <93178493-002f-4f61-b120-6c6e557fc9ef@email.android.com> References: <54649217.4010106@cathalgarvey.me> <93178493-002f-4f61-b120-6c6e557fc9ef@email.android.com> Message-ID: >From: Cathal Garvey As far as "where to get it", here's a copy: >https://ngrok.com:61924/owncloud/public.php?service=files&t=264659e23e8733b528386eaa6f52d5ef > >Cert is self-signed: >SHA1: 63:9B:E2:FA:D8:A9:66:DE:46:B7:E4:C2:18:47:73:04:C0:12:FE:1F >SHA256: >CF:D2:82:0D:C8:65:CE:EB:2E:3F:36:EC:DA:9E:82:4E:2E:BD:51:19:6A:7E:11:65:50:40:57:9E:B8:79:8D:A2 I apologize for belatedly thanking you for TextSecure download link. Two days ago, I downloaded it despite the browser warning the certificate was not valid: "ngrok.com:61924 uses an invalid security certificate. The certificate is not trusted because it is self-signed. The certificate is only valid for isadora-amd64 (Error code: sec_error_unknown_issuer)" I installed TextSecure on my Droid 3 which does have a cellular account. TextSecure works if airplane mode is not on. Turning airplane mode on and wifi on, TextSecure does not work. Yet, description of TextSecure is that it works over wifi, data and/or SMS. I installed TextSecure on my Motorola droid 4. I use Droid 4 as a PDA. No cellular account. How can I get TextSecure to work over wifi? Thanks. Badbiosvictim, formerly bluelotus From list at sysfu.com Sat Jan 17 15:49:50 2015 From: list at sysfu.com (Seth) Date: Sat, 17 Jan 2015 15:49:50 -0800 Subject: RedPhone Removed from Google Play Store In-Reply-To: References: <54649217.4010106@cathalgarvey.me> <93178493-002f-4f61-b120-6c6e557fc9ef@email.android.com> Message-ID: On Sat, 17 Jan 2015 12:49:49 -0800, Badbiosvictim wrote: > I installed TextSecure on my Motorola droid 4. I use Droid 4 as a PDA. > No cellular account. How can I get TextSecure to work over wifi? Do you have an SMS capable phone number that you can register? From list at sysfu.com Sat Jan 17 16:14:01 2015 From: list at sysfu.com (Seth) Date: Sat, 17 Jan 2015 16:14:01 -0800 Subject: Gnupg (gpg) [was Re: Pond and Keybase [was peerio.com]] In-Reply-To: <54B9B4B0.3070101@riseup.net> References: <54B67B98.6050608@cathalgarvey.me> <54B6B639.4030001@riseup.net> <54B6C45D.1020103@cathalgarvey.me> <54B6C856.1040905@aestetix.com> <54B6CB0D.1050706@cathalgarvey.me> <54B6E500.30400@riseup.net> <54B6E908.9010509@cathalgarvey.me> <54B6FE75.3090902@riseup.net> <54B7A37B.5010609@cathalgarvey.me> <54B8DE52.4080901@riseup.net> <54B9B4B0.3070101@riseup.net> Message-ID: On Fri, 16 Jan 2015 17:02:40 -0800, Mirimir wrote: > OK, I'll bite :) I was going to do the point by point rebuttal but frankly it gets exhausting and the topic has been beat to death here and on other mailing lists. My closing points are: A) GnuPG is powerful and effective crypto tool for technically advanced users _who also_ have the discipline to practice good Opsec. B) It's a terrible crypto tool for anyone else, they're going to phuk it up. From grarpamp at gmail.com Sat Jan 17 14:34:42 2015 From: grarpamp at gmail.com (grarpamp) Date: Sat, 17 Jan 2015 17:34:42 -0500 Subject: Obama joins against crypto aka freedom Message-ID: President Barack Obama said Friday that police and spies should not be locked out of encrypted smartphones and messaging apps... http://blogs.wsj.com/digits/2015/01/16/obama-sides-with-cameron-in-encryption-fight/ http://yro.slashdot.org/story/15/01/17/2156204/obama-govt-shouldnt-be-hampered-by-encrypted-communica tions American should be in the streets over talk like this. From mirimir at riseup.net Sat Jan 17 16:49:00 2015 From: mirimir at riseup.net (Mirimir) Date: Sat, 17 Jan 2015 17:49:00 -0700 Subject: Gnupg (gpg) [was Re: Pond and Keybase [was peerio.com]] In-Reply-To: References: <54B67B98.6050608@cathalgarvey.me> <54B6B639.4030001@riseup.net> <54B6C45D.1020103@cathalgarvey.me> <54B6C856.1040905@aestetix.com> <54B6CB0D.1050706@cathalgarvey.me> <54B6E500.30400@riseup.net> <54B6E908.9010509@cathalgarvey.me> <54B6FE75.3090902@riseup.net> <54B7A37B.5010609@cathalgarvey.me> <54B8DE52.4080901@riseup.net> <54B9B4B0.3070101@riseup.net> Message-ID: <54BB02FC.9000104@riseup.net> On 01/17/2015 05:14 PM, Seth wrote: > On Fri, 16 Jan 2015 17:02:40 -0800, Mirimir wrote: >> OK, I'll bite :) > > I was going to do the point by point rebuttal but frankly it gets > exhausting and the topic has been beat to death here and on other > mailing lists. :) > My closing points are: > > A) GnuPG is powerful and effective crypto tool for technically advanced > users _who also_ have the discipline to practice good Opsec. The Internet embodies poor OPSEC :( > B) It's a terrible crypto tool for anyone else, they're going to phuk it > up. *sigh* From list at sysfu.com Sat Jan 17 17:51:36 2015 From: list at sysfu.com (Seth) Date: Sat, 17 Jan 2015 17:51:36 -0800 Subject: RedPhone Removed from Google Play Store In-Reply-To: <45fc1d99-a0f1-4598-8f26-cb55ac9da478@email.android.com> References: <54649217.4010106@cathalgarvey.me> <93178493-002f-4f61-b120-6c6e557fc9ef@email.android.com> <45fc1d99-a0f1-4598-8f26-cb55ac9da478@email.android.com> Message-ID: On Sat, 17 Jan 2015 16:06:25 -0800, Badbiosvictim wrote: > Yes. I have a $80 a year plan with page plus cellular on my older Droid > 3 phone. I don't believe you can use utilize that number on your Droid 4 'PDA' with Textsecure. If it was a GSM phone maybe you could temporarily swap the active SIM card into the Droid 4 just to register the phone number with Textsecure. Then go back to Wifi for Textsecure comms, however this would require Google Services Framework. Are you trying to pull all this off without using a Google account? Current versions of Textsecure require the GSF to communicate over IP (as opposed to SMS). GSF is only obtainable via the Google Play store to the best of my knowledge. If someone knows of a way to install a current version of the Google Service Framework, without using the Google Play app, I'd be interested to know. Otherwise you're stuck using older versions of Textsecure that support SMS, but again I'm pretty sure that requires an active cellular plan with SMS capable telephone number. From mirimir at riseup.net Sat Jan 17 17:18:57 2015 From: mirimir at riseup.net (Mirimir) Date: Sat, 17 Jan 2015 18:18:57 -0700 Subject: Obama joins against crypto aka freedom In-Reply-To: References: Message-ID: <54BB0A01.2050809@riseup.net> On 01/17/2015 03:34 PM, grarpamp wrote: > President Barack Obama said Friday that police and spies should not > be locked out of encrypted smartphones and messaging apps... > > http://blogs.wsj.com/digits/2015/01/16/obama-sides-with-cameron-in-encryption-fight/ > http://yro.slashdot.org/story/15/01/17/2156204/obama-govt-shouldnt-be-hampered-by-encrypted-communica > tions > > American should be in the streets over talk like this. It was support for Clipper that denied Al Gore the Presidency in 2000. But whatever, Democrats have zero chance in 2016 ;) From badbiosvictim at ruggedinbox.com Sat Jan 17 16:06:25 2015 From: badbiosvictim at ruggedinbox.com (Badbiosvictim) Date: Sat, 17 Jan 2015 19:06:25 -0500 Subject: RedPhone Removed from Google Play Store In-Reply-To: References: <54649217.4010106@cathalgarvey.me> <93178493-002f-4f61-b120-6c6e557fc9ef@email.android.com> Message-ID: <45fc1d99-a0f1-4598-8f26-cb55ac9da478@email.android.com> Yes. I have a $80 a year plan with page plus cellular on my older Droid 3 phone. During the installation of TextSecure on Droid 3, TextSecure didn't ask for a cell phone number to register. How to register a number? On January 17, 2015 6:49:50 PM EST, Seth wrote: >On Sat, 17 Jan 2015 12:49:49 -0800, Badbiosvictim > wrote: > >> I installed TextSecure on my Motorola droid 4. I use Droid 4 as a >PDA. >> No cellular account. How can I get TextSecure to work over wifi? > >Do you have an SMS capable phone number that you can register? From badbiosvictim at ruggedinbox.com Sat Jan 17 16:13:37 2015 From: badbiosvictim at ruggedinbox.com (Badbiosvictim) Date: Sat, 17 Jan 2015 19:13:37 -0500 Subject: RedPhone Removed from Google Play Store In-Reply-To: <09795E60-CC6A-4333-A1BD-CAE056ADBF1D@cathalgarvey.me> References: <54649217.4010106@cathalgarvey.me> <93178493-002f-4f61-b120-6c6e557fc9ef@email.android.com> <09795E60-CC6A-4333-A1BD-CAE056ADBF1D@cathalgarvey.me> Message-ID: <76a530d3-30ea-4fa6-b065-67fec12155d2@email.android.com> 'Data channel' includes wifi? Your TS version works fine on activated Droid 3 in SMS only mode. Thanks. On January 17, 2015 4:40:39 PM EST, "Cathal (Phone)" wrote: >The way OWS designed TS, it requires Google account and Google Play / >Apps to use the data channel. This build, at least, will/should work >with SMS only mode. > >Warning, it's an old build. Want up to date builds? Ask moxie why OWS >only distribute anti-surveillance software builds though a known NSA >asset. > >On 17 January 2015 20:49:49 GMT+00:00, Badbiosvictim > wrote: >>>From: Cathal Garvey >> >>As far as "where to get it", here's a copy: >>>https://ngrok.com:61924/owncloud/public.php?service=files&t=264659e23e8733b528386eaa6f52d5ef >>> >>>Cert is self-signed: >>>SHA1: 63:9B:E2:FA:D8:A9:66:DE:46:B7:E4:C2:18:47:73:04:C0:12:FE:1F >>>SHA256: >>>CF:D2:82:0D:C8:65:CE:EB:2E:3F:36:EC:DA:9E:82:4E:2E:BD:51:19:6A:7E:11:65:50:40:57:9E:B8:79:8D:A2 >> >>I apologize for belatedly thanking you for TextSecure download link. >>Two days ago, I downloaded it despite the browser warning the >>certificate was not valid: >> >>"ngrok.com:61924 uses an invalid security certificate. The certificate >>is not trusted because it is self-signed. The certificate is only >valid >>for isadora-amd64 (Error code: sec_error_unknown_issuer)" >> >>I installed TextSecure on my Droid 3 which does have a cellular >>account. TextSecure works if airplane mode is not on. Turning airplane >>mode on and wifi on, TextSecure does not work. Yet, description of >>TextSecure is that it works over wifi, data and/or SMS. >> >>I installed TextSecure on my Motorola droid 4. I use Droid 4 as a PDA. >>No cellular account. How can I get TextSecure to work over wifi? >> >>Thanks. >>Badbiosvictim, formerly bluelotus From rysiek at hackerspace.pl Sat Jan 17 12:34:56 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sat, 17 Jan 2015 21:34:56 +0100 Subject: Keybase In-Reply-To: <54BAA84A.1010002@riseup.net> References: <129233355.dY2XzABZFc@lapuntu> <54BAA84A.1010002@riseup.net> Message-ID: <1625866.9aqJqEUJAd@lapuntu> Dnia sobota, 17 stycznia 2015 11:22:02 Mirimir pisze: > On 01/17/2015 03:52 AM, rysiek wrote: > > So, > > > > Mirmir wrote: > >> | 13. Targeted attacks against PGP key ids are possible > >> > >> This is an advantage of Keybase. Then we're not depending on the KeyID, > >> or even on the fingerprint, but rather on an identity that's multiply > >> and independently authenticated. > > > > I keep hearing more and more about keybase, and I have a problem with it. > > It's a centralised service, owned and controlled by a single entity; > > moreover, the keys are tied to online identities controlled by corporate > > third parties (Twitter, Facebook, et al). I don't see a Diaspora/The > > Federation support, for instance. > > As I understand it, Keybase is an API. The website/service is merely a > demonstration. The developers are aiming for mass adoption, and so > they've targeted the most popular sites. With some coding, arbitrary > sites could be used, with two requirements. First, it must be possible > for users to post persistent signed proofs. Second, it must be possible > for the API to access those signed proofs, in order to verify them. > > > My problem with this is two-fold: > > > > 1. It might allow abuse, esp. MITM attacks. If Keybase becomes a /de > > facto/ > > standard of acquiring keys, it seems trivial to me for them to replace a > > valued target's key with something a LEA would provide. > > That's the value of trackers. Those tracking such a comprised target > would see that various public signed proofs are no longer valid for the > target's key on Keybase. The adversary could alter all of the target's > public signed proofs. But even that wouldn't suffice, because trackers > have independent snapshot histories of public proofs. And furthermore, > snapshot histories are embedded in the Bitcoin blockchain. Wait, how/where does Bitcoin come into this? Did I miss it somehow? I admit I didn't dive into keybase increadibly deep, but still... > > 2. It still promotes the closed, walled-gardens. Diaspora or GNU Social > > support would not be that hard to implement. > > Signed proofs could be placed anywhere that's accessible to the API. But > that takes coding, and developers have priorities. One can request. Right. > Anyway, I've created a test identity: https://keybase.io/Proba. Once > I've added enough proofs, and have enough trackers, I plan to mess with > it by replacing the public key held by Keybase, altering some of the > proofs, and so on. Then we can see how that shows up for its trackers, > and for other users. I'll also explore impacts of malicious trackers. Oh, great, I really appreciate that effort. Please keep me posted! -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From cathalgarvey at cathalgarvey.me Sat Jan 17 13:40:39 2015 From: cathalgarvey at cathalgarvey.me (Cathal (Phone)) Date: Sat, 17 Jan 2015 21:40:39 +0000 Subject: RedPhone Removed from Google Play Store In-Reply-To: References: <54649217.4010106@cathalgarvey.me> <93178493-002f-4f61-b120-6c6e557fc9ef@email.android.com> Message-ID: <09795E60-CC6A-4333-A1BD-CAE056ADBF1D@cathalgarvey.me> The way OWS designed TS, it requires Google account and Google Play / Apps to use the data channel. This build, at least, will/should work with SMS only mode. Warning, it's an old build. Want up to date builds? Ask moxie why OWS only distribute anti-surveillance software builds though a known NSA asset. On 17 January 2015 20:49:49 GMT+00:00, Badbiosvictim wrote: >>From: Cathal Garvey > >As far as "where to get it", here's a copy: >>https://ngrok.com:61924/owncloud/public.php?service=files&t=264659e23e8733b528386eaa6f52d5ef >> >>Cert is self-signed: >>SHA1: 63:9B:E2:FA:D8:A9:66:DE:46:B7:E4:C2:18:47:73:04:C0:12:FE:1F >>SHA256: >>CF:D2:82:0D:C8:65:CE:EB:2E:3F:36:EC:DA:9E:82:4E:2E:BD:51:19:6A:7E:11:65:50:40:57:9E:B8:79:8D:A2 > >I apologize for belatedly thanking you for TextSecure download link. >Two days ago, I downloaded it despite the browser warning the >certificate was not valid: > >"ngrok.com:61924 uses an invalid security certificate. The certificate >is not trusted because it is self-signed. The certificate is only valid >for isadora-amd64 (Error code: sec_error_unknown_issuer)" > >I installed TextSecure on my Droid 3 which does have a cellular >account. TextSecure works if airplane mode is not on. Turning airplane >mode on and wifi on, TextSecure does not work. Yet, description of >TextSecure is that it works over wifi, data and/or SMS. > >I installed TextSecure on my Motorola droid 4. I use Droid 4 as a PDA. >No cellular account. How can I get TextSecure to work over wifi? > >Thanks. >Badbiosvictim, formerly bluelotus -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2442 bytes Desc: not available URL: From grarpamp at gmail.com Sat Jan 17 23:36:09 2015 From: grarpamp at gmail.com (grarpamp) Date: Sun, 18 Jan 2015 02:36:09 -0500 Subject: Cypherpunk Politics Message-ID: What of political license / subscription to theory, and actual politiking like Pirate Party? Are the various cypherpunk manifesto's serve as actual platform and/or docs for same? Who is forming such entities in today? Where are they now? What are the platform/action? From grarpamp at gmail.com Sun Jan 18 13:44:37 2015 From: grarpamp at gmail.com (grarpamp) Date: Sun, 18 Jan 2015 16:44:37 -0500 Subject: Good ol' BSD vs. GPL (was: Re: TrueCrypt, GostCrypt, *Crypt - status?) In-Reply-To: <1748319.dEIj6q7VDI@lapuntu> References: <2657116.6mg9LyzkaY@lapuntu> <1748319.dEIj6q7VDI@lapuntu> Message-ID: On Fri, Jan 9, 2015 at 5:33 PM, rysiek wrote: > Facebook's use of OpenSSL is hardly private, as if I were to use Facebook I > would have to interact with their OpenSSL instance/copy/whatever-you-call-it. No you're interacting with TLS, an open IETF standard protocol that cryptographically will either secure or not the line connection regardless of what's behind it is legit or not. Facebook's public use of TLS front by OpenSSL library or any other implementation of TLS protocol front is private license wise (while perhaps unfortunate bug, market share, or otherwise). From jesse at jbcrawford.us Sun Jan 18 16:28:34 2015 From: jesse at jbcrawford.us (Jesse B. Crawford) Date: Sun, 18 Jan 2015 17:28:34 -0700 Subject: Keybase In-Reply-To: <54BADE37.9020405@riseup.net> References: <129233355.dY2XzABZFc@lapuntu> <54BAA84A.1010002@riseup.net> <1625866.9aqJqEUJAd@lapuntu> <54BADE37.9020405@riseup.net> Message-ID: <54BC4FB2.50806@jbcrawford.us> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have a Keybase profile at https://keybase.io/jcrawfordor I have several invites available as well if anyone else is interested. I think of Keybase very positively, it is perhaps not perfect but it's a big improvement in usability for typical people than the web-of-trust system. Attaching cryptographic keys to social network identities matches how most people really use the internet very well. Perhaps this has already been mentioned, but it's worth pointing out that the Keybase service (keybase.io) is NOT trusted to verify the proofs. The keybase command-line tool verifies the proofs independently itself, preventing the keybase service lying. That said, I would not advocate uploading your private key to keybase. There is a huge usability tradeoff surrounding this, and while Keybase is trying to maintain as much security as possible, I'm not yet convinced that it is safe to provide the private key to a third party even if they have zero knowledge (primarily because of problems with web browser cryptographic implementation). Jesse B. Crawford Student, Information Technology New Mexico Inst. of Mining & Technology https://jbcrawford.us // jesse at jbcrawford.us https://cs.nmt.edu/~jcrawford // jcrawford at cs.nmt.edu On 2015-01-17 15:12, Mirimir wrote: > On 01/17/2015 01:34 PM, rysiek wrote: >> Dnia sobota, 17 stycznia 2015 11:22:02 Mirimir pisze: >>> On 01/17/2015 03:52 AM, rysiek wrote: >>>> So, >>>> >>>> Mirmir wrote: >>>>> | 13. Targeted attacks against PGP key ids are possible >>>>> >>>>> This is an advantage of Keybase. Then we're not depending >>>>> on the KeyID, or even on the fingerprint, but rather on an >>>>> identity that's multiply and independently authenticated. >>>> >>>> I keep hearing more and more about keybase, and I have a >>>> problem with it. It's a centralised service, owned and >>>> controlled by a single entity; moreover, the keys are tied to >>>> online identities controlled by corporate third parties >>>> (Twitter, Facebook, et al). I don't see a Diaspora/The >>>> Federation support, for instance. >>> >>> As I understand it, Keybase is an API. The website/service is >>> merely a demonstration. The developers are aiming for mass >>> adoption, and so they've targeted the most popular sites. With >>> some coding, arbitrary sites could be used, with two >>> requirements. First, it must be possible for users to post >>> persistent signed proofs. Second, it must be possible for the >>> API to access those signed proofs, in order to verify them. >>> >>>> My problem with this is two-fold: >>>> >>>> 1. It might allow abuse, esp. MITM attacks. If Keybase >>>> becomes a /de facto/ standard of acquiring keys, it seems >>>> trivial to me for them to replace a valued target's key with >>>> something a LEA would provide. >>> >>> That's the value of trackers. Those tracking such a comprised >>> target would see that various public signed proofs are no >>> longer valid for the target's key on Keybase. The adversary >>> could alter all of the target's public signed proofs. But even >>> that wouldn't suffice, because trackers have independent >>> snapshot histories of public proofs. And furthermore, snapshot >>> histories are embedded in the Bitcoin blockchain. > >> Wait, how/where does Bitcoin come into this? Did I miss it >> somehow? I admit I didn't dive into keybase increadibly deep, but >> still... > > See and re the > blockchain > . > > | Every public announcement you make on Keybase is now verifiably > | signed by Keybase and hashed into the Bitcoin blockchain. To be | > specific, all of these: | | o announcing your Keybase username and > your public key | o identity proofs (twitter, github, your website, > etc.) | o public bitcoin address announcements | o public tracking > statements | o revocations of any of these > >>>> 2. It still promotes the closed, walled-gardens. Diaspora or >>>> GNU Social support would not be that hard to implement. >>> >>> Signed proofs could be placed anywhere that's accessible to the >>> API. But that takes coding, and developers have priorities. One >>> can request. > >> Right. > >>> Anyway, I've created a test identity: https://keybase.io/Proba. >>> Once I've added enough proofs, and have enough trackers, I plan >>> to mess with it by replacing the public key held by Keybase, >>> altering some of the proofs, and so on. Then we can see how >>> that shows up for its trackers, and for other users. I'll also >>> explore impacts of malicious trackers. > >> Oh, great, I really appreciate that effort. Please keep me >> posted! > > Thanks. If you join, you can play :) I'm > and the test account is > . > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJUvE+yAAoJEBPrCUVAhb3Br/oH/jRXBKdeBMcCRo5jSc9cmyXD +WuWWUfnWW+xWS+sRuBxMVU+nZTUS5Zku7/us5XzP/i6QwKHtYD2dUr2CA7kdzqP JzY33yEoFRt2rQxcEgEgwDtIgPN24r9kkZJEeoBm+WF0uZViFCiAHc8PinRmjC6q xIGWBL9syq0mWB68KMJbgdjRChG+rPUxEFZxngdr8bXYHjo5JlCwP71xNAdamjcA 5K1yqV7YlAYAlFqWhdszNh48tu4Yn1Qgt6WuGoxXB+vqQUrtBCgZnkq6RQmcSm/d VpT2A4zVutLHkHUvD7hlxCUKaP+8JtK8EMMuJ1poqrRnmEmRcMNaYlqEuihpFgo= =42Ig -----END PGP SIGNATURE----- From rysiek at hackerspace.pl Sun Jan 18 12:33:51 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 18 Jan 2015 21:33:51 +0100 Subject: Cypherpunk Politics In-Reply-To: References: Message-ID: <2861460.HQp4W9DS8A@lapuntu> Dnia niedziela, 18 stycznia 2015 02:36:09 grarpamp pisze: > What of political license / subscription to theory, and actual > politiking like Pirate Party? Politics breeds compromise, usually. THat's the problem. there are very few people that are able to stay in politics yet not compromise and keep their integrity. