From jya at pipeline.com  Sun Mar  1 04:36:59 2015
From: jya at pipeline.com (John Young)
Date: Sun, 01 Mar 2015 07:36:59 -0500
Subject: Governments Covertly Fund Internet Freedom Activists
In-Reply-To: <54F260E0.1070808@headstrong.de>
References: <54F09958.1080901@gmx.com>
 <54F260E0.1070808@headstrong.de>
Message-ID: <E1YS33z-0000E9-Ev@elasmtp-masked.atl.sa.earthlink.net>

Well said. Very few citizens receiving government funds, benefits,
perks, favors, bribes, contracts, tax write-offs, and even fewer NGO
beneficiaries are bothered by laws. procedures, pacts, secrecy,
venality, venerable greasing of palms. This is what governments
and NGOs were invented for and remain the premier source of
livelihood one way or the other, especially for those who pretend
opposition while royally partying with opponents. Royally, not
peasantly.

6- and 7-figure dollar compensation of officers of NGO, edu, com,
gov, religion, media ad nauseum, confirm the arrangement to promise
public service as a lure to vampire the lucre of believers who think they
will be able to become brazen vampires too. And it works, shrewd
recruits and donors like Soros, Omidyar, WikiLeaks, Snowden and
millions of followers flood into civil liberties, cybersec, anonymizing,
FOI, spying, think tanks, ACLU, EFF, EPIC, Privacy International,
Investigative Journalists, ProPublica, The Intercept, on and on ad
nauseum from Day One to 0-Day.

Favorite rejoiner to accusations of perfidy is to accuse of conspiracy
of various stripes, never ever confessing that the greatest conspiracies
are promulgated by governments and their well-trained domesticates:
Spies, agents, sources, cohorts, informants, educators, preachers,
contractors, opinionators, operators, heroes, medalists, oh hell, us
SOB maestroes of the Duh Conspiracy.



At 07:44 PM 2/28/2015, mo wrote:
>Well. Duh.
>
>As a happy recipient of this totally laundered crazy government money,
>and, yes, if you don't read any of the documents these entities provide
>it may come as a complete surprise to you, I am quite happy about them
>having to preserve some privacy.
>
>Can't we be happy that government money can actually (try to) do good?
>Does really /everything/ have to be The Reptilian Conspiracy?
>
>On 02/27/2015 05:20 PM, Polity News wrote:
> > When asked for public records about internet freedom funding, the
> > governments of the Netherlands and Sweden classified and redacted
> > documents about the contracts.
> >
> > 
> http://piratetimes.net/governments-covertly-fund-internet-freedom-activists/
> >





From tbiehn at gmail.com  Sun Mar  1 06:49:37 2015
From: tbiehn at gmail.com (Travis Biehn)
Date: Sun, 1 Mar 2015 09:49:37 -0500
Subject: Governments Covertly Fund Internet Freedom Activists
In-Reply-To: <E1YS33z-0000E9-Ev@elasmtp-masked.atl.sa.earthlink.net>
References: <54F09958.1080901@gmx.com> <54F260E0.1070808@headstrong.de>
 <E1YS33z-0000E9-Ev@elasmtp-masked.atl.sa.earthlink.net>
Message-ID: <CAKtE3zeo4D6HEZdXxxmF6LKQwQDysAxseXHdxnteKAjmQ75==A@mail.gmail.com>

*cough* it is being incorrectly framed as a 'sources' problem. You should
be more interested in 'what' and 'where' rather than 'who' and 'how much'.

One man's virus is another man's liberator.

Travis
On Mar 1, 2015 7:49 AM, "John Young" <jya at pipeline.com> wrote:

> Well said. Very few citizens receiving government funds, benefits,
> perks, favors, bribes, contracts, tax write-offs, and even fewer NGO
> beneficiaries are bothered by laws. procedures, pacts, secrecy,
> venality, venerable greasing of palms. This is what governments
> and NGOs were invented for and remain the premier source of
> livelihood one way or the other, especially for those who pretend
> opposition while royally partying with opponents. Royally, not
> peasantly.
>
> 6- and 7-figure dollar compensation of officers of NGO, edu, com,
> gov, religion, media ad nauseum, confirm the arrangement to promise
> public service as a lure to vampire the lucre of believers who think they
> will be able to become brazen vampires too. And it works, shrewd
> recruits and donors like Soros, Omidyar, WikiLeaks, Snowden and
> millions of followers flood into civil liberties, cybersec, anonymizing,
> FOI, spying, think tanks, ACLU, EFF, EPIC, Privacy International,
> Investigative Journalists, ProPublica, The Intercept, on and on ad
> nauseum from Day One to 0-Day.
>
> Favorite rejoiner to accusations of perfidy is to accuse of conspiracy
> of various stripes, never ever confessing that the greatest conspiracies
> are promulgated by governments and their well-trained domesticates:
> Spies, agents, sources, cohorts, informants, educators, preachers,
> contractors, opinionators, operators, heroes, medalists, oh hell, us
> SOB maestroes of the Duh Conspiracy.
>
>
>
> At 07:44 PM 2/28/2015, mo wrote:
>
>> Well. Duh.
>>
>> As a happy recipient of this totally laundered crazy government money,
>> and, yes, if you don't read any of the documents these entities provide
>> it may come as a complete surprise to you, I am quite happy about them
>> having to preserve some privacy.
>>
>> Can't we be happy that government money can actually (try to) do good?
>> Does really /everything/ have to be The Reptilian Conspiracy?
>>
>> On 02/27/2015 05:20 PM, Polity News wrote:
>> > When asked for public records about internet freedom funding, the
>> > governments of the Netherlands and Sweden classified and redacted
>> > documents about the contracts.
>> >
>> > http://piratetimes.net/governments-covertly-fund-
>> internet-freedom-activists/
>> >
>>
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3193 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150301/2daf5f55/attachment.txt>

From shelley at misanthropia.org  Sun Mar  1 11:45:20 2015
From: shelley at misanthropia.org (shelley at misanthropia.org)
Date: Sun, 01 Mar 2015 11:45:20 -0800
Subject: Governments Covertly Fund Internet Freedom Activists
In-Reply-To: <14bd6db0588.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org>
References: <54F09958.1080901@gmx.com> <54F260E0.1070808@headstrong.de>
 <E1YS33z-0000E9-Ev@elasmtp-masked.atl.sa.earthlink.net>
 <CADhsnxdYOUeRxoXt39M9eZdEi2EEFja9a2K3v0CB_w-ZHOUDDw@mail.gmail.com>
Message-ID: <14bd6df1498.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org>

On March 1, 2015 10:51:09 AM brian carroll <electromagnetize at gmail.com> wrote:

> perhaps the institutionalization of 'royal perks' explains
> in part the necessity of a one-party governing system,
> where any actual opposition (politics) are then managed
> and absorbed into this model, to protect/secure/maintain
> aristocratic lifestyles otherwise threatened by actual change,
> where the focus of issues of subsidy then becomes the poor:
>
> "hark! peasants are drinking wine, wine!! with Our Money!"
>
> (in a top-down surveillance context, who benefits/profits most?)

^ This +100.  Very prescient; I could not have put it any better.





From electromagnetize at gmail.com  Sun Mar  1 09:58:32 2015
From: electromagnetize at gmail.com (brian carroll)
Date: Sun, 1 Mar 2015 11:58:32 -0600
Subject: Governments Covertly Fund Internet Freedom Activists
In-Reply-To: <E1YS33z-0000E9-Ev@elasmtp-masked.atl.sa.earthlink.net>
References: <54F09958.1080901@gmx.com> <54F260E0.1070808@headstrong.de>
 <E1YS33z-0000E9-Ev@elasmtp-masked.atl.sa.earthlink.net>
Message-ID: <CADhsnxdYOUeRxoXt39M9eZdEi2EEFja9a2K3v0CB_w-ZHOUDDw@mail.gmail.com>

perhaps the institutionalization of 'royal perks' explains
in part the necessity of a one-party governing system,
where any actual opposition (politics) are then managed
and absorbed into this model, to protect/secure/maintain
aristocratic lifestyles otherwise threatened by actual change,
where the focus of issues of subsidy then becomes the poor:

"hark! peasants are drinking wine, wine!! with Our Money!"

(in a top-down surveillance context, who benefits/profits most?)


jya at pipeline.com wrote:

> This is what governments and NGOs were invented for
> and remain the premier source of livelihood one way or
> the other, especially for those who pretend opposition
> while royally partying with opponents. Royally, not
> peasantly.




From electromagnetize at gmail.com  Sun Mar  1 10:02:39 2015
From: electromagnetize at gmail.com (brian carroll)
Date: Sun, 1 Mar 2015 12:02:39 -0600
Subject: Governments Covertly Fund Internet Freedom Activists
In-Reply-To: <CADhsnxdYOUeRxoXt39M9eZdEi2EEFja9a2K3v0CB_w-ZHOUDDw@mail.gmail.com>
References: <54F09958.1080901@gmx.com> <54F260E0.1070808@headstrong.de>
 <E1YS33z-0000E9-Ev@elasmtp-masked.atl.sa.earthlink.net>
 <CADhsnxdYOUeRxoXt39M9eZdEi2EEFja9a2K3v0CB_w-ZHOUDDw@mail.gmail.com>
Message-ID: <CADhsnxe_D+iXenx9Xg3zkBVF27pH3603MDKVNr8P7H9SQET6mw@mail.gmail.com>

...whereas actual political change in an institutional
context (ngos, nonprofits, national orgs, etc) could
dismantle/destroy these royal lifestyles via rapid loss
of non-recoverable government funds/ideological subsidy

(emptied wine cellars, filtered water basis for everyday luxury)





On Sun, Mar 1, 2015 at 11:58 AM, brian carroll
<electromagnetize at gmail.com> wrote:
> perhaps the institutionalization of 'royal perks' explains
> in part the necessity of a one-party governing system,
> where any actual opposition (politics) are then managed
> and absorbed into this model, to protect/secure/maintain
> aristocratic lifestyles otherwise threatened by actual change,
> where the focus of issues of subsidy then becomes the poor:
>
> "hark! peasants are drinking wine, wine!! with Our Money!"
>
> (in a top-down surveillance context, who benefits/profits most?)
>
>
> jya at pipeline.com wrote:
>
>> This is what governments and NGOs were invented for
>> and remain the premier source of livelihood one way or
>> the other, especially for those who pretend opposition
>> while royally partying with opponents. Royally, not
>> peasantly.




From electromagnetize at gmail.com  Sun Mar  1 10:10:55 2015
From: electromagnetize at gmail.com (brian carroll)
Date: Sun, 1 Mar 2015 12:10:55 -0600
Subject: Governments Covertly Fund Internet Freedom Activists
In-Reply-To: <CADhsnxe_D+iXenx9Xg3zkBVF27pH3603MDKVNr8P7H9SQET6mw@mail.gmail.com>
References: <54F09958.1080901@gmx.com> <54F260E0.1070808@headstrong.de>
 <E1YS33z-0000E9-Ev@elasmtp-masked.atl.sa.earthlink.net>
 <CADhsnxdYOUeRxoXt39M9eZdEi2EEFja9a2K3v0CB_w-ZHOUDDw@mail.gmail.com>
 <CADhsnxe_D+iXenx9Xg3zkBVF27pH3603MDKVNr8P7H9SQET6mw@mail.gmail.com>
Message-ID: <CADhsnxehbw_Q7FFz0kzZ_hfTBbsPrhidYta-VthaPqQANoTMhw@mail.gmail.com>

'they' (political monoculture) threaten this dissolving
of support against the peasants and poor all the time,
(limiting and removing health services, social security)

wait until those 'virtually wealthy' ---reliant on things never
changing, ungrounded in their beliefs--- lose the support to
maintain their existence and yet have many bills to pay...

it gets nasty real quick when bureaucracy is against you.

losing support of that same bureaucracy just gotta hurt,
especially under crazed monocle of global security state

(don't worry, winks the mass media newscaster,
you will be protected, you're one of us...)


On Sun, Mar 1, 2015 at 12:02 PM, brian carroll
<electromagnetize at gmail.com> wrote:
> ...whereas actual political change in an institutional
> context (ngos, nonprofits, national orgs, etc) could
> dismantle/destroy these royal lifestyles via rapid loss
> of non-recoverable government funds/ideological subsidy
>
> (emptied wine cellars, filtered water basis for everyday luxury)
>
> On Sun, Mar 1, 2015 at 11:58 AM, brian carroll
> <electromagnetize at gmail.com> wrote:
>> perhaps the institutionalization of 'royal perks' explains
>> in part the necessity of a one-party governing system,
>> where any actual opposition (politics) are then managed
>> and absorbed into this model, to protect/secure/maintain
>> aristocratic lifestyles otherwise threatened by actual change,
>> where the focus of issues of subsidy then becomes the poor:
>>
>> "hark! peasants are drinking wine, wine!! with Our Money!"
>>
>> (in a top-down surveillance context, who benefits/profits most?)
>>
>>
>> jya at pipeline.com wrote:
>>
>>> This is what governments and NGOs were invented for
>>> and remain the premier source of livelihood one way or
>>> the other, especially for those who pretend opposition
>>> while royally partying with opponents. Royally, not
>>> peasantly.




From jya at pipeline.com  Sun Mar  1 13:22:11 2015
From: jya at pipeline.com (John Young)
Date: Sun, 01 Mar 2015 16:22:11 -0500
Subject: Internet privacy, funded by spooks: A brief history of the BBG
In-Reply-To: <1425242486.3965141.233988601.2C8B167A@webmail.messagingeng
 ine.com>
References: <54F09958.1080901@gmx.com> <54F260E0.1070808@headstrong.de>
 <54f2bd7b.041e8c0a.022a.14e9@mx.google.com>
 <1425242486.3965141.233988601.2C8B167A@webmail.messagingengine.com>
Message-ID: <E1YSBGd-0004i7-RN@elasmtp-masked.atl.sa.earthlink.net>

Internet privacy, funded by spooks: A brief history of the BBG, March 1, 2015

http://pando.com/2015/03/01/internet-privacy-funded-by-spooks-a-brief-history-of-the-bbg/

Open Technology Foundation featured, along with Tor, Appelbaum, 
Doctorow, Kobeissi, Soghoian, et al





From juan.g71 at gmail.com  Sun Mar  1 17:48:24 2015
From: juan.g71 at gmail.com (Juan)
Date: Sun, 1 Mar 2015 22:48:24 -0300
Subject: more self parody
In-Reply-To: <CAOsGNSTBPuPdHyDBeOY0Q4WbZ1=YUF=R-k0T247DVJd=Liigvw@mail.gmail.com>
References: <54D8A405.10707@jpunix.net>
 <54f23bb8.0858e00a.6065.ffffe067@mx.google.com>
 <CAOsGNSTBPuPdHyDBeOY0Q4WbZ1=YUF=R-k0T247DVJd=Liigvw@mail.gmail.com>
Message-ID: <54f3c0b9.883fe00a.3426.ffff8656@mx.google.com>

On Mon, 2 Mar 2015 06:57:29 +1100
Zenaan Harkness <zen at freedbms.net> wrote:

> On 3/1/15, Juan <juan.g71 at gmail.com> wrote:
> > http://en.wikipedia.org/wiki/Linux_Security_Modules
> 
> But, but ... but all those hooks into my kernel are for -security-,
> they make my kernel -secure- don't they?
. 
. 
.

> Well, my assumptions are founded in a solid reality - my faith. You
> see, I believe, and ah seen tha light - Linux *will* set me free.
> 
> Right?

	Yes brother, linux is the light of the world =)

	Actually, I meant to link this one

	http://en.wikipedia.org/wiki/Security-Enhanced_Linux

	which according to wikipedia was primarily developed by the
	NSA. 

	But since according to wiki again, the NSA made 'substantial
	contributions' to the LSM framework as well, I didn't bother
	correcting my mistake. 

	Granted, one can easily avoid the selinux module. And a quick
	look at the /security/ directories suggests that there aren't
	tons of code to audit, though I actually have no clue as to
	how hard it would be to actually audit that code. Let alone how
	to audit it. 

	This is probably old news for a lot of people but the fact
	that the NSA was involved in this kind of thing is just too
	rich...







From zen at freedbms.net  Sun Mar  1 11:57:29 2015
From: zen at freedbms.net (Zenaan Harkness)
Date: Mon, 2 Mar 2015 06:57:29 +1100
Subject: more self parody
In-Reply-To: <54f23bb8.0858e00a.6065.ffffe067@mx.google.com>
References: <54D8A405.10707@jpunix.net>
 <54f23bb8.0858e00a.6065.ffffe067@mx.google.com>
Message-ID: <CAOsGNSTBPuPdHyDBeOY0Q4WbZ1=YUF=R-k0T247DVJd=Liigvw@mail.gmail.com>

On 3/1/15, Juan <juan.g71 at gmail.com> wrote:
> http://en.wikipedia.org/wiki/Linux_Security_Modules

But, but ... but all those hooks into my kernel are for -security-,
they make my kernel -secure- don't they?

And I guess they invented them because the kernel might have one or
two security bugs or something right?

Or because sysadmins (like my 94yo nan) occasionally make mistakes and
the security modules protect me from them yeah?

And because my lsm override alias is one letter shorter than sudo,
it'll be easier to not make mistakes when I'm making complicated and
risky changes to my system?

I know, I know, I'm making a lot of assumptions you say..

Well, my assumptions are founded in a solid reality - my faith. You
see, I believe, and ah seen tha light - Linux *will* set me free.

Right?




From alfiej at fastmail.fm  Sun Mar  1 12:41:26 2015
From: alfiej at fastmail.fm (Alfie John)
Date: Mon, 02 Mar 2015 07:41:26 +1100
Subject: Governments Covertly Fund Internet Freedom Activists
In-Reply-To: <54f2bd7b.041e8c0a.022a.14e9@mx.google.com>
References: <54F09958.1080901@gmx.com> <54F260E0.1070808@headstrong.de>
 <54f2bd7b.041e8c0a.022a.14e9@mx.google.com>
Message-ID: <1425242486.3965141.233988601.2C8B167A@webmail.messagingengine.com>

On Sun, Mar 1, 2015, at 06:22 PM, Juan wrote:
> On Sun, 01 Mar 2015 01:44:16 +0100      Ah yes. 0.01% of the money the
> government steals is used to      allegedly fix some of the
> damage....caused by government itself?       How clever is that?
>
>       You think the government is 'protecting' a tiny amount of the
>       privacy it destroys? No, even that isn't true. It's just
>       propaganda.

Interesting choice of words given the history:

  http://en.wikipedia.org/wiki/Operation_Mockingbird

  "The Office of Policy Coordination (OPC) was funded by siphoning off
  funds intended for the Marshall Plan"

What is the OPC?

  http://en.wikipedia.org/wiki/Office_of_Policy_Coordination

  "The Office of Policy Coordination (OPC) was a United States covert
  psychological operations and paramilitary action organization. Created
  as an independent office in 1948, it was merged with the Central
  Intelligence Agency (CIA) in 1951."

Alfie

-- 
  Alfie John
  alfiej at fastmail.fm




From rayzer at riseup.net  Mon Mar  2 09:29:23 2015
From: rayzer at riseup.net (Razer)
Date: Mon, 02 Mar 2015 09:29:23 -0800
Subject: PandoDaily =?UTF-8?B?4pmlcyBDeXBoZXJwdW5rcw==?=
Message-ID: <54F49DF3.8010506@riseup.net>

PandoDaily's been 'on a roll' since... since... Yashsa Levine doesn't ♥
Glenn Greenwald and The//Intercept.

They apparently want everyone, including non-High Value Targets,  to
think all cybersecurity is a joke.

Tweet: "Cypherpunks, Internet privacy community stuck in cycle of
dependency on US government intelligence agency handouts." via the
supposedly defunct eXiledOnline's twitter feed
<https://mobile.twitter.com/exiledonline/status/572444918003728384?p=v>
(which is apparently being used as a PandoDaily promotion outlet via
Mark Ames now)

The article referenced by that tweet: Internet privacy, funded by
spooks: A brief history of the BBG

http://pando.com/2015/03/01/internet-privacy-funded-by-spooks-a-brief-history-of-the-bbg/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1158 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150302/c919fdd5/attachment.txt>

From alfiej at fastmail.fm  Sun Mar  1 14:47:37 2015
From: alfiej at fastmail.fm (Alfie John)
Date: Mon, 02 Mar 2015 09:47:37 +1100
Subject: Internet privacy, funded by spooks: A brief history of the BBG
In-Reply-To: <E1YSBGd-0004i7-RN@elasmtp-masked.atl.sa.earthlink.net>
References: <54F09958.1080901@gmx.com> <54F260E0.1070808@headstrong.de>
 <54f2bd7b.041e8c0a.022a.14e9@mx.google.com>
 <1425242486.3965141.233988601.2C8B167A@webmail.messagingengine.com>
 <E1YSBGd-0004i7-RN@elasmtp-masked.atl.sa.earthlink.net>
Message-ID: <1425250057.3987888.234027929.176B3D4F@webmail.messagingengine.com>

On Mon, Mar 2, 2015, at 08:22 AM, John Young wrote:
> Internet privacy, funded by spooks: A brief history of the BBG, March 1,
> 2015
> 
> http://pando.com/2015/03/01/internet-privacy-funded-by-spooks-a-brief-history-of-the-bbg/

That's a lot of info about BBG, yet not one mention of WWB:

  http://en.wikipedia.org/wiki/Writers%27_War_Board

Alfie

-- 
  Alfie John
  alfiej at fastmail.fm




From amiller at cs.umd.edu  Mon Mar  2 08:48:24 2015
From: amiller at cs.umd.edu (Andrew Miller)
Date: Mon, 2 Mar 2015 11:48:24 -0500
Subject: [Bitcoin-development] New paper: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies
Message-ID: <CAF7tpEyHyg7cB8DQiwb-gGg5v5Hn1Kurw2GaVtid=LyJrB1XQA@mail.gmail.com>

We (Joseph Bonneau, myself Arvind Narayanan, Jeremy Clark, Ed Felten,
Josh Kroll -- from Stanford, Maryland, Concordia, Princeton) have
written a “systemization” paper about Bitcoin-related research. It’s
going to appear in the Oakland security conference later this year
(IEEE Security and Privacy) but we wanted to announce a draft to this
community ahead of time.

http://www.jbonneau.com/doc/BMCNKF15-IEEESP-bitcoin.pdf

One of the main goals of our work is to build a bridge between the
computer science research community and the cryptocurrency community.
Many of the most interesting ideas and proposals for Bitcoin come from
this mailing list and forums/wikis/irc channels, where many academic
researchers simply don’t know to look! In fact, we started out by
scraping all the interesting posts/articles we could find and trying
to figure out how we could organize them. We hope our paper helps some
of the best ideas and research questions from the Bitcoin community
bubble up and inspires researchers to build on them.

We didn’t limit our scope to Bitcoin, but we also decided not to
provide a complete survey of altcoins and other next-generation
cryptocurrency designs. Instead, we tried to explain all the
dimensions along which these designs differ from Bitcoin.

This effort has roughly been in progress over two years, though it
stopped and restarted several times along the way.

If anyone has comments or suggestions, we still have a week before the
final version is due, and regardless we plan to continue updating our
online version for the forseeable future.

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Bitcoin-development mailing list
Bitcoin-development at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

----- End forwarded message -----




From drwho at virtadpt.net  Mon Mar  2 11:49:45 2015
From: drwho at virtadpt.net (The Doctor)
Date: Mon, 02 Mar 2015 11:49:45 -0800
Subject: Governments Covertly Fund Internet Freedom Activists
In-Reply-To: <14bd35643c8.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org>
References: <54F09958.1080901@gmx.com> <54F260E0.1070808@headstrong.de>
 <14bd35643c8.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org>
Message-ID: <54F4BED9.5010104@virtadpt.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 02/28/2015 07:17 PM, shelley at misanthropia.org wrote:

> They're not *all* Reptilian; some are Grays!

Do I need to replace my cosmetic contacts?  Dammit.  Disguise is
slipping again.

- -- 
The Doctor [412/724/301/703/415] [ZS]

PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F  DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/

"Loading custom software."

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJU9L7UAAoJED1np1pUQ8RkRiMP/jBA2R/UO3JytVLumB0pK/+y
/Ec2OoiKf5Sk3DufiIeQIxtGBGBCVAiDRGoIx5/cIPddrscw60uZAktzLzhf9eX5
mhEgQmZXQD/LZpvLc23rR+nuBiq9Qto4QP4D5odCvo+Wp1JobGqj/77wmlOcwveu
sNIDG9naZ75RmPm7W0sA/OhBmB0mJPN9vb4GsiOahroR6lU8UoTuL4vhqHTWGXHi
OZYsFOdTK+kZqD7nWabBfmCogVsyWhsqX+y/CD2u1hH1neg2irdIIUyDpzCMs3Vi
O0Dxvqgs6YFDaeZanQkvR+CWsvG28HWPXba6GSoC+6p63M0RwwroKLI976TxFsXg
iLBOBT4L7yBMvnew16ERwb/epd7gvNC3HOk68D7Tip1E4PVwmd8UM7jw5mThJLmP
q80+EdDV1YtQ+4wlVJPLdb/HqmxKN2L2hl0Yh6vaZW+7utluPHKaAWEAInwb2r6S
9oaRl9XfDnvvx73Cqiny6xX05yh8UPmItzkEaOSIDxXCqQd5TkEnB6sKCCm/FsC+
Vaqr20ro4vqtbuNDXpiuPRTty1ngPuKhTPJiKDis+2lD/3TIerqUfsMhSbJkjiq/
qVErUnXPbqBMXfOMXthtM9xeF2MXY40o3ceIJBXAX9OHz2vlujGAnZpJZKc5sb0R
6nS1kdufI4tkK9ugfAxn
=05hE
-----END PGP SIGNATURE-----




From eugen at leitl.org  Mon Mar  2 09:02:57 2015
From: eugen at leitl.org (Eugen Leitl)
Date: Mon, 2 Mar 2015 18:02:57 +0100
Subject: [Bitcoin-development] New paper: Research Perspectives and
 Challenges for Bitcoin and Cryptocurrencies
Message-ID: <20150302170256.GI10743@leitl.org>

----- Forwarded message from Andrew Miller <amiller at cs.umd.edu> -----


From guninski at guninski.com  Mon Mar  2 10:23:06 2015
From: guninski at guninski.com (Georgi Guninski)
Date: Mon, 2 Mar 2015 20:23:06 +0200
Subject: Governments Covertly Fund Internet Freedom Activists
In-Reply-To: <54f2bd7b.041e8c0a.022a.14e9@mx.google.com>
References: <54F09958.1080901@gmx.com> <54F260E0.1070808@headstrong.de>
 <54f2bd7b.041e8c0a.022a.14e9@mx.google.com>
Message-ID: <20150302182306.GA2551@sivokote.iziade.m$>

On Sun, Mar 01, 2015 at 04:22:15AM -0300, Juan wrote:
> On Sun, 01 Mar 2015 01:44:16 +0100
> mo <moritz at headstrong.de> wrote:
> 
> 
> > Can't we be happy that government money can actually (try to) do good?
> 
> 
> 	Ah yes. 0.01% of the money the government steals is used to
> 	allegedly fix some of the damage....caused by government itself?
> 	How clever is that? 
> 
> 	You think the government is 'protecting' a tiny amount of the
> 	privacy it destroys? No, even that isn't true. It's just
> 	propaganda.
> 
>

I agree with this, possibly with very few exceptions
(likely by chance).

.gov doesn't want free sheeple, it wants owned sheeple.

>From the original article:

http://piratetimes.net/governments-covertly-fund-internet-freedom-activists/
>>>> “DDP works in very repressive environments, like Turkmenistan, 
>>>> China, Russia, Bahrein or Iran

Observe that they are not targeting western advanced
socialism, they are targeting the enemies of their enemies.




From grarpamp at gmail.com  Mon Mar  2 19:56:21 2015
From: grarpamp at gmail.com (grarpamp)
Date: Mon, 2 Mar 2015 22:56:21 -0500
Subject: Fwd: [tor-talk] Why corrupt government officials are strongly opposed
 to this Tor project (a Gestapo government run amok!)
In-Reply-To: <54F52B09.9030602@tlbean.com>
References: <54F52B09.9030602@tlbean.com>
Message-ID: <CAD2Ti2_cKDLCPothugvaX6q+4jMNuuQJmJ2BhStyX4+So8bzNQ@mail.gmail.com>

---------- Forwarded message ----------
From: Travis Bean <tlbean at tlbean.com>
Date: Mon, Mar 2, 2015 at 10:31 PM
Subject: [tor-talk] Why corrupt government officials are strongly
opposed to this Tor project (a Gestapo government run amok!)
To: tor-talk at lists.torproject.org


Hello,

I am giving everyone on this mailing list a heads-up regarding what I
have uncovered about the Gestapo government here in the United States
and why corrupt government officials are so strongly opposed to this Tor
project.

I can prove I have become a target after I published information on my
tlbean.com website exposing the truth about the National Security
Agency's control mechanism that is being used to unlawfully monitor all
Internet and email activity. I have had my cellphones and Internet
equipment sabotaged repeatedly after exposing the truth about the NSA
and after I published Tor-powered PrivacyGuard shell scripts on my website.

On 12/29/2014 I submitted a report to a detective about my findings
regarding foxnews.com. In my report I allege that News Corp and 21st
Century Fox are simply a guise for a government controlled propaganda
machine. I allege this based on evidence that I am bombarded by
threatening news articles and coercive pop-up ads through foxnews.com
anytime I submit a report about the NSA's control mechanism and their
psychological warfare program. These threats of coercion are directed
towards me personally based on my telephone conversations and email. I
uncovered very unique information published in news articles through
foxnews.com based on my own personal email and telephone conversations
without my permission! Foxnews.com were able to direct coercive,
threatening news articles and pop-up ads towards me personally based on
my IP address until I started using Tor!

After I investigated this extensively and figured out what was
happening, I spoke to a detective and stated that I want Rupert Murdoch,
executive chairman of News Corp and chairman of 21st Century Fox,
interrogated extensively regarding this scandal. I stated to the
detective I spoke with that Tor is a huge threat to News Corp's and 21st
Century Fox's control mechanism. Just within a few days of asking for
Rupert Murdoch to be interrogated, foxnews.com started blocking Tor!

Take a look at what my extensive detective work has uncovered:

Open this URL in a Tor-powered web browser: http://www.foxnews.com. News
Corp and 21st Century Fox now realize Tor prevents them from feeding
citizens coercive news articles and pop-up ads based on their IP address
and are now blocking Tor as a result of my report.

The United States Senate started blocking Tor at the exact same time!
Open this URL in a second tab of your Tor-powered web browser:
http://www.hatch.senate.gov/public/index.cfm/contact. This shady
character Senator Orrin Hatch standing next to former NSA deputy
director Chris Inglis, with a shovel in his hand, broke ground for the
NSA's new data center in the state of Utah. This super-high-capacity
data center now gives the NSA the ability to store every citizen's
email, Internet activity, telephone conversations, and encrypted files
indefinitely until the NSA's supercomputers crack the encryption. The
NSA have made a revolutionary breakthrough in decrypting high-grade
encryption in a very short period of time.

Open this URL in a third tab of your Tor-powered web browser:
http://about.usps.com/who-we-are/leadership/pmg-exec-comm.htm. The
United States Postal Service, another arm of this corrupt Gestapo
government, started blocking Tor at the exact same time for the same reason!

Please note that when testing the URL
http://www.hatch.senate.gov/public/index.cfm/contact, or any other
corrupt U.S. senator's contact page, you may have to use Vidalia to
switch to a new identity multiple times until it lands on a blacklisted
Tor server. For some reason, members of the United States Senate have
their contact page unavailable for only certain Tor servers, and yet
Foxnews and USPS appear to be using a much wider spectrum of blacklisted
servers.

What is interesting about my detective work I conducted is that you will
notice from the "Access Denied" warning and reference # you receive when
your Tor-powered web browser tries to render the above mentioned web
pages, this indicates the exact same Tor-blocking software is being used
to power foxnews.com, usps.com, and senate.gov. This proves my point
that News Corp and 21st Century Fox are most definitely mysteriously
controlled by the United States Gestapo government.

This same thing happened after I started advertising my Tor-powered
PrivacyGuard shell scripts on craigslist.org. My PrivacyGuard ads were
immediately banned and then Craigslist started blocking Tor anonymity
protection as well, even though this took place months prior to the
above mentioned Tor blocking mechanism. Craigslist appear to be using
different Tor blocking software than what foxnews.com, usps.com, and
senate.gov are using.

Immediately after I published my first draft of PrivacyGuard in
September 2013, I can prove any of my Torified email I send to anyone
who is using a Microsoft Exchange server is classified as SPAM when sent
from Thunderbird with the TorBirdy add-on. I tested this out on multiple
Exchange servers and I get the same result. Microsoft are desperately
attempting to block email sent from anyone who uses TorBirdy.

The only advice I have for Tor developers is keep up the good work!
After I exposed the corrupt United States federal government for what
they are all about, now Tor is a huge threat to the Gestapo government's
control mechanism.

Sincerely, Travis Bean

--
Travis L. Bean
T.L.Bean - Your source for FREE open source
www.tlbean.com
--
tor-talk mailing list - tor-talk at lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk




From mike at confidantmail.org  Tue Mar  3 01:54:26 2015
From: mike at confidantmail.org (Mike Ingle)
Date: Tue, 03 Mar 2015 01:54:26 -0800
Subject: How to have your encrypted mail in two places at once
Message-ID: <54F584D2.9080103@confidantmail.org>

IMAP and webmail makes it easy to access your mail on two or more 
machines, and have all your folders stay in sync. Encryption tends to 
break that: your inbox might work across machines, but your Sent Items 
and personal folders tend to be stuck on one machine.

Confidant Mail 0.24 has a solution for that problem. You can have the 
same GPG key on two or more machines. Using a secure replication 
protocol, your sent items, read status of incoming mail, personal 
folders, and deletions are all automatically copied to the other 
machines. This provides an IMAP-like experience with encrypted mail.

I am looking for advice on how to implement a mobile client:

Option A is to re-create the current client functionality for the mobile 
platforms. That is a lot of work, and I am not experienced in mobile 
programming. There is a port of gpg to Android, but I don't know how 
good it is. I know zero about Apple.

This has disadvantages: for example, if I receive a 1GB message at home, 
there is no way for the phone to get only part of that message. It needs 
the whole message to check the signature.

The worst problem, however, is that you are carrying your private key 
around with you. Phones are not secure and cannot be made secure. The 
carrier has root on the phone, whether you do or not. Phones are easy to 
physically take, and do not have trustworthy encryption. I do not want 
my GPG key on my phone.

Option B is three-tier client server. Your PC at home has the private 
key, and talks to the Confidant Mail server. It also exposes a port 
which the phone accesses over a secure connection. The phone can request 
parts of messages, and the PC does the GPG encryption and decryption.

This has the advantage that the phone client is smaller, the big message 
problem is solved, and the exposed key problem is solved. The middleware 
on the PC could have constraints such as not allowing the whole mailbox 
to be downloaded, and logging itself out after some number of failed 
remote access attempts.

The downside is you need a PC running, you need to be smart enough to 
expose a port, and the PC is sitting there unattended, with the private 
key in memory, waiting for someone to come and grab it.

Option C is a mobile web client. Similar to B, but instead of a 
client-server protocol, it uses HTTPS and generates mobile friendly HTML.

Advantages relative to B are that one client supports all the mobile 
platforms, and there is no mobile code to write. Disadvantage is that 
the mobile browser is pretty easy to hack, and there is likely plaintext 
cached in the phone at any given time.

Anyone who needs strong security probably should not use a mobile 
device. However, many people will want access to Confidant Mail on their 
phones. Do you have an opinion on the right way to provide it?

http://www.confidantmail.org/forums/index.php?topic=27.msg47

Mike Ingle <mike at confidantmail.org> d2b89e6f95e72e26e0c917d02d1847dfecfcd0c2





From l at odewijk.nl  Mon Mar  2 09:19:26 2015
From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=)
Date: Tue, 3 Mar 2015 02:19:26 +0900
Subject: more self parody
In-Reply-To: <54f3c0b9.883fe00a.3426.ffff8656@mx.google.com>
References: <54D8A405.10707@jpunix.net>
 <54f23bb8.0858e00a.6065.ffffe067@mx.google.com>
 <CAOsGNSTBPuPdHyDBeOY0Q4WbZ1=YUF=R-k0T247DVJd=Liigvw@mail.gmail.com>
 <54f3c0b9.883fe00a.3426.ffff8656@mx.google.com>
Message-ID: <CAHWD2r+bzz2Oo+OAWgmuoUwAGZEVDYUCO5_i6DEWfj4tQ+kpGQ@mail.gmail.com>

2015-03-02 10:48 GMT+09:00 Juan <juan.g71 at gmail.com>:

> which according to wikipedia was primarily developed by the
>         NSA.
>
>         But since according to wiki again, the NSA made 'substantial
>         contributions' to the LSM framework as well, I didn't bother
>         correcting my mistake.
>


Given their size and mission it's not that strange.

The mantra is "unless *you* can check it, it's not safe." the exception is
when you can trust someone who can check it. But trust is no easy game.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 994 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150303/c440a940/attachment.txt>

From groundhog593 at riseup.net  Tue Mar  3 02:47:29 2015
From: groundhog593 at riseup.net (Bethany)
Date: Tue, 03 Mar 2015 06:47:29 -0400
Subject: Fwd: Matt DeHart named as 3rd Courage Foundation beneficiary after
 Edward Snowden & Jeremy Hammond
In-Reply-To: <a0e39e3549f6b03750392582fc9735ba@riseup.net>
References: <a0e39e3549f6b03750392582fc9735ba@riseup.net>
Message-ID: <54F59141.5060609@riseup.net>



Matt DeHart named as third Courage beneficiary


Posted on March 2, 2015
https://couragefound.org/2015/03/matt-dehart-named-as-third-courage-beneficiary/
https://mattdehart.com/

- 30-year-old former US National Guard drone team member and alleged 
WikiLeaks courier deported/extradited to US less than 24 hours ago after 
asylum claim declined by Canada

- joins Edward Snowden and Jeremy Hammond as Courage beneficiaries

- Matt’s parents Leann and Paul DeHart say: “We are comforted knowing we 
do not stand up against the tide alone.”

- Matt DeHart appeared before a judge today in Buffalo and was ordered 
to be transferred to Tennessee for arraignment.

Courage, the international organisation dedicated to the protection of 
truth-tellers, has announced that its new beneficiary will be Matt 
DeHart.

Matt DeHart is a 30-year-old former US National Guard drone team member 
and alleged WikiLeaks courier who worked with the hactivist group 
Anonymous. In the last 24 hours, he has been deported/extradited from 
Canada to the United States to face charges that judges in two countries 
(the US and Canada) have found to lack credibility. WikiLeaks founder 
Julian Assange said: “Canada’s actions are shameful. It may as well not 
have a border.” A few minutes ago Matt DeHart appeared before a judge in 
Buffalo and was ordered to be transferred to Tennessee for arraignment.

For the past five years, Matt DeHart has been at the centre of a US 
national security investigation and has experienced extraordinary 
hardship as a result. In 2010, Matt was detained at the US–Canadian 
border by FBI agents, who administered an IV (intravenous line) to Matt 
against his will. They questioned him over several days regarding his 
military unit, his involvement with Anonymous and WikiLeaks. They denied 
him access to his lawyer, deprived him of sleep, food and water, and 
tortured him during this time. Although an FBI report confirms Matt was 
detained for an “espionage matter” and agents asked him nothing about 
pornography, Matt was presented with a hastily drafted criminal 
complaint alleging he solicited nude photos from a teenager in 2008.

WikiLeaks founder Julian Assange stated: “The abuse of the law in 
DeHart’s case is obvious, shocking and wrong. Matt DeHart and his family 
have suffered enough.”

On 3 April 2013, Matt and his family crossed the US–Canadian border 
again, seeking political asylum and protection under the United Nations 
Convention on Torture. Canada’s Immigration and Refugee Board turned 
down the family’s claim in February 2015, even though they found no 
“credible and trustworthy evidence” to support the charges Matt faces.

Courage has accepted Matt as its third beneficiary in order to raise 
awareness about his case, prevent him from experiencing further 
mistreatment in detention and to raise urgently needed funds for his 
legal defence. DeHart’s legal team have confirmed that they intend to 
launch legal action against the US government as well as defend Matt 
from the charges he currently faces.

Sarah Harrison, Courage’s Acting Director, said:

The FBI has ruined Matt’s life to cover up what he knew and to punish 
his support of WikiLeaks and Anonymous. Objective judges have agreed 
that the child porn charges are a ruse to smear him in pursuit of 
national security information.

Tor Ekeland, one of Matt’s lawyers, said:

Knowing the Courage Foundation has Matt’s back is a great relief to 
everyone fighting for his cause. It’s a privilege to work with such an 
esteemed organisation so committed to the freedom of information, and to 
know that there is light in the darkness.

Matt’s parents, Paul and Leann DeHart, said in a statement,

We are humbled and grateful for the support of the Courage Foundation. 
Facing a crisis of tsunami magnitude, we are comforted knowing we do not 
stand up against the tide alone.

In addition to hosting the defence fund, Courage will publicly advocate 
for Matt DeHart and build his network of support. A re-launched support 
website at mattdehart.com will provide regular updates on Matt’s case 
and raise public awareness about the threats he faces.

Donations to the Matt DeHart defence fund can be made at: 
https://mattdehart.com/donate






From list at sysfu.com  Tue Mar  3 07:59:07 2015
From: list at sysfu.com (Seth)
Date: Tue, 03 Mar 2015 07:59:07 -0800
Subject: Governments Covertly Fund Internet Freedom Activists
In-Reply-To: <1461761.FKrLxga7Pt@lapuntu>
References: <54F09958.1080901@gmx.com> <54F260E0.1070808@headstrong.de>
 <op.xusrj1bnbgbjo9@work-pc> <1461761.FKrLxga7Pt@lapuntu>
Message-ID: <op.xuxiotq0bgbjo9@work-pc>

On Tue, 03 Mar 2015 01:45:40 -0800, rysiek <rysiek at hackerspace.pl> wrote:
> I cordially invite you to provide sufficient funding to all the
> freedom/privacy/human rights related initiatives that are  
> government-funded
> today.

I'm not sure that cordially inviting an individual to single handedly  
replace the 'funding' provided by a violent organized criminal  
organization that can extract funds from entire populations under the  
threat of violence, and also 'print' their own goddamned money is really a  
solid counter argument.

Is the funding of FLOSS privacy enabling software a problem? Yes.

Does it therefore follow that lining up at the government's stolen money  
slop trough until another solution can be devised is ever going to be a  
good idea in the long run? I would argue 'No'.

Look at the history and deviousness of government infiltration of 60's  
counterculture groups that were deemed a threat to state power. Timothy  
Leary an FBI snitch [1]. Richard Aoki, the man who helped arm the Black  
Panthers, an FBI snitch. [2].

Is it not reasonable to assume that these FLOSS privacy software projects  
represent a direct threat to state power? Is it not reasonable to assume  
that the state is therefore going to try and co-opt them? Say by creating  
financial dependence via a seductive flow of stolen money, among other  
tactics?

Look at this recent Pando.com expose of the BBG (Broadcasting Board of  
Governers) which recently started pouring money into these privacy  
projects via the Open Technology Fund. [3]. These people are not on our  
side.

Also, regarding funding as a method of control. What did the U.S. federal  
government do when certain states were balked at raising the drinking age  
to 21? They threatened to cut their federal highway funds. Every state  
ended up caving to this demand. That's just one high profile example.

It's simply disheartening to see how gleefully some privacy activists  
accept the tainted govt blood money and then look hard the other way.

Never mind that the money was obtained by putting a metaphorical gun to  
the head of every person it was taken from. Never mind what the ulterior  
motives are of the organizations which are lavishing this stolen money  
upon the software privacy projects. Never mind the dependence this is  
going to create and the subsequent influence and control this is going to  
buy.

The means *are* the ends. And when the means are corrupted, so are the  
ends.

[1] http://www.thesmokinggun.com/documents/investigation/turn-tune-rat-out
[2]  
http://californiawatch.org/dailyreport/fbi-files-reveal-new-details-about-informant-who-armed-black-panthers-17906
[3]  
http://pando.com/2015/03/01/internet-privacy-funded-by-spooks-a-brief-history-of-the-bbg/




From rysiek at hackerspace.pl  Tue Mar  3 01:46:49 2015
From: rysiek at hackerspace.pl (rysiek)
Date: Tue, 03 Mar 2015 10:46:49 +0100
Subject: Governments Covertly Fund Internet Freedom Activists
In-Reply-To: <14bd35643c8.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org>
References: <54F09958.1080901@gmx.com> <54F260E0.1070808@headstrong.de>
 <14bd35643c8.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org>
Message-ID: <2566455.dte8FBRjYC@lapuntu>

Dnia sobota, 28 lutego 2015 19:17:03 shelley at misanthropia.org pisze:
> On February 28, 2015 5:36:14 PM mo <moritz at headstrong.de> wrote:
> > Does really /everything/ have to be The Reptilian Conspiracy?
> 
> They're not *all* Reptilian; some are Grays!

And thay have multiple shades, don't thay. I think we can narrow down the 
number of those shades to somewhere between 45 and 55. ;)

> Source:  David Icke's posterior

Ick.

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150303/ab0e22b6/attachment.sig>

From s at ctrlc.hu  Tue Mar  3 02:16:23 2015
From: s at ctrlc.hu (stef)
Date: Tue, 3 Mar 2015 11:16:23 +0100
Subject: How to have your encrypted mail in two places at once
In-Reply-To: <54F584D2.9080103@confidantmail.org>
References: <54F584D2.9080103@confidantmail.org>
Message-ID: <20150303101623.GB10358@ctrlc.hu>

two things:

1/ stop beating the dead horse (email)
2/ there is (or at least should be) a huge difference for cryptograms
encrypted in transit between peers, and data resting and being queried by
only one person.
3/ protocols like pond which address adversarial progress over the years
should be preferred over outdated and broken protocols. but i guess i'm
repeating 1/ already.

-- 
otr fp: https://www.ctrlc.hu/~stef/otr.txt




From rysiek at hackerspace.pl  Tue Mar  3 02:19:02 2015
From: rysiek at hackerspace.pl (rysiek)
Date: Tue, 03 Mar 2015 11:19:02 +0100
Subject: REAL-ID Phone Access Coming Soon
In-Reply-To: <CAD2Ti29CpiFv9cCy1-aF8gkYe2Mtj4uL6r4p3EyieqQtHd1L=g@mail.gmail.com>
References: <CAD2Ti2_+f1e9p__AqQD10s0AKB+N_c3qaPgrjv4b6VdFmb2WeA@mail.gmail.com>
 <14bbd9dcf38.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org>
 <CAD2Ti29CpiFv9cCy1-aF8gkYe2Mtj4uL6r4p3EyieqQtHd1L=g@mail.gmail.com>
Message-ID: <2468881.0WGqW9Z6cq@lapuntu>

Dnia wtorek, 24 lutego 2015 21:23:29 grarpamp pisze:
> After all, adblock isn't going to stop the ads. DNT isn't going to
> stop the cookies.

Hold on there. These are two different beasts. DNT is "please don't track me" 
and of course it won't work. Adblock is "I am not letting this through, deal 
with it" and has much more merit and chances of actually stopping stuff from 
getting to you.

> Crypto isn't going to stop the metamining surveillance. And as in the
> subject, standing in line to happily get and show their papers please isn't
> going to stop that either.

Agreed.

> Where are that mass of geeks, cryptos, internets... those making
> such technical measures... where are they acting in politics?
> Running for office, bringing issues to their councils, donating,
> and so on.

There might, or might not, be hackers among us who are trying to hack on 
policy level. But those hackers, if they indeed are following (or maybe even 
taking part in) the discussions here, might not want to come out with such 
information, as the level of hostility towards any persons or organisations 
that can be painted as "working with The Man" or "taking the Man's money" is 
too damn high™.

In other words, FUD spread by "the Man" and the disinformation campaign, 
sowing dissent, creating hostility and distrust within the community, and in 
general the divide and conquer approach work wonders.

I consider these many levels more problematic than the fact that Project A 
takes government money to write FLOSS.

But I digress.

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150303/48d0da8a/attachment.sig>

From rysiek at hackerspace.pl  Tue Mar  3 02:30:39 2015
From: rysiek at hackerspace.pl (rysiek)
Date: Tue, 03 Mar 2015 11:30:39 +0100
Subject: How to have your encrypted mail in two places at once
In-Reply-To: <54F584D2.9080103@confidantmail.org>
References: <54F584D2.9080103@confidantmail.org>
Message-ID: <1773486.UyUXKZYypK@lapuntu>

Dnia wtorek, 3 marca 2015 01:54:26 Mike Ingle pisze:
> IMAP and webmail makes it easy to access your mail on two or more
> machines, and have all your folders stay in sync. Encryption tends to
> break that: your inbox might work across machines, but your Sent Items
> and personal folders tend to be stuck on one machine.
> 
> Confidant Mail 0.24 has a solution for that problem. You can have the
> same GPG key on two or more machines. Using a secure replication
> protocol, your sent items, read status of incoming mail, personal
> folders, and deletions are all automatically copied to the other
> machines. This provides an IMAP-like experience with encrypted mail.

Why not use different subkeys per-machine? Just remember to encrypt with all 
subkeys. Also, GPG-enabled webmail, am I reading it correctly?..

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150303/a7236b63/attachment.sig>

From cathalgarvey at cathalgarvey.me  Tue Mar  3 03:50:07 2015
From: cathalgarvey at cathalgarvey.me (Cathal Garvey)
Date: Tue, 03 Mar 2015 11:50:07 +0000
Subject: REAL-ID Phone Access Coming Soon
In-Reply-To: <2468881.0WGqW9Z6cq@lapuntu>
References: <CAD2Ti2_+f1e9p__AqQD10s0AKB+N_c3qaPgrjv4b6VdFmb2WeA@mail.gmail.com>
 <14bbd9dcf38.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org>
 <CAD2Ti29CpiFv9cCy1-aF8gkYe2Mtj4uL6r4p3EyieqQtHd1L=g@mail.gmail.com>
 <2468881.0WGqW9Z6cq@lapuntu>
Message-ID: <54F59FEF.9030902@cathalgarvey.me>

 > Hold on there. These are two different beasts. DNT is "please don't
 > track me" and of course it won't work.

In fact, it's worse. DNT, if set either way, is another pure bit of 
browser entropy; it actually *assists* certain forms of tracking, 
because it can be expected to remain invariant between visits of a given 
browser/user.

This is just one of the things making me think the "web" needs a total 
re-boot to redesign for security from the boots-up. Servers shouldn't 
require user-agents to know how to treat visitors. Scripting is useful 
for a rich experience but should be more sand-boxable (ideally, scripts 
can be sandboxed to their position in the DOM tree!) and tightly 
permission'd. Canvas and other elements should behave deterministically; 
this should be part of browser test-suites. Browsers should be allowed 
cache fonts but not disclose to the server whether they have a font in 
their cache or not.

DNT was another nail in the coffin. Either a browser can be tracked by 
design, or it can't.

