From coderman at gmail.com Tue Sep 1 07:55:39 2015 From: coderman at gmail.com (coderman) Date: Tue, 1 Sep 2015 07:55:39 -0700 Subject: Linux Foundation' Linux workstation security checklist In-Reply-To: <20150901100841.GA3854@sivokote.iziade.m$> References: <20150831111344.GA2558@sivokote.iziade.m$> <55E4B7A2.1090907@gmail.com> <20150901100841.GA3854@sivokote.iziade.m$> Message-ID: On 9/1/15, Georgi Guninski wrote: > ... > They protect against trojanized (off the shelf) BIOS. prevents trojan / arb exec from persistence via BIOS. prevents surreptitious FDE keylogger via BIOS hooks. yes, also off the shelf attacks. which is nearly all of them. :) [ see also HackingTeam dump, and research examples ] > If an adversary has sufficient supply of application and > root sploits, how much they will protect you? separate question; see also defense in depth. however, a robust bespoke BIOS beats otherwise cascade catastrophe. > Instead of rootkit they will root you every boot IMHO. this also has a different visibility, as executing in priv. or user context & addr space. also why "throw away" VMs per Qubes or Live OS images a useful technique to avoid attempted persistence via weird machines gone rogue... best regards, From blibbet at gmail.com Tue Sep 1 08:43:25 2015 From: blibbet at gmail.com (Blibbet) Date: Tue, 1 Sep 2015 08:43:25 -0700 Subject: Linux Foundation' Linux workstation security checklist In-Reply-To: References: <20150831111344.GA2558@sivokote.iziade.m$> <55E4B7A2.1090907@gmail.com> Message-ID: <55E5C79D.3060305@gmail.com> On 08/31/2015 07:33 PM, coderman wrote: > On 8/31/15, Blibbet wrote: >> ... >> Potential insecurely-built IBM system firmware security aside, I don't >> think Libreboot nor SeaBIOS offers much in terms of security to stop >> attackers, as well. > > building your own BIOS images, signing your own bootstraps, is "not offer much"? > > you're wrong and these are incredibly useful security measures. > > of course by no means sufficient by themselves, and you must always > keep your laptops/devices safe with you, lest they be implanted by > trivial means with physical access. I merely meant that BIOS didn't offer new security tech, that newer firmware tech does. My point was that Verified coreboot is stronger than Libreboot, and Ministry of Freedom could be using stronger open source tech in their product than they currently do. Eg, coreboot has Verified Boot mode, which is roughly like UEFI's Secure Boot, and can help protect the a blob-free system more than just Libreboot. Yes, building your own code is great, if you're able to do so. Building a stock BIOS with no security is great, but a stock BIOS won't stop attackers. Users should not have to rebuild their refurbished firmware to make it better, the vendor should offer that. Fear of blobs is one thing, fear of firmware attacks are another. Blobs are a great place for malware to hide, so there is an obvious relationship, but some freedom/privacy-loving users often seem to only focus on getting rid of blobs, and not pay much attention to the security of their firmware. My concern about Purism is that they'll disable enough security features to reduce the amount of FSP blobs such that the system is more attractive to attackers than normal PCs. Having an ancient laptop may help. Attackers may not be able to use CHIPSEC's HAL, that's the positive side of not being able to use CHIPSEC to test your defenses. :-) But there are alternatives to CHIPSEC's HAL, and they're less strict about chipsec support, and will likely work on old Thinkpads. Recently someone ported a modern ARM-based Chromebook (ASUS C201, Veyron Speedy) to use Libreboot, w/o blobs. That's another alternative to old x86 systems, with different attacks. I'm not sure what's safer, ARM or x86 these days. x86 BIOS/UEFI attackers are well-documented by researchers, but ARM-based ones are less so, AFAICT. I'm unclear what's safer from attackers, an old x86, or a modern ARM or AMD system. http://firmwaresecurity.com/2015/08/13/libreboot-ported-to-modern-arm-chromebook/ Blob-free and secure, that's my goal. BIOS -- even Libreboot's SeaBIOS -- is not secure. Thanks, Lee RSS: http://firmwaresecurity.com/feed From coderman at gmail.com Tue Sep 1 10:03:14 2015 From: coderman at gmail.com (coderman) Date: Tue, 1 Sep 2015 10:03:14 -0700 Subject: Linux Foundation' Linux workstation security checklist In-Reply-To: <55E5C79D.3060305@gmail.com> References: <20150831111344.GA2558@sivokote.iziade.m$> <55E4B7A2.1090907@gmail.com> <55E5C79D.3060305@gmail.com> Message-ID: On 9/1/15, Blibbet wrote: > ... > I merely meant that BIOS didn't offer new security tech, that newer > firmware tech does. My point was that Verified coreboot is stronger than > Libreboot, and Ministry of Freedom could be using stronger open source > tech in their product