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From odinn.cyberguerrilla at riseup.net Sun Jan 18 20:17:20 2015 From: odinn.cyberguerrilla at riseup.net (odinn) Date: Mon, 19 Jan 2015 04:17:20 +0000 Subject: Obama joins against crypto aka freedom In-Reply-To: <54BB0A01.2050809@riseup.net> References: <54BB0A01.2050809@riseup.net> Message-ID: <54BC8550.5080505@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 tl;dr ..... or not? If it's free and open source and not part of what is produced by a corporation (and is auditable) (and can be held in repositories in a bunch of different places that can be compared to each other so as to make sure that the place for public to download isn't just infected with crap from government), then great! If it is not free and open source and if it relies in any way on any corporation and cannot be downloaded directly from github or a similar repository system, then oh well, you aren't going to be able to rely on it, because the corporation (in the US and in most places in the world) isn't going to be able to legally operate and certainly won't be able to legally distribute to the US without license from the USG. And that is all, and the EFF can huff and puff but at the end of the day there will be no large scale uprising because the level of apathy in the US is at an all time high. I mean, how many years has EFF been with Jewel v. NSA in the courts? Their lawyers might die before the case gets resolution. People are kind of excited about CISPA fight (and maybe the mailing lists that are used to fight CISPA could also be used for fighting Obama and Cameron on encryption), though I sense that is kind of wearing thin after so many damn repeats of the same thing. Over and over. One of the things I suggest doing is just saying screw humanity for a while. Put some of our best, most hardcore code, like Gnupg (gpg) and some of the best stuff, that you could think of (I happen to like textsecure) - look, I'm sure you could think of all kinds of amazing things - just examples of really good crypto. You know, like bitcoin (BTC) and BCN. And put all this stuff in as examples of like, an undersea Voyager 1. And then send it to the bottom of the ocean. And tell it to come back in like 10 years, or 50 years, but to, you know, check back from a distance first, to make sure that we are not dead first, to make sure we haven't killed ourselves off or that we haven't screwed up even more than we have already. So here is my concept project for an undersea Voyager 1: https://twitter.com/AnonyOdinn/status/556952326347317248 On Github: https://github.com/abisprotocol/ImmortalCode The idea is there is code and DNA kind of mixed together in an Autonomous Knowledge Node, protected in a robotic hard shell as an OpenROV, sort of like a little submarine, but it can reproduce in certain conditions. And it can then communicate with other species. It will try to learn things to bring back from the depths to help us survive, assuming we are still alive when we return. (And of course it will bring back the crypto it carried along as well sort of like the Golden Platter of Voyager 1 or something) This is kind of along ramble, so I'll just be quiet now. - -O Mirimir: > On 01/17/2015 03:34 PM, grarpamp wrote: >> President Barack Obama said Friday that police and spies should >> not be locked out of encrypted smartphones and messaging apps... >> >> http://blogs.wsj.com/digits/2015/01/16/obama-sides-with-cameron-in-encryption-fight/ >> >> http://yro.slashdot.org/story/15/01/17/2156204/obama-govt-shouldnt-be-hampered-by-encrypted-communica >> tions >> >> American should be in the streets over talk like this. > > It was support for Clipper that denied Al Gore the Presidency in > 2000. > > But whatever, Democrats have zero chance in 2016 ;) > > > - -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJUvIVPAAoJEGxwq/inSG8CuEYH/3wBMO9e2pV2HBQInQCYDblg AXuj175yPMOBXLtymz2PfLzxMny8kq+K8G9Ex7Su9Docsfc8rjgftFFS6uux4GUB WzFm9CPkYNEu02dzfNz45QED8MuWiqFun3Sv552R0HPoucy+Caludqx5ws6zz22G nTs8QeHOXeQrPhUMEy1fZi3/TK9DPqjiZ3eJI5YkTZSXKhTFBE2HEDZjueHTYueF K6lLNdMBpLl7CSXKO6qIu2l+63fVW+MFot/Sh9jcX9O2hGbznmRws6FSeFDInQ1s oAco9gPxkTGghc3pnyZ8TZcZmOPcG3altzbRz+6Rm2FkQNzSd7ssoca6debs914= =fa3p -----END PGP SIGNATURE----- From guninski at guninski.com Mon Jan 19 06:05:34 2015 From: guninski at guninski.com (Georgi Guninski) Date: Mon, 19 Jan 2015 16:05:34 +0200 Subject: Feedback about startpage.com? Message-ID: <20150119140534.GA2524@sivokote.iziade.m$> https://startpage.com/do/search Claims to use google and gives proxy option. Any feedback? (the number of results for some queries differ from google, might be country/IP related). From l at odewijk.nl Mon Jan 19 08:21:21 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Mon, 19 Jan 2015 17:21:21 +0100 Subject: Feedback about startpage.com? In-Reply-To: <20150119140534.GA2524@sivokote.iziade.m$> References: <20150119140534.GA2524@sivokote.iziade.m$> Message-ID: Default for the Tor project, which is a red flag imho. (single point of trust is also single point of failure, Tor project is commonly considered dubious among experts and has large code, lack of independent code validation and huge government funding. It's offtopic to futher discuss it here, just why I call it a red flag) (1) Unless you can validate that they do it safely, they don't. (2) I cannot validate startpage. Thus, startpage does not do it safely. Q.E.D. If you disagree with axiom 1, buy a (truly) random box of pills, swallow, post results (they should cure you even if you didn't know you're sick) (by your logic, not mine!) (assuming authority is a fallacy, which is debatable but so often true I'd rather not depend on it) If you can invalidate 2, please do! Is it better than just using Google? Yes. Maybe okay is still better than okay. (Swallow random pills if you're dying and can't improve upon random) It's also much slower than Google, but at least it's faster than duckduckgo and actually returns results worth querying for. 2015-01-19 15:05 GMT+01:00 Georgi Guninski : > https://startpage.com/do/search > > Claims to use google and gives proxy option. > > Any feedback? > > (the number of results for some queries differ from > google, might be country/IP related). > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1871 bytes Desc: not available URL: From s at ctrlc.hu Mon Jan 19 08:50:58 2015 From: s at ctrlc.hu (stef) Date: Mon, 19 Jan 2015 17:50:58 +0100 Subject: Feedback about startpage.com? In-Reply-To: References: <20150119140534.GA2524@sivokote.iziade.m$> Message-ID: <20150119165058.GF7218@ctrlc.hu> On Mon, Jan 19, 2015 at 05:21:21PM +0100, Lodewijk andré de la porte wrote: > It's also much slower than Google, but at least it's faster than duckduckgo > and actually returns results worth querying for. if you want to host your own superior search engine (although does proxying only for image search) use: https://github.com/asciimoo/searx -- otr fp: https://www.ctrlc.hu/~stef/otr.txt From grarpamp at gmail.com Mon Jan 19 15:46:24 2015 From: grarpamp at gmail.com (grarpamp) Date: Mon, 19 Jan 2015 18:46:24 -0500 Subject: Obama joins against crypto aka freedom In-Reply-To: <54BC8550.5080505@riseup.net> References: <54BB0A01.2050809@riseup.net> <54BC8550.5080505@riseup.net> Message-ID: On Sun, Jan 18, 2015 at 11:17 PM, odinn wrote: > tl;dr ..... or not? No, this is historical possibility. Might as well throw in a copy of Wikipedia too. Just like the seed and genome banks out there for if/when we fuck it up. Even the cryopreservation wonks. The whole of human knowledge and existance thing. Humanity goes in these long cycles of destroy and rebuild, some more severe and complete than others. And odds of higher completion increase with inventing more non natural processes over short time like bioengineering and nukes that have not yet reached long time evolutionary integration/protection toward natural defence/backoff. > And that is all, and the EFF can huff and puff but at the end of the > day there will be no large scale uprising because the level of apathy It's not just the US. There are world protests, but lasting real success anywhere in the world against the pro-surveillors and anti-cryptos and nothing-to-hiders and thought-crimers, seems yet to be determined. > People are kind of excited about CISPA fight (and maybe the mailing > lists that are used to fight CISPA could also be used for fighting That's because they apparently love using the internet for piracy so they can watch the fucking Simpsons and football and movies and porn and Beyonce. Portray the issues last above into them not being able to do that anymore and you might see some riseup activity there. Probably more than you'd see if you told them their corps/govts/friends were reading their sexy text messages because they kindof already know that and don't give a fuck because it's just being watched, not being *taken away from them*. You have to take away the beer and candy and gasoline and water and vaporize their cash flow to get a reaction. > One of the things I suggest doing is just saying screw humanity for a > while. Put some of our best, most hardcore code, like Gnupg (gpg) and > ... > (BTC) and BCN. And put all this stuff in as examples of like, an > undersea Voyager 1. And then send it to the bottom of the ocean. And > tell it to come back in like 10 years, or 50 years, but to, you know, > check back from a distance first, to make sure that we are not dead > first, to make sure we haven't killed ourselves off or that we haven't > screwed up even more than we have already. > ... > https://twitter.com/AnonyOdinn/status/556952326347317248 > https://github.com/abisprotocol/ImmortalCode > The idea is there is code and DNA kind of mixed together in an > Autonomous Knowledge Node, protected in a robotic hard shell as an > OpenROV, sort of like a little submarine, but it can reproduce in > certain conditions. And it can then communicate with other species. > It will try to learn things to bring back from the depths to help us > survive, assuming we are still alive when we return. (And of course > it will bring back the crypto it carried along as well sort of like > the Golden Platter of Voyager 1 or something) > > This is kind of along ramble, so I'll just be quiet now. From rysiek at hackerspace.pl Mon Jan 19 10:20:49 2015 From: rysiek at hackerspace.pl (rysiek) Date: Mon, 19 Jan 2015 19:20:49 +0100 Subject: Good ol' BSD vs. GPL (was: Re: TrueCrypt, GostCrypt, *Crypt - status?) In-Reply-To: References: <1748319.dEIj6q7VDI@lapuntu> Message-ID: <23329451.PM0LsYv2cE@lapuntu> Dnia niedziela, 18 stycznia 2015 16:44:37 grarpamp pisze: > On Fri, Jan 9, 2015 at 5:33 PM, rysiek wrote: > > Facebook's use of OpenSSL is hardly private, as if I were to use Facebook > > I > > would have to interact with their OpenSSL > > instance/copy/whatever-you-call-it. > > No you're interacting with TLS, an open IETF standard protocol Let me stop you right here and let's all ponder for a while the notion of "interacting with a protocol". What an interesting ontology you have! I'll be conservative, though, and keep on claiming that I'm interacting with *software that implements* a given protocol. Although when somebody takes a friend to court over some DDoS or port scanning, I'll be sure to remember this gem and use the "he wasn't attacking the software, he was only interacting with the *protocol*, Your Honour!" defence. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From grarpamp at gmail.com Mon Jan 19 17:16:04 2015 From: grarpamp at gmail.com (grarpamp) Date: Mon, 19 Jan 2015 20:16:04 -0500 Subject: [tor-relays-universities] afs / coda behind tor? In-Reply-To: References: Message-ID: On Mon, Jan 19, 2015 at 7:39 PM, Mueller, Alex wrote: >> has somebody an idea of the possiblity to protect afs / coda server >> behind tor? As a Hidden Service? Most anything TCP should be possible, if you need UDP or to present IP binding and embedded semantics to applications, you may want to try onioncat (at least for now), or use a different [anonymity] network that is more IP[v6] friendly like CJDNS or Phantom or somesuch. http://en.wikipedia.org/wiki/OpenAFS http://www.openafs.org/ https://www.onioncat.org/ As you mentioned filesystems, I'll include a recent thread below which you may further look into... ======== On Fri, Jan 16, 2015 at 7:40 AM, Greg Troxel wrote: > ianG writes: grarpamp wrote: >> I've come up with a problem that needs a secure cloudy (handwavy) data >> storage solution. >> >> The only think I can think of is Tahoe-LAFS. I get the feeling that >> it is the only game in town... but why not ask? Is there a plausible >> "competitor" to Tahoe? > > Please explain your actual requirements. Tahoe does well at not > storing plaintext and redundancy across large numbers of servers. > However, it doesn't do well at: > - mixing storage from different users (accounting) > - garbage collection (expiration vs lease renewal) > - acting like a posix filesystem (FUSE interface is weak) > - speed You might find something here... https://en.wikipedia.org/wiki/MaidSafe https://en.wikipedia.org/wiki/Comparison_of_file_sharing_applications https://en.wikipedia.org/wiki/Anonymous_P2P https://en.wikipedia.org/wiki/Comparison_of_distributed_file_systems https://en.wikipedia.org/wiki/List_of_file_systems#Distributed_file_systems I'm looking for something that will run entirely within an anonymous p2p network, has data redundancy minimums on the storage automatically handled by the system, some number of redundant access points, and mounts posix-like (nfs/zfs/iscsi/smb/cifs) for all participants. At least readonly for everyone, and readwrite for the owner of any particular subtree, like AFS. ======== From cathalgarvey at cathalgarvey.me Mon Jan 19 12:47:44 2015 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Mon, 19 Jan 2015 20:47:44 +0000 Subject: Good ol' BSD vs. GPL In-Reply-To: References: <2657116.6mg9LyzkaY@lapuntu> <1748319.dEIj6q7VDI@lapuntu> Message-ID: <54BD6D70.1020707@cathalgarvey.me> Very On-topic talk by Bradley Kuhn at Linux.conf.au this month: https://www.youtube.com/watch?v=-ItFjEG3LaA Still mid-way through it, very philosophical and very good background from a thoughtful and self-critical GPL advocate on "why GPL", and "should the GPL always be the way". On 18/01/15 21:44, grarpamp wrote: > On Fri, Jan 9, 2015 at 5:33 PM, rysiek wrote: >> Facebook's use of OpenSSL is hardly private, as if I were to use Facebook I >> would have to interact with their OpenSSL instance/copy/whatever-you-call-it. > > No you're interacting with TLS, an open IETF standard protocol > that cryptographically will either secure or not the line connection > regardless of what's behind it is legit or not. Facebook's public > use of TLS front by OpenSSL library or any other implementation > of TLS protocol front is private license wise (while perhaps > unfortunate bug, market share, or otherwise). > -- Twitter: @onetruecathal Phone: +353876363185 miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM peerio.com: Use email or phone. Uses above miniLock key. From shelley at misanthropia.org Mon Jan 19 21:27:51 2015 From: shelley at misanthropia.org (shelley at misanthropia.org) Date: Mon, 19 Jan 2015 21:27:51 -0800 Subject: RedPhone Removed from Google Play Store In-Reply-To: <108f4d63ee0193fa5c0583030bd93dc9.squirrel@ruggedinbox.com> References: <54649217.4010106@cathalgarvey.me> <93178493-002f-4f61-b120-6c6e557fc9ef@email.android.com> <45fc1d99-a0f1-4598-8f26-cb55ac9da478@email.android.com> <108f4d63ee0193fa5c0583030bd93dc9.squirrel@ruggedinbox.com> Message-ID: <20150120052737.2FFA1C0001B@frontend1.nyi.internal> On January 19, 2015 6:45:46 PM badbiosvictim at ruggedinbox.com wrote: >> If someone knows of a way to install a current version of the Google > > Service Framework, without using the Google Play app, I'd be interested > to know. I don't use google-anything on my android phone; I use F-Droid and side-load everything else. I'm sorry if I've missed it, but which version of android OS are you running? Surely one of us can upload the corresponding GSF .apk for you? > > > > Otherwise you're stuck using older versions of Textsecure that support > > SMS, but again I'm pretty sure that requires an active cellular plan with > > SMS capable telephone number. > > You are correct. I will use older TextSecure on my activated phone. Works > perfectly. > > On my unactivated "PDA,"I will continue to email my contacts > cellular text address unless I convince my contacts to use peerio or > chatsecure or subrosa. > > From list at sysfu.com Tue Jan 20 01:10:17 2015 From: list at sysfu.com (Seth) Date: Tue, 20 Jan 2015 01:10:17 -0800 Subject: Obama joins against crypto aka freedom In-Reply-To: <1511762.augpjxmlFI@lapuntu> References: <54BC8550.5080505@riseup.net> <1511762.augpjxmlFI@lapuntu> Message-ID: On Mon, 19 Jan 2015 23:30:40 -0800, rysiek wrote: You keep using that word: > > http://copyspeak.org/piracy > > > Language is important. By using the language of the "other side" we > partially agree to their terms and fight an uphill battle. So true. “The beginning of wisdom is to call things by their proper name.” -Confucious. Never accept nor internalize the neuro-linguistic slave-speak programming of the control freaks. -- Don't find fault, find a remedy. - Henry Ford -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1473 bytes Desc: not available URL: From badbiosvictim at ruggedinbox.com Mon Jan 19 17:52:58 2015 From: badbiosvictim at ruggedinbox.com (badbiosvictim at ruggedinbox.com) Date: Tue, 20 Jan 2015 02:52:58 +0100 Subject: RedPhone Removed from Google Play Store In-Reply-To: References: <54649217.4010106@cathalgarvey.me> <93178493-002f-4f61-b120-6c6e557fc9ef@email.android.com> <45fc1d99-a0f1-4598-8f26-cb55ac9da478@email.android.com> Message-ID: <108f4d63ee0193fa5c0583030bd93dc9.squirrel@ruggedinbox.com> > If someone knows of a way to install a current version of the Google > Service Framework, without using the Google Play app, I'd be interested to > know. > > Otherwise you're stuck using older versions of Textsecure that support > SMS, but again I'm pretty sure that requires an active cellular plan with > SMS capable telephone number. You are correct. I will use older TextSecure on my activated phone. Works perfectly. On my unactivated "PDA,"I will continue to email my contacts cellular text address unless I convince my contacts to use peerio or chatsecure or subrosa. From grarpamp at gmail.com Tue Jan 20 00:56:02 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 20 Jan 2015 03:56:02 -0500 Subject: Cypherpunk Politics In-Reply-To: <2861460.HQp4W9DS8A@lapuntu> References: <2861460.HQp4W9DS8A@lapuntu> Message-ID: On Sun, Jan 18, 2015 at 3:33 PM, rysiek wrote: > Dnia niedziela, 18 stycznia 2015 02:36:09 grarpamp pisze: >> What of political license / subscription to theory, and actual >> politiking like Pirate Party? > > Politics breeds compromise, usually. THat's the problem. there are very few > people that are able to stay in politics yet not compromise and keep their > integrity. Yes. However it would at the same time be effectively true to say that there are no electeds anywhere holding some cypherpunk knowledge and politik as part of their internal thought base, therefore no chance to espouse and inject that even if under compromise. ie: look how many elected truly 'get' computers or the internet. Or court in DPR case that has to struggle with basic stuff. Cypherpunks for elected reps! Where's the retired cypherpunks anyways? We have a job for you... From odinn.cyberguerrilla at riseup.net Mon Jan 19 20:13:15 2015 From: odinn.cyberguerrilla at riseup.net (odinn) Date: Tue, 20 Jan 2015 04:13:15 +0000 Subject: Gnupg (gpg) [was Re: Pond and Keybase [was peerio.com]] In-Reply-To: <2207880.jHoTrlyqB6@lapuntu> References: <54B67B98.6050608@cathalgarvey.me> <54B8DE52.4080901@riseup.net> <2207880.jHoTrlyqB6@lapuntu> Message-ID: <54BDD5DB.8060501@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 rysiek: > Dnia piątek, 16 stycznia 2015 10:11:48 Seth pisze: >> On Fri, 16 Jan 2015 01:48:02 -0800, odinn >> >> wrote: >>> And now here's the kicker: This two-person team which they are >>> trying to get funded, IS NOT FUNDED! >>> >>> Take a look here: >>> >>> https://gnupg.org/index.html >>> >>> Again: >>> >>> NOT. FUNDED. >> >> This line of argument seems to imply that throwing money at GnuPG >> will somehow fix its well-known usability issues. >> http://secushare.org/PGP > > Some of those issues are not easily fixable (or at all, because of > how e-mail works); but some of them are fixable, if only the right > incentives show up. Yep. > > Maybe we could find a way to fund GnuPG/Enigmail/MailPile in a way > that would incentivise good UI/UX? I don't know... we seem to have > a _crowd_ here, maybe we could find a way _fund_ such an > endaevour? If not from someone listening to this list, then from where? It seems ridiculous that it is not already funded given the threats to encryption around the world. Obama. Cameron. Putin. Belafuckingrus. Suggestions are welcome. I would really rather see https://gnupg.org/index.html funded than send a robot into the ocean as we bomb ourselves into the abyss with unfunded programmers' last words to the human race being, "I told you so" and the last noises humanity makes being a few plaintive cries and the clinking of wine glasses. We really need to do better as a species. github.com/abisprotocol/ImmortalCode > - -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJUvdXbAAoJEGxwq/inSG8CRZ8H/Rm7YhURA0zoGJpTie+Wxmq/ F3GLedNFg5rT1l6PyZmMaDKFik+8gA3S7KBbsS23vbruuyF/P/J7zTjnrQKFWWAa VT9cHKfMEF424BlNqIx6wWsMWTkbjmEcimDxPxa1sMC1B6koe0+CzLw0JqboD0Ff U9GoP/2MGOg3E74uGPT/3xWoOSDKmOfdmfrfCek6w6zDZq5vQ/+pMuSlReESLZXt 47sC5pfLfCdoPFewJE7oaCAWHrIlUR2xEjW8is2skUrKj4UOWWaEOHHNfC6dUZVn XpZE3Nr7/ycTCYy2+b9Vv6C08X29BoLWIOLydATPEN5f5ptKiBPnO1qGEzXoxt0= =1CIk -----END PGP SIGNATURE----- From grarpamp at gmail.com Tue Jan 20 02:17:25 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 20 Jan 2015 05:17:25 -0500 Subject: Obama joins against crypto aka freedom In-Reply-To: <1511762.augpjxmlFI@lapuntu> References: <54BC8550.5080505@riseup.net> <1511762.augpjxmlFI@lapuntu> Message-ID: On Tue, Jan 20, 2015 at 2:30 AM, rysiek wrote: > http://copyspeak.org/piracy > Language is important. By using the language of the "other side" we > partially agree to their terms and fight an uphill battle. People often fight the same battles in different ways, and sometimes if focus/wait on words the grater point may be blur/miss, even up to repress themselves and any flanking contribution to battles. Here are words on same battles... https://www.youtube.com/watch?v=o25I2fzFGoY From grarpamp at gmail.com Tue Jan 20 02:45:00 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 20 Jan 2015 05:45:00 -0500 Subject: Obama joins against crypto aka freedom In-Reply-To: <54BE097D.9010708@riseup.net> References: <54BB0A01.2050809@riseup.net> <54BC8550.5080505@riseup.net> <54BE097D.9010708@riseup.net> Message-ID: On Tue, Jan 20, 2015 at 2:53 AM, odinn wrote: > As stated in the github on ImmortalCode, I'm totally down for > contributors, > > https://github.com/abisprotocol/ImmortalCode > ... > also due to the complexity of merging Turritopsis dohrnii DNA with > Open Worm DNA (in biological form, a Caenorhabditis Elegans, which has > 302 neurons and 959 cells), as well as inserting a "human signal" in > the form of a tiny segment of human DNA into the modified T. dohrnii This is interesting life form and potential applications and threads of thought. > as well before protecting the creature within a modified OpenROV to > help protect it and ensure its safe return to land. A significant We must recall... the tech to build and hide the Ark usually implies the memory and ability to find, maintain, covet, wager for, or destroy the Ark before you lose such memory and ability. It is very hard to hide a thing from oneself, particularly when under need or duress. Agreed, these class of problem is interesting and worth solving. http://en.wikipedia.org/wiki/Clock_of_the_Long_Now http://en.wikipedia.org/wiki/Yucca_Mountain_nuclear_waste_repository http://en.wikipedia.org/wiki/Voyager_Golden_Record http://en.wikipedia.org/wiki/Artificial_intelligence From odinn.cyberguerrilla at riseup.net Mon Jan 19 23:07:42 2015 From: odinn.cyberguerrilla at riseup.net (odinn) Date: Tue, 20 Jan 2015 07:07:42 +0000 Subject: peerio.com In-Reply-To: <54B6E908.9010509@cathalgarvey.me> References: <54B67B98.6050608@cathalgarvey.me> <54B6B639.4030001@riseup.net> <54B6C45D.1020103@cathalgarvey.me> <54B6C856.1040905@aestetix.com> <54B6CB0D.1050706@cathalgarvey.me> <54B6E500.30400@riseup.net> <54B6E908.9010509@cathalgarvey.me> Message-ID: <54BDFEBE.2030408@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 no, peerio, problematic due to, in part, 1) third party broad spectrum surveillance from cromnibus. (kind of a serious problem for anything that involves initial setup or later login through website actually) See Title III, Subtitle A, Section 309 http://www.gpo.gov/fdsys/pkg/BILLS-113hr4681enr/pdf/BILLS-113hr4681enr.pdf this is mitigated in part for such services where keys are not hosted by the service (e.g. w/ keybase you can refuse to have stuff hosted on keybase, and can (if you wish) do commands only from CLI after deciding to host keys on your own machine, but assuming you log in through web-app / website, then you end up subject to this third party stuff mentioned above) 2) If I understand this correctly with peerio (and I don't possibly, since I am unlikely to ever use it as it appears to be a centralized service), but: "Instead of dealing with key storage, Peerio generates a user’s private key from his passphrase every time he or she logs in." from: http://www.wired.com/2015/01/peerio-free-encryption-app/ That may or may not accurately describe the process, however. 