On 03/03/15 10:19, rysiek wrote:
> Dnia wtorek, 24 lutego 2015 21:23:29 grarpamp pisze:
>> After all, adblock isn't going to stop the ads. DNT isn't going to
>> stop the cookies.
>
> Hold on there. These are two different beasts. DNT is "please don't track me"
> and of course it won't work. Adblock is "I am not letting this through, deal
> with it" and has much more merit and chances of actually stopping stuff from
> getting to you.

-- 
Scientific Director, IndieBio Irish Programme
  Got a biology-inspired business idea that $50,000 -
  & 3 months in a well equipped lab could accelerate?
  Apply for the Summer programme in Ireland:
  http://indie.bio/apply-to-ireland
Twitter:  @onetruecathal
Phone: +353876363185
miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM
peerio.com: cathalgarvey




From coderman at gmail.com  Tue Mar  3 13:48:28 2015
From: coderman at gmail.com (coderman)
Date: Tue, 3 Mar 2015 13:48:28 -0800
Subject: Backward compatibility bites again (like RC4 in WPA2)
In-Reply-To: <CAJVRA1Spc8Ocp5mVg6W_deQx5xpGgWRfO-sscd4NrEXEoidR6A@mail.gmail.com>
References: <CAJVRA1Qn3+DTb7gMYJt4gYAJdooR8FEKF1H=JrdiLTMvRFs0jw@mail.gmail.com>
 <CAJVRA1Spc8Ocp5mVg6W_deQx5xpGgWRfO-sscd4NrEXEoidR6A@mail.gmail.com>
Message-ID: <CAJVRA1ThLv2jyQ-HiMD9kPuCb+hMdr5OfteQX_RKPcJK2SVzvQ@mail.gmail.com>

On 2/4/15, coderman <coderman at gmail.com> wrote:
> ...
> 2015, RC4 still in WPA2, WPA2 still in everything, ... [0].

not RC4 specifically, but EXP-RC4-MD5 is the avenue:

"The export-grade RSA ciphers are the remains of a 1980s-vintage
effort to weaken cryptography so that intelligence agencies would be
able to monitor. This was done badly. So badly, that while the
policies were ultimately scrapped, they’re still hurting us today."
 - http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-factoring-nsa.html

RC4, still hurting us today, too!




From politynews at gmx.com  Tue Mar  3 13:09:33 2015
From: politynews at gmx.com (Polity News)
Date: Tue, 03 Mar 2015 16:09:33 -0500
Subject: Soghoian on Government Funding Crypto
Message-ID: <54F6230D.3020305@gmx.com>

To calm fears and help make people less paranoid of government
financing, Soghoian wrote a beautiful tweet that I felt obliged to share.


"Christopher Soghoian ‏@csoghoian

Yes, the US government tortures, spies and assassinates, but sometimes
it supports pretty awesome things, like usable crypto apps.

7:28 AM - 3 Mar 2015"

https://twitter.com/csoghoian/status/572735276025569280



If you are thoroughly impressed by Soghoian's tweet, then you may want
to read his interview on Democracy Now.

http://www.democracynow.org/blog/2015/2/20/part_2_security_researcher_christopher_soghoian




From grarpamp at gmail.com  Tue Mar  3 13:51:21 2015
From: grarpamp at gmail.com (grarpamp)
Date: Tue, 3 Mar 2015 16:51:21 -0500
Subject: How to have your encrypted mail in two places at once
In-Reply-To: <20150303101623.GB10358@ctrlc.hu>
References: <54F584D2.9080103@confidantmail.org>
 <20150303101623.GB10358@ctrlc.hu>
Message-ID: <CAD2Ti29bxBn7ier8nNqFFcbYGwPXR5XAEOteK25iWg3tBUM9iA@mail.gmail.com>

On Tue, Mar 3, 2015 at 5:16 AM, stef <s at ctrlc.hu> wrote:
> 1/ stop beating the dead horse (email)
> 2/ there is (or at least should be) a huge difference for cryptograms
> encrypted in transit between peers, and data resting and being queried by
> only one person.
> 3/ protocols like pond which address adversarial progress over the years
> should be preferred over outdated and broken protocols

Obligatory link to a long set of threads on creating next generation
messaging transports meeting at the existing local MUA/spool...
https://cpunks.org/pipermail/cypherpunks/2014-July/005063.html




From grarpamp at gmail.com  Tue Mar  3 14:41:14 2015
From: grarpamp at gmail.com (grarpamp)
Date: Tue, 3 Mar 2015 17:41:14 -0500
Subject: Cypherpunk Politics [was: REAL-ID Coming]
Message-ID: <CAD2Ti29zq5jjVh7u6V8a_mGnC-i2DpCdn7O5vzE-=C-bsa6OVA@mail.gmail.com>

On Tue, Mar 3, 2015 at 5:19 AM, rysiek <rysiek at hackerspace.pl> wrote:
>> Crypto isn't going to stop the metamining surveillance. And as in the
>> subject, standing in line to happily get and show their papers please isn't
>> going to stop that either.
>
> Agreed.
>
>> Where are that mass of geeks, cryptos, internets... those making
>> such technical measures... where are they acting in politics?
>> Running for office, bringing issues to their councils, donating,
>> and so on.
>
> There might, or might not, be hackers among us who are trying to hack on
> policy level. But those hackers, if they indeed are following (or maybe even
> taking part in) the discussions here, might not want to come out with such
> information, as the level of hostility towards any persons or organisations
> that can be painted as "working with The Man" or "taking the Man's money" is
> too damn high™.

Who cares, that's up to the cpunk. If the cypherpunk is pure, working
with the man to get cpunk shit done is just another hacking skin
to hang on their wall. And a highly prized one of social engineering
at that. Cpunks should bow the fuck down in respect to such a fellow
cpunk, not fling hostile FUD at them just because they're working
the system. For that matter, they should join them to add another
voice. There are probably more US persons on this list than there
are in their entire Congress. Think about that...

Now in the other direction of possible hostility... should The Man
discover a cpunk within their ranks, well yes, there is a risk there.
The usual opsec applies.

> In other words, FUD spread by "the Man" and the disinformation campaign,
> sowing dissent, creating hostility and distrust within the community, and in
> general the divide and conquer approach work wonders.

That's why the above masses need to activate and throw the FUD back,
and more, at The Man. Two can play that game. Problem is, right now
there is only one real player on the field of politics, his name is The Man,
and he's not on team cpunk.




From mike at confidantmail.org  Wed Mar  4 00:34:17 2015
From: mike at confidantmail.org (Mike Ingle)
Date: Wed, 04 Mar 2015 00:34:17 -0800
Subject: How to have your encrypted mail in two places at once
In-Reply-To: <20150303101623.GB10358@ctrlc.hu>
References: <54F584D2.9080103@confidantmail.org>
 <20150303101623.GB10358@ctrlc.hu>
Message-ID: <54F6C389.4090601@confidantmail.org>

On 3/3/2015 2:16 AM, stef wrote:
> two things:
>
> 1/ stop beating the dead horse (email)
>   
That's a silly thing to say on a mailing list, lol. Obviously the medium 
is still useful.
SMTP, however, is an old and lame horse that ought to be turned into glue.
The best way to do that IMHO is make a new protocol, use them in 
parallel, and
wait until the old one becomes a big enough nuisance to go away. That is 
what
I am trying to do here.
> 2/ there is (or at least should be) a huge difference for cryptograms
> encrypted in transit between peers, and data resting and being queried by
> only one person.
>   
Yes, data at rest is encrypted with things like DiskCryptor and 
cryptoloop. Data going over a wire is encrypted with TLS. A message 
addressed to a particular person (to whom you do not have a live 
connection) is best encrypted with something like GPG. You need all 
three for a secure messaging
system.
> 3/ protocols like pond which address adversarial progress over the years
> should be preferred over outdated and broken protocols. but i guess i'm
> repeating 1/ already.
>
>   
Which adversarial progress are you referring to? GPG has proven itself 
robust over the years,
and Confidant Mail does not use SMTP.

If you mean forward secrecy, I'm working on that. In the meantime I'd 
still rather trust GPG than
some unknown protocol. If my private key gets stolen that's my own fault 
for being careless.




From rysiek at hackerspace.pl  Tue Mar  3 16:39:27 2015
From: rysiek at hackerspace.pl (rysiek)
Date: Wed, 04 Mar 2015 01:39:27 +0100
Subject: Cypherpunk Politics [was: REAL-ID Coming]
In-Reply-To: <CAD2Ti29zq5jjVh7u6V8a_mGnC-i2DpCdn7O5vzE-=C-bsa6OVA@mail.gmail.com>
References: <CAD2Ti29zq5jjVh7u6V8a_mGnC-i2DpCdn7O5vzE-=C-bsa6OVA@mail.gmail.com>
Message-ID: <2328634.aj3ovFmWuz@lapuntu>

Dnia wtorek, 3 marca 2015 17:41:14 grarpamp pisze:
> > There might, or might not, be hackers among us who are trying to hack on
> > policy level. But those hackers, if they indeed are following (or maybe
> > even taking part in) the discussions here, might not want to come out
> > with such information, as the level of hostility towards any persons or
> > organisations that can be painted as "working with The Man" or "taking
> > the Man's money" is too damn high™.
> 
> Who cares, that's up to the cpunk. If the cypherpunk is pure, working
> with the man to get cpunk shit done is just another hacking skin
> to hang on their wall. And a highly prized one of social engineering
> at that. Cpunks should bow the fuck down in respect to such a fellow
> cpunk, not fling hostile FUD at them just because they're working
> the system. For that matter, they should join them to add another
> voice. There are probably more US persons on this list than there
> are in their entire Congress. Think about that...

+1. And for those that don't believe shit can be hacked on policy level, look 
at ACTA, or at censorship debates in Poland. For instance:
http://yro.slashdot.org/story/13/07/27/1325235/the-shortest-internet-censorship-debate-ever

> Now in the other direction of possible hostility... should The Man
> discover a cpunk within their ranks, well yes, there is a risk there.
> The usual opsec applies.

The opsec, as you say, is "usual". As in, cpunks more or less know how to 
handle it. The FUD and divide-and-conquer is a whole different ball game, and 
that's a huge problem.

> > In other words, FUD spread by "the Man" and the disinformation campaign,
> > sowing dissent, creating hostility and distrust within the community, and
> > in general the divide and conquer approach work wonders.
> 
> That's why the above masses need to activate and throw the FUD back,
> and more, at The Man. Two can play that game. Problem is, right now
> there is only one real player on the field of politics, his name is The Man,
> and he's not on team cpunk.

Absolutely. And to start doing that, we *REALLY* need to see that "The Man" is 
not really a single entity, but a dynamic system of co-dependant people, 
institutions, interests, etc. Once we stop seeing "Teh Gummint" as a single 
entity that Has A Plan, cracks start to show. And we all know what we can do 
with cracks, don't we?

As long as we allow ourselves to drink the Kool-Aid of how mighty and 
monolithic "The Man" is, we're fucked.

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150304/fc3f0362/attachment.sig>

From rysiek at hackerspace.pl  Tue Mar  3 16:45:15 2015
From: rysiek at hackerspace.pl (rysiek)
Date: Wed, 04 Mar 2015 01:45:15 +0100
Subject: REAL-ID Phone Access Coming Soon
In-Reply-To: <54F59FEF.9030902@cathalgarvey.me>
References: <CAD2Ti2_+f1e9p__AqQD10s0AKB+N_c3qaPgrjv4b6VdFmb2WeA@mail.gmail.com>
 <2468881.0WGqW9Z6cq@lapuntu> <54F59FEF.9030902@cathalgarvey.me>
Message-ID: <15330504.GMsDombcAN@lapuntu>

Dnia wtorek, 3 marca 2015 11:50:07 Cathal Garvey pisze:
>  > Hold on there. These are two different beasts. DNT is "please don't
>  > track me" and of course it won't work.
> 
> In fact, it's worse. DNT, if set either way, is another pure bit of
> browser entropy; it actually *assists* certain forms of tracking,
> because it can be expected to remain invariant between visits of a given
> browser/user.

Absolutely. However, I did use to give even more bits of entropy bu setting my 
UA String in a particular way:
http://rys.io/en/56

Now I just need to start filing lawsuits, I guess. ;)

> This is just one of the things making me think the "web" needs a total
> re-boot to redesign for security from the boots-up. Servers shouldn't
> require user-agents to know how to treat visitors. Scripting is useful
> for a rich experience but should be more sand-boxable (ideally, scripts
> can be sandboxed to their position in the DOM tree!) and tightly
> permission'd. Canvas and other elements should behave deterministically;
> this should be part of browser test-suites. Browsers should be allowed
> cache fonts but not disclose to the server whether they have a font in
> their cache or not.

But look, HTTP/2.0 is comming! Oh, wait:
https://queue.acm.org/detail.cfm?id=2716278

> DNT was another nail in the coffin. Either a browser can be tracked by
> design, or it can't.

+over9000

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150304/b06a7e13/attachment.sig>

From grarpamp at gmail.com  Tue Mar  3 23:09:53 2015
From: grarpamp at gmail.com (grarpamp)
Date: Wed, 4 Mar 2015 02:09:53 -0500
Subject: Fwd: [tor-talk] Why corrupt government officials are strongly opposed
 to this Tor project (a Gestapo government run amok!)
In-Reply-To: <54F6AB2A.9080804@tlbean.com>
References: <54F52B09.9030602@tlbean.com>
 <54F56E34.2050601@emails.veryspeedy.net>
 <54F574C2.9000400@tlbean.com>
 <CAKtE3zdq8+oDQrYRuqSxASGmj7mTvQVUWvS5S7B3nD=FBW9AmA@mail.gmail.com>
 <54F6AB2A.9080804@tlbean.com>
Message-ID: <CAD2Ti2_t_8+69-xZxp6nRhW0bAcshWebqYxrQxGqSgi3=9yg-w@mail.gmail.com>

---------- Forwarded message ----------
From: Travis Bean <tlbean at tlbean.com>
Date: Wed, Mar 4, 2015 at 1:50 AM
Subject: Re: [tor-talk] Why corrupt government officials are strongly
opposed to this Tor project (a Gestapo government run amok!)
To: tor-talk at lists.torproject.org


On 03/03/2015 02:19 PM, Travis Biehn wrote:
> Certain individuals attribute structures that a society naturally evolves
> as being somehow directed by an omnipotent actor. This actor is often cast
> in the role of tormentor / antagonist.
>
> For you your tormentor is the 'Gestapo government' and what you perceive as
> its colluding branches, including *ahem* 'psyops' outfits in the private
> media.
>
> You're close, but unfortunately the truth won't appeal to your ego nearly
> as much as the classic paranoid scenario you're living.
>
> One tool you might find helpful is to consider the cost of persecuting you
> in this way, when the government has cheaper and more effective forms of
> silencing dissidents.

I have worked with computer hardware and software systems for long
enough to know what the difference is between equipment failure and
sabotage. I can prove my Internet equipment was sabotaged immediately
after I first submitted my analysis to this tor-talk mailing list
yesterday. I had to reflash the corrupted firmware on my router to get
it to work again. My Internet connection was under denial-of-service
attack for a prolonged period of time afterwards where I could not make
a connection. This honestly happens every time I speak the truth
regarding the National Security Agency and corrupt government officials
who are abusing their power.

Someday in the not too distant future, those of you who live here in the
United States, who have been brainwashed into thinking this is a free
democracy, will find out the truth about what this corrupt government
are all about and will look elsewhere in the world to relocate. If I was
granted one wish, it would be that someone in another part of the world
would help me relocate away from this horribly oppressive regime that
are literally holding me hostage and turning anyone against me who I
appeal to for help.

Sincerely, Travis Bean

--
Travis L. Bean
T.L.Bean - Your source for FREE open source
www.tlbean.com

--
tor-talk mailing list - tor-talk at lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk




From juan.g71 at gmail.com  Tue Mar  3 21:55:41 2015
From: juan.g71 at gmail.com (Juan)
Date: Wed, 4 Mar 2015 02:55:41 -0300
Subject: Cypherpunk Politics [was: REAL-ID Coming]
In-Reply-To: <CAD2Ti29zq5jjVh7u6V8a_mGnC-i2DpCdn7O5vzE-=C-bsa6OVA@mail.gmail.com>
References: <CAD2Ti29zq5jjVh7u6V8a_mGnC-i2DpCdn7O5vzE-=C-bsa6OVA@mail.gmail.com>
Message-ID: <54f69da8.1028370a.6ebc.59a7@mx.google.com>

On Tue, 3 Mar 2015 17:41:14 -0500
grarpamp <grarpamp at gmail.com> wrote:


> Who cares, that's up to the cpunk. If the cypherpunk is pure, working
> with the man to get cpunk shit done is just another hacking skin
> to hang on their wall. 


	LMAO!
	
	I thought you were a bit cleverer than that. Seems I was wrong. 


> And a highly prized one of social engineering
> at that. Cpunks should bow the fuck down in respect to such a fellow


	Nah, decent people should tell such a  shitbag and his
	apologists to go fuck themselves.. 

	Hey grarpamp - you don't get the A of the ABC of political
	philosophy. Or maybe you are in the payroll of the CIA. Or the
	DoD like the tor clowns. Or both!


	Oh, but it's OK. Let the self-seving employees of 'non
	governmental' mafias FUNDED BY THE GOVERNMENT explain why it's
	OK for them to be paid for PRETENDING to 'fight' their
	employeers and accomplices. 


	

> cpunk, not fling hostile FUD at them just because they're working
> the system. For that matter, they should join them to add another
> voice. There are probably more US persons on this list than there
> are in their entire Congress. Think about that...
> 
> Now in the other direction of possible hostility... should The Man
> discover a cpunk within their ranks, well yes, there is a risk there.
> The usual opsec applies.
> 
> > In other words, FUD spread by "the Man" and the disinformation
> > campaign, sowing dissent, creating hostility and distrust within
> > the community, and in general the divide and conquer approach work
> > wonders.


	go. fuck. yourself. 



> 
> That's why the above masses need to activate and throw the FUD back,

	fuck you, asshole.


> and more, at The Man. Two can play that game. Problem is, right now
> there is only one real player on the field of politics, his name is
> The Man, and he's not on team cpunk.


	the man is in your team. yes, rephrase that. 




> 




From cathalgarvey at cathalgarvey.me  Tue Mar  3 23:16:18 2015
From: cathalgarvey at cathalgarvey.me (Cathal (Phone))
Date: Wed, 04 Mar 2015 07:16:18 +0000
Subject: Cypherpunk Politics [was: REAL-ID Coming]
In-Reply-To: <CAD2Ti29zq5jjVh7u6V8a_mGnC-i2DpCdn7O5vzE-=C-bsa6OVA@mail.gmail.com>
References: <CAD2Ti29zq5jjVh7u6V8a_mGnC-i2DpCdn7O5vzE-=C-bsa6OVA@mail.gmail.com>
Message-ID: <487699A4-B097-4AD7-B4E7-7F7204CC17D1@cathalgarvey.me>




>Who cares, that's up to the cpunk. If the cypherpunk is pure, working
>with the man to get cpunk shit done is just another hacking skin
>to hang on their wall. And a highly prized one of social engineering
>at that. Cpunks should bow the fuck down in respect to such a fellow
>cpunk, not fling hostile FUD at them just because they're working
>the system.

 +1. More than this, whatever your feelings on governments per se, not all governments are particularly bad when it comes to privacy, spying, etcetera.

There is plenty wrong with the Irish kleptocracy, but as far as we currently know domestic mass surveillance isn't in play over here. There's also plenty of funding still available for civic stuff for which a "business plan" is either inappropriate or inconceivable, though applications are pretty competitive.

If Tor were being funded by the Irish government, for example, there would be far less reason for concern.
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.




From cathalgarvey at cathalgarvey.me  Wed Mar  4 00:01:07 2015
From: cathalgarvey at cathalgarvey.me (Cathal (Phone))
Date: Wed, 04 Mar 2015 08:01:07 +0000
Subject: REAL-ID Phone Access Coming Soon
In-Reply-To: <15330504.GMsDombcAN@lapuntu>
References: <CAD2Ti2_+f1e9p__AqQD10s0AKB+N_c3qaPgrjv4b6VdFmb2WeA@mail.gmail.com>
 <2468881.0WGqW9Z6cq@lapuntu> <54F59FEF.9030902@cathalgarvey.me>
 <15330504.GMsDombcAN@lapuntu>
Message-ID: <F74F2207-D787-4608-AAC8-02D0F93B151A@cathalgarvey.me>

I tried setting my UA to '' once and found, sadly, that it breaks all sorts of sites whose frameworks or webmasters were too small minded to think about the absence of a user-agent.

As functionally inspired languages become more common and exhaustible case blocks filter in, perhaps this problem will be fixed by accident?

I love your concept of embedding agreements in UA. :)

On 4 March 2015 00:45:15 GMT+00:00, rysiek <rysiek at hackerspace.pl> wrote:
>Dnia wtorek, 3 marca 2015 11:50:07 Cathal Garvey pisze:
>>  > Hold on there. These are two different beasts. DNT is "please
>don't
>>  > track me" and of course it won't work.
>> 
>> In fact, it's worse. DNT, if set either way, is another pure bit of
>> browser entropy; it actually *assists* certain forms of tracking,
>> because it can be expected to remain invariant between visits of a
>given
>> browser/user.
>
>Absolutely. However, I did use to give even more bits of entropy bu
>setting my 
>UA String in a particular way:
>http://rys.io/en/56
>
>Now I just need to start filing lawsuits, I guess. ;)
>
>> This is just one of the things making me think the "web" needs a
>total
>> re-boot to redesign for security from the boots-up. Servers shouldn't
>> require user-agents to know how to treat visitors. Scripting is
>useful
>> for a rich experience but should be more sand-boxable (ideally,
>scripts
>> can be sandboxed to their position in the DOM tree!) and tightly
>> permission'd. Canvas and other elements should behave
>deterministically;
>> this should be part of browser test-suites. Browsers should be
>allowed
>> cache fonts but not disclose to the server whether they have a font
>in
>> their cache or not.
>
>But look, HTTP/2.0 is comming! Oh, wait:
>https://queue.acm.org/detail.cfm?id=2716278
>
>> DNT was another nail in the coffin. Either a browser can be tracked
>by
>> design, or it can't.
>
>+over9000
>
>-- 
>Pozdrawiam,
>Michał "rysiek" Woźniak
>
>Zmieniam klucz GPG :: http://rys.io/pl/147
>GPG Key Transition :: http://rys.io/en/147

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2950 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150304/6555e8c0/attachment.txt>

From s at ctrlc.hu  Wed Mar  4 01:59:49 2015
From: s at ctrlc.hu (stef)
Date: Wed, 4 Mar 2015 10:59:49 +0100
Subject: How to have your encrypted mail in two places at once
In-Reply-To: <54F6C389.4090601@confidantmail.org>
References: <54F584D2.9080103@confidantmail.org>
 <20150303101623.GB10358@ctrlc.hu>
 <54F6C389.4090601@confidantmail.org>
Message-ID: <20150304095949.GA6600@ctrlc.hu>

On Wed, Mar 04, 2015 at 12:34:17AM -0800, Mike Ingle wrote:
> On 3/3/2015 2:16 AM, stef wrote:
> >two things:
> >
> >1/ stop beating the dead horse (email)
> That's a silly thing to say on a mailing list, lol. Obviously the medium is
> still useful.

i think you mistake the mailing list usecase with the encrypted communication
usecase. the two are quite different.

> >3/ protocols like pond which address adversarial progress over the years
> >should be preferred over outdated and broken protocols. but i guess i'm
> >repeating 1/ already.
> >
> Which adversarial progress are you referring to? GPG has proven itself
> robust over the years, and Confidant Mail does not use SMTP.

has it? or has parallel construction also evolved?

> If you mean forward secrecy, I'm working on that. In the meantime I'd still
> rather trust GPG than some unknown protocol. If my private key gets stolen
> that's my own fault for being careless.

i think this has been now repeated many times enough. smari, matt green,
lately even moxy got the memo..


-- 
otr fp: https://www.ctrlc.hu/~stef/otr.txt




From cathalgarvey at cathalgarvey.me  Wed Mar  4 03:02:24 2015
From: cathalgarvey at cathalgarvey.me (Cathal Garvey)
Date: Wed, 04 Mar 2015 11:02:24 +0000
Subject: Cypherpunk Politics [was: REAL-ID Coming]
In-Reply-To: <20150304103539.GD6600@ctrlc.hu>
References: <CAD2Ti29zq5jjVh7u6V8a_mGnC-i2DpCdn7O5vzE-=C-bsa6OVA@mail.gmail.com>
 <487699A4-B097-4AD7-B4E7-7F7204CC17D1@cathalgarvey.me>
 <20150304103539.GD6600@ctrlc.hu>
Message-ID: <54F6E640.6060109@cathalgarvey.me>

 > wth are you talking about? ireland is the bridgehead of fucking
 > facebooks tentacles.

 > The irish data protection officer is a goddamn joke.

Underfunded, understaffed, but also the only reason why Facebook's 
facial recognition database was rolled back in Europe. Well, we're told 
it was rolled back, which I don't believe for an instant. Point being, 
the DPC has done a fantastic job with the shoestring our government 
gives it.

All of which is beside my point: I wasn't saying the Irish government's 
great and that Ireland's a safe-haven from spying; it's not. We have 
GCHQ sitting on all of our fibres, and we *do* host some of the world's 
biggest NSA assets: Facebook, Google, Amazon, etcetera.

My point was that our *government* does not engage, as far as we know, 
in mass surveillance, and that receiving government funding in Ireland 
to study and deploy privacy projects would therefore be less worrisome 
than receiving the same funding from the UK or US, which presents the 
well-trodden paradox of being "funded by the adversary".

On 04/03/15 10:35, stef wrote:
> On Wed, Mar 04, 2015 at 07:16:18AM +0000, Cathal (Phone) wrote:
>>   +1. More than this, whatever your feelings on governments per se, not all governments are particularly bad when it comes to privacy, spying, etcetera.
>>
>> There is plenty wrong with the Irish kleptocracy, but as far as we currently know domestic mass surveillance isn't in play over here.
>
> wth are you talking about? ireland is the bridgehead of fucking facebooks
> tentacles. the irish data protection officer is a goddamn joke. the whole
> country has major parts of its gdp only because of their incredibly flexible
> spine that they use to adjust to the silicon valley doing their EU money and
> data laundering, besides the UK there's not much more complicit states than
> the irish when it comes to EU wide mass surveillance.
>

-- 
Scientific Director, IndieBio Irish Programme
  Got a biology-inspired business idea that $50,000 -
  & 3 months in a well equipped lab could accelerate?
  Apply for the Summer programme in Ireland:
  http://indie.bio/apply-to-ireland
Twitter:  @onetruecathal
Phone: +353876363185
miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM
peerio.com: cathalgarvey




From s at ctrlc.hu  Wed Mar  4 02:35:39 2015
From: s at ctrlc.hu (stef)
Date: Wed, 4 Mar 2015 11:35:39 +0100
Subject: Cypherpunk Politics [was: REAL-ID Coming]
In-Reply-To: <487699A4-B097-4AD7-B4E7-7F7204CC17D1@cathalgarvey.me>
References: <CAD2Ti29zq5jjVh7u6V8a_mGnC-i2DpCdn7O5vzE-=C-bsa6OVA@mail.gmail.com>
 <487699A4-B097-4AD7-B4E7-7F7204CC17D1@cathalgarvey.me>
Message-ID: <20150304103539.GD6600@ctrlc.hu>

On Wed, Mar 04, 2015 at 07:16:18AM +0000, Cathal (Phone) wrote:
>  +1. More than this, whatever your feelings on governments per se, not all governments are particularly bad when it comes to privacy, spying, etcetera.
> 
> There is plenty wrong with the Irish kleptocracy, but as far as we currently know domestic mass surveillance isn't in play over here.

wth are you talking about? ireland is the bridgehead of fucking facebooks
tentacles. the irish data protection officer is a goddamn joke. the whole
country has major parts of its gdp only because of their incredibly flexible
spine that they use to adjust to the silicon valley doing their EU money and
data laundering, besides the UK there's not much more complicit states than
the irish when it comes to EU wide mass surveillance.

-- 
otr fp: https://www.ctrlc.hu/~stef/otr.txt




From grarpamp at gmail.com  Wed Mar  4 08:38:22 2015
From: grarpamp at gmail.com (grarpamp)
Date: Wed, 4 Mar 2015 11:38:22 -0500
Subject: Cypherpunk Politics [was: REAL-ID Coming]
In-Reply-To: <54f69da8.1028370a.6ebc.59a7@mx.google.com>
References: <CAD2Ti29zq5jjVh7u6V8a_mGnC-i2DpCdn7O5vzE-=C-bsa6OVA@mail.gmail.com>
 <54f69da8.1028370a.6ebc.59a7@mx.google.com>
Message-ID: <CAD2Ti2-xE8pF2=kgGsaMEzif1XAT_BUeT8z7u+r_GwCSMWcGCw@mail.gmail.com>

On Wed, Mar 4, 2015 at 12:55 AM, Juan <juan.g71 at gmail.com> wrote:
> LMAO!

We're listening, show us the way...

> Or maybe you are in the payroll of the CIA.

I hear they have interesting jobs, you should apply.




From juan.g71 at gmail.com  Wed Mar  4 11:45:55 2015
From: juan.g71 at gmail.com (Juan)
Date: Wed, 4 Mar 2015 16:45:55 -0300
Subject: Cypherpunk Politics [was: REAL-ID Coming]
In-Reply-To: <CAD2Ti2-xE8pF2=kgGsaMEzif1XAT_BUeT8z7u+r_GwCSMWcGCw@mail.gmail.com>
References: <CAD2Ti29zq5jjVh7u6V8a_mGnC-i2DpCdn7O5vzE-=C-bsa6OVA@mail.gmail.com>
 <54f69da8.1028370a.6ebc.59a7@mx.google.com>
 <CAD2Ti2-xE8pF2=kgGsaMEzif1XAT_BUeT8z7u+r_GwCSMWcGCw@mail.gmail.com>
Message-ID: <54f7603c.490f370a.6cc3.ffffa64c@mx.google.com>

On Wed, 4 Mar 2015 11:38:22 -0500
grarpamp <grarpamp at gmail.com> wrote:

> On Wed, Mar 4, 2015 at 12:55 AM, Juan <juan.g71 at gmail.com> wrote:
> > LMAO!
> 
> We're listening, show us the way...


	Listening, that seems to be exactly what you are not doing. 

	But go ahead. Post videos from retards who think they own
	the government. Surely people who start with such a
	brilliant premise must have it all figured out.


> 
> > Or maybe you are in the payroll of the CIA.
> 
> I hear they have interesting jobs, you should apply.


	Sure. I can a few recomendation letters from the
	'cypherpunk scene' eh? 

	





From juan.g71 at gmail.com  Wed Mar  4 12:02:55 2015
From: juan.g71 at gmail.com (Juan)
Date: Wed, 4 Mar 2015 17:02:55 -0300
Subject: Cypherpunk Politics [was: REAL-ID Coming]
In-Reply-To: <3463228.l2ZtnIyyF7@lapuntu>
References: <CAD2Ti29zq5jjVh7u6V8a_mGnC-i2DpCdn7O5vzE-=C-bsa6OVA@mail.gmail.com>
 <54f69da8.1028370a.6ebc.59a7@mx.google.com>
 <CAD2Ti2-xE8pF2=kgGsaMEzif1XAT_BUeT8z7u+r_GwCSMWcGCw@mail.gmail.com>
 <3463228.l2ZtnIyyF7@lapuntu>
Message-ID: <54f76437.8362e00a.42f9.19d3@mx.google.com>

On Wed, 04 Mar 2015 18:26:57 +0100
rysiek <rysiek at hackerspace.pl> wrote:

> Dnia środa, 4 marca 2015 11:38:22 grarpamp pisze:
> > I hear they have interesting jobs, you should apply.
> 
> I don't think anybody can have two jobs with them at the same time,
> mate.
> 

	What, you wanted to double your income? Is that how you found
	out.


	And notice the sheer stupidity. Since I laugh at people who ARE
	working for the americunt nazi government while pretending to be
	'freedom fighters' I must be working for them as well? Credo
	quia absurdum.


	

	













From juan.g71 at gmail.com  Wed Mar  4 12:04:20 2015
From: juan.g71 at gmail.com (Juan)
Date: Wed, 4 Mar 2015 17:04:20 -0300
Subject: Cypherpunk Politics [was: REAL-ID Coming]
In-Reply-To: <CAD2Ti2-xE8pF2=kgGsaMEzif1XAT_BUeT8z7u+r_GwCSMWcGCw@mail.gmail.com>
References: <CAD2Ti29zq5jjVh7u6V8a_mGnC-i2DpCdn7O5vzE-=C-bsa6OVA@mail.gmail.com>
 <54f69da8.1028370a.6ebc.59a7@mx.google.com>
 <CAD2Ti2-xE8pF2=kgGsaMEzif1XAT_BUeT8z7u+r_GwCSMWcGCw@mail.gmail.com>
Message-ID: <54f7648d.9439e00a.4c31.3689@mx.google.com>


> 	Sure. I can a few recomendation letters from the
> 	'cypherpunk scene' eh? 

	I can +get 

	





From cathalgarvey at cathalgarvey.me  Wed Mar  4 09:14:40 2015
From: cathalgarvey at cathalgarvey.me (Cathal Garvey)
Date: Wed, 04 Mar 2015 17:14:40 +0000
Subject: Cypherpunk Politics [was: REAL-ID Coming]
In-Reply-To: <CAD2Ti2-xE8pF2=kgGsaMEzif1XAT_BUeT8z7u+r_GwCSMWcGCw@mail.gmail.com>
References: <CAD2Ti29zq5jjVh7u6V8a_mGnC-i2DpCdn7O5vzE-=C-bsa6OVA@mail.gmail.com>
 <54f69da8.1028370a.6ebc.59a7@mx.google.com>
 <CAD2Ti2-xE8pF2=kgGsaMEzif1XAT_BUeT8z7u+r_GwCSMWcGCw@mail.gmail.com>
Message-ID: <54F73D80.9050108@cathalgarvey.me>

I love how I only see wacky excerpts of Juan's out of context, these 
days. :)

On 04/03/15 16:38, grarpamp wrote:
> On Wed, Mar 4, 2015 at 12:55 AM, Juan <juan.g71 at gmail.com> wrote:
>> LMAO!
>
> We're listening, show us the way...
>
>> Or maybe you are in the payroll of the CIA.
>
> I hear they have interesting jobs, you should apply.
>

-- 
Scientific Director, IndieBio Irish Programme
  Got a biology-inspired business idea that $50,000 -
  & 3 months in a well equipped lab could accelerate?
  Apply for the Summer programme in Ireland:
  http://indie.bio/apply-to-ireland
Twitter:  @onetruecathal
Phone: +353876363185
miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM
peerio.com: cathalgarvey




From rysiek at hackerspace.pl  Wed Mar  4 09:26:57 2015
From: rysiek at hackerspace.pl (rysiek)
Date: Wed, 04 Mar 2015 18:26:57 +0100
Subject: Cypherpunk Politics [was: REAL-ID Coming]
In-Reply-To: <CAD2Ti2-xE8pF2=kgGsaMEzif1XAT_BUeT8z7u+r_GwCSMWcGCw@mail.gmail.com>
References: <CAD2Ti29zq5jjVh7u6V8a_mGnC-i2DpCdn7O5vzE-=C-bsa6OVA@mail.gmail.com>
 <54f69da8.1028370a.6ebc.59a7@mx.google.com>
 <CAD2Ti2-xE8pF2=kgGsaMEzif1XAT_BUeT8z7u+r_GwCSMWcGCw@mail.gmail.com>
Message-ID: <3463228.l2ZtnIyyF7@lapuntu>

Dnia środa, 4 marca 2015 11:38:22 grarpamp pisze:
> I hear they have interesting jobs, you should apply.

I don't think anybody can have two jobs with them at the same time, mate.

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150304/c3a5de09/attachment.sig>

From rysiek at hackerspace.pl  Wed Mar  4 12:43:49 2015
From: rysiek at hackerspace.pl (rysiek)
Date: Wed, 04 Mar 2015 21:43:49 +0100
Subject: Cypherpunk Politics [was: REAL-ID Coming]
In-Reply-To: <54F73D80.9050108@cathalgarvey.me>
References: <CAD2Ti29zq5jjVh7u6V8a_mGnC-i2DpCdn7O5vzE-=C-bsa6OVA@mail.gmail.com>
 <CAD2Ti2-xE8pF2=kgGsaMEzif1XAT_BUeT8z7u+r_GwCSMWcGCw@mail.gmail.com>
 <54F73D80.9050108@cathalgarvey.me>
Message-ID: <10333024.W4mdEMv12H@lapuntu>

Dnia środa, 4 marca 2015 17:14:40 Cathal Garvey pisze:
> I love how I only see wacky excerpts of Juan's out of context, these
> days. :)

Oh, you're missing out! For some reason Juan's really active in this 
particular thread. :)

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150304/be884334/attachment.sig>

From rysiek at hackerspace.pl  Wed Mar  4 12:45:12 2015
From: rysiek at hackerspace.pl (rysiek)
Date: Wed, 04 Mar 2015 21:45:12 +0100
Subject: Backward compatibility bites again (like RC4 in WPA2)
In-Reply-To: <CAJVRA1ThLv2jyQ-HiMD9kPuCb+hMdr5OfteQX_RKPcJK2SVzvQ@mail.gmail.com>
References: <CAJVRA1Qn3+DTb7gMYJt4gYAJdooR8FEKF1H=JrdiLTMvRFs0jw@mail.gmail.com>
 <CAJVRA1Spc8Ocp5mVg6W_deQx5xpGgWRfO-sscd4NrEXEoidR6A@mail.gmail.com>
 <CAJVRA1ThLv2jyQ-HiMD9kPuCb+hMdr5OfteQX_RKPcJK2SVzvQ@mail.gmail.com>
Message-ID: <5869564.6a3K9BWXjP@lapuntu>

Dnia wtorek, 3 marca 2015 13:48:28 coderman pisze:
> On 2/4/15, coderman <coderman at gmail.com> wrote:
> > ...
> > 2015, RC4 still in WPA2, WPA2 still in everything, ... [0].
> 
> not RC4 specifically, but EXP-RC4-MD5 is the avenue:
> 
> "The export-grade RSA ciphers are the remains of a 1980s-vintage
> effort to weaken cryptography so that intelligence agencies would be
> able to monitor. This was done badly. So badly, that while the
> policies were ultimately scrapped, they’re still hurting us today."
>  -
> http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-fac
> toring-nsa.html
> 
> RC4, still hurting us today, too!

NSA -- making the world a less safe place, one cipher at a time!

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150304/7da64123/attachment.sig>

From hettinga at gmail.com  Thu Mar  5 06:32:12 2015
From: hettinga at gmail.com (Robert Hettinga)
Date: Thu, 5 Mar 2015 10:32:12 -0400
Subject: Curiouser and Curioser...
Message-ID: <38D1310F-720A-4780-A88E-32B71A260EEE@gmail.com>

http://andstillipersist.com/2015/03/curiouser-and-curiouser/




From dal at riseup.net  Thu Mar  5 11:46:15 2015
From: dal at riseup.net (Douglas Lucas)
Date: Thu, 05 Mar 2015 13:46:15 -0600
Subject: Cypherpunk Politics
In-Reply-To: <CAD2Ti2_pGSsjvnvERDLJn=u_tj8DqTajgV_GAn4DJbotsM-qMw@mail.gmail.com>
References: <CAD2Ti2_pGSsjvnvERDLJn=u_tj8DqTajgV_GAn4DJbotsM-qMw@mail.gmail.com>
Message-ID: <54F8B287.5090901@riseup.net>

ohai,

On 01/18/2015 01:36 AM, grarpamp wrote:
> What of political license / subscription to theory, and actual
> politiking like Pirate Party?
> Are the various cypherpunk manifesto's serve as actual platform
> and/or docs for same?
> Who is forming such entities in today? Where are they now?
> What are the platform/action?
> 

The establishment invariably co-opts. Stratfor's Duchin formula (free
Jeremy) is one corporations use to defeat grassroots activists. It is as
follows: bet on the opportunists, co-opt the realists, emotionally
manipulate the idealists into becoming realists, and as a result of all
this, the radicals are isolated and left without support.

So skip the establishment. I know this might be heretical to most of
y'all, but after all of the privacy omg shiny tech toys are said and
done, Bitcoin is just more money. We need to get rid of the financial
system. Read up on some, call it anarchism if you haven't. Try Ursula K.
Le Guin's The Dispossessed (fiction), Heather Marsh's Binding Chaos
(nonfiction), and plenty of other resources. You know how to search
engine, you can find those for free.

What I find hilarious is that there are people who accept that the JFK
assassination was a US domestic coup, that the dark arts of marketers'
psychological manipulation is near-infinite in power, etc., but still
think the authorities are too dumb to figure out how to stop the
citizenry from voting them out.

Thankfully, everyone's familiar with approval economy (I support you, so
I will pass the salt (share resources); you suck, so get out of my
house) which has an opportunity to go widespread in the West whenever
and wherever there's collapse of the official economy (as opposed to
human, drugs, and arms trafficking shadow economies) or natural disasters.

We don't need no Senator Assange or Falkvinge being a Thought Leader.
Turn that shit off and go make it a potluck/community garden everywhere.
BUT that won't build your brand, you won't get to sit on panels, etc.
The going rate for seriously working to end the financial system is
generally $0/hr. More fun to build independent public inquiries
tribunals (I'm working on documenting past examples: what went wrong?
what went right? how did they develop from idea to execution?) than to
try to lol vote. Democracy sucks: individuals can't represent groups and
vice versa. also lol vote.




From grarpamp at gmail.com  Thu Mar  5 12:32:36 2015
From: grarpamp at gmail.com (grarpamp)
Date: Thu, 5 Mar 2015 15:32:36 -0500
Subject: Cypherpunk Politics
In-Reply-To: <54F8B287.5090901@riseup.net>
References: <CAD2Ti2_pGSsjvnvERDLJn=u_tj8DqTajgV_GAn4DJbotsM-qMw@mail.gmail.com>
 <54F8B287.5090901@riseup.net>
Message-ID: <CAD2Ti29tH-G2U1trHA-FozXAEFG-AseTAyJ9seK7Emg670tujw@mail.gmail.com>

On Thu, Mar 5, 2015 at 2:46 PM, Douglas Lucas <dal at riseup.net> wrote:
> So skip the establishment.
> ...
> Democracy sucks: individuals can't represent groups and
> vice versa.

For some, the NULL is just as valid an answer to the political
question. A hard thing to achieve as it is nature of humanity
to group in things, including politic.




From grarpamp at gmail.com  Thu Mar  5 13:48:32 2015
From: grarpamp at gmail.com (grarpamp)
Date: Thu, 5 Mar 2015 16:48:32 -0500
Subject: Cypherpunk Politics
In-Reply-To: <54F8C1F5.2040200@cathalgarvey.me>
References: <CAD2Ti2_pGSsjvnvERDLJn=u_tj8DqTajgV_GAn4DJbotsM-qMw@mail.gmail.com>
 <54F8B287.5090901@riseup.net>
 <CAD2Ti29tH-G2U1trHA-FozXAEFG-AseTAyJ9seK7Emg670tujw@mail.gmail.com>
 <54F8C1F5.2040200@cathalgarvey.me>
Message-ID: <CAD2Ti29p6HWr-UWp8QPGeEsJ8LhLt-Stpb5krrw8KnyszQHxGQ@mail.gmail.com>

On Thu, Mar 5, 2015 at 3:52 PM, Cathal Garvey
<cathalgarvey at cathalgarvey.me> wrote:
> Far better, I think, to take a statistically relevant sample of the
> population on a rolling basis: Liquid Sortition.

term limited, rolling, random selection (including from kids, drunks,
quacks, criminals, resident aliens, cpunks, etc... that's
representative, they'll sort it out).
single scope bills
the list of possible reforms goes on and on.




From cathalgarvey at cathalgarvey.me  Thu Mar  5 12:52:05 2015
From: cathalgarvey at cathalgarvey.me (Cathal Garvey)
Date: Thu, 05 Mar 2015 20:52:05 +0000
Subject: Cypherpunk Politics
In-Reply-To: <CAD2Ti29tH-G2U1trHA-FozXAEFG-AseTAyJ9seK7Emg670tujw@mail.gmail.com>
References: <CAD2Ti2_pGSsjvnvERDLJn=u_tj8DqTajgV_GAn4DJbotsM-qMw@mail.gmail.com>
 <54F8B287.5090901@riseup.net>
 <CAD2Ti29tH-G2U1trHA-FozXAEFG-AseTAyJ9seK7Emg670tujw@mail.gmail.com>
Message-ID: <54F8C1F5.2040200@cathalgarvey.me>

I have to agree that these days I don't see elections, as currently 
performed, as being effective at representing the population.

Case in point, here in Ireland we have Proportional Representation, 
which helps to prevent a two-party system and means that we are more 
likely to achieve a voting outcome that satisfies (or dissatisfies) the 
most people; a compromise, instead of a strategically voted least-worst.

However, we still have the problem that only a wealthy person can run 
for office, in the same way that only a wealthy person can take the risk 
of "boot-strapping" a company or take any comparable risk. So, only 
wealthy people get represented, and thus regular or disadvantaged people 
get little representation.

Far better, I think, to take a statistically relevant sample of the 
population on a rolling basis: Liquid Sortition.

If I had my way, one of our houses of government would be pure liquid 
sortition, the other would be a form of liquid democracy, and instead of 
a president we'd call a large jury for each legislative change that 
might require constitutional oversight.

But I won't get my way. :)

On 05/03/15 20:32, grarpamp wrote:
> On Thu, Mar 5, 2015 at 2:46 PM, Douglas Lucas <dal at riseup.net> wrote:
>> So skip the establishment.
>> ...
>> Democracy sucks: individuals can't represent groups and
>> vice versa.
>
> For some, the NULL is just as valid an answer to the political
> question. A hard thing to achieve as it is nature of humanity
> to group in things, including politic.
>

-- 
Scientific Director, IndieBio Irish Programme
  Got a biology-inspired business idea that $50,000 -
  & 3 months in a well equipped lab could accelerate?
  Apply for the Summer programme in Ireland:
  http://indie.bio/apply-to-ireland
Twitter:  @onetruecathal
Phone: +353876363185
miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM
peerio.com: cathalgarvey




From Rayzer at riseup.net  Thu Mar  5 13:55:49 2015
From: Rayzer at riseup.net (Razer)
Date: Thu, 5 Mar 2015 21:55:49 +0000
Subject: Cypherpunk Politics
In-Reply-To: <54F8B287.5090901@riseup.net>
References: <CAD2Ti2_pGSsjvnvERDLJn=u_tj8DqTajgV_GAn4DJbotsM-qMw@mail.gmail.com>
 <54F8B287.5090901@riseup.net>
Message-ID: <20150305215549.54d1ee4b@riseup.net>

On Thu, 05 Mar 2015 13:46:15 -0600
Douglas Lucas <dal at riseup.net> (sarcastically) wrote:

> There are people who accept that the JFK
> assassination was a US domestic coup

I accept that the Banker's Coup against FDR (exposed by Smedley Butler
of "War is a Racket" fame) culminated in part as the assassination of
JFK. Even as he was speaking the words (paraphrase) 'There are dark
forces seeking to overthrow our way of life and I'm going to get to the
bottom of it before...' my mother was receiving the very first
'revolving charge cards'. Now better known as "Credit Cards".

Before that time they were referred to as "Charge Plates" and the
companies issuing them expected PAYMENT IN FULL at EOM.

Those revolving charge cards, which were sent en masse without request
to damn near every adult in the US were credit check free. All you had
to do was USE it and it was yours... To buy any shiny thing the
burgeoning advertising industry was offering, and the user got
locked into an insidious form of economic slavery... Typically for the
rest of their consumerist lives.

My mother was always cutting the cards into confetti and sending them
back to the companies, but eventually, like almost every American, she
succumbed.

Between the banking industry for whom revolving charge accounts were a
godsend in the way of permanently ongoing interest charged to almost
every adult American, which I suspect was the instrument of the "Dark
Force" in JFK's words I paraphrased in the first paragraph, the CIA...
still enraged (along with the Cuban Gusanos they fronted for, and
continue to assist up to this very day) by JFK's failure to provide air
support to the Bay of Pigs invaders leading to the failure of the
invasion, and the MAFIA, who lost their rum-running-Whorehouse
operation on Cuba because of that failed invasion, JFK made some mighty
powerful enemies any of whom could have EASILY arranged his
assassination.

In the good ol' days Presidents even rode around in convertibles.

About the Mafia's rum-running FOB/whorehouse, Cuba...

https://archive.org/details/tth_080219




From rysiek at hackerspace.pl  Thu Mar  5 15:56:15 2015
From: rysiek at hackerspace.pl (rysiek)
Date: Fri, 06 Mar 2015 00:56:15 +0100
Subject: Cypherpunk Politics
In-Reply-To: <54F8B287.5090901@riseup.net>
References: <CAD2Ti2_pGSsjvnvERDLJn=u_tj8DqTajgV_GAn4DJbotsM-qMw@mail.gmail.com>
 <54F8B287.5090901@riseup.net>
Message-ID: <1477551.g9ADoReSGZ@lapuntu>

Dnia czwartek, 5 marca 2015 13:46:15 Douglas Lucas pisze:
> What I find hilarious is that there are people who accept that the JFK
> assassination was a US domestic coup, that the dark arts of marketers'
> psychological manipulation is near-infinite in power, etc., but still
> think the authorities are too dumb to figure out how to stop the
> citizenry from voting them out.

What I find hilarious is that there are people who accept that that the dark 
arts of marketers' psychological manipulation is near-infinite in power, etc., 
but still think the authorities are too dumb to figure out a way to handle a 
bunch of radicals.

No, seriously, you can't have it both ways. Either "Teh Establishment" is all-
powerful, or it isn't. If it is, we're all fucked anyway. If it isn't, there's 
more than one way to try to make the world a better place.

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150306/bf19414d/attachment.sig>

From juan.g71 at gmail.com  Thu Mar  5 22:40:58 2015
From: juan.g71 at gmail.com (Juan)
Date: Fri, 6 Mar 2015 03:40:58 -0300
Subject: Cypherpunk Politics
In-Reply-To: <1477551.g9ADoReSGZ@lapuntu>
References: <CAD2Ti2_pGSsjvnvERDLJn=u_tj8DqTajgV_GAn4DJbotsM-qMw@mail.gmail.com>
 <54F8B287.5090901@riseup.net> <1477551.g9ADoReSGZ@lapuntu>
Message-ID: <54f94b72.0b878c0a.597b.072f@mx.google.com>

On Fri, 06 Mar 2015 00:56:15 +0100
rysiek <rysiek at hackerspace.pl> wrote:

> Dnia czwartek, 5 marca 2015 13:46:15 Douglas Lucas pisze:
> > What I find hilarious is that there are people who accept that the
> > JFK assassination was a US domestic coup, that the dark arts of
> > marketers' psychological manipulation is near-infinite in power,
> > etc., but still think the authorities are too dumb to figure out
> > how to stop the citizenry from voting them out.
> 
> What I find hilarious is that there are people who accept that that
> the dark arts of marketers' psychological manipulation is
> near-infinite in power, etc., but still think the authorities are too
> dumb to figure out a way to handle a bunch of radicals.
> 
> No, seriously, you can't have it both ways. 