than they currently do. Eg, coreboot has Verified > Boot mode, which is roughly like UEFI's Secure Boot, and can help > protect the a blob-free system more than just Libreboot. thank you for the clarification :) > ... Users should not have to rebuild their refurbished firmware > to make it better, the vendor should offer that. you've got my vote ;) > Recently someone ported a modern ARM-based Chromebook (ASUS C201, Veyron > Speedy) to use Libreboot, w/o blobs. That's another alternative to old > x86 systems, with different attacks. I'm not sure what's safer, ARM or > x86 these days. x86 BIOS/UEFI attackers are well-documented by > researchers, but ARM-based ones are less so, AFAICT. I'm unclear what's > safer from attackers, an old x86, or a modern ARM or AMD system. > http://firmwaresecurity.com/2015/08/13/libreboot-ported-to-modern-arm-chromebook/ it appears nothing is safe, and the effort is trivial to modest. #infosec > Blob-free and secure, that's my goal. BIOS -- even Libreboot's SeaBIOS > -- is not secure. this reminds me of the open hardware processor designs; yes - it is open! but, it lacks modern security features to assist operating system and application developers securing their systems... fun problems :) best regards, From guninski at guninski.com Tue Sep 1 03:08:41 2015 From: guninski at guninski.com (Georgi Guninski) Date: Tue, 1 Sep 2015 13:08:41 +0300 Subject: Linux Foundation' Linux workstation security checklist In-Reply-To: References: <20150831111344.GA2558@sivokote.iziade.m$> <55E4B7A2.1090907@gmail.com> Message-ID: <20150901100841.GA3854@sivokote.iziade.m$> On Mon, Aug 31, 2015 at 07:33:24PM -0700, coderman wrote: > > building your own BIOS images, signing your own bootstraps, is "not offer much"? > > you're wrong and these are incredibly useful security measures. > They protect against trojanized (off the shelf) BIOS. If an adversary has sufficient supply of application and root sploits, how much they will protect you? Instead of rootkit they will root you every boot IMHO. From guninski at guninski.com Tue Sep 1 23:58:56 2015 From: guninski at guninski.com (Georgi Guninski) Date: Wed, 2 Sep 2015 09:58:56 +0300 Subject: Linux Foundation' Linux workstation security checklist In-Reply-To: References: <20150831111344.GA2558@sivokote.iziade.m$> <55E4B7A2.1090907@gmail.com> <55E5C79D.3060305@gmail.com> Message-ID: <20150902065856.GA2494@sivokote.iziade.m$> > > it appears nothing is safe, and the effort is trivial to modest. #infosec > That was my point. For the other msg, there are bugs in virtualization software too. From dal at riseup.net Wed Sep 2 18:28:32 2015 From: dal at riseup.net (Douglas Lucas) Date: Wed, 2 Sep 2015 20:28:32 -0500 Subject: Article by me on B. Brown transcript Message-ID: <55E7A240.9000706@riseup.net> Hi cypherpunks, I obtained the transcript to journalist Barrett Brown's second and final sentencing hearing and wrote an article on it. The lengthy article is all about the right to link. Here's the article: http://revolution-news.com/barrett-brown-vs-the-dept-of-justice-defining-the-right-to-link/ Here's the transcript (PDF): http://douglaslucas.com/files/BBLOL_Transcript_January_Sentencing.pdf Thanks, Douglas From coderman at gmail.com Wed Sep 2 22:51:51 2015 From: coderman at gmail.com (coderman) Date: Wed, 2 Sep 2015 22:51:51 -0700 Subject: Linux Foundation' Linux workstation security checklist In-Reply-To: <20150902065856.GA2494@sivokote.iziade.m$> References: <20150831111344.GA2558@sivokote.iziade.m$> <55E4B7A2.1090907@gmail.com> <55E5C79D.3060305@gmail.com> <20150902065856.GA2494@sivokote.iziade.m$> Message-ID: On 9/1/15, Georgi Guninski wrote: >> >> it appears nothing is safe, and the effort is trivial to modest. #infosec >> > > That was my point. what's funny is this leads to security advantage through obscurity, where the bespoke solutions break off-the-shelf exploitation techniques. this delay between failed attempt and success, or simply failed attempt and plan B, used to provide early warning and feedback. what a world we live in! best regards, From coderman at gmail.com Wed Sep 2 23:03:55 2015 From: coderman at gmail.com (coderman) Date: Wed, 2 Sep 2015 23:03:55 -0700 Subject: [tor-relays] clarification on what Utah State University exit relays store ("360 gigs of log files") In-Reply-To: <55E76428.7070109@teamsammut.com> References: <55C59BBA.2020700@openmailbox.org> <1439101342-sup-8277@metis.syd1.tesser.org> <20150812234512.GE2384@torproject.org> <20150813074017.GF2384@torproject.org> <20150821043032.GB5822@torproject.org> <55E76428.7070109@teamsammut.com> Message-ID: On 9/2/15, Tim Sammut wrote: > ... > - Cisco IOS (and likely other platforms) will immediately export flows > if the cache fills to capacity. This will result in flows being > exported in less than inactive timeout,.. there is