3) Free, or not? Apparently there is a paid option, and a free option initially at launch, there is a open source repository on github. To the extent that the crypto is tied to a company (kind of assumed, if there is a paid option and there is an LLC or something like that), then the corporation is vulnerable to being shut down or at the very least "conditioned" ~ being told what to do when "crypto licenses" come into play, which already exist in Russia, for example, are anticipated in the UK (see also Belarus, where the Info Minister thinks that the Internet exists to "serve the Fatherland"), and in the US, where Obama is developing a really warm friendship with Cameron on the anti-crypto front. Frankly I am just going to stay far away as I can from anything that involves this kind of web-based model. There is too much compromise involved and too much insecurity. Cathal Garvey: >> So it would be prudent to use pseudonyms, and to access via some >> mix of VPN(s), JonDonym and Tor (according to ones need for >> anonymity vs speed). And using devices with removable local >> storage, there would be no traces to be inspected by >> adversaries. > > Well, I use my real name in most places and communicate a lot with > real-world friends and family by email, su using Peerio is > therefore a step up in security for me even if I continue to go by > my usual name and use my usual IPs. > > If you need hard anonymity, this is only a marginal gain over > regular email because metadata (when, who, how, where) is a > significant threat to anonymity. So yea, use a burner email when > setting up a peerio account (no longer required after setup, > probably a throwback to email-as-salt in miniLock plus contact > discovery by known email address), then use through Tor (do > research whether websockets are tor-safe?). > >> Cool. But still, how is peerio more secure spideroak, for >> example? > > Spideroak appears to be more about file storage and sync, whereas > Peerio seems to me to simply be a better approach to server:client > email. It's down to the bone: message-passing with attachments, and > a nice UI. > > As a crypto-app, it's targeted at the mainstream, and people who > interact with the mainstream. People on this list will have better, > more secure ways of communicating, but Nadim (to his credit) excels > at making crypto-apps that can appeal to normal users while adding > a significant privacy. It's an easier sell from "us" to "them". > > > On 14/01/15 21:52, Mirimir wrote: >> On 01/14/2015 01:01 PM, Cathal Garvey wrote: >>> Well, anyone with a brain knows they do, and that statements >>> from a US company are meaningless because nobody wants to go to >>> jail over an NSL. >> >> :) >> >>> What a top-level observer can see (AFAIK) is who's logged in, >>> probably what their username/keyID is, and how much they're >>> talking to the server. >>> >>> Because peerio uses miniLock formatted messages, the potential >>> exists for minimal-knowledge service, but from the github docs >>> it seems the server maintains an entry for which user is >>> allowed to access which encrypted files, and therefore reveals >>> to an observer who's the recipient. >>> >>> So, it's a metadata-rich service, little better in that regard >>> than email.. although the encryption is pretty well designed >>> and unless you set up a "PIN" there's no permanent storage of >>> private keys even on your computer, so it's also quite secure >>> when crossing borders. >> >> So it would be prudent to use pseudonyms, and to access via some >> mix of VPN(s), JonDonym and Tor (according to ones need for >> anonymity vs speed). And using devices with removable local >> storage, there would be no traces to be inspected by >> adversaries. >> >> Cool. But still, how is peerio more secure spideroak, for >> example? >> >>> Also, there is a feature that clearly relies on compliant >>> clients, where you can delete files from the server including >>> copies sent to clients. Obviously if the attached files are >>> downloaded from the system, this can't reach them, but it will >>> destroy any "authenticated" copies of the messages from the >>> server, if it works (you're trusting the server). OPSEC wise, >>> this is a nice feature because it means you can clean up after >>> yourself and keep the authenticated-data-at-rest on either end >>> of a conversation to a minimum. > - -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJUvf6+AAoJEGxwq/inSG8CZx4H/RWY/CBH40KPquXxAUmBL+1a oq2wHzOJ+hYqZAW2VpaBlZXKydk77WloKpgjQg3WzxFn6xiqbL00W0MacgX2fWCD TksPNJSYdE4ZGnzK5FR+0M1aini5+Fc+gI7tliAR0rEetgHStXTHS8a1NhMyRZ66 H+PzbyQg/jfzKym+2dDtexgoUU5Z0t8kfpxnEDV8FBM2DtMJKCuSVuMQv1ct3dxa IZyavMFBL/xUoqHyD/kswWM75+yypfXo1qJqOVDb5bCsxpIy/wp1XHeWa7z52ZIx HMeVDEbtF6jy2yReqrNHW7ODEG1IY0H4/LzHz9UcpknOrpV3JbTg6l+dYBEz6RI= =YqX1 -----END PGP SIGNATURE----- From odinn.cyberguerrilla at riseup.net Mon Jan 19 23:53:33 2015 From: odinn.cyberguerrilla at riseup.net (odinn) Date: Tue, 20 Jan 2015 07:53:33 +0000 Subject: Obama joins against crypto aka freedom In-Reply-To: References: <54BB0A01.2050809@riseup.net> <54BC8550.5080505@riseup.net> Message-ID: <54BE097D.9010708@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 grarpamp: > On Sun, Jan 18, 2015 at 11:17 PM, odinn > wrote: >> tl;dr ..... or not? > > No, this is historical possibility. Might as well throw in a copy > of Wikipedia too. Just like the seed and genome banks out there for > if/when we fuck it up. Even the cryopreservation wonks. The whole > of human knowledge and existance thing. Humanity goes in these long > cycles of destroy and rebuild, some more severe and complete than > others. And odds of higher completion increase with inventing more > non natural processes over short time like bioengineering and nukes > that have not yet reached long time evolutionary > integration/protection toward natural defence/backoff. Yeah. > >> And that is all, and the EFF can huff and puff but at the end of >> the day there will be no large scale uprising because the level >> of apathy > > It's not just the US. There are world protests, but lasting real > success anywhere in the world against the pro-surveillors and > anti-cryptos and nothing-to-hiders and thought-crimers, seems yet > to be determined. > >> People are kind of excited about CISPA fight (and maybe the >> mailing lists that are used to fight CISPA could also be used for >> fighting > > That's because they apparently love using the internet for piracy > so they can watch the fucking Simpsons and football and movies and > porn and Beyonce. Portray the issues last above into them not being > able to do that anymore and you might see some riseup activity > there. Probably more than you'd see if you told them their > corps/govts/friends were reading their sexy text messages because > they kindof already know that and don't give a fuck because it's > just being watched, not being *taken away from them*. You have to > take away the beer and candy and gasoline and water and vaporize > their cash flow to get a reaction. As stated in the github on ImmortalCode, I'm totally down for contributors, https://github.com/abisprotocol/ImmortalCode And, I haven't set up a mechanism to fund this, but I know from memory, an OpenROV to ensconce it in costs not much ~ though the polymerase chain reaction stuff, DNA work, crypto, seed and genome bank you want to pack in, would certainly cost more than jut the OpenROV machinery, but actually the overall project is low cost by the time you are done with the thing. Greater difficulty would be to determine how to ensure it would reproduce itself at depth, tougher than just producing a wandering rover sort of thing, for sure (partly due to that we don't know what happens in most parts of the deep), and also due to the complexity of merging Turritopsis dohrnii DNA with Open Worm DNA (in biological form, a Caenorhabditis Elegans, which has 302 neurons and 959 cells), as well as inserting a "human signal" in the form of a tiny segment of human DNA into the modified T. dohrnii as well before protecting the creature within a modified OpenROV to help protect it and ensure its safe return to land. A significant amount of initial design would be necessary to determine what equipment and sensors it would have so that it would run with in tandem with knowledge nodes that would enable it to share knowledge between species across vast areas of the ocean without human intervention. That's the general idea, anyway. I'm open to it. I'll set up a donation address soon and put it on the readme page. - -O > >> One of the things I suggest doing is just saying screw humanity >> for a while. Put some of our best, most hardcore code, like >> Gnupg (gpg) and ... (BTC) and BCN. And put all this stuff in as >> examples of like, an undersea Voyager 1. And then send it to the >> bottom of the ocean. And tell it to come back in like 10 years, >> or 50 years, but to, you know, check back from a distance first, >> to make sure that we are not dead first, to make sure we haven't >> killed ourselves off or that we haven't screwed up even more than >> we have already. ... >> https://twitter.com/AnonyOdinn/status/556952326347317248 >> https://github.com/abisprotocol/ImmortalCode The idea is there is >> code and DNA kind of mixed together in an Autonomous Knowledge >> Node, protected in a robotic hard shell as an OpenROV, sort of >> like a little submarine, but it can reproduce in certain >> conditions. And it can then communicate with other species. It >> will try to learn things to bring back from the depths to help >> us survive, assuming we are still alive when we return. (And of >> course it will bring back the crypto it carried along as well >> sort of like the Golden Platter of Voyager 1 or something) >> >> This is kind of along ramble, so I'll just be quiet now. > - -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJUvgl9AAoJEGxwq/inSG8Cpa8H/jmUwU2O8eIKEIAuMDOFDSwp NKivKDVm8QQDEVn5G3fz+AzvljWfgbhIW8WdbfJId7chpehI8wlKL801ZY6nFdmO 359FoPDCUIrDvZ6pEzBzaEj67neU/g+w+kEAQTYKwMkq1ckfoSdnIvpor2gI2WH1 yaTIIWdffdoid46Icdsmigb0mFOGV2qQ02iwaPPo6223039FyR/pxNrqvReSrvjM JxIbFS4IHmoLK/b2FAgGqOsJbJVFXFt2v8T4gtGEeXF0Dx2t9x96/q99dYGd/EIm Ya18e26pTCMPAz5pjw8+GY8LqIBCO+urKAuQs2vdgbO590rM+IawN/zq8R4qlp4= =G0dF -----END PGP SIGNATURE----- From rysiek at hackerspace.pl Mon Jan 19 23:30:40 2015 From: rysiek at hackerspace.pl (rysiek) Date: Tue, 20 Jan 2015 08:30:40 +0100 Subject: Obama joins against crypto aka freedom In-Reply-To: References: <54BC8550.5080505@riseup.net> Message-ID: <1511762.augpjxmlFI@lapuntu> Dnia poniedziałek, 19 stycznia 2015 18:46:24 grarpamp pisze: > > People are kind of excited about CISPA fight (and maybe the mailing > > lists that are used to fight CISPA could also be used for fighting > > That's because they apparently love using the internet for piracy You keep using that word: http://copyspeak.org/piracy Language is important. By using the language of the "other side" we partially agree to their terms and fight an uphill battle. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3401 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From cathalgarvey at cathalgarvey.me Tue Jan 20 00:39:50 2015 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Tue, 20 Jan 2015 08:39:50 +0000 Subject: peerio.com In-Reply-To: <54BDFEBE.2030408@riseup.net> References: <54B67B98.6050608@cathalgarvey.me> <54B6B639.4030001@riseup.net> <54B6C45D.1020103@cathalgarvey.me> <54B6C856.1040905@aestetix.com> <54B6CB0D.1050706@cathalgarvey.me> <54B6E500.30400@riseup.net> <54B6E908.9010509@cathalgarvey.me> <54BDFEBE.2030408@riseup.net> Message-ID: <54BE1456.8050207@cathalgarvey.me> > 1) third party broad spectrum surveillance from cromnibus. Metadata wise this is a real problem with the system as currently envisaged, but would frankly apply to any hosted-ciphertext platform. > "Instead of dealing with key storage, Peerio generates a user’s > private key from his passphrase every time he or she logs in." > from: > http://www.wired.com/2015/01/peerio-free-encryption-app/ > That may or may not accurately describe the process, however. This is correct; Peerio uses MiniLock under the hood for crypto, and private keys for minilock are generated deterministically; when you "log out" the key is not stored permanently (although JS can't wipe RAM so a closer-to-metal client would be nice). > 3) Free, or not? > Apparently there is a paid option, and a free option initially at > launch, there is a open source repository on github. To the extent > that the crypto is tied to a company (kind of assumed, if there is a > paid option and there is an LLC or something like that), then the > corporation is vulnerable to being shut down or at the very least > "conditioned" ~ being told what to do when "crypto licenses" come They're in free beta, my understanding is they'll charge for storage. There's not much that can be done to wind back the crypto as it's all client-side, and if their server were shut down, as I've mentioned before, the server behaviour is all documented on Github. One useful way to look at this: GPG is what most recommend for crypto, but it's metadata rich and requires usually closed platforms to distribute ciphertexts (you may not use Yahooglesoft but your recipients will usually). In recent discussions on this list, the use of a centralised key distribution *company*, keybase, has also been accepted to some extent (though I'm not too happy..). miniLock is designed as a spiritual descendent of PGP with many use-case improvements and a much simpler threat model. You can use miniLock instead of GPG across email, and it will leak less metadata than GPG by virtue of using ephemeral keys that don't directly link a message to its sender or recipients. Peerio is like Gmail plus Keybase for miniLock; it serves exactly those purposes. We would all (me emphatically included) rather if it ran on a store/forward PGP mixnet, provided it retained good UX to appeal to the masses, but right now, it's a centralised service that hides the content and format of communications while unavoidably having total access to the metadata of from who, to whom, and when. So yea, centralised and closed ain't good. They are the warts I'd like to see fixed with a federated and/or mixed backend. But the frontend is just as open as GPG is, and we already generally endorse the use of open front-ends to work around closed back-ends. I may be motivated soon to re-implement miniLock in Go as a learning excercise (still a Golang noob here), in which case it could be a short hop from there to a server/client implementation for Peerio, too. But, I'm not committed to that yet and have written not an `iota` of code yet, so by all means beat me to it. On 20/01/15 07:07, odinn wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > no, peerio, problematic due to, in part, > > 1) third party broad spectrum surveillance from cromnibus. > (kind of a serious problem for anything that involves initial setup or > later login through website actually) > See Title III, Subtitle A, Section 309 > http://www.gpo.gov/fdsys/pkg/BILLS-113hr4681enr/pdf/BILLS-113hr4681enr.pdf > > this is mitigated in part for such services where keys are not hosted > by the service (e.g. w/ keybase you can refuse to have stuff hosted on > keybase, and can (if you wish) do commands only from CLI after > deciding to host keys on your own machine, but assuming you log in > through web-app / website, then you end up subject to this third party > stuff mentioned above) > > 2) If I understand this correctly with peerio (and I don't possibly, > since I am unlikely to ever use it as it appears to be a centralized > service), but: > "Instead of dealing with key storage, Peerio generates a user’s > private key from his passphrase every time he or she logs in." > from: > http://www.wired.com/2015/01/peerio-free-encryption-app/ > That may or may not accurately describe the process, however. > > 3) Free, or not? > Apparently there is a paid option, and a free option initially at > launch, there is a open source repository on github. To the extent > that the crypto is tied to a company (kind of assumed, if there is a > paid option and there is an LLC or something like that), then the > corporation is vulnerable to being shut down or at the very least > "conditioned" ~ being told what to do when "crypto licenses" come into > play, which already exist in Russia, for example, are anticipated in > the UK (see also Belarus, where the Info Minister thinks that the > Internet exists to "serve the Fatherland"), and in the US, where Obama > is developing a really warm friendship with Cameron on the anti-crypto > front. > > Frankly I am just going to stay far away as I can from anything that > involves this kind of web-based model. There is too much compromise > involved and too much insecurity. > > Cathal Garvey: >>> So it would be prudent to use pseudonyms, and to access via some >>> mix of VPN(s), JonDonym and Tor (according to ones need for >>> anonymity vs speed). And using devices with removable local >>> storage, there would be no traces to be inspected by >>> adversaries. >> >> Well, I use my real name in most places and communicate a lot with >> real-world friends and family by email, su using Peerio is >> therefore a step up in security for me even if I continue to go by >> my usual name and use my usual IPs. >> >> If you need hard anonymity, this is only a marginal gain over >> regular email because metadata (when, who, how, where) is a >> significant threat to anonymity. So yea, use a burner email when >> setting up a peerio account (no longer required after setup, >> probably a throwback to email-as-salt in miniLock plus contact >> discovery by known email address), then use through Tor (do >> research whether websockets are tor-safe?). >> >>> Cool. But still, how is peerio more secure spideroak, for >>> example? >> >> Spideroak appears to be more about file storage and sync, whereas >> Peerio seems to me to simply be a better approach to server:client >> email. It's down to the bone: message-passing with attachments, and >> a nice UI. >> >> As a crypto-app, it's targeted at the mainstream, and people who >> interact with the mainstream. People on this list will have better, >> more secure ways of communicating, but Nadim (to his credit) excels >> at making crypto-apps that can appeal to normal users while adding >> a significant privacy. It's an easier sell from "us" to "them". >> >> >> On 14/01/15 21:52, Mirimir wrote: >>> On 01/14/2015 01:01 PM, Cathal Garvey wrote: >>>> Well, anyone with a brain knows they do, and that statements >>>> from a US company are meaningless because nobody wants to go to >>>> jail over an NSL. >>> >>> :) >>> >>>> What a top-level observer can see (AFAIK) is who's logged in, >>>> probably what their username/keyID is, and how much they're >>>> talking to the server. >>>> >>>> Because peerio uses miniLock formatted messages, the potential >>>> exists for minimal-knowledge service, but from the github docs >>>> it seems the server maintains an entry for which user is >>>> allowed to access which encrypted files, and therefore reveals >>>> to an observer who's the recipient. >>>> >>>> So, it's a metadata-rich service, little better in that regard >>>> than email.. although the encryption is pretty well designed >>>> and unless you set up a "PIN" there's no permanent storage of >>>> private keys even on your computer, so it's also quite secure >>>> when crossing borders. >>> >>> So it would be prudent to use pseudonyms, and to access via some >>> mix of VPN(s), JonDonym and Tor (according to ones need for >>> anonymity vs speed). And using devices with removable local >>> storage, there would be no traces to be inspected by >>> adversaries. >>> >>> Cool. But still, how is peerio more secure spideroak, for >>> example? >>> >>>> Also, there is a feature that clearly relies on compliant >>>> clients, where you can delete files from the server including >>>> copies sent to clients. Obviously if the attached files are >>>> downloaded from the system, this can't reach them, but it will >>>> destroy any "authenticated" copies of the messages from the >>>> server, if it works (you're trusting the server). OPSEC wise, >>>> this is a nice feature because it means you can clean up after >>>> yourself and keep the authenticated-data-at-rest on either end >>>> of a conversation to a minimum. >> > > - -- > http://abis.io ~ > "a protocol concept to enable decentralization > and expansion of a giving economy, and a new social good" > https://keybase.io/odinn > -----BEGIN PGP SIGNATURE----- > > iQEcBAEBCgAGBQJUvf6+AAoJEGxwq/inSG8CZx4H/RWY/CBH40KPquXxAUmBL+1a > oq2wHzOJ+hYqZAW2VpaBlZXKydk77WloKpgjQg3WzxFn6xiqbL00W0MacgX2fWCD > TksPNJSYdE4ZGnzK5FR+0M1aini5+Fc+gI7tliAR0rEetgHStXTHS8a1NhMyRZ66 > H+PzbyQg/jfzKym+2dDtexgoUU5Z0t8kfpxnEDV8FBM2DtMJKCuSVuMQv1ct3dxa > IZyavMFBL/xUoqHyD/kswWM75+yypfXo1qJqOVDb5bCsxpIy/wp1XHeWa7z52ZIx > HMeVDEbtF6jy2yReqrNHW7ODEG1IY0H4/LzHz9UcpknOrpV3JbTg6l+dYBEz6RI= > =YqX1 > -----END PGP SIGNATURE----- > -- Twitter: @onetruecathal Phone: +353876363185 miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM peerio.com: Use email or phone. Uses above miniLock key. From grarpamp at gmail.com Tue Jan 20 11:49:06 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 20 Jan 2015 14:49:06 -0500 Subject: Cypherpunk Politics In-Reply-To: <2014307.nsHC9fJGMD@lapuntu> References: <2861460.HQp4W9DS8A@lapuntu> <2014307.nsHC9fJGMD@lapuntu> Message-ID: On Tue, Jan 20, 2015 at 11:33 AM, rysiek wrote: > have a look at Julia Reda in the European Parliament; Pirate Party (not a huge > fan of the Pirates, but still, closest to Cypherpunks as you can get right > now). Before there was Amelia Andersdotter. > Sometimes all you need is to look around a bit. Yes and I did say effectively as in a couple MPs may be of muted influence... if you put 2 pro voices, 8 moderate voices and 90 antis in a room (or any other best conceivable odds at internal psyche on fringe issues like crypto rights) you're unlikely to get much done other than arduously slow education. On the other hand if getting on the ballot with a new platform is relatively easy you can flood that with candidates and see what happens. Either way, good thing is that we actually are now nearing a point where odds of an elected having been exposed to computers as an innate user and even some of these issues[1] their whole life are getting better. Due to this maybe in another 10 years there will be an inflection and it'll just happen. Till then we need more people strategically moving in, ie... https://freestateproject.org/ Just know that the other side is moving theirs in too so you have to beat the race. Right now is a good time to do it because the only ones really steeped in these issues are the original internet users (or the young github/twitter activist generation), you wait and will get washed out by the general masses coming online behind you as future candidates, then your trusted voice "hey this MP knows CPU's, lets ask her" is dimished before you can steer any 10/20/50 year guidance into things. [1] Like having personally used bittorrent, stumbled across github, maybe followed a link to the EFF, etc... actual knowledge beyond consumer use of internet. From rysiek at hackerspace.pl Tue Jan 20 08:33:18 2015 From: rysiek at hackerspace.pl (rysiek) Date: Tue, 20 Jan 2015 17:33:18 +0100 Subject: Cypherpunk Politics In-Reply-To: References: <2861460.HQp4W9DS8A@lapuntu> Message-ID: <2014307.nsHC9fJGMD@lapuntu> Dnia wtorek, 20 stycznia 2015 03:56:02 grarpamp pisze: > On Sun, Jan 18, 2015 at 3:33 PM, rysiek wrote: > > Dnia niedziela, 18 stycznia 2015 02:36:09 grarpamp pisze: > >> What of political license / subscription to theory, and actual > >> politiking like Pirate Party? > > > > Politics breeds compromise, usually. THat's the problem. there are very > > few > > people that are able to stay in politics yet not compromise and keep their > > integrity. > > Yes. However it would at the same time be effectively true to say > that there are no electeds anywhere holding some cypherpunk knowledge > and politik as part of their internal thought base, therefore no chance > to espouse and inject that even if under compromise. > ie: look how many elected truly 'get' computers or the internet. > Or court in DPR case that has to struggle with basic stuff. have a look at Julia Reda in the European Parliament; Pirate Party (not a huge fan of the Pirates, but still, closest to Cypherpunks as you can get right now). Before there was Amelia Andersdotter. Sometimes all you need is to look around a bit. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From grarpamp at gmail.com Tue Jan 20 15:42:55 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 20 Jan 2015 18:42:55 -0500 Subject: FBI To Hack (and Radar Raid) You If Connected To TOR Or a VPN Message-ID: http://yro.slashdot.org/story/15/01/20/1540241/fbi-seeks-to-legally-hack-you-if-youre-connected-to-tor-or-a-vpn http://hardware.slashdot.org/story/15/01/20/1746241/police-nation-wide-use-wall-penetrating-radars-to-peer-into-homes From rysiek at hackerspace.pl Tue Jan 20 12:36:50 2015 From: rysiek at hackerspace.pl (rysiek) Date: Tue, 20 Jan 2015 21:36:50 +0100 Subject: Cypherpunk Politics In-Reply-To: References: <2014307.nsHC9fJGMD@lapuntu> Message-ID: <1507150.8oNsLH3MgL@lapuntu> Dnia wtorek, 20 stycznia 2015 14:49:06 grarpamp pisze: > On Tue, Jan 20, 2015 at 11:33 AM, rysiek wrote: > > have a look at Julia Reda in the European Parliament; Pirate Party (not a > > huge fan of the Pirates, but still, closest to Cypherpunks as you can get > > right now). Before there was Amelia Andersdotter. > > Sometimes all you need is to look around a bit. > > Yes and I did say effectively as in a couple MPs may be > of muted influence... if you put 2 pro voices, 8 moderate voices > and 90 antis in a room (or any other best conceivable odds > at internal psyche on fringe issues like crypto rights) you're > unlikely to get much done other than arduously slow education. That's one of the reasons ACTA got killed in the EU. Amelia Andersdotter, among a few others, was doing an amazing job in the EuroParliament around this topic. Do not underestimate the power of a few well-motivated free radicals. > On the other hand if getting on the ballot with a new platform is > relatively easy you can flood that with candidates and see what > happens. Go for it. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From cathalgarvey at cathalgarvey.me Wed Jan 21 03:16:03 2015 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Wed, 21 Jan 2015 11:16:03 +0000 Subject: Cypherpunk Politics In-Reply-To: <1507150.8oNsLH3MgL@lapuntu> References: <2014307.nsHC9fJGMD@lapuntu> <1507150.8oNsLH3MgL@lapuntu> Message-ID: <54BF8A73.9090807@cathalgarvey.me> > That's one of the reasons ACTA got killed in the EU. Amelia > Andersdotter, among a few others, was doing an amazing job in > the EuroParliament around this topic. Indeed, the Pirates are seriously punching above their weight in terms of influence in EU. So much so that the other "mainstream" parties have started adopting pirate policies to greater/lesser extents; this actually lead to a drop in pirate votes, but on balance it's a good sign. Now, Julia Reda is in charge of the draft proposals for copyright reform in the EU. They put a pirate in charge of that. And, she's done broad consultations through net and otherwise, she's publicised every visit from lobbyists, and she's released an evidence-heavy report with recommendations for serious reform; not the hardcore pirate outcome, but something no other kind of EU politician would have come out with. Amelia and Julia are rockstars. I've been waiting and poking for a Pirate Party in Ireland to form so I can try and send more quality MEPs over to Brussels but we always lag behind on my island. :) On 20/01/15 20:36, rysiek wrote: > Dnia wtorek, 20 stycznia 2015 14:49:06 grarpamp pisze: >> On Tue, Jan 20, 2015 at 11:33 AM, rysiek wrote: >>> have a look at Julia Reda in the European Parliament; Pirate Party (not a >>> huge fan of the Pirates, but still, closest to Cypherpunks as you can get >>> right now). Before there was Amelia Andersdotter. >>> Sometimes all you need is to look around a bit. >> >> Yes and I did say effectively as in a couple MPs may be >> of muted influence... if you put 2 pro voices, 8 moderate voices >> and 90 antis in a room (or any other best conceivable odds >> at internal psyche on fringe issues like crypto rights) you're >> unlikely to get much done other than arduously slow education. > > That's one of the reasons ACTA got killed in the EU. Amelia Andersdotter, > among a few others, was doing an amazing job in the EuroParliament around this > topic. > > Do not underestimate the power of a few well-motivated free radicals. > >> On the other hand if getting on the ballot with a new platform is >> relatively easy you can flood that with candidates and see what >> happens. > > Go for it. > -- Twitter: @onetruecathal Phone: +353876363185 miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM peerio.com: Use email or phone. Uses above miniLock key. From juan.g71 at gmail.com Wed Jan 21 11:38:51 2015 From: juan.g71 at gmail.com (Juan) Date: Wed, 21 Jan 2015 16:38:51 -0300 Subject: Cypherpunk Politics In-Reply-To: <56882091.3orcsWcKjX@lapuntu> References: <1507150.8oNsLH3MgL@lapuntu> <54BF8A73.9090807@cathalgarvey.me> <56882091.3orcsWcKjX@lapuntu> Message-ID: <54bfffb2.0170e00a.46cf.ffffa8a2@mx.google.com> On Wed, 21 Jan 2015 20:09:46 +0100 rysiek wrote: > but I think that even a small positive change in the > copyright regime in the EU would be a huge step forward. But it isn't. Small 'reforms' are one of the fundamental pilars of conservatism. You are playing into their hands. > And there is > no way we're going to make any large changes, not with IFPI, ZAiKS > and other "MAFIAA"'s of the EU. > > > Amelia and Julia are rockstars. I've been waiting and poking for a > > Pirate Party in Ireland to form so I can try and send more quality > > MEPs over to Brussels but we always lag behind on my island. :) > > Sadly, the Polish Pirate Party is a joke: > http://rys.io/en/119 > > So be careful what you wish for. > From guninski at guninski.com Wed Jan 21 08:25:47 2015 From: guninski at guninski.com (Georgi Guninski) Date: Wed, 21 Jan 2015 18:25:47 +0200 Subject: NSA: We're in YOUR BOTNET (Snowden) Message-ID: <20150121162547.GA2525@sivokote.iziade.m$> journos: NSA: We're in YOUR BOTNET http://www.theregister.co.uk/2015/01/19/nsa_steals_malware/ > The NSA quietly commandeered a botnet targeting US Defence agencies to > attack other victims including Chinese and Vietnamese dissidents, > Snowden documents reveal. Allegedly snowden doc from TFA: http://www.spiegel.de/media/media-35689.pdf --- Questions: I read some botnets use crypto to CC. > 1. How the NSA broke the crypto? > 2. Which browser the dear NSA used used > in the alleged Snowden screenshots? (maybe firefux) From jya at pipeline.com Wed Jan 21 15:39:03 2015 From: jya at pipeline.com (John Young) Date: Wed, 21 Jan 2015 18:39:03 -0500 Subject: Press release: Barrett Brown will finally be sentenced tomorrow Message-ID: http://tumblr.freebarrettbrown.org/post/108769779474/press-release-barrett-brown-will-finally-be From rysiek at hackerspace.pl Wed Jan 21 11:09:46 2015 From: rysiek at hackerspace.pl (rysiek) Date: Wed, 21 Jan 2015 20:09:46 +0100 Subject: Cypherpunk Politics In-Reply-To: <54BF8A73.9090807@cathalgarvey.me> References: <1507150.8oNsLH3MgL@lapuntu> <54BF8A73.9090807@cathalgarvey.me> Message-ID: <56882091.3orcsWcKjX@lapuntu> Dnia środa, 21 stycznia 2015 11:16:03 Cathal Garvey pisze: > > That's one of the reasons ACTA got killed in the EU. Amelia > > Andersdotter, among a few others, was doing an amazing job in > > the EuroParliament around this topic. > > Indeed, the Pirates are seriously punching above their weight in terms > of influence in EU. So much so that the other "mainstream" parties have > started adopting pirate policies to greater/lesser extents; this > actually lead to a drop in pirate votes, but on balance it's a good sign. Yup. Admittedly a bit naïvely, but here's something I wrote some time ago: http://rys.io/en/78 http://rys.io/en/80 > Now, Julia Reda is in charge of the draft proposals for copyright reform > in the EU. They put a pirate in charge of that. And, she's done broad > consultations through net and otherwise, she's publicised every visit > from lobbyists, and she's released an evidence-heavy report with > recommendations for serious reform; not the hardcore pirate outcome, but > something no other kind of EU politician would have come out with. Absolutely. She's already getting some flak from the copyright reform maximalists, but I think that even a small positive change in the copyright regime in the EU would be a huge step forward. And there is no way we're going to make any large changes, not with IFPI, ZAiKS and other "MAFIAA"'s of the EU. > Amelia and Julia are rockstars. I've been waiting and poking for a > Pirate Party in Ireland to form so I can try and send more quality MEPs > over to Brussels but we always lag behind on my island. :) Sadly, the Polish Pirate Party is a joke: http://rys.io/en/119 So be careful what you wish for. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Wed Jan 21 12:08:47 2015 From: rysiek at hackerspace.pl (rysiek) Date: Wed, 21 Jan 2015 21:08:47 +0100 Subject: Cypherpunk Politics In-Reply-To: <54bfffb2.0170e00a.46cf.ffffa8a2@mx.google.com> References: <56882091.3orcsWcKjX@lapuntu> <54bfffb2.0170e00a.46cf.ffffa8a2@mx.google.com> Message-ID: <1479312.IPYV2b01VZ@lapuntu> Dnia środa, 21 stycznia 2015 16:38:51 Juan pisze: > On Wed, 21 Jan 2015 20:09:46 +0100 > > rysiek wrote: > > but I think that even a small positive change in the > > copyright regime in the EU would be a huge step forward. > > But it isn't. Small 'reforms' are one of the fundamental pilars > of conservatism. You are playing into their hands. You do it your way, I'll do it my way, we'll see what each of us gets through. I'd love a huge, sweeping copyright reform, so if you win, we both win. I am perfectly fine with such an arrangement. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From badbiosvictim at ruggedinbox.com Wed Jan 21 19:04:07 2015 From: badbiosvictim at ruggedinbox.com (Badbiosvictim) Date: Wed, 21 Jan 2015 22:04:07 -0500 Subject: RedPhone Removed from Google Play Store In-Reply-To: <20150120052737.2FFA1C0001B@frontend1.nyi.internal> References: <54649217.4010106@cathalgarvey.me> <93178493-002f-4f61-b120-6c6e557fc9ef@email.android.com> <45fc1d99-a0f1-4598-8f26-cb55ac9da478@email.android.com> <108f4d63ee0193fa5c0583030bd93dc9.squirrel@ruggedinbox.com> <20150120052737.2FFA1C0001B@frontend1.nyi.internal> Message-ID: <10a6bced-6f35-47c9-a2b4-873b8a145579@email.android.com> I appreciate your suggestion. My Motorola Droid has android 4.1. Thanks. On January 20, 2015 12:27:51 AM EST, shelley at misanthropia.org wrote: >On January 19, 2015 6:45:46 PM badbiosvictim at ruggedinbox.com wrote: > >>> If someone knows of a way to install a current version of the Google >> > Service Framework, without using the Google Play app, I'd be >interested >> to know. > >I don't use google-anything on my android phone; I use F-Droid and >side-load everything else. I'm sorry if I've missed it, but which >version >of android OS are you running? Surely one of us can upload the >corresponding GSF .apk for you? > > >> > >> > Otherwise you're stuck using older versions of Textsecure that >support >> > SMS, but again I'm pretty sure that requires an active cellular >plan with >> > SMS capable telephone number. >> >> You are correct. I will use older TextSecure on my activated phone. >Works >> perfectly. >> >> On my unactivated "PDA,"I will continue to email my contacts >> cellular text address unless I convince my contacts to use peerio or >> chatsecure or subrosa. >> >> From jya at pipeline.com Thu Jan 22 07:16:19 2015 From: jya at pipeline.com (John Young) Date: Thu, 22 Jan 2015 10:16:19 -0500 Subject: Barrett Brown allocution statement in court today Message-ID: Barrett Brown allocution statement in court today just released http://cryptome.org/2015/01/BB_allocution.pdf http://cryptome.org/2015/01/BB_allocution.doc From grarpamp at gmail.com Thu Jan 22 13:01:20 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 22 Jan 2015 16:01:20 -0500 Subject: Does Cypherpunk need a Church? In-Reply-To: <6652047.gukU60lQCF@lapuntu> References: <4971932.UYAX8xIp6F@lapuntu> <20150122190016.GA9696@tau1.ceti.pl> <6652047.gukU60lQCF@lapuntu> Message-ID: I think this thread was meant to be relatively serious should anyone have received revelation or feel divinely inspired to take it up. ie: If there are people or higher powers creating churches, truly believing and deriving something from attending, marrying, preaching, needing, worshiping kopimi, aliens, god[s], or whatever... what theological, moral, philosophical, social, even political and other areas would the church of cypherpunk/crypto/code comparatively reflect/inspire/direct. Great... God of Entropy, full stop, but that makes for a pretty thin religion, at least as typical world religions go. But sure, if you get it right you could hold the codex in hand, set your cart upon encoder wheels, cultivate followers, go crusading and take over the world ;-) From shelley at misanthropia.org Thu Jan 22 16:17:52 2015 From: shelley at misanthropia.org (shelley at misanthropia.org) Date: Thu, 22 Jan 2015 16:17:52 -0800 Subject: Does Cypherpunk need a Church? In-Reply-To: <1502628.ObpxR6BFZQ@lapuntu> References: <129276743.uc1ZHKSjte@lapuntu> <20150122215534.GB7520@ctrlc.hu> <1502628.ObpxR6BFZQ@lapuntu> Message-ID: <20150123001737.191CBC00015@frontend1.nyi.internal> On January 22, 2015 3:21:38 PM rysiek wrote: > Dnia czwartek, 22 stycznia 2015 22:55:34 stef pisze: > > On Thu, Jan 22, 2015 at 10:40:23PM +0100, rysiek wrote: > > > Cypherpunks, as far as I can tell, at least try not to rely on dogmas. > > > > are you drunk? > > Aw come on, I hoped for the ruse to last at least a *bit* longer. Had to spoil > it instantly like this? Not cool, man. > This is funny and all, but you are fortunate that the FSM (Sauce be upon Him) is a benevolent deity. May his Noodly Appendages touch you all (but not in the swimsuit area), rAmen! From rtomek at ceti.pl Thu Jan 22 11:00:16 2015 From: rtomek at ceti.pl (Tomasz Rola) Date: Thu, 22 Jan 2015 20:00:16 +0100 Subject: Does Cypherpunk need a Church? In-Reply-To: <4971932.UYAX8xIp6F@lapuntu> References: <20150114124155.GA18002@sivokote.iziade.m$> <4971932.UYAX8xIp6F@lapuntu> Message-ID: <20150122190016.GA9696@tau1.ceti.pl> On Wed, Jan 14, 2015 at 03:08:32PM +0100, rysiek wrote: > > I can see that. Come Monday morning, an admin comes to his > workplace, notices there's, say, some random leakage of water from a > pipe above the server room and goes: "oh god, the servers!" There is untold battle between God of Sewer, a companion of Entropy, and God of Server. Always going on. Tssssh. Do not write about it on the net. -- Regards, Tomasz Rola -- ** A C programmer asked whether computer had Buddha's nature. ** ** As the answer, master did "rm -rif" on the programmer's home ** ** directory. And then the C programmer became enlightened... ** ** ** ** Tomasz Rola mailto:tomasz_rola at bigfoot.com ** From rysiek at hackerspace.pl Thu Jan 22 11:38:18 2015 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 22 Jan 2015 20:38:18 +0100 Subject: Does Cypherpunk need a Church? In-Reply-To: <20150122190016.GA9696@tau1.ceti.pl> References: <4971932.UYAX8xIp6F@lapuntu> <20150122190016.GA9696@tau1.ceti.pl> Message-ID: <6652047.gukU60lQCF@lapuntu> Dnia czwartek, 22 stycznia 2015 20:00:16 Tomasz Rola pisze: > On Wed, Jan 14, 2015 at 03:08:32PM +0100, rysiek wrote: > > I can see that. Come Monday morning, an admin comes to his > > workplace, notices there's, say, some random leakage of water from a > > pipe above the server room and goes: "oh god, the servers!" > > There is untold battle between God of Sewer, a companion of Entropy, > and God of Server. Always going on. Tssssh. Do not write about it on > the net. And from this dialectic tension between the God of Sewer and the God of Server emerges a new Deity: the God of Serwer. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Thu Jan 22 13:40:23 2015 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 22 Jan 2015 22:40:23 +0100 Subject: Does Cypherpunk need a Church? In-Reply-To: References: <6652047.gukU60lQCF@lapuntu> Message-ID: <129276743.uc1ZHKSjte@lapuntu> Dnia czwartek, 22 stycznia 2015 16:01:20 grarpamp pisze: > I think this thread was meant to be relatively serious should > anyone have received revelation or feel divinely inspired to take > it up. ie: If there are people or higher powers creating churches, > truly believing and deriving something from attending, marrying, > preaching, needing, worshiping kopimi, aliens, god[s], or whatever... > what theological, moral, philosophical, social, even political and other > areas would the church of cypherpunk/crypto/code comparatively > reflect/inspire/direct. Great... God of Entropy, full stop, but that makes > for a pretty thin religion, at least as typical world religions go. > But sure, if you get it right you could hold the codex in hand, set your > cart upon encoder wheels, cultivate followers, go crusading and take > over the world ;-) And then fuck it all up royally, because religions are based on dogmas and dogmas tend to create all sorts of problematic shit as time goes by. Cypherpunks, as far as I can tell, at least try not to rely on dogmas. So, "Cypherpunk Church", to me at least, sounds like an oxymoron. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From s at ctrlc.hu Thu Jan 22 13:55:34 2015 From: s at ctrlc.hu (stef) Date: Thu, 22 Jan 2015 22:55:34 +0100 Subject: Does Cypherpunk need a Church? In-Reply-To: <129276743.uc1ZHKSjte@lapuntu> References: <6652047.gukU60lQCF@lapuntu> <129276743.uc1ZHKSjte@lapuntu> Message-ID: <20150122215534.GB7520@ctrlc.hu> On Thu, Jan 22, 2015 at 10:40:23PM +0100, rysiek wrote: > Cypherpunks, as far as I can tell, at least try not to rely on dogmas. are you drunk? -- otr fp: https://www.ctrlc.hu/~stef/otr.txt From rysiek at hackerspace.pl Thu Jan 22 14:30:30 2015 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 22 Jan 2015 23:30:30 +0100 Subject: Does Cypherpunk need a Church? In-Reply-To: <20150122215534.GB7520@ctrlc.hu> References: <129276743.uc1ZHKSjte@lapuntu> <20150122215534.GB7520@ctrlc.hu> Message-ID: <1502628.ObpxR6BFZQ@lapuntu> Dnia czwartek, 22 stycznia 2015 22:55:34 stef pisze: > On Thu, Jan 22, 2015 at 10:40:23PM +0100, rysiek wrote: > > Cypherpunks, as far as I can tell, at least try not to rely on dogmas. > > are you drunk? Aw come on, I hoped for the ruse to last at least a *bit* longer. Had to spoil it instantly like this? Not cool, man. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From politynews at gmx.com Sat Jan 24 10:29:19 2015 From: politynews at gmx.com (Polity News) Date: Sat, 24 Jan 2015 13:29:19 -0500 Subject: Illinois School Password Controversy, What the Mainstream News Is Getting Wrong Message-ID: <54C3E47F.6080403@gmx.com> There are a lot of news stories about the law which allows Illinois schools to demand students' passwords. Many of the stories incorrectly implicate a new anti-cyberbullying law. The law which allows schools to demand student passwords is a different law that was passed in 2013. http://piratetimes.net/exclusive-illinois-law-allows-schools-to-spy-on-students-what-fox-news-got-wrong/ From jya at pipeline.com Sun Jan 25 08:04:31 2015 From: jya at pipeline.com (John Young) Date: Sun, 25 Jan 2015 11:04:31 -0500 Subject: [Cryptography] Barrett Brown allocution statement in court today In-Reply-To: <7D5382FD-C858-4240-9489-9F04F87D2084@icloud.com> References: <7D5382FD-C858-4240-9489-9F04F87D2084@icloud.com> Message-ID: At 10:25 PM 1/24/2015, Mahlon Theobald wrote: >Well what happened? 5 years 3 months sentence. Time served of 2.5 years to be credited. Possible parole in 1 year. http://cryptome.org/2015/01/brown-145-104.pdf Defiant statement after sentencing: "Mission now to report on FU prison system after reporting on FU cyber system." From jya at pipeline.com Sun Jan 25 10:54:19 2015 From: jya at pipeline.com (John Young) Date: Sun, 25 Jan 2015 13:54:19 -0500 Subject: Citizenfour Snowden Documentary In-Reply-To: References: <7D5382FD-C858-4240-9489-9F04F87D2084@icloud.com> Message-ID: Citizenfour Snowden Documentary (7-Zipped MP4, 1.2GB) http://cryptome.org/Citizenfour.7z http://cryptome.org/2015/01/Citizenfour-Screengrabs-pdfs.7z Snowden releases tally: http://cryptome.org/2013/11/snowden-tally.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 452 bytes Desc: not available URL: From coderman at gmail.com Tue Jan 27 12:53:50 2015 From: coderman at gmail.com (coderman) Date: Tue, 27 Jan 2015 12:53:50 -0800 Subject: Cryptome banned from DocumentCloud.org and Amazon.com Message-ID: """ Bans of Cryptome by DocumentCloud.org and Amazon.com while both publish Snowden's documents reveals corruption of profitable and NGO media. Amazon says it canceled offering of Cryptome Archive due to ban on publishing government documents. Prohibited: https://sellercentral.amazon.com/gp/help/200685320 """ banned library? banned librarian? From cryptomars at cryptoparty.fr Tue Jan 27 06:31:11 2015 From: cryptomars at cryptoparty.fr (Cryptoparty Marseille) Date: Tue, 27 Jan 2015 15:31:11 +0100 Subject: Citizenfour Snowden Documentary In-Reply-To: References: <7D5382FD-C858-4240-9489-9F04F87D2084@icloud.com> Message-ID: <54C7A12F.7090104@cryptoparty.fr> On 25/01/2015 19:54, John Young wrote: > Citizenfour Snowden Documentary (7-Zipped MP4, 1.2GB) > > http://cryptome.org/Citizenfour.7z > > http://cryptome.org/2015/01/Citizenfour-Screengrabs-pdfs.7z > > > Snowden releases tally: http://cryptome.org/2013/11/snowden-tally.htm > … > It's also available as a torrent, at a higher resolution. Torrent file: https://paf.lu/citizenfour Size of mp4 file: 3.64 GB Technical: Video H.264 1280x720 HD, Main profile, 4Mbps Audio English AAC 300Kbps Not a screener Some "for your consideration" writing a few times in the movie. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1423 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: From mirimir at riseup.net Tue Jan 27 16:10:41 2015 From: mirimir at riseup.net (Mirimir) Date: Tue, 27 Jan 2015 17:10:41 -0700 Subject: Cryptome banned from DocumentCloud.org and Amazon.com In-Reply-To: References: Message-ID: <54C82901.4090300@riseup.net> On 01/27/2015 01:53 PM, coderman wrote: > """ > Bans of Cryptome by DocumentCloud.org and Amazon.com while both > publish Snowden's documents reveals corruption of profitable and NGO > media. > > Amazon says it canceled offering of Cryptome Archive due to ban on > publishing government documents. Prohibited: > https://sellercentral.amazon.com/gp/help/200685320 > """ > > > banned library? banned librarian? This is indeed puzzling. I see this text on a 2015-01-24 version of the page,[0] but it's gone now. And the link is just a seller login page. But hey, I've discovered :) [0] http://63.249.66.211/comparecache.html From grarpamp at gmail.com Tue Jan 27 15:45:55 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 27 Jan 2015 18:45:55 -0500 Subject: [Cryptography] traffic analysis In-Reply-To: References: <20150124224855.BD6D5EA9FD@snorky.mixmin.net> <19D7B5ED-1C5E-4E31-B746-F8721E628BAD@vpnc.org> <20150126131726.82505EAA8C@snorky.mixmin.net> <54C6B4FA.6070108@av8n.com> <3731C61B-D8BB-49F2-9F92-4E5B845116CB@lrw.com> Message-ID: On Tue, Jan 27, 2015 at 3:23 PM, Ben Laurie wrote: > Yeah, but ... who can realistically afford that bandwidth? One can afford what they wish to give to and thus expect to get from the network in return, no more, no less, as always. (Be it literally from the physical NIC network, or the logical networks created by their applications riding over and within the physical.) > To every possible recipient? Clearly you have to make a tradeoff. Full meshing of chaff addressed to all participants seems unnecessary. > grarpamp wrote: > Is there so much (possibly far less than correct) thought out there > that fill bandwidth is evil, untolerable, unmanageable, and blocking > of usability such that these networks are moot to even try coding > for general deployment? On Tue, Jan 27, 2015 at 1:35 PM, Jerry Leichter wrote: > Google Fiber offers 1Gb/second - but how many customers running all > out will overload any possible backbone behind the single link from the > house to the concentrator? > > If everyone starts sending constant cover traffic, links will be quickly > overloaded all over the place. At which point the providers will start > charging [...] nobody will be happy That's the simple man's kneejerk response when initially contemplating chaffed networks. > There's room to do much better. For one thing, you don't need to saturate your link with cover traffic - you need to send enough cover traffic so that a listener can't tell the difference between cover and real traffic. This depends on if you're network is a low latency one, or if it uses a store and forward model. Even that is tricky due to needs to hide the size of data each endpoint exchanges from passive adversaries. It begins to approach constant higher rate the more you data wish to pass securely. > If your cover traffic rate equals your average rate over some period of time, > you're not adding more traffic - you're simply replacing some of your cover > messages with real messages. But ... what happens when you have a > peak demand way above your average? Then you must wait until you can pass your wheat. Or plan your needs according to the give and get model. > As Stealthmonger has commented concerning anonymity, if you want > security against traffic analysis, you have to accept delays: Set your > cover traffic rate somewhat higher than your average rate, and you'll > *eventually* catch up with peaks (though as with any queueing system, > the delays can grow without bound - requiring unbounded memory > *somewhere*). Delays (trading latency) are not the only way to achieve security. You may also elect to trade available throughput bandwidth in a wheat/chaff system. > I'm not aware of any open research on these kinds of questions - though > it may well be out there. What's the optimum cover traffic rate under > various assumptions about the real traffic rate and distribution? When > is it safe to use the traffic other users present as cover for your own? > Clearly if there's only one other user sending traffic, you can't use him > for cover as *he* can tell which of the packets are yours. But is there a > way to mix traffic from multiple users in a way that requires large numbers > of them to conspire to reveal anything? The mixmaster stuff looks at this > specifically from the point of view of a store-and-forward node - is there > some suitable useful analogue on a single link? Can we somehow get > the same guarantees without storage inside the network? There were some research references posted in the threads below. > we're now going to have to change our attitudes toward traffic analysis. Yes, a lot of oppurtunity exists to create new working networks in this area that utilize fill traffic and/or delay. You may want to review the recent guardian-dev and tor-dev side threads below on this exact subject of link padding, latency and analysis. Relavent papers and talk have been posted. https://lists.mayfirst.org/pipermail/guardian-dev/2014-November/004040.html https://lists.mayfirst.org/pipermail/guardian-dev/2014-November/004069.html https://lists.torproject.org/pipermail/tor-dev/2014-November/007741.html https://lists.torproject.org/pipermail/tor-dev/2014-December/007934.html https://lists.torproject.org/pipermail/tor-dev/2015-January/008039.html http://www.metzdowd.com/pipermail/cryptography/2015-January/024479.html https://lists.torproject.org/pipermail/tor-dev/2015-January/008099.html [Copied a few places simply to include these ongoing links as reference for anyone interested.] From electromagnetize at gmail.com Tue Jan 27 17:55:00 2015 From: electromagnetize at gmail.com (brian carroll) Date: Tue, 27 Jan 2015 19:55:00 -0600 Subject: AWO text available Message-ID: Apple Watch Observations. 123pp, btc ---------------------------------------------------------------------- no copyright. redistribution & mirroring ok (see disclaimer) web-version: https://appleobservations.wordpress.com pdf-version: http://tinyurl.com/AWO-final-01-25-15 Critique of the Apple Watch concept in a good-bad-&-ugly scenario, accounting for app mania & the "apps apps apps" mantra preceding creation of the App Watch, standing in for the watch of the future. Thus proprietary apps, OS & ecosystem approach as a conceptual and ideological limit, though also in a context of hidden politics, exploitation of technology and rapidly developing police state. In this way dual-use blackbox devices, antagonistic electronics operating with competing value systems, human and antihuman, truth absent within computer data models, no structural basis for knowledge, the bit itself becomes 'the sign of truth', where $=bit (on=money, off=no-money) in terms of evaluating data, leading to slavery dynamics, censoring data by denying access via authoritarian control over culture, on behalf of tyrannical power politics of Big Daddy as state oppressor, not Big Brother. In this way - as an optimistic view - establishing new rights to data access via wearable technology, micro-data & -payments in surrounding pervasive wireless infrastructure, beyond the detached aristocratic mindset of Silicon Valley utopianism, developing tools for humanity, to support & secure freedom. /note: the gist for cypherpunks & crypto could involve an otherwise off-the-books threat model & related security issues in a real-world non-politically-correct analysis conveyed via plainspoken viewpoint/. 0.1 unveiling, cognitive dissonance, counterpoint, time = $$$ 1.1 device name, seitiroirp, technocracy, culture & fitness profiles 1.2 watch of the future, Achilles heel, risk and reward, App Watch 1.3 timing, SoC as movement, GPS, XU, OS-determinism, sans AI 1.4 apps, middle-mgmt, ecosystem, ideology, iPhone, autonomy 2.1 aesthetics, inside/outside, gap, data-model, utility & futility 2.2 moonshot, wrist computer, security threat, proprietization 3.1 consumerism, QC and QA, revolution, ideas and processing 3.2 calligraphy v. helveticization, interface as facade, core-rot 3.3 forced perspective, junk|joke, mirroring, mundanity of evil 4.1 watches {mechanical, electronic, computer} w/A&D display 4.2 lessons unlearned, display-battery issues, value, economy 4.3 snsrs, smartwatch {digital watch}; set {subset}, subset {set} 4.4 the heart, biorhythmic movement, fitness, ID maze, dystopia 4.5 jumping spider, true innovation, seed, wristwatch data orrery 4.6 aesthetic substance, 1984, inhuman technology, Dark Ages 2.0 5.1 space-time-place device, brain|mind, consciousness, AI, QvA 5.2 time signals, delay, accuracy, GPS & atomic clocks, Project Apollo 5.3 context+sensors+datalogging+networking < user case studies 6.1 malproduction, surveillance, antagonistic electronics, crazy ones 6.2 more: dual-use, weaponization, unreality, hidden politics, errors 6.3 blackbox, eg. flashdrive, A/B, corruption, NSA, police state, trap 6.4 control. transparency, covert infrastructure, Taylorism, insecurity 6.5 flds+sgnls, diagnostics, forbidden fruit, Abuse, sexuality & power 6.6 fear, donuts, aristocracy, slavery, OS plantation, clockwork-apple 6.7 fortune telling, $=bit, wysinwyg, invisible states, watching spies 6.8 ideals, Big Daddy, neg.dev, IoT, bubble, conceptual shareholders 7.1 data infrastructure, the grid, 1950s, security, public-private.dev 7.2 lifespan, jewelry.ext, adaptive+assistive, mission, snake eyes 7.3 hybrid [touch'e, hands]. OS highway & App store, data.access 7.4 variation, design styling, extroversion, net.watch, tiers, gold 7.5 radar, wi-fi infrastructure, micro-data development, freedom 7.6 direction, cultural RD&D, calculator v. computer, human future xtre: proposal for public email list to discuss & debate ideas... It is wondered if anyone would be interested in establishing an email discussion list related to general AWO themes as a beginning point for any such artifact/infrastructure/system issues, observations or analyses as the general framework. A proposed list name, 'net.watch-list', is keyed from the text, simultaneously referencing a potential Wi-Fi based wristwatch with public access to pervasive data services, though also the reality of being watched in surveillance-based global society, as this also relates to watching the watchers, everyone an eye as observations empirically correlate, find ground or fail to unify as this increases isolation, alienation, silence, self-censoring. The main concern with an open discussion (whether public or private) is institutional and-or legal support or backing to limit internal/external subversion or interference with list operation so that people can feel safe communicating in "free society." My vote would be for a public list connected to a University, where a lot of people are discussing the same realm of ideas, not limited of course to AWO or authorial perspective, though involving dynamics mentioned, hypotheses, many viewpoints. Any feedback or ideas on this appreciated. ~cc.nettime-l electromagnetize at gmail.com {The Internet Emporium}: related project http://internetemporium.wordpress.com/ From shelley at misanthropia.org Tue Jan 27 20:18:29 2015 From: shelley at misanthropia.org (shelley at misanthropia.org) Date: Tue, 27 Jan 2015 20:18:29 -0800 Subject: Barrett Brown In-Reply-To: References: Message-ID: <14b2ec30238.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> Hey now, my keyboard is clean! No, we've never heard of BB or Project PM. Never ever. We do however appreciate your always sunny and informative transmissions. Regards, A non-capitalist who occasionally functions as a life form. ---------- On January 27, 2015 6:13:54 PM Cari Machet wrote: > Has this fucking list ever heard of barrett or like you're way too fucking > parasiticly capitalistic and more interested in using your profound talents > to dox workers on this list and press meaningless repetative buttons on a > dirty keyboard and stare than actually functioning as a life form? From shelley at misanthropia.org Tue Jan 27 20:22:06 2015 From: shelley at misanthropia.org (shelley at misanthropia.org) Date: Tue, 27 Jan 2015 20:22:06 -0800 Subject: Barrett Brown In-Reply-To: References: Message-ID: <14b2ec655c8.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> P.s. the previous reply was intentionally top-posted for Gwen, wherever he is. ---------- On January 27, 2015 6:13:54 PM Cari Machet wrote: > Has this fucking list ever heard of barrett or like you're way too fucking > parasiticly capitalistic and more interested in using your profound talents > to dox workers on this list and press meaningless repetative buttons on a > dirty keyboard and stare than actually functioning as a life form? From mirimir at riseup.net Tue Jan 27 23:36:54 2015 From: mirimir at riseup.net (Mirimir) Date: Wed, 28 Jan 2015 00:36:54 -0700 Subject: Barrett Brown In-Reply-To: References: <14b2ec655c8.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> Message-ID: <54C89196.7090108@riseup.net> On 01/27/2015 10:55 PM, Eric Mill wrote: > This is everything I ever wanted a cypherpunk mailing list to be Have you ever read Toto's posts? > On Tue, Jan 27, 2015 at 11:22 PM, shelley at misanthropia.org < > shelley at misanthropia.org> wrote: > >> P.s. the previous reply was intentionally top-posted for Gwen, wherever he >> is. >> >> >> ---------- >> On January 27, 2015 6:13:54 PM Cari Machet wrote: >> >> Has this fucking list ever heard of barrett or like you're way too fucking >>> parasiticly capitalistic and more interested in using your profound >>> talents >>> to dox workers on this list and press meaningless repetative buttons on a >>> dirty keyboard and stare than actually functioning as a life form? >>> >> >> >> > > From eric at konklone.com Tue Jan 27 21:55:06 2015 From: eric at konklone.com (Eric Mill) Date: Wed, 28 Jan 2015 00:55:06 -0500 Subject: Barrett Brown In-Reply-To: <14b2ec655c8.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> References: <14b2ec655c8.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> Message-ID: This is everything I ever wanted a cypherpunk mailing list to be On Tue, Jan 27, 2015 at 11:22 PM, shelley at misanthropia.org < shelley at misanthropia.org> wrote: > P.s. the previous reply was intentionally top-posted for Gwen, wherever he > is. > > > ---------- > On January 27, 2015 6:13:54 PM Cari Machet wrote: > > Has this fucking list ever heard of barrett or like you're way too fucking >> parasiticly capitalistic and more interested in using your profound >> talents >> to dox workers on this list and press meaningless repetative buttons on a >> dirty keyboard and stare than actually functioning as a life form? >> > > > -- konklone.com | @konklone -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1584 bytes Desc: not available URL: From carimachet at gmail.com Tue Jan 27 17:19:44 2015 From: carimachet at gmail.com (Cari Machet) Date: Wed, 28 Jan 2015 02:19:44 +0100 Subject: Barrett Brown Message-ID: Has this fucking list ever heard of barrett or like you're way too fucking parasiticly capitalistic and more interested in using your profound talents to dox workers on this list and press meaningless repetative buttons on a dirty keyboard and stare than actually functioning as a life form? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 314 bytes Desc: not available URL: From coderman at gmail.com Wed Jan 28 09:43:10 2015 From: coderman at gmail.com (coderman) Date: Wed, 28 Jan 2015 09:43:10 -0800 Subject: Barrett Brown precedent Message-ID: On 1/27/15, Cari Machet wrote: > Has this fucking list ever heard of barrett or... my two favorite take-aways from the BB sentencing farce: 1. idling in IRC is consent for all activity there, and carries legal culpability. (!!!) 2. reposting links from IRC is conspiracy, and adds aggravating factors to your crimes. (!!!) tried estimating my life sentences for #nottor on oftc but stopped counting after a dozen... From rysiek at hackerspace.pl Wed Jan 28 04:03:10 2015 From: rysiek at hackerspace.pl (rysiek) Date: Wed, 28 Jan 2015 13:03:10 +0100 Subject: SilentCircle fail Message-ID: <2378884.xJfEpLONTC@lapuntu> So, this: http://blog.azimuthsecurity.com/2015/01/blackpwn-blackphone-silenttext-type.html ------------------------ While exploring my recently purchased BlackPhone, I discovered that the messaging application contains a serious memory corruption vulnerability that can be triggered remotely by an attacker. If exploited successfully, this flaw could be used to gain remote arbitrary code execution on the target's handset. The code run by the attacker will have the privileges of the messaging application, which is a standard Android application with some additional privileges. Specifically, it is possible to: decrypt messages / commandeer SilentCircle account gather location information read contacts write to external storage run additional code of the attacker's choosing (such as a privilege escalation exploit aimed at gaining root or kernel-mode access, thus taking complete control of the phone) The only knowledge required by the attacker is the target's Silent Circle ID or phone number - the target does not need to be lured in to contacting the attacker (although the flaw is exploitable in this scenario as well). (...) By resetting the jctx->msg->msgType field with the "dh2" attribute at the end of the message, a type confusion vulnerability will occur where the seq fields supplied in the "data" message will be incorrectly interpreted as the pk field - a raw memory pointer. (In this case, the low two bytes have been set to 0x8080.) Note that by utilizing messages other than "data", we could arbitrarily modify the entire pointer (and the pkLen field, indicating how much data pk points to). Assuming that we are at the correct phase of protocol negotiation, sending this message results in the following crash: ]Fatal signal 11 (SIGSEGV) at 0xdeadbaad (code=1), thread 17201 (com.silentcircl) I/DEBUG ( 9735): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** I/DEBUG ( 9735): Revision: '0' I/DEBUG ( 9735): pid: 15611, tid: 17201, name: com.silentcircl >>> com.silentcircle.silenttext <<< I/DEBUG ( 9735): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr deadbaad I/DEBUG ( 9735): Abort message: 'invalid address or address of corrupt block 0x601b8078 passed to dlfree' (...) ....a raw memory pointer.... ....a raw memory pointer.... ....a raw memory pointer.... ....a raw memory pointer.... -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From pgut001 at cs.auckland.ac.nz Tue Jan 27 22:37:01 2015 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Wed, 28 Jan 2015 19:37:01 +1300 Subject: Barrett Brown In-Reply-To: Message-ID: Eric Mill writes: >This is everything I ever wanted a cypherpunk mailing list to be I dunno, I think the Malcolm Tucker wannabe act from two or three messages ago was pretty dire. What makes Malcolm so entertaining is that he's a creative artist when it comes to swearing ("This is like The Shawshank Redemption, only with more tunneling through shit and no fucking redemption" or "When I want your opinion I'll give you the signal, and that signal's me being sectioned under the mental fucking health act") while the OPs use came across as very amateurish, no creativity at all, just some boilerplate swearing cobbled together with rubber bands and matchsticks. That wouldn't even get a conceded pass mark for effort, it's a straight F. Peter. From hozer at hozed.org Wed Jan 28 18:02:09 2015 From: hozer at hozed.org (Troy Benjegerdes) Date: Wed, 28 Jan 2015 20:02:09 -0600 Subject: chinese drunk droner crashes spy into white house Message-ID: <20150129020209.GH14804@nl.grid.coop> How did I wake up in a Douglas Adams novel today, did anyone check for vogons? The only way it could be better is if he was drunk on russian vodka. http://www.slate.com/blogs/future_tense/2015/01/28/after_white_house_crash_drone_maker_dji_restricts_its_uavs_flying_zone.html The only logical explaination for this is someone who knows how completely busted and broken the system has gotten is trying to make a point. It's the complete absurdity of stuff like this that convinces me that no 'vast government conspiracy' could ever survive the organizational incompetence. Or at least, that's what the vogons want me to think. From hozer at hozed.org Wed Jan 28 18:13:32 2015 From: hozer at hozed.org (Troy Benjegerdes) Date: Wed, 28 Jan 2015 20:13:32 -0600 Subject: Does Cypherpunk need a Church? In-Reply-To: <43090368.ccXnftFsfm@lapuntu> References: <20150116000502.GG14804@nl.grid.coop> <1421372437.1959955.214567793.03FDBCDF@webmail.messagingengine.com> <43090368.ccXnftFsfm@lapuntu> Message-ID: <20150129021332.GI14804@nl.grid.coop> On Fri, Jan 16, 2015 at 10:04:12AM +0100, rysiek wrote: > Dnia czwartek, 15 stycznia 2015 17:40:37 shelley at misanthropia.info pisze: > > On Thu, Jan 15, 2015, at 04:05 PM, Troy Benjegerdes wrote: > > > Or cats. > > > > > > Ceiling Cat > > > Basement Cat > > > Catoshi, the patron of low-market altcoins > > > > Catoshi! Good one. Of course, our sabbath would be Caturday, at the > > altar of LongCat. > > And for the moral relativists among us that would be Unsigned LongCat. Just watch out for the followers of gcc "-DLong=\"`cat $long`\"" for they are subtle, and quick to buffer overflow. From jya at pipeline.com Thu Jan 29 06:30:58 2015 From: jya at pipeline.com (John Young) Date: Thu, 29 Jan 2015 09:30:58 -0500 Subject: How the CIA Made Google Message-ID: https://medium.com/@NafeezAhmed/how-the-cia-made-google-e836451a959e Fascinating research, with gobs of suspects besides TLAs, Brin and Page, some here now, some here back then, as suspected then and now. Not that there is anything wrong with suspecting cpunks was made similarly. From jya at pipeline.com Thu Jan 29 06:48:38 2015 From: jya at pipeline.com (John Young) Date: Thu, 29 Jan 2015 09:48:38 -0500 Subject: Why Google made the NSA Message-ID: https://medium.com/@NafeezAhmed/why-google-made-the-nsa-2a80584c9c1 Part 2 of the Google TLA allegations. From guninski at guninski.com Thu Jan 29 00:17:46 2015 From: guninski at guninski.com (Georgi Guninski) Date: Thu, 29 Jan 2015 10:17:46 +0200 Subject: chinese drunk droner crashes spy into white house In-Reply-To: <20150129020209.GH14804@nl.grid.coop> References: <20150129020209.GH14804@nl.grid.coop> Message-ID: <20150129081746.GA4387@sivokote.iziade.m$> On Wed, Jan 28, 2015 at 08:02:09PM -0600, Troy Benjegerdes wrote: > How did I wake up in a Douglas Adams novel today, did anyone check for vogons? > The only way it could be better is if he was drunk on russian vodka. > > http://www.slate.com/blogs/future_tense/2015/01/28/after_white_house_crash_drone_maker_dji_restricts_its_uavs_flying_zone.html > > > The only logical explaination for this is someone who knows how completely > busted and broken the system has gotten is trying to make a point. > > It's the complete absurdity of stuff like this that convinces me that no 'vast > government conspiracy' could ever survive the organizational incompetence. > > Or at least, that's what the vogons want me to think. LOL... I see no vogons here. Is it possible North Korea to be also involved? ;) From guninski at guninski.com Thu Jan 29 01:41:35 2015 From: guninski at guninski.com (Georgi Guninski) Date: Thu, 29 Jan 2015 11:41:35 +0200 Subject: Cypherpunk Politics In-Reply-To: References: <2861460.HQp4W9DS8A@lapuntu> Message-ID: <20150129094135.GB4387@sivokote.iziade.m$> On Tue, Jan 20, 2015 at 03:56:02AM -0500, grarpamp wrote: > Cypherpunks for elected reps! Where's the retired cypherpunks > anyways? We have a job for you... I am very sceptical about this happening. About 99.999% of the voters are pure sheeple. Just a bit of media manipulation and selected excerpts of this list might marginalize the term "cypherpunk". Pirate Party gives the sheeple porn/music for free AFAICT. What can you trade to sheeple for their votes? Just wait economically enslaved sheeple got hurt and then tell them "We told you so". The political situation in Greece appears to support this. OFFTOPIC: vvvvvvvv I have lived long enough in advanced socialism (AKA communism) and alleged democracy. The politicians are essentially the same IMHO. It is hard for me to tell which implementation sucks more. From rysiek at hackerspace.pl Thu Jan 29 03:07:29 2015 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 29 Jan 2015 12:07:29 +0100 Subject: chinese drunk droner crashes spy into white house In-Reply-To: <20150129020209.GH14804@nl.grid.coop> References: <20150129020209.GH14804@nl.grid.coop> Message-ID: <1553778.22Ie05jM8e@lapuntu> Dnia środa, 28 stycznia 2015 20:02:09 Troy Benjegerdes pisze: > How did I wake up in a Douglas Adams novel today, did anyone check for > vogons? The only way it could be better is if he was drunk on russian > vodka. > > http://www.slate.com/blogs/future_tense/2015/01/28/after_white_house_crash_d > rone_maker_dji_restricts_its_uavs_flying_zone.html Well.: http://rys.io/en/54 "Quadcopters and similar, hovering-capable drones will be soon banned, probably as weapons, probably under "anti-terrorism" laws. (...) They will get banned, and will get banned as "terrorist devices". You will hear arguments that, for example, they are able to help "terrorists" plant explosives or create havoc and are very hard to take down once airborne. The funny part is: we had flying drones in the form of RC planes and copters for years upon years and nobody thought about banning them. Moreover, these would be much better-suited for the supposed "terrorists", as they are bigger and more powerful — able to carry a bigger amount of explosives, on a longer distance, faster and therefore harder to intercept." -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From shelley at misanthropia.org Thu Jan 29 15:09:37 2015 From: shelley at misanthropia.org (shelley at misanthropia.org) Date: Thu, 29 Jan 2015 15:09:37 -0800 Subject: Cypherpunk Politics In-Reply-To: <14b37f3cea0.