	What? There's no contradiction in that paragraph. 

	And of course you flatly ignored his previous comments about how
	the establishment has 'realists'  like you working for them,
	whether you're on their payroll or not. 


> Either "Teh
> Establishment" is all- powerful, or it isn't. 


	The establishmet is all powerful at their game. So the
	solution is to not play their game. 

	I suggest you first make sure you UNDERSTAND what someone said
	before trying to criticize it. 



> If it is, we're all
> fucked anyway. If it isn't, there's more than one way to try to make
> the world a better place.
> 




From jya at pipeline.com  Fri Mar  6 08:06:00 2015
From: jya at pipeline.com (John Young)
Date: Fri, 06 Mar 2015 11:06:00 -0500
Subject: Cryptome Deborah Natsios Exhibit in LA
In-Reply-To: <CAD2Ti29p6HWr-UWp8QPGeEsJ8LhLt-Stpb5krrw8KnyszQHxGQ@mail.g
 mail.com>
References: <CAD2Ti2_pGSsjvnvERDLJn=u_tj8DqTajgV_GAn4DJbotsM-qMw@mail.gmail.com>
 <54F8B287.5090901@riseup.net>
 <CAD2Ti29tH-G2U1trHA-FozXAEFG-AseTAyJ9seK7Emg670tujw@mail.gmail.com>
 <54F8C1F5.2040200@cathalgarvey.me>
 <CAD2Ti29p6HWr-UWp8QPGeEsJ8LhLt-Stpb5krrw8KnyszQHxGQ@mail.gmail.com>
Message-ID: <E1YTujH-0003qK-9H@elasmtp-junco.atl.sa.earthlink.net>

Deborah Natsios, Cryptome, upcoming exhibit Dem Passwords Gallery, LA

<http://t.co/5n5VVr1k3G>http://www.dempasswords.com/upcoming.php

http://cryptome.org/2013/05/newmuseum-censor/newmuseum-censor.htm

https://www.youtube.com/watch?v=NzSB1__vHoM

We'll be there. Chopper in, drop by. Dare to key sign.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 560 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150306/b38bd62d/attachment.txt>

From grarpamp at gmail.com  Fri Mar  6 09:52:09 2015
From: grarpamp at gmail.com (grarpamp)
Date: Fri, 6 Mar 2015 12:52:09 -0500
Subject: Snowden Document Archive
Message-ID: <CAD2Ti2-heSqNzUgdKZgNLFdLyHHfwYPvcruOaEQwmDmOqSKdUw@mail.gmail.com>

https://snowdenarchive.cjfe.org/greenstone/cgi-bin/library.cgi




From jya at pipeline.com  Sat Mar  7 07:23:40 2015
From: jya at pipeline.com (John Young)
Date: Sat, 07 Mar 2015 10:23:40 -0500
Subject: Crypto Vulns
Message-ID: <E1YUGXA-0004Ba-SG@elasmtp-mealy.atl.sa.earthlink.net>

No 1 vulnerability of crypto is the user
2nd passphrases
3rd overconfidence
4th trust in the producer
5th believing backdoors are No. 1





From afalex169 at gmail.com  Sat Mar  7 01:50:42 2015
From: afalex169 at gmail.com (=?UTF-8?B?INCQ0LvQtdC60YHQsNC90LTRgCA=?=)
Date: Sat, 7 Mar 2015 11:50:42 +0200
Subject: A Declaration of the Independence of Cyberspace
Message-ID: <CAEm6KbK1_Y98u-DC6VQtpFLvEGjTqE575exrLDS6OeuOcjT2Aw@mail.gmail.com>

​​
by John Perry Barlow

Governments of the Industrial World, you weary giants of flesh and steel, I
come from Cyberspace, the new home of Mind. On behalf of the future, I ask
you of the past to leave us alone. You are not welcome among us. You have
no sovereignty where we gather.

We have no elected government, nor are we likely to have one, so I address
you with no greater authority than that with which liberty itself always
speaks. I declare the global social space we are building to be naturally
independent of the tyrannies you seek to impose on us. You have no moral
right to rule us nor do you possess any methods of enforcement we have true
reason to fear.

Governments derive their just powers from the consent of the governed. You
have neither solicited nor received ours. We did not invite you. You do not
know us, nor do you know our world. Cyberspace does not lie within your
borders. Do not think that you can build it, as though it were a public
construction project. You cannot. It is an act of nature and it grows
itself through our collective actions.

You have not engaged in our great and gathering conversation, nor did you
create the wealth of our marketplaces. You do not know our culture, our
ethics, or the unwritten codes that already provide our society more order
than could be obtained by any of your impositions.

You claim there are problems among us that you need to solve. You use this
claim as an excuse to invade our precincts. Many of these problems don't
exist. Where there are real conflicts, where there are wrongs, we will
identify them and address them by our means. We are forming our own Social
Contract . This governance will arise according to the conditions of our
world, not yours. Our world is different.

Cyberspace consists of transactions, relationships, and thought itself,
arrayed like a standing wave in the web of our communications. Ours is a
world that is both everywhere and nowhere, but it is not where bodies live.

We are creating a world that all may enter without privilege or prejudice
accorded by race, economic power, military force, or station of birth.

We are creating a world where anyone, anywhere may express his or her
beliefs, no matter how singular, without fear of being coerced into silence
or conformity.

Your legal concepts of property, expression, identity, movement, and
context do not apply to us. They are all based on matter, and there is no
matter here.

Our identities have no bodies, so, unlike you, we cannot obtain order by
physical coercion. We believe that from ethics, enlightened self-interest,
and the commonweal, our governance will emerge . Our identities may be
distributed across many of your jurisdictions. The only law that all our
constituent cultures would generally recognize is the Golden Rule. We hope
we will be able to build our particular solutions on that basis. But we
cannot accept the solutions you are attempting to impose.

In the United States, you have today created a law, the Telecommunications
Reform Act, which repudiates your own Constitution and insults the dreams
of Jefferson, Washington, Mill, Madison, DeToqueville, and Brandeis. These
dreams must now be born anew in us.

You are terrified of your own children, since they are natives in a world
where you will always be immigrants. Because you fear them, you entrust
your bureaucracies with the parental responsibilities you are too cowardly
to confront yourselves. In our world, all the sentiments and expressions of
humanity, from the debasing to the angelic, are parts of a seamless whole,
the global conversation of bits. We cannot separate the air that chokes
from the air upon which wings beat.

In China, Germany, France, Russia, Singapore, Italy and the United States,
you are trying to ward off the virus of liberty by erecting guard posts at
the frontiers of Cyberspace. These may keep out the contagion for a small
time, but they will not work in a world that will soon be blanketed in
bit-bearing media.

Your increasingly obsolete information industries would perpetuate
themselves by proposing laws, in America and elsewhere, that claim to own
speech itself throughout the world. These laws would declare ideas to be
another industrial product, no more noble than pig iron. In our world,
whatever the human mind may create can be reproduced and distributed
infinitely at no cost. The global conveyance of thought no longer requires
your factories to accomplish.

These increasingly hostile and colonial measures place us in the same
position as those previous lovers of freedom and self-determination who had
to reject the authorities of distant, uninformed powers. We must declare
our virtual selves immune to your sovereignty, even as we continue to
consent to your rule over our bodies. We will spread ourselves across the
Planet so that no one can arrest our thoughts.

We will create a civilization of the Mind in Cyberspace. May it be more
humane and fair than the world your governments have made before.

Davos, Switzerland
February 8, 1996
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 5307 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150307/80225f8e/attachment.txt>

From s at ctrlc.hu  Sat Mar  7 07:32:54 2015
From: s at ctrlc.hu (stef)
Date: Sat, 7 Mar 2015 16:32:54 +0100
Subject: [cryptography] Crypto Vulns
In-Reply-To: <E1YUGXA-0004Ba-SG@elasmtp-mealy.atl.sa.earthlink.net>
References: <E1YUGXA-0004Ba-SG@elasmtp-mealy.atl.sa.earthlink.net>
Message-ID: <20150307153254.GC6815@ctrlc.hu>

On Sat, Mar 07, 2015 at 10:23:40AM -0500, John Young wrote:
> No 1 vulnerability of crypto is the user

absolutely: pls enjoy this:
https://en.wikipedia.org/wiki/List_of_cognitive_biases

which i also packed into an ebook for your convenience:
http://www.ctrlc.hu/~stef/cognitive_biases_-_layer8_security_advisories.epub
http://www.ctrlc.hu/~stef/cognitive_biases_-_layer8_security_advisories.pdf

-- 
otr fp: https://www.ctrlc.hu/~stef/otr.txt




From coderman at gmail.com  Sat Mar  7 17:33:34 2015
From: coderman at gmail.com (coderman)
Date: Sat, 7 Mar 2015 17:33:34 -0800
Subject: FOIPA adventures
In-Reply-To: <CAJVRA1SaJpNaPQx=s_7VVM==ony2sH0aUG3w11cjNX6escSm8w@mail.gmail.com>
References: <CAJVRA1SaJpNaPQx=s_7VVM==ony2sH0aUG3w11cjNX6escSm8w@mail.gmail.com>
Message-ID: <CAJVRA1QrRtMQ15nOsTRVgxgc8DnkpFHGqp1naojb5Rc730yUgw@mail.gmail.com>

first responsive one to complete:

https://www.muckrock.com/foi/united-states-of-america-10/pet-15590/

"A search of the INTERPOL Washington indices produced 87 responsive
pages regarding the Tor Project. We have reviewed the pages and are
releasing 3 pages with partial redactions pursuant to Title 5, United
States Code, Section 552 and of the FOIA."

i'm not going to challenge the exception, but if anyone else cares to,
see the case above.

best regards,


P.S. originally i had included Tor devs on these requests, with an
offer like the one below. it turns out most of them have tried these
FOIPA requests before, and got the run-around or simple Glommar
responses. rather than demonstrate an ability for selective insanity,
i am carrying on with this muckrock experiment solo.

finally, i have come to the position that i like muckrock, and anyone
else who wants embargoes during requests should sign up a professional
account and support their good work!

--

 <thanks, and>

 I have a HUGE favor to ask of you!
  and it involves multiple iterations of annoying paperwork.  :/
   [there are probably other reasons this is the worst request ever...]

 Should you kindly agree to participate, you will mail multiple copies
 of identification documents to various agencies. You will _not_ need to
 pay any fees. I will reimburse you for shipping with tracking number
 (prefer USPS priority with tracking #). Requests are hidden / embargoed
 until approved for public release - you will review them before public.

 This is in support of a project I describe below, using public records,
 and inspired by Aaron's fearless advocacy for transparency.

 I hope you consider participating!
 - martin




From coderman at gmail.com  Sat Mar  7 17:37:21 2015
From: coderman at gmail.com (coderman)
Date: Sat, 7 Mar 2015 17:37:21 -0800
Subject: FOIPA adventures
In-Reply-To: <CAJVRA1SaJpNaPQx=s_7VVM==ony2sH0aUG3w11cjNX6escSm8w@mail.gmail.com>
References: <CAJVRA1SaJpNaPQx=s_7VVM==ony2sH0aUG3w11cjNX6escSm8w@mail.gmail.com>
Message-ID: <CAJVRA1Q5Jxr7fFNQGmP05fuowSRGwF_wW_iMezck+NjW-acF0g@mail.gmail.com>

this one to the Office of the Director of National Intelligence (ODNI)
of the United States of America was outright rejected with Glommar
response. not going to push it further, for now.

https://www.muckrock.com/foi/united-states-of-america-10/pet-15591/




From coderman at gmail.com  Sat Mar  7 17:40:18 2015
From: coderman at gmail.com (coderman)
Date: Sat, 7 Mar 2015 17:40:18 -0800
Subject: FOIPA adventures
In-Reply-To: <CAJVRA1Q5Jxr7fFNQGmP05fuowSRGwF_wW_iMezck+NjW-acF0g@mail.gmail.com>
References: <CAJVRA1SaJpNaPQx=s_7VVM==ony2sH0aUG3w11cjNX6escSm8w@mail.gmail.com>
 <CAJVRA1Q5Jxr7fFNQGmP05fuowSRGwF_wW_iMezck+NjW-acF0g@mail.gmail.com>
Message-ID: <CAJVRA1SSFY4jqTFs_d8-fF_pq-PqYXJJy_8xpAi01zkFCZNh5Q@mail.gmail.com>

also Glommar from the Department of Homeland Security, Office of
Intelligence & Analysis of the United States of America.

https://www.muckrock.com/foi/united-states-of-america-10/pet-15594/




From coderman at gmail.com  Sat Mar  7 17:47:11 2015
From: coderman at gmail.com (coderman)
Date: Sat, 7 Mar 2015 17:47:11 -0800
Subject: FOIPA adventures
In-Reply-To: <CAJVRA1SSFY4jqTFs_d8-fF_pq-PqYXJJy_8xpAi01zkFCZNh5Q@mail.gmail.com>
References: <CAJVRA1SaJpNaPQx=s_7VVM==ony2sH0aUG3w11cjNX6escSm8w@mail.gmail.com>
 <CAJVRA1Q5Jxr7fFNQGmP05fuowSRGwF_wW_iMezck+NjW-acF0g@mail.gmail.com>
 <CAJVRA1SSFY4jqTFs_d8-fF_pq-PqYXJJy_8xpAi01zkFCZNh5Q@mail.gmail.com>
Message-ID: <CAJVRA1SEnO4dWhU8oxv1w+-FqaUcYeS9U9=1O3e_FPjqSLWx3Q@mail.gmail.com>

last but not least, some of the posed requests were deemed too broad
or undefined by the subject agency.

i asked for guidance through muckrock's internal forum system, but did
not receive useful replies (this community is pretty minuscule!)

future requests to be more laser targeted, and separate out Privacy
Act for individuals from general requests like Tor Project.

"effective FOIA's - art not science!"

:)




From rysiek at hackerspace.pl  Sat Mar  7 14:18:31 2015
From: rysiek at hackerspace.pl (rysiek)
Date: Sat, 07 Mar 2015 23:18:31 +0100
Subject: Governments Covertly Fund Internet Freedom Activists
In-Reply-To: <op.xuxiotq0bgbjo9@work-pc>
References: <54F09958.1080901@gmx.com> <1461761.FKrLxga7Pt@lapuntu>
 <op.xuxiotq0bgbjo9@work-pc>
Message-ID: <3745470.Iv2kxWmFzh@lapuntu>

OHAI,

Dnia wtorek, 3 marca 2015 07:59:07 piszesz:
> On Tue, 03 Mar 2015 01:45:40 -0800, rysiek <rysiek at hackerspace.pl> wrote:
> > I cordially invite you to provide sufficient funding to all the
> > freedom/privacy/human rights related initiatives that are
> > government-funded
> > today.
> 
> I'm not sure that cordially inviting an individual to single handedly
> replace the 'funding' provided by a violent organized criminal
> organization that can extract funds from entire populations under the
> threat of violence, and also 'print' their own goddamned money is really a
> solid counter argument.

Well, provide any funds, at all, at least, then.

> Is the funding of FLOSS privacy enabling software a problem? Yes.

Glad we can agree here.

> Does it therefore follow that lining up at the government's stolen money
> slop trough until another solution can be devised is ever going to be a
> good idea in the long run? I would argue 'No'.

I would argue "that's not an easy answer". Depends on many variables, and 
boils down to: are we hacking the system to have our way, or are we being co-
opted by the system. It's never black or white, so it depends on a given 
situation.

> Look at the history and deviousness of government infiltration of 60's
> counterculture groups that were deemed a threat to state power. Timothy
> Leary an FBI snitch [1]. Richard Aoki, the man who helped arm the Black
> Panthers, an FBI snitch. [2].

And yet he helped arm the Black Panthers.

> Is it not reasonable to assume that these FLOSS privacy software projects
> represent a direct threat to state power? Is it not reasonable to assume
> that the state is therefore going to try and co-opt them?

Of course.

> Say by creating financial dependence via a seductive flow of stolen money,
> among other tactics?

Of course. Does it follow that the state necessarily will succeed in co-opting 
such projects? I would argue "no". The outcome is not so clear, and I do find 
the fact that these projects *are* funded and can continue to deliver the 
great tools they do deliver a rather positive one.

Until I see evidence of co-option (like backdoors in code or binaries, etc), I 
will continue to be cautiously optimistic here.

> Look at this recent Pando.com expose of the BBG (Broadcasting Board of
> Governers) which recently started pouring money into these privacy
> projects via the Open Technology Fund. [3]. These people are not on our
> side.
> 
> Also, regarding funding as a method of control. What did the U.S. federal
> government do when certain states were balked at raising the drinking age
> to 21? They threatened to cut their federal highway funds. Every state
> ended up caving to this demand. That's just one high profile example.

The question is not if the state can use such a tactic, but if those projects 
will bow down to such a tactic. Again, until I see such a situation, I will 
consider such funding an option, as long as there are no otehr options.

I prefer good FLOSS that is funded by the state money than no FLOSS at all.

> It's simply disheartening to see how gleefully some privacy activists
> accept the tainted govt blood money and then look hard the other way.

I'm sure you, my friend, have a steady cashflow that is in no way connected to 
blood money, and I congratulate you on that. Not all of us are so fortunate. 
As long as these privacy activists do not bow down and bend over -- and I have 
not seen evidence of that as far as several projects discussed on this list 
are concerned -- I don't see a huge problem.

It *would* be better to have them funded in some other way, but it's still 
better to have them funded at all.

> Never mind that the money was obtained by putting a metaphorical gun to
> the head of every person it was taken from. Never mind what the ulterior
> motives are of the organizations which are lavishing this stolen money
> upon the software privacy projects. Never mind the dependence this is
> going to create and the subsequent influence and control this is going to
> buy.
> 
> The means *are* the ends. And when the means are corrupted, so are the
> ends.

Cool. So let me ask you this: if you can either have (in large part) gov't-
funded FLOSS privacy-protecting projects, or next to none of such projects, 
what do you choose?

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150307/d2d5c255/attachment.sig>

From rysiek at hackerspace.pl  Sat Mar  7 18:18:57 2015
From: rysiek at hackerspace.pl (rysiek)
Date: Sun, 08 Mar 2015 03:18:57 +0100
Subject: FOIPA adventures
In-Reply-To: <CAJVRA1SEnO4dWhU8oxv1w+-FqaUcYeS9U9=1O3e_FPjqSLWx3Q@mail.gmail.com>
References: <CAJVRA1SaJpNaPQx=s_7VVM==ony2sH0aUG3w11cjNX6escSm8w@mail.gmail.com>
 <CAJVRA1SSFY4jqTFs_d8-fF_pq-PqYXJJy_8xpAi01zkFCZNh5Q@mail.gmail.com>
 <CAJVRA1SEnO4dWhU8oxv1w+-FqaUcYeS9U9=1O3e_FPjqSLWx3Q@mail.gmail.com>
Message-ID: <1614353.Um65rZno8d@lapuntu>

Dnia sobota, 7 marca 2015 17:47:11 coderman pisze:
> last but not least, some of the posed requests were deemed too broad
> or undefined by the subject agency.
> 
> i asked for guidance through muckrock's internal forum system, but did
> not receive useful replies (this community is pretty minuscule!)
> 
> future requests to be more laser targeted, and separate out Privacy
> Act for individuals from general requests like Tor Project.
> 
> "effective FOIA's - art not science!"

/me is lurking, this is relevant to his interests

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150308/fd361a74/attachment.sig>

From coderman at gmail.com  Sun Mar  8 04:45:16 2015
From: coderman at gmail.com (coderman)
Date: Sun, 8 Mar 2015 04:45:16 -0700
Subject: [tor-talk] FOIPA adventures
In-Reply-To: <CAD2Ti2_zodKdu3AjVrREXJqZ8gwRW6B+bwRE5sZnvTE6TpdvyQ@mail.gmail.com>
References: <CAJVRA1SaJpNaPQx=s_7VVM==ony2sH0aUG3w11cjNX6escSm8w@mail.gmail.com>
 <CAJVRA1QrRtMQ15nOsTRVgxgc8DnkpFHGqp1naojb5Rc730yUgw@mail.gmail.com>
 <CAD2Ti2_zodKdu3AjVrREXJqZ8gwRW6B+bwRE5sZnvTE6TpdvyQ@mail.gmail.com>
Message-ID: <CAJVRA1SsaYmFA_1RsF-A2CW21JY4tEmmoJtxF9jF02X+WOPSUA@mail.gmail.com>

On 3/8/15, grarpamp <grarpamp at gmail.com> wrote:
>> got the run-around or simple Glommar
>> responses.
>
> Actual spelling: Glomar


i can neither confirm nor deny that is the correct spelling. however,
this piece may be of interest ;)

  https://nsarchive.wordpress.com/2014/02/11/neither-confirm-nor-deny-the-history-of-the-glomar-response-and-the-glomar-explorer/




From grarpamp at gmail.com  Sun Mar  8 01:29:05 2015
From: grarpamp at gmail.com (grarpamp)
Date: Sun, 8 Mar 2015 05:29:05 -0400
Subject: [tor-talk] FOIPA adventures
In-Reply-To: <CAJVRA1QrRtMQ15nOsTRVgxgc8DnkpFHGqp1naojb5Rc730yUgw@mail.gmail.com>
References: <CAJVRA1SaJpNaPQx=s_7VVM==ony2sH0aUG3w11cjNX6escSm8w@mail.gmail.com>
 <CAJVRA1QrRtMQ15nOsTRVgxgc8DnkpFHGqp1naojb5Rc730yUgw@mail.gmail.com>
Message-ID: <CAD2Ti2_zodKdu3AjVrREXJqZ8gwRW6B+bwRE5sZnvTE6TpdvyQ@mail.gmail.com>

> got the run-around or simple Glommar
> responses.

Actual spelling: Glomar




From politynews at gmx.com  Sun Mar  8 13:51:54 2015
From: politynews at gmx.com (Polity News)
Date: Sun, 08 Mar 2015 16:51:54 -0400
Subject: FOIPA adventures
Message-ID: <54FCB66A.1050009@gmx.com>

If you receive a Glomar response to a FOIA request, you can use that to
file a Mandatory Declassification Review (MDR). You can request for the
records to be declassified and challenge the classification.

You have to make sure that you follow the correct procedure and appeal
to the ISCAP board in time.


Info on MDR appeals
http://www.archives.gov/declassification/iscap/mdr-appeals.html

Info on MDR
http://www2.gwu.edu/~nsarchiv/nsa/foia/foia_guide/foia_guide_chapter4.pdf

The NSA Archive has experience in filing MDRs
http://www2.gwu.edu/~nsarchiv/


On a side note, the US Navy, for months, lost my FOIA request about Tor
and the Navy finally transferred the request to the correct
department...where it continues to languish.




From grarpamp at gmail.com  Sun Mar  8 14:33:14 2015
From: grarpamp at gmail.com (grarpamp)
Date: Sun, 8 Mar 2015 17:33:14 -0400
Subject: FOIPA adventures
In-Reply-To: <54FCB66A.1050009@gmx.com>
References: <54FCB66A.1050009@gmx.com>
Message-ID: <CAD2Ti29o+ROpBFebh48ChbqfQuRRUVwgy4rQq7pJFDKbqc-_Uw@mail.gmail.com>

On Sun, Mar 8, 2015 at 4:51 PM, Polity News <politynews at gmx.com> wrote:
> file a Mandatory Declassification Review (MDR). You can request for the

It's amazing more people haven't found and used MDR.
There are also regulations / theory that specify things must
be declassified after certain time periods such as 30, 50,
and lifetime years. That's at least 1965 and newer, approaching
the edge of the modern spy, tech, and secrets game.
Also interesting that more people haven't tried pulling the
same inquiry or document a year or more apart to see if
excessive to context or pointless redactions differ (whether
by FOIA or MDR or both).




From politynews at gmx.com  Sun Mar  8 15:11:59 2015
From: politynews at gmx.com (Polity News)
Date: Sun, 08 Mar 2015 18:11:59 -0400
Subject: FOIPA adventures
Message-ID: <54FCC92F.60607@gmx.com>

There is a public listserve for FOIA/MDR/Privacy Act issues. Just
remember that it is public list though.

http://www.nfoic.org/foi-listserv




From rminnich at gmail.com  Sun Mar  8 20:06:07 2015
From: rminnich at gmail.com (ron minnich)
Date: Mon, 09 Mar 2015 03:06:07 +0000
Subject: [coreboot] Fwd: lowRISC in Google Summer of Code 2015
Message-ID: <CAP6exY+27t8R7sU552nf7aZTR_0jaP5kcmq3wOCPBV3zLv2+8Q@mail.gmail.com>

---------- Forwarded message ---------
From: lowRISC Announcements <list at ann.lowrisc.org>
Date: Sun, Mar 8, 2015 at 1:52 PM
Subject: lowRISC in Google Summer of Code 2015
To: <rminnich at gmail.com>



We're pleased to announce that lowRISC is taking part in Google Summer of
Code
as a mentoring organisation. We're working with a number of our friends in
the
wider free and open source software and hardware communities to provide a
range of project ideas in a number of different implementation languages
covering every level of the hardware/software stack. GSoC provides a stipend
of $5500 for selected students to work on open source over the summer.

Student applications open on Monday 16th March. For more information, see
the
GSoC FAQ
<https://www.google-melange.com/gsoc/document/show/gsoc_
program/google/gsoc2015/help_page>.
The full lowRISC ideas list is available here
<http://www.lowrisc.org/docs/gsoc-2015-ideas/>, and the titles are listed
below. We're also very interested in student-proposed ideas. Massive thanks
are due to everyone who has volunteered to mentor.

* A fully open source FPGA compilation flow using Yosys
* Accessing the OpenCores ecosystem (implementing a Wishbone to TileLink
bridge)
* jor1k port to RISC-V
* Extend Tavor to support directed generation of assembly test cases
* Constrained randomised testing with coverage tracking in Cocotb
* TCP offload to minion cores using rump kernels
* Schematic Viewer for Netlists (SVG/JavaScript)
* Porting Icarus Verilog to JavaScript using Emscripten
* Optimized ray tracer for Nyuzi parallel processor
* Porting musl libc to RISC-V
* LLVM pass for control-flow hijacking protection using lowRISC’s tagged
memory
* Porting L4/FIASCO.OC to RISC-V
* Adding Chisel support to FuseSoC
* Trace Debugging Infrastructure for lowRISC
* OCaml native code port to RISC-V
* JTAG hardware debugging support for Nyuzi

Even if you're not a student, we'd appreciate your help in spreading the
word
to ensure we get the best possible applicants. As ever, we invite you to
subscribe to the lowrisc-dev discussion list
<http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/
lowrisc-dev-lists.lowrisc.org>,
idle on #lowRISC on irc.oftc.net, and follow @lowRISC on Twitter.

-- The lowRISC team


------
If you wish to unsubscribe, click http://subscribe.lowrisc.org/
unsubscribe?email=rminnich%40gmail.com&secret=e66ba8262f518ffbe2fb50edd82c61
f0ed8f5c6a

-- 
coreboot mailing list: coreboot at coreboot.org
http://www.coreboot.org/mailman/listinfo/coreboot


----- End forwarded message -----




From eugen at leitl.org  Mon Mar  9 05:44:13 2015
From: eugen at leitl.org (Eugen Leitl)
Date: Mon, 9 Mar 2015 13:44:13 +0100
Subject: [coreboot] Fwd: lowRISC in Google Summer of Code 2015
Message-ID: <20150309124413.GY10743@leitl.org>

----- Forwarded message from ron minnich <rminnich at gmail.com> -----


From eugen at leitl.org  Mon Mar  9 05:49:57 2015
From: eugen at leitl.org (Eugen Leitl)
Date: Mon, 9 Mar 2015 13:49:57 +0100
Subject: hey, that's a funny van
Message-ID: <20150309124956.GA10743@leitl.org>


https://pbs.twimg.com/media/B_dNCH6UwAArGlP.jpg:orig




From rysiek at hackerspace.pl  Mon Mar  9 16:41:31 2015
From: rysiek at hackerspace.pl (rysiek)
Date: Tue, 10 Mar 2015 00:41:31 +0100
Subject: Effect of Ubiquitous Encryption - IETF Draft
In-Reply-To: <E1YV3uz-0004VA-B7@elasmtp-galgo.atl.sa.earthlink.net>
References: <CAD2Ti2_pGSsjvnvERDLJn=u_tj8DqTajgV_GAn4DJbotsM-qMw@mail.gmail.com>
 <7.1.0.9.1.20150306110336.01c0c088@pipeline.com>
 <E1YV3uz-0004VA-B7@elasmtp-galgo.atl.sa.earthlink.net>
Message-ID: <1629744.jCWZLC0CXU@lapuntu>

Dnia poniedziałek, 9 marca 2015 16:04:57 John Young pisze:
> IETF draft "Effect of Ubiquitous Encryption"
> 
> <http://t.co/xrGAhyDtWP>http://www.ietf.org/id/draft-mm-wg-effect-encrypt-01
> .txt
> 
> "As the use of encryption continues to increase, [system operator]
> efforts to prevent it will continue to emerge."

And one of the authors' named Moriarty!

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150310/79528c63/attachment.sig>

From coderman at gmail.com  Tue Mar 10 03:37:52 2015
From: coderman at gmail.com (coderman)
Date: Tue, 10 Mar 2015 03:37:52 -0700
Subject: The .onion Special-Use Domain Name
Message-ID: <CAJVRA1TE+7Mp=ZPfKYP9bomi0ZwW70xm5NPN6AJg-H3Wa3VRyg@mail.gmail.com>

https://www.ietf.org/id/draft-appelbaum-dnsop-onion-tld-00.txt

dnsop                                                       J. Appelbaum
Internet-Draft                                          Tor Project Inc.
Intended status: Standards Track                              A. Muffett
Expires: September 6, 2015                                      Facebook
                                                           March 5, 2015


                   The .onion Special-Use Domain Name
                   draft-appelbaum-dnsop-onion-tld-00

Abstract

   This document registers the ".onion" Special-Use Domain Name.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on September 6, 2015.

Copyright Notice

   Copyright (c) 2015 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Notational Conventions  . . . . . . . . . . . . . . . . .   2
   2.  The ".onion" Special-Use TLD  . . . . . . . . . . . . . . . .   2
   3.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   3
   4.  Security Considerations . . . . . . . . . . . . . . . . . . .   3
   5.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   5
     5.1.  Normative References  . . . . . . . . . . . . . . . . . .   5
     5.2.  Informative References  . . . . . . . . . . . . . . . . .   5
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   5

1.  Introduction

   The Tor network [Dingledine2004] has the ability to host network
   services using the ".onion" Top-Level Domain.  Such addresses can be
   used as other domain names would be (e.g., in URLs [RFC3986]), but
   instead of using the DNS infrastructure, .onion names are hashes that
   correspond to the identity of a given service, thereby combining
   location and authentication.

   In this way, .onion names are "special" in the sense defined by
   [RFC6761] Section 3; they require hardware and software
   implementations to change their handling, in order to achieve the
   desired properties of the name (see Section 4).  These differences
   are listed in Section 2.

   Like other TLDs, .onion addresses can have an arbitrary number of
   subdomain components.  This information is not meaningful to the Tor
   protocol, but can be used in application protocols like HTTP
   [RFC7230].

   See [tor-address] and [tor-rendezvous] for the details of the
   creation and use of .onion names.

1.1.  Notational Conventions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

2.  The ".onion" Special-Use TLD

   These properties have the following effects upon parties using or
   processing .onion names (as per [RFC6761]):

   1.  Users: human users are expected to recognize .onion names as
       having different security properties, and also being only
       available through software that is aware of onion addresses.

   2.  Application Software: Applications that implement the Tor
       protocol MUST recognize .onion names as special by either
       accessing them directly, or using a proxy (e.g., SOCKS [RFC1928])
       to do so.  Applications that do not implement the Tor protocol
       SHOULD generate an error upon the use of .onion, and SHOULD NOT
       perform a DNS lookup.

   3.  Name Resolution APIs and Libraries: Resolvers that implement the
       Tor protocol MUST either respond to requests for .onion names by
       resolving them (see [tor-rendezvous]) or by responding with
       NXDOMAIN.  Other resolvers SHOULD respond with NXDOMAIN.

   4.  Caching DNS Servers: Caching servers SHOULD NOT attempt to look
       up records for .onion names.  They SHOULD generate NXDOMAIN for
       all such queries.

   5.  Authoritative DNS Servers: Authoritative servers SHOULD respond
       to queries for .onion with NXDOMAIN.

   6.  DNS Server Operators: Operators SHOULD NOT configure an
       authoritative DNS server to answer queries for .onion.  If they
       do so, client software is likely to ignore any results (see
       above).

   7.  DNS Registries/Registrars: Registrars MUST NOT register .onion
       names; all such requests MUST be denied.

3.  IANA Considerations

   This document registers the "onion" TLD in the registry of Special-
   Use Domain Names [RFC6761].  See Section 2 for the registration
   template.

4.  Security Considerations

   .onion names are often used provide access to end to end encrypted,
   secure, anonymized services; that is, the identity and location of
   the server is obscured from the client.  The location of the client
   is obscured from the server.  The identity of the client may or may
   not be disclosed through an optional cryptographic authentication
   process.

   These properties can be compromised if, for example:

   o  The server "leaks" its identity in another way (e.g., in an
      application-level message), or

   o  The access protocol is implemented or deployed incorrectly, or

   o  The access protocol itself is found to have a flaw.

   .onion names are self-authenticating, in that they are derived from
   the cryptographic keys used by the server in a client verifiable
   manner during connection establishment.  As a result, the
   cryptographic label component of a .onion name is not intended to be
   human-meaningful.

   The Tor network is designed to not be subject to any central
   controlling authorities with regards to routing and service
   publication, so .onion names cannot be registered, assigned,
   transferred or revoked.  "Ownership" of a .onion name is derived
   solely from control of a public/private key pair which corresponds to
   the algorithmic derivation of the name.

   Users must take special precautions to ensure that the .onion name
   they are communicating with is correct, as attackers may be able to
   find keys which produce service names that are visually or apparently
   semantically similar to the desired service.

   Also, users need be aware of the difference between a .onion name
   used and accessed directly via Tor-capable software, versus .onion
   subdomains of other TLDs and providers (e.g., the difference between
   example.onion and example.onion.tld).

   The cryptographic label for an .onion name is constructed by hashing
   the public key of the service with SHA1, truncating the output of the
   hash to 80 bits in length and the resulting hash output is
   concatenated with the string ".onion".  As the number of output bits
   in generating the .onion name is less than the full size of the
   corresponding public key, an attacker may also be able to find a key
   that produces a collision with the same .onion name with
   substantially less work than a cryptographic attack on the full
   strength key.  If this is possible the attacker may be able to
   impersonate the service on the network.

   If client software attempts to resolve a .onion name, it can leak the
   identity of the service that the user is attempting to access to DNS
   resolvers, authoritative DNS servers, and observers on the
   intervening network.  This can be mitigated by following the
   recommendations in Section 2.

5.  References

5.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC6761]  Cheshire, S. and M. Krochmal, "Special-Use Domain Names",
              RFC 6761, February 2013.

5.2.  Informative References

   [Dingledine2004]
              Dingledine, R., Mathewson, N., and P. Syverson, "Tor: the
              second-generation onion router", 2004, <https://www.onion-
              router.net/Publications/tor-design.pdf>.

   [RFC1928]  Leech, M., Ganis, M., Lee, Y., Kuris, R., Koblas, D., and
              L. Jones, "SOCKS Protocol Version 5", RFC 1928, March
              1996.

   [RFC3986]  Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
              Resource Identifier (URI): Generic Syntax", STD 66, RFC
              3986, January 2005.

   [RFC7230]  Fielding, R. and J. Reschke, "Hypertext Transfer Protocol
              (HTTP/1.1): Message Syntax and Routing", RFC 7230, June
              2014.

   [tor-address]
              Mathewson, N. and R. Dingledine, "Special Hostnames in
              Tor", September 2001,
              <https://gitweb.torproject.org/torspec.git/plain/address-
              spec.txt>.

   [tor-rendezvous]
              Mathewson, N. and R. Dingledine, "Tor Rendezvous
              Specification", April 2014,
              <https://gitweb.torproject.org/torspec.git/plain/rend-
              spec.txt>.

Authors' Addresses

   Jacob Appelbaum
   Tor Project Inc.

   Alec Muffett
   Facebook
...




From jya at pipeline.com  Tue Mar 10 04:38:40 2015
From: jya at pipeline.com (John Young)
Date: Tue, 10 Mar 2015 07:38:40 -0400
Subject: NSA Apple DPA Cryptanalysis
Message-ID: <E1YVIUp-0007Dz-Bj@elasmtp-galgo.atl.sa.earthlink.net>

The Intercept has released files on Apple, DPA and other
cryptanalysis:

http://cryptome.org/2015/03/nsa-apple-dpa-intercept-15-0309.zip (12pp, 1.9MB)





From blibbet at gmail.com  Tue Mar 10 09:25:15 2015
From: blibbet at gmail.com (Blibbet)
Date: Tue, 10 Mar 2015 09:25:15 -0700
Subject: The .onion Special-Use Domain Name
In-Reply-To: <CAJVRA1TE+7Mp=ZPfKYP9bomi0ZwW70xm5NPN6AJg-H3Wa3VRyg@mail.gmail.com>
References: <CAJVRA1TE+7Mp=ZPfKYP9bomi0ZwW70xm5NPN6AJg-H3Wa3VRyg@mail.gmail.com>
Message-ID: <54FF1AEB.1060807@gmail.com>

On 03/10/2015 03:37 AM, coderman wrote:
> https://www.ietf.org/id/draft-appelbaum-dnsop-onion-tld-00.txt

The CA/Browser forum also recently clarified use of CA-signed .onion
domains:

https://cabforum.org/2015/02/18/ballot-144-validation-rules-dot-onion-names/





From politynews at gmx.com  Tue Mar 10 08:24:36 2015
From: politynews at gmx.com (Polity News)
Date: Tue, 10 Mar 2015 11:24:36 -0400
Subject: FOIA/Public Records Event and Livestream
Message-ID: <54FF0CB4.8060305@gmx.com>

There is an event in DC about the Freedom of Information Act on March
13, 2015.  There is also supposed to be a livestream of the conference
for anyone to watch online.

The Freedom of Information Act can be used by anyone to request records
from the US federal government. Many states and countries also have
their own public records laws which can be very useful for journalists
and researchers.

Link
http://www.newseum.org/event/2015-national-freedom-of-information-day-conference/?instance_id=1236




Copy/Past of Agenda

2015 National Freedom of Information Day
March 13 – The Knight Studio at the Newseum

8:15 - 8:30 a.m. 	Welcome:
Gene Policinski, Chief Operating Officer, Newseum Institute
Patrice McDermott, Executive Director, OpenTheGovernment.org

8:30 - 9:10 a.m.        	Speaker: Miriam Nisbet, former director of
Office of Government Information Services, National Archives

9:10 – 9:15 a.m.	BREAK
	
9:15 – 10:50 a.m. 	Sunshine Week at ‘10’ – and in 2015
Presented by Reporters Committee for Freedom of the Press,
American Society of News Editors and Sunshine in Government Initiative

Remarks: 	Rick Blum, Executive Director, Sunshine in Government Initiative	
Moderator:  	Andy Alexander, Visiting Professional, E.W. Scripps School
of Journalism, Ohio University
Panelists:  	Pete Weitzel, former editor, The Miami Herald; former
executive director, Coalition of Journalists for Open Government
Deb Gersh Hernandez, Communications Director, Reporters Committee for
Freedom of the Press and co-coordinator, Sunshine Week
Megan Rhyne, Executive Director, Virginia Coalition for Open Government

			SW- 2015
Moderator: 	Kevin Hall, Chief Economics Correspondent, McClatchy Newspapers
Presenters: 	Brian Carovillano, Vice President and Managing Editor, U.S.
news, The Associated Press
Bill Sternberg, Deputy Editorial Page Editor, USA TODAY


10:50 - 11 a.m. 	BREAK


11 a.m. - 12:45 p.m.	Open Government: Successes, Challenges, Prospects
Presented by OpenTheGovernment.org
			
Moderator: 	Sean Moulton, Director, Open Government Policy, 					Center
for Effective Government
Panelists:  	Sean Vitka, Federal Policy Manager, Sunlight Foundation
Tom Blanton, Director, National Security Archive
Shanna Devine, Legislative Director, Government  Accountability Project
Miriam Nisbet Former Director, OGIS
Eric Mill, 18F Project, General Services Administration

Respondents
Moderator: 	Joe Goldman, President, Democracy Fund
Prof. Bruce Cain, Professor of Political Science, Stanford University
(via Skype)
Charles Clark, Senior Correspondent, Government Executive Media Group


12:45 p.m. – 1:15 p.m.  2015 James Madison Award
  Presented by the American Library Association

  Remarks:   	Sari Feldman, ALA President-elect
  Speaker:    	Madison Award winner (via video)

Concludes




From jya at pipeline.com  Tue Mar 10 10:08:50 2015
From: jya at pipeline.com (John Young)
Date: Tue, 10 Mar 2015 13:08:50 -0400
Subject: NSA black budget cryptanalysis
In-Reply-To: <7.1.0.9.1.20150310073633.01c016e8@pipeline.com>
References: <7.1.0.9.1.20150310073633.01c016e8@pipeline.com>
Message-ID: <E1YVNdp-0006KA-LV@elasmtp-mealy.atl.sa.earthlink.net>

The Intercept file on NSA black budget cryptanalysis

https://s3.amazonaws.com/s3.documentcloud.org/documents/1683814/black-budget-cryptanalysis-amp-exploitation.pdf

Included in the Zip file previously posted.





From juan.g71 at gmail.com  Tue Mar 10 11:05:47 2015
From: juan.g71 at gmail.com (Juan)
Date: Tue, 10 Mar 2015 15:05:47 -0300
Subject: The .onion Special-Use Domain Name
In-Reply-To: <CAJVRA1TE+7Mp=ZPfKYP9bomi0ZwW70xm5NPN6AJg-H3Wa3VRyg@mail.gmail.com>
References: <CAJVRA1TE+7Mp=ZPfKYP9bomi0ZwW70xm5NPN6AJg-H3Wa3VRyg@mail.gmail.com>
Message-ID: <54ff31be.45848c0a.672c.585b@mx.google.com>

On Tue, 10 Mar 2015 03:37:52 -0700
coderman <coderman at gmail.com> wrote:

> https://www.ietf.org/id/draft-appelbaum-dnsop-onion-tld-00.txt


	looks like the pentagon is getting a good for run for 'their'
	money. 









From grarpamp at gmail.com  Wed Mar 11 00:22:12 2015
From: grarpamp at gmail.com (grarpamp)
Date: Wed, 11 Mar 2015 03:22:12 -0400
Subject: Fwd: [tor-talk] (UK) Parliamentary advice on Tor
In-Reply-To: <CABMkiz5egHsJOFvuxtuS9OLutruYH0=6N6G7vQiVwKwC0xOBKA@mail.gmail.com>
References: <CABMkiz5egHsJOFvuxtuS9OLutruYH0=6N6G7vQiVwKwC0xOBKA@mail.gmail.com>
Message-ID: <CAD2Ti28-Y4J272MSkoVqwuPr8_e4R+TeMX+kcG2myLRFz4OtPg@mail.gmail.com>

Cypherpunks can analyze whether it's fishy for world leaders
and agencies known spouting FHOTI, going dark, and bitcoin
hate... to start stylishly trending 180 on such things. Always
beware the sly smile of the politician.


---------- Forwarded message ----------
From: Ben Tasker <ben at bentasker.co.uk>
Date: Tue, Mar 10, 2015 at 6:56 AM
Subject: [tor-talk] (UK) Parliamentary advice on Tor
To: tor-talk at lists.torproject.org


Interesting reading  - the Parliamentary Office of Science and Technology
(POST) has published it's report on Tor and the (in)feasibility of blocking
anonymous access for users within the UK.

The document's a PDF, and the layout is questionable, but it's worth a read
if you have 5 minutes.

http://www.parliament.uk/briefing-papers/POST-PN-488/the-darknet-and-online-anonymity
http://www.parliament.uk/briefing-papers/POST-PN-488.pdf

There are some interesting insights in there, from the perspective of what
LEA's see.

The overall summary though is - blocking anonymous access wholesale is not
an acceptable policy option in the UK, and would impact on non-criminal Tor
users. There _might_ be more appetite for legislating against Hidden
Services, but enforcing it would be technologically infeasible.

--
Ben Tasker
https://www.bentasker.co.uk
--
tor-talk mailing list - tor-talk at lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk




From grarpamp at gmail.com  Wed Mar 11 09:43:15 2015
From: grarpamp at gmail.com (grarpamp)
Date: Wed, 11 Mar 2015 12:43:15 -0400
Subject: Fwd: [tor-talk] (UK) Parliamentary advice on Tor
In-Reply-To: <3342878.tWAZUQeZqu@lapuntu>
References: <CABMkiz5egHsJOFvuxtuS9OLutruYH0=6N6G7vQiVwKwC0xOBKA@mail.gmail.com>
 <CAD2Ti28-Y4J272MSkoVqwuPr8_e4R+TeMX+kcG2myLRFz4OtPg@mail.gmail.com>
 <3342878.tWAZUQeZqu@lapuntu>
Message-ID: <CAD2Ti2_r4oHDGxHw=L6Nk0=QBqFTF3eBJTZkfH192xAVh2Lyvw@mail.gmail.com>

On Wed, Mar 11, 2015 at 9:12 AM, rysiek <rysiek at hackerspace.pl> wrote:
> Indeed.

Like Obama and others suddenly saying he "believes in strong encryption",
while that may or may not be true, they also hold policy pens and sway
over others to back up such statements with action on the public record.
That is lacking.

> But my understanding is, the report has been prepared by techies
> rather than politicians?

On second read, yes, under what looks like a UK inquiry model
equivalent to the US Congressional Research Service.




From rysiek at hackerspace.pl  Wed Mar 11 06:12:21 2015
From: rysiek at hackerspace.pl (rysiek)
Date: Wed, 11 Mar 2015 14:12:21 +0100
Subject: Fwd: [tor-talk] (UK) Parliamentary advice on Tor
In-Reply-To: <CAD2Ti28-Y4J272MSkoVqwuPr8_e4R+TeMX+kcG2myLRFz4OtPg@mail.gmail.com>
References: <CABMkiz5egHsJOFvuxtuS9OLutruYH0=6N6G7vQiVwKwC0xOBKA@mail.gmail.com>
 <CAD2Ti28-Y4J272MSkoVqwuPr8_e4R+TeMX+kcG2myLRFz4OtPg@mail.gmail.com>
Message-ID: <3342878.tWAZUQeZqu@lapuntu>

Dnia środa, 11 marca 2015 03:22:12 grarpamp pisze:
> Cypherpunks can analyze whether it's fishy for world leaders
> and agencies known spouting FHOTI, going dark, and bitcoin
> hate... to start stylishly trending 180 on such things. Always
> beware the sly smile of the politician.

Indeed. But my understanding is, the report has been prepared by techies 
rather than politicians?

I mean, I know how such a report could come into being in Poland, and 
politicians would most certainly *not* be involved, or just skin-deep if at 
all.

POliticians will now act upon it, though. This is where the really sly stuff 
will happen, I guess.

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150311/8b28910d/attachment.sig>

From rysiek at hackerspace.pl  Wed Mar 11 11:10:11 2015
From: rysiek at hackerspace.pl (rysiek)
Date: Wed, 11 Mar 2015 19:10:11 +0100
Subject: Fwd: [tor-talk] (UK) Parliamentary advice on Tor
In-Reply-To: <CAD2Ti2_r4oHDGxHw=L6Nk0=QBqFTF3eBJTZkfH192xAVh2Lyvw@mail.gmail.com>
References: <CABMkiz5egHsJOFvuxtuS9OLutruYH0=6N6G7vQiVwKwC0xOBKA@mail.gmail.com>
 <3342878.tWAZUQeZqu@lapuntu>
 <CAD2Ti2_r4oHDGxHw=L6Nk0=QBqFTF3eBJTZkfH192xAVh2Lyvw@mail.gmail.com>
Message-ID: <2453453.XomNKIH3s5@lapuntu>

Dnia środa, 11 marca 2015 12:43:15 grarpamp pisze:
> On Wed, Mar 11, 2015 at 9:12 AM, rysiek <rysiek at hackerspace.pl> wrote:
> > Indeed.
> 
> Like Obama and others suddenly saying he "believes in strong encryption",

Did Obama say "I believe everybody should have access to strong encryption to 
safeguard their personal security and privacy"? No. He said he "believes in 
strong encryption".

And it would be hard not to believe in it. Wouldn't it be like "not believing" 
in math, or in tomatoes?

"Who should have access to strong encryption" -- now *that's* a whole 
different story...

> while that may or may not be true, they also hold policy pens and sway
> over others to back up such statements with action on the public record.
> That is lacking.

The lack of action plays well with how lacking the statement itself is.

> > But my understanding is, the report has been prepared by techies
> > rather than politicians?
> 
> On second read, yes, under what looks like a UK inquiry model
> equivalent to the US Congressional Research Service.

Exactly.

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150311/b6b2bb9d/attachment.sig>

From grarpamp at gmail.com  Wed Mar 11 21:57:46 2015
From: grarpamp at gmail.com (grarpamp)
Date: Thu, 12 Mar 2015 00:57:46 -0400
Subject: [tor-talk] USB sticks for Tails (write protection switch)
In-Reply-To: <55011784.4040304@torservers.net>
References: <55011784.4040304@torservers.net>
Message-ID: <CAD2Ti29hNCbEVRBxdtCGJcOXsaUB=aCc1AbggRyffxOaPWPttQ@mail.gmail.com>

On Thu, Mar 12, 2015 at 12:35 AM, Moritz Bartl <moritz at torservers.net> wrote:
> (**) Nobody has actually proven that you can circumvent the read-only
> bit and simply write with modified kernel drivers ("please don't write
> ...
> The (micro)SD exposes registers for permanent write protection (cannot
> be undone) and temporary write protection. If you set TMP_WRITE_PROTECT
> and expose the SD card as USB device (not as mmc card), the registers
> cannot be accessed from the host, so they cannot be changed. For an
> example of this, see https://github.com/Nephiel/sdlocker-tiny . Maybe
> there's a nice little SD card USB reader with a firmware that can be
> patched for this.

I wish to look at this further, but if these are normal mmc / usb / ata / scsi
commmand opcodes (not actually requiring a physical burning interface),
than you can do this commands over camcontrol freebsd or maybe
[h|s]dparm linux without special dongle.




From grarpamp at gmail.com  Wed Mar 11 23:19:05 2015
From: grarpamp at gmail.com (grarpamp)
Date: Thu, 12 Mar 2015 02:19:05 -0400
Subject: [tor-talk] USB sticks for Tails (write protection switch)
In-Reply-To: <55011FEA.407@torservers.net>
References: <55011784.4040304@torservers.net>
 <CAD2Ti29hNCbEVRBxdtCGJcOXsaUB=aCc1AbggRyffxOaPWPttQ@mail.gmail.com>
 <55011FEA.407@torservers.net>
Message-ID: <CAD2Ti2_NthbWp9GZU_7zSNdcHZ7dUrPtt8Fcs1dkdXN0NELKPA@mail.gmail.com>

On Thu, Mar 12, 2015 at 1:11 AM, Moritz Bartl <moritz at torservers.net> wrote:
> That's why you need to "wrap" it, as described in the link? -- Exactly
> because otherwise anyone can (un)set this.