a second limit here, which is the netflow channel capacity / storage limit, if you introduce simulated flows at a rate beyond this capacity, you may become unobservable (via loss) resulting in failure to correlate. this is why i asked about logical injection via userspace of billions of flows per minute as a resistance measure. (e.g. scapy or other raw inject across a border with cooperating peer, if needed.) best regards, From grarpamp at gmail.com Thu Sep 3 08:31:06 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 3 Sep 2015 11:31:06 -0400 Subject: [tor-relays] clarification on what Utah State University exit relays store ("360 gigs of log files") In-Reply-To: References: <55C59BBA.2020700@openmailbox.org> <1439101342-sup-8277@metis.syd1.tesser.org> <20150812234512.GE2384@torproject.org> <20150813074017.GF2384@torproject.org> <20150821043032.GB5822@torproject.org> <55E76428.7070109@teamsammut.com> Message-ID: On Thu, Sep 3, 2015 at 2:03 AM, coderman wrote: > there is a second limit here, which is the netflow channel capacity / > storage limit, if you introduce simulated flows at a rate beyond this > capacity, you may become unobservable (via loss) resulting in failure > to correlate. I've seen ISP saturate their own backbone with netflow during nice UDP DoS, collectors had to be hung off local router ports after that. > this is why i asked about logical injection via userspace of billions > of flows per minute as a resistance measure. (e.g. scapy or other raw > inject across a border with cooperating peer, if needed.) If the collector is not protected you can inject bogus flows, implicate your neighbor and fill disks. From pgut001 at cs.auckland.ac.nz Thu Sep 3 04:59:11 2015 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Thu, 3 Sep 2015 11:59:11 +0000 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: <20150903112721.GA2732@sivokote.iziade.m$> References: <20150903112721.GA2732@sivokote.iziade.m$> Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4AF0463@uxcn10-5.UoA.auckland.ac.nz> One saving grace about RFC 2631 was that it was pretty much universally ignored for the reason that it was, well, a pretty stupid way to do things, so the number of affected implementations would be approximately zero. (I only know of one, rather minor, vendor who implemented it. Microsoft implemented it in receive-only mode solely so that they couldn't be accused of being non-standards-compliant, but I'd be very surprised if there was anything still around that supported it. For starters you'd need to be able to find a CA that could issue you a DH certificate...). Peter. From pgut001 at cs.auckland.ac.nz Thu Sep 3 06:33:48 2015 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Thu, 3 Sep 2015 13:33:48 +0000 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: <20150903133004.GB2732@sivokote.iziade.m$> References: <20150903112721.GA2732@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF0463@uxcn10-5.UoA.auckland.ac.nz>, <20150903133004.GB2732@sivokote.iziade.m$> Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4AF0566@uxcn10-5.UoA.auckland.ac.nz> Georgi Guninski writes: >Anyway, I would appreciate if someone checks if current implementations >accept composite $q$. Well, I think the problem will be finding any implementation of this at all, or at least any that's still around now. >What do you mean by DH certificate? The static DH parameters need to be turned into a certificate by a CA. I don't know of any public CA that can issue these. Peter. From pgut001 at cs.auckland.ac.nz Thu Sep 3 06:42:24 2015 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Thu, 3 Sep 2015 13:42:24 +0000 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: <20150903133823.GC2732@sivokote.iziade.m$> References: <20150903112721.GA2732@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF0463@uxcn10-5.UoA.auckland.ac.nz> <20150903133004.GB2732@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF0566@uxcn10-5.UoA.auckland.ac.nz>, <20150903133823.GC2732@sivokote.iziade.m$> Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4AF0585@uxcn10-5.UoA.auckland.ac.nz> Georgi Guninski writes: >Well openessl appears to support dhparam: >https://www.openssl.org/docs/manmaster/apps/dhparam.html That just indicates support for PKCS #3 DH parameters, not anything else. In any case the page also says: OpenSSL currently only supports the older PKCS#3 DH, not the newer X9.42 DH. so that explicitly precludes using it in certs, even if code elsewhere would support such usage. I've gone through my (sizeable) cert collection and found a single example of X9.42 certs, created by a USG contracting company paid to develop the code for this and dating from 1996. The certs are signed with a test DSA key, and contain a number of errors (zero-length fields, the DH key is marked as a CA