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> References: <2861460.HQp4W9DS8A@lapuntu> <20150129094135.GB4387@sivokote.iziade.m$> <54caa84e.ca25e00a.73e7.ffff817b@mx.google.com> <14b37f3cea0.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> Message-ID: <14b37f4f780.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> ---------- On January 29, 2015 2:32:01 PM Juan wrote: > The judeo-christian western empire, I mean, Civilization, is the > most civilized civilization there is. And we will bomb the shit out of... er, i mean bring our civilized form of capitalistic FREEDOM (and jesus- same thing, amirite?!) to any nation that says otherwise (or, that has oil. Again, same thing...) From rysiek at hackerspace.pl Thu Jan 29 06:20:53 2015 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 29 Jan 2015 15:20:53 +0100 Subject: What if GHOST was/is exploitable on sshd/openssl? ;) In-Reply-To: <20150129134535.GD4387@sivokote.iziade.m$> References: <20150129134535.GD4387@sivokote.iziade.m$> Message-ID: <2895526.076u0dnZvg@lapuntu> Dnia czwartek, 29 stycznia 2015 15:45:35 Georgi Guninski pisze: > If GHOST were slightly worse giving exploit on openssl, > would it have been worse than HB? :P /me grabs some popcorn -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From guninski at guninski.com Thu Jan 29 05:45:35 2015 From: guninski at guninski.com (Georgi Guninski) Date: Thu, 29 Jan 2015 15:45:35 +0200 Subject: What if GHOST was/is exploitable on sshd/openssl? ;) Message-ID: <20150129134535.GD4387@sivokote.iziade.m$> Overflow in libc: http://www.theregister.co.uk/2015/01/28/ghost_linux_megavuln_analysis/ Allegedly exploitable on exim. Question to those who feared Hearth Bleed: If GHOST were slightly worse giving exploit on openssl, would it have been worse than HB? :P From guninski at guninski.com Thu Jan 29 07:15:48 2015 From: guninski at guninski.com (Georgi Guninski) Date: Thu, 29 Jan 2015 17:15:48 +0200 Subject: How the CIA Made Google In-Reply-To: References: Message-ID: <20150129151548.GF4387@sivokote.iziade.m$> On Thu, Jan 29, 2015 at 09:30:58AM -0500, John Young wrote: > some here now, some here back then, as suspected then and now. Not > that there is anything wrong with suspecting cpunks was made similarly. Glad to learn I am not the only one suspecting the same for cpunks ;) From mirimir at riseup.net Thu Jan 29 16:20:49 2015 From: mirimir at riseup.net (Mirimir) Date: Thu, 29 Jan 2015 17:20:49 -0700 Subject: chinese drunk droner crashes spy into white house In-Reply-To: <1553778.22Ie05jM8e@lapuntu> References: <20150129020209.GH14804@nl.grid.coop> <1553778.22Ie05jM8e@lapuntu> Message-ID: <54CACE61.7040501@riseup.net> On 01/29/2015 04:07 AM, rysiek wrote: > Well.: > http://rys.io/en/54 > > "Quadcopters and similar, hovering-capable drones will be soon banned, > probably as weapons, probably under "anti-terrorism" laws. > > (...) > > They will get banned, and will get banned as "terrorist devices". You will > hear arguments that, for example, they are able to help "terrorists" plant > explosives or create havoc and are very hard to take down once airborne. > > The funny part is: we had flying drones in the form of RC planes and copters > for years upon years and nobody thought about banning them. Moreover, these > would be much better-suited for the supposed "terrorists", as they are bigger > and more powerful — able to carry a bigger amount of explosives, on a longer > distance, faster and therefore harder to intercept." How about this? http://sourceforge.net/projects/osmissile/ History: http://www.interestingprojects.com/cruisemissile/bio.shtml This was squashed, as I recall. From mirimir at riseup.net Thu Jan 29 16:23:35 2015 From: mirimir at riseup.net (Mirimir) Date: Thu, 29 Jan 2015 17:23:35 -0700 Subject: Why Google made the NSA In-Reply-To: References: Message-ID: <54CACF07.7010302@riseup.net> On 01/29/2015 07:48 AM, John Young wrote: > https://medium.com/@NafeezAhmed/why-google-made-the-nsa-2a80584c9c1 > > Part 2 of the Google TLA allegations. _Silicon Jungle_ is entertaining backstory :) From mirimir at riseup.net Thu Jan 29 16:40:08 2015 From: mirimir at riseup.net (Mirimir) Date: Thu, 29 Jan 2015 17:40:08 -0700 Subject: Cypherpunk Politics In-Reply-To: <20150129094135.GB4387@sivokote.iziade.m$> References: <2861460.HQp4W9DS8A@lapuntu> <20150129094135.GB4387@sivokote.iziade.m$> Message-ID: <54CAD2E8.2040306@riseup.net> On 01/29/2015 02:41 AM, Georgi Guninski wrote: > I have lived long enough in advanced socialism (AKA > communism) and alleged democracy. With some exceptions (batshit crazy ideologues, for the most part) communism in practice has basically been kleptocracy. Ditto for democracy (whether capitalist or socialist). Powerful just distract sheeple in different ways. > The politicians are essentially the same IMHO. In my experience, yes. > It is hard for me to tell which implementation > sucks more. They all suck. So it goes. From grarpamp at gmail.com Thu Jan 29 14:42:49 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 29 Jan 2015 17:42:49 -0500 Subject: Cypherpunk Politics In-Reply-To: <20150129094135.GB4387@sivokote.iziade.m$> References: <2861460.HQp4W9DS8A@lapuntu> <20150129094135.GB4387@sivokote.iziade.m$> Message-ID: On Thu, Jan 29, 2015 at 4:41 AM, Georgi Guninski wrote: > Just a bit of media manipulation and selected > excerpts of this list might marginalize the term > "cypherpunk". Cypherpunk become savvy media manipulator too like politicians. At least this list has evidence of inteligient rational applied thought to pull from, where a lot of born poiticians are just greasy things that care not for problems but for themselves. > Pirate Party gives the sheeple porn/music for free > AFAICT. > What can you trade to sheeple for their votes? The ability, through crypto networks, for them to do that anonymously without having to worry much any longer about MAFIA breathing down their IP addresses. They are a aware of mafia, they don't like mafia. Cypherpunk is PP backup 2.0 there for them if PP doesn't work to make actual free things there. You can also give them power and encrypt all the things to counter this spying stuff they hear on the news. > Just wait economically enslaved sheeple got hurt > and then tell them "We told you so". This usually doesn't carry weight for you at that point because the battle you proposed to fight back then has already crumbled away and devolved into a more pressing and different problem now. From juan.g71 at gmail.com Thu Jan 29 13:40:55 2015 From: juan.g71 at gmail.com (Juan) Date: Thu, 29 Jan 2015 18:40:55 -0300 Subject: Cypherpunk Politics In-Reply-To: <20150129094135.GB4387@sivokote.iziade.m$> References: <2861460.HQp4W9DS8A@lapuntu> <20150129094135.GB4387@sivokote.iziade.m$> Message-ID: <54caa84e.ca25e00a.73e7.ffff817b@mx.google.com> On Thu, 29 Jan 2015 11:41:35 +0200 Georgi Guninski wrote: > > > I have lived long enough in advanced socialism (AKA > communism) and alleged democracy. > > The politicians are essentially the same IMHO. > > It is hard for me to tell which implementation > sucks more. How can you say such horrible, and horribly misguided things? The judeo-christian western empire, I mean, Civilization, is the most civilized civilization there is. From juan.g71 at gmail.com Thu Jan 29 15:34:24 2015 From: juan.g71 at gmail.com (Juan) Date: Thu, 29 Jan 2015 20:34:24 -0300 Subject: Cypherpunk Politics In-Reply-To: <14b37f4f780.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> References: <2861460.HQp4W9DS8A@lapuntu> <20150129094135.GB4387@sivokote.iziade.m$> <54caa84e.ca25e00a.73e7.ffff817b@mx.google.com> <14b37f3cea0.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> <14b37f4f780.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> Message-ID: <54cac2e7.e16a8c0a.5e6a.ffff9332@mx.google.com> On Thu, 29 Jan 2015 15:09:37 -0800 "shelley at misanthropia.org" wrote: > ---------- > On January 29, 2015 2:32:01 PM Juan wrote: > > > The judeo-christian western empire, I mean, Civilization, > > is the most civilized civilization there is. > > And we will bomb the shit out of... er, i mean bring our civilized > form of capitalistic FREEDOM (and jesus- same thing, amirite?!) to > any nation that says otherwise (or, that has oil. Again, same > thing...) > > It can't be helped. It's god's will. From coderman at gmail.com Fri Jan 30 03:03:21 2015 From: coderman at gmail.com (coderman) Date: Fri, 30 Jan 2015 03:03:21 -0800 Subject: [liberationtech] The Future of Security Journalism In-Reply-To: <54CA389D.6060107@porup.com> References: <54C6AC47.40603@porup.com> <54C8E152.1020507@squimp.com> <54CA389D.6060107@porup.com> Message-ID: On 1/29/15, J.M. Porup wrote: > ... If we don't wish to be serfs in the new feudal, digital > world, we need to re-disrupt the disruption, and invent new tools that > ensure human liberty and dignity. ... that time > is short, and the New Dark Age is nearly upon us. as one who is always fond of the question, "what's your threat model?" the implication appears to be two fold: 1. good security journalism, aka "activist journalism", begs forth selective and retributive prosecution through open-ended legislation (CFAA, et. al.) as cover. 2. technical sophistication pursuing these prosecutions is now, thanks to the cyber-industrial-complex, at a point where law enforcement uses techniques recently considered nation state intelligence caliber. thus to pursue "activist security journalism" that is not powers that be sanctioned "mainstream security regurgitation" journalism, your threat model is: securing yourself and your sources against nation state dragnet and targeted attacks, including tailored access and special collection. this is currently considered a "Hard Problem" (TM)(R) even with decades dedicated to the challenge. i do take hope in the fact that most earth humans are not coding to hard problems, but instead to easy, well paying ones. perhaps different incentives will play a bigger role for security? From coderman at gmail.com Fri Jan 30 03:09:26 2015 From: coderman at gmail.com (coderman) Date: Fri, 30 Jan 2015 03:09:26 -0800 Subject: Fusion Centers: IGNITE! [Fwd: Cold War-era FBI memos show how close the US came to declaring Martial Law | Private Prisons "cherry pick" their populace] Message-ID: "... 12,949 individuals would immediately be detained as a likely threat to national security for their ties to "subversive organizations." ^- your threat model also includes advance observation of unilateral relocations . ;) ---------- Forwarded message ---------- From: MuckRock Date: Fri, 30 Jan 2015 11:00:09 +0000 Subject: Cold War-era FBI memos show how close the US came to declaring Martial Law | Private Prisons "cherry pick" their populace ** The top secret Cold War plan to bring the United States under martial law ------------------------------------------------------------ ** 12,949 individuals would immediately be detained as a likely threat to national security for their ties to "subversive organizations." ------------------------------------------------------------ Starting on April 19, 1956, the federal government practiced and planned for a near-doomsday scenario known as Plan C. When activated, Plan C would have brought the United States under martial law, rounded up over ten thousand individuals connected to "subversive" organizations, implemented a censorship board, and prepared the country for life after nuclear attack. There was no Plan A or B. ** In Florida, clear guidelines give private prisons priority ------------------------------------------------------------ Those with serious medical or psychological issues are left to the state Do private prisons “cherry pick” inmates, leaving state Corrections departments saddled with offenders in need of more expensive care? While it’s not quite selecting from a line up, they do set the guidelines for who’s in or out. ** North Carolina’s 1033 program data is clearly public, says state Attorney General ------------------------------------------------------------ ** "Air Force Cyber Vision 2025" includes quantum processors, self-healing code, and next-gen "cyber-warriors" ------------------------------------------------------------ ============================================================ Copyright © 2015 MuckRock, All rights reserved. You're receiving this e-mail because you're either a member of MuckRock.com or asked to stay in touch with what we're up to. Our mailing address is: MuckRock 135 William T Morrissey Blvd ‎ Dorchester, Massachusetts 02125 USA From guninski at guninski.com Thu Jan 29 23:49:10 2015 From: guninski at guninski.com (Georgi Guninski) Date: Fri, 30 Jan 2015 09:49:10 +0200 Subject: Cypherpunk Politics In-Reply-To: References: <2861460.HQp4W9DS8A@lapuntu> <20150129094135.GB4387@sivokote.iziade.m$> Message-ID: <20150130074910.GB2504@sivokote.iziade.m$> On Thu, Jan 29, 2015 at 05:42:49PM -0500, grarpamp wrote: > On Thu, Jan 29, 2015 at 4:41 AM, Georgi Guninski wrote: > > Just a bit of media manipulation and selected > > excerpts of this list might marginalize the term > > "cypherpunk". > > Cypherpunk become savvy media manipulator too > like politicians. At least this list has evidence of > inteligient rational applied thought to pull from, where > a lot of born poiticians are just greasy things that care > not for problems but for themselves. > SNIP Hopefully last post in this thread due to common sense. I well might be wrong, this happens. You didn't convince me, but really wish you success! -- The optimist learns English. The pessimist learns Chinese. The realist learns Kalashnikov rifle. From guninski at guninski.com Fri Jan 30 00:19:28 2015 From: guninski at guninski.com (Georgi Guninski) Date: Fri, 30 Jan 2015 10:19:28 +0200 Subject: Bill Gates is worried about artificial intelligence too Message-ID: <20150130081928.GC2504@sivokote.iziade.m$> http://www.cnet.com/news/bill-gates-is-worried-about-artificial-intelligence-too/ Microsoft's co-founder and former CEO is the latest luminary from the world of technology and science to warn against the threat of smart machines. ===== My comments: I am worried about _any_ device using anything from M$. So if Gates (who has unorthodoxal opinion about complexity of factoring PRIMES) is _really_ worried about this, he MUST freeze all AI projects at M$. This reminds me of the quote: --- ``It would be fun some day, Turing, to listen to a discussion, say on the Fourth Programme, between two machines on why human beings think that they think! '' --Sir Geoffrey Jefferson (in: `Can Automatic Calculating Machines Be Said to Think?', by M.H.A. Newman et al., a BBC broadcast recorded 10 Jan. 1952, Turing Archives, reprinted in ch. 7 of `The Turing Test', S. Shieber, ed., MIT Press, 2004.) --- http://www.math.rutgers.edu/~zeilberg/quotes.html From list at sysfu.com Fri Jan 30 11:13:06 2015 From: list at sysfu.com (Seth) Date: Fri, 30 Jan 2015 11:13:06 -0800 Subject: How the CIA Made Google In-Reply-To: References: Message-ID: On Thu, 29 Jan 2015 06:30:58 -0800, John Young wrote: > https://medium.com/@NafeezAhmed/how-the-cia-made-google-e836451a959e > > Fascinating research, with gobs of suspects besides TLAs, Brin and Page, > some here now, some here back then, as suspected then and now. Not > that there is anything wrong with suspecting cpunks was made similarly. Related Documentary: http://www.worldbrainthefilm.com/ From grarpamp at gmail.com Fri Jan 30 10:17:36 2015 From: grarpamp at gmail.com (grarpamp) Date: Fri, 30 Jan 2015 13:17:36 -0500 Subject: www.nsa-observer.net Message-ID: https://www.nsa-observer.net/ https://github.com/nsa-observer/ fyi, coderman et al. From ryacko at gmail.com Fri Jan 30 14:33:43 2015 From: ryacko at gmail.com (Ryan Carboni) Date: Fri, 30 Jan 2015 14:33:43 -0800 Subject: Cypherpunk Politics Message-ID: Perhaps the best solution is the final solution. Legalize assassination politics. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 125 bytes Desc: not available URL: From grarpamp at gmail.com Fri Jan 30 11:39:48 2015 From: grarpamp at gmail.com (grarpamp) Date: Fri, 30 Jan 2015 14:39:48 -0500 Subject: Fusion Centers: IGNITE! [Fwd: Cold War-era FBI memos show how close the US came to declaring Martial Law | Private Prisons "cherry pick" their populace] In-Reply-To: <20150130150806.GD2504@sivokote.iziade.m$> References: <20150130150806.GD2504@sivokote.iziade.m$> Message-ID: On Fri, Jan 30, 2015 at 10:08 AM, Georgi Guninski wrote: > On Fri, Jan 30, 2015 at 03:09:26AM -0800, coderman wrote: >> ...Martial Law... > > I am not native English speaker, so have 2 questions. When your country goes to war/shit, there is little difference. These sorts of mix of rumors and facts have been circulating since at least WWII, along with UFO's and other fun things. Search terms: NWO, REX84, FEMA, AREA-51, etc... the list goes on and on and on. Having actual facts on paper is always good to hold perspective and enable analysis. https://www.muckrock.com/news/archives/2015/jan/26/plan-c-top-secret-cold-war-battle-plan-bring-unite/ https://en.wikipedia.org/wiki/Continuity_of_government https://en.wikipedia.org/wiki/State_of_emergency From grarpamp at gmail.com Fri Jan 30 12:15:44 2015 From: grarpamp at gmail.com (grarpamp) Date: Fri, 30 Jan 2015 15:15:44 -0500 Subject: Cypherpunk Politics In-Reply-To: <54cac2e7.e16a8c0a.5e6a.ffff9332@mx.google.com> References: <2861460.HQp4W9DS8A@lapuntu> <20150129094135.GB4387@sivokote.iziade.m$> <54caa84e.ca25e00a.73e7.ffff817b@mx.google.com> <14b37f3cea0.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> <14b37f4f780.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> <54cac2e7.e16a8c0a.5e6a.ffff9332@mx.google.com> Message-ID: On Thu, Jan 29, 2015 at 6:34 PM, Juan wrote: > On Thu, 29 Jan 2015 15:09:37 -0800 > "shelley at misanthropia.org" wrote: >> And we will bomb the shit out of... er, i mean bring our civilized > It can't be helped. It's god's will. Insha'Allah From guninski at guninski.com Fri Jan 30 07:08:06 2015 From: guninski at guninski.com (Georgi Guninski) Date: Fri, 30 Jan 2015 17:08:06 +0200 Subject: Fusion Centers: IGNITE! [Fwd: Cold War-era FBI memos show how close the US came to declaring Martial Law | Private Prisons "cherry pick" their populace] In-Reply-To: References: Message-ID: <20150130150806.GD2504@sivokote.iziade.m$> On Fri, Jan 30, 2015 at 03:09:26AM -0800, coderman wrote: > ...Martial Law... I am not native English speaker, so have 2 questions. 