I recall seeing that there are TMP set/unset cmds.
And one permanent set cmd. I should have specifically
said looking at that in regards to available mechanisms
to set that.




From grarpamp at gmail.com  Thu Mar 12 01:37:12 2015
From: grarpamp at gmail.com (grarpamp)
Date: Thu, 12 Mar 2015 04:37:12 -0400
Subject: Fwd: [tor-talk] (UK) Parliamentary advice on Tor
In-Reply-To: <2453453.XomNKIH3s5@lapuntu>
References: <CABMkiz5egHsJOFvuxtuS9OLutruYH0=6N6G7vQiVwKwC0xOBKA@mail.gmail.com>
 <3342878.tWAZUQeZqu@lapuntu>
 <CAD2Ti2_r4oHDGxHw=L6Nk0=QBqFTF3eBJTZkfH192xAVh2Lyvw@mail.gmail.com>
 <2453453.XomNKIH3s5@lapuntu>
Message-ID: <CAD2Ti29moq1GsgcfQ0rtQRbqtZ1-LqKtFTq_xkY0xbBNT0_HtQ@mail.gmail.com>

On Wed, Mar 11, 2015 at 2:10 PM, rysiek <rysiek at hackerspace.pl> wrote:
> Did Obama say [... crypto...]

https://www.youtube.com/watch?v=yaylQmnXztU
There are a lot of thoughts and messages there. As in politics and
personas, only more clear by looking additionally to further repeated
and/or penned ones, offset by those which are not so done.




From guninski at guninski.com  Thu Mar 12 07:18:04 2015
From: guninski at guninski.com (Georgi Guninski)
Date: Thu, 12 Mar 2015 16:18:04 +0200
Subject: Secret service scandal of March 2015
Message-ID: <20150312141804.GA2573@sivokote.iziade.m$>

http://www.npr.org/blogs/thetwo-way/2015/03/11/392395433/secret-service-agents-drove-car-into-white-house-barricades-after-drinking

<quote>
There's another scandal at the Secret Service. The Washington Post is
reporting that the administration is looking into claims that two senior
agents, including one who is a member of President Obama's detail, drove
a government car into security barricades at the White House after
drinking at a party on March 4.
</quote>

Comments:

As someone suggested in another thread, it would be funnier if
they were on russian vodka or even on bulgarian rakia (in cyrillic 
"ракия").




From eugen at leitl.org  Fri Mar 13 03:10:55 2015
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 13 Mar 2015 11:10:55 +0100
Subject: Computer-stored encryption keys are not safe from side-channel attacks
Message-ID: <20150313101055.GM10743@leitl.org>


http://www.techrepublic.com/article/computer-stored-encryption-keys-are-not-safe-from-side-channel-attacks/

Computer-stored encryption keys are not safe from side-channel attacks

By Michael Kassner March 11, 2015, 1:25 PM PST

Using side-channel technology, researchers at Tel Aviv University can extract
decryption keys from RSA and ElGamal implementations without altering or
having control of a computer. 

Figure A: Tel Aviv University researchers built this self-contained PITA
receiver.  Image courtesy of Daniel Genkin, Lev Pachmanov, Itamar Pipman,
Eran Tromer, and Tel Aviv University

Not that long ago, grabbing information from air-gapped computers required
sophisticated equipment. In my TechRepublic column Air-gapped computers are
no longer secure, researchers at Georgia Institute of Technology explain how
simple it is to capture keystrokes from a computer just using spurious
electromagnetic side-channel emissions emanating from the computer under
attack.

Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer, researchers at
Tel Aviv University, agree the process is simple. However, the scientists
have upped the ante, figuring out how to ex-filtrate complex encryption data
using side-channel technology.

The process In the paper Stealing Keys from PCs using a Radio: Cheap
Electromagnetic Attacks on Windowed Exponentiation (PDF), the researchers
explain how they determine decryption keys for mathematically-secure
cryptographic schemes by capturing information about secret values inside the
computation taking place in the computer.

"We present new side-channel attacks on RSA and ElGamal implementations that
use the popular sliding-window or fixed-window (m-ary) modular exponentiation
algorithms," the team writes. "The attacks can extract decryption keys using
a low measurement bandwidth (a frequency band of less than 100 kHz around a
carrier under 2 MHz) even when attacking multi-GHz CPUs."

If that doesn't mean much, this might help: The researchers can extract keys
from GnuPG in just a few seconds by measuring side-channel emissions from
computers. "The measurement equipment is cheap, compact, and uses
readily-available components," add the researchers. Using that philosophy the
university team developed the following attacks.

Software Defined Radio (SDR) attack: This comprises of a shielded loop
antenna to capture the side-channel signal, which is then recorded by an SDR
program installed on a notebook.

Portable Instrument for Trace Acquisition (PITA) attack: The researchers,
using available electronics and food items (who says academics don't have a
sense of humor?), built the self-contained receiver shown in Figure A. The
PITA receiver has two modes: online and autonomous.

Online: PITA connects to a nearby observation station via Wi-Fi, providing
real-time streaming of the digitized signal.  Autonomous: Similar to online
mode, PITA first measures the digitized signal, then records it on an
internal microSD card for later retrieval by physical access or via Wi-Fi.

Consumer radio attack: To make an even cheaper version, the team leveraged
knowing that side-channel signals modulate at a carrier frequency near 1.7
MHz, which is within the AM radio frequency band. "We used a plain
consumer-grade radio receiver to acquire the desired signal, replacing the
magnetic probe and SDR receiver," the authors explain. "We then recorded the
signal by connecting it to the microphone input of an HTC EVO 4G smartphone."

Cryptanalytic approach

This is where the magic occurs. I must confess that paraphrasing what the
researchers accomplished would be a disservice; I felt it best to include
their cryptanalysis description verbatim:

"Our attack utilizes the fact that, in the sliding-window or fixed window
exponentiation routine, the values inside the table of ciphertext powers can
be partially predicted. By crafting a suitable ciphertext, the attacker can
cause the value at a specific table entry to have a specific structure.

"This structure, coupled with a subtle control flow difference deep inside
GnuPG's basic multiplication routine, will cause a noticeable difference in
the leakage whenever a multiplication by this structured value has occurred.
This allows the attacker to learn all the locations inside the secret
exponent where the specific table entry is selected by the bit pattern in the
sliding window. Repeating this process across all table indices reveals the
key."

Figure B is a spectrogram displaying measured power as a function of time and
frequency for a recording of GnuPG decrypting the same ciphertext using
different randomly generated RSA keys. The research team's explanation:

"It is easy to see where each decryption starts and ends (yellow arrow).
Notice the change in the middle of each decryption operation, spanning
several frequency bands. This is because, internally, each GnuPG RSA
decryption first exponentiates modulo the secret prime p and then modulo the
secret prime q, and we can see the difference between these stages.

"Each of these pairs looks different because each decryption uses a different
key. So in this example, by observing electromagnetic emanations during
decryption operations, using the setup from this figure, we can distinguish
between different secret keys."


Figure B: A spectrogram Image courtesy of Daniel Genkin, Lev Pachmanov,
Itamar Pipman, Eran Tromer, and Tel Aviv University

Any way to prevent the leakage?

One solution, albeit unwieldy, is operating the computer in a Faraday cage,
which prevents any spurious emissions from escaping. "The cryptographic
software can be changed, and algorithmic techniques used to render the
emanations less useful to the attacker," mentions the paper. "These
techniques ensure the behavior of the algorithm is independent of the inputs
it receives."

Interestingly, the research paper tackles a question about side-channel
attacks that TechRepublic readers commented on in my earlier article, "It's a
hardware problem, so why not fix the equipment?"

Basically the researchers mention that the emissions are at such a low level,
prevention is impractical because:

Any leakage remnants can often be amplified by suitable manipulation as we do
in our chosen-ciphertext attack; and Leakage is often an inevitable side
effect of essential performance-enhancing mechanisms.

Something else of interest: the National Institute of Standards and
Technology (NIST) considers resistance to side-channel attacks an important
evaluation consideration in its SHA-3 competition.




From hozer at hozed.org  Fri Mar 13 09:13:46 2015
From: hozer at hozed.org (Troy Benjegerdes)
Date: Fri, 13 Mar 2015 11:13:46 -0500
Subject: Cypherpunk Politics [was: REAL-ID Coming]
In-Reply-To: <2328634.aj3ovFmWuz@lapuntu>
References: <CAD2Ti29zq5jjVh7u6V8a_mGnC-i2DpCdn7O5vzE-=C-bsa6OVA@mail.gmail.com>
 <2328634.aj3ovFmWuz@lapuntu>
Message-ID: <20150313161346.GA14804@nl.grid.coop>

On Wed, Mar 04, 2015 at 01:39:27AM +0100, rysiek wrote:
> Dnia wtorek, 3 marca 2015 17:41:14 grarpamp pisze:
> > > There might, or might not, be hackers among us who are trying to hack on
> > > policy level. But those hackers, if they indeed are following (or maybe
> > > even taking part in) the discussions here, might not want to come out
> > > with such information, as the level of hostility towards any persons or
> > > organisations that can be painted as "working with The Man" or "taking
> > > the Man's money" is too damn high™.
> > 
> > Who cares, that's up to the cpunk. If the cypherpunk is pure, working
> > with the man to get cpunk shit done is just another hacking skin
> > to hang on their wall. And a highly prized one of social engineering
> > at that. Cpunks should bow the fuck down in respect to such a fellow
> > cpunk, not fling hostile FUD at them just because they're working
> > the system. For that matter, they should join them to add another
> > voice. There are probably more US persons on this list than there
> > are in their entire Congress. Think about that...
> 
> +1. And for those that don't believe shit can be hacked on policy level, look 
> at ACTA, or at censorship debates in Poland. For instance:
> http://yro.slashdot.org/story/13/07/27/1325235/the-shortest-internet-censorship-debate-ever

My theory is the whole Tom Cotton letter to Iran was a legislative trojan,
and there was a coordinated psy-ops campaign to get 47 senators to sign it.

So who would be financially motivated to hack the republican party, and 
have the covert intelligence and psy-ops/social engineering capability to 
pull it off?

For all we know this was done by some pissed off NSA/CIA cpunk employees who
know how to work the system and aren't quite ready to pull a snowden yet.

Oh, and the *discovery* of NSA/CIA involvement in hacking the party would
just be a bonus easter-egg for a lot of libertarian-minded cpunk patriots.

> > Now in the other direction of possible hostility... should The Man
> > discover a cpunk within their ranks, well yes, there is a risk there.
> > The usual opsec applies.
> 
> The opsec, as you say, is "usual". As in, cpunks more or less know how to 
> handle it. The FUD and divide-and-conquer is a whole different ball game, and 
> that's a huge problem.
> 
> > > In other words, FUD spread by "the Man" and the disinformation campaign,
> > > sowing dissent, creating hostility and distrust within the community, and
> > > in general the divide and conquer approach work wonders.
> > 
> > That's why the above masses need to activate and throw the FUD back,
> > and more, at The Man. Two can play that game. Problem is, right now
> > there is only one real player on the field of politics, his name is The Man,
> > and he's not on team cpunk.
> 
> Absolutely. And to start doing that, we *REALLY* need to see that "The Man" is 
> not really a single entity, but a dynamic system of co-dependant people, 
> institutions, interests, etc. Once we stop seeing "Teh Gummint" as a single 
> entity that Has A Plan, cracks start to show. And we all know what we can do 
> with cracks, don't we?
> 
> As long as we allow ourselves to drink the Kool-Aid of how mighty and 
> monolithic "The Man" is, we're fucked.

The man has a million cracks & crevices, dark, warm, inviting places for 
the roots of a million seeds to grow.

What are you planting this spring?

-- 
----------------------------------------------------------------------------
Troy Benjegerdes                 'da hozer'                  hozer at hozed.org
7 elements      earth::water::air::fire::mind::spirit::soul        grid.coop

      Never pick a fight with someone who buys ink by the barrel,
         nor try buy a hacker who makes money by the megahash




From mike at confidantmail.org  Fri Mar 13 11:15:40 2015
From: mike at confidantmail.org (Mike Ingle)
Date: Fri, 13 Mar 2015 11:15:40 -0700
Subject: How to have your encrypted mail in two places at once
In-Reply-To: <20150313162430.GB14804@nl.grid.coop>
References: <54F584D2.9080103@confidantmail.org> <1773486.UyUXKZYypK@lapuntu>
 <20150313162430.GB14804@nl.grid.coop>
Message-ID: <5503294C.3000107@confidantmail.org>

Why not just write it if you want it? You don't need a team of 
developers, because all the hard stuff (crypto) has been done.

I was thinking of using a blockchain to claim addresses. Confidant Mail 
currently has the problem that anyone can claim any email address, and 
the sender must check the recipient's key ID or signature to make sure 
he's talking to the right person. Why not use a blockchain like 
distributed commit protocol to resolve which key owns what address? The 
original owner would put out the first claim, and then the address 
belongs to him until he signs it over to someone else, just like bitcoins.

Mike

On 3/13/2015 9:24 AM, Troy Benjegerdes wrote:
> On Tue, Mar 03, 2015 at 11:30:39AM +0100, rysiek wrote:
>   
>> Dnia wtorek, 3 marca 2015 01:54:26 Mike Ingle pisze:
>>     
>>> IMAP and webmail makes it easy to access your mail on two or more
>>> machines, and have all your folders stay in sync. Encryption tends to
>>> break that: your inbox might work across machines, but your Sent Items
>>> and personal folders tend to be stuck on one machine.
>>>
>>> Confidant Mail 0.24 has a solution for that problem. You can have the
>>> same GPG key on two or more machines. Using a secure replication
>>> protocol, your sent items, read status of incoming mail, personal
>>> folders, and deletions are all automatically copied to the other
>>> machines. This provides an IMAP-like experience with encrypted mail.
>>>       
>> Why not use different subkeys per-machine? Just remember to encrypt with all 
>> subkeys. Also, GPG-enabled webmail, am I reading it correctly?..
>>     
>
> I keep waiting for something interesting to happen that uses blockchains
> and their private keys for storing, encrypting, distributing, and monetizing
> messages.
>
> Unfortunately, I supposed the most likely way this would get funded is through
> a DARPA proposal, or some sort of government funding with the goal of 
> destabilizing other governments.
>   




From hozer at hozed.org  Fri Mar 13 09:24:30 2015
From: hozer at hozed.org (Troy Benjegerdes)
Date: Fri, 13 Mar 2015 11:24:30 -0500
Subject: How to have your encrypted mail in two places at once
In-Reply-To: <1773486.UyUXKZYypK@lapuntu>
References: <54F584D2.9080103@confidantmail.org> <1773486.UyUXKZYypK@lapuntu>
Message-ID: <20150313162430.GB14804@nl.grid.coop>

On Tue, Mar 03, 2015 at 11:30:39AM +0100, rysiek wrote:
> Dnia wtorek, 3 marca 2015 01:54:26 Mike Ingle pisze:
> > IMAP and webmail makes it easy to access your mail on two or more
> > machines, and have all your folders stay in sync. Encryption tends to
> > break that: your inbox might work across machines, but your Sent Items
> > and personal folders tend to be stuck on one machine.
> > 
> > Confidant Mail 0.24 has a solution for that problem. You can have the
> > same GPG key on two or more machines. Using a secure replication
> > protocol, your sent items, read status of incoming mail, personal
> > folders, and deletions are all automatically copied to the other
> > machines. This provides an IMAP-like experience with encrypted mail.
> 
> Why not use different subkeys per-machine? Just remember to encrypt with all 
> subkeys. Also, GPG-enabled webmail, am I reading it correctly?..

I keep waiting for something interesting to happen that uses blockchains
and their private keys for storing, encrypting, distributing, and monetizing
messages.

Unfortunately, I supposed the most likely way this would get funded is through
a DARPA proposal, or some sort of government funding with the goal of 
destabilizing other governments.




From mike at confidantmail.org  Fri Mar 13 12:32:30 2015
From: mike at confidantmail.org (Mike Ingle)
Date: Fri, 13 Mar 2015 12:32:30 -0700
Subject: Using ECC keys in GPG - why is this still deprecated?
Message-ID: <55033B4E.9040703@confidantmail.org>

Why is GPG so reluctant to let you use ECC keys? Is it just a backward 
compatibility thing, or are they not trusted yet?

I have the code written to use GnuPG 2.x with Confidant Mail, and I am 
trying to decide whether to ship GPG 1.4.x or 2.x with the next Windows 
build. If I ship 2.x and people start using ECC keys, then 2.x is 
effectively mandatory from then on. What do you think?

Mike




From rsw at jfet.org  Fri Mar 13 09:42:28 2015
From: rsw at jfet.org (Riad S. Wahby)
Date: Fri, 13 Mar 2015 12:42:28 -0400
Subject: Computer-stored encryption keys are not safe from side-channel
 attacks
In-Reply-To: <20150313101055.GM10743@leitl.org>
References: <20150313101055.GM10743@leitl.org>
Message-ID: <20150313164228.GA11003@antiproton.jfet.org>

Eugen Leitl <eugen at leitl.org> wrote:
> http://www.techrepublic.com/article/computer-stored-encryption-keys-are-not-safe-from-side-channel-attacks/

The researchers' web page
    http://www.tau.ac.il/~tromer/acoustic/

They presented similar attacks using acoustic emanations at CRYPTO14.

-=rsw




From sdw at lig.net  Fri Mar 13 13:04:37 2015
From: sdw at lig.net (Stephen D. Williams)
Date: Fri, 13 Mar 2015 13:04:37 -0700
Subject: Computer-stored encryption keys are not safe from side-channel
 attacks
In-Reply-To: <2053241658.6061768.1426270891028.JavaMail.yahoo@mail.yahoo.com>
References: <20150313101055.GM10743@leitl.org>
 <2053241658.6061768.1426270891028.JavaMail.yahoo@mail.yahoo.com>
Message-ID: <550342D5.3090906@lig.net>

If you didn't patent it and you published it publicly, you effectively gave it away for anyone to use.  It is also now prior art, so 
finding a link that proves it was published would be useful.  And you have bragging rights to inventing it if you were first.

So, the $5000 would have been a good deal since you didn't have any value to sell, since everyone already "owns" a license to use it.

sdw

On 3/13/15 11:21 AM, jim bell wrote:
> Approximately December 24, perhaps it was 1996, I published an idea on a USENET area (maybe it was SCI.CRYPT) that proposed an 
> idea that clock oscillators used in computers could be frequency-modulated with a long-period pseudo-random (linear feedback shift 
> register) value to smear the output of the signal (and everything that depends on it) over a range of frequencies.
> Curiously, in early 2007 (When I was at United States Penitentiary, Florence Colorado) I received a letter from a law firm 
> offering me $5,000 for ownership of this idea.  (They had apparently figured out who I was, and had traced me down at my 
> then-current address.)  I presumed that around that time, there was probably a lawsuit challenging a patent on this matter, and 
> the law firm was doing 'due diligence' looking for ammunition.  I counter-offered that if they pay me 1/3 of the value of this 
> idea, I would settle for that.  Never heard back from them.
>  Jim Bell
>
>
> On Friday, March 13, 2015 3:56 AM, Eugen Leitl <eugen at leitl.org> wrote:
>
>
>
> http://www.techrepublic.com/article/computer-stored-encryption-keys-are-not-safe-from-side-channel-attacks/
>
> Computer-stored encryption keys are not safe from side-channel attacks
>
> By Michael Kassner March 11, 2015, 1:25 PM PST
>
> Using side-channel technology, researchers at Tel Aviv University can extract
> decryption keys from RSA and ElGamal implementations without altering or
> having control of a computer.
>
> Figure A: Tel Aviv University researchers built this self-contained PITA
> receiver.  Image courtesy of Daniel Genkin, Lev Pachmanov, Itamar Pipman,
> Eran Tromer, and Tel Aviv University
>
> Not that long ago, grabbing information from air-gapped computers required
> sophisticated equipment. In my TechRepublic column Air-gapped computers are
> no longer secure, researchers at Georgia Institute of Technology explain how
> simple it is to capture keystrokes from a computer just using spurious
> electromagnetic side-channel emissions emanating from the computer under
> attack.
>
> Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer, researchers at
> Tel Aviv University, agree the process is simple. However, the scientists
> have upped the ante, figuring out how to ex-filtrate complex encryption data
> using side-channel technology.
>
> The process In the paper Stealing Keys from PCs using a Radio: Cheap
> Electromagnetic Attacks on Windowed Exponentiation (PDF), the researchers
> explain how they determine decryption keys for mathematically-secure
> cryptographic schemes by capturing information about secret values inside the
> computation taking place in the computer.
>
> "We present new side-channel attacks on RSA and ElGamal implementations that
> use the popular sliding-window or fixed-window (m-ary) modular exponentiation
> algorithms," the team writes. "The attacks can extract decryption keys using
> a low measurement bandwidth (a frequency band of less than 100 kHz around a
> carrier under 2 MHz) even when attacking multi-GHz CPUs."
>
> If that doesn't mean much, this might help: The researchers can extract keys
> from GnuPG in just a few seconds by measuring side-channel emissions from
> computers. "The measurement equipment is cheap, compact, and uses
> readily-available components," add the researchers. Using that philosophy the
> university team developed the following attacks.
>
> Software Defined Radio (SDR) attack: This comprises of a shielded loop
> antenna to capture the side-channel signal, which is then recorded by an SDR
> program installed on a notebook.
>
> Portable Instrument for Trace Acquisition (PITA) attack: The researchers,
> using available electronics and food items (who says academics don't have a
> sense of humor?), built the self-contained receiver shown in Figure A. The
> PITA receiver has two modes: online and autonomous.
>
> Online: PITA connects to a nearby observation station via Wi-Fi, providing
> real-time streaming of the digitized signal. Autonomous: Similar to online
> mode, PITA first measures the digitized signal, then records it on an
> internal microSD card for later retrieval by physical access or via Wi-Fi.
>
> Consumer radio attack: To make an even cheaper version, the team leveraged
> knowing that side-channel signals modulate at a carrier frequency near 1.7
> MHz, which is within the AM radio frequency band. "We used a plain
> consumer-grade radio receiver to acquire the desired signal, replacing the
> magnetic probe and SDR receiver," the authors explain. "We then recorded the
> signal by connecting it to the microphone input of an HTC EVO 4G smartphone."
>
> Cryptanalytic approach
>
> This is where the magic occurs. I must confess that paraphrasing what the
> researchers accomplished would be a disservice; I felt it best to include
> their cryptanalysis description verbatim:
>
> "Our attack utilizes the fact that, in the sliding-window or fixed window
> exponentiation routine, the values inside the table of ciphertext powers can
> be partially predicted. By crafting a suitable ciphertext, the attacker can
> cause the value at a specific table entry to have a specific structure.
>
> "This structure, coupled with a subtle control flow difference deep inside
> GnuPG's basic multiplication routine, will cause a noticeable difference in
> the leakage whenever a multiplication by this structured value has occurred.
> This allows the attacker to learn all the locations inside the secret
> exponent where the specific table entry is selected by the bit pattern in the
> sliding window. Repeating this process across all table indices reveals the
> key."
>
> Figure B is a spectrogram displaying measured power as a function of time and
> frequency for a recording of GnuPG decrypting the same ciphertext using
> different randomly generated RSA keys. The research team's explanation:
>
> "It is easy to see where each decryption starts and ends (yellow arrow).
> Notice the change in the middle of each decryption operation, spanning
> several frequency bands. This is because, internally, each GnuPG RSA
> decryption first exponentiates modulo the secret prime p and then modulo the
> secret prime q, and we can see the difference between these stages.
>
> "Each of these pairs looks different because each decryption uses a different
> key. So in this example, by observing electromagnetic emanations during
> decryption operations, using the setup from this figure, we can distinguish
> between different secret keys."
>
>
> Figure B: A spectrogram Image courtesy of Daniel Genkin, Lev Pachmanov,
> Itamar Pipman, Eran Tromer, and Tel Aviv University
>
> Any way to prevent the leakage?
>
> One solution, albeit unwieldy, is operating the computer in a Faraday cage,
> which prevents any spurious emissions from escaping. "The cryptographic
> software can be changed, and algorithmic techniques used to render the
> emanations less useful to the attacker," mentions the paper. "These
> techniques ensure the behavior of the algorithm is independent of the inputs
> it receives."
>
> Interestingly, the research paper tackles a question about side-channel
> attacks that TechRepublic readers commented on in my earlier article, "It's a
> hardware problem, so why not fix the equipment?"
>
> Basically the researchers mention that the emissions are at such a low level,
> prevention is impractical because:
>
> Any leakage remnants can often be amplified by suitable manipulation as we do
> in our chosen-ciphertext attack; and Leakage is often an inevitable side
> effect of essential performance-enhancing mechanisms.
>
> Something else of interest: the National Institute of Standards and
> Technology (NIST) considers resistance to side-channel attacks an important
> evaluation consideration in its SHA-3 competition.
>
>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 13896 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150313/e32d0474/attachment.txt>

From list at sysfu.com  Fri Mar 13 14:14:17 2015
From: list at sysfu.com (Seth)
Date: Fri, 13 Mar 2015 14:14:17 -0700
Subject: Cypherpunk Politics [was: REAL-ID Coming]
In-Reply-To: <20150313161346.GA14804@nl.grid.coop>
References: <CAD2Ti29zq5jjVh7u6V8a_mGnC-i2DpCdn7O5vzE-=C-bsa6OVA@mail.gmail.com>
 <2328634.aj3ovFmWuz@lapuntu> <20150313161346.GA14804@nl.grid.coop>
Message-ID: <op.xvgfx3c2bgbjo9@work-pc>

On Fri, 13 Mar 2015 09:13:46 -0700, Troy Benjegerdes <hozer at hozed.org>  
wrote:
> My theory is the whole Tom Cotton letter to Iran was a legislative  
> trojan,
> and there was a coordinated psy-ops campaign to get 47 senators to sign  
> it.

That may very well be. I came across an opening article the other day  
about how this whole "Obama-Netanyahu ''Fallout'' is Theater - Planned in  
2009" [1].

Some of the quotes from The Brookings Institution's 2009 policy paper  
titled, "Which Path to Persia? Options for a New American Strategy Toward  
Iran," are eye popping.

"..any military operation against Iran will likely be very unpopular  
around the world and require the proper international context— both to  
ensure the logistical support the operation would require and to minimize  
the blowback from it. The best way to minimize international opprobrium  
and maximize support (however, grudging or covert) is to strike only when  
there is a widespread conviction that the Iranians were given but then  
rejected a superb offer—one so good that only a regime determined to  
acquire nuclear weapons and acquire them for the wrong reasons would turn  
it down. Under those circumstances, the United States (or Israel) could  
portray its operations as taken in sorrow, not anger, and at least some in  
the international community would conclude that the Iranians “brought it  
on themselves” by refusing a very good deal."

They've laid out the entire maniac war plans in plain sight for anyone  
curious enough to read.

Problem is 'muhricans don't read, and the elite know this.

[1]  
http://www.activistpost.com/2015/03/obama-netanyahu-fallout-is-theater.html




From grarpamp at gmail.com  Fri Mar 13 14:38:04 2015
From: grarpamp at gmail.com (grarpamp)
Date: Fri, 13 Mar 2015 17:38:04 -0400
Subject: Bitcoin sybils for Compliance/Spying
Message-ID: <CAD2Ti29pXfLHtfAuuxUfhK=ysRzzbgz92U3h+EjEZRJFqpjsSg@mail.gmail.com>

https://bitcointalk.org/index.php?topic=978088.msg10756505
https://www.reddit.com/r/Bitcoin/comments/2yvy6b/a_regulatory_compliance_service_is_sybil/
http://yro.slashdot.org/story/15/03/13/1325243/ibm-reported-to-be-developing-blockchain-based-currency-transaction-system




From jdb10987 at yahoo.com  Fri Mar 13 11:21:31 2015
From: jdb10987 at yahoo.com (jim bell)
Date: Fri, 13 Mar 2015 18:21:31 +0000 (UTC)
Subject: Computer-stored encryption keys are not safe from side-channel
 attacks
In-Reply-To: <20150313101055.GM10743@leitl.org>
References: <20150313101055.GM10743@leitl.org>
Message-ID: <2053241658.6061768.1426270891028.JavaMail.yahoo@mail.yahoo.com>

Approximately December 24, perhaps it was 1996, I published an idea on a USENET area (maybe it was SCI.CRYPT) that proposed an idea that clock oscillators used in computers could be frequency-modulated with a long-period pseudo-random (linear feedback shift register) value to smear the output of the signal (and everything that depends on it) over a range of frequencies.Curiously, in early 2007 (When I was at United States Penitentiary, Florence Colorado) I received a letter from a law firm offering me $5,000 for ownership of this idea.  (They had apparently figured out who I was, and had traced me down at my then-current address.)  I presumed that around that time, there was probably a lawsuit challenging a patent on this matter, and the law firm was doing 'due diligence' looking for ammunition.  I counter-offered that if they pay me 1/3 of the value of this idea, I would settle for that.  Never heard back from them.         Jim Bell 

     On Friday, March 13, 2015 3:56 AM, Eugen Leitl <eugen at leitl.org> wrote:
   

 
http://www.techrepublic.com/article/computer-stored-encryption-keys-are-not-safe-from-side-channel-attacks/

Computer-stored encryption keys are not safe from side-channel attacks

By Michael Kassner March 11, 2015, 1:25 PM PST

Using side-channel technology, researchers at Tel Aviv University can extract
decryption keys from RSA and ElGamal implementations without altering or
having control of a computer. 

Figure A: Tel Aviv University researchers built this self-contained PITA
receiver.  Image courtesy of Daniel Genkin, Lev Pachmanov, Itamar Pipman,
Eran Tromer, and Tel Aviv University

Not that long ago, grabbing information from air-gapped computers required
sophisticated equipment. In my TechRepublic column Air-gapped computers are
no longer secure, researchers at Georgia Institute of Technology explain how
simple it is to capture keystrokes from a computer just using spurious
electromagnetic side-channel emissions emanating from the computer under
attack.

Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer, researchers at
Tel Aviv University, agree the process is simple. However, the scientists
have upped the ante, figuring out how to ex-filtrate complex encryption data
using side-channel technology.

The process In the paper Stealing Keys from PCs using a Radio: Cheap
Electromagnetic Attacks on Windowed Exponentiation (PDF), the researchers
explain how they determine decryption keys for mathematically-secure
cryptographic schemes by capturing information about secret values inside the
computation taking place in the computer.

"We present new side-channel attacks on RSA and ElGamal implementations that
use the popular sliding-window or fixed-window (m-ary) modular exponentiation
algorithms," the team writes. "The attacks can extract decryption keys using
a low measurement bandwidth (a frequency band of less than 100 kHz around a
carrier under 2 MHz) even when attacking multi-GHz CPUs."

If that doesn't mean much, this might help: The researchers can extract keys
from GnuPG in just a few seconds by measuring side-channel emissions from
computers. "The measurement equipment is cheap, compact, and uses
readily-available components," add the researchers. Using that philosophy the
university team developed the following attacks.

Software Defined Radio (SDR) attack: This comprises of a shielded loop
antenna to capture the side-channel signal, which is then recorded by an SDR
program installed on a notebook.

Portable Instrument for Trace Acquisition (PITA) attack: The researchers,
using available electronics and food items (who says academics don't have a
sense of humor?), built the self-contained receiver shown in Figure A. The
PITA receiver has two modes: online and autonomous.

Online: PITA connects to a nearby observation station via Wi-Fi, providing
real-time streaming of the digitized signal.  Autonomous: Similar to online
mode, PITA first measures the digitized signal, then records it on an
internal microSD card for later retrieval by physical access or via Wi-Fi.

Consumer radio attack: To make an even cheaper version, the team leveraged
knowing that side-channel signals modulate at a carrier frequency near 1.7
MHz, which is within the AM radio frequency band. "We used a plain
consumer-grade radio receiver to acquire the desired signal, replacing the
magnetic probe and SDR receiver," the authors explain. "We then recorded the
signal by connecting it to the microphone input of an HTC EVO 4G smartphone."

Cryptanalytic approach

This is where the magic occurs. I must confess that paraphrasing what the
researchers accomplished would be a disservice; I felt it best to include
their cryptanalysis description verbatim:

"Our attack utilizes the fact that, in the sliding-window or fixed window
exponentiation routine, the values inside the table of ciphertext powers can
be partially predicted. By crafting a suitable ciphertext, the attacker can
cause the value at a specific table entry to have a specific structure.

"This structure, coupled with a subtle control flow difference deep inside
GnuPG's basic multiplication routine, will cause a noticeable difference in
the leakage whenever a multiplication by this structured value has occurred.
This allows the attacker to learn all the locations inside the secret
exponent where the specific table entry is selected by the bit pattern in the
sliding window. Repeating this process across all table indices reveals the
key."

Figure B is a spectrogram displaying measured power as a function of time and
frequency for a recording of GnuPG decrypting the same ciphertext using
different randomly generated RSA keys. The research team's explanation:

"It is easy to see where each decryption starts and ends (yellow arrow).
Notice the change in the middle of each decryption operation, spanning
several frequency bands. This is because, internally, each GnuPG RSA
decryption first exponentiates modulo the secret prime p and then modulo the
secret prime q, and we can see the difference between these stages.

"Each of these pairs looks different because each decryption uses a different
key. So in this example, by observing electromagnetic emanations during
decryption operations, using the setup from this figure, we can distinguish
between different secret keys."


Figure B: A spectrogram Image courtesy of Daniel Genkin, Lev Pachmanov,
Itamar Pipman, Eran Tromer, and Tel Aviv University

Any way to prevent the leakage?

One solution, albeit unwieldy, is operating the computer in a Faraday cage,
which prevents any spurious emissions from escaping. "The cryptographic
software can be changed, and algorithmic techniques used to render the
emanations less useful to the attacker," mentions the paper. "These
techniques ensure the behavior of the algorithm is independent of the inputs
it receives."

Interestingly, the research paper tackles a question about side-channel
attacks that TechRepublic readers commented on in my earlier article, "It's a
hardware problem, so why not fix the equipment?"

Basically the researchers mention that the emissions are at such a low level,
prevention is impractical because:

Any leakage remnants can often be amplified by suitable manipulation as we do
in our chosen-ciphertext attack; and Leakage is often an inevitable side
effect of essential performance-enhancing mechanisms.

Something else of interest: the National Institute of Standards and
Technology (NIST) considers resistance to side-channel attacks an important
evaluation consideration in its SHA-3 competition.


   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 9040 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150313/5ad527d7/attachment.txt>

From blibbet at gmail.com  Fri Mar 13 18:47:12 2015
From: blibbet at gmail.com (Blibbet)
Date: Fri, 13 Mar 2015 18:47:12 -0700
Subject: IETF OpenPGP WG reopened
Message-ID: <55039320.5020702@gmail.com>

FYI, in the last few days, the IETF OpenPGP working group has 'reopened'.

This is a good time to make sure any technical issues in OpenPGP are addressed.

List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>,
 <mailto:openpgp-request at ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp at ietf.org>
List-Help: <mailto:openpgp-request at ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>,
 <mailto:openpgp-request at ietf.org?subject=subscribe>




From charles.paul at gmail.com  Fri Mar 13 16:54:54 2015
From: charles.paul at gmail.com (Chrrles Paul)
Date: Fri, 13 Mar 2015 19:54:54 -0400
Subject: Using ECC keys in GPG - why is this still deprecated?
In-Reply-To: <55033B4E.9040703@confidantmail.org>
References: <55033B4E.9040703@confidantmail.org>
Message-ID: <CAG2tq=Tge1P+ZP66=4APFqKdvqNZi7W_FtF0RxVJj44_SwkYmg@mail.gmail.com>

Probably because their implementation is still experimental and
"hidden".  If people want to use ECC keys then use 2.1.

On Fri, Mar 13, 2015 at 3:32 PM, Mike Ingle <mike at confidantmail.org> wrote:
> Why is GPG so reluctant to let you use ECC keys? Is it just a backward
> compatibility thing, or are they not trusted yet?




From coruus at gmail.com  Fri Mar 13 22:23:16 2015
From: coruus at gmail.com (David Leon Gil)
Date: Sat, 14 Mar 2015 05:23:16 +0000
Subject: IETF OpenPGP WG reopened
In-Reply-To: <55039320.5020702@gmail.com>
References: <55039320.5020702@gmail.com>
Message-ID: <CAA7UWsWfoyBruefQ6o7mGDk02yq4OeigZHAO=Fp+FkZALrQh8Q@mail.gmail.com>

Like it being incompetently designed?

I was hoping to avoid this, but...
On Fri, Mar 13, 2015 at 7:02 PM Blibbet <blibbet at gmail.com> wrote:

> FYI, in the last few days, the IETF OpenPGP working group has 'reopened'.
>
> This is a good time to make sure any technical issues in OpenPGP are
> addressed.
>
> List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
> List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>,
>  <mailto:openpgp-request at ietf.org?subject=unsubscribe>
> List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
> List-Post: <mailto:openpgp at ietf.org>
> List-Help: <mailto:openpgp-request at ietf.org?subject=help>
> List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>,
>  <mailto:openpgp-request at ietf.org?subject=subscribe>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1649 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150314/1d0e56e7/attachment.txt>

From s at ctrlc.hu  Sat Mar 14 03:26:44 2015
From: s at ctrlc.hu (stef)
Date: Sat, 14 Mar 2015 11:26:44 +0100
Subject: IETF OpenPGP WG reopened
In-Reply-To: <CAA7UWsWfoyBruefQ6o7mGDk02yq4OeigZHAO=Fp+FkZALrQh8Q@mail.gmail.com>
References: <55039320.5020702@gmail.com>
 <CAA7UWsWfoyBruefQ6o7mGDk02yq4OeigZHAO=Fp+FkZALrQh8Q@mail.gmail.com>
Message-ID: <20150314102644.GA6982@ctrlc.hu>

On Sat, Mar 14, 2015 at 05:23:16AM +0000, David Leon Gil wrote:
> Like it being incompetently designed?

depends what the intended goal of said software is:

1/ winning a battle in the 1st cryptowars to make crypto exportable? i think
it brilliantly succeeded at this design goal.
2/ making cryptograms stand out as strong selectors thanks to all this juicy
plaintext metadata in the openpgp packet as defined per rfc4880. again, a
smashing success.

maybe if your usecase is not covered by the above two, maybe you should be
looking for another solution. people-with-hammers ;)

-- 
otr fp: https://www.ctrlc.hu/~stef/otr.txt




From shelley at misanthropia.org  Sun Mar 15 14:33:44 2015
From: shelley at misanthropia.org (shelley at misanthropia.org)
Date: Sun, 15 Mar 2015 14:33:44 -0700
Subject: Cypherpunk Politics [was: REAL-ID Coming]
In-Reply-To: <20150315203253.14D2522810B@palinka.tinho.net>
References: <20150315203253.14D2522810B@palinka.tinho.net>
Message-ID: <1426455224.1947166.240700309.5338B27E@webmail.messagingengine.com>

On Sun, Mar 15, 2015, at 01:32 PM, dan at geer.org wrote:
> As a side note to this debate, I've negotiated bunches of
> settlements between local (and, once, state) governments and
> citizen claimants.  In not one case can I say that the
> agreements were worth the paper they were ultimately printed
> on as there is no way to hold a government to its agreements
> when you really get down to it beyond the ballot box.  If an
> agreement calls for some sort of enforcement, then you can be
> sure that in the fullness of time enforcement will wane.  If
> an agreement calls for appointment of an oversight board, then
> you can be sure that in the fullness of time the appointment
> process will yield not fire-in-the-belly citizen activists
> but apparatchiks.  If an agreement calls for an evaluation
> five years hence as to whether the course of action was or was
> not producing the results that it was promised to produce,
> then you can be sure that in the fullness of time such review
> will be pro forma, vapid, innocuous, and self-congratulatory,
> if it is done at all.  A government's word cannot be trusted
> when details matter, yet another manifestation of how eternal
> vigilance is the price of freedom, or, to repurpose the title
> of Larry O'Brien's memoirs, there are no final victories.
> 
> Please don't let this start an exploration of any rat-hole,
> just allow me to speak from four decades of experience, please.
> 
> --dan
> 

+1.  In this instance I wholeheartedly agree with you, Dan (also borne
from experience, though nowhere near as much as you have.)  These are
wise words and should be heeded.

-S




From dan at geer.org  Sun Mar 15 13:32:52 2015
From: dan at geer.org (dan at geer.org)
Date: Sun, 15 Mar 2015 16:32:52 -0400
Subject: Cypherpunk Politics [was: REAL-ID Coming]
In-Reply-To: Your message of "Fri, 13 Mar 2015 11:13:46 -0500."
 <20150313161346.GA14804@nl.grid.coop>
Message-ID: <20150315203253.14D2522810B@palinka.tinho.net>

As a side note to this debate, I've negotiated bunches of
settlements between local (and, once, state) governments and
citizen claimants.  In not one case can I say that the
agreements were worth the paper they were ultimately printed
on as there is no way to hold a government to its agreements
when you really get down to it beyond the ballot box.  If an
agreement calls for some sort of enforcement, then you can be
sure that in the fullness of time enforcement will wane.  If
an agreement calls for appointment of an oversight board, then
you can be sure that in the fullness of time the appointment
process will yield not fire-in-the-belly citizen activists
but apparatchiks.  If an agreement calls for an evaluation
five years hence as to whether the course of action was or was
not producing the results that it was promised to produce,
then you can be sure that in the fullness of time such review
will be pro forma, vapid, innocuous, and self-congratulatory,
if it is done at all.  A government's word cannot be trusted
when details matter, yet another manifestation of how eternal
vigilance is the price of freedom, or, to repurpose the title
of Larry O'Brien's memoirs, there are no final victories.

Please don't let this start an exploration of any rat-hole,
just allow me to speak from four decades of experience, please.

--dan




From grarpamp at gmail.com  Sun Mar 15 18:28:49 2015
From: grarpamp at gmail.com (grarpamp)
Date: Sun, 15 Mar 2015 21:28:49 -0400
Subject: Cypherpunk Politics
Message-ID: <CAD2Ti2-OXNXGkq7igKEykfvDD5dX3SMEmzLDOyH7jS4DNssV+w@mail.gmail.com>

On Sun, Mar 15, 2015 at 4:32 PM,  <dan at geer.org> wrote:
> Please don't let this start an exploration of any rat-hole,

Well, if so defined, Libertarian vs. Monopoly is a hole. Not clear
whether that balance has shifted much yet, but people are finally
developing wide recognition, tools, and methods that may bring that
effect in the future. The internet and things are still a bit young
politically but are growing up fast. Perhaps the first gen cpunk
was the base philosophy plus the science of possible tools. Second
gen the coding, beta test validation and trial runs. Third gen the
application to results...

> eternal vigilance is the price of freedom [...] there are no final
> victories

A truth.




From grarpamp at gmail.com  Sun Mar 15 23:16:03 2015
From: grarpamp at gmail.com (grarpamp)
Date: Mon, 16 Mar 2015 02:16:03 -0400
Subject: Entrepreneurship, Austrian Economics, and the Cryptorevolution
Message-ID: <CAD2Ti2_3WeAx-JfJyxOB617eyUFcpWL8fo79AVrzadrWYqVpxg@mail.gmail.com>

Patrick Byrne, crypto, blockchain, markets, regulation, etc
https://www.youtube.com/watch?v=vFOpSTodk_U




From coruus at gmail.com  Mon Mar 16 14:52:00 2015
From: coruus at gmail.com (David Leon Gil)
Date: Mon, 16 Mar 2015 14:52:00 -0700
Subject: IETF OpenPGP WG reopened
In-Reply-To: <20150314102644.GA6982@ctrlc.hu>
References: <55039320.5020702@gmail.com>
 <CAA7UWsWfoyBruefQ6o7mGDk02yq4OeigZHAO=Fp+FkZALrQh8Q@mail.gmail.com>
 <20150314102644.GA6982@ctrlc.hu>
Message-ID: <CAA7UWsWrrv8of5KKGNdTbTZfb2a8x6J+3FOounTvkehQSTqzWA@mail.gmail.com>

On Saturday, March 14, 2015, stef <s at ctrlc.hu> wrote:

> On Sat, Mar 14, 2015 at 05:23:16AM +0000, David Leon Gil wrote:
> > Like it being incompetently designed?
>
> depends what the intended goal of said software is:
>
> 1/ winning a battle in the 1st cryptowars to make crypto exportable? i
> think
> it brilliantly succeeded at this design goal.
> 2/ making cryptograms stand out as strong selectors thanks to all this
> juicy
> plaintext metadata in the openpgp packet as defined per rfc4880. again, a
> smashing success.
>
> maybe if your usecase is not covered by the above two, maybe you should be
> looking for another solution. people-with-hammers ;)
>

Fortunately, my goals do not include either of those. :) And I think my
comment was somewhat unfair: The original OpenPGP standard was well thought
out (but ultimately insecure). It just became a horrifying with three more
major versions.

As this is cypherpunks: I wish more folks were working on making
steganography for encrypted mail more practical. It seems, for example,
entirely feasible, to encode encrypted mail as (nonsense but
grammatical) sentences in the user's language. I would be happy to deploy
a proposal that accomplished something like this with < ~25% overhead,
which seems doable, but hard.

(This is something that will be essential for users in countries like
China...)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1625 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150316/965e41ba/attachment.txt>

From politynews at gmx.com  Tue Mar 17 17:15:11 2015
From: politynews at gmx.com (Polity News)
Date: Tue, 17 Mar 2015 20:15:11 -0400
Subject: NIST - Cybersecurity in a Post-Quantum World
Message-ID: <5508C38F.8040700@gmx.com>

"The advent of practical quantum computing will break all commonly used
public key cryptographic algorithms. In response, NIST is researching
cryptographic algorithms for public key-based key agreement and digital
signatures that are not susceptible to cryptanalysis by quantum
algorithms." - NIST.

http://www.nist.gov/itl/csd/ct/post-quantum-crypto-workshop-2015.cfm

Workshop April 2-3, 2015 at NIST campus in Gaithersburg, Maryland (near DC).

my questions -

What deciphering and decryption capabilities does the US government
already have?

How long until encryption we use today becomes obsolete? Is it already
obsolete?

Will there be a situation where the US government and large corporations
have quantum computers capable of deciphering today's encryption
standards, but average consumers would not have access to quantum
encryption? What would the impact be on mass surveillance and privacy
concerns?




From grarpamp at gmail.com  Tue Mar 17 18:59:34 2015
From: grarpamp at gmail.com (grarpamp)
Date: Tue, 17 Mar 2015 21:59:34 -0400
Subject: JoinMarket: Increase the privacy of bitcoin and earn interest
Message-ID: <CAD2Ti284um-TYx_vj4eEAUVXvtaYakPKCGwr+1G4=tFc-PHBow@mail.gmail.com>

https://bitcointalk.org/index.php?topic=919116
https://www.reddit.com/r/Bitcoin/comments/2zc5tc
https://github.com/chris-belcher/joinmarket


While JoinMarket is one specific application, it's not hard to
imagine your very own microloan daemon as the next big thing.
Complete with credit ratings, investment choices, anonymous
p2p market channels, automation, etc.




From l at odewijk.nl  Wed Mar 18 04:06:12 2015
From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=)
Date: Wed, 18 Mar 2015 20:06:12 +0900
Subject: Bitshops.net
Message-ID: <CAHWD2rJzsn3oYGZoJhAKsh_SaKXbXj3bYEed7KqFGzEVXZuc8A@mail.gmail.com>

Hey everyone,

I've just yesterday released Bitshops.net. There's dragons still, but
overall it works decently.

It provides private e-commerce using client-side cryptography. It has
Bitcoin-based escrow. There's also encrypted chat (once an order is
created).

Much everything I'd want to say is explained on the site (where I can
update it, too). The algorithms used are AES-256 and NTRUEncrypt (through
LLVM).

Come pick me apart
But leave enough to recover
Just ask me anything

Best regards,
Lewis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 683 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150318/77f10f45/attachment.txt>

From grarpamp at gmail.com  Thu Mar 19 01:32:16 2015
From: grarpamp at gmail.com (grarpamp)
Date: Thu, 19 Mar 2015 04:32:16 -0400
Subject: Help: Can anyone identify what this is?
In-Reply-To: <1426742582.1230193.242363773.643B039E@webmail.messagingengine.com>
References: <1426742582.1230193.242363773.643B039E@webmail.messagingengine.com>
Message-ID: <CAD2Ti29c9gQ1bD=6G=Sexsyd2EopZyfDzJVz2TU-E56eA6G-Vg@mail.gmail.com>

On Thu, Mar 19, 2015 at 1:23 AM, Alfie John <alfiej at fastmail.fm> wrote:
> If anyone has info on what this device could be or where I could go to
> get more info, that would be much appreciated.

Well whatever it is it looks like maybe 6 freq/id labels and
one of them doing 20dB. This stray porcupine needs a
nice warm home on your lab bench.




From troyetulain at gmail.com  Thu Mar 19 01:12:55 2015
From: troyetulain at gmail.com (Troy Etulain)
Date: Thu, 19 Mar 2015 08:12:55 +0000
Subject: Help: Can anyone identify what this is?
In-Reply-To: <1426742582.1230193.242363773.643B039E@webmail.messagingengine.com>
References: <1426742582.1230193.242363773.643B039E@webmail.messagingengine.com>
Message-ID: <CAJXepZpFAVf8ZNf-yohnnhxRubbGcOkDQOH5-iRhoD3-zYfUXw@mail.gmail.com>

It would be helpful to know what the units of measurement are on the side.
If they are amps it would indicate that the boxes are transmitting a
signal, rather than listening. Can you tell from the video?

Were the lights flashing? Interesting that only one is illuminated in this
photo.

On Thu, Mar 19, 2015 at 5:23 AM, Alfie John <alfiej at fastmail.fm> wrote:

> Hi everyone,
>
> We had someone loitering near our front office door today. The
> conversation went like this:
>
>   Me: What are you doing?
>   Him: Nothing
>   Me: Where are you from?
>   Him: A company
>   Me: Do you work for Google (he was wearing a Google t-shirt)?
>   Him: No
>   Me: Who do you work for?
>   Him: Leidos
>
> He had a device hidden near the stairwell door:
>
>   https://www.alfie.wtf/photos/wispy.jpg
>
> Sorry for the low quality image. It was taken from a capture of a
> video. I've got the video at work but would rather not release it as
> yet because it has his face on it.
>
> The diameter of the antenna base was around 2cm and the height
> of the antenna was around 15cm.
>
> Someone on Reddit said that it looked like a jammer. After going to
> Google Images and searching for the following, it looks like he's on the
> right track:
>
>   - "GSM detector"
>   - "GSM jammer"
>   - "GPS detector"
>   - "GPS jammer"
>
> If anyone has info on what this device could be or where I could go to
> get more info, that would be much appreciated.
>
> Alfie
>
> --
>   Alfie John
>   alfiej at fastmail.fm
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2134 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150319/083a3158/attachment.txt>

From maxp at trystero.is  Thu Mar 19 09:50:42 2015
From: maxp at trystero.is (Max R.D. Parmer)
Date: Thu, 19 Mar 2015 09:50:42 -0700
Subject: Help: Can anyone identify what this is?
In-Reply-To: <1426767870.454282.242494033.140EB1ED@webmail.messagingengine.com>
References: <1426742582.1230193.242363773.643B039E@webmail.messagingengine.com>
 <CAD2Ti29c9gQ1bD=6G=Sexsyd2EopZyfDzJVz2TU-E56eA6G-Vg@mail.gmail.com>
 <1426767870.454282.242494033.140EB1ED@webmail.messagingengine.com>
Message-ID: <1426783842.1312305.242595033.4337CF20@webmail.messagingengine.com>

On Thu, Mar 19, 2015, at 05:24, Alfie John wrote:
> On Thu, Mar 19, 2015, at 07:32 PM, grarpamp wrote:
> > On Thu, Mar 19, 2015 at 1:23 AM, Alfie John <alfiej at fastmail.fm> wrote:
> > > If anyone has info on what this device could be or where I could go to
> > > get more info, that would be much appreciated.
> > 
> > Well whatever it is it looks like maybe 6 freq/id labels and
> > one of them doing 20dB. This stray porcupine needs a
> > nice warm home on your lab bench.
> 
> I don't think we'll see him again any time soon :)

Haha, ya you'll probably just see his more discrete senior next time!