signing key, etc). Peter. From guninski at guninski.com Thu Sep 3 04:27:21 2015 From: guninski at guninski.com (Georgi Guninski) Date: Thu, 3 Sep 2015 14:27:21 +0300 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method Message-ID: <20150903112721.GA2732@sivokote.iziade.m$> Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method I am n00b at crypto so this might not make any sense. In DH, if one can select group parameters (g,q,p) he can break both parties private very fast time IMHO. The RFC: https://tools.ietf.org/html/rfc2631 The main problem appears: https://tools.ietf.org/html/rfc2631#section-2.2.2 2.2.2. Group Parameter Validation The ASN.1 for DH keys in [PKIX] includes elements j and validation- Parms which MAY be used by recipients of a key to verify that the group parameters were correctly generated. Two checks are possible: 1. Verify that p=qj + 1. This demonstrates that the parameters meet the X9.42 parameter criteria. 2. Verify that when the p,q generation procedure of [FIPS-186] Appendix 2 is followed with seed 'seed', that p is found when 'counter' = pgenCounter. The main problem appears MAY. As I read it, implementation MAY NOT verify it. Sketch of the attack: Chose $q$ product of small primes $p_i$. Solve the discrete logarithm modulo $p_i$ for the public keys. Apply the Chinese remainder theorem to get the privates keys. (This is well known method for DL and for this reason the group order must be prime [160 bits ;)]). Would be interested how implementations implement this MAY. Let me know if there is better list for this. -- georgi From pgut001 at cs.auckland.ac.nz Thu Sep 3 08:38:23 2015 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Thu, 3 Sep 2015 15:38:23 +0000 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: <20150903150801.GD2732@sivokote.iziade.m$> References: <20150903112721.GA2732@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF0463@uxcn10-5.UoA.auckland.ac.nz>, <20150903150801.GD2732@sivokote.iziade.m$> Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4AF1DA5@uxcn10-5.UoA.auckland.ac.nz> Georgi Guninski writes: >Even if "affected implementations would be approximately zero", >can we count this as "crypto backdoored RFC" as per OP? Oh sure, it's definitely broken. OTOH I'm not sure if it's a deliberate backdoor, the whole thing is such a bad design to begin with that something like this is really just the icing on the cake. It may be worth submitting an erratum to the RFC that mentions the problem, just in case anyone is actually crazy enough to want to implement this in the future. Peter. From guninski at guninski.com Thu Sep 3 06:30:04 2015 From: guninski at guninski.com (Georgi Guninski) Date: Thu, 3 Sep 2015 16:30:04 +0300 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4AF0463@uxcn10-5.UoA.auckland.ac.nz> References: <20150903112721.GA2732@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF0463@uxcn10-5.UoA.auckland.ac.nz> Message-ID: <20150903133004.GB2732@sivokote.iziade.m$> On Thu, Sep 03, 2015 at 11:59:11AM +0000, Peter Gutmann wrote: > One saving grace about RFC 2631 was that it was pretty much universally > ignored for the reason that it was, well, a pretty stupid way to do things, so > the number of affected implementations would be approximately zero. > Anyway, I would appreciate if someone checks if current implementations accept composite $q$. > (I only know of one, rather minor, vendor who implemented it. Microsoft > implemented it in receive-only mode solely so that they couldn't be accused of > being non-standards-compliant, but I'd be very surprised if there was anything > still around that supported it. For starters you'd need to be able to find a > CA that could issue you a DH certificate...). > What do you mean by DH certificate? Can DH sign? > Peter. From guninski at guninski.com Thu Sep 3 06:38:23 2015 From: guninski at guninski.com (Georgi Guninski) Date: Thu, 3 Sep 2015 16:38:23 +0300 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4AF0566@uxcn10-5.UoA.auckland.ac.nz> References: <20150903112721.GA2732@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF0463@uxcn10-5.UoA.auckland.ac.nz> <20150903133004.GB2732@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF0566@uxcn10-5.UoA.auckland.ac.nz> Message-ID: <20150903133823.GC2732@sivokote.iziade.m$> On Thu, Sep 03, 2015 at 01:33:48PM +0000, Peter Gutmann wrote: > Georgi Guninski writes: > > >Anyway, I would appreciate if someone checks if current implementations > >accept composite $q$. > > Well, I think the problem will be finding any implementation of this at all, > or at least any that's still around now. > > >What do you mean by DH certificate? > > The static DH parameters need to be turned into a certificate by a CA. I > don't know of any public CA that can issue these. > > Peter. Well openessl appears