1. What is the difference between "Martial Law" and torturing innocent people without trial [-1]? Since communism/advanced socialism is discussed: 2. What is the difference between torturing innocent people without trial and (say) Stalin's approach to his sheeple (besides the scale)? [-1]: http://en.wikipedia.org/w/index.php?title=Senate_Intelligence_Committee_report_on_CIA_torture&oldid=643173952#Examples_of_torture_and_abuse_of_prisoners -1 is permanent link, feel free to check current From grarpamp at gmail.com Fri Jan 30 14:58:38 2015 From: grarpamp at gmail.com (grarpamp) Date: Fri, 30 Jan 2015 17:58:38 -0500 Subject: chinese drunk droner crashes spy into white house In-Reply-To: <54CACE61.7040501@riseup.net> References: <20150129020209.GH14804@nl.grid.coop> <1553778.22Ie05jM8e@lapuntu> <54CACE61.7040501@riseup.net> Message-ID: On Thu, Jan 29, 2015 at 7:20 PM, Mirimir wrote: >> http://rys.io/en/54 >> The funny part is: we had flying drones in the form of RC planes and copters >> for years upon years and nobody thought about banning them. Moreover, these http://towerhobbies.com/ Hobbyists, tinkerers and hacks (and various baddies unrelated to them) won't care about such bans. They'll just add relatively untraceable, unjammable, SDR wideband radio as their remote control. > How about this? http://sourceforge.net/projects/osmissile/ > History: http://www.interestingprojects.com/cruisemissile/bio.shtml > This was squashed, as I recall. http://aardvark.co.nz/pjet/ Squashing inhibits the source of new tech at its very roots, the backyard. And kills off innocently fun applications of same. The way the US, UK, and other places have been acting lately, they'd be happy with bombing your crypto back to the stone age. Open up your local hackerspace today! http://www.dailymail.co.uk/news/article-2506549/Uh-oh-Radioactive-Boy-Scout-built-nuclear-reactor-Detroit-shed-sparking-evacuation-40-000-wants-invent-lightbulb-lasts-100-years.html http://www.spacex.com/ https://en.wikipedia.org/wiki/DARPA https://en.wikipedia.org/wiki/In-Q-Tel http://www.repairfaq.org/sam/index.html https://www.youtube.com/results?search_query=backyard+invention From grarpamp at gmail.com Fri Jan 30 15:10:19 2015 From: grarpamp at gmail.com (grarpamp) Date: Fri, 30 Jan 2015 18:10:19 -0500 Subject: Cypherpunk Politics In-Reply-To: References: Message-ID: On Fri, Jan 30, 2015 at 5:33 PM, Ryan Carboni wrote: > Legalize assassination politics. Whether they're "real" or not, there are [or were] at least a few pools set up in the various darknets. Tor-talk probably had a relavent thread on them. From coderman at gmail.com Fri Jan 30 18:29:03 2015 From: coderman at gmail.com (coderman) Date: Fri, 30 Jan 2015 18:29:03 -0800 Subject: www.nsa-observer.net In-Reply-To: References: Message-ID: On 1/30/15, grarpamp wrote: > https://www.nsa-observer.net/ > https://github.com/nsa-observer/ > > fyi, coderman et al. thanks, checking them out. one thing i don't see mentioned is how the OCR was performed. same as Reuters DocumentCloud service, or open source tool, or ? next bigsun update will demonstrate this challenge better, as i am using a handful of techniques for text extraction, character recognition, and annotation, as well. in a sense, this is how the sausage making gets started... (i will see if there is a convenient way i can feed back out again, like to nsa-observer, since bigsun is intended to be operated entirely within hidden services - no public services, especially not github or document cloud) best regards, From grarpamp at gmail.com Fri Jan 30 15:39:14 2015 From: grarpamp at gmail.com (grarpamp) Date: Fri, 30 Jan 2015 18:39:14 -0500 Subject: Spies LEVITATE infohounds, filesharers, and Glee watchers Message-ID: http://www.cbc.ca/news/cse-tracks-millions-of-downloads-daily-snowden-documents-1.2930120 https://firstlook.org/theintercept/2015/01/28/canada-cse-levitation-mass-surveillance/ So what do you do if you're a vast global adversary network of old chums, with unlimited resources, a world citizenry that is perhaps becoming unafraid of terrists as background noise, and some might say an authority to keep? Why, sit back and spy on everyday knowledge seekers, file sharers and you tubers of course! Everything cypherpunks were saying in 1984 is coming true. The story continues... From mirimir at riseup.net Fri Jan 30 18:33:18 2015 From: mirimir at riseup.net (Mirimir) Date: Fri, 30 Jan 2015 19:33:18 -0700 Subject: Cypherpunk Politics In-Reply-To: <54CB64A2.307@gothic.com.au> References: <2861460.HQp4W9DS8A@lapuntu> <20150129094135.GB4387@sivokote.iziade.m$> <54CAD2E8.2040306@riseup.net> <54CB64A2.307@gothic.com.au> Message-ID: <54CC3EEE.7040006@riseup.net> On 01/30/2015 04:01 AM, Goran Novak wrote: > On 30/01/2015 11:40 AM, Mirimir wrote: >> >> With some exceptions (batshit crazy ideologues, for the most part) >> communism in practice has basically been kleptocracy. Ditto for >> democracy (whether capitalist or socialist). Powerful just distract >> sheeple in different ways. > Kleptocracy, alternatively cleptocracy or kleptarchy, (from Greek: > κλέπτης - kleptēs, "thief"[1] and κράτος - kratos, "power, rule",[2] > hence "rule by thieves") is a form of political and government > corruption where the government exists to increase the personal wealth > and political power of its officials and the ruling class at the expense > of the wider population, often with pretense of honest service. > https://en.wikipedia.org/wiki/Kleptocracy > > Communism (from Latin communis – common, universal)[1][2] is a > socioeconomic system structured upon the common ownership of the means > of production and characterized by the absence of social classes, > money,[3][4] and the state; as well as a social, political and economic > ideology and movement that aims to establish this social order. > https://en.wikipedia.org/wiki/Communism > > Communism has not been ever put to practice. Yes, that was my point. I should have said "alleged communism" and "alleged democracy". >>> The politicians are essentially the same IMHO. >> In my experience, yes. >> >>> It is hard for me to tell which implementation >>> sucks more. >> They all suck. So it goes. >> > > From mirimir at riseup.net Fri Jan 30 19:19:11 2015 From: mirimir at riseup.net (Mirimir) Date: Fri, 30 Jan 2015 20:19:11 -0700 Subject: [tor-talk] Tor -> VPN Clarification In-Reply-To: References: <54CB577A.9000100@riseup.net> <54CB59D5.5040300@riseup.net> <54CB5D63.5000108@techwang.com> <54CB689A.3010402@riseup.net> <54CC27AE.5060805@riseup.net> Message-ID: <54CC49AF.30703@riseup.net> On 01/30/2015 06:48 PM, grarpamp wrote: > On Fri, Jan 30, 2015 at 7:54 PM, Mirimir wrote: >> JonDoNym / JAP > > I'm seeing references to this tool pop up recently in various > places. Keep in mind the controversie from years ago > and read the label on the tin carefully. That's not to say > it's not fit for use once you understand its fitness. > https://en.wikipedia.org/wiki/Java_Anon_Proxy I replied on tor-talk. From cathalgarvey at cathalgarvey.me Fri Jan 30 12:35:23 2015 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Fri, 30 Jan 2015 20:35:23 +0000 Subject: Fusion Centers: IGNITE! [Fwd: Cold War-era FBI memos show how close the US came to declaring Martial Law | Private Prisons "cherry pick" their populace] In-Reply-To: <20150130150806.GD2504@sivokote.iziade.m$> References: <20150130150806.GD2504@sivokote.iziade.m$> Message-ID: <54CBEB0B.8090904@cathalgarvey.me> > I am not native English speaker, so have 2 questions. > > 1. What is the difference between "Martial Law" and > torturing innocent people without trial [-1]? Literally, Martial law means you can be shot for breaking the orders of the designated enforcers. It represents "ad hoc, brutalist law" in common usage. On 30/01/15 15:08, Georgi Guninski wrote: > On Fri, Jan 30, 2015 at 03:09:26AM -0800, coderman wrote: >> ...Martial Law... > > I am not native English speaker, so have 2 questions. > > 1. What is the difference between "Martial Law" and > torturing innocent people without trial [-1]? > > Since communism/advanced socialism is discussed: > > 2. What is the difference between torturing innocent people without trial > and (say) Stalin's approach to his sheeple (besides the scale)? > > > [-1]: > http://en.wikipedia.org/w/index.php?title=Senate_Intelligence_Committee_report_on_CIA_torture&oldid=643173952#Examples_of_torture_and_abuse_of_prisoners > -1 is permanent link, feel free to check current > -- Twitter: @onetruecathal Phone: +353876363185 miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM peerio.com: Use email or phone. Uses above miniLock key. From grarpamp at gmail.com Fri Jan 30 17:48:18 2015 From: grarpamp at gmail.com (grarpamp) Date: Fri, 30 Jan 2015 20:48:18 -0500 Subject: [tor-talk] Tor -> VPN Clarification In-Reply-To: <54CC27AE.5060805@riseup.net> References: <54CB577A.9000100@riseup.net> <54CB59D5.5040300@riseup.net> <54CB5D63.5000108@techwang.com> <54CB689A.3010402@riseup.net> <54CC27AE.5060805@riseup.net> Message-ID: On Fri, Jan 30, 2015 at 7:54 PM, Mirimir wrote: > JonDoNym / JAP I'm seeing references to this tool pop up recently in various places. Keep in mind the controversie from years ago and read the label on the tin carefully. That's not to say it's not fit for use once you understand its fitness. https://en.wikipedia.org/wiki/Java_Anon_Proxy From goran at gothic.com.au Fri Jan 30 03:01:54 2015 From: goran at gothic.com.au (Goran Novak) Date: Fri, 30 Jan 2015 22:01:54 +1100 Subject: Cypherpunk Politics In-Reply-To: <54CAD2E8.2040306@riseup.net> References: <2861460.HQp4W9DS8A@lapuntu> <20150129094135.GB4387@sivokote.iziade.m$> <54CAD2E8.2040306@riseup.net> Message-ID: <54CB64A2.307@gothic.com.au> On 30/01/2015 11:40 AM, Mirimir wrote: > > With some exceptions (batshit crazy ideologues, for the most part) > communism in practice has basically been kleptocracy. Ditto for > democracy (whether capitalist or socialist). Powerful just distract > sheeple in different ways. Kleptocracy, alternatively cleptocracy or kleptarchy, (from Greek: κλέπτης - kleptēs, "thief"[1] and κράτος - kratos, "power, rule",[2] hence "rule by thieves") is a form of political and government corruption where the government exists to increase the personal wealth and political power of its officials and the ruling class at the expense of the wider population, often with pretense of honest service. https://en.wikipedia.org/wiki/Kleptocracy Communism (from Latin communis – common, universal)[1][2] is a socioeconomic system structured upon the common ownership of the means of production and characterized by the absence of social classes, money,[3][4] and the state; as well as a social, political and economic ideology and movement that aims to establish this social order. https://en.wikipedia.org/wiki/Communism Communism has not been ever put to practice. > >> The politicians are essentially the same IMHO. > In my experience, yes. > >> It is hard for me to tell which implementation >> sucks more. > They all suck. So it goes. > From grarpamp at gmail.com Fri Jan 30 20:40:36 2015 From: grarpamp at gmail.com (grarpamp) Date: Fri, 30 Jan 2015 23:40:36 -0500 Subject: www.nsa-observer.net In-Reply-To: References: Message-ID: n Fri, Jan 30, 2015 at 9:29 PM, coderman wrote: > thanks, checking them out. one thing i don't see mentioned is how the > OCR was performed. same as Reuters DocumentCloud service, or open > source tool, or ? > next bigsun update will demonstrate this challenge better, as i am > using a handful of techniques for text extraction, character > recognition, and annotation, as well. in a sense, this is how the > sausage making gets started... https://en.wikipedia.org/wiki/Comparison_of_optical_character_recognition_software Or cheap labor from $thirdworld? Crowdsourcing? For that matter, funding from special interests for a dedicated natural language team would probably not be too hard to find if their ROI for input to later analysis was good. > (i will see if there is a convenient way i can feed back out again, > like to nsa-observer, since bigsun is intended to be operated entirely > within hidden services - no public services, especially not github or > document cloud) I see no problem with running cool projects even exclusively within darknets. Announcements/links will find their way out to clearnet. Those who wish to join or read will do so and be exposed to learning and running some new privacy/crypto tech needed to get to it as a byproduct. It's a win. More people should do it for their related projects. And so long as the darknets can be made to scale, in general. From grarpamp at gmail.com Fri Jan 30 20:58:38 2015 From: grarpamp at gmail.com (grarpamp) Date: Fri, 30 Jan 2015 23:58:38 -0500 Subject: www.nsa-observer.net In-Reply-To: References: Message-ID: On Fri, Jan 30, 2015 at 11:40 PM, grarpamp wrote: > https://en.wikipedia.org/wiki/Comparison_of_optical_character_recognition_software https://www.google.com/search?q="(pdftotxt|pdf2txt)" http://www.unixuser.org/~euske/python/pdfminer/ Note the "Sudden resurge of interests". As a hack you could just auto iterate display and screenshot of each page/slide of whatever doctype and shove them through ocr for fun. From coderman at gmail.com Sat Jan 31 01:43:08 2015 From: coderman at gmail.com (coderman) Date: Sat, 31 Jan 2015 01:43:08 -0800 Subject: www.nsa-observer.net In-Reply-To: References: Message-ID: On 1/30/15, grarpamp wrote: > ... > Or cheap labor from $thirdworld? Crowdsourcing? this is a longer story, but yes, i'm using a handful of all of the above. some are better than others. (and some proprietary tools, as well) > For that matter, > funding from special interests for a dedicated natural language > team would probably not be too hard to find if their ROI for input > to later analysis was good. i'm no good at funding, but cursory efforts were not productive. part of my problem is focus on SIGINT/NatSec, when general purpose tools would suffice. no one wants to touch the hot potato unless they're already knee deep in the mash. > I see no problem with running cool projects even exclusively > within darknets. Announcements/links will find their way out to > clearnet. Those who wish to join or read will do so and be > exposed to learning and running some new privacy/crypto tech > needed to get to it as a byproduct. It's a win. More people > should do it for their related projects. And so long as the > darknets can be made to scale, in general. scaling distribution of tens of gigs of reference materials is a challenge. technically it is working, but usability needs some help... (next dist should be easier to mirror) thanks grarpamp! best regards, From jya at pipeline.com Sat Jan 31 05:59:18 2015 From: jya at pipeline.com (John Young) Date: Sat, 31 Jan 2015 08:59:18 -0500 Subject: www.nsa-observer.net In-Reply-To: References: Message-ID: Swell initiatives by all the Snowden distributors. Except most fall prey to PDF manipulation of tagging, implanting, tracking, by willful intent or by technical ignorance. It is virtually impossible to sanitize PDFs due to Adobe's inherent design to meticulously spy on use of its products as well as deluded user attempts to hide who, when, what, how by users from creation to modification to wiping to stego to signing to forging to stinging. Image or accessible-text or other PDF formats, locked, redacted, watermarked, et al. Well behind and below the metadata Adobe allows users and abusers to see, lurks Adobe's advanced persistent meta-meta to aim for NSA/Tor-multi-level obscurantism by which accessible meta is used to hide inaccessible. Below dark is darker, ever darkening as new tools are developed to pry farther into the less visible and off-oscilloscopic spectrum. DoD issued today a short directive on the Center for Countermeasures and Counter-Countermeasures (including cyberweapons like PDFs). Presume NSA, aided by Adobe, has tracked, will track, Snowden's material in all its iterations from the time he snatched it to the latest distributor, consumer and secret archiver in Oahu, Maryland, Hong Kong, Berlin, Rio, NYC, DC, online and off. PDFs (and DOCs) are more treacherous than log files, backdoors, 0-days, APTs, what have you due to their popularity. HTM and TXT are much safer. Courier fonts are safer than other fonts, especially those promoted by Adobe and others who use fonts to spy (all rationalized as protection of IP -- ie, comparable to natsec). At 09:29 PM 1/30/2015, you wrote: >On 1/30/15, grarpamp wrote: > > https://www.nsa-observer.net/ > > https://github.com/nsa-observer/ > > > > fyi, coderman et al. > > >thanks, checking them out. one thing i don't see mentioned is how the >OCR was performed. same as Reuters DocumentCloud service, or open >source tool, or ? > >next bigsun update will demonstrate this challenge better, as i am >using a handful of techniques for text extraction, character >recognition, and annotation, as well. in a sense, this is how the >sausage making gets started... > >(i will see if there is a convenient way i can feed back out again, >like to nsa-observer, since bigsun is intended to be operated entirely >within hidden services - no public services, especially not github or >document cloud) > > >best regards, From jya at pipeline.com Sat Jan 31 07:14:47 2015 From: jya at pipeline.com (John Young) Date: Sat, 31 Jan 2015 10:14:47 -0500 Subject: [Cryptography] How the CIA Made Google In-Reply-To: References: Message-ID: An early program of Highlands Group was perception management by which public opinion would be shaped by disparagement of opposition to ubiquitous gov-com spying with gambits like "tin-foil hat," "conspiracy theory," and other forms of reputation attacks. Chorusing these terms becomes habitual with repetition, even among those who are otherwise open-minded to novel scientific and theological innovations so long as the innovations are peer-reviewed or sanctioned by authorities, even when the authorities are revealed to be self-serving and corrupt, perhaps especially so. That is the crippling effects of standards setting in all human endeavors, the favoritism toward standards setting obedient members and ostacism of dissenters to the dominants. Fortunately, the tin-hatters and conspiriacists overturn the sclerotic hegemons if not burned at the stake, imprisoned, die of impoverishment, driven to suicide. Mercy is never a characteristic of certitude and maddened crowd-minds compelled to admire miters, crowns, helmets, wigs of judmentalist soothsayers self-anointed deitific and scientific absolutist perception managers -- also known as spymasters. At 09:31 PM 1/29/2015, Henry Baker wrote: >At 06:30 AM 1/29/2015, John Young wrote: > >https://medium.com/@NafeezAhmed/how-the-cia-made-google-e836451a959e > > > >Fascinating research, with gobs of suspects besides TLAs, Brin and Page, > >some here now, some here back then, as suspected then and now. Not > >that there is anything wrong with suspecting cpunks was made similarly. > >In the same vein, but with a bit less tin foil hattery: > >http://steveblank.com/secret-history/ From bbrewer at littledystopia.net Sat Jan 31 08:41:48 2015 From: bbrewer at littledystopia.net (Benjamin Brewer) Date: Sat, 31 Jan 2015 11:41:48 -0500 Subject: www.nsa-observer.net In-Reply-To: References: Message-ID: <88F21790-A209-4592-8FF5-A18F7605BADC@littledystopia.net> > On Jan 31, 2015, at 8:59 AM, John Young wrote: > > Swell initiatives by all the Snowden distributors. Except most > fall prey to PDF manipulation of tagging, implanting, tracking, > by willful intent or by technical ignorance. > > It is virtually impossible to sanitize PDFs due to Adobe's inherent > design to meticulously spy on use of its products as well as > deluded user attempts to hide who, when, what, how by users > from creation to modification to wiping to stego to signing to > forging to stinging. Image or accessible-text or other PDF > formats, locked, redacted, watermarked, et al. > Pardon my ignorance about this, and I will do my own research, but do these hidden formattings/stego/call-home functions disappear, get mutilated, become broken when ‘converting’ such PDF documents to other document types via use of many ‘conversion’ tools (Calibre comes to mind instantly) or are these embedded organisms a persistent across any automated conversion routine? Cheers, Benjamin From jya at pipeline.com Sat Jan 31 09:39:11 2015 From: jya at pipeline.com (John Young) Date: Sat, 31 Jan 2015 12:39:11 -0500 Subject: www.nsa-observer.net In-Reply-To: References: Message-ID: Depends on the converter, whether it keeps the Adobe spying features witting or unwitting -- which it may be aware of or not. And whether it has a deal with Adobe to retain disguised. Adode hidden code is quite devious -- for example it may remain hidden to use the converted version as a host germ carrier to propagate itself, following the bio model in our guts to use feces as fertilizer. Be careful about using free products, such as Adobe Reader and free converters of formats of all kinds. They often contain germs similar to the way NSA and other spies implant germs in innocuous programs and platforms -- "free" is as devious as "open" to those who exploit public trust in freedom and openness. Journalism a prime exploiter under the brand of freedom of the press to exploit with constitutional protection. Gmail is one of the most notorious germ transmitters. Tor not quite as evil, but less because newer than the Internet itself, the Internet Archive, Wikipedia, social media, PGP, and many more which may have had noble origins but have been adopted (and bought) by converters of good to evil -- most readily by government contracts, vulture capitalism, desparately broke and in debt, entrapment and coercion by law enforement -- or all of them. This list is beyond good and evil, thus spoke Zarathrusta, aka TCM, JG, EH. Though those gods are dead. Benjamin Brewer wrote: > On Jan 31, 2015, at 8:59 AM, John Young <jya at pipeline.com> wrote: > > Swell initiatives by all the Snowden distributors. Except most > fall prey to PDF manipulation of tagging, implanting, tracking, > by willful intent or by technical ignorance. > > It is virtually impossible to sanitize PDFs due to Adobe's inherent > design to meticulously spy on use of its products as well as > deluded user attempts to hide who, when, what, how by users > from creation to modification to wiping to stego to signing to > forging to stinging. Image or accessible-text or other PDF > formats, locked, redacted, watermarked, et al. > Pardon my ignorance about this, and I will do my own research, but do these hidden formattings/stego/call-home functions disappear, get mutilated, become broken when 'converting' such PDF documents to other document types via use of many 'conversion' tools (Calibre comes to mind instantly) or are these embedded organisms a persistent across any automated conversion routine? Cheers, Benjamin -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2749 bytes Desc: not available URL: From rysiek at hackerspace.pl Sat Jan 31 06:02:44 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sat, 31 Jan 2015 15:02:44 +0100 Subject: Cypherpunk Politics In-Reply-To: References: <54cac2e7.e16a8c0a.5e6a.ffff9332@mx.google.com> Message-ID: <1695873.YLoGQs6Fg2@lapuntu> Dnia piątek, 30 stycznia 2015 15:15:44 grarpamp pisze: > On Thu, Jan 29, 2015 at 6:34 PM, Juan wrote: > > On Thu, 29 Jan 2015 15:09:37 -0800 > > > > "shelley at misanthropia.org" wrote: > >> And we will bomb the shit out of... er, i mean bring our civilized > >> > > It can't be helped. It's god's will. > > Insha'Allah Shalom alaykum. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Sat Jan 31 06:11:58 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sat, 31 Jan 2015 15:11:58 +0100 Subject: Spies LEVITATE infohounds, filesharers, and Glee watchers In-Reply-To: References: Message-ID: <1737085.soARWq5SQ5@lapuntu> Dnia piątek, 30 stycznia 2015 18:39:14 grarpamp pisze: > http://www.cbc.ca/news/cse-tracks-millions-of-downloads-daily-snowden-docume > nts-1.2930120 > https://firstlook.org/theintercept/2015/01/28/canada-cse-levitation-mass-su > rveillance/ > > So what do you do if you're a vast global adversary network of old > chums, with unlimited resources, a world citizenry that is perhaps > becoming unafraid of terrists as background noise, and some might > say an authority to keep? > > Why, sit back and spy on everyday knowledge seekers, file sharers > and you tubers of course! Wasn't that the main idea all the time? Cf.: 1. http://www.stratfor.com/obstacles_capture_osama_bin_laden tl;dr NSA-style spying doesn't really help that much in "anti-terrorism" 2. http://www.counterpunch.org/2006/05/24/why-does-the-nsa-engage-in-mass-surveillance-of-americans-when-it-s-statistically-impossible-for-such-spying-to-detect-terrorists/ tl;dr it is statistically impossible to have profiling (based, say, on dragnet surveillance) work well on large populations -- too many false positives and false negatives. 1. & 2. can be safely assumed to be known for the NSA and powers that are. So obviously anti-terrorism is not the real aim of all this. What is? Shall we quote 2.? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Suppose that NSA’s system is really, really, really good, really, really good, with an accuracy rate of .90, and a misidentification rate of .00001, which means that only 3,000 innocent people are misidentified as terrorists. With these suppositions, then the probability that people are terrorists given that NSA’s system of surveillance identifies them as terrorists is only p=0.2308, which is far from one and well below flipping a coin. NSA’s domestic monitoring of everyone’s email and phone calls is useless for finding terrorists. NSA knows this. Bayes’ Theorem is elementary common knowledge. Also, mass surveillance of the entire population is logically plausible if NSA’s domestic spying is not looking for terrorists, but looking for something else, something that is not so rare as terrorists. For example, the May 19 Fox News opinion poll of 900 registered voters found that 30% dislike the Bush administration so much they want him impeached. If NSA were monitoring email and phone calls to identify pro-impeachment people, and if the accuracy rate were .90 and the error rate were .01, then the probability that people are pro-impeachment given that NSA surveillance system identified them as such, would be p=.98, which is coming close to certainty (p_1.00). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > Everything cypherpunks were saying in 1984 is coming true. > The story continues... -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Sat Jan 31 06:14:26 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sat, 31 Jan 2015 15:14:26 +0100 Subject: www.nsa-observer.net In-Reply-To: References: Message-ID: <2099489.qgx9fCPNvt@lapuntu> Dnia piątek, 30 stycznia 2015 13:17:36 grarpamp pisze: > https://www.nsa-observer.net/ > https://github.com/nsa-observer/ Wonder how long it will take GitHub to start taking down such "problematic" projects. > fyi, coderman et al. Cool. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Sat Jan 31 06:15:32 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sat, 31 Jan 2015 15:15:32 +0100 Subject: Fusion Centers: IGNITE! [Fwd: Cold War-era FBI memos show how close the US came to declaring Martial Law | Private Prisons "cherry pick" their populace] In-Reply-To: <20150130150806.GD2504@sivokote.iziade.m$> References: <20150130150806.GD2504@sivokote.iziade.m$> Message-ID: <1863938.ZY2pHoPlGa@lapuntu> Dnia piątek, 30 stycznia 2015 17:08:06 Georgi Guninski pisze: > On Fri, Jan 30, 2015 at 03:09:26AM -0800, coderman wrote: > > ...Martial Law... > > I am not native English speaker, so have 2 questions. > > 1. What is the difference between "Martial Law" and > torturing innocent people without trial [-1]? Cathal covered this one. > Since communism/advanced socialism is discussed: > > 2. What is the difference between torturing innocent people without trial > and (say) Stalin's approach to his sheeple (besides the scale)? None. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Sat Jan 31 06:17:31 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sat, 31 Jan 2015 15:17:31 +0100 Subject: chinese drunk droner crashes spy into white house In-Reply-To: References: <20150129020209.GH14804@nl.grid.coop> <54CACE61.7040501@riseup.net> Message-ID: <50815390.IRypkHtqCa@lapuntu> Dnia piątek, 30 stycznia 2015 17:58:38 grarpamp pisze: > On Thu, Jan 29, 2015 at 7:20 PM, Mirimir wrote: > >> http://rys.io/en/54 > >> > >> The funny part is: we had flying drones in the form of RC planes and > >> copters for years upon years and nobody thought about banning them. > >> Moreover, these > http://towerhobbies.com/ > > Hobbyists, tinkerers and hacks (and various baddies unrelated to them) > won't care about such bans. They'll just add relatively untraceable, > unjammable, SDR wideband radio as their remote control. Oh, I have not a shred of doubt about that! Thing is, such a ban (just as with encryption[1]) is not about banning 'copters (or encryption). It's about making their users easy to prosecute should need arise. [1] http://rys.io/en/149 -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From s at ctrlc.hu Sat Jan 31 06:39:25 2015 From: s at ctrlc.hu (stef) Date: Sat, 31 Jan 2015 15:39:25 +0100 Subject: www.nsa-observer.net In-Reply-To: <2099489.qgx9fCPNvt@lapuntu> References: <2099489.qgx9fCPNvt@lapuntu> Message-ID: <20150131143925.GG7598@ctrlc.hu> On Sat, Jan 31, 2015 at 03:14:26PM +0100, rysiek wrote: > Wonder how long it will take GitHub to start taking down such "problematic" > projects. and rightly so! wtf do you need js for accessing this content, surely only to get a foothold in the interested parties host. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt From coderman at gmail.com Sat Jan 31 16:06:13 2015 From: coderman at gmail.com (coderman) Date: Sat, 31 Jan 2015 16:06:13 -0800 Subject: www.nsa-observer.net In-Reply-To: <88F21790-A209-4592-8FF5-A18F7605BADC@littledystopia.net> References: <88F21790-A209-4592-8FF5-A18F7605BADC@littledystopia.net> Message-ID: On 1/31/15, Benjamin Brewer wrote: > ... > Pardon my ignorance about this, and I will do my own research, but do these > hidden formattings/stego/call-home functions disappear, get mutilated, > become broken when ‘converting’ such PDF documents to other document types we can wax lyrical about all the ways to sanitize a boundary through constraint, perhaps twice over, to be sure? that said, consider a Qubes OS setup where conversion between formats (app domains) was always to least complicated, most easy to verify well formed, even constraint through omission type simplifications, then a PDF to plain-text 80 column by 42 lines per page fixed width ASCII printable only could probably be interpreted into sentences that would be a way to collaborate separately without excessively leaking information among participants, maybe. in other words, PDFs and similar rich, obfuscated types are the adversaries playground. does this mean all PDFs are compromised? Of course not. But if you're a target, a specific PDF of specific structure could very well be an effective honey token and target you precisely. > ... > via use of many ‘conversion’ tools (Calibre comes to mind instantly) or are > these embedded organisms a persistent across any automated conversion > routine? consider a watermark, that resized half, still persists. this is the kind of meta leval manipulation of structure you may see in a rich document (PDF) that could still persist in some transformations. in other words, it depends on your threat model - who is tainting your documents in-line, silently, without your awares, and how complicated the formats and resulting transformations. as another example, this is why referencing even simplified subsets of text by a self certifying identifier, like afb1e384e450d644703ad96cdfe9f728be509854388687eb65b7c622e2f798a9 , e.g. bigsundaawafn36e.onion/shid/afb/1e3/afb1e384e450d644..5b7c622e2f798a9 , or http://sunshineeevvocqr.onion/bigsun/raw/afb1e384e450d644..5b7c622e2f798a9 which is the same paragraph in ascii no matter PDF or Word or HTML origin simplified to text paragraph. then, mutually un-trusting individuals collaborating from a distance, can use this shared address space as the base for cooperation. if that doesn't make sense, i will explain it better, later, :) best regards, From coderman at gmail.com Sat Jan 31 16:09:53 2015 From: coderman at gmail.com (coderman) Date: Sat, 31 Jan 2015 16:09:53 -0800 Subject: www.nsa-observer.net In-Reply-To: References: <88F21790-A209-4592-8FF5-A18F7605BADC@littledystopia.net> Message-ID: and yes, some absolutely call home. e.g. the embedded tracking pixels and kin. you should always load complex formats from a safe container without network access! (if you care) these are also the most easily stripped out from a simple format conversion, as well. (pdf2txt, etc.) best regards, From guninski at guninski.com Sat Jan 31 07:24:02 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sat, 31 Jan 2015 17:24:02 +0200 Subject: Fusion Centers: IGNITE! [Fwd: Cold War-era FBI memos show how close the US came to declaring Martial Law | Private Prisons "cherry pick" their populace] In-Reply-To: <54CBEB0B.8090904@cathalgarvey.me> References: <20150130150806.GD2504@sivokote.iziade.m$> <54CBEB0B.8090904@cathalgarvey.me> Message-ID: <20150131152402.GA2485@sivokote.iziade.m$> On Fri, Jan 30, 2015 at 08:35:23PM +0000, Cathal Garvey wrote: > > I am not native English speaker, so have 2 questions. > > > > 1. What is the difference between "Martial Law" and > > torturing innocent people without trial [-1]? > > Literally, Martial law means you can be shot for breaking the orders > of the designated enforcers. It represents "ad hoc, brutalist law" > in common usage. > Thank you. You mean something like the 2014 Ferguson unrest https://en.wikipedia.org/w/index.php?title=2014_Ferguson_unrest&oldid=644092498 where "police established curfews and deployed riot squads to maintain order."? curfew == вечерен час? From cathalgarvey at cathalgarvey.me Sat Jan 31 09:59:39 2015 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Sat, 31 Jan 2015 17:59:39 +0000 Subject: www.nsa-observer.net In-Reply-To: References: Message-ID: <54CD180B.9070708@cathalgarvey.me> Just don't forget to use markov chains + blot-width inference to fill in the censored portions. :) On 31/01/15 02:29, coderman wrote: > On 1/30/15, grarpamp wrote: >> https://www.nsa-observer.net/ >> https://github.com/nsa-observer/ >> >> fyi, coderman et al. > > > thanks, checking them out. one thing i don't see mentioned is how the > OCR was performed. same as Reuters DocumentCloud service, or open > source tool, or ? > > next bigsun update will demonstrate this challenge better, as i am > using a handful of techniques for text extraction, character > recognition, and annotation, as well. in a sense, this is how the > sausage making gets started... > > (i will see if there is a convenient way i can feed back out again, > like to nsa-observer, since bigsun is intended to be operated entirely > within hidden services - no public services, especially not github or > document cloud) > > > best regards, > -- Twitter: @onetruecathal Phone: +353876363185 miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM peerio.com: Use email or phone. Uses above miniLock key. From jason.mcvetta at gmail.com Sat Jan 31 18:03:05 2015 From: jason.mcvetta at gmail.com (Jason McVetta) Date: Sat, 31 Jan 2015 18:03:05 -0800 Subject: www.nsa-observer.net In-Reply-To: References: <88F21790-A209-4592-8FF5-A18F7605BADC@littledystopia.net> Message-ID: On Sat, Jan 31, 2015 at 4:58 PM, John Young wrote: > Acrobat needed to see the Additional Metadata, Reader does not show. > For Ubuntu users: sudo apt-get install libimage-exiftool-perl exiftool -a -G1 adobe-acrobat-xi-scan-paper-to-pdf-and-apply-ocr-tutorial-ue.pdf | less -S -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 921 bytes Desc: not available URL: From cathalgarvey at cathalgarvey.me Sat Jan 31 10:07:30 2015 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Sat, 31 Jan 2015 18:07:30 +0000 Subject: Fusion Centers: IGNITE! [Fwd: Cold War-era FBI memos show how close the US came to declaring Martial Law | Private Prisons "cherry pick" their populace] In-Reply-To: <20150131152402.GA2485@sivokote.iziade.m$> References: <20150130150806.GD2504@sivokote.iziade.m$> <54CBEB0B.8090904@cathalgarvey.me> <20150131152402.GA2485@sivokote.iziade.m$> Message-ID: <54CD19E2.6000903@cathalgarvey.me> Close, very close. Martial law would be if Ferguson protestors were actually shot for breaking the orders. It's the ultimate expression of Ferguson; think Syria, or Egypt. On 31/01/15 15:24, Georgi Guninski wrote: > On Fri, Jan 30, 2015 at 08:35:23PM +0000, Cathal Garvey wrote: >>> I am not native English speaker, so have 2 questions. >>> >>> 1. What is the difference between "Martial Law" and >>> torturing innocent people without trial [-1]? >> >> Literally, Martial law means you can be shot for breaking the orders >> of the designated enforcers. It represents "ad hoc, brutalist law" >> in common usage. >> > > Thank you. > > You mean something like the 2014 Ferguson unrest > https://en.wikipedia.org/w/index.php?title=2014_Ferguson_unrest&oldid=644092498 > where "police established curfews and deployed riot squads to maintain > order."? > > curfew == вечерен час? > -- Twitter: @onetruecathal Phone: +353876363185 miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM peerio.com: Use email or phone. Uses above miniLock key. From mirimir at riseup.net Sat Jan 31 17:12:21 2015 From: mirimir at riseup.net (Mirimir) Date: Sat, 31 Jan 2015 18:12:21 -0700 Subject: www.nsa-observer.net In-Reply-To: References: Message-ID: <54CD7D75.7080503@riseup.net> On 01/31/2015 06:59 AM, John Young wrote: > Swell initiatives by all the Snowden distributors. Except most > fall prey to PDF manipulation of tagging, implanting, tracking, > by willful intent or by technical ignorance. I don't see this as an issue for processors and distributors, as long as their OPSEC is adequate. We may prudently assume that Snowden's originals were tagged, watermarked, implanted, and so on. Given that, I trust that everyone working with the documents has behaved accordingly. If they haven't, it's all too likely that identities and relationships have been inadvertently been revealed. Son las cosas de la vida. But for casual enthusiasts and the general public, this could be a serious issue. Even if documents were obtained securely, they could phone home. Scans by anti-malware apps could be uploaded to servers. Cloud-backup providers might look for them. ... How might one prevent that? What comes to mind is a Tor hidden-service site that serves scrubbed images, and doesn't readily permit downloads. While OCR would be essential in processing documents, serving text arguably puts users at risk. Maybe that's obvious. From grarpamp at gmail.com Sat Jan 31 15:38:42 2015 From: grarpamp at gmail.com (grarpamp) Date: Sat, 31 Jan 2015 18:38:42 -0500 Subject: US Wiretap Report 2013 Message-ID: http://www.uscourts.gov/Statistics/WiretapReports/wiretap-report-2013.aspx According to Snowden and other sources... their numbers seem a little low. From jya at pipeline.com Sat Jan 31 16:58:49 2015 From: jya at pipeline.com (John Young) Date: Sat, 31 Jan 2015 19:58:49 -0500 Subject: www.nsa-observer.net In-Reply-To: References: <88F21790-A209-4592-8FF5-A18F7605BADC@littledystopia.net> Message-ID: A sample 1-page PDF by Adobe with over 500 metadata visible under "Properties" "Additional Metadata" "Advanced" http://cryptome.org/adobe-acrobat-xi-scan-paper-to-pdf-and-apply-ocr-tutorial-ue.pdf Acrobat needed to see the Additional Metadata, Reader does not show. Curious 464 metadata under "xmpMM:History (bag container)". And many more hidden but perusable with text scrutiny of the PDF. From guninski at guninski.com Sat Jan 31 10:08:05 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sat, 31 Jan 2015 20:08:05 +0200 Subject: www.nsa-observer.net In-Reply-To: <20150131143925.GG7598@ctrlc.hu> References: <2099489.qgx9fCPNvt@lapuntu> <20150131143925.GG7598@ctrlc.hu> Message-ID: <20150131180805.GB2485@sivokote.iziade.m$> On Sat, Jan 31, 2015 at 03:39:25PM +0100, stef wrote: > On Sat, Jan 31, 2015 at 03:14:26PM +0100, rysiek wrote: > > Wonder how long it will take GitHub to start taking down such "problematic" > > projects. > > and rightly so! wtf do you need js for accessing this content, surely only to > get a foothold in the interested parties host. > > -- > otr fp: https://www.ctrlc.hu/~stef/otr.txt indeed, why js? this certainly can be implemented server side or static. mozilla (tm) (r) (inc) pissed off the creator of js (BE) due to made up gay scandal shortly after he came in power. From juan.g71 at gmail.com Sat Jan 31 15:15:47 2015 From: juan.g71 at gmail.com (Juan) Date: Sat, 31 Jan 2015 20:15:47 -0300 Subject: Fusion Centers: IGNITE! [Fwd: Cold War-era FBI memos show how close the US came to declaring Martial Law | Private Prisons "cherry pick" their populace] In-Reply-To: <20150131152402.GA2485@sivokote.iziade.m$> References: <20150130150806.GD2504@sivokote.iziade.m$> <54CBEB0B.8090904@cathalgarvey.me> <20150131152402.GA2485@sivokote.iziade.m$> Message-ID: <54cd618a.a7268c0a.641e.ffffaa18@mx.google.com> On Sat, 31 Jan 2015 17:24:02 +0200 Georgi Guninski wrote: > > > I am not native English speaker, so have 2 questions. > > > > > > 1. What is the difference between "Martial Law" and > > > torturing innocent people without trial [-1]? None, as already pointed out. Although I'm guessing your question was a rhetorical question and didn't require an answer... > > > > Literally, Martial law means you can be shot for breaking the orders > > of the designated enforcers. Sorry, wrong. Literally martial law means military law. Get a dictionary. And of course, all state law is martial law when you devote a couple of minutes to think the issue trough. > It represents "ad hoc, brutalist law" > > in common usage. > > > > Thank you. > > You mean something like the 2014 Ferguson unrest > https://en.wikipedia.org/w/index.php?title=2014_Ferguson_unrest&oldid=644092498 > where "police established curfews and deployed riot squads to maintain > order."? > > curfew == вечерен час? From grarpamp at gmail.com Sat Jan 31 17:36:52 2015 From: grarpamp at gmail.com (grarpamp) Date: Sat, 31 Jan 2015 20:36:52 -0500 Subject: [Cryptography] How the CIA Made Google In-Reply-To: References: <54CABB01.7010701@iang.org> <54CB4A8A.1080901@iang.org> Message-ID: Previously: >>> They aren't handing data to NSA? Show us, how? The executive >>> doesn't take their agenda from 'Highlands Forum' ? Show us, that >>> you don't. The pipes between data centers are encrypted by keys >>> that aren't being leaked -- where's the evidence? Your CSO doesn't >>> have a phone in his shoe? Let’s see! >> Hmmm… proving negatives. Does that have something to do with >> quantum entanglement? No, it has to do with good old fashioned integrity, openness and honesty with the public. People can spot that, or lack thereof, from miles away. On Sat, Jan 31, 2015 at 3:51 PM, Tom Mitchell wrote: > I might also note that there has not been (yet?) a Snowden event disclosing > bad behaviour initiated by Google. Consensus is that the very first Snodwn release, the PRISM slides and language therein, indicated some form of bilateral partnership with a large number of internet companies. Plus the AT&T tap room thing, and other known early parts of the storyline. It is unreasonable to assume that there is a strictly arms length, Judge signed, per transaction basis going on there. Where you have any relationship at all, loose buddy relationships develop to various degrees. > The international nature of Google puts them in a much harder > place than a TLA as serious blunders could roll up the business > and give them no place to hide. Google is an American company. Companies and govts don't generally wish or extend their secret jewels to offshore risk. Though occaisionally embassies and corps do get caught off guard or are bound by certain rules. > The reality I suspect is: Google protects its data with more > care than most federal agencies. Data protection regimen is separate from what you elect to do with that data. Good regimen makes it easier to control and manage your plans, ie: classification. This is not to say these things are true, but that there is less and/or unconvincing evidence that they are not, and at least resonable cause to consider that they are. On innocence... Why are the Boards, CEO's, Officers and staff of these companies not speaking up and saying they had and have no non judicially forced role in the spying of Snowdens revelations? On resistance... QWEST (Nacchio) tried to stand up, for a few minutes at least till resigning and later jailed. Replaced by, AT&T's (Notebaert). Lavabit (Levison) stood up, and closed. We're now seeing some companies doing "good things" in this space. But that doesn't address the original question of innocence or guilt. On guilt... Or maybe they're not speaking up because... like the US refuses to disclose any of the credible terror plots and bad guys they claim to be rolling up as mass spying result... maybe its because they have a bit of a problem with their story there. Who knows. But if you're clean and can back it, and are in the middle of a hot mess, keeping silent is a pretty dumb thing to do for your reputation. Needs more openness. From goran at gothic.com.au Sat Jan 31 03:18:23 2015 From: goran at gothic.com.au (Goran Novak) Date: Sat, 31 Jan 2015 22:18:23 +1100 Subject: Cypherpunk Politics In-Reply-To: <54CC3EEE.7040006@riseup.net> References: <2861460.HQp4W9DS8A@lapuntu> <20150129094135.GB4387@sivokote.iziade.m$> <54CAD2E8.2040306@riseup.net> <54CB64A2.307@gothic.com.au> <54CC3EEE.7040006@riseup.net> Message-ID: <54CCB9FF.3050801@gothic.com.au> On 31/01/2015 1:33 PM, Mirimir wrote: > Yes, that was my point. I should have said "alleged communism" and > "alleged democracy". I don't mind calling existing social systems as "alleged" - democracy or corporatrocracy or kleptocracy. I don't agree with distorted descriptions of theoretical societies; "oppressive government in communism" - oxymoron; it is a stateless society "corrupted-money grabbing state in communism" - oxymoron; it is moneyless society After all, an offer of "all natural cake made with unbleached flour and nothing but organic ingredients, baked in traditional way" would look less appealing if next to the label a statement says "may contain poisonous shit"... From mixmaster at remailer.privacy.at Sat Jan 31 13:54:23 2015 From: mixmaster at remailer.privacy.at (Anonymous Remailer (austria)) Date: Sat, 31 Jan 2015 22:54:23 +0100 (CET) Subject: Nafeez's Google History lacks US Customs & Secret Service Message-ID: <4afa61163d4e9bc2280dbbd34c2eaf4c@remailer.privacy.at> Nafeez's Google History lacks US Customs & Secret Service Re Nafeez's convoluted Google history that neglects to mention altavista et al were seized by us customs and us secret service, held by marshalls until transfer to DHS. You neglect one of the most important historical factors that merged the commercial civil indexing systems with other monitoring: altavista (and others) was seized by US Customs for illegal export and laundering of stolen copywrite content with US Secret Service for computer crimes. Result was bot indexing rules and Yahoo. ALL of the large search systems are state managed. From coderman at gmail.com Sat Jan 31 23:16:28 2015 From: coderman at gmail.com (coderman) Date: Sat, 31 Jan 2015 23:16:28 -0800 Subject: www.nsa-observer.net In-Reply-To: References: <88F21790-A209-4592-8FF5-A18F7605BADC@littledystopia.net> Message-ID: On 1/31/15, Jason McVetta wrote: > ... > For Ubuntu users: > > sudo apt-get install libimage-exiftool-perl > exiftool -a -G1 > adobe-acrobat-xi-scan-paper-to-pdf-and-apply-ocr-tutorial-ue.pdf | less -S per the python PDF tools, (with varied options), or reduced option command line pdf2txt, or pdftotext, or also: strings --bytes=$varlength ... with varying --encoding= ... , for as John mentioned, all the metadatas and annotations typically unseen, consider that the specific "configuration and input parsing" as a "profile" for a given "input document" identified by "self certifying identifier" for all of the above results in collaborative simplified text paragraphs as a working base. so sha256(generated corpora) == sha256(sha256(doc) ^ sha256(config of parse opts) ^ sha256(parse-product) ) if i use a convenient generated slang, ... this means at least a dozen "to text" engines with configuration, (parse opts and parse products) per input document as a working state. and ten to twenty times the input pages as simplified output text paragraphs (common base) collected from the useful parts of the best transformations, used for subsequent text based natural language processing. in a sense, this is devops come to document processing, where the process itself is embodied in version controlled and complete archives with self certifying integrity. this means boring, and also done decades ago, more or less, in varying contexts. everything old is new again ;P there are a whole field of customer parser and data sets and scrapers all dedicated to variations on this theme, although sadly they don't live public lives, for the most part. best regards,