Leidos, being a subsidiary of SAIC, makes me concerned this man might be
working on contract to perform non-destructive entry of your facility.
Newbish to not have a pretext, unless the pretext is being from Leidos,
in which case maybe the intent is just to induce fear.

The thorough rubber banding is weird. They seem like independent
devices, but it looks like the intention is to deploy them as a set (if
you're deploying three surreptitiously through an area, why not undo a
bit more of the packaging first?)

The boxes appear to have two labels on top of them, the second label is
only somewhat visible on the rightmost box. All three labels visible
appear to start with 0x3, left to right I can read: 0x3[f/1?]e[]2,
0x3[f/1?][e?][] and 0x342[f/1?]2. Searching for these preliminary
transcriptions doesn't yield anything substantial.

Is the door he was seen at shared with other parties? If so, having
building management reach out to other tenants with a photograph of the
man and the device would be a good way to enhance situational awareness
around the building and to make any later attempt at whatever he was
doing more difficult without explicit collaboration. Sharing these
details and concerns may possibly aid in correlating the activity with
authorized activities from the other tenants. If it's a single tenancy
area, be sure to share these details with your management and co-workers
if you haven't already.

Is the door, or any nearby door, secured via a prox-card system? If so,
my first assumption is this might be an attempt to record RFID
transactions.

Does your business have wireless access points reachable from the device
location? This may be targeting that traffic if so.

Naturally, several of these questions have potentially operationally
sensitive answers and you shouldn't answer them here. Just some things
to consider.

I think your business should:
 - share all information with other tenants/coworkers/building
 management to increase situational awareness and potentially reveal the
 reason for this event.
 - begin considering doing a TSCM sweep
 - consider enlisting counsel to reach out to Leidos to get them to
 affirm or deny participation in this escapade
 - consider contracting with a firm to provide heightened guarding

-- 
0x7D964D3361142ACF




From dan at geer.org  Thu Mar 19 10:11:44 2015
From: dan at geer.org (dan at geer.org)
Date: Thu, 19 Mar 2015 13:11:44 -0400
Subject: all-in-one versus segregation
Message-ID: <20150319171144.584082281E7@palinka.tinho.net>

Excerpts from this BBC article,

   The card aiming to end Nigeria's fraud problem
   www.bbc.com/news/technology-31438226

   Last year, the National Electronic Identity (e-ID) Card was
   launched in collaboration with MasterCard, with President Goodluck
   Jonathan the first recipient...  The smart card's Match-On-Card
   technology matches a holder's fingerprint against a profile
   stored in the embedded chip...  The card is also a travel document,
   conforming to the same standards as international passports. It
   contains electronic identification information, as well as Public
   Key Infrastructure (PKI) technology that allows for document
   signing, non-repudiation and encryption.  The eID card contains
   users' biometric data, including fingerprints...  Fully 70% of
   adult Nigerians do not have a formal bank account...

again bring up the tradeoffs between all-in-one functionality versus
segregation of duties.  I personally don't want one technology to
rule them all, but I have many choices and I know how to make them.
Others, not so much.

Has anyone here been involved in design, rollout, or analysis of
the Nigerian solution and want to comment on how risk management
tradeoffs were evaluated?  To me (the guy living in a world of
choice), I don't want to be 0wned at all but, more than that, I
don't want to be 0wned by one central entity even if its mission
statement is to do so for my own good (cf., "I can't defend the
country until I'm into all the networks." -- K. Alexander and/or
cradle to grave tracking of everything in the food pipeline
and/or Elon Musk's comment that it will soon be illegal to drive
your own car yourself).

But let's start with Nigeria, unless some one of you is better
able to discuss Pakistan's new program that requires a fingerprint
to get a SIM card.
theguardian.com/world/2015/mar/03/pakistan-fingerprint-mobile-phone-users

--dan

"The wisest thing in the world is to cry out before you are hurt.
It is no good to cry out after you are hurt; especially after you
are mortally hurt. People talk about the impatience of the populace;
but sound historians know that most tyrannies have been possible
because men moved too late. it is often essential to resist a tyranny
before it exists."
    G.K. Chesterton, _Eugenics and Other Evils: An Argument Against
    the Scientifically Organized State_





From rysiek at hackerspace.pl  Thu Mar 19 06:08:35 2015
From: rysiek at hackerspace.pl (rysiek)
Date: Thu, 19 Mar 2015 14:08:35 +0100
Subject: Help: Can anyone identify what this is?
In-Reply-To: <1426767870.454282.242494033.140EB1ED@webmail.messagingengine.com>
References: <1426742582.1230193.242363773.643B039E@webmail.messagingengine.com>
 <CAD2Ti29c9gQ1bD=6G=Sexsyd2EopZyfDzJVz2TU-E56eA6G-Vg@mail.gmail.com>
 <1426767870.454282.242494033.140EB1ED@webmail.messagingengine.com>
Message-ID: <2004231.qjyEs7XHLa@lapuntu>

Dnia czwartek, 19 marca 2015 23:24:30 Alfie John pisze:
> On Thu, Mar 19, 2015, at 07:32 PM, grarpamp wrote:
> > On Thu, Mar 19, 2015 at 1:23 AM, Alfie John <alfiej at fastmail.fm> wrote:
> > > If anyone has info on what this device could be or where I could go to
> > > get more info, that would be much appreciated.
> > 
> > Well whatever it is it looks like maybe 6 freq/id labels and
> > one of them doing 20dB. This stray porcupine needs a
> > nice warm home on your lab bench.
> 
> I don't think we'll see him again any time soon :)

Dang. Maybe he would share some more fun toys? ;)

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150319/07c819de/attachment.sig>

From list at sysfu.com  Thu Mar 19 16:08:27 2015
From: list at sysfu.com (Seth)
Date: Thu, 19 Mar 2015 16:08:27 -0700
Subject: Fwd: Matt DeHart named as 3rd Courage Foundation beneficiary
 after Edward Snowden & Jeremy Hammond
In-Reply-To: <54F59141.5060609@riseup.net>
References: <a0e39e3549f6b03750392582fc9735ba@riseup.net>
 <54F59141.5060609@riseup.net>
Message-ID: <op.xvro8dfxbgbjo9@work-pc>

On Tue, 03 Mar 2015 02:47:29 -0800, Bethany <groundhog593 at riseup.net>  
wrote:

>
>
> Matt DeHart named as third Courage beneficiary
>
>
> Posted on March 2, 2015
> https://couragefound.org/2015/03/matt-dehart-named-as-third-courage-beneficiary/
> https://mattdehart.com/


http://news.nationalpost.com/matt-dehart-claims-hes-wanted-for-working-with-anonymous/




From alfiej at fastmail.fm  Wed Mar 18 22:23:02 2015
From: alfiej at fastmail.fm (Alfie John)
Date: Thu, 19 Mar 2015 16:23:02 +1100
Subject: Help: Can anyone identify what this is?
Message-ID: <1426742582.1230193.242363773.643B039E@webmail.messagingengine.com>

Hi everyone,

We had someone loitering near our front office door today. The
conversation went like this:

  Me: What are you doing?
  Him: Nothing
  Me: Where are you from?
  Him: A company
  Me: Do you work for Google (he was wearing a Google t-shirt)?
  Him: No
  Me: Who do you work for?
  Him: Leidos

He had a device hidden near the stairwell door:

  https://www.alfie.wtf/photos/wispy.jpg

Sorry for the low quality image. It was taken from a capture of a
video. I've got the video at work but would rather not release it as
yet because it has his face on it.

The diameter of the antenna base was around 2cm and the height
of the antenna was around 15cm.

Someone on Reddit said that it looked like a jammer. After going to
Google Images and searching for the following, it looks like he's on the
right track:

  - "GSM detector"
  - "GSM jammer"
  - "GPS detector"
  - "GPS jammer"

If anyone has info on what this device could be or where I could go to
get more info, that would be much appreciated.

Alfie

-- 
  Alfie John
  alfiej at fastmail.fm




From coderman at gmail.com  Thu Mar 19 17:21:50 2015
From: coderman at gmail.com (coderman)
Date: Thu, 19 Mar 2015 17:21:50 -0700
Subject: Help: Can anyone identify what this is?
In-Reply-To: <1426742582.1230193.242363773.643B039E@webmail.messagingengine.com>
References: <1426742582.1230193.242363773.643B039E@webmail.messagingengine.com>
Message-ID: <CAJVRA1S=Z9tYWEHJi=J1SUKLDra=q6u_CANyOZfywhJ0j3ohsg@mail.gmail.com>

On 3/18/15, Alfie John <alfiej at fastmail.fm> wrote:
> ...
> We had someone loitering near our front office door today. The
> conversation went like this:
>
>   Me: What are you doing?
>   Him: Nothing
>   Me: Where are you from?
>   Him: A company
>   Me: Do you work for Google (he was wearing a Google t-shirt)?
>   Him: No
>   Me: Who do you work for?
>   Him: Leidos


sounds legit ;P




> He had a device hidden near the stairwell door:
>
>   https://www.alfie.wtf/photos/wispy.jpg

this is likely automated wifi attack gear. the three units together
could cover channels 1, 6, 11 concurrently. (in my own kit, 4-8 radios
is sweet spot)

the extra battery capacity lets it run for days attacking on full auto.

unlikely to be a jammer because they cover more frequencies and this
appears tuned to 2.4Ghz.

you should be running wireless intrusion (e.g. custom kismet?)
monitoring to look for malicious activity. and of course, it is time
to change all your WPA2 passwords! (or switch to WPA-Enterprise)




From jdb10987 at yahoo.com  Thu Mar 19 10:23:06 2015
From: jdb10987 at yahoo.com (jim bell)
Date: Thu, 19 Mar 2015 17:23:06 +0000 (UTC)
Subject: Help: Can anyone identify what this is?
In-Reply-To: <1426767772.454057.242487309.7941BF00@webmail.messagingengine.com>
References: <1426767772.454057.242487309.7941BF00@webmail.messagingengine.com>
Message-ID: <785903516.892221.1426785786085.JavaMail.yahoo@mail.yahoo.com>

Monopole antennas (a rod perpendicular to a ground plane)  are usually tuned (sized in length) to be either 1/4 of a wavelength of the rf being transmitted/received, or 5/8 wave.         Jim Bell 


     On Thursday, March 19, 2015 6:04 AM, Alfie John <alfiej at fastmail.fm> wrote:
   

 On Thu, Mar 19, 2015, at 07:12 PM, Troy Etulain wrote:
> It would be helpful to know what the units of measurement are on
> the side.

I'm at home now so can't give you measurements based on the size of the
tiles vs the device from the video. I'll be in on Monday and update the
thread... but off the cuff I'd say about it's about 25cm X 25cm and 10cm
high. The Antennas base was around 2cm diameter and antenna height
around 20cm high.

He held it by a single antenna when he left, and the way how it swung as
he lifted it up onto his clipboard I'd say it wasn't light but wasn't
heavy. Random stab - 600g in total (I'm comparing it to a Kindle that
I've got near by).

> If they are amps it would indicate that the boxes are transmitting a
> signal, rather than listening. Can you tell from the video?

Not sure how I could tell.

> Were the lights flashing? Interesting that only one is illuminated in
> this photo.

Only one light was constantly on. No flashing.

Alfie

-- 
  Alfie John
  alfiej at fastmail.fm


  
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2744 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150319/abd8c70e/attachment.txt>

From europus at gmail.com  Thu Mar 19 16:05:46 2015
From: europus at gmail.com (Ulex Europae)
Date: Thu, 19 Mar 2015 19:05:46 -0400
Subject: Help: Can anyone identify what this is?
In-Reply-To: <CAJXepZpFAVf8ZNf-yohnnhxRubbGcOkDQOH5-iRhoD3-zYfUXw@mail.g
 mail.com>
References: <1426742582.1230193.242363773.643B039E@webmail.messagingengine.com>
 <CAJXepZpFAVf8ZNf-yohnnhxRubbGcOkDQOH5-iRhoD3-zYfUXw@mail.gmail.com>
Message-ID: <550b563a.8188460a.535b.ffffbf90@mx.google.com>

Do you run a WiFi network? What is the nature of your business, is it
financial? Those could be repackaged Pineapple devices, who knows.

http://hakshop.myshopify.com/products/wifi-pineapple?variant=81044992

What about the person? Age? Fit? Could it have been an undercover LEO?
Someone doing pentesting seems likely to me.


At 04:12 AM 3/19/2015, Troy Etulain wrote:
>It would be helpful to know what the units of 
>measurement are on the side. If they are amps it 
>would indicate that the boxes are transmitting a 
>signal, rather than listening. Can you tell from the video?Â
>
>Were the lights flashing? Interesting that only 
>one is illuminated in this photo.Â
>
>On Thu, Mar 19, 2015 at 5:23 AM, Alfie John 
><<mailto:alfiej at fastmail.fm>alfiej at fastmail.fm> wrote:
>Hi everyone,
>
>We had someone loitering near our front office door today. The
>conversation went like this:
>
>Â  Me: What are you doing?
>Â  Him: Nothing
>Â  Me: Where are you from?
>Â  Him: A company
>Â  Me: Do you work for Google (he was wearing a Google t-shirt)?
>Â  Him: No
>Â  Me: Who do you work for?
>Â  Him: Leidos
>
>He had a device hidden near the stairwell door:
>
>Â 
><https://www.alfie.wtf/photos/wispy.jpg>https://www.alfie.wtf/photos/wispy.jpg
>
>Sorry for the low quality image. It was taken from a capture of a
>video. I've got the video at work but would rather not release it as
>yet because it has his face on it.
>
>The diameter of the antenna base was around 2cm and the height
>of the antenna was around 15cm.
>
>Someone on Reddit said that it looked like a jammer. After going to
>Google Images and searching for the following, it looks like he's on the
>right track:
>
>Â  - "GSM detector"
>Â  - "GSM jammer"
>Â  - "GPS detector"
>Â  - "GPS jammer"
>
>If anyone has info on what this device could be or where I could go to
>get more info, that would be much appreciated.
>
>Alfie
>
>--
>Â  Alfie John
>Â  <mailto:alfiej at fastmail.fm>alfiej at fastmail.fm
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2660 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150319/2820f0b9/attachment.txt>

From coderman at gmail.com  Thu Mar 19 20:26:34 2015
From: coderman at gmail.com (coderman)
Date: Thu, 19 Mar 2015 20:26:34 -0700
Subject: Help: Can anyone identify what this is?
In-Reply-To: <7119936993fabb25b3e686346e7e18a7@protonmail.ch>
References: <7119936993fabb25b3e686346e7e18a7@protonmail.ch>
Message-ID: <CAJVRA1T3Zv=Zj_wq4v7TbWLCwEnM3f5m9feLj=fMWhv1FUVV0A@mail.gmail.com>

On 3/19/15, Archivists <archivists at protonmail.ch> wrote:
> I'm a pen tester by trade. I don't believe these are for wireless attacks.

citation needed :P


> They appear to be RF signal detectors; the dB scale is to indicate signal
> strength and for locating the proximity of broadcasting access points or
> devices.

9dBm / 18dBm / 23 dBm / 30 dBm
 - these are xmit powers common for 2.4Ghz. 200mW on rightmost device?
it would need to be next to an access point for detection at that
level with those antennas. (not likely in stairwell)

however, 200mW is a common output power level for 802.11bg.  and a
stairwell carries lots of traffic - e.g. many devices going by.

of course, without more info, it could be anything.  i still put my
money on offensive kit...




From juan.g71 at gmail.com  Thu Mar 19 16:46:04 2015
From: juan.g71 at gmail.com (Juan)
Date: Thu, 19 Mar 2015 20:46:04 -0300
Subject: Help: Can anyone identify what this is?
In-Reply-To: <1426805782.698852.242769650.46191A34@webmail.messagingengine.com>
References: <1426742582.1230193.242363773.643B039E@webmail.messagingengine.com>
 <CAD2Ti29c9gQ1bD=6G=Sexsyd2EopZyfDzJVz2TU-E56eA6G-Vg@mail.gmail.com>
 <1426767870.454282.242494033.140EB1ED@webmail.messagingengine.com>
 <1426783842.1312305.242595033.4337CF20@webmail.messagingengine.com>
 <1426805782.698852.242769650.46191A34@webmail.messagingengine.com>
Message-ID: <550b5ef9.502a8c0a.755e.ffffb0da@mx.google.com>

On Fri, 20 Mar 2015 09:56:22 +1100
Alfie John <alfiej at fastmail.fm> wrote:


> 
> Sorry, I should have mentioned that Leidos are in the same building as
> us.

	This is...too rich? Yours is some kind of email provider with
	offices in the same building as some* US 'defense' contractor. 

	
	*and IIRC these saic shitbags had something to do with the
 	tor/freedom hosting affair? 

	yep 

	http://www.slate.com/blogs/future_tense/2013/08/05/freedom_hosting_saic_nsa_behind_a_spyware_hack_on_privacy_protecting_network.html


> However, they are not on our floor 

	Now, that's reassuring. Anyway, best of luck.















From archivists at protonmail.ch  Thu Mar 19 19:05:54 2015
From: archivists at protonmail.ch (Archivists)
Date: Thu, 19 Mar 2015 22:05:54 -0400
Subject: Help: Can anyone identify what this is?
Message-ID: <7119936993fabb25b3e686346e7e18a7@protonmail.ch>

I'm a pen tester by trade. I don't believe these are for wireless attacks. They appear to be RF signal detectors; the dB scale is to indicate signal strength and for locating the proximity of broadcasting access points or devices.


Sent from [ProtonMail](https://protonmail.ch), encrypted email based in Switzerland.

-------- Original Message --------
Subject: Re: Help: Can anyone identify what this is?
Time (GMT): Mar 20 2015 01:49:12
From: alfiej at fastmail.fm
To: coderman at gmail.com
CC: cypherpunks at cpunks.org, cryptography at metzdowd.com

On Fri, Mar 20, 2015, at 11:21 AM, coderman wrote:
> On 3/18/15, Alfie John wrote: this is likely
> automated wifi attack gear. the three units together could cover
> channels 1, 6, 11 concurrently. (in my own kit, 4-8 radios is
> sweet spot)

Well that's interesting. I wondered why there were three units.

> the extra battery capacity lets it run for days attacking on
> full auto.

He put it in near the stairwell door (almost next to our door RFID), but
it was in full view of anyone walking to the elevators. So I don't think
he was trying to hide, otherwise he would have done it from behind the
stairwell door and not in plain sight. Maybe it was just bad opsec?

> you should be running wireless intrusion (e.g. custom kismet?)
> monitoring to look for malicious activity. and of course, it is time
> to change all your WPA2 passwords! (or switch to WPA-Enterprise)

Awesome. Thanks for the advice. Will look wireless intrusion detection.
WPA-Enterprise too.

Alfie

--
Alfie John
alfiej at fastmail.fm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1809 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150319/de606455/attachment.txt>

From alfiej at fastmail.fm  Thu Mar 19 05:22:52 2015
From: alfiej at fastmail.fm (Alfie John)
Date: Thu, 19 Mar 2015 23:22:52 +1100
Subject: Help: Can anyone identify what this is?
In-Reply-To: <CAJXepZpFAVf8ZNf-yohnnhxRubbGcOkDQOH5-iRhoD3-zYfUXw@mail.gmail.com>
References: <1426742582.1230193.242363773.643B039E@webmail.messagingengine.com>
 <CAJXepZpFAVf8ZNf-yohnnhxRubbGcOkDQOH5-iRhoD3-zYfUXw@mail.gmail.com>
Message-ID: <1426767772.454057.242487309.7941BF00@webmail.messagingengine.com>

On Thu, Mar 19, 2015, at 07:12 PM, Troy Etulain wrote:
> It would be helpful to know what the units of measurement are on
> the side.

I'm at home now so can't give you measurements based on the size of the
tiles vs the device from the video. I'll be in on Monday and update the
thread... but off the cuff I'd say about it's about 25cm X 25cm and 10cm
high. The Antennas base was around 2cm diameter and antenna height
around 20cm high.

He held it by a single antenna when he left, and the way how it swung as
he lifted it up onto his clipboard I'd say it wasn't light but wasn't
heavy. Random stab - 600g in total (I'm comparing it to a Kindle that
I've got near by).

> If they are amps it would indicate that the boxes are transmitting a
> signal, rather than listening. Can you tell from the video?

Not sure how I could tell.

> Were the lights flashing? Interesting that only one is illuminated in
> this photo.

Only one light was constantly on. No flashing.

Alfie

-- 
  Alfie John
  alfiej at fastmail.fm




From alfiej at fastmail.fm  Thu Mar 19 05:24:30 2015
From: alfiej at fastmail.fm (Alfie John)
Date: Thu, 19 Mar 2015 23:24:30 +1100
Subject: Help: Can anyone identify what this is?
In-Reply-To: <CAD2Ti29c9gQ1bD=6G=Sexsyd2EopZyfDzJVz2TU-E56eA6G-Vg@mail.gmail.com>
References: <1426742582.1230193.242363773.643B039E@webmail.messagingengine.com>
 <CAD2Ti29c9gQ1bD=6G=Sexsyd2EopZyfDzJVz2TU-E56eA6G-Vg@mail.gmail.com>
Message-ID: <1426767870.454282.242494033.140EB1ED@webmail.messagingengine.com>

On Thu, Mar 19, 2015, at 07:32 PM, grarpamp wrote:
> On Thu, Mar 19, 2015 at 1:23 AM, Alfie John <alfiej at fastmail.fm> wrote:
> > If anyone has info on what this device could be or where I could go to
> > get more info, that would be much appreciated.
> 
> Well whatever it is it looks like maybe 6 freq/id labels and
> one of them doing 20dB. This stray porcupine needs a
> nice warm home on your lab bench.

I don't think we'll see him again any time soon :)

Alfie

-- 
  Alfie John
  alfiej at fastmail.fm




From alfiej at fastmail.fm  Thu Mar 19 15:41:06 2015
From: alfiej at fastmail.fm (Alfie John)
Date: Fri, 20 Mar 2015 09:41:06 +1100
Subject: Help: Can anyone identify what this is?
In-Reply-To: <785903516.892221.1426785786085.JavaMail.yahoo@mail.yahoo.com>
References: <1426767772.454057.242487309.7941BF00@webmail.messagingengine.com>
 <785903516.892221.1426785786085.JavaMail.yahoo@mail.yahoo.com>
Message-ID: <1426804866.599509.242767634.5393F2FA@webmail.messagingengine.com>

On Fri, Mar 20, 2015, at 04:23 AM, jim bell wrote:
> Monopole antennas (a rod perpendicular to a ground plane)  are usually
> tuned (sized in length) to be either 1/4 of a wavelength of the rf being
> transmitted/received, or 5/8 wave.         Jim Bell 

Awesome. I was hoping that someone would have technical info like that.
Thanks.

Alfie

-- 
  Alfie John
  alfiej at fastmail.fm




From alfiej at fastmail.fm  Thu Mar 19 15:56:22 2015
From: alfiej at fastmail.fm (Alfie John)
Date: Fri, 20 Mar 2015 09:56:22 +1100
Subject: Help: Can anyone identify what this is?
In-Reply-To: <1426783842.1312305.242595033.4337CF20@webmail.messagingengine.com>
References: <1426742582.1230193.242363773.643B039E@webmail.messagingengine.com>
 <CAD2Ti29c9gQ1bD=6G=Sexsyd2EopZyfDzJVz2TU-E56eA6G-Vg@mail.gmail.com>
 <1426767870.454282.242494033.140EB1ED@webmail.messagingengine.com>
 <1426783842.1312305.242595033.4337CF20@webmail.messagingengine.com>
Message-ID: <1426805782.698852.242769650.46191A34@webmail.messagingengine.com>

On Fri, Mar 20, 2015, at 03:50 AM, Max R.D. Parmer wrote:
> Leidos, being a subsidiary of SAIC, makes me concerned this man might
> be working on contract to perform non-destructive entry of your
> facility. Newbish to not have a pretext, unless the pretext is being
> from Leidos, in which case maybe the intent is just to induce fear.
>
> Is the door he was seen at shared with other parties? If so, having
> building management reach out to other tenants with a photograph of
> the man and the device would be a good way to enhance situational
> awareness around the building and to make any later attempt at
> whatever he was doing more difficult without explicit collaboration.
> Sharing these details and concerns may possibly aid in correlating the
> activity with authorized activities from the other tenants. If it's a
> single tenancy area, be sure to share these details with your
> management and co-workers if you haven't already.

Sorry, I should have mentioned that Leidos are in the same building as
us. However, they are not on our floor and are seperated by a few
floors, so he had zero business being on our level. We're considering
getting building management to setup swipe access to our level.

> Is the door, or any nearby door, secured via a prox-card system? If
> so, my first assumption is this might be an attempt to record RFID
> transactions.

Yes, you need RFID to get into our office space.

> Does your business have wireless access points reachable from the
> device location? This may be targeting that traffic if so.

Yes. This was our main concern. Seeing the antennas made me immediately
think that it was some sort of pentest into our wifi.

> Naturally, several of these questions have potentially operationally
> sensitive answers and you shouldn't answer them here. Just some things
> to consider.
>
> I think your business should:
>  - share all information with other tenants/coworkers/building

Already done. I've shown the video to the other tenants on the same
floor and they have all turned on the awareness.

>    management to increase situational awareness and potentially reveal
>    the reason for this event.

Management were as suspicious as I was. Since Snowden, we (I work at
FastMail) have upped our paranoia for obvious reasons as I would
consider us to be in the same boat as the other targets.

>  - begin considering doing a TSCM sweep

This makes sense. Never considered it before.

>  - consider enlisting counsel to reach out to Leidos to get them to
>    affirm or deny participation in this escapade

Yeah, that's why I was asking for info on the device. We wanted to know
what it was so we knew how to approach them.

>  - consider contracting with a firm to provide heightened guarding

Yep. Considering our options.

Thanks for your response.

Alfie

-- 
  Alfie John
  alfiej at fastmail.fm




From alfiej at fastmail.fm  Thu Mar 19 17:12:27 2015
From: alfiej at fastmail.fm (Alfie John)
Date: Fri, 20 Mar 2015 11:12:27 +1100
Subject: Help: Can anyone identify what this is?
In-Reply-To: <550b563a.8188460a.535b.ffffbf90@mx.google.com>
References: <1426742582.1230193.242363773.643B039E@webmail.messagingengine.com>
 <CAJXepZpFAVf8ZNf-yohnnhxRubbGcOkDQOH5-iRhoD3-zYfUXw@mail.gmail.com>
 <550b563a.8188460a.535b.ffffbf90@mx.google.com>
Message-ID: <1426810347.1227889.242794486.273F3109@webmail.messagingengine.com>

On Fri, Mar 20, 2015, at 10:05 AM, Ulex Europae wrote:
> Do you run a WiFi network? What is the nature of your business, is it
> financial? Those could be repackaged Pineapple devices, who knows.
>
> http://hakshop.myshopify.com/products/wifi-pineapple?variant=81044992

Actually, the Pineapple was the first thing that came into my mind as
soon as I walked out of our front door.

> What about the person? Age? Fit? Could it have been an undercover LEO?
> Someone doing pentesting seems likely to me.

Most definitely would fit the profile.

Alfie

-- 
  Alfie John
  alfiej at fastmail.fm




From alfiej at fastmail.fm  Thu Mar 19 17:18:43 2015
From: alfiej at fastmail.fm (Alfie John)
Date: Fri, 20 Mar 2015 11:18:43 +1100
Subject: Help: Can anyone identify what this is?
In-Reply-To: <550b5ef9.502a8c0a.755e.ffffb0da@mx.google.com>
References: <1426742582.1230193.242363773.643B039E@webmail.messagingengine.com>
 <CAD2Ti29c9gQ1bD=6G=Sexsyd2EopZyfDzJVz2TU-E56eA6G-Vg@mail.gmail.com>
 <1426767870.454282.242494033.140EB1ED@webmail.messagingengine.com>
 <1426783842.1312305.242595033.4337CF20@webmail.messagingengine.com>
 <1426805782.698852.242769650.46191A34@webmail.messagingengine.com>
 <550b5ef9.502a8c0a.755e.ffffb0da@mx.google.com>
Message-ID: <1426810723.1228874.242795390.5D85B9EC@webmail.messagingengine.com>

On Fri, Mar 20, 2015, at 10:46 AM, Juan wrote:
> > Sorry, I should have mentioned that Leidos are in the same building as
> > us.
> 
> 	This is...too rich? Yours is some kind of email provider with
> 	offices in the same building as some* US 'defense' contractor. 

Don't worry, the irony is not lost on us.

> 	*and IIRC these saic shitbags had something to do with the
>  	tor/freedom hosting affair? 
> 
> 	yep 
> 
> 	http://www.slate.com/blogs/future_tense/2013/08/05/freedom_hosting_saic_nsa_behind_a_spyware_hack_on_privacy_protecting_network.html

Yep, they've since rebranded.

> > However, they are not on our floor 
> 
> 	Now, that's reassuring. Anyway, best of luck.

Thanks!

Alfie

-- 
  Alfie John
  alfiej at fastmail.fm




From alfiej at fastmail.fm  Thu Mar 19 17:58:35 2015
From: alfiej at fastmail.fm (Alfie John)
Date: Fri, 20 Mar 2015 11:58:35 +1100
Subject: Help: Can anyone identify what this is?
In-Reply-To: <CAJVRA1S=Z9tYWEHJi=J1SUKLDra=q6u_CANyOZfywhJ0j3ohsg@mail.gmail.com>
References: <1426742582.1230193.242363773.643B039E@webmail.messagingengine.com>
 <CAJVRA1S=Z9tYWEHJi=J1SUKLDra=q6u_CANyOZfywhJ0j3ohsg@mail.gmail.com>
Message-ID: <1426813115.1237260.242807046.45AA74C0@webmail.messagingengine.com>

On Fri, Mar 20, 2015, at 11:21 AM, coderman wrote:
> On 3/18/15, Alfie John <alfiej at fastmail.fm> wrote: this is likely
> automated wifi attack gear. the three units together could cover
> channels 1, 6, 11 concurrently. (in my own kit, 4-8 radios is
> sweet spot)

Well that's interesting. I wondered why there were three units.

> the extra battery capacity lets it run for days attacking on
> full auto.

He put it in near the stairwell door (almost next to our door RFID), but
it was in full view of anyone walking to the elevators. So I don't think
he was trying to hide, otherwise he would have done it from behind the
stairwell door and not in plain sight. Maybe it was just bad opsec?

> you should be running wireless intrusion (e.g. custom kismet?)
> monitoring to look for malicious activity. and of course, it is time
> to change all your WPA2 passwords! (or switch to WPA-Enterprise)

Awesome. Thanks for the advice. Will look wireless intrusion detection.
WPA-Enterprise too.

Alfie

-- 
  Alfie John
  alfiej at fastmail.fm




From alfiej at fastmail.fm  Thu Mar 19 19:27:35 2015
From: alfiej at fastmail.fm (Alfie John)
Date: Fri, 20 Mar 2015 13:27:35 +1100
Subject: Help: Can anyone identify what this is?
In-Reply-To: <7119936993fabb25b3e686346e7e18a7@protonmail.ch>
References: <7119936993fabb25b3e686346e7e18a7@protonmail.ch>
Message-ID: <1426818455.1253854.242825898.41505036@webmail.messagingengine.com>

On Fri, Mar 20, 2015, at 01:05 PM, Archivists wrote:
> I'm a pen tester by trade. I don't believe these are for wireless
> attacks. They appear to be RF signal detectors; the dB scale is to
> indicate signal strength and for locating the proximity of
> broadcasting access points or devices.

Thanks for your input Archivists. So I guess detector vs jammer vs
pineapplism isn't definitive (which is what I was hoping for).

Alfie

-- 
  Alfie John
  alfiej at fastmail.fm




From alfiej at fastmail.fm  Fri Mar 20 00:24:49 2015
From: alfiej at fastmail.fm (Alfie John)
Date: Fri, 20 Mar 2015 18:24:49 +1100
Subject: Help: Can anyone identify what this is?
In-Reply-To: <CAJVRA1T3Zv=Zj_wq4v7TbWLCwEnM3f5m9feLj=fMWhv1FUVV0A@mail.gmail.com>
References: <7119936993fabb25b3e686346e7e18a7@protonmail.ch>
 <CAJVRA1T3Zv=Zj_wq4v7TbWLCwEnM3f5m9feLj=fMWhv1FUVV0A@mail.gmail.com>
Message-ID: <1426836289.1401284.242876118.5F28F56F@webmail.messagingengine.com>

On Fri, Mar 20, 2015, at 02:26 PM, coderman wrote:
> On 3/19/15, Archivists <archivists at protonmail.ch> wrote:
> > I'm a pen tester by trade. I don't believe these are for wireless attacks.
> 
> citation needed :P
> 
> > They appear to be RF signal detectors; the dB scale is to indicate signal
> > strength and for locating the proximity of broadcasting access points or
> > devices.
> 
> 9dBm / 18dBm / 23 dBm / 30 dBm
>  - these are xmit powers common for 2.4Ghz. 200mW on rightmost device?
> it would need to be next to an access point for detection at that
> level with those antennas. (not likely in stairwell)
> 
> however, 200mW is a common output power level for 802.11bg.  and a
> stairwell carries lots of traffic - e.g. many devices going by.
> 
> of course, without more info, it could be anything.  i still put my
> money on offensive kit...

Ok wow, that's very interesting!

Thanks for the tip.

Alfie

-- 
  Alfie John
  alfiej at fastmail.fm




From grarpamp at gmail.com  Fri Mar 20 22:45:38 2015
From: grarpamp at gmail.com (grarpamp)
Date: Sat, 21 Mar 2015 01:45:38 -0400
Subject: Help: Can anyone identify what this is?
In-Reply-To: <1426805782.698852.242769650.46191A34@webmail.messagingengine.com>
References: <1426742582.1230193.242363773.643B039E@webmail.messagingengine.com>
 <CAD2Ti29c9gQ1bD=6G=Sexsyd2EopZyfDzJVz2TU-E56eA6G-Vg@mail.gmail.com>
 <1426767870.454282.242494033.140EB1ED@webmail.messagingengine.com>
 <1426783842.1312305.242595033.4337CF20@webmail.messagingengine.com>
 <1426805782.698852.242769650.46191A34@webmail.messagingengine.com>
Message-ID: <CAD2Ti2-jBe47D9pAgGcmKz7CFYbQ0_088jhpD03kc-JmCvNGzA@mail.gmail.com>

On Thu, Mar 19, 2015  wrote:
>> Is the door, or any nearby door, secured via a prox-card system? If
>> so, my first assumption is this might be an attempt to record RFID
>> transactions.

Some RFID implementation is capturable for replay, some
are 2F like challenge response plus pinpad on the fob/paddle.
Consider physical lock and key plus pin / swipe / bio.
Have doors audio infrared video camera record stream to offsite.
Verify staff is defensive against social engineering and
collect curious events.
Use real end2end software openvpn / ssh to host/lan over wifi,
not just silly soho style router firmwares for wlan and firewall protection.
Etc.
Set out some cookies for new friends :)




From bbrewer at littledystopia.net  Sat Mar 21 12:33:27 2015
From: bbrewer at littledystopia.net (bbrewer)
Date: Sat, 21 Mar 2015 15:33:27 -0400
Subject: Help: Can anyone identify what this is?
In-Reply-To: <1426938666.1902550.243353774.571FEF28@webmail.messagingengine.com>
References: <1426742582.1230193.242363773.643B039E@webmail.messagingengine.com>
 <CAD2Ti29c9gQ1bD=6G=Sexsyd2EopZyfDzJVz2TU-E56eA6G-Vg@mail.gmail.com>
 <1426767870.454282.242494033.140EB1ED@webmail.messagingengine.com>
 <1426783842.1312305.242595033.4337CF20@webmail.messagingengine.com>
 <1426805782.698852.242769650.46191A34@webmail.messagingengine.com>
 <CAD2Ti2-jBe47D9pAgGcmKz7CFYbQ0_088jhpD03kc-JmCvNGzA@mail.gmail.com>
 <1426938666.1902550.243353774.571FEF28@webmail.messagingengine.com>
Message-ID: <E161127E-1F3D-474E-9955-09BCF277FBDD@littledystopia.net>


> On Mar 21, 2015, at 7:51 AM, Alfie John <alfiej at fastmail.fm> wrote:
> 
> The device was actually right next to our RFID reader for the office
> door. He did manage to capture one person walk through, who then
> alerted me to his presence.
> 
> Yeah, our netsec is best practice.

Just throwing this out there, but perhaps it was simply a diversion in the physical realm to take a slight edge away from a network realm.

-Benjamin





From alfiej at fastmail.fm  Sat Mar 21 04:51:06 2015
From: alfiej at fastmail.fm (Alfie John)
Date: Sat, 21 Mar 2015 22:51:06 +1100
Subject: Help: Can anyone identify what this is?
In-Reply-To: <CAD2Ti2-jBe47D9pAgGcmKz7CFYbQ0_088jhpD03kc-JmCvNGzA@mail.gmail.com>
References: <1426742582.1230193.242363773.643B039E@webmail.messagingengine.com>
 <CAD2Ti29c9gQ1bD=6G=Sexsyd2EopZyfDzJVz2TU-E56eA6G-Vg@mail.gmail.com>
 <1426767870.454282.242494033.140EB1ED@webmail.messagingengine.com>
 <1426783842.1312305.242595033.4337CF20@webmail.messagingengine.com>
 <1426805782.698852.242769650.46191A34@webmail.messagingengine.com>
 <CAD2Ti2-jBe47D9pAgGcmKz7CFYbQ0_088jhpD03kc-JmCvNGzA@mail.gmail.com>
Message-ID: <1426938666.1902550.243353774.571FEF28@webmail.messagingengine.com>

On Sat, Mar 21, 2015, at 04:45 PM, grarpamp wrote:
> On Thu, Mar 19, 2015  wrote:
> >> Is the door, or any nearby door, secured via a prox-card system? If
> >> so, my first assumption is this might be an attempt to record RFID
> >> transactions.
>
> Some RFID implementation is capturable for replay, some are 2F like
> challenge response plus pinpad on the fob/paddle. Consider physical
> lock and key plus pin / swipe / bio. Have doors audio infrared video
> camera record stream to offsite. Verify staff is defensive against
> social engineering and collect curious events. Use real end2end
> software openvpn / ssh to host/lan over wifi, not just silly soho
> style router firmwares for wlan and firewall protection. Etc. Set out
> some cookies for new friends :)

The device was actually right next to our RFID reader for the office
door. He did manage to capture one person walk through, who then
alerted me to his presence.

Yeah, our netsec is best practice.

Alfie

-- 
  Alfie John
  alfiej at fastmail.fm




From drwho at virtadpt.net  Sun Mar 22 18:45:22 2015
From: drwho at virtadpt.net (The Doctor)
Date: Sun, 22 Mar 2015 18:45:22 -0700
Subject: Help: Can anyone identify what this is?
In-Reply-To: <1427058505.3709735.243741902.535F2F46@webmail.messagingengine.com>
References: <1426742582.1230193.242363773.643B039E@webmail.messagingengine.com>
 <CAD2Ti29c9gQ1bD=6G=Sexsyd2EopZyfDzJVz2TU-E56eA6G-Vg@mail.gmail.com>
 <1426767870.454282.242494033.140EB1ED@webmail.messagingengine.com>
 <1426783842.1312305.242595033.4337CF20@webmail.messagingengine.com>
 <1426805782.698852.242769650.46191A34@webmail.messagingengine.com>
 <CAD2Ti2-jBe47D9pAgGcmKz7CFYbQ0_088jhpD03kc-JmCvNGzA@mail.gmail.com>
 <1426938666.1902550.243353774.571FEF28@webmail.messagingengine.com>
 <E161127E-1F3D-474E-9955-09BCF277FBDD@littledystopia.net>
 <1427058505.3709735.243741902.535F2F46@webmail.messagingengine.com>
Message-ID: <550F7032.60809@virtadpt.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 03/22/2015 02:08 PM, Alfie John wrote:

> By the look on his face, I'm pretty sure he didn't expect us to
> come out, especially while recording video :)

Any chance that video might wind up accessible someplace?  Maybe
someone here recognizes the individual in question (or has access to
facial recognition software that doesn't suck).

- -- 
The Doctor [412/724/301/703/415] [ZS]

PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F  DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/

"I slip into the archaic at dramatically appropriate moments. So sue
me." --Harry Dresden

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJVD3AtAAoJED1np1pUQ8RkZbkP/1nsCWkRtb+wh2vOxgU9rnY9
RzuSBTkOZoaJHdHJ7/3lq+qhYryF8Rm2KvpzdMAnNqbwMKp7FBwZNZSx+iNd0efV
NKvyh3/rGGlliQiOviNIP+4twdq9pZlMby2UOsZQgw3hv9JnXn7hddIc0K5B4yEj
zj0rn7XnFuAqkxvnLedw4i4FY+qC5j6+6ZC4Je1WVFxROO1N1H/OTqSwGosoM40G
l0txV04PeBWoppe3XcW3xn02zWcbpGxOZFWvxXmJYf76H5nDP33QSK0IBSl4GPXJ
A0fzHo/O8o4I9Fs7y7UE30JlP9+Wg/I4XbQ0z/vYycZ8RFjWgKaJwluI319D9ADo
ib4+BkXsZobD89DA9Oir48nQNCFbv3IQ3dkEswwz3hen9ja3nSFhhuvw5tinSxDf
rgEW0RgRFt+pKU3mGd1yrO8Oxg3skITqdntiePnAXhFnZxNoxYi3sWYqyJTUGCBZ
UYCHES6v4s6v1OADkYO5g5LF2RZadRI+tTChYEaoZMhjRnb+wLx80ZXf6SzqU5cq
2xgo35Fty15xNdj5qE1FyAJZPhGpFd6FZTvRt773mrE+hUCBVbo0WDwnI9H/xcvr
p/FYJUWVs7GnTYIDJ0mP3K3WXo3MqYa9AH36H0DLl6o7l39UV8eG/p2S3K2bJcWZ
TmhfYsak7GZk07Grctvc
=MOao
-----END PGP SIGNATURE-----




From alfiej at fastmail.fm  Sun Mar 22 14:08:25 2015
From: alfiej at fastmail.fm (Alfie John)
Date: Mon, 23 Mar 2015 08:08:25 +1100
Subject: Help: Can anyone identify what this is?
In-Reply-To: <E161127E-1F3D-474E-9955-09BCF277FBDD@littledystopia.net>
References: <1426742582.1230193.242363773.643B039E@webmail.messagingengine.com>
 <CAD2Ti29c9gQ1bD=6G=Sexsyd2EopZyfDzJVz2TU-E56eA6G-Vg@mail.gmail.com>
 <1426767870.454282.242494033.140EB1ED@webmail.messagingengine.com>
 <1426783842.1312305.242595033.4337CF20@webmail.messagingengine.com>
 <1426805782.698852.242769650.46191A34@webmail.messagingengine.com>
 <CAD2Ti2-jBe47D9pAgGcmKz7CFYbQ0_088jhpD03kc-JmCvNGzA@mail.gmail.com>
 <1426938666.1902550.243353774.571FEF28@webmail.messagingengine.com>
 <E161127E-1F3D-474E-9955-09BCF277FBDD@littledystopia.net>
Message-ID: <1427058505.3709735.243741902.535F2F46@webmail.messagingengine.com>

On Sun, Mar 22, 2015, at 06:33 AM, bbrewer wrote:
>
> > On Mar 21, 2015, at 7:51 AM, Alfie John <alfiej at fastmail.fm> wrote:
> >
> > The device was actually right next to our RFID reader for the office
> > door. He did manage to capture one person walk through, who then
> > alerted me to his presence.
> >
> > Yeah, our netsec is best practice.
>
> Just throwing this out there, but perhaps it was simply a diversion in
> the physical realm to take a slight edge away from a network realm.

By the look on his face, I'm pretty sure he didn't expect us to come
out, especially while recording video :)

Alfie

-- 
  Alfie John
  alfiej at fastmail.fm




From shelley at misanthropia.org  Mon Mar 23 09:08:55 2015
From: shelley at misanthropia.org (Shelley)
Date: Mon, 23 Mar 2015 09:08:55 -0700
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <14c47621300.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org>
References: <20150323131047.GA2520@sivokote.iziade.m$>
 <14c47621300.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org>
Message-ID: <14c4764d9f0.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org>

On March 23, 2015 7:01:15 AM Georgi Guninski <guninski at guninski.com> wrote:

> Firefox 36+ listens on UDP:1900, which appears SSDP.
>
> Search the web or check the fiasco:
> https://bugzilla.mozilla.org/show_bug.cgi?id=1111967
>
> This well might have privacy and/or security implications.
>
>>>>> As is probably known, my opinion of Firefox is close to that of exploder.<<<<<


Mine too, Georgi.  I stopped using it years ago, long before their 
homophobic employee scandal.  (There *were* LGBT boycotts of FF, hence his 
departure.)

-Shelley





From cathalgarvey at cathalgarvey.me  Mon Mar 23 06:22:10 2015
From: cathalgarvey at cathalgarvey.me (Cathal Garvey)
Date: Mon, 23 Mar 2015 13:22:10 +0000
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <20150323131047.GA2520@sivokote.iziade.m$>
References: <20150323131047.GA2520@sivokote.iziade.m$>
Message-ID: <55101382.1060004@cathalgarvey.me>

Anything to do with Firefox Hello, I wonder? Which is terrible, by the 
way, and not something I'd recommend.

On 23/03/15 13:10, Georgi Guninski wrote:
> Firefox 36+ listens on UDP:1900, which appears SSDP.
>
> Search the web or check the fiasco:
> https://bugzilla.mozilla.org/show_bug.cgi?id=1111967
>
> This well might have privacy and/or security implications.
>
> As is probably known, my opinion of Firefox is
> close to that of exploder.
>

-- 
Scientific Director, IndieBio Irish Programme
  Got a biology-inspired business idea that $50,000 -
  & 3 months in a well equipped lab could accelerate?
  Apply for the Summer programme in Ireland:
  http://indie.bio/apply-to-ireland
Twitter:  @onetruecathal
Phone: +353876363185
miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM
peerio.com: cathalgarvey




From schear.steve at gmail.com  Mon Mar 23 13:27:37 2015
From: schear.steve at gmail.com (Steven Schear)
Date: Mon, 23 Mar 2015 13:27:37 -0700
Subject: For whom the Book Tolls
Message-ID: <CAMyHXXcgXZqWSfG5FmzPoSeScWC8Ri4-t4AeChEh3iu0=JPEfw@mail.gmail.com>

Jim,

You might be interested to learn that a spy novel, written by a friend and
for which I consulted, features AP and Zombie Patriots (another CPunk
concept from the early days) trade-craft. You are, of course, credited.

Steve

(Innovator of the Warrant Canary and the Street Performer Protocol)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 375 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150323/b16b5f94/attachment.txt>

From schear.steve at gmail.com  Mon Mar 23 13:32:11 2015
From: schear.steve at gmail.com (Steven Schear)
Date: Mon, 23 Mar 2015 13:32:11 -0700
Subject: For whom the Book Tolls
Message-ID: <CAMyHXXctqqsda_Df2m_mm-mScLKMapOiW9u29MPnE7C4jgyfeQ@mail.gmail.com>

Jim,

Forgot to mention the book title: GrayNet by D.S. Kane

http://www.dskane.com/fiction.php

Steve
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 216 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150323/859dc1e0/attachment.txt>

From shelley at misanthropia.org  Mon Mar 23 14:17:44 2015
From: shelley at misanthropia.org (Shelley)
Date: Mon, 23 Mar 2015 14:17:44 -0700
Subject: From [FD]: Wall of Sheep Speaker Workshops at DEF CON 23 CFP Now Open
In-Reply-To: <CAAua_qWkyYAdHxDxgb+mbOCR23RrCXG8g+PN0LGJ_unF3+7Geg@mail.gmail.com>
References: <CAAua_qWkyYAdHxDxgb+mbOCR23RrCXG8g+PN0LGJ_unF3+7Geg@mail.gmail.com>
Message-ID: <14c487f90f0.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org>

Fyi!

----------
--- Forwarded message ---
From: Ming <ming at wallofsheep.com>
Date: March 23, 2015 2:10:32 PM
Subject: [FD] Wall of Sheep Speaker Workshops at DEF CON 23 CFP Now Open
To: undisclosed-recipients:;

#Overview
The Wall of Sheep would like to announce a call for presentations at DEF
CON 23 at the Paris and Bally's Hotels in Las Vegas, NV from Friday, August
7th to Sunday, August 9th. The Wall of Sheep will be delivering talks that
increase security awareness and provide skills that can be immediately
applied after the conference. Our audience ranges from those who are new to
security to the most seasoned practitioners in the security industry.
Introductory talks are welcome.

Topics of interest include:
* Tools on network sniffing, intrusion detection and monitoring, forensics
* Tools for data collection (e.g., Yara, Cuckoo Sandbox)
* Python or Ruby programming for security practitioners
* Hardening the enterprise using open source tools
* Getting multi-vendor tools working together
* Tool/task automation and optimization
* Incident response process and procedures

This year, all accepted talks will be announced, recorded, and published by
DEF CON Communications, Inc (yes, by the conference).

The Wall of Sheep will not accept product or vendor related pitches. If
your talk is a thinly-veiled advertisement for a product or service your
company is offering, please do not apply!

#Speaking Format
Each presentation slot is 1 hour, including time for Q&A.  If we have time
and it is in line with our goals mentioned above, then there is a good
chance you will be selected.

##To submit a presentation, please provide the following information in the
form below to cfp2015[at]wallofsheep[dot]com

Primary Speaker Name:

Primary Speaker Title and Company (if applicable):

Primary Speaker Email Address:

Primary Speaker Phone Number (to contact you if necessary during the
conference):

Primary Speaker Twitter name (if you want it known if you are accepted):

Primary Speaker Facebook page (if you want it known if you are accepted):

Additional Speakers' name(s), titles, and social information:

Additional Email Addresses:

Is there a specific day or time you MUST speak by?

Name of Presentation:

Abstract:
Your abstract will be used for the website and printed materials. Summarize
what your presentation will cover. Attendees will read this to get an idea
of what they should know before your presentation, and what they will learn
after. Use this to inform about how technical your talk is. This abstract
is the primary way people will be drawn to your session. CFP reviews like
to see what tools will be used and what materials you suggest to read in
advance to get the most out of your presentation.