to support dhparam: https://www.openssl.org/docs/manmaster/apps/dhparam.html (maybe one needs to patch the source). Maybe the same approach will work for DSA. From guninski at guninski.com Thu Sep 3 08:08:01 2015 From: guninski at guninski.com (Georgi Guninski) Date: Thu, 3 Sep 2015 18:08:01 +0300 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4AF0463@uxcn10-5.UoA.auckland.ac.nz> References: <20150903112721.GA2732@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF0463@uxcn10-5.UoA.auckland.ac.nz> Message-ID: <20150903150801.GD2732@sivokote.iziade.m$> On Thu, Sep 03, 2015 at 11:59:11AM +0000, Peter Gutmann wrote: > One saving grace about RFC 2631 was that it was pretty much universally > ignored for the reason that it was, well, a pretty stupid way to do things, so > the number of affected implementations would be approximately zero. > Even if "affected implementations would be approximately zero", can we count this as "crypto backdoored RFC" as per OP? From guninski at guninski.com Fri Sep 4 01:26:05 2015 From: guninski at guninski.com (Georgi Guninski) Date: Fri, 4 Sep 2015 11:26:05 +0300 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4AF0463@uxcn10-5.UoA.auckland.ac.nz> References: <20150903112721.GA2732@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF0463@uxcn10-5.UoA.auckland.ac.nz> Message-ID: <20150904082605.GA2705@sivokote.iziade.m$> On Thu, Sep 03, 2015 at 11:59:11AM +0000, Peter Gutmann wrote: > the number of affected implementations would be approximately zero. > openssl's DSA appears to check primality of q. Attached are pub and private key with q composite (beware the private key might not be generated correctly). -------------- next part -------------- A non-text attachment was scrubbed... Name: key-comp.key Type: application/pgp-keys Size: 800 bytes Desc: not available URL: -------------- next part -------------- -----BEGIN PUBLIC KEY----- MIIBqjCCARwGByqGSM44BAEwggEPAoGDHpNuAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAEzMTUsCgYMPSbcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJmYm pQIBAgOBhwACgYMcpXCzpFuiXi9u64FFbEj5eew0sGq3LiDqRx1rYz7s/+4CQrU1 Dm+kKYAhryBlV5J3emhTlA6IKp4y9RXlE85Ww9rxv8STUd0Yo45EuIRQHAXZ+CNi 3GgwnLDICEXoVePZ4QldDF15aAi5f23KHEkJdhMveOlXTd/gHT4Qtm12irX1CA== -----END PUBLIC KEY----- From guninski at guninski.com Fri Sep 4 04:34:37 2015 From: guninski at guninski.com (Georgi Guninski) Date: Fri, 4 Sep 2015 14:34:37 +0300 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: <20150904082605.GA2705@sivokote.iziade.m$> References: <20150903112721.GA2732@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF0463@uxcn10-5.UoA.auckland.ac.nz> <20150904082605.GA2705@sivokote.iziade.m$> Message-ID: <20150904113437.GB2705@sivokote.iziade.m$> On Fri, Sep 04, 2015 at 11:26:05AM +0300, Georgi Guninski wrote: > openssl's DSA appears to check primality of q. > This almost sure is wrong. openssl's DSA verify/sign don't check the primality of $q$. tested on openssl 1.0.1g (I know it is old). Got hurt by this backdoor: i = BN_num_bits(dsa->q); /* fips 186-3 allows only different sizes for q */ if (i != 160 && i != 224 && i != 256) { DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE); return -1; } Attached are private and private keys, with $q$ composite and equal to: 604462909807314587353111 * 1208925819614629174706189 Session with 1.0.1g: fuuu:cp /tmp/key-comp2.* . fuuu:echo "fuck" > foo.txt fuuu:./apps/openssl dgst -dss1 -sign key-comp2.key foo.txt > sigfile.bin fuuu:./apps/openssl dgst -verify key-comp2.pub -signature sigfile.bin foo.txt Verified OK Cheers, -- georgi -------------- next part -------------- -----BEGIN PUBLIC KEY----- MIIB+jCCAVgGByqGSM44BAEwggFLAoGXD4hnAAAAAAAAA5RvvQAAAAAAACRIoJoA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAACcDmrUAAAAAAAj91Ke3AAAAAABbImtizwIVAIAAAAAAAAAAAB2AAAAA AAAAAAErAoGXCdDI9rPY9TfwrEvryKmGuZN8LoGYbsq4CNYvmTJraqOy6zuPYh92 I56kWpI/FCyuZgs6UgUfSiwQJaTv9W5lB0HPtt9QNe9THyfDO6zEL59JkisCCkrf b3cEV7/HDiFIjt7T/YpNcGhzzPhLaDwFoUMKIRuMALz7zjafY95l5LyAr8dqkMAW uT3hLqc2EeuslCQEwASgpQOBmwACgZcK1pfXtJsPgwxDDCIy0bXw+JyYpUBxe3GB 6oa+ryXBcGMJD7i8kWcaJDB7zkJhR+VznRfURvU8bZ32MNIG5ppxED1jqiHdgBne VSUR3nlb3eUj1isEMxE6dDZKWkI63jIMBG9vHpQ1D8SL5U/vzTsI1VZfyYqqxQzi ChInUEMSFattu5utG78WwspplBjijKTb8ufXaVIs -----END PUBLIC KEY----- -------------- next part -------------- A non-text attachment was scrubbed... Name: key-comp2.key Type: application/pgp-keys Size: 938 bytes Desc: not available URL: From guninski at guninski.com Fri Sep 4 05:08:16 2015 From: guninski at guninski.com (Georgi Guninski) Date: Fri, 4 Sep 2015 15:08:16 +0300 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: <20150904113437.GB2705@sivokote.iziade.m$> References: <20150903112721.GA2732@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF0463@uxcn10-5.UoA.auckland.ac.nz> <20150904082605.GA2705@sivokote.iziade.m$> <20150904113437.GB2705@sivokote.iziade.m$> Message-ID: <20150904120816.GC2705@sivokote.iziade.m$> On Fri, Sep 04, 2015 at 02:34:37PM +0300, Georgi Guninski wrote: > tested on openssl 1.0.1g (I know it is old). > Same on latest openssl-1.0.1p. From alfonso.degregorio at gmail.com Fri Sep 4 23:37:09 2015 From: alfonso.degregorio at gmail.com (Alfonso De Gregorio) Date: Sat, 5 Sep 2015 06:37:09 +0000 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: <20150905052803.GA2661@sivokote.iziade.m$> References: <20150903112721.GA2732@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF0463@uxcn10-5.UoA.auckland.ac.nz> <20150904082605.GA2705@sivokote.iziade.m$> <20150904113437.GB2705@sivokote.iziade.m$> <20150904120816.GC2705@sivokote.iziade.m$> <20150905052803.GA2661@sivokote.iziade.m$> Message-ID: On Sat, Sep 5, 2015 at 5:28 AM, Georgi Guninski wrote: ... > This works with openssl 1.0.1p over SSL. > > Attached is self signed cert and the priv. key. > > Session: > ./apps/openssl s_server -accept 8080 -cert ./cacert2.pem -key > ./key-comp2.key -HTTP > > openssl s_client -connect localhost:8080 > > Server public key is 1204 bit > Verify return code: 18 (self signed certificate) > > > sage: q=0x008000000000000000001d8000000000000000012b > sage: factor(q) > 604462909807314587353111 * 1208925819614629174706189 Georgi, just a quick note to thank you for sharing your research and taking time to verify your findings against OpenSSL. I've been researching cryptographic backdoors -- you may want to review this http://illusoryTLS.com/ -- and the lack of checks on group parameters, malicious or otherwise (*), is to me yet another cause for concern. Great catch! (*) It would be interesting to look at the story of RFC-2631, as Bernstein, Lange, and Niederhagen did for the Dual EC standard https://projectbullrun.org/dual-ec/ Cheers, -- Alfonso From alfonso.degregorio at gmail.com Sat Sep 5 00:41:11 2015 From: alfonso.degregorio at gmail.com (Alfonso De Gregorio) Date: Sat, 5 Sep 2015 07:41:11 +0000 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: <20150905070749.GC2661@sivokote.iziade.m$> References: <20150903112721.GA2732@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF0463@uxcn10-5.UoA.auckland.ac.nz> <20150904082605.GA2705@sivokote.iziade.m$> <20150904113437.GB2705@sivokote.iziade.m$> <20150904120816.GC2705@sivokote.iziade.m$> <20150905052803.GA2661@sivokote.iziade.m$> <20150905070749.GC2661@sivokote.iziade.m$> Message-ID: On Sat, Sep 5, 2015 at 7:07 AM, Georgi Guninski wrote: > On Sat, Sep 05, 2015 at 06:37:09AM +0000, Alfonso De Gregorio wrote: >> >> (*) It would be interesting to look at the story of RFC-2631, as >> Bernstein, Lange, and Niederhagen did for the Dual EC standard >> https://projectbullrun.org/dual-ec/ >> > > 2631 is on wikipedia's page for DH. Sure, the questions are: What is the origin of the current wording of the standard, that opens an avenue for lax checks for group parameters? Or, if, as you correctly pointed out, an implementation MAY NOT check group parameters, which entity deserves credit for it? Interestingly, a review of revisions (using rfcdiff) shows that the current wording was introduced in draft #1 of draft-ietf-smime-x942 https://tools.ietf.org/rfcdiff?difftype=--hwdiff&url2=draft-ietf-smime-x942-01.txt. This is dated October 1998. Yet, it is still not clear if the diff is to be attributed to Rescorla, or any other contributor to the this standardization effort. Cheers, -- Alfonso From alfonso.degregorio at gmail.com Sat Sep 5 01:10:50 2015 From: alfonso.degregorio at gmail.com (Alfonso De Gregorio) Date: Sat, 5 Sep 2015 08:10:50 +0000 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: <20150905080732.GE2661@sivokote.iziade.m$> References: <20150903112721.GA2732@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF0463@uxcn10-5.UoA.auckland.ac.nz> <20150904082605.GA2705@sivokote.iziade.m$> <20150904113437.GB2705@sivokote.iziade.m$> <20150904120816.GC2705@sivokote.iziade.m$> <20150905052803.GA2661@sivokote.iziade.m$> <20150905070749.GC2661@sivokote.iziade.m$> <20150905080732.GE2661@sivokote.iziade.m$> Message-ID: On Sat, Sep 5, 2015 at 8:07 AM, Georgi Guninski wrote: ... > IMHO I haven't demonstrated attack against DH yet > (believe it is possible). > > The current examples are against DSA, not DH. Correct. I have the same feeling. I hope further research will prove both to be wrong about this. Cheers, -- Alfonso From guninski at guninski.com Fri Sep 4 22:28:03 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sat, 5 Sep 2015 08:28:03 +0300 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: <20150904120816.GC2705@sivokote.iziade.m$> References: <20150903112721.GA2732@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF0463@uxcn10-5.UoA.auckland.ac.nz> <20150904082605.GA2705@sivokote.iziade.m$> <20150904113437.GB2705@sivokote.iziade.m$> <20150904120816.GC2705@sivokote.iziade.m$> Message-ID: <20150905052803.GA2661@sivokote.iziade.m$> On Fri, Sep 04, 2015 at 03:08:16PM +0300, Georgi Guninski wrote: > On Fri, Sep 04, 2015 at 02:34:37PM +0300, Georgi Guninski wrote: > > tested on openssl 1.0.1g (I know it is old). > > > > Same on latest openssl-1.0.1p. This works with openssl 1.0.1p over SSL. Attached is self signed cert and the priv. key. Session: ./apps/openssl s_server -accept 8080 -cert ./cacert2.pem -key ./key-comp2.key -HTTP openssl s_client -connect localhost:8080 Server public key is 1204 bit Verify return code: 18 (self signed certificate) sage: q=0x008000000000000000001d8000000000000000012b sage: factor(q) 604462909807314587353111 * 1208925819614629174706189 -------------- next part -------------- -----BEGIN CERTIFICATE----- MIIDWTCCAxmgAwIBAgIJANFIfLCCwmohMAkGByqGSM44BAMwRTELMAkGA1UEBhMC QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp dHMgUHR5IEx0ZDAeFw0xNTA5MDUwNDU5MDhaFw0xNTEwMDUwNDU5MDhaMEUxCzAJ BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l dCBXaWRnaXRzIFB0eSBMdGQwggH6MIIBWAYHKoZIzjgEATCCAUsCgZcPiGcAAAAA AAADlG+9AAAAAAAAJEigmgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJwOatQAAAAAACP3Up7cAAAAAAFsia2LP AhUAgAAAAAAAAAAAHYAAAAAAAAAAASsCgZcJ0Mj2s9j1N/CsS+vIqYa5k3wugZhu yrgI1i+ZMmtqo7LrO49iH3YjnqRakj8ULK5mCzpSBR9KLBAlpO/1bmUHQc+231A1 71MfJ8M7rMQvn0mSKwIKSt9vdwRXv8cOIUiO3tP9ik1waHPM+EtoPAWhQwohG4wA vPvONp9j3mXkvICvx2qQwBa5PeEupzYR66yUJATABKClA4GbAAKBlwrWl9e0mw+D DEMMIjLRtfD4nJilQHF7cYHqhr6vJcFwYwkPuLyRZxokMHvOQmFH5XOdF9RG9Txt nfYw0gbmmnEQPWOqId2AGd5VJRHeeVvd5SPWKwQzETp0NkpaQjreMgwEb28elDUP xIvlT+/NOwjVVl/JiqrFDOIKEidQQxIVq227m60bvxbCymmUGOKMpNvy59dpUiyj UDBOMB0GA1UdDgQWBBR86RWS1KB00TAlUbBQ5fvT+m/dZDAfBgNVHSMEGDAWgBR8 6RWS1KB00TAlUbBQ5fvT+m/dZDAMBgNVHRMEBTADAQH/MAkGByqGSM44BAMDLwAw LAIUIgfVcrrQmbZ66mEuuovK1VMcw4gCFCIx+eoRWZKvFiuA6eBg++lN0uV9 -----END CERTIFICATE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: key-comp2.key Type: application/pgp-keys Size: 938 bytes Desc: not available URL: From guninski at guninski.com Sat Sep 5 00:07:49 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sat, 5 Sep 2015 10:07:49 +0300 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: References: <20150903112721.GA2732@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF0463@uxcn10-5.UoA.auckland.ac.nz> <20150904082605.GA2705@sivokote.iziade.m$> <20150904113437.GB2705@sivokote.iziade.m$> <20150904120816.GC2705@sivokote.iziade.m$> <20150905052803.GA2661@sivokote.iziade.m$> Message-ID: <20150905070749.GC2661@sivokote.iziade.m$> On Sat, Sep 05, 2015 at 06:37:09AM +0000, Alfonso De Gregorio wrote: > > (*) It would be interesting to look at the story of RFC-2631, as > Bernstein, Lange, and Niederhagen did for the Dual EC standard > https://projectbullrun.org/dual-ec/ > 2631 is on wikipedia's page for DH. Another concern for backdoor is the FIPS in this thread, which requires small subgroup (as low as 160 bits). Having in mind for generic primes DL is subexponential (IIRC something like GNFS), the complexity of DL in small subgroup is questionable. Just to note so far this thread questions: 1. DH's RFC 2. DSA as implemented by openssl 3. FIPS requiring small subgroup. -- georgi From natanael.l at gmail.com Sat Sep 5 01:17:45 2015 From: natanael.l at gmail.com (Natanael) Date: Sat, 5 Sep 2015 10:17:45 +0200 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: <20150905080439.GD2661@sivokote.iziade.m$> References: <20150903112721.GA2732@sivokote.iziade.m$> <20150905080439.GD2661@sivokote.iziade.m$> Message-ID: Metzdowd & randombit's respective crypto mailing lists, crypto practicum (smaller), reddit's /r/crypto forum (I'm a mod there). They're all open to noobs that are willing to learn (but keep in mind that staying on topic and succinct is a bit more important on the mailing lists, in particular metzdowd apply premoderation with formatting requirements). - Sent from my tablet Den 5 sep 2015 10:05 skrev "Georgi Guninski" : > Blogged about this: > > https://j.ludost.net/blog/archives/2015/09/05/rfc-2631_fips_186-3_and_openssls_implementation_of_dsa_appear_broken_and_possibly_backdoored/index.html#top > > Is there better forum for this, some crypto list for noobs? > > Have reliable key generation, but even the current key is > weak enough IMHO (it is about O(2^40) ). > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1297 bytes Desc: not available URL: From guninski at guninski.com Sat Sep 5 01:04:39 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sat, 5 Sep 2015 11:04:39 +0300 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: <20150903112721.GA2732@sivokote.iziade.m$> References: <20150903112721.GA2732@sivokote.iziade.m$> Message-ID: <20150905080439.GD2661@sivokote.iziade.m$> Blogged about