Equipment Needs & Special Requests:
The Wall of Sheep will provide 1 projector feed, and microphones. If you
need to use multiple outputs for a demo, please mention this below.

Speaker's Bio(s):
This text will be used for the website and printed materials and should be
written in the third person. Cover any professional history that is
relevant to the presentation, including past jobs, tools that you have
written, etc. Let people know who you are and why you are qualified to
speak on your topic. Presentations that are submitted without biographies
will not be considered.

Detailed Outline:
You must provide a detailed outline containing the main points and
navigation through your talk.  Show how you intend to begin, where you
intend to lead the audience and how you plan to get there. The outline may
be provided in a separate attachment and may be as simple as a text file or
as detailed as a "bare bones" presentation. The better your outline then
the better we are able to best review your presentation against other
submissions (and the higher chance you have of being accepted).  SUBMISSION
NOTE: Presentations that are submitted without abstracts, outlines, or
speaker bios (e.g., that have only PDFs, PPTs, or white papers attached or
only point to a URL) will not be considered.

Supporting File(s):
Additional supporting materials such as code, white papers, proof of
concept, etc. should be sent along with this email to
cfp2015[at]wallofsheep[dot]com. Note that additional files that may help in
the selection process should be included. We are not asking for a complete
presentation for this initial submission.  That will only be required if
you are selected for presenting.

#Terms and Conditions
By submitting you agree to the Terms and Conditions below. Please read and
accept these terms by inserting your name in the appropriate area,
otherwise your application will be considered incomplete and returned to
you.

##Grant of Copyright Use
I warrant that the above work has not been previously published elsewhere,
or if it has, that I have obtained permission for its publication by DEF
CON Communications, Inc. and the Wall of Sheep and that I will promptly
supply DEF CON Communications, Inc. and the Wall of Sheep with wording for
crediting the original publication and copyright owner. If I am selected
for presentation, I hereby give DEF CON Communications, Inc. and the Wall
of Sheep permission to duplicate, record and redistribute this
presentation, which includes, but is not limited to, the conference
proceedings, conference CD, video, audio, and hand-outs to the conference
attendees for educational, on-line, and all other purposes.

##Terms of Speaking Requirements
1. I will submit a completed (and possibly updated) presentation and a
reference to all of the tool(s), law(s), Web sites and/or publications
referenced to at the end of my talk and as described in this CFP submission
by noon PST, July 31st, 2015.
2. I will submit a final Abstract and Biography to the Wall of Sheep by
noon PST, July 31st, 2015.
3. I will include a detailed bibliography as either a separate document or
included within the presentation of all resources cited and/or used in my
presentation.
4. I will complete my presentation within the time allocated to me - not
running over the time allocation.
5. I understand that the Wall of Sheep will provide 1 LCD projector feed, 2
screens, and microphones. I understand that I am responsible for providing
all other necessary equipment, including laptops and machines (with VGA
output), to complete my presentation.
6. I understand that I will be responsible for my own hotel and travel
expenses, and admissions to the DEF CON Conference.

Yes, I, (insert primary speaker name), have read and agree to the Grant of
Copyright Use.

I, (insert your name here), have read and understand and agree to the terms
as detailed in the Agreement to Terms of Speaking Requirements.

In the case that a speaker is a child under the age of 13 years old: in
compliance with the Children's Online Privacy Protection Act (COPPA)
regulations, http://www.coppa.org, any child under age 13 must have
parental consent for the collection, use, or disclosure of that child's
personal information by a website.  Parent/Guardian Consent: I (insert
parent/guardian's name here) am the parent or guardian of the minor/s named
above. I have read and understand and agree to the terms as detailed in the
Agreement to Terms of Speaking Requirements.

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/





From shelley at misanthropia.org  Mon Mar 23 14:33:03 2015
From: shelley at misanthropia.org (Shelley)
Date: Mon, 23 Mar 2015 14:33:03 -0700
Subject: For whom the Book Tolls
In-Reply-To: <CAMyHXXctqqsda_Df2m_mm-mScLKMapOiW9u29MPnE7C4jgyfeQ@mail.gmail.com>
References: <CAMyHXXctqqsda_Df2m_mm-mScLKMapOiW9u29MPnE7C4jgyfeQ@mail.gmail.com>
Message-ID: <14c488d9ab0.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org>

On March 23, 2015 2:24:17 PM Steven Schear <schear.steve at gmail.com> wrote:

> Jim,
>
> Forgot to mention the book title: GrayNet by D.S. Kane
>
> http://www.dskane.com/fiction.php
>
> Steve

I certainly hope Jim will be receiving a signed and dedicated copy at the 
mail drop of his choice!

-S





From cathalgarvey at cathalgarvey.me  Mon Mar 23 07:38:12 2015
From: cathalgarvey at cathalgarvey.me (Cathal Garvey)
Date: Mon, 23 Mar 2015 14:38:12 +0000
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <20150323141705.GB2520@sivokote.iziade.m$>
References: <20150323131047.GA2520@sivokote.iziade.m$>
 <1797970.9VJCTFyvlb@lapuntu> <20150323141705.GB2520@sivokote.iziade.m$>
Message-ID: <55102554.9010509@cathalgarvey.me>

 > It is common knowledge that Mozilla are Google satellite,
 > releasing default Bing versions when they bargain for money.

It would be lovely if more people ponied up to the Foundation so they 
didn't have to make these tiny-yet-big-impact bargains.

 > More importantly, they ditched off their lead developer,
 > Brendan Eich, the creator of javascript at Netscape times,
 > because of made up gay-related donation scandal.

Well, it wasn't made-up, he donated to an anti-equality campaign (which 
is his right!) but put Mozilla's name next to his vote, which is not OK.

They didn't fire him IIRC, he stepped down after a wave of criticism 
which was probably excessive. Still, if I were a Mozillan I wouldn't 
want a CEO who had a prior history of using the company name to forward 
a personal religious agenda, no matter how great a developer he is.

All of which is outside scope for this list, so I'll stop there.

Firefox Hello, which might be to blame, is on-topic though; is that 
module even open source? Mozilla are really sinking fast (ahem, EME) as 
a thought-leading ideology hub, so it wouldn't surprise me to learn they 
were bundling closed-source-open-port-ware.

On 23/03/15 14:17, Georgi Guninski wrote:
> On Mon, Mar 23, 2015 at 02:43:53PM +0100, rysiek wrote:
>> Go home, Mozilla. You're drunk.
>>
>
> Just ranting.
>
> It is common knowledge that Mozilla are Google satellite,
> releasing default Bing versions when they bargain for money.
>
> More importantly, they ditched off their lead developer,
> Brendan Eich, the creator of javascript at Netscape times,
> because of made up gay-related donation scandal.
>

-- 
Scientific Director, IndieBio Irish Programme
  Got a biology-inspired business idea that $50,000 -
  & 3 months in a well equipped lab could accelerate?
  Apply for the Summer programme in Ireland:
  http://indie.bio/apply-to-ireland
Twitter:  @onetruecathal
Phone: +353876363185
miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM
peerio.com: cathalgarvey




From rysiek at hackerspace.pl  Mon Mar 23 06:43:53 2015
From: rysiek at hackerspace.pl (rysiek)
Date: Mon, 23 Mar 2015 14:43:53 +0100
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <20150323131047.GA2520@sivokote.iziade.m$>
References: <20150323131047.GA2520@sivokote.iziade.m$>
Message-ID: <1797970.9VJCTFyvlb@lapuntu>

Dnia poniedziałek, 23 marca 2015 15:10:47 Georgi Guninski pisze:
> Firefox 36+ listens on UDP:1900, which appears SSDP.
> 
> Search the web or check the fiasco:
> https://bugzilla.mozilla.org/show_bug.cgi?id=1111967
> 
> This well might have privacy and/or security implications.

FFS. Also semi-related:
https://bugzilla.mozilla.org/show_bug.cgi?id=1012209

Go home, Mozilla. You're drunk.

> As is probably known, my opinion of Firefox is
> close to that of exploder.

"Firefox: at least still better than closed source shite"

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150323/7c2ecc7b/attachment.sig>

From ryacko at gmail.com  Mon Mar 23 15:06:09 2015
From: ryacko at gmail.com (Ryan Carboni)
Date: Mon, 23 Mar 2015 15:06:09 -0700
Subject: Firefox 36+ listens on UDP:1900
Message-ID: <CAO7N=i2HPbvXfNEcJerk-rxZjeXYwpWeVE2ynWfk8q-+hptmJQ@mail.gmail.com>

>
> More importantly, they ditched off their lead developer,
> Brendan Eich, the creator of javascript at Netscape times,
> because of made up gay-related donation scandal.


Someone donates to prevent gay marriage: BOYCOTT HIM

Someone donates to the political campaign of a war monger: eh, big deal.

Government funds terrorists: eh, big deal.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 836 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150323/12f5307f/attachment.txt>

From guninski at guninski.com  Mon Mar 23 06:10:47 2015
From: guninski at guninski.com (Georgi Guninski)
Date: Mon, 23 Mar 2015 15:10:47 +0200
Subject: Firefox 36+ listens on UDP:1900
Message-ID: <20150323131047.GA2520@sivokote.iziade.m$>

Firefox 36+ listens on UDP:1900, which appears SSDP.

Search the web or check the fiasco:
https://bugzilla.mozilla.org/show_bug.cgi?id=1111967

This well might have privacy and/or security implications.

As is probably known, my opinion of Firefox is
close to that of exploder.

-- 
georgi




From cypherpunks at cheiraminhavirilha.com  Mon Mar 23 09:04:41 2015
From: cypherpunks at cheiraminhavirilha.com (Virilha)
Date: Mon, 23 Mar 2015 16:04:41 +0000
Subject: Secret service scandal of March 2015
In-Reply-To: <20150312141804.GA2573@sivokote.iziade.m$>
Message-ID: <20150323160441.Horde.ofUH6BqfQM0UWM_WkOlKow4@127.0.0.1>


at Russia that would be a normal day job..


Drunk Russian soldier hits house with tank:

https://www.youtube.com/watch?v=zjBtYYW1Y4E


----- Message from Georgi Guninski <guninski at guninski.com> ---------
    Date: Thu, 12 Mar 2015 16:18:04 +0200
    From: Georgi Guninski <guninski at guninski.com>
Subject: Secret service scandal of March 2015
      To: cypherpunks at cpunks.org


> http://www.npr.org/blogs/thetwo-way/2015/03/11/392395433/secret-service-agents-drove-car-into-white-house-barricades-after-drinking
>
> <quote>
> There's another scandal at the Secret Service. The Washington Post is
> reporting that the administration is looking into claims that two senior
> agents, including one who is a member of President Obama's detail, drove
> a government car into security barricades at the White House after
> drinking at a party on March 4.
> </quote>
>
> Comments:
>
> As someone suggested in another thread, it would be funnier if
> they were on russian vodka or even on bulgarian rakia (in cyrillic
> "ракия").


----- End message from Georgi Guninski <guninski at guninski.com> -----







From cathalgarvey at cathalgarvey.me  Mon Mar 23 09:05:12 2015
From: cathalgarvey at cathalgarvey.me (Cathal Garvey)
Date: Mon, 23 Mar 2015 16:05:12 +0000
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <1427123683.3214.0@mail.roussos.cc>
References: <20150323131047.GA2520@sivokote.iziade.m$>
 <1797970.9VJCTFyvlb@lapuntu> <20150323141705.GB2520@sivokote.iziade.m$>
 <55102554.9010509@cathalgarvey.me> <1427123683.3214.0@mail.roussos.cc>
Message-ID: <551039B8.3060705@cathalgarvey.me>

 > Same goes for EME. The Firefox implementation is Open Source.

Well. The "sandbox" in which closed-source EME malware runs is Open 
Source, the EME malware itself is not; if it were, it wouldn't achieve 
its intended goals of preventing the user from accessing media without 
interference.

On 23/03/15 15:14, Nikos Roussos wrote:
> On Mon, Mar 23, 2015 at 4:38 PM, Cathal Garvey
> <cathalgarvey at cathalgarvey.me> wrote:
>> Firefox Hello, which might be to blame, is on-topic though; is that
>> module even open source? Mozilla are really sinking fast (ahem, EME)
>> as a thought-leading ideology hub, so it wouldn't surprise me to learn
>> they were bundling closed-source-open-port-ware.
>
> Hello is part of Firefox's codebase, so yes it's fully Open Source.
> https://hg.mozilla.org/mozilla-central/file/bc85c479668a/browser/components/loop
>
> Same goes for EME. The Firefox implementation is Open Source.

-- 
Scientific Director, IndieBio Irish Programme
  Got a biology-inspired business idea that $50,000 -
  & 3 months in a well equipped lab could accelerate?
  Apply for the Summer programme in Ireland:
  http://indie.bio/apply-to-ireland
Twitter:  @onetruecathal
Phone: +353876363185
miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM
peerio.com: cathalgarvey




From guninski at guninski.com  Mon Mar 23 07:17:05 2015
From: guninski at guninski.com (Georgi Guninski)
Date: Mon, 23 Mar 2015 16:17:05 +0200
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <1797970.9VJCTFyvlb@lapuntu>
References: <20150323131047.GA2520@sivokote.iziade.m$>
 <1797970.9VJCTFyvlb@lapuntu>
Message-ID: <20150323141705.GB2520@sivokote.iziade.m$>

On Mon, Mar 23, 2015 at 02:43:53PM +0100, rysiek wrote:
> Go home, Mozilla. You're drunk.
>

Just ranting.

It is common knowledge that Mozilla are Google satellite,
releasing default Bing versions when they bargain for money.

More importantly, they ditched off their lead developer,
Brendan Eich, the creator of javascript at Netscape times,
because of made up gay-related donation scandal.

-- 
georgi




From guninski at guninski.com  Mon Mar 23 08:06:59 2015
From: guninski at guninski.com (Georgi Guninski)
Date: Mon, 23 Mar 2015 17:06:59 +0200
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <55102554.9010509@cathalgarvey.me>
References: <20150323131047.GA2520@sivokote.iziade.m$>
 <1797970.9VJCTFyvlb@lapuntu>
 <20150323141705.GB2520@sivokote.iziade.m$>
 <55102554.9010509@cathalgarvey.me>
Message-ID: <20150323150658.GC2520@sivokote.iziade.m$>

On Mon, Mar 23, 2015 at 02:38:12PM +0000, Cathal Garvey wrote:
> > More importantly, they ditched off their lead developer,
> > Brendan Eich, the creator of javascript at Netscape times,
> > because of made up gay-related donation scandal.
> 
> Well, it wasn't made-up, he donated to an anti-equality campaign
> (which is his right!) but put Mozilla's name next to his vote, which
> is not OK.
>

I continue to believe it was made up.

What is a reference that BE put mozilla on the donation?

This might be just employment and many donors put $X$
in that box.

I suspect corporations can't donate on such matters,
at least in a relatively sane society, might be wrong.

On second thought, if Mozilla donated anti-gay why it is
still not boycotted by gays?




From comzeradd at fsfe.org  Mon Mar 23 08:14:43 2015
From: comzeradd at fsfe.org (Nikos Roussos)
Date: Mon, 23 Mar 2015 17:14:43 +0200
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <55102554.9010509@cathalgarvey.me>
References: <20150323131047.GA2520@sivokote.iziade.m$>
 <1797970.9VJCTFyvlb@lapuntu> <20150323141705.GB2520@sivokote.iziade.m$>
 <55102554.9010509@cathalgarvey.me>
Message-ID: <1427123683.3214.0@mail.roussos.cc>

On Mon, Mar 23, 2015 at 4:38 PM, Cathal Garvey 
<cathalgarvey at cathalgarvey.me> wrote:
> Firefox Hello, which might be to blame, is on-topic though; is that 
> module even open source? Mozilla are really sinking fast (ahem, EME) 
> as a thought-leading ideology hub, so it wouldn't surprise me to 
> learn they were bundling closed-source-open-port-ware.

Hello is part of Firefox's codebase, so yes it's fully Open Source.
https://hg.mozilla.org/mozilla-central/file/bc85c479668a/browser/components/loop

Same goes for EME. The Firefox implementation is Open Source.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 794 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150323/25329bd2/attachment.txt>

From comzeradd at fsfe.org  Mon Mar 23 09:48:01 2015
From: comzeradd at fsfe.org (Nikos Roussos)
Date: Mon, 23 Mar 2015 18:48:01 +0200
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <551039B8.3060705@cathalgarvey.me>
References: <20150323131047.GA2520@sivokote.iziade.m$>
 <1797970.9VJCTFyvlb@lapuntu> <20150323141705.GB2520@sivokote.iziade.m$>
 <55102554.9010509@cathalgarvey.me> <1427123683.3214.0@mail.roussos.cc>
 <551039B8.3060705@cathalgarvey.me>
Message-ID: <1427129281.2791.0@mail.roussos.cc>

On Mon, Mar 23, 2015 at 6:05 PM, Cathal Garvey 
<cathalgarvey at cathalgarvey.me> wrote:
> > Same goes for EME. The Firefox implementation is Open Source.
> 
> Well. The "sandbox" in which closed-source EME malware runs is Open 
> Source, the EME malware itself is not; if it were, it wouldn't 
> achieve its intended goals of preventing the user from accessing 
> media without interference.

I guess you are talking about the CDM module. Yes, that's not Open 
Source, but that doesn't ship along with Firefox. It's pretty much the 
same as with NPAPI plugins. Implementation is Open Source, but (for 
instance) Flash plugin is not. Thus it's not shipped with Firefox.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 762 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150323/a03e1c12/attachment.txt>

From guninski at guninski.com  Mon Mar 23 09:51:40 2015
From: guninski at guninski.com (Georgi Guninski)
Date: Mon, 23 Mar 2015 18:51:40 +0200
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <55102554.9010509@cathalgarvey.me>
References: <20150323131047.GA2520@sivokote.iziade.m$>
 <1797970.9VJCTFyvlb@lapuntu>
 <20150323141705.GB2520@sivokote.iziade.m$>
 <55102554.9010509@cathalgarvey.me>
Message-ID: <20150323165140.GD2520@sivokote.iziade.m$>

On Mon, Mar 23, 2015 at 02:38:12PM +0000, Cathal Garvey wrote:
> ....  Mozilla are really sinking fast (ahem, EME)

IMHO this won't happen while google are pouring on them

"money for nothing and chicks for free"

(for the younger generation this is a song).

-- 
georgi




From guninski at guninski.com  Mon Mar 23 10:33:27 2015
From: guninski at guninski.com (Georgi Guninski)
Date: Mon, 23 Mar 2015 19:33:27 +0200
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <14c4764d9f0.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org>
References: <20150323131047.GA2520@sivokote.iziade.m$>
 <14c47621300.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org>
 <14c4764d9f0.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org>
Message-ID: <20150323173327.GE2520@sivokote.iziade.m$>

On Mon, Mar 23, 2015 at 09:08:55AM -0700, Shelley wrote:
> On March 23, 2015 7:01:15 AM Georgi Guninski <guninski at guninski.com> wrote:
> 
> >Firefox 36+ listens on UDP:1900, which appears SSDP.
> >
> >Search the web or check the fiasco:
> >https://bugzilla.mozilla.org/show_bug.cgi?id=1111967
> >
> >This well might have privacy and/or security implications.
> >
> >>>>>As is probably known, my opinion of Firefox is close to that of exploder.<<<<<
> 
> 
> Mine too, Georgi.  I stopped using it years ago, long before their
> homophobic employee scandal.  (There *were* LGBT boycotts of FF,
> hence his departure.)
> 
> -Shelley

Dude,

Which browser supporting javascript do you recommend?

Appears to me it is like in parliamentary elections:

"Choose the most delicious shit"

-- 
georgi




From juan.g71 at gmail.com  Mon Mar 23 22:19:27 2015
From: juan.g71 at gmail.com (Juan)
Date: Tue, 24 Mar 2015 02:19:27 -0300
Subject: maidsafe
Message-ID: <5510f31f.52668c0a.388b.ffffc478@mx.google.com>

...what's the deal? Is it a scam? 

"David Irvine began work on MaidSafe in 2006. He raised $5 million for
the project" 

april 2014  "It raised over $7 million in Mastercoins and Bitcoins." 


They've been working on it for almost 10 years and still...nothing? 








From grarpamp at gmail.com  Mon Mar 23 23:28:32 2015
From: grarpamp at gmail.com (grarpamp)
Date: Tue, 24 Mar 2015 02:28:32 -0400
Subject: maidsafe
In-Reply-To: <5510f31f.52668c0a.388b.ffffc478@mx.google.com>
References: <5510f31f.52668c0a.388b.ffffc478@mx.google.com>
Message-ID: <CAD2Ti28Pg8BUh=J_zSeE9JgKibo18U-NusvdLdinFc-QyRKbog@mail.gmail.com>

On Tue, Mar 24, 2015 at 1:19 AM, Juan <juan.g71 at gmail.com> wrote:
> ...what's the deal? Is it a scam?

Define scam.
The deal below is interesting regardless...

https://www.youtube.com/results?search_query=maidsafe
http://maidsafe.net/
https://github.com/maidsafe
https://www.reddit.com/r/decentralisedinternet
https://en.wikipedia.org/wiki/MaidSafe




From juan.g71 at gmail.com  Tue Mar 24 01:04:53 2015
From: juan.g71 at gmail.com (Juan)
Date: Tue, 24 Mar 2015 05:04:53 -0300
Subject: maidsafe
In-Reply-To: <CAD2Ti28Pg8BUh=J_zSeE9JgKibo18U-NusvdLdinFc-QyRKbog@mail.gmail.com>
References: <5510f31f.52668c0a.388b.ffffc478@mx.google.com>
 <CAD2Ti28Pg8BUh=J_zSeE9JgKibo18U-NusvdLdinFc-QyRKbog@mail.gmail.com>
Message-ID: <551119e1.8d35370a.6656.ffffd086@mx.google.com>

On Tue, 24 Mar 2015 02:28:32 -0400
grarpamp <grarpamp at gmail.com> wrote:

> On Tue, Mar 24, 2015 at 1:19 AM, Juan <juan.g71 at gmail.com> wrote:
> > ...what's the deal? Is it a scam?
> 
> Define scam.


	Well, tell me what the meaning of definition is, first? And how
	do you define meaning? Perhaps you can provide the definition
	of definition? I'm guessing I need to know the meaning of
	meaning as well.


> The deal below is interesting regardless...

	Thanks! That was really helpful because, since I don't have
	fingers, I can't type "maidsafe". 


	So, in 2000 freenet and gnutella were created and since then
	there hasn't been any real innovation. Again, what's the deal? 





> 
> https://www.youtube.com/results?search_query=maidsafe
> http://maidsafe.net/
> https://github.com/maidsafe
> https://www.reddit.com/r/decentralisedinternet
> https://en.wikipedia.org/wiki/MaidSafe




From tom at ritter.vg  Tue Mar 24 04:51:44 2015
From: tom at ritter.vg (Tom Ritter)
Date: Tue, 24 Mar 2015 06:51:44 -0500
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <55102554.9010509@cathalgarvey.me>
References: <20150323131047.GA2520@sivokote.iziade.m$>
 <1797970.9VJCTFyvlb@lapuntu>
 <20150323141705.GB2520@sivokote.iziade.m$> <55102554.9010509@cathalgarvey.me>
Message-ID: <CA+cU71kRezX0ZZf6u6i8hR0dSpXtnWy4wtga35qJY=A2sA+ptA@mail.gmail.com>

On 23 March 2015 at 09:38, Cathal Garvey <cathalgarvey at cathalgarvey.me> wrote:
> Well, it wasn't made-up, he donated to an anti-equality campaign (which is
> his right!) but put Mozilla's name next to his vote, which is not OK.
> ...
> All of which is outside scope for this list, so I'll stop there.

This is a close-to-but-not-exact recounting. His disclosure of his
employer was required by state law, and was neither a statement of
support by the company nor his attempt to make it so.

https://brendaneich.com/2012/04/community-and-diversity/
http://www.heritage.org/research/reports/2009/10/the-price-of-prop-8

-tom




From coderman at gmail.com  Tue Mar 24 11:02:09 2015
From: coderman at gmail.com (coderman)
Date: Tue, 24 Mar 2015 11:02:09 -0700
Subject: whisper.sh it
Message-ID: <CAJVRA1QNfQo5GLCrwraL0hxa0JNFV9VFWhqORTVfyJR_vYFCUg@mail.gmail.com>

http://www.xipiter.com/musings/a-confederacy-of-privacy-dunces-what-we-found-under-the-hood-of-an-anonymous-chat-app-used-by-millions

'''
... Vendor contacts Xipiter directly, acknowledges some (but not all)
severity of Xipiter's vulnerabilities and offers Xipiter "reward"
(which undoubtedly would come with non-disclosure conditions)

... Xipiter, fed up with how long things were taking for the article,
just posts everything here. We found many more vulns like this  in
other apps (and Senrio has many alerts in the queue for us to
investigate) and we want to get to them all, but we have to get back
to our actual work..
'''




From coderman at gmail.com  Tue Mar 24 11:09:39 2015
From: coderman at gmail.com (coderman)
Date: Tue, 24 Mar 2015 11:09:39 -0700
Subject: From [FD]: Wall of Sheep Speaker Workshops at DEF CON 23 CFP Now
 Open
In-Reply-To: <14c487f90f0.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org>
References: <CAAua_qWkyYAdHxDxgb+mbOCR23RrCXG8g+PN0LGJ_unF3+7Geg@mail.gmail.com>
 <14c487f90f0.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org>
Message-ID: <CAJVRA1SZdapLkE7Rg6C_dt2R2d+5jt_u0f87Z9wUyx7Zx=qctw@mail.gmail.com>

On 3/23/15, Shelley <shelley at misanthropia.org> wrote:
> ...
> The Wall of Sheep would like to announce a call for presentations
> ... The Wall of Sheep will be delivering talks that
> increase security awareness and provide skills that can be immediately
> applied after the conference...


wall of pwn, an entire track of specialized focus?

... sheep jumped the shark.




From shelley at misanthropia.org  Tue Mar 24 11:21:18 2015
From: shelley at misanthropia.org (Shelley)
Date: Tue, 24 Mar 2015 11:21:18 -0700
Subject: From [FD]: Wall of Sheep Speaker Workshops at DEF CON 23 CFP Now
 Open
In-Reply-To: <14c4d029c58.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org>
References: <CAAua_qWkyYAdHxDxgb+mbOCR23RrCXG8g+PN0LGJ_unF3+7Geg@mail.gmail.com>
 <14c487f90f0.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org>
 <CAJVRA1SZdapLkE7Rg6C_dt2R2d+5jt_u0f87Z9wUyx7Zx=qctw@mail.gmail.com>
 <14c4d029c58.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org>
Message-ID: <14c4d046560.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org>

On March 24, 2015 11:09:42 AM coderman <coderman at gmail.com> wrote:

> On 3/23/15, Shelley <shelley at misanthropia.org> wrote:
> > ...
> > The Wall of Sheep would like to announce a call for presentations
> > ... The Wall of Sheep will be delivering talks that
> > increase security awareness and provide skills that can be immediately
> > applied after the conference...
>
>
> wall of pwn, an entire track of specialized focus?
>
> ... sheep jumped the shark.


 Yeah, it was just always something we hoped never to end up on, heh.  I 
don't know how this'll work out because newbs are not the DefCon target 
audience.  Thought it was interesting/weird enough to pass on to the list 
anyway, even if it's only mild schadenfreude entertainment.

-S





From cathalgarvey at cathalgarvey.me  Tue Mar 24 05:07:28 2015
From: cathalgarvey at cathalgarvey.me (Cathal Garvey)
Date: Tue, 24 Mar 2015 12:07:28 +0000
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <CA+cU71kRezX0ZZf6u6i8hR0dSpXtnWy4wtga35qJY=A2sA+ptA@mail.gmail.com>
References: <20150323131047.GA2520@sivokote.iziade.m$>
 <1797970.9VJCTFyvlb@lapuntu> <20150323141705.GB2520@sivokote.iziade.m$>
 <55102554.9010509@cathalgarvey.me>
 <CA+cU71kRezX0ZZf6u6i8hR0dSpXtnWy4wtga35qJY=A2sA+ptA@mail.gmail.com>
Message-ID: <55115380.3060903@cathalgarvey.me>

Thanks for that perspective; from without, it looked like he was adding 
it voluntarily to tie his funding to Mozilla.

I still stand by the right of employees to protest an employer who votes 
against their rights, but my opinion of Eich is marginally higher, 
knowing that he wasn't deliberately tarnishing Mozilla for his own agenda.

I strongly disagree with his views, but I respect that he has a right to 
have them. If his views conflict with his suitability for a role or 
employment though, that's entirely on him and I don't see that it 
deserves a white-wash. We're soon to have a referendum on marriage 
equality here in Ireland, and if my employer were campaigning actively 
against it (they are not!), I'd be quick to raise my voice.

On 24/03/15 11:51, Tom Ritter wrote:
> On 23 March 2015 at 09:38, Cathal Garvey <cathalgarvey at cathalgarvey.me> wrote:
>> Well, it wasn't made-up, he donated to an anti-equality campaign (which is
>> his right!) but put Mozilla's name next to his vote, which is not OK.
>> ...
>> All of which is outside scope for this list, so I'll stop there.
>
> This is a close-to-but-not-exact recounting. His disclosure of his
> employer was required by state law, and was neither a statement of
> support by the company nor his attempt to make it so.
>
> https://brendaneich.com/2012/04/community-and-diversity/
> http://www.heritage.org/research/reports/2009/10/the-price-of-prop-8
>
> -tom
>

-- 
Scientific Director, IndieBio Irish Programme
  Got a biology-inspired business idea that $50,000 -
  & 3 months in a well equipped lab could accelerate?
  Apply for the Summer programme in Ireland:
  http://indie.bio/apply-to-ireland
Twitter:  @onetruecathal
Phone: +353876363185
miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM
peerio.com: cathalgarvey




From gfoster at entersection.org  Tue Mar 24 13:03:47 2015
From: gfoster at entersection.org (Gregory Foster)
Date: Tue, 24 Mar 2015 15:03:47 -0500
Subject: ODNI/NRC report on "Bulk Collection of Signals Intelligence"
Message-ID: <5511C323.9070902@entersection.org>

The National Academies Press (2015) - "Bulk Collection of Signals
Intelligence: Technical Options"
http://www.nap.edu/catalog/19414/bulk-collection-of-signals-intelligence-technical-options

> The Bulk Collection of Signals Intelligence: Technical Options study is a result of an activity called for in Presidential Policy Directive 28 (PPD-28), issued by President Obama in January 2014, to evaluate U.S. signals intelligence practices. The directive instructed the Office of the Director of National Intelligence (ODNI) to produce a report within one year "assessing the feasibility of creating software that would allow the intelligence community more easily to conduct targeted information acquisition rather than bulk collection." ODNI asked the National Research Council (NRC) -- the operating arm of the National Academy of Sciences and National Academy of Engineering -- to conduct a study, which began in June 2014, to assist in preparing a response to the President. Over the ensuing months, a committee of experts appointed by the Research Council produced the report.

gf

-- 
Gregory Foster || gfoster at entersection.org
@gregoryfoster <> http://entersection.com/




From coderman at gmail.com  Tue Mar 24 17:38:58 2015
From: coderman at gmail.com (coderman)
Date: Tue, 24 Mar 2015 17:38:58 -0700
Subject: maidsafe
In-Reply-To: <CAHWD2rJNK-Ve4scG08opxowss3sK5+N07G-2wqDP2sMY3wetbQ@mail.gmail.com>
References: <5510f31f.52668c0a.388b.ffffc478@mx.google.com>
 <CAD2Ti28Pg8BUh=J_zSeE9JgKibo18U-NusvdLdinFc-QyRKbog@mail.gmail.com>
 <551119e1.8d35370a.6656.ffffd086@mx.google.com>
 <CAHWD2rJNK-Ve4scG08opxowss3sK5+N07G-2wqDP2sMY3wetbQ@mail.gmail.com>
Message-ID: <CAJVRA1SkH9mQWtXAzY=MD5cayruFZ4xg8fbL-6QNVq_whstMkQ@mail.gmail.com>

On 3/24/15, Lodewijk andré de la porte <l at odewijk.nl> wrote:
> So far I think maidsafe is not the right approach.


at times may spend many years learning hard lessons;
 a public fail is a wider win of sorts, opportunity to learn via other.


software development sustained over years is expensive in any form -
no clear best path to watering the privacy commons.  a collection of
decentralized methods certainly more plentiful today than before,
however, ... there is hope? :)




From schear.steve at gmail.com  Tue Mar 24 21:14:04 2015
From: schear.steve at gmail.com (Steven Schear)
Date: Tue, 24 Mar 2015 21:14:04 -0700
Subject: maidsafe
In-Reply-To: <CAJVRA1SkH9mQWtXAzY=MD5cayruFZ4xg8fbL-6QNVq_whstMkQ@mail.gmail.com>
References: <5510f31f.52668c0a.388b.ffffc478@mx.google.com>
 <CAD2Ti28Pg8BUh=J_zSeE9JgKibo18U-NusvdLdinFc-QyRKbog@mail.gmail.com>
 <551119e1.8d35370a.6656.ffffd086@mx.google.com>
 <CAHWD2rJNK-Ve4scG08opxowss3sK5+N07G-2wqDP2sMY3wetbQ@mail.gmail.com>
 <CAJVRA1SkH9mQWtXAzY=MD5cayruFZ4xg8fbL-6QNVq_whstMkQ@mail.gmail.com>
Message-ID: <CAMyHXXcWc0_1OksrTDuBn7Eg_YLhD-5ECqppOTUcXTPPzfqrxQ@mail.gmail.com>

MaidSafe (MS) is an inadvertent (apparently due to a lack of historical
information) attempt to realize the experiment Jim McCoy, Bram Cohen, Zooko
O'Hearn and I set out to perform with Mojo Nation. They are doing this with
the advantage of the experience of bitcoin. MN was sort of Freenet +
digital currency. Unlike the file sharing systems that came before Freenet
is publication-based. Both file sharing (FS) and publication content
distribution approaches have their pros and cons.

FS is simpler but offers little or no plausible deniability about the
sharing activities. Publication offers much better deniabilty but more
complex and requires more resource commitments on the part of its users.
Both suffer from limitations based on popularity. MN tried to find a sweet
spot by adding a resource-based currency to solve the persistence problem
by paying user clients to offer storage and communication bandwidth.

Unfortunately, MN never really got off the ground, due to a lack of
funding, but it got far enough to encourage Bram to create BitTorrent and
Zooko to create Tahoe LAFS. I tried to get Bram (and some others through
client add-ons) to include some sort of digital currency to BT but it never
happened.

McCoy patented MN's content distribution systems with resource-based
currency around 2001/2. Not sure if the patent is still in force, if Jim is
even aware of MS or if he's even care if MS appears to be using MN's
approach.



Steve
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1557 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150324/67ed32ac/attachment.txt>

From l at odewijk.nl  Tue Mar 24 07:45:16 2015
From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=)
Date: Tue, 24 Mar 2015 23:45:16 +0900
Subject: maidsafe
In-Reply-To: <551119e1.8d35370a.6656.ffffd086@mx.google.com>
References: <5510f31f.52668c0a.388b.ffffc478@mx.google.com>
 <CAD2Ti28Pg8BUh=J_zSeE9JgKibo18U-NusvdLdinFc-QyRKbog@mail.gmail.com>
 <551119e1.8d35370a.6656.ffffd086@mx.google.com>
Message-ID: <CAHWD2rJNK-Ve4scG08opxowss3sK5+N07G-2wqDP2sMY3wetbQ@mail.gmail.com>

So far I think maidsafe is not the right approach. The mix between central
and decentral is not inherent to the problem that's being solved.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 197 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150324/a4f97138/attachment.txt>

From adam at cypherspace.org  Wed Mar 25 04:56:21 2015
From: adam at cypherspace.org (Adam Back)
Date: Wed, 25 Mar 2015 11:56:21 +0000
Subject: maidsafe
In-Reply-To: <CAMyHXXcWc0_1OksrTDuBn7Eg_YLhD-5ECqppOTUcXTPPzfqrxQ@mail.gmail.com>
References: <5510f31f.52668c0a.388b.ffffc478@mx.google.com>
 <CAD2Ti28Pg8BUh=J_zSeE9JgKibo18U-NusvdLdinFc-QyRKbog@mail.gmail.com>
 <551119e1.8d35370a.6656.ffffd086@mx.google.com>
 <CAHWD2rJNK-Ve4scG08opxowss3sK5+N07G-2wqDP2sMY3wetbQ@mail.gmail.com>
 <CAJVRA1SkH9mQWtXAzY=MD5cayruFZ4xg8fbL-6QNVq_whstMkQ@mail.gmail.com>
 <CAMyHXXcWc0_1OksrTDuBn7Eg_YLhD-5ECqppOTUcXTPPzfqrxQ@mail.gmail.com>
Message-ID: <CALqxMTGkYhJ7qO0zWFR=b2y=9rspoSukFaKR30Bc4xSskYRUiA@mail.gmail.com>

btw apparently maidsafe also patented some things.  Not a fan of
patents really (bit of an understatement - IMO they should be banned).
Maidsafe took some flak for it and tried to claim they were defensive
patents.  I think the misunderstanding is that when startups fail,
patents get sold to the highest bidder.  Ie the entrepreneur who
thinks its a useful thing to do creates 30 years of headache for an
ecosystem from his 2 year time-horizon thinking.  We've even seen it
before in ecash specifically with the digicash patents that were sold
at bankruptcy to infospace and so there was a period where no one
could use basic blind sigs and various work arounds were tried
(blinding agnostic server, Wagner's blind MAC/ZKP/Lucre,
server-privacy/systemix/ricardian server).  That sucked.

I am not sure about Maidsafe.  But there are a lot of scams in
alt-coin space.  Its very easy to take investors money and then fail
to deliver.  The investors are non-qualified investors, so the
legality is also questionable.  But even on an ethical basis, the
investors are not having legal or professional review of the
prospectus, and the "investment contract" is typically ridiculous such
that a professional would ROFL about the proposal.  You own nothing.
Its a pattern repeated a few times in alt-coin space.

The other fallacy in my view is that this is somehow plausible that a
service (aka app-coin) with value could defend a floating valued
alt-coin.  Lets say maidsafe as an example - so far I guess its
vaporware, or under research & development vs zooko's LAFS for example
which has been running and incrementally improving for years.  But
lets say they manage to develop something useful with usable
functionality and reliability etc which is no small task, lets say
they get workably close to matching LAFS functionality after spending
the $10m or whatever they raised.  Now why would people use it over
LAFS which is free?

If maidsafe offered better functionality than LAFS (seems doubtful but
hypothetically) its FOSS software.  Why would someone not fork it and
remove the maidsafe token.  The resources that provide the service are
after all not provided by maidsafe nor the holders of the maidsafe
coins - so why would users and peers in the network choose to support
the enrichment of maidsafe the company nor the naive people who put
money into the "investment".  You often hear people talking about
these schemes as "donations" and thats probably closer to the truth -
if you think the tech is interesting and you donate some money to it
to see it get built, without expectations of getting your money back,
you're going to get less of an unpleasant surprise when it fails to
materialise or it simply gets forked if it even works.

I can see that Zooko for example might look at this and go huh? WTF?
He implemented LAFS with various modest funding models and has a
working system - and yet some folks with hand wavy ideas that may or
may not be mathematically possible even jump into the tech space paint
an exciting hypothetical system picture and grab $10m+ of
non-qualified investor money with an "investment contract" that says
the investor owns nothing (other than sort of undefined value service
tokens, that are not backed by control or ownership of the resources
that might operate the to-be-implemented service).

If nothing else these token sale contracts are fraught with moral
hazard.  Investment contracts are structured the way they are by
mutual negotiation between investor and startup for reasons of
interest alignment and incentive.  Those structures were arrived at
via 100+ years of experience of what works and what doesnt, and prior
generations investment scams and bubbles.  It seems like a bit of a
rerun of some early last century investment scams that motivated the
regulations we currently have to protect investors from scammers.

(Someone did ask, thats my opinion anyway:)

Adam

On 25 March 2015 at 04:14, Steven Schear <schear.steve at gmail.com> wrote:
> MaidSafe (MS) is an inadvertent (apparently due to a lack of historical
> information) attempt to realize the experiment Jim McCoy, Bram Cohen, Zooko
> O'Hearn and I set out to perform with Mojo Nation. They are doing this with
> the advantage of the experience of bitcoin. MN was sort of Freenet + digital
> currency. Unlike the file sharing systems that came before Freenet is
> publication-based. Both file sharing (FS) and publication content
> distribution approaches have their pros and cons.
>
> FS is simpler but offers little or no plausible deniability about the
> sharing activities. Publication offers much better deniabilty but more
> complex and requires more resource commitments on the part of its users.
> Both suffer from limitations based on popularity. MN tried to find a sweet
> spot by adding a resource-based currency to solve the persistence problem by
> paying user clients to offer storage and communication bandwidth.
>
> Unfortunately, MN never really got off the ground, due to a lack of funding,
> but it got far enough to encourage Bram to create BitTorrent and Zooko to
> create Tahoe LAFS. I tried to get Bram (and some others through client
> add-ons) to include some sort of digital currency to BT but it never
> happened.
>
> McCoy patented MN's content distribution systems with resource-based
> currency around 2001/2. Not sure if the patent is still in force, if Jim is
> even aware of MS or if he's even care if MS appears to be using MN's
> approach.
>
>
>
> Steve




From Rayzer at riseup.net  Wed Mar 25 14:53:16 2015
From: Rayzer at riseup.net (Razer)
Date: Wed, 25 Mar 2015 14:53:16 -0700
Subject: Pocan & Massie Introduce Legislation to Repeal PATRIOT Act
In-Reply-To: <CAD2Ti2_kE-qvBsXc-i67Z1kNoQ6suD6b=ZQ-V8PiNrn4zb2URw@mail.gmail.com>
References: <CAD2Ti2_kE-qvBsXc-i67Z1kNoQ6suD6b=ZQ-V8PiNrn4zb2URw@mail.gmail.com>
Message-ID: <55132E4C.8020003@riseup.net>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 03/25/2015 12:17 PM, grarpamp wrote:
> http://pocan.house.gov/media-center/press-releases/pocan-massie-introduce-legislation-to-repeal-patriot-act
>
http://pocan.house.gov/sites/pocan.house.gov/files/wysiwyg_uploaded/Surveillance%20State%20Repeal%20Act%20114th.pdf
> https://www.congress.gov/bill/114th-congress/house-bill/1466/text
>
>
http://thinkprogress.org/election/2015/03/24/3638234/house-members-move-repeal-patriot-act-strongest-anti-surveillance-bill-date/
>
http://www.freedomworks.org/content/house-introduces-bill-repeal-patriot-act
>
http://thehill.com/blogs/congress-blog/civil-rights/236641-legislate-against-big-brother
>
>
http://yro.slashdot.org/story/15/03/25/1213221/new-bill-would-repeal-patriot-act
>
http://www.reddit.com/r/politics/comments/306jsr/house_introduces_bill_to_repeal_the_patriot_act/
> https://news.ycombinator.com/item?id=9261650
>
> http://whoismyrepresentative.com/
>
>

That's all well and good. Some of it is just about to be codified into
law under CISA anyway, and more is bound to follow.

“It appears that whatever anyone wants to call a terrorist — whether it
be Animal Rights activists, Occupy Wall Street members, Sovereign
Citizen members, or losers who started following ISIL on Twitter —
appears to be fair game. Which is particularly troubling given that CISA
makes explicit what NSA used to accomplish only in secret”
—   

Emptywheel: CISA’s Terrorists Are Not Just Foreign Terrorists
https://www.emptywheel.net/2015/03/21/cisas-terrorists-are-not-just-foreign-terrorists/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJVEy5IAAoJEA+2Ggco7HeWD44P/1rEZozHvjtNeB7cmffSXglw
Pu4o5GuJaGExRZSC976B96ODlGUjt6o9Oe7ldw+LpRZ20XL0Xv7TTcx2/vKCCZFP
pfCg4EJoZCBuUCizHfRcTsyofsngAZCbXWBd33Vl3eSX08V8zX5u2TIhoZdM99rG
GPDOE1IBHN1QYFyat8EFHb7jySRTkisBAv2hgzOAA/20ngeXkjW+Em/nEZD5eVhp
evfxMIKI/ncYiNbyyYxTDwqQQbuwibEfOEBQObKRE+PNjIgCYGB93kheoEjRhill
cGu6VCSOFpb6KRZFX3D6vkMEqZ4WJ4xuWUkTmO3BF2VnFNlQEHc2+xpJx9OYcZag
sI1xRAH9evPCvcsdRN/im4cn+0NwDnFPTGgJ1o2SB9XFxPFff8+ZpHTJHquhkRFA
NLe+pby0XwcJcX0F0EwLO55zvVaJqyzpFELH+E9E0f8O/qucwkK35QmKB34/KhyY
vcnt8+ukuJCXjXV0RRJJGjyQJ4RR49wjfEP7EyC0b27coCjR3DkjvZyWdQdVy6DK
qjqQdYtNNSnp3nJ1pYWQVFcCN5z4b0c0JAXOEAPFv//SrQ9TS1zlDeZVLYIAgDzH
Y2Vr9PcNnO1UxM/IL6fBV6C/hgslte+8jNhilzW1G9F9y/zVsbTj3SjWRr3o/NmH
0ihmw88Img+13gu4Se3q
=8fss
-----END PGP SIGNATURE-----




From grarpamp at gmail.com  Wed Mar 25 12:17:34 2015
From: grarpamp at gmail.com (grarpamp)
Date: Wed, 25 Mar 2015 15:17:34 -0400
Subject: Pocan & Massie Introduce Legislation to Repeal PATRIOT Act
Message-ID: <CAD2Ti2_kE-qvBsXc-i67Z1kNoQ6suD6b=ZQ-V8PiNrn4zb2URw@mail.gmail.com>

http://pocan.house.gov/media-center/press-releases/pocan-massie-introduce-legislation-to-repeal-patriot-act
http://pocan.house.gov/sites/pocan.house.gov/files/wysiwyg_uploaded/Surveillance%20State%20Repeal%20Act%20114th.pdf
https://www.congress.gov/bill/114th-congress/house-bill/1466/text

http://thinkprogress.org/election/2015/03/24/3638234/house-members-move-repeal-patriot-act-strongest-anti-surveillance-bill-date/
http://www.freedomworks.org/content/house-introduces-bill-repeal-patriot-act
http://thehill.com/blogs/congress-blog/civil-rights/236641-legislate-against-big-brother

http://yro.slashdot.org/story/15/03/25/1213221/new-bill-would-repeal-patriot-act
http://www.reddit.com/r/politics/comments/306jsr/house_introduces_bill_to_repeal_the_patriot_act/
https://news.ycombinator.com/item?id=9261650

http://whoismyrepresentative.com/




From Rayzer at riseup.net  Wed Mar 25 15:48:54 2015
From: Rayzer at riseup.net (Razer)
Date: Wed, 25 Mar 2015 15:48:54 -0700
Subject: [Cryptography] "Most Americans Don't Mind Being on Candid Camera"
In-Reply-To: <CAD2Ti2-3k9qrC6CMTjKKBF56XuHUrfrr_vjFaBQCP5i97_nuVg@mail.gmail.com>
References: <3C9B6165-EF60-4EAC-9071-A36666EA559F@lrw.com>
 <CAAMy4USCb2fE=RA=XQMXJHrCdy883wdFO7tvK_bfOk=eZy5L3g@mail.gmail.com>
 <5512336C.2010307@sonic.net>
 <CAD2Ti2-3k9qrC6CMTjKKBF56XuHUrfrr_vjFaBQCP5i97_nuVg@mail.gmail.com>
Message-ID: <55133B56.7010107@riseup.net>



On 03/25/2015 02:31 PM, grarpamp wrote:
> On Wed, Mar 25, 2015 at 12:02 AM, Ray Dillinger <bear at sonic.net> wrote:
>
>> "Most Americans Don't Mind Being on Candid Camera"
> [quoting the subject]
>
> Bullshit. Ever walk up to someone and stuff a camera in their face?
> They'll tell you to fuck off and delete that shit, maybe smash
> your camera, and maybe even smash you
>

I called the police on a "Nicotine Nazi" one evening in my California
town after he stuffed a camera in my face and called me a 'criminal' (if
he only knew...) for ROLLING (not smoking) a cigarette on a Starbucks
patio and was informed by the police it IS legal to take 'portrait
photos' without the subject's permission (assuming they stay out of arms
reach), and further (in case you were wondering why bullying is so
prevalent) that you can say anything you want short of threats of
violence and it IS NOT "assault".

Our right to privacy IS being codified away.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150325/7b04674e/attachment.sig>

From grarpamp at gmail.com  Wed Mar 25 14:31:15 2015
From: grarpamp at gmail.com (grarpamp)
Date: Wed, 25 Mar 2015 17:31:15 -0400
Subject: [Cryptography] "Most Americans Don't Mind Being on Candid Camera"
In-Reply-To: <5512336C.2010307@sonic.net>
References: <3C9B6165-EF60-4EAC-9071-A36666EA559F@lrw.com>
 <CAAMy4USCb2fE=RA=XQMXJHrCdy883wdFO7tvK_bfOk=eZy5L3g@mail.gmail.com>
 <5512336C.2010307@sonic.net>
Message-ID: <CAD2Ti2-3k9qrC6CMTjKKBF56XuHUrfrr_vjFaBQCP5i97_nuVg@mail.gmail.com>

On Wed, Mar 25, 2015 at 12:02 AM, Ray Dillinger <bear at sonic.net> wrote:
> Privacy as we knew it is a memory.

No. this memory... this privacy... is in part defined by what was input and
remains in the brain memory of the individual. You walk through a park
and on the whole, nothing in particular was ever specifically input, remains
in, or is recallable from your memory.
What we have now is an applied technological error against humanity
occurring faster than the human capacity to process the ramifications.
Some would say nuclear weapons fall into this same category. It's that
old carnal visceral human control, power, advantage, destruction, against
others and innocents thing for which the only real fix is self learning and
moderation.
There should be no cameras bulk surveilling public spaces, they
are offensive to the individual and their memory thus their privacy.
The only one who could have one there is the individual for their own
purposes... a personal notebook, journalism, research. Not a larger
corporation or the government against the privacy/memory of any
individual... they both can do no more than record their own front doors.
Cameras and databases are an affront to privacy whenever their context
can be or does switch from seeing blurry anonymous mass, to the individual.
Watching traffic flows is one thing, watching plates is another.
Blobby humans moving around vs. doing facialrec on them.
Yes, every individual in office of the government should be subject
to surveillance by the public during the course of their duties when
interacting with other officeholders. LE interacting public should be
taped under policy of the public as vested authority accountable.
But people need to get off the idea that if everybody watches everbody
in one big happy camera pool that all is fair and that that excuses
individualizable and individualized surveillance. And most certainly
in public or databases where there is no individualized interaction,
or permission of individualized recordee, with the recorder. That's
incorrect and against humanity.

> "Most Americans Don't Mind Being on Candid Camera"
[quoting the subject]

Bullshit. Ever walk up to someone and stuff a camera in their face?
They'll tell you to fuck off and delete that shit, maybe smash
your camera, and maybe even smash you. Same as if you try
to troll through their purse, wallet, phone, house, car, or computer.
It's not that they don't mind, it's that humans don't tend to
actively notice and rage against cameras mounted far away.
But it does register in their subconscious and builds a silent well
of rage that will someday explode singularly or in mass. Why?
Because human DNA is a free range animal, not a caged
one, and surveillance and databases are a cage. And like
nukes, humanity is a bit slow to conciously realize those
kinds of errors. The fact that people around the world are
even talking about this should tell you that something's
gone wrong and brakes need applied.

> Several times several thousand counts of murder.
> Murder isn't political.  It isn't "war" unless it's a
> dispute between nations.  Random yahoos with some islamic
> jihad

Terror is a fictional infection of news, politics, and the mind.
Rational people would know that, treat it as any crime,
accept it as the price of freedom, rebuild and move on.
Instead the world chose 15 years of ongoing irrationality.
They'll be lucky to ever realize or recover from that error.




From grarpamp at gmail.com  Wed Mar 25 15:02:25 2015
From: grarpamp at gmail.com (grarpamp)
Date: Wed, 25 Mar 2015 18:02:25 -0400
Subject: [Cryptography] "Most Americans Don't Mind Being on Candid Camera"
In-Reply-To: <20150325182749.GA56891@pit.databus.com>
References: <3C9B6165-EF60-4EAC-9071-A36666EA559F@lrw.com>
 <55106AB0.2060505@iang.org>
 <20150324043553.GB11491@pit.databus.com>
 <5511E580.2080400@iang.org> <551235DB.6010700@sonic.net>
 <20150325182749.GA56891@pit.databus.com>
Message-ID: <CAD2Ti2_g7DW=JuevnWr02Kx1_o-npurgqeWNarvPriL1urSDhA@mail.gmail.com>

On Wed, Mar 25, 2015 at 2:27 PM, Barney Wolff <barney at databus.com> wrote:
> So it's ok to declare war on Hezbollah but not on ISIS?  If I decide to
> build my own WMD I'm a criminal but if Pakistan fails to prosecute the
> guy who helps me then I'm an enemy combatant?
>
> Seems to me the criterion should be the level of the threat, not fine
> distinctions on who's making it.

Show me any written declaration of war made since WWII. Problem
is you've made everything so gray since then that not even
you yourself can see straight anymore. That's a real problem.
We already know that has created constant global guerrilla
grinding of waste, destruction and death. It would be interesting
if it spawns an actual war or WWIII... even if only to restore clear
vision.

WMD? Chem is as irrelavent as a cloudy day. Nuke policing is
tricky yet seems to be working and still under state control. But
it's the bio's / DNA and knowledge coming out of govt/corp/edu labs
that pose the biggest risk to mass humanity. And nobody seems
to have any idea how to grasp or manage that.




From coderman at gmail.com  Wed Mar 25 19:21:32 2015
From: coderman at gmail.com (coderman)
Date: Wed, 25 Mar 2015 19:21:32 -0700
Subject: [tor-talk] Pocan & Massie Introduce Legislation to Repeal PATRIOT
 Act
In-Reply-To: <CAD2Ti2_kE-qvBsXc-i67Z1kNoQ6suD6b=ZQ-V8PiNrn4zb2URw@mail.gmail.com>
References: <CAD2Ti2_kE-qvBsXc-i67Z1kNoQ6suD6b=ZQ-V8PiNrn4zb2URw@mail.gmail.com>
Message-ID: <CAJVRA1QM+G+j8J-DQxOCTs0ZcUbuJ5wiLcqNzor=LMetoRu7Sw@mail.gmail.com>

On 3/25/15, grarpamp <grarpamp at gmail.com> wrote:
> ... [ shell games ] ...

i want proposals to de-fund entire classes of offensive operations
that contribute nothing to security, only detriment to all privacy.

it's telling that even token gestures, and make no mistake - the CDR
db debacle was a show - were scuttled out of (misguided) principle.
miles away from touching even mundane recommendations...

technology out-pacing tort and policy for sure!




From juan.g71 at gmail.com  Wed Mar 25 15:27:26 2015
From: juan.g71 at gmail.com (Juan)
Date: Wed, 25 Mar 2015 19:27:26 -0300
Subject: maidsafe
In-Reply-To: <CALqxMTGkYhJ7qO0zWFR=b2y=9rspoSukFaKR30Bc4xSskYRUiA@mail.gmail.com>
References: <5510f31f.52668c0a.388b.ffffc478@mx.google.com>
 <CAD2Ti28Pg8BUh=J_zSeE9JgKibo18U-NusvdLdinFc-QyRKbog@mail.gmail.com>
 <551119e1.8d35370a.6656.ffffd086@mx.google.com>
 <CAHWD2rJNK-Ve4scG08opxowss3sK5+N07G-2wqDP2sMY3wetbQ@mail.gmail.com>
 <CAJVRA1SkH9mQWtXAzY=MD5cayruFZ4xg8fbL-6QNVq_whstMkQ@mail.gmail.com>
 <CAMyHXXcWc0_1OksrTDuBn7Eg_YLhD-5ECqppOTUcXTPPzfqrxQ@mail.gmail.com>
 <CALqxMTGkYhJ7qO0zWFR=b2y=9rspoSukFaKR30Bc4xSskYRUiA@mail.gmail.com>
Message-ID: <55133585.4de78c0a.6239.ffffeaaa@mx.google.com>



Steve and Adam, thanks for your comments. Much appreciated!





From dan at geer.org  Thu Mar 26 20:23:45 2015
From: dan at geer.org (dan at geer.org)
Date: Thu, 26 Mar 2015 23:23:45 -0400
Subject: [Cryptography] "Most Americans Don't Mind Being on Candid Camera"
In-Reply-To: Your message of "Wed, 25 Mar 2015 18:02:25 -0400."
 <CAD2Ti2_g7DW=JuevnWr02Kx1_o-npurgqeWNarvPriL1urSDhA@mail.gmail.com>
Message-ID: <20150327032345.52EE52281AF@palinka.tinho.net>

 | WMD? Chem is as irrelavent as a cloudy day. Nuke policing is
 | tricky yet seems to be working and still under state control. But
 | it's the bio's / DNA and knowledge coming out of govt/corp/edu labs
 | that pose the biggest risk to mass humanity. And nobody seems
 | to have any idea how to grasp or manage that.

+1

Read Juan Enriquez's (new) book: _Evolving Ourselves_
the subtitle of which is _How Unnatural Selection and
Nonrandom Mutation are Changing Life on Earth_.

Compare that to the core plot line in Richard Clarke's
_Breakpoint_, which was that once genetic modding
becomes doable not only will the elite think they are
better than the rest, they will be.

All states already require permanent cryobanking of
neonates' cord-blood; how soon before we start
screening it for diseases-to-be, all in the name
of universal-risk-pooling which will be oh so surely
couched in paternalistic common good (Obamacare)?

--dan




From list at sysfu.com  Thu Mar 26 23:36:33 2015
From: list at sysfu.com (Seth)
Date: Thu, 26 Mar 2015 23:36:33 -0700
Subject: [Cryptography] "Most Americans Don't Mind Being on Candid Camera"
In-Reply-To: <55133B56.7010107@riseup.net>
References: <3C9B6165-EF60-4EAC-9071-A36666EA559F@lrw.com>
 <CAAMy4USCb2fE=RA=XQMXJHrCdy883wdFO7tvK_bfOk=eZy5L3g@mail.gmail.com>
 <5512336C.2010307@sonic.net>
 <CAD2Ti2-3k9qrC6CMTjKKBF56XuHUrfrr_vjFaBQCP5i97_nuVg@mail.gmail.com>
 <55133B56.7010107@riseup.net>
Message-ID: <op.xv48m7xzbgbjo9@work-pc.lan>

On Wed, 25 Mar 2015 15:48:54 -0700, Razer <Rayzer at riseup.net> wrote:
> I called the police on a "Nicotine Nazi" one evening in my California
> town after he stuffed a camera in my face and called me a 'criminal' (if
> he only knew...) for ROLLING (not smoking) a cigarette on a Starbucks
> patio and was informed by the police it IS legal to take 'portrait
> photos' without the subject's permission (assuming they stay out of arms
> reach), and further (in case you were wondering why bullying is so
> prevalent) that you can say anything you want short of threats of
> violence and it IS NOT "assault".

Was the Starbucks Patio visible from a 'public' area, like the sidewalk?  
Then one could argue you don't have much of an expectation of privacy.

If I was in this position and the Nicotine Nazi refused to stop filming  
after being politely asked to do so, I would pick up and move inside the  
restaurant, somewhere out of camera shot. If they followed you in and kept  
filming I would ask the manager to escort them off the premises.




From jdb10987 at yahoo.com  Fri Mar 27 01:45:09 2015
From: jdb10987 at yahoo.com (jim bell)
Date: Fri, 27 Mar 2015 08:45:09 +0000 (UTC)
Subject: For whom the Book Tolls
In-Reply-To: <CAMyHXXcgXZqWSfG5FmzPoSeScWC8Ri4-t4AeChEh3iu0=JPEfw@mail.gmail.com>
References: <CAMyHXXcgXZqWSfG5FmzPoSeScWC8Ri4-t4AeChEh3iu0=JPEfw@mail.gmail.com>
Message-ID: <1207166504.3347271.1427445909641.JavaMail.yahoo@mail.yahoo.com>

"Zombie patriots"?  Uh, dare I ask what such a thing is?            Jim Bell 


     On Monday, March 23, 2015 1:27 PM, Steven Schear <schear.steve at gmail.com> wrote:
   

 Jim,

You might be interested to learn that a spy novel, written by a friend and for which I consulted, features AP and Zombie Patriots (another CPunk concept from the early days) trade-craft. You are, of course, credited.

Steve

(Innovator of the Warrant Canary and the Street Performer Protocol)


  
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1441 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150327/69790e8a/attachment.txt>

From softservant at gmail.com  Fri Mar 27 12:41:39 2015
From: softservant at gmail.com (Softy)
Date: Fri, 27 Mar 2015 12:41:39 -0700
Subject: state cordblood requirement ...
Message-ID: <CAGkjMSPV5hRe=1a5_F_wWQeHjaE0-SQcg7atJJiu=ux-OGSDew@mail.gmail.com>

​Not too disagree with the notion it might not be at sometime, but
currently?  No.  Also, not disagreeing with the notion of how it will be
abused.

In fact I don't think any jurisdiction anywhere currently requires or even
recommends any storage of cord-blood.  Would be nice if they did actually -
it's a very useful thing to have for one's future.



All states already require permanent cryobanking of
> neonates' cord-blood; how soon before we start
> screening it for diseases-to-be, all in the name
> of universal-risk-pooling which will be oh so surely
> couched in paternalistic common good (Obamacare)?
>
> --dan
>
>

​
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1355 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150327/d06b4a8c/attachment.txt>

From juan.g71 at gmail.com  Fri Mar 27 18:02:41 2015
From: juan.g71 at gmail.com (Juan)
Date: Fri, 27 Mar 2015 22:02:41 -0300
Subject: One Laptop Per Terrorist
In-Reply-To: <CALqxMTGkYhJ7qO0zWFR=b2y=9rspoSukFaKR30Bc4xSskYRUiA@mail.gmail.com>
References: <5510f31f.52668c0a.388b.ffffc478@mx.google.com>
 <CAD2Ti28Pg8BUh=J_zSeE9JgKibo18U-NusvdLdinFc-QyRKbog@mail.gmail.com>
 <551119e1.8d35370a.6656.ffffd086@mx.google.com>
 <CAHWD2rJNK-Ve4scG08opxowss3sK5+N07G-2wqDP2sMY3wetbQ@mail.gmail.com>
 <CAJVRA1SkH9mQWtXAzY=MD5cayruFZ4xg8fbL-6QNVq_whstMkQ@mail.gmail.com>
 <CAMyHXXcWc0_1OksrTDuBn7Eg_YLhD-5ECqppOTUcXTPPzfqrxQ@mail.gmail.com>
 <CALqxMTGkYhJ7qO0zWFR=b2y=9rspoSukFaKR30Bc4xSskYRUiA@mail.gmail.com>
Message-ID: <5515fce0.c7ee8c0a.4c0b.ffffeae2@mx.google.com>



Seems to me that it's rather easy for terrorists to create simple
hardware for at least secure text messaging (or more). 

The recipe goes something like this :

1) a microcontroller.
2) a keyboard 
3) an 'old' lcd text display
4) eeprom memory - sd card
5) a bunch of discrete components for a noise generator.

The idea is to mix all those ingredients plus code to get a system that
can 

1) generate random data to be used as key in 'one time pad' encryption
2) input text messages (and encrypt them of course)
3) decrypt text messages to the screen

(if the microcontroller can act as an usb host it maybe possible to get
data from devices like cameras and encrypt it)

The thing is, distribution of the key material should be trivial for
any 'terrist' worth his salt.  So the only drawback of the allegedly
secure one time pad isn't really an issue. 


I'm guessing that any real 'spies' out there have been using something
like this for a while.







From meandmine at gmx.com  Fri Mar 27 19:09:23 2015
From: meandmine at gmx.com (scott)
Date: Fri, 27 Mar 2015 22:09:23 -0400
Subject: One Laptop Per Terrorist
In-Reply-To: <5515fce0.c7ee8c0a.4c0b.ffffeae2@mx.google.com>
References: <5510f31f.52668c0a.388b.ffffc478@mx.google.com>
 <CAD2Ti28Pg8BUh=J_zSeE9JgKibo18U-NusvdLdinFc-QyRKbog@mail.gmail.com>
 <551119e1.8d35370a.6656.ffffd086@mx.google.com>
 <CAHWD2rJNK-Ve4scG08opxowss3sK5+N07G-2wqDP2sMY3wetbQ@mail.gmail.com>
 <CAJVRA1SkH9mQWtXAzY=MD5cayruFZ4xg8fbL-6QNVq_whstMkQ@mail.gmail.com>
 <CAMyHXXcWc0_1OksrTDuBn7Eg_YLhD-5ECqppOTUcXTPPzfqrxQ@mail.gmail.com>
 <CALqxMTGkYhJ7qO0zWFR=b2y=9rspoSukFaKR30Bc4xSskYRUiA@mail.gmail.com>
 <5515fce0.c7ee8c0a.4c0b.ffffeae2@mx.google.com>
Message-ID: <55160D53.7080806@gmx.com>

On 03/27/2015 09:02 PM, Juan wrote:
> 
> 
> Seems to me that it's rather easy for terrorists to create simple
> hardware for at least secure text messaging (or more). 
> 
> The recipe goes something like this :
> 
> 1) a microcontroller.
> 2) a keyboard 
> 3) an 'old' lcd text display
> 4) eeprom memory - sd card
> 5) a bunch of discrete components for a noise generator.
> 
> The idea is to mix all those ingredients plus code to get a system that
> can 
> 
> 1) generate random data to be used as key in 'one time pad' encryption
> 2) input text messages (and encrypt them of course)
> 3) decrypt text messages to the screen
> 
> (if the microcontroller can act as an usb host it maybe possible to get
> data from devices like cameras and encrypt it)
> 
> The thing is, distribution of the key material should be trivial for
> any 'terrist' worth his salt.  So the only drawback of the allegedly
> secure one time pad isn't really an issue. 
> 
> 
> I'm guessing that any real 'spies' out there have been using something
> like this for a while.
> 
> 
> 
> 
It took Red Teamers to clean up the US Armies act. They were also
interspersed with Special Ops teams to disrupt the enemy communications
in battle. So, yes, in a way.




From nightchild at riseup.net  Fri Mar 27 18:05:38 2015
From: nightchild at riseup.net (nightchild at riseup.net)
Date: Sat, 28 Mar 2015 01:05:38 +0000
Subject: Introduction
Message-ID: <daf308280d70941bfa39dda6bf23cc6f@riseup.net>

New-ish member here. Was a long time member of the original list. 
Finally decided to join the new one. Hello, hello, fellow cypherpunks.




From beaker at dropperbox.com  Sat Mar 28 03:41:16 2015
From: beaker at dropperbox.com (Meeps Beaker)
Date: Sat, 28 Mar 2015 06:41:16 -0400
Subject: Introduction
In-Reply-To: <daf308280d70941bfa39dda6bf23cc6f@riseup.net>
References: <daf308280d70941bfa39dda6bf23cc6f@riseup.net>
Message-ID: <5516854C.7090404@dropperbox.com>

On 3/27/2015 9:05 PM, nightchild at riseup.net wrote:
> New-ish member here. Was a long time member of the original list.
> Finally decided to join the new one. Hello, hello, fellow cypherpunks.

The Nightman Cometh
https://www.youtube.com/watch?v=OR4zefzP7d0




From afalex169 at gmail.com  Sat Mar 28 00:29:50 2015
From: afalex169 at gmail.com (=?UTF-8?B?INCQ0LvQtdC60YHQsNC90LTRgCA=?=)
Date: Sat, 28 Mar 2015 10:29:50 +0300
Subject: Introduction
In-Reply-To: <daf308280d70941bfa39dda6bf23cc6f@riseup.net>
References: <daf308280d70941bfa39dda6bf23cc6f@riseup.net>
Message-ID: <CAEm6KbKB9MYv1PHSFqL2xHm3DJwZH-39XtoiYe+Q4JqM4+SFvQ@mail.gmail.com>

​​
Welcome on board, Mr.Night-child.
Hello, hello :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 201 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150328/1fc38ed5/attachment.txt>

From zen at freedbms.net  Fri Mar 27 19:21:45 2015
From: zen at freedbms.net (Zenaan Harkness)
Date: Sat, 28 Mar 2015 13:21:45 +1100
Subject: One Laptop Per Terrorist
In-Reply-To: <5515fce0.c7ee8c0a.4c0b.ffffeae2@mx.google.com>
References: <5510f31f.52668c0a.388b.ffffc478@mx.google.com>
 <CAD2Ti28Pg8BUh=J_zSeE9JgKibo18U-NusvdLdinFc-QyRKbog@mail.gmail.com>
 <551119e1.8d35370a.6656.ffffd086@mx.google.com>
 <CAHWD2rJNK-Ve4scG08opxowss3sK5+N07G-2wqDP2sMY3wetbQ@mail.gmail.com>
 <CAJVRA1SkH9mQWtXAzY=MD5cayruFZ4xg8fbL-6QNVq_whstMkQ@mail.gmail.com>
 <CAMyHXXcWc0_1OksrTDuBn7Eg_YLhD-5ECqppOTUcXTPPzfqrxQ@mail.gmail.com>
 <CALqxMTGkYhJ7qO0zWFR=b2y=9rspoSukFaKR30Bc4xSskYRUiA@mail.gmail.com>
 <5515fce0.c7ee8c0a.4c0b.ffffeae2@mx.google.com>
Message-ID: <CAOsGNSR62LT-PuELqDkCg4iKWVmQSWRYQABtycBpRTzTU-0QpQ@mail.gmail.com>

On 3/28/15, Juan <juan.g71 at gmail.com> wrote:
> Seems to me that it's rather easy for terrorists to create simple
> hardware for at least secure text messaging (or more).

I agree that the idea is relatively straightforward in principle, for
someone with enough soldering ability. For any group-buy, a
trustworthy manufacturer/ lead persons, and some method of
hand-to-hand distribution would be required for the paranoid (and
todays paranoiacs have turned out to be tomorrow's wise-in-hindsight
non-crackpots over the last few decades).

But, as has been said many times before here, perhaps even by you Mr
Juan :), is that some of us seriously doubt whether any 'disruptive'
technology can ever solve a social structure, power imbalance, or
power structure abuse problem.

a) Can a small group unite behind a cause in a fundamentally egalitarian way,
and b) is there such a cause that exists, for the small group to unite
behind, which is a significant enough cause to engage the attention
and will of the greater body of our society?

The real problem IMEHO (in my extremely high opinion) is The People
(TM) (GMBH) (C) (R) (PTY) (LTD) failing to grasp their own situation,
failing to hold to principles beyond satisfying the human passions,
and fundamentally failing to give a shit beyond themselves or possibly
their family.

Frankly, humans are a lost cause and will always sell their souls for
not only temporary convenience, but for the avoidance of perceived
short or medium term pain. Readers of this email excepted of course :D

> The recipe goes something like this :
...
> I'm guessing that any real 'spies' out there have been using something
> like this for a while.

Your guess is the same as mine.

Zenaan




From rysiek at hackerspace.pl  Sat Mar 28 13:44:31 2015
From: rysiek at hackerspace.pl (rysiek)
Date: Sat, 28 Mar 2015 21:44:31 +0100
Subject: [Cryptography] "Most Americans Don't Mind Being on Candid Camera"
In-Reply-To: <op.xv48m7xzbgbjo9@work-pc.lan>
References: <3C9B6165-EF60-4EAC-9071-A36666EA559F@lrw.com>
 <55133B56.7010107@riseup.net> <op.xv48m7xzbgbjo9@work-pc.lan>
Message-ID: <2867306.OcNBsSUvr8@lapuntu>

Dnia czwartek, 26 marca 2015 23:36:33 Seth pisze:
> On Wed, 25 Mar 2015 15:48:54 -0700, Razer <Rayzer at riseup.net> wrote:
> > I called the police on a "Nicotine Nazi" one evening in my California
> > town after he stuffed a camera in my face and called me a 'criminal' (if
> > he only knew...) for ROLLING (not smoking) a cigarette on a Starbucks
> > patio and was informed by the police it IS legal to take 'portrait
> > photos' without the subject's permission (assuming they stay out of arms
> > reach), and further (in case you were wondering why bullying is so
> > prevalent) that you can say anything you want short of threats of
> > violence and it IS NOT "assault".
> 
> Was the Starbucks Patio visible from a 'public' area, like the sidewalk?
> Then one could argue you don't have much of an expectation of privacy.

So Polish law is interesting here: basically, one can make a picture without 
consent of people visible on the picture as long as they are not the apparent 
topic of the picture.

I.e. you can have a picture of a public space with some random tourists, and 
you can publish that on the Internet without asking these tourists for 
approval.

On the other hand, if you make a picture of a particular person or persons, 
even in a public setting, where they are apparently the topic of the picture, 
it's illegal without their consent.

It's obviously a bit of a blurred line, but I think it's a much better way of 
handling this than "if you're in a public space, you have no expectation of 
privacy" bullshit. Privacy is a bit more complicated than that.

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150328/cbff16e9/attachment.sig>

From rysiek at hackerspace.pl  Sat Mar 28 13:53:12 2015
From: rysiek at hackerspace.pl (rysiek)
Date: Sat, 28 Mar 2015 21:53:12 +0100
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <551039B8.3060705@cathalgarvey.me>
References: <20150323131047.GA2520@sivokote.iziade.m$>
 <1427123683.3214.0@mail.roussos.cc> <551039B8.3060705@cathalgarvey.me>
Message-ID: <4991986.2pVbADE9nN@lapuntu>

Dnia poniedziałek, 23 marca 2015 16:05:12 Cathal Garvey pisze:
>  > Same goes for EME. The Firefox implementation is Open Source.
> 
> Well. The "sandbox" in which closed-source EME malware runs is Open
> Source, the EME malware itself is not; if it were, it wouldn't achieve
> its intended goals of preventing the user from accessing media without
> interference.

Hence implementing EME will do no good for Mozilla, and is a lost chance to 
take a stand:
http://rys.io/en/141

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150328/09cf7845/attachment.sig>

From rysiek at hackerspace.pl  Sat Mar 28 13:54:23 2015
From: rysiek at hackerspace.pl (rysiek)
Date: Sat, 28 Mar 2015 21:54:23 +0100
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <CAO7N=i2HPbvXfNEcJerk-rxZjeXYwpWeVE2ynWfk8q-+hptmJQ@mail.gmail.com>
References: <CAO7N=i2HPbvXfNEcJerk-rxZjeXYwpWeVE2ynWfk8q-+hptmJQ@mail.gmail.com>
Message-ID: <10000903.VI00jCnZAx@lapuntu>

Dnia poniedziałek, 23 marca 2015 15:06:09 Ryan Carboni pisze:
> > More importantly, they ditched off their lead developer,
> > Brendan Eich, the creator of javascript at Netscape times,
> > because of made up gay-related donation scandal.
> 
> Someone donates to prevent gay marriage: BOYCOTT HIM
> 
> Someone donates to the political campaign of a war monger: eh, big deal.
> 
> Government funds terrorists: eh, big deal.

I'm fine with fixing the latter two. Or were you implying that the first one 
was the problem?

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150328/400b618c/attachment.sig>

From rysiek at hackerspace.pl  Sat Mar 28 13:59:33 2015
From: rysiek at hackerspace.pl (rysiek)
Date: Sat, 28 Mar 2015 21:59:33 +0100
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <20150323165140.GD2520@sivokote.iziade.m$>
References: <20150323131047.GA2520@sivokote.iziade.m$>
 <55102554.9010509@cathalgarvey.me> <20150323165140.GD2520@sivokote.iziade.m$>
Message-ID: <2576234.QsERbq2etq@lapuntu>

Dnia poniedziałek, 23 marca 2015 18:51:40 Georgi Guninski pisze:
> On Mon, Mar 23, 2015 at 02:38:12PM +0000, Cathal Garvey wrote:
> > ....  Mozilla are really sinking fast (ahem, EME)
> 
> IMHO this won't happen while google are pouring on them
> 
> "money for nothing and chicks for free"
> 
> (for the younger generation this is a song).

Shit, does the fact that I was acutely aware of this make me the older 
generation? Dang.

Also, the music video is semi-relevant to this list, too!

"The music video for the song featured early computer animation illustrating
 the lyrics. The video was one of the first uses of computer-animated human
 characters and was considered ground-breaking at the time of its release."
 -- http://en.wikipedia.org/wiki/Money_for_Nothing_(song)#Music_video

inb4 "ooh minecraft"

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150328/8f8f66d1/attachment.sig>

From oottela at cs.helsinki.fi  Sat Mar 28 15:46:08 2015
From: oottela at cs.helsinki.fi (Markus Ottela)
Date: Sun, 29 Mar 2015 00:46:08 +0200
Subject: One Laptop Per Terrorist
In-Reply-To: <5515fce0.c7ee8c0a.4c0b.ffffeae2@mx.google.com>
References: <5510f31f.52668c0a.388b.ffffc478@mx.google.com>
 <CAD2Ti28Pg8BUh=J_zSeE9JgKibo18U-NusvdLdinFc-QyRKbog@mail.gmail.com>
 <551119e1.8d35370a.6656.ffffd086@mx.google.com>
 <CAHWD2rJNK-Ve4scG08opxowss3sK5+N07G-2wqDP2sMY3wetbQ@mail.gmail.com>
 <CAJVRA1SkH9mQWtXAzY=MD5cayruFZ4xg8fbL-6QNVq_whstMkQ@mail.gmail.com>
 <CAMyHXXcWc0_1OksrTDuBn7Eg_YLhD-5ECqppOTUcXTPPzfqrxQ@mail.gmail.com>
 <CALqxMTGkYhJ7qO0zWFR=b2y=9rspoSukFaKR30Bc4xSskYRUiA@mail.gmail.com>
 <5515fce0.c7ee8c0a.4c0b.ffffeae2@mx.google.com>
Message-ID: <55172F30.7020308@cs.helsinki.fi>

A microcontroller as TCB doing OTP with HWRNG-generated keys. Sounds a
lot like the OTP-version of Tinfoil Chat ( github.com/maqp/tfc ). It
doesn't take a spy or terrorist to create something like this: TFC was a
hobby of a CS-student.

Distribution of key material isn't the big problem, keeping the keys
secure from end-point exploitation is as TAO, ANT-implants, COMMONDEER,
VALIDATOR, QUANTUM w/ UNITEDRAKE/SALVAGERABBIT etc. make it hard. But
even these could be addressed in TFC - enforcing the need for close
access operations, close proximity malware injection or retro reflectors
and other HW implants is the only way to avoid untasked targeting from
becoming the mass surveillance of next generation; It's the sweet spot
of security, as the attack can not be automated, and the cost increases
linearly with the number of targets.

On 28.03.2015 03:02, Juan wrote:
> 
> 
> Seems to me that it's rather easy for terrorists to create simple
> hardware for at least secure text messaging (or more). 
> 
> The recipe goes something like this :
> 
> 1) a microcontroller.
> 2) a keyboard 
> 3) an 'old' lcd text display
> 4) eeprom memory - sd card
> 5) a bunch of discrete components for a noise generator.
> 
> The idea is to mix all those ingredients plus code to get a system that
> can 
> 
> 1) generate random data to be used as key in 'one time pad' encryption
> 2) input text messages (and encrypt them of course)
> 3) decrypt text messages to the screen
> 
> (if the microcontroller can act as an usb host it maybe possible to get
> data from devices like cameras and encrypt it)
> 
> The thing is, distribution of the key material should be trivial for
> any 'terrist' worth his salt.  So the only drawback of the allegedly
> secure one time pad isn't really an issue. 
> 
> 
> I'm guessing that any real 'spies' out there have been using something
> like this for a while.
> 
> 
> 
> 




From jason.mcvetta at gmail.com  Sun Mar 29 12:54:13 2015
From: jason.mcvetta at gmail.com (Jason McVetta)
Date: Sun, 29 Mar 2015 12:54:13 -0700
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <mf9fub$30l$1@ger.gmane.org>
References: <CAO7N=i2HPbvXfNEcJerk-rxZjeXYwpWeVE2ynWfk8q-+hptmJQ@mail.gmail.com>
 <10000903.VI00jCnZAx@lapuntu> <mf9fub$30l$1@ger.gmane.org>
Message-ID: <CAN9H=i+5DnkJDj0N_LJEDKgZUtp1DoVNOv2npymembj79fj8TA@mail.gmail.com>

On Sun, Mar 29, 2015 at 11:23 AM, Y G <ygwald at brandeis.edu> wrote:

> The actual issue with the whole Brendan Eich thing was that it was
> basically just LGBT people being played off of Firefox for money.
>

That sorry scene struck me as more of a public stoning.  A reminder to all
who were watching, that a life's work contributing to the good of humanity
(i.e. Free Software) means nothing.  Toe the official line on culture
issues, or you will be ruthlessly eliminated.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 932 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150329/62be599e/attachment.txt>

From ygwald at brandeis.edu  Sun Mar 29 11:23:06 2015
From: ygwald at brandeis.edu (Y G)
Date: Sun, 29 Mar 2015 14:23:06 -0400
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <10000903.VI00jCnZAx@lapuntu>
References: <CAO7N=i2HPbvXfNEcJerk-rxZjeXYwpWeVE2ynWfk8q-+hptmJQ@mail.gmail.com>
 <10000903.VI00jCnZAx@lapuntu>
Message-ID: <mf9fub$30l$1@ger.gmane.org>

On 03/28/2015 04:54 PM, rysiek wrote:
> Dnia poniedziałek, 23 marca 2015 15:06:09 Ryan Carboni pisze:
>>> More importantly, they ditched off their lead developer,
>>> Brendan Eich, the creator of javascript at Netscape times,
>>> because of made up gay-related donation scandal.
>>
>> Someone donates to prevent gay marriage: BOYCOTT HIM
>>
>> Someone donates to the political campaign of a war monger: eh, big deal.
>>
>> Government funds terrorists: eh, big deal.
> 
> I'm fine with fixing the latter two. Or were you implying that the first one 
> was the problem?
> 
I'm guessing that it was the discrepancy between the first one and the
second two.


The actual issue with the whole Brendan Eich thing was that it was
basically just LGBT people being played off of Firefox for money. Like,
(and I could be wrong, I wasn't really paying attention that much at the
beginning) I'm 90% sure it was actually a pretty small thing that could
have totally cooled down, until OKCupid literally BANNED Firefox users
from their site to build up a controversy where they were the "good guys".

It reeks of being entirely a money play, and I challenge you to *not*
see a boardroom of people running the numbers like "well, we have this
many Firefox users, and if we block them for a day we'll lose maybe this
percent... Johnson, can you and PR give us an estimate for how much
we'll gain from PR for this" ... "Oh, we'll be driving a pointless wedge
between LGBT activists and Software activists? Well, lemme just wipe
away all my tears with a 20$ bill to show exactly how much I care about
that..."

/me is not totally over that, because it could so easily happen again...




From schear.steve at gmail.com  Sun Mar 29 16:01:11 2015
From: schear.steve at gmail.com (Steven Schear)
Date: Sun, 29 Mar 2015 16:01:11 -0700
Subject: Warrant Canaries
Message-ID: <CAMyHXXcLbosjE_xtXKsWsB5arwEKfuAYGXEyv1C6R4f0q47XEA@mail.gmail.com>

Looks like Australia has banned use of my idea.

http://boingboing.net/2015/03/26/australia-outlaws-warrant-cana.html

If its true that a man's status can be measured by his enemies.. then I've
taken a position at the top of the cypherpunks heap :)

Steve
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 412 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150329/a7a8a1a7/attachment.txt>

From juan.g71 at gmail.com  Sun Mar 29 12:39:56 2015
From: juan.g71 at gmail.com (Juan)
Date: Sun, 29 Mar 2015 16:39:56 -0300
Subject: One Laptop Per Terrorist
In-Reply-To: <CAOsGNSR62LT-PuELqDkCg4iKWVmQSWRYQABtycBpRTzTU-0QpQ@mail.gmail.com>
References: <5510f31f.52668c0a.388b.ffffc478@mx.google.com>
 <CAD2Ti28Pg8BUh=J_zSeE9JgKibo18U-NusvdLdinFc-QyRKbog@mail.gmail.com>
 <551119e1.8d35370a.6656.ffffd086@mx.google.com>
 <CAHWD2rJNK-Ve4scG08opxowss3sK5+N07G-2wqDP2sMY3wetbQ@mail.gmail.com>
 <CAJVRA1SkH9mQWtXAzY=MD5cayruFZ4xg8fbL-6QNVq_whstMkQ@mail.gmail.com>
 <CAMyHXXcWc0_1OksrTDuBn7Eg_YLhD-5ECqppOTUcXTPPzfqrxQ@mail.gmail.com>
 <CALqxMTGkYhJ7qO0zWFR=b2y=9rspoSukFaKR30Bc4xSskYRUiA@mail.gmail.com>
 <5515fce0.c7ee8c0a.4c0b.ffffeae2@mx.google.com>
 <CAOsGNSR62LT-PuELqDkCg4iKWVmQSWRYQABtycBpRTzTU-0QpQ@mail.gmail.com>
Message-ID: <55185435.15148c0a.1865.fffff0c8@mx.google.com>

On Sat, 28 Mar 2015 13:21:45 +1100
Zenaan Harkness <zen at freedbms.net> wrote:


> But, as has been said many times before here, perhaps even by you Mr
> Juan :), is that some of us seriously doubt whether any 'disruptive'
> technology can ever solve a social structure, power imbalance, or
> power structure abuse problem.

	Heh. Indeed =) 

	I didn't mean to suggest that there was any disruptive
	technology that could solve the basic political problem (I
	guess in that regard I'm just not a cypherpunk)


	What I was getting at is that if there were real 'terrorists'
	out there, they could easily communicate using an apparently
	unbreakable cypher. So, all the resources that governments
	spend trying to read 'terrorist mail' are wasted. Furthermore,
	I'm assuming that any organization ('legal'  or 'ilegal') that
	want allegedly secure communications use OTPs. So, it seems to
	me that at some ('high' or 'very high') level all cryptoanalysis
	is basically bullshit. 


> 
> a) Can a small group unite behind a cause in a fundamentally
> egalitarian way, and b) is there such a cause that exists, for the
> small group to unite behind, which is a significant enough cause to
> engage the attention and will of the greater body of our society?
> 
> The real problem IMEHO (in my extremely high opinion) is The People
> (TM) (GMBH) (C) (R) (PTY) (LTD) failing to grasp their own situation,
> failing to hold to principles beyond satisfying the human passions,
> and fundamentally failing to give a shit beyond themselves or possibly
> their family.

	Yes, and in the short run they might argue that things are not
	so bad, but they seem unable to understand long term
	trends...or as you note above...and below...they just don't
	care. 

	I guess we are not feeling too optimistic today =P



> 
> Frankly, humans are a lost cause and will always sell their souls for
> not only temporary convenience, but for the avoidance of perceived
> short or medium term pain. Readers of this email excepted of course :D
> 
> > The recipe goes something like this :
> ...
> > I'm guessing that any real 'spies' out there have been using
> > something like this for a while.
> 
> Your guess is the same as mine.
> 
> Zenaan




From juan.g71 at gmail.com  Sun Mar 29 13:04:54 2015
From: juan.g71 at gmail.com (Juan)
Date: Sun, 29 Mar 2015 17:04:54 -0300
Subject: One Laptop Per Terrorist
In-Reply-To: <55172F30.7020308@cs.helsinki.fi>
References: <5510f31f.52668c0a.388b.ffffc478@mx.google.com>
 <CAD2Ti28Pg8BUh=J_zSeE9JgKibo18U-NusvdLdinFc-QyRKbog@mail.gmail.com>
 <551119e1.8d35370a.6656.ffffd086@mx.google.com>
 <CAHWD2rJNK-Ve4scG08opxowss3sK5+N07G-2wqDP2sMY3wetbQ@mail.gmail.com>
 <CAJVRA1SkH9mQWtXAzY=MD5cayruFZ4xg8fbL-6QNVq_whstMkQ@mail.gmail.com>
 <CAMyHXXcWc0_1OksrTDuBn7Eg_YLhD-5ECqppOTUcXTPPzfqrxQ@mail.gmail.com>
 <CALqxMTGkYhJ7qO0zWFR=b2y=9rspoSukFaKR30Bc4xSskYRUiA@mail.gmail.com>
 <5515fce0.c7ee8c0a.4c0b.ffffeae2@mx.google.com>
 <55172F30.7020308@cs.helsinki.fi>
Message-ID: <55185a0f.510f370a.1f82.fffff183@mx.google.com>

On Sun, 29 Mar 2015 00:46:08 +0200
Markus Ottela <oottela at cs.helsinki.fi> wrote:

> A microcontroller as TCB doing OTP with HWRNG-generated keys. Sounds a
> lot like the OTP-version of Tinfoil Chat ( github.com/maqp/tfc ).


	Thanks! Checking it out. 


> It
> doesn't take a spy or terrorist to create something like this: TFC
> was a hobby of a CS-student.


	Yeah, that was one of my not-explicitly-stated points. Since
	such a device is almost 'trivial' to build, rendering a lot of
	fancy cryptoanalisis (and hacking) useless seems easy. So we
	arrive at the surprising and unheard-of conclusion that
	governments are a very big scam...



> 
> Distribution of key material isn't the big problem, keeping the keys
> secure from end-point exploitation is as TAO, ANT-implants,
> COMMONDEER, VALIDATOR, QUANTUM w/ UNITEDRAKE/SALVAGERABBIT
> etc. make it hard. 


	I'm not sure what exactly those things do, but they seem to be
	attacks against 'cosumer grade' hardware and software. Not
	likely to work against a $2 microcontroller with no radio and
	no network connection.


> But even these could be addressed in TFC - enforcing the
> need for close access operations, close proximity malware injection
> or retro reflectors and other HW implants is the only way to avoid
> untasked targeting from becoming the mass surveillance of next
> generation; It's the sweet spot of security, as the attack can not be
> automated, and the cost increases linearly with the number of targets.
> 
> On 28.03.2015 03:02, Juan wrote:
> > 
> > 
> > Seems to me that it's rather easy for terrorists to create simple
> > hardware for at least secure text messaging (or more). 
> > 
> > The recipe goes something like this :
> > 
> > 1) a microcontroller.
> > 2) a keyboard 
> > 3) an 'old' lcd text display
> > 4) eeprom memory - sd card
> > 5) a bunch of discrete components for a noise generator.
> > 
> > The idea is to mix all those ingredients plus code to get a system
> > that can 
> > 
> > 1) generate random data to be used as key in 'one time pad'
> > encryption 2) input text messages (and encrypt them of course)
> > 3) decrypt text messages to the screen
> > 
> > (if the microcontroller can act as an usb host it maybe possible to
> > get data from devices like cameras and encrypt it)
> > 
> > The thing is, distribution of the key material should be trivial for
> > any 'terrist' worth his salt.  So the only drawback of the allegedly
> > secure one time pad isn't really an issue. 
> > 
> > 
> > I'm guessing that any real 'spies' out there have been using
> > something like this for a while.
> > 
> > 
> > 
> > 




From guninski at guninski.com  Sun Mar 29 10:18:30 2015
From: guninski at guninski.com (Georgi Guninski)
Date: Sun, 29 Mar 2015 20:18:30 +0300
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <2576234.QsERbq2etq@lapuntu>
References: <20150323131047.GA2520@sivokote.iziade.m$>
 <55102554.9010509@cathalgarvey.me>
 <20150323165140.GD2520@sivokote.iziade.m$>
 <2576234.QsERbq2etq@lapuntu>
Message-ID: <20150329171830.GA2542@sivokote.iziade.m$>

On Sat, Mar 28, 2015 at 09:59:33PM +0100, rysiek wrote:
> > "money for nothing and chicks for free"
> > 
> > (for the younger generation this is a song).
> 
> Shit, does the fact that I was acutely aware of this make me the older 
> generation? Dang.
>

I suspect so, but the god of your universe knows better ;)

-- 
georgi




From dan at geer.org  Sun Mar 29 20:29:52 2015
From: dan at geer.org (dan at geer.org)
Date: Sun, 29 Mar 2015 23:29:52 -0400
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: Your message of "Sun, 29 Mar 2015 12:54:13 -0700."
 <CAN9H=i+5DnkJDj0N_LJEDKgZUtp1DoVNOv2npymembj79fj8TA@mail.gmail.com>
Message-ID: <20150330032952.7A9C4228174@palinka.tinho.net>

 > That sorry scene struck me as more of a public stoning.  A
 > reminder to all who were watching, that a life's work contributing
 > to the good of humanity (i.e. Free Software) means nothing.  Toe
 > the official line on culture issues, or you will be ruthlessly
 > eliminated.


The largest cultural menace in America is the conformity of the
intellectual cliques which, in education as well as the arts, are
out to impose upon the nation their modish fads and fallacies, and
have nearly succeeded in doing so.

--dan




From ygwald at brandeis.edu  Sun Mar 29 22:21:52 2015
From: ygwald at brandeis.edu (Y G)
Date: Mon, 30 Mar 2015 01:21:52 -0400
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <CAN9H=i+5DnkJDj0N_LJEDKgZUtp1DoVNOv2npymembj79fj8TA@mail.gmail.com>
References: <CAO7N=i2HPbvXfNEcJerk-rxZjeXYwpWeVE2ynWfk8q-+hptmJQ@mail.gmail.com>
 <10000903.VI00jCnZAx@lapuntu> <mf9fub$30l$1@ger.gmane.org>
 <CAN9H=i+5DnkJDj0N_LJEDKgZUtp1DoVNOv2npymembj79fj8TA@mail.gmail.com>
Message-ID: <mfamhh$lad$1@ger.gmane.org>

On 03/29/2015 03:54 PM, Jason McVetta wrote:
> 
> That sorry scene struck me as more of a public stoning.  A reminder to
> all who were watching, that a life's work contributing to the good of
> humanity (i.e. Free Software) means nothing.
> 

You're not thinking of it from their perspective.

Everyone on this list understand the value of Free Software.  That's
because everyone on this list understand software at all.

It's very, very important to understand that most people... just...
don't.  For 90% of the entire population of the entire planet -- even
while their lives are literally being run by computers -- a computer is
absolutely nothing more than a Magic Box of Lights.
Nothing.
More.

Which means that "source code" -- and thus "Free Software" -- is
literally meaningless to them.  There's a prerequisite for the Four
Freedoms that goes unmentioned, because it's just assumed as obvious to
almost everyone who ever discusses them.

-- The KNOWLEDGE of how to program, and what a computer program actually is

And without that knowledge, it doesn't matter if you can run a program
as you want to -- not if there's no difference between double-clicking
on a .exe file or a .app, and on a .docx.  It doesn't matter if
somewhere, at some website on some webserver, the source code is
available for access -- sometimes even commented! -- to be studied and
manipulated, if it is literally in some incomprehensible foreign language.

To a person who can't read, a book can only provide a source of fuel. To
a person who can't read code, source code doesn't even provide that.



So building from there, here is what happened, from their perspective: "
A wizard -- a great wizard, apparently, whom a lot of wizards like and
respect, but whom I don't know a single thing he did, especially not one
that I use -- was a jerk.  Was enough of a jerk that he was literally
willing to spend money to hurt me and my friends.  And if I can hurt him
by yelling loud enough?  Y'know what, I will. "


Those people care.  About themselves, about their friends, about other
people -- about freedom, and standing up to corporations who put out
stumbling blocks, and about being able to be and do what you want, not
what someone wants you to do.  They *care*.

But they don't understand code.  They barely know that code even
*exists*.  And so of course they don't care about that.  It's literally
impossible to care about something you don't know a thing about.



So this will happen again.  And again, and again, because whenever some
corporation can pit two groups together and, and know that there can
never be a common understanding on both sides, and guess which side will
win, they will.  They will again, and again, and again, and they won't
care how many projects or people they destroy.

And as long as we let people sit around in ignorance of what software
even *is*, *WE ARE LETTING THEM DO IT.*

The only way to stop an illiterate person from burning their books is to
teach them to read.
Teach them to read, and teach them to learn, and then there won't be
fiascos any more.  Just discussions.




From edenw at gal3.com  Mon Mar 30 10:33:47 2015
From: edenw at gal3.com (eden)
Date: Mon, 30 Mar 2015 10:33:47 -0700
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <mfamhh$lad$1@ger.gmane.org>
References: <CAO7N=i2HPbvXfNEcJerk-rxZjeXYwpWeVE2ynWfk8q-+hptmJQ@mail.gmail.com>
 <10000903.VI00jCnZAx@lapuntu> <mf9fub$30l$1@ger.gmane.org>
 <CAN9H=i+5DnkJDj0N_LJEDKgZUtp1DoVNOv2npymembj79fj8TA@mail.gmail.com>
 <mfamhh$lad$1@ger.gmane.org>
Message-ID: <551988FB.1000709@gal3.com>

Y G:
> On 03/29/2015 03:54 PM, Jason McVetta wrote:
>> That sorry scene struck me as more of a public stoning.  A reminder to
>> all who were watching, that a life's work contributing to the good of
>> humanity (i.e. Free Software) means nothing.
>>
> You're not thinking of it from their perspective.
>...

    Thank you very much for this description of what happened. I am a
nerd AND a member of the QUILTBAG community. I saw it happen, and so
quickly that there was no time to react. I vaguely remember that i heard
about the critique, and he had already resigned 3 days later! There was
literally no time for "educating" the QUILTBAG community. The whole
thing was a fiasco for "freedom". I feel i have to state that i can work
with people i disagree with (up to a certain degree) and that Brendan
EICH was no monster, just "uneducated" about *my* perspective.

    Which points to the bigger question of education: non-nerds need to
learn the value of those invisible computers that connect the world;
some nerds need to learn the value of "open"; some people need to learn
to work together with people they disagree with; and some people need to
learn the value of diversity. Whew. I'm exhausted, and i'm sure my list
is not even complete.

--
eden




From coderman at gmail.com  Mon Mar 30 13:43:10 2015
From: coderman at gmail.com (coderman)
Date: Mon, 30 Mar 2015 13:43:10 -0700
Subject: all your trusted computing bases
Message-ID: <CAJVRA1QShpnnbbQhkFrHoKhOEoRP6D34bcVU4sMX-KXXn9O_fQ@mail.gmail.com>

On 3/28/15, Markus Ottela <oottela at cs.helsinki.fi> wrote:
> A microcontroller as TCB doing OTP with HWRNG-generated keys. Sounds a
> lot like the OTP-version of Tinfoil Chat ( github.com/maqp/tfc ). It
> doesn't take a spy or terrorist to create something like this: TFC was a
> hobby of a CS-student.

HSMs for the masses!



> Distribution of key material isn't the big problem, keeping the keys
> secure from end-point exploitation is...

usually keeping keys secure is part of key management, of which
distribution also a part.

"key management is the problem" perhaps sums it up :P



> ...  as TAO, ANT-implants, COMMONDEER,
> VALIDATOR, QUANTUM w/ UNITEDRAKE/SALVAGERABBIT etc. make it hard. But
> even these could be addressed in TFC - enforcing the need for close
> access operations, close proximity malware injection or retro reflectors
> and other HW implants is the only way to avoid untasked targeting from
> becoming the mass surveillance of next generation; It's the sweet spot
> of security, as the attack can not be automated, and the cost increases
> linearly with the number of targets.

eve out of business, then force mallory to burglary!

i would like to note, that claims of "this shit so hard they gonna
come at you sideways nextdoor and high power before black baggin'" is
not the best way to market the security benefits.

a fair goal. how far to get there?
 [ this is your threat model, after all!
https://edwardsnowden.com/category/revealed-documents/ ]


best regards,


P.S. Cisco is now shipping to drop houses for redirects to sensitive
customers. not that it would help, but amusing none the less!




From mirimir at riseup.net  Mon Mar 30 15:47:43 2015
From: mirimir at riseup.net (Mirimir)
Date: Mon, 30 Mar 2015 16:47:43 -0600
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <6042677.7XzmgW9Odj@lapuntu>
References: <CAO7N=i2HPbvXfNEcJerk-rxZjeXYwpWeVE2ynWfk8q-+hptmJQ@mail.gmail.com>
 <mf9fub$30l$1@ger.gmane.org> <20150330151520.GA2440@sivokote.iziade.m$>
 <6042677.7XzmgW9Odj@lapuntu>
Message-ID: <5519D28F.4030900@riseup.net>

On 03/30/2015 03:34 PM, rysiek wrote:
> Dnia poniedziałek, 30 marca 2015 18:15:20 Georgi Guninski pisze:
>> DISCLAIMER: I am neither gay nor anti-gay.
> 
> It's called "heterosexual", not "anti-gay".
> 
> /me couldn't resist, sorry.

I think that by "anti-gay", he means "homophobic", or in more general
terms, judgmental asshole ;)




From l at odewijk.nl  Mon Mar 30 00:48:57 2015
From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=)
Date: Mon, 30 Mar 2015 16:48:57 +0900
Subject: Warrant Canaries
In-Reply-To: <CAMyHXXcLbosjE_xtXKsWsB5arwEKfuAYGXEyv1C6R4f0q47XEA@mail.gmail.com>
References: <CAMyHXXcLbosjE_xtXKsWsB5arwEKfuAYGXEyv1C6R4f0q47XEA@mail.gmail.com>
Message-ID: <CAHWD2rJ6Fa=yNUhnLWRTN_NB=CBn703TT7mGh0Lw7R3nJ6weyg@mail.gmail.com>

"Existence or non-existence" - what about "maybe exists" vs "definitely
does or does not exist"?

If we all agree that "maybe" means "probably does not exist" and
"definitely does or doesn't exist" means you probably do have one, this
seems to be no problem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 443 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150330/b94bc996/attachment.txt>

From shelley at misanthropia.org  Mon Mar 30 18:10:51 2015
From: shelley at misanthropia.org (Shelley)
Date: Mon, 30 Mar 2015 18:10:51 -0700
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <mfcm3n$lrp$1@ger.gmane.org>
References: <CAO7N=i2HPbvXfNEcJerk-rxZjeXYwpWeVE2ynWfk8q-+hptmJQ@mail.gmail.com>
 <mf9fub$30l$1@ger.gmane.org>
 <20150330151520.GA2440@sivokote.iziade.m$>
 <6042677.7XzmgW9Odj@lapuntu> <mfcm3n$lrp$1@ger.gmane.org>
Message-ID: <14c6d618590.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org>

> Nooo... "anti-gay"... If an anti-gay person touches a gay person, then
> they mutually annihilate into pure energy, which can be
> captured/focused/however-the-heck-it-works to power warp drives..

Gay, anti-gay, whatever - just don't cross the streams!

(And as an LGBT person, I've had a good chuckle at all of this ;)





From guninski at guninski.com  Mon Mar 30 08:15:20 2015
From: guninski at guninski.com (Georgi Guninski)
Date: Mon, 30 Mar 2015 18:15:20 +0300
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <mf9fub$30l$1@ger.gmane.org>
References: <CAO7N=i2HPbvXfNEcJerk-rxZjeXYwpWeVE2ynWfk8q-+hptmJQ@mail.gmail.com>
 <10000903.VI00jCnZAx@lapuntu> <mf9fub$30l$1@ger.gmane.org>
Message-ID: <20150330151520.GA2440@sivokote.iziade.m$>

On Sun, Mar 29, 2015 at 02:23:06PM -0400, Y G wrote:
> The actual issue with the whole Brendan Eich thing was that it was
> basically just LGBT people being played off of Firefox for money. Like,

Would some one try to contact "Gay Nigger Association of
America", their name is related ?[-1]

According to wikipedia [-2] 
"Following Eich's resignation, the anti-gay?? National
Organization for Marriage called for its own boycott of
Mozilla, due to "gay activists who have forced him out of
the company he has helped lead for years".[17][22]"

So gays won?

Does this speak something about the state of current society?

DISCLAIMER: I am neither gay nor anti-gay.

[-1]
http://en.wikipedia.org/w/index.php?title=Gay_Nigger_Association_of_America&oldid=645050898
[-2]
https://en.wikipedia.org/w/index.php?title=Brendan_Eich&oldid=653994175




From guninski at guninski.com  Mon Mar 30 09:10:26 2015
From: guninski at guninski.com (Georgi Guninski)
Date: Mon, 30 Mar 2015 19:10:26 +0300
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <CAN9H=i+5DnkJDj0N_LJEDKgZUtp1DoVNOv2npymembj79fj8TA@mail.gmail.com>
References: <CAO7N=i2HPbvXfNEcJerk-rxZjeXYwpWeVE2ynWfk8q-+hptmJQ@mail.gmail.com>
 <10000903.VI00jCnZAx@lapuntu> <mf9fub$30l$1@ger.gmane.org>
 <CAN9H=i+5DnkJDj0N_LJEDKgZUtp1DoVNOv2npymembj79fj8TA@mail.gmail.com>
Message-ID: <20150330161026.GB2440@sivokote.iziade.m$>

On Sun, Mar 29, 2015 at 12:54:13PM -0700, Jason McVetta wrote:
> On Sun, Mar 29, 2015 at 11:23 AM, Y G <ygwald at brandeis.edu> wrote:
> 
> > The actual issue with the whole Brendan Eich thing was that it was
> > basically just LGBT people being played off of Firefox for money.
> >
> 
> That sorry scene struck me as more of a public stoning.  A reminder to all
> who were watching, that a life's work contributing to the good of humanity
> (i.e. Free Software) means nothing.  Toe the official line on culture
> issues, or you will be ruthlessly eliminated.


Trying to CC Brendan.

Brendan, we are discussing you and the thread starts at [-1]

I don't think it means "nothing" for the simple reason
his life is not over.

He well might DO something much more important,
while not being employed by a whore corporation.

[-1] https://cpunks.org//pipermail/cypherpunks/2015-March/007036.html

-- 
georgi




From ygwald at brandeis.edu  Mon Mar 30 16:26:46 2015
From: ygwald at brandeis.edu (Y G)
Date: Mon, 30 Mar 2015 19:26:46 -0400
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <6042677.7XzmgW9Odj@lapuntu>
References: <CAO7N=i2HPbvXfNEcJerk-rxZjeXYwpWeVE2ynWfk8q-+hptmJQ@mail.gmail.com>
 <mf9fub$30l$1@ger.gmane.org> <20150330151520.GA2440@sivokote.iziade.m$>
 <6042677.7XzmgW9Odj@lapuntu>
Message-ID: <mfcm3n$lrp$1@ger.gmane.org>

On 03/30/2015 05:34 PM, rysiek wrote:
> Dnia poniedziałek, 30 marca 2015 18:15:20 Georgi Guninski pisze:
>> DISCLAIMER: I am neither gay nor anti-gay.
> 
> It's called "heterosexual", not "anti-gay".
> 
> /me couldn't resist, sorry.
> 
Nooo... "anti-gay"... If an anti-gay person touches a gay person, then
they mutually annihilate into pure energy, which can be
captured/focused/however-the-heck-it-works to power warp drives...

(Because I usually suck at sarcasm, I'm going to explicitly state that
this is sarcasm, and also a (bad) Star Trek reference...)




From shelley at misanthropia.org  Mon Mar 30 21:17:05 2015
From: shelley at misanthropia.org (Shelley)
Date: Mon, 30 Mar 2015 21:17:05 -0700
Subject: Your tax dollars at work:  Federal agents steal Bitcoin
In-Reply-To: <1983906331.2156244.1427771526262.JavaMail.yahoo@mail.yahoo.com>
References: <1983906331.2156244.1427771526262.JavaMail.yahoo@mail.yahoo.com>
Message-ID: <14c6e0c0218.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org>

Link without all the tracking:
 
http://finance.yahoo.com/news/federal-agents-stole-bitcoin-silk-road-probe-us-182049925.html

Doesn't surprise me one bit that the Corporatocracy is corrupt.


----------
On March 30, 2015 9:08:01 PM jim bell <jdb10987 at yahoo.com> wrote:

> http://finance.yahoo.com/news/federal-agents-stole-bitcoin-silk-road-probe-us-182049925.html;_ylt=AwrXgSMDEBpVw2YAKUuTmYlQ;_ylu=X3oDMTByZDNzZTI1BGNvbG8DZ3ExBHBvcwMyBHZ0aWQDBHNlYwNzYw--
>
>         Jim Bell





From coderman at gmail.com  Mon Mar 30 23:20:47 2015
From: coderman at gmail.com (coderman)
Date: Mon, 30 Mar 2015 23:20:47 -0700
Subject: One Laptop Per Terrorist
In-Reply-To: <551a0a4a.f72b8c0a.4021.28ae@mx.google.com>
References: <5510f31f.52668c0a.388b.ffffc478@mx.google.com>
 <CAD2Ti28Pg8BUh=J_zSeE9JgKibo18U-NusvdLdinFc-QyRKbog@mail.gmail.com>
 <551119e1.8d35370a.6656.ffffd086@mx.google.com>
 <CAHWD2rJNK-Ve4scG08opxowss3sK5+N07G-2wqDP2sMY3wetbQ@mail.gmail.com>
 <CAJVRA1SkH9mQWtXAzY=MD5cayruFZ4xg8fbL-6QNVq_whstMkQ@mail.gmail.com>
 <CAMyHXXcWc0_1OksrTDuBn7Eg_YLhD-5ECqppOTUcXTPPzfqrxQ@mail.gmail.com>
 <CALqxMTGkYhJ7qO0zWFR=b2y=9rspoSukFaKR30Bc4xSskYRUiA@mail.gmail.com>
 <5515fce0.c7ee8c0a.4c0b.ffffeae2@mx.google.com>
 <55172F30.7020308@cs.helsinki.fi>
 <551a0a4a.f72b8c0a.4021.28ae@mx.google.com>
Message-ID: <CAJVRA1T7x4qH1sWyPmb0N5PVGXKn+G0xNyQu4t2_iTE9ukCztQ@mail.gmail.com>

On 3/30/15, Juan <juan.g71 at gmail.com> wrote:
> ...
> 	Splitting the application in two rx/tx physically isolated
> 	devices is clever...Although using two laptops or two
> 	raspberries seems a bit overkill?

two USB Armory not so large nor overkill. perhaps... :P
  http://www.inversepath.com/usbarmory.html




From rysiek at hackerspace.pl  Mon Mar 30 14:33:28 2015
From: rysiek at hackerspace.pl (rysiek)
Date: Mon, 30 Mar 2015 23:33:28 +0200
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <551988FB.1000709@gal3.com>
References: <CAO7N=i2HPbvXfNEcJerk-rxZjeXYwpWeVE2ynWfk8q-+hptmJQ@mail.gmail.com>
 <mfamhh$lad$1@ger.gmane.org> <551988FB.1000709@gal3.com>
Message-ID: <3887655.qNheugoY0A@lapuntu>

Dnia poniedziałek, 30 marca 2015 10:33:47 eden pisze:
> Y G:
> > On 03/29/2015 03:54 PM, Jason McVetta wrote:
> >> That sorry scene struck me as more of a public stoning.  A reminder to
> >> all who were watching, that a life's work contributing to the good of
> >> humanity (i.e. Free Software) means nothing.
> > 
> > You're not thinking of it from their perspective.
> >
> >...
> 
>     Thank you very much for this description of what happened. I am a
> nerd AND a member of the QUILTBAG community. I saw it happen, and so
> quickly that there was no time to react. I vaguely remember that i heard
> about the critique, and he had already resigned 3 days later! There was
> literally no time for "educating" the QUILTBAG community. The whole
> thing was a fiasco for "freedom". I feel i have to state that i can work
> with people i disagree with (up to a certain degree) and that Brendan
> EICH was no monster, just "uneducated" about *my* perspective.
> 
>     Which points to the bigger question of education: non-nerds need to
> learn the value of those invisible computers that connect the world;
> some nerds need to learn the value of "open"; some people need to learn
> to work together with people they disagree with; and some people need to
> learn the value of diversity. Whew. I'm exhausted, and i'm sure my list
> is not even complete.

I think this is the bes thing I have read about the whole thing, ever. Thank 
you.

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150330/90e1ced7/attachment.sig>

From rysiek at hackerspace.pl  Mon Mar 30 14:34:33 2015
From: rysiek at hackerspace.pl (rysiek)
Date: Mon, 30 Mar 2015 23:34:33 +0200
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <20150330151520.GA2440@sivokote.iziade.m$>
References: <CAO7N=i2HPbvXfNEcJerk-rxZjeXYwpWeVE2ynWfk8q-+hptmJQ@mail.gmail.com>
 <mf9fub$30l$1@ger.gmane.org> <20150330151520.GA2440@sivokote.iziade.m$>
Message-ID: <6042677.7XzmgW9Odj@lapuntu>

Dnia poniedziałek, 30 marca 2015 18:15:20 Georgi Guninski pisze:
> DISCLAIMER: I am neither gay nor anti-gay.

It's called "heterosexual", not "anti-gay".

/me couldn't resist, sorry.

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150330/ac2680dc/attachment.sig>

From juan.g71 at gmail.com  Mon Mar 30 19:49:04 2015
From: juan.g71 at gmail.com (Juan)
Date: Mon, 30 Mar 2015 23:49:04 -0300
Subject: One Laptop Per Terrorist
In-Reply-To: <55172F30.7020308@cs.helsinki.fi>
References: <5510f31f.52668c0a.388b.ffffc478@mx.google.com>
 <CAD2Ti28Pg8BUh=J_zSeE9JgKibo18U-NusvdLdinFc-QyRKbog@mail.gmail.com>
 <551119e1.8d35370a.6656.ffffd086@mx.google.com>
 <CAHWD2rJNK-Ve4scG08opxowss3sK5+N07G-2wqDP2sMY3wetbQ@mail.gmail.com>
 <CAJVRA1SkH9mQWtXAzY=MD5cayruFZ4xg8fbL-6QNVq_whstMkQ@mail.gmail.com>
 <CAMyHXXcWc0_1OksrTDuBn7Eg_YLhD-5ECqppOTUcXTPPzfqrxQ@mail.gmail.com>
 <CALqxMTGkYhJ7qO0zWFR=b2y=9rspoSukFaKR30Bc4xSskYRUiA@mail.gmail.com>
 <5515fce0.c7ee8c0a.4c0b.ffffeae2@mx.google.com>
 <55172F30.7020308@cs.helsinki.fi>
Message-ID: <551a0a4a.f72b8c0a.4021.28ae@mx.google.com>

On Sun, 29 Mar 2015 00:46:08 +0200
Markus Ottela <oottela at cs.helsinki.fi> wrote:

> A microcontroller as TCB doing OTP with HWRNG-generated keys. Sounds a
> lot like the OTP-version of Tinfoil Chat ( github.com/maqp/tfc ). 


	Splitting the application in two rx/tx physically isolated
	devices is clever...Although using two laptops or two
	raspberries seems a bit overkill?


	Now I'm wondering how easy it would be to hack a
	microcontroller through its serial link. Of course "a
	microcontroller" is horribly vague. For instance, what about a
	microcontroller that can't execute code from ram? 



J.







From decoy at iki.fi  Mon Mar 30 15:42:24 2015
From: decoy at iki.fi (Sampo Syreeni)
Date: Tue, 31 Mar 2015 01:42:24 +0300 (EEST)
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <6042677.7XzmgW9Odj@lapuntu>
References: <CAO7N=i2HPbvXfNEcJerk-rxZjeXYwpWeVE2ynWfk8q-+hptmJQ@mail.gmail.com>
 <mf9fub$30l$1@ger.gmane.org> <20150330151520.GA2440@sivokote.iziade.m$>
 <6042677.7XzmgW9Odj@lapuntu>
Message-ID: <alpine.DEB.2.02.1503310139040.6181@lakka.kapsi.fi>

On 2015-03-30, rysiek wrote:

>> DISCLAIMER: I am neither gay nor anti-gay.
>
> It's called "heterosexual", not "anti-gay".

No it's not. I happen to be a heterosexual pro-gay who knows 
heterosexual anti-gays. In fact I even know gay pro-gays and a gay 
anti-gay. Se being trans.

> /me couldn't resist, sorry.

Tell me about it, girl.
-- 
Sampo Syreeni, aka decoy - decoy at iki.fi, http://decoy.iki.fi/front
+358-40-3255353, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2




From alexiswattel at gmail.com  Mon Mar 30 17:51:53 2015
From: alexiswattel at gmail.com (Alexis Wattel)
Date: Tue, 31 Mar 2015 02:51:53 +0200
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <CAN9H=i+5DnkJDj0N_LJEDKgZUtp1DoVNOv2npymembj79fj8TA@mail.gmail.com>
References: <CAO7N=i2HPbvXfNEcJerk-rxZjeXYwpWeVE2ynWfk8q-+hptmJQ@mail.gmail.com>
 <10000903.VI00jCnZAx@lapuntu> <mf9fub$30l$1@ger.gmane.org>
 <CAN9H=i+5DnkJDj0N_LJEDKgZUtp1DoVNOv2npymembj79fj8TA@mail.gmail.com>
Message-ID: <43D1AC0B-E465-4605-9818-153120ECAE08@gmail.com>

Are people even aware that he gave only 1,000$ to this political movement? 
It's not like if it was 250,000 $, which would still be nothing compared to Mozilla's funding. 

I can't help to wonder how the hell they manage to spend their hundreds of meellions. Doesn't quite feel like free software now. 

Le 29 mars 2015 21:54:13 CEST, Jason McVetta <jason.mcvetta at gmail.com> a écrit :
>On Sun, Mar 29, 2015 at 11:23 AM, Y G <ygwald at brandeis.edu> wrote:
>
>> The actual issue with the whole Brendan Eich thing was that it was
>> basically just LGBT people being played off of Firefox for money.
>>
>
>That sorry scene struck me as more of a public stoning.  A reminder to
>all
>who were watching, that a life's work contributing to the good of
>humanity
>(i.e. Free Software) means nothing.  Toe the official line on culture
>issues, or you will be ruthlessly eliminated.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1584 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150331/b7aecd10/attachment.txt>

From juan.g71 at gmail.com  Mon Mar 30 22:59:28 2015
From: juan.g71 at gmail.com (Juan)
Date: Tue, 31 Mar 2015 02:59:28 -0300
Subject: Your tax dollars at work:  Federal agents steal Bitcoin
In-Reply-To: <1983906331.2156244.1427771526262.JavaMail.yahoo@mail.yahoo.com>
References: <1983906331.2156244.1427771526262.JavaMail.yahoo@mail.yahoo.com>
Message-ID: <551a36ed.cb128d0a.4112.0671@mx.google.com>

On Tue, 31 Mar 2015 03:12:06 +0000 (UTC)
jim bell <jdb10987 at yahoo.com> wrote:

> http://finance.yahoo.com/news/federal-agents-stole-bitcoin-silk-road-probe-us-182049925.html


	So, they somehow pissed off their bosses. They might have
	forgotten to 'share' the spoils or something. 




>         Jim Bell





From jdb10987 at yahoo.com  Mon Mar 30 20:12:06 2015
From: jdb10987 at yahoo.com (jim bell)
Date: Tue, 31 Mar 2015 03:12:06 +0000 (UTC)
Subject: Your tax dollars at work:  Federal agents steal Bitcoin
Message-ID: <1983906331.2156244.1427771526262.JavaMail.yahoo@mail.yahoo.com>

http://finance.yahoo.com/news/federal-agents-stole-bitcoin-silk-road-probe-us-182049925.html;_ylt=AwrXgSMDEBpVw2YAKUuTmYlQ;_ylu=X3oDMTByZDNzZTI1BGNvbG8DZ3ExBHBvcwMyBHZ0aWQDBHNlYwNzYw--

        Jim Bell
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 882 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150331/3efbec8c/attachment.txt>

From juan.g71 at gmail.com  Tue Mar 31 01:25:56 2015
From: juan.g71 at gmail.com (Juan)
Date: Tue, 31 Mar 2015 05:25:56 -0300
Subject: One Laptop Per Terrorist
In-Reply-To: <CAJVRA1T7x4qH1sWyPmb0N5PVGXKn+G0xNyQu4t2_iTE9ukCztQ@mail.gmail.com>
References: <5510f31f.52668c0a.388b.ffffc478@mx.google.com>
 <CAD2Ti28Pg8BUh=J_zSeE9JgKibo18U-NusvdLdinFc-QyRKbog@mail.gmail.com>
 <551119e1.8d35370a.6656.ffffd086@mx.google.com>
 <CAHWD2rJNK-Ve4scG08opxowss3sK5+N07G-2wqDP2sMY3wetbQ@mail.gmail.com>
 <CAJVRA1SkH9mQWtXAzY=MD5cayruFZ4xg8fbL-6QNVq_whstMkQ@mail.gmail.com>
 <CAMyHXXcWc0_1OksrTDuBn7Eg_YLhD-5ECqppOTUcXTPPzfqrxQ@mail.gmail.com>
 <CALqxMTGkYhJ7qO0zWFR=b2y=9rspoSukFaKR30Bc4xSskYRUiA@mail.gmail.com>
 <5515fce0.c7ee8c0a.4c0b.ffffeae2@mx.google.com>
 <55172F30.7020308@cs.helsinki.fi>
 <551a0a4a.f72b8c0a.4021.28ae@mx.google.com>
 <CAJVRA1T7x4qH1sWyPmb0N5PVGXKn+G0xNyQu4t2_iTE9ukCztQ@mail.gmail.com>
Message-ID: <551a5941.89878c0a.2033.15ef@mx.google.com>

On Mon, 30 Mar 2015 23:20:47 -0700
coderman <coderman at gmail.com> wrote:

> On 3/30/15, Juan <juan.g71 at gmail.com> wrote:
> > ...
> > 	Splitting the application in two rx/tx physically isolated
> > 	devices is clever...Although using two laptops or two
> > 	raspberries seems a bit overkill?
> 
> two USB Armory not so large nor overkill. perhaps... :P
>   http://www.inversepath.com/usbarmory.html


	Interesting. 512mb of ram. But at $100 they don't seem too
	cheap...






	
	



	




From juan.g71 at gmail.com  Tue Mar 31 01:31:19 2015
From: juan.g71 at gmail.com (Juan)
Date: Tue, 31 Mar 2015 05:31:19 -0300
Subject: One Laptop Per Terrorist
In-Reply-To: <CAJVRA1T7x4qH1sWyPmb0N5PVGXKn+G0xNyQu4t2_iTE9ukCztQ@mail.gmail.com>
References: <5510f31f.52668c0a.388b.ffffc478@mx.google.com>
 <CAD2Ti28Pg8BUh=J_zSeE9JgKibo18U-NusvdLdinFc-QyRKbog@mail.gmail.com>
 <551119e1.8d35370a.6656.ffffd086@mx.google.com>
 <CAHWD2rJNK-Ve4scG08opxowss3sK5+N07G-2wqDP2sMY3wetbQ@mail.gmail.com>
 <CAJVRA1SkH9mQWtXAzY=MD5cayruFZ4xg8fbL-6QNVq_whstMkQ@mail.gmail.com>
 <CAMyHXXcWc0_1OksrTDuBn7Eg_YLhD-5ECqppOTUcXTPPzfqrxQ@mail.gmail.com>
 <CALqxMTGkYhJ7qO0zWFR=b2y=9rspoSukFaKR30Bc4xSskYRUiA@mail.gmail.com>
 <5515fce0.c7ee8c0a.4c0b.ffffeae2@mx.google.com>
 <55172F30.7020308@cs.helsinki.fi>
 <551a0a4a.f72b8c0a.4021.28ae@mx.google.com>
 <CAJVRA1T7x4qH1sWyPmb0N5PVGXKn+G0xNyQu4t2_iTE9ukCztQ@mail.gmail.com>
Message-ID: <551a5a83.15108c0a.4491.1798@mx.google.com>

On Mon, 30 Mar 2015 23:20:47 -0700
coderman <coderman at gmail.com> wrote:

> On 3/30/15, Juan <juan.g71 at gmail.com> wrote:
> > ...
> > 	Splitting the application in two rx/tx physically isolated
> > 	devices is clever...Although using two laptops or two
> > 	raspberries seems a bit overkill?
> 
> two USB Armory not so large nor overkill. perhaps... :P
>   http://www.inversepath.com/usbarmory.html

	
	by the way, I wouldn't trust arm's "trustzone" at all, just
	like I wouldn't trust a complex SoC from motorola


	http://genode.org/documentation/articles/trustzone


	 




	
	



	




From schear.steve at gmail.com  Tue Mar 31 09:06:28 2015
From: schear.steve at gmail.com (Steven Schear)
Date: Tue, 31 Mar 2015 09:06:28 -0700
Subject: Cryptoanarchist slogan
Message-ID: <CAMyHXXdUip3UvY=E5uyqqS-C5BPX-wAS3psCbAQmf7rGfeE2Ag@mail.gmail.com>

 "Encrypt the state and delete the key"

-- smuggler, #agora/anarplex.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 161 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150331/cd043d13/attachment.txt>

From Rayzer at riseup.net  Tue Mar 31 11:06:03 2015
From: Rayzer at riseup.net (Razer)
Date: Tue, 31 Mar 2015 11:06:03 -0700
Subject: Fwd: Docuticker, "Cybersecurity: Authoritative Reports and Resources, 
 by Topic"
Message-ID: <551AE20B.4050002@riseup.net>

Cybersecurity: Authoritative Reports and Resources, by Topic

Source: Congressional Research Service via Federation of American Scientists

Summary:

This report provides references to analytical reports on cybersecurity
from CRS, other government agencies, trade associations, and interest
groups. The reports and related websites are grouped under the following
cybersecurity topics:

    • Policy overview
    • National Strategy for Trusted Identities in Cyberspace (NSTIC)
    • Cloud computing and the Federal Risk and Authorization Management
Program (FedRAMP)
    • Critical infrastructure
    • Cybercrime, data breaches, and data security
    • National security, cyber espionage, and cyberwar (including Stuxnet)
    • International efforts
    • Education/training/workforce
    • Research and development (R&D)

    In addition, the report lists selected cybersecurity-related
websites for congressional and government agencies; news; international
organizations; and other organizations, associations, and institutions.

Direct link to document (PDF; 860 KB):
http://www.fas.org/sgp/crs/misc/R42507.pdf

Docuticker (Docubase) source: http://web.docuticker.com/go/docubase/72401


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150331/d8707032/attachment.sig>

From shelley at misanthropia.org  Tue Mar 31 15:26:44 2015
From: shelley at misanthropia.org (Shelley)
Date: Tue, 31 Mar 2015 15:26:44 -0700
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <1490353.e6UnZs7AQL@lapuntu>
References: <20150331020958.AF105228172@palinka.tinho.net>
 <1490353.e6UnZs7AQL@lapuntu>
Message-ID: <14c71f19cd0.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org>

On March 31, 2015 3:09:38 PM rysiek <rysiek at hackerspace.pl> wrote:

> Dnia poniedziałek, 30 marca 2015 22:09:58 dan at geer.org pisze:
> > Point of order: One can be anti-$XYZ without being $XYZ-phobic.
> >
> > Example: What this thread has to do with listening on UDP:1900 is,
> > well, digressive and while I am anti-digression I sure as hell am
> > not digression-phobic or, to be most clear, you are not seriously
> > anti-$XYZ until you have put any $XYZ-phobia with which you might
> > be freighted fully behind you.
> >
> > As Aristotle said, "Tolerance is the last virtue of a dying society."
>
> And yet Greeks had no problems with homosexuals. So they didn't even have to
> be "tolerant" towards "them".
>
****>>>>>>> So I read this sentence the other way around: a society that 
has to be
> "tolerant" is dying, as things that should not bother anyone at all are
> apparently bothering a lot of people (some of whom at least try to stay
> "tolerant" towards them).

This exactly, rysiek.  +1,000,000 internets to you.  Here, have a rainbow 
star, too ;)

-not the only ghey in the village

>
> --
> Pozdrawiam,
> Michał "rysiek" Woźniak
>
> Zmieniam klucz GPG :: http://rys.io/pl/147
> GPG Key Transition :: http://rys.io/en/147





From s at ctrlc.hu  Tue Mar 31 08:07:35 2015
From: s at ctrlc.hu (stef)
Date: Tue, 31 Mar 2015 17:07:35 +0200
Subject: One Laptop Per Terrorist
In-Reply-To: <CAJVRA1T7x4qH1sWyPmb0N5PVGXKn+G0xNyQu4t2_iTE9ukCztQ@mail.gmail.com>
References: <CAD2Ti28Pg8BUh=J_zSeE9JgKibo18U-NusvdLdinFc-QyRKbog@mail.gmail.com>
 <551119e1.8d35370a.6656.ffffd086@mx.google.com>
 <CAHWD2rJNK-Ve4scG08opxowss3sK5+N07G-2wqDP2sMY3wetbQ@mail.gmail.com>
 <CAJVRA1SkH9mQWtXAzY=MD5cayruFZ4xg8fbL-6QNVq_whstMkQ@mail.gmail.com>
 <CAMyHXXcWc0_1OksrTDuBn7Eg_YLhD-5ECqppOTUcXTPPzfqrxQ@mail.gmail.com>
 <CALqxMTGkYhJ7qO0zWFR=b2y=9rspoSukFaKR30Bc4xSskYRUiA@mail.gmail.com>
 <5515fce0.c7ee8c0a.4c0b.ffffeae2@mx.google.com>
 <55172F30.7020308@cs.helsinki.fi>
 <551a0a4a.f72b8c0a.4021.28ae@mx.google.com>
 <CAJVRA1T7x4qH1sWyPmb0N5PVGXKn+G0xNyQu4t2_iTE9ukCztQ@mail.gmail.com>
Message-ID: <20150331150735.GB7282@ctrlc.hu>

On Mon, Mar 30, 2015 at 11:20:47PM -0700, coderman wrote:
> two USB Armory not so large nor overkill. perhaps... :P
>   http://www.inversepath.com/usbarmory.html

this device - if unmodified - has severe limitations regarding inputs. e.g. if
the armory contains some key material, it's hard to have it stored in there in
a ciphertext, the only way to unlock (provide a decryption key for the
ciphertext inside) it currently is from the device you compartmentalize your
keys from, the host. there's a thing that is however extremely cool in this
device, the arm trustzone (cue the sad violinist while the TCM jamboree slides
are shown). pity that this gets so far ignored.

it's a neat but quite misunderstood device i think.

-- 
otr fp: https://www.ctrlc.hu/~stef/otr.txt




From guninski at guninski.com  Tue Mar 31 07:38:20 2015
From: guninski at guninski.com (Georgi Guninski)
Date: Tue, 31 Mar 2015 17:38:20 +0300
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <6042677.7XzmgW9Odj@lapuntu>
References: <CAO7N=i2HPbvXfNEcJerk-rxZjeXYwpWeVE2ynWfk8q-+hptmJQ@mail.gmail.com>
 <mf9fub$30l$1@ger.gmane.org>
 <20150330151520.GA2440@sivokote.iziade.m$>
 <6042677.7XzmgW9Odj@lapuntu>
Message-ID: <20150331143820.GB2573@sivokote.iziade.m$>

On Mon, Mar 30, 2015 at 11:34:33PM +0200, rysiek wrote:
> Dnia poniedziałek, 30 marca 2015 18:15:20 Georgi Guninski pisze:
> > DISCLAIMER: I am neither gay nor anti-gay.
> 
> It's called "heterosexual", not "anti-gay".
> 
> /me couldn't resist, sorry.
>

Ok, I take the cheap bait.

DISCLAIMER: I am heterosexual.

IMHO there is difference between heterosexual and anti-gay.

Consider interviewed P_1 and P_2 about gay pride march
(parade).

P_1: I don't care how gays fuck themselves.
P_2: I don't care how gays fuck themselves, but don't
understand why they are proud of it and make parade. Should
all people with feature $X$ parade? Should drunkards and
lunatics parade because they are proud of their condition?
Do gays have more rights than heterosexual people?

https://en.wikipedia.org/w/index.php?title=LGBT_Pride_March_%28New_York_City%29&oldid=652929629




From oottela at cs.helsinki.fi  Tue Mar 31 08:47:01 2015
From: oottela at cs.helsinki.fi (Markus Ottela)
Date: Tue, 31 Mar 2015 18:47:01 +0300
Subject: One Laptop Per Terrorist
In-Reply-To: <CAJVRA1T7x4qH1sWyPmb0N5PVGXKn+G0xNyQu4t2_iTE9ukCztQ@mail.gmail.com>
References: <5510f31f.52668c0a.388b.ffffc478@mx.google.com>
 <CAD2Ti28Pg8BUh=J_zSeE9JgKibo18U-NusvdLdinFc-QyRKbog@mail.gmail.com>
 <551119e1.8d35370a.6656.ffffd086@mx.google.com>
 <CAHWD2rJNK-Ve4scG08opxowss3sK5+N07G-2wqDP2sMY3wetbQ@mail.gmail.com>
 <CAJVRA1SkH9mQWtXAzY=MD5cayruFZ4xg8fbL-6QNVq_whstMkQ@mail.gmail.com>
 <CAMyHXXcWc0_1OksrTDuBn7Eg_YLhD-5ECqppOTUcXTPPzfqrxQ@mail.gmail.com>
 <CALqxMTGkYhJ7qO0zWFR=b2y=9rspoSukFaKR30Bc4xSskYRUiA@mail.gmail.com>
 <5515fce0.c7ee8c0a.4c0b.ffffeae2@mx.google.com>
 <55172F30.7020308@cs.helsinki.fi> <551a0a4a.f72b8c0a.4021.28ae@mx.google.com>
 <CAJVRA1T7x4qH1sWyPmb0N5PVGXKn+G0xNyQu4t2_iTE9ukCztQ@mail.gmail.com>
Message-ID: <551AC175.5020007@cs.helsinki.fi>

On 31.03.2015 09:20, coderman wrote:
> On 3/30/15, Juan <juan.g71 at gmail.com> wrote:
>> ...
>> 	Splitting the application in two rx/tx physically isolated
>> 	devices is clever...Although using two laptops or two
>> 	raspberries seems a bit overkill?

Feel free to choose your own devices / micro controllers as long as it
supports the data diode and doesn't have wireless / audio devices that
provide covert channels to HSAs. Wide range of platforms makes
compromise of COTS hardware much more difficult. Netbooks are not
significantly more expensive than if one were to buy separate batteries,
chargers, displays, cables and peripherals -- It's also more convenient.
Two netbooks pushes the system price around that of a Blackphone.




From mjbecze at gmail.com  Tue Mar 31 16:54:17 2015
From: mjbecze at gmail.com (Martin Becze)
Date: Tue, 31 Mar 2015 19:54:17 -0400
Subject: Cryptoanarchist slogan
In-Reply-To: <CAFUJwR8AysxAB4M5bG3cM2QvKsU3cOGMSE8qYskuXmKstKJ0Ew@mail.gmail.com>
References: <CAMyHXXdUip3UvY=E5uyqqS-C5BPX-wAS3psCbAQmf7rGfeE2Ag@mail.gmail.com>
 <3461134.Fv2FukfzcU@lapuntu>
 <CAFUJwR8AysxAB4M5bG3cM2QvKsU3cOGMSE8qYskuXmKstKJ0Ew@mail.gmail.com>
Message-ID: <CALz06g7Z-BwrqS+UVCoRkONoUDukcPsTOMPvxs5F=MT=NP=6Yw@mail.gmail.com>

> maybe we should brute force the state?

that hasn't been too successful in the past.

On Tue, Mar 31, 2015 at 7:36 PM, Ben Mezger <mezger.benjamin at gmail.com>
wrote:

> maybe we should brute force the state?
>
> 2015-03-31 16:55 GMT-03:00 rysiek <rysiek at hackerspace.pl>:
>
> Dnia wtorek, 31 marca 2015 09:06:28 Steven Schear pisze:
>> >  "Encrypt the state and delete the key"
>> > -- smuggler, #agora/anarplex.net
>>
>> So... hash the state?
>>
>> --
>> Pozdrawiam,
>> Michał "rysiek" Woźniak
>>
>> Zmieniam klucz GPG :: http://rys.io/pl/147
>> GPG Key Transition :: http://rys.io/en/147
>
>
>
>
> --
> Kind regards,
> GPG Public Key
> <http://pgp.mit.edu/pks/lookup?op=get&search=0x7C19F16D575B7C1C>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1993 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150331/96da106d/attachment.txt>

From mezger.benjamin at gmail.com  Tue Mar 31 16:36:57 2015
From: mezger.benjamin at gmail.com (Ben Mezger)
Date: Tue, 31 Mar 2015 20:36:57 -0300
Subject: Cryptoanarchist slogan
In-Reply-To: <3461134.Fv2FukfzcU@lapuntu>
References: <CAMyHXXdUip3UvY=E5uyqqS-C5BPX-wAS3psCbAQmf7rGfeE2Ag@mail.gmail.com>
 <3461134.Fv2FukfzcU@lapuntu>
Message-ID: <CAFUJwR8AysxAB4M5bG3cM2QvKsU3cOGMSE8qYskuXmKstKJ0Ew@mail.gmail.com>

maybe we should brute force the state?

2015-03-31 16:55 GMT-03:00 rysiek <rysiek at hackerspace.pl>:

> Dnia wtorek, 31 marca 2015 09:06:28 Steven Schear pisze:
> >  "Encrypt the state and delete the key"
> > -- smuggler, #agora/anarplex.net
>
> So... hash the state?
>
> --
> Pozdrawiam,
> Michał "rysiek" Woźniak
>
> Zmieniam klucz GPG :: http://rys.io/pl/147
> GPG Key Transition :: http://rys.io/en/147




-- 
Kind regards,
GPG Public Key
<http://pgp.mit.edu/pks/lookup?op=get&search=0x7C19F16D575B7C1C>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1295 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150331/6a935e96/attachment.txt>

From rysiek at hackerspace.pl  Tue Mar 31 12:55:36 2015
From: rysiek at hackerspace.pl (rysiek)
Date: Tue, 31 Mar 2015 21:55:36 +0200
Subject: Cryptoanarchist slogan
In-Reply-To: <CAMyHXXdUip3UvY=E5uyqqS-C5BPX-wAS3psCbAQmf7rGfeE2Ag@mail.gmail.com>
References: <CAMyHXXdUip3UvY=E5uyqqS-C5BPX-wAS3psCbAQmf7rGfeE2Ag@mail.gmail.com>
Message-ID: <3461134.Fv2FukfzcU@lapuntu>

Dnia wtorek, 31 marca 2015 09:06:28 Steven Schear pisze:
>  "Encrypt the state and delete the key"
> -- smuggler, #agora/anarplex.net

So... hash the state?

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150331/a7ae407a/attachment.sig>

From rysiek at hackerspace.pl  Tue Mar 31 12:58:47 2015
From: rysiek at hackerspace.pl (rysiek)
Date: Tue, 31 Mar 2015 21:58:47 +0200
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <mfcnjc$afo$1@ger.gmane.org>
References: <CAO7N=i2HPbvXfNEcJerk-rxZjeXYwpWeVE2ynWfk8q-+hptmJQ@mail.gmail.com>
 <alpine.DEB.2.02.1503310139040.6181@lakka.kapsi.fi>
 <mfcnjc$afo$1@ger.gmane.org>
Message-ID: <1653452.DfDURTuF1E@lapuntu>

Dnia poniedziałek, 30 marca 2015 19:52:12 Y G pisze:
> On 03/30/2015 06:42 PM, Sampo Syreeni wrote:
> > On 2015-03-30, rysiek wrote:
> >>> DISCLAIMER: I am neither gay nor anti-gay.
> >> 
> >> It's called "heterosexual", not "anti-gay".
> > 
> > No it's not. I happen to be a heterosexual pro-gay who knows
> > heterosexual anti-gays. In fact I even know gay pro-gays and a gay
> > anti-gay. Se being trans.
> > 
> >> /me couldn't resist, sorry.
> > 
> > Tell me about it, girl.
> 
> I interpreted that as jokingly interpreting "anti-gay" as "the opposite
> of gay" -- so "heterosexual".

That was my intention.

Now that I read it again, though, I see might have come off as anti-gay 
myself. And I'm not comfortable with that. Well, dang.

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150331/0b48b2bf/attachment.sig>

From rysiek at hackerspace.pl  Tue Mar 31 13:01:35 2015
From: rysiek at hackerspace.pl (rysiek)
Date: Tue, 31 Mar 2015 22:01:35 +0200
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <5519D28F.4030900@riseup.net>
References: <CAO7N=i2HPbvXfNEcJerk-rxZjeXYwpWeVE2ynWfk8q-+hptmJQ@mail.gmail.com>
 <6042677.7XzmgW9Odj@lapuntu> <5519D28F.4030900@riseup.net>
Message-ID: <5746531.qMWI9x2Eh3@lapuntu>

Dnia poniedziałek, 30 marca 2015 16:47:43 Mirimir pisze:
> On 03/30/2015 03:34 PM, rysiek wrote:
> > Dnia poniedziałek, 30 marca 2015 18:15:20 Georgi Guninski pisze:
> >> DISCLAIMER: I am neither gay nor anti-gay.
> > 
> > It's called "heterosexual", not "anti-gay".
> > 
> > /me couldn't resist, sorry.
> 
> I think that by "anti-gay", he means "homophobic", or in more general
> terms, judgmental asshole ;)

DON'T CALL ME THAT! ;)

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150331/6062ce54/attachment.sig>

From rysiek at hackerspace.pl  Tue Mar 31 13:03:27 2015
From: rysiek at hackerspace.pl (rysiek)
Date: Tue, 31 Mar 2015 22:03:27 +0200
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <mfcm3n$lrp$1@ger.gmane.org>
References: <CAO7N=i2HPbvXfNEcJerk-rxZjeXYwpWeVE2ynWfk8q-+hptmJQ@mail.gmail.com>
 <6042677.7XzmgW9Odj@lapuntu> <mfcm3n$lrp$1@ger.gmane.org>
Message-ID: <2790149.ANo6DAHPTO@lapuntu>

Dnia poniedziałek, 30 marca 2015 19:26:46 Y G pisze:
> On 03/30/2015 05:34 PM, rysiek wrote:
> > Dnia poniedziałek, 30 marca 2015 18:15:20 Georgi Guninski pisze:
> >> DISCLAIMER: I am neither gay nor anti-gay.
> > 
> > It's called "heterosexual", not "anti-gay".
> > 
> > /me couldn't resist, sorry.
> 
> Nooo... "anti-gay"... If an anti-gay person touches a gay person, then
> they mutually annihilate into pure energy, which can be
> captured/focused/however-the-heck-it-works to power warp drives...

My drive warped once, I lost a lot of data. Not fun.

Also, don't you mean "queer drives"?

> (Because I usually suck at sarcasm, I'm going to explicitly state that
> this is sarcasm, and also a (bad) Star Trek reference...)

I like how you use the "s-word" in the context of this thread.

Why yes, I was indeed referring to sarcasm.

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150331/e5d9f87f/attachment.sig>

From rysiek at hackerspace.pl  Tue Mar 31 13:06:12 2015
From: rysiek at hackerspace.pl (rysiek)
Date: Tue, 31 Mar 2015 22:06:12 +0200
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <20150331020958.AF105228172@palinka.tinho.net>
References: <20150331020958.AF105228172@palinka.tinho.net>
Message-ID: <1490353.e6UnZs7AQL@lapuntu>

Dnia poniedziałek, 30 marca 2015 22:09:58 dan at geer.org pisze:
> Point of order: One can be anti-$XYZ without being $XYZ-phobic.
> 
> Example: What this thread has to do with listening on UDP:1900 is,
> well, digressive and while I am anti-digression I sure as hell am
> not digression-phobic or, to be most clear, you are not seriously
> anti-$XYZ until you have put any $XYZ-phobia with which you might
> be freighted fully behind you.
> 
> As Aristotle said, "Tolerance is the last virtue of a dying society."

And yet Greeks had no problems with homosexuals. So they didn't even have to 
be "tolerant" towards "them".

So I read this sentence the other way around: a society that has to be 
"tolerant" is dying, as things that should not bother anyone at all are 
apparently bothering a lot of people (some of whom at least try to stay 
"tolerant" towards them).

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150331/be2355a7/attachment.sig>

From juan.g71 at gmail.com  Tue Mar 31 18:07:17 2015
From: juan.g71 at gmail.com (Juan)
Date: Tue, 31 Mar 2015 22:07:17 -0300
Subject: Cryptoanarchist slogan
In-Reply-To: <CALz06g7Z-BwrqS+UVCoRkONoUDukcPsTOMPvxs5F=MT=NP=6Yw@mail.gmail.com>
References: <CAMyHXXdUip3UvY=E5uyqqS-C5BPX-wAS3psCbAQmf7rGfeE2Ag@mail.gmail.com>
 <3461134.Fv2FukfzcU@lapuntu>
 <CAFUJwR8AysxAB4M5bG3cM2QvKsU3cOGMSE8qYskuXmKstKJ0Ew@mail.gmail.com>
 <CALz06g7Z-BwrqS+UVCoRkONoUDukcPsTOMPvxs5F=MT=NP=6Yw@mail.gmail.com>
Message-ID: <551b43ee.1017370a.4a0f.1820@mx.google.com>

On Tue, 31 Mar 2015 19:54:17 -0400
Martin Becze <mjbecze at gmail.com> wrote:

> > maybe we should brute force the state?
> 
> that hasn't been too successful in the past.


	brute forcing does require a non-trivial amount of resources 





From rysiek at hackerspace.pl  Tue Mar 31 13:10:04 2015
From: rysiek at hackerspace.pl (rysiek)
Date: Tue, 31 Mar 2015 22:10:04 +0200
Subject: Warrant Canaries
In-Reply-To: <CAHWD2rJ6Fa=yNUhnLWRTN_NB=CBn703TT7mGh0Lw7R3nJ6weyg@mail.gmail.com>
References: <CAMyHXXcLbosjE_xtXKsWsB5arwEKfuAYGXEyv1C6R4f0q47XEA@mail.gmail.com>
 <CAHWD2rJ6Fa=yNUhnLWRTN_NB=CBn703TT7mGh0Lw7R3nJ6weyg@mail.gmail.com>
Message-ID: <7900843.nd7aEDGNkv@lapuntu>

Dnia poniedziałek, 30 marca 2015 16:48:57 Lodewijk andré de la porte pisze:
> "Existence or non-existence" - what about "maybe exists" vs "definitely
> does or does not exist"?
> 
> If we all agree that "maybe" means "probably does not exist" and
> "definitely does or doesn't exist" means you probably do have one, this
> seems to be no problem.

Ah, modal logic. Hounting me from beyond the gra^Wcollege...

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150331/026eae34/attachment.sig>

From l at odewijk.nl  Tue Mar 31 11:20:26 2015
From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=)
Date: Wed, 1 Apr 2015 03:20:26 +0900
Subject: Firefox 36+ listens on UDP:1900
In-Reply-To: <20150331143820.GB2573@sivokote.iziade.m$>
References: <CAO7N=i2HPbvXfNEcJerk-rxZjeXYwpWeVE2ynWfk8q-+hptmJQ@mail.gmail.com>
 <mf9fub$30l$1@ger.gmane.org> <20150330151520.GA2440@sivokote.iziade.m$>
 <6042677.7XzmgW9Odj@lapuntu> <20150331143820.GB2573@sivokote.iziade.m$>
Message-ID: <CAHWD2rJiWSYgnaNVOKZR_d0ryEmoN3OPn-cUJSmrOQ-h2HPu_A@mail.gmail.com>

2015-03-31 23:38 GMT+09:00 Georgi Guninski <guninski at guninski.com>:

> P_2: I don't care how gays fuck themselves, but don't
> understand why they are proud of it and make parade. Should
> all people with feature $X$ parade? Should drunkards and
> lunatics parade because they are proud of their condition?
> Do gays have more rights than heterosexual people?
>

To show it's not something you need to hide.

Mozilla was in murky waters regarding employee's freedom of speech
(spending == speech says supreme court) and an important employee's (very
and imho justly) unpopular opinion. The important employee solved the
problem by leaving, freedom of speech made a distant pained sound and the
aggressive-tolerance community turned it's iPhones to other no doubt super
important causes.

ITT: Mozilla publishes an dumb update for something nobody could had ever
wanted, reducing security, does not feature disable preference.

Regarding Google alliance: money for freedom in exchange for a
search-engine most will use anyway? Probably a good trade (makes Firefox
better in the end). Switching it to Bing whenever they pay more, or just to
make Google pay up? Very consistent. When Ubuntu went full retard with
Amazon, that was amazingly over the top stupid. I hope they got good money
for it, in the end improving people's security and privacy. Made me switch
to Debian though. Just waiting for the thing that forces me to OpenBSD.

And when my last features are gone, finally I shall have peace.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2076 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150401/83e292e0/attachment.txt>

From zen at freedbms.net  Tue Mar 31 18:54:46 2015
From: zen at freedbms.net (Zenaan Harkness)
Date: Wed, 1 Apr 2015 12:54:46 +1100
Subject: Warrant Canaries
In-Reply-To: <7900843.nd7aEDGNkv@lapuntu>
References: <CAMyHXXcLbosjE_xtXKsWsB5arwEKfuAYGXEyv1C6R4f0q47XEA@mail.gmail.com>
 <CAHWD2rJ6Fa=yNUhnLWRTN_NB=CBn703TT7mGh0Lw7R3nJ6weyg@mail.gmail.com>
 <7900843.nd7aEDGNkv@lapuntu>
Message-ID: <CAOsGNSStq=n6niUFDi-CxvLwK96JcaiVOy4d1yhhLC90mvx9Ew@mail.gmail.com>

On 4/1/15, rysiek <rysiek at hackerspace.pl> wrote:
> Dnia poniedziałek, 30 marca 2015 16:48:57 Lodewijk andré de la porte pisze:
>> "Existence or non-existence" - what about "maybe exists" vs "definitely
>> does or does not exist"?
>>
>> If we all agree that "maybe" means "probably does not exist" and
>> "definitely does or doesn't exist" means you probably do have one, this
>> seems to be no problem.
>
> Ah, modal logic. Hounting me from beyond the gra^Wcollege...

>From The Collaborative Cypherpunks Dictionary of Sanity v.0.0.0.001 [cypher]:

  Hounting \Hound\, v. t. [imp. & p. p. {Haunded}; appl. to mental
     state, part. in hist. context, physchological self-pursuit;
     existential addictive thought appeal[ing|s] to the liberty
     cortex;
     p. pr. & vb. n. {Hounting}.] [F. hanter; of uncertain origin,
     perh. from an assumed LL. ambitare to go about, fr. L. ambire
     (see {Ambition}); or cf. Icel. heimta to demand, regain, akin
     to heim home (see {Home}). [root]36.]
     [OE. hound, hund, dog, AS. hund; akin to OS. &
     OFries. hund, D. hond, G. hund, OHG. hunt, Icel. hundr, Dan.
     & Sw. hund, Goth. hunds, and prob. to Lith. sz?, Ir. & Gael.
     cu, L. canis, Gr. ?, ?, Skr. [,c]van. [root]229. Cf.
     {Canine}, {Cynic}, {Kennel}.]

 A rapping and a tapping and a strumming in the brain,
 A hounting and a trouncing; Oh! that libertarian strain;
   [Anon. 2015]
   [Begging for enhancement by extension.]




From alfiej at fastmail.fm  Tue Mar 31 21:41:10 2015
From: alfiej at fastmail.fm (Alfie John)
Date: Wed, 01 Apr 2015 15:41:10 +1100
Subject: Warrant Canaries
In-Reply-To: <CAMyHXXcLbosjE_xtXKsWsB5arwEKfuAYGXEyv1C6R4f0q47XEA@mail.gmail.com>
References: <CAMyHXXcLbosjE_xtXKsWsB5arwEKfuAYGXEyv1C6R4f0q47XEA@mail.gmail.com>
Message-ID: <1427863270.2276337.247893441.38D7393D@webmail.messagingengine.com>

On Mon, Mar 30, 2015, at 10:01 AM, Steven Schear wrote:
> Looks like Australia has banned use of my idea.
>
> http://boingboing.net/2015/03/26/australia-outlaws-warrant-cana.html
>
> If its true that a man's status can be measured by his enemies.. then
> I've taken a position at the top of the cypherpunks heap :)

How about the reverse? As the point of canaries is to let people know a
warrant is in place while thinking that you're not breaking any laws by
telling them (good luck), hypothetically why not just be up front and
tell people that a warrant is in place via a tor and a hidden service
(let's call it WarrantWatch). Each post is a message from an admin of a
website saying that a warrant is in place, with the message being signed
via the website's TLS private key for verification.

Alfie

-- 
  Alfie John
  alfiej at fastmail.fm




From pgut001 at cs.auckland.ac.nz  Tue Mar 31 23:57:09 2015
From: pgut001 at cs.auckland.ac.nz (Peter Gutmann)
Date: Wed, 01 Apr 2015 19:57:09 +1300
Subject: Cryptoanarchist slogan
In-Reply-To: <CAMyHXXdUip3UvY=E5uyqqS-C5BPX-wAS3psCbAQmf7rGfeE2Ag@mail.gmail.com>
Message-ID: <E1YdCaL-0006w3-6J@login01.fos.auckland.ac.nz>

>"Encrypt the state and delete the key"

That's not such a good idea, because when you swap your state back in again
you can't decrypt it any more and end up with a kernel panic.

Peter.