this: https://j.ludost.net/blog/archives/2015/09/05/rfc-2631_fips_186-3_and_openssls_implementation_of_dsa_appear_broken_and_possibly_backdoored/index.html#top Is there better forum for this, some crypto list for noobs? Have reliable key generation, but even the current key is weak enough IMHO (it is about O(2^40) ). From guninski at guninski.com Sat Sep 5 01:07:32 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sat, 5 Sep 2015 11:07:32 +0300 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: References: <20150903112721.GA2732@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF0463@uxcn10-5.UoA.auckland.ac.nz> <20150904082605.GA2705@sivokote.iziade.m$> <20150904113437.GB2705@sivokote.iziade.m$> <20150904120816.GC2705@sivokote.iziade.m$> <20150905052803.GA2661@sivokote.iziade.m$> <20150905070749.GC2661@sivokote.iziade.m$> Message-ID: <20150905080732.GE2661@sivokote.iziade.m$> On Sat, Sep 05, 2015 at 07:41:11AM +0000, Alfonso De Gregorio wrote: > Sure, the questions are: What is the origin of the current wording of > the standard, that opens an avenue for lax checks for group > parameters? Or, if, as you correctly pointed out, an implementation > MAY NOT check group parameters, which entity deserves credit for it? > IMHO I haven't demonstrated attack against DH yet (believe it is possible). The current examples are against DSA, not DH. From guninski at guninski.com Sat Sep 5 01:42:49 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sat, 5 Sep 2015 11:42:49 +0300 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: References: <20150903112721.GA2732@sivokote.iziade.m$> <20150905080439.GD2661@sivokote.iziade.m$> Message-ID: <20150905084249.GF2661@sivokote.iziade.m$> On Sat, Sep 05, 2015 at 10:17:45AM +0200, Natanael wrote: > Metzdowd & randombit's respective crypto mailing lists, crypto practicum > (smaller), reddit's /r/crypto forum (I'm a mod there). They're all open to > noobs that are willing to learn (but keep in mind that staying on topic and > succinct is a bit more important on the mailing lists, in particular > metzdowd apply premoderation with formatting requirements). > > - Sent from my tablet Thanks. Maybe will spam some of these later. If someone spams before me, please let me know. From pgut001 at cs.auckland.ac.nz Sat Sep 5 04:45:07 2015 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Sat, 5 Sep 2015 11:45:07 +0000 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: References: <20150903112721.GA2732@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF0463@uxcn10-5.UoA.auckland.ac.nz> <20150904082605.GA2705@sivokote.iziade.m$> <20150904113437.GB2705@sivokote.iziade.m$> <20150904120816.GC2705@sivokote.iziade.m$> <20150905052803.GA2661@sivokote.iziade.m$> <20150905070749.GC2661@sivokote.iziade.m$>, Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4AF36EE@uxcn10-5.UoA.auckland.ac.nz> Alfonso De Gregorio writes: >Sure, the questions are: What is the origin of the current wording of the >standard, that opens an avenue for lax checks for group parameters? Or, if, >as you correctly pointed out, an implementation MAY NOT check group >parameters, which entity deserves credit for it? You need to go back to the original source of all the DLP stuff, which is DSA / FIPS 186. Now that didn't require any validation of anything until FIPS 186-3 came along in June 2009, and that in turn points to SP 800-89, which has a section 4 "Assurance of Domain Parameter Validity". This one gets really complicated because you can get the domain parameters from all over the place (generated yourself, provided for you by a third party, found at the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying 'Beware of the Leopard', ...). So if you generate them yourself, you're OK. If you get them from a CA then you don't need to care because if the CA wants to attack you then they can just issue a forged cert in your name and don't need to worry about backdooring the params (in any case using shared params is a bad idea because they allow forgery of signatures on certificates. Suppose that the certificate contains a copy of the certificate signer's DSA parameters, and the verifier of the certificate has a copy of the signer's public key but not the signer's DSA parameters (which are shared with other keys). If the verifier uses the DSA parameters from the certificate along with the signer's public key to verify the signature on the certificate, then an attacker can create bogus certificates by choosing a random u and finding its inverse v modulo q (uv is congruent to 1 modulo q). Then take the certificate signer's public key g^x and compute g' = (g^x)^u. Then g'^v = g^x. Using the DSA parameters p, q, g', the signer's public key corresponds to the private key v, which the attacker knows. The attacker can then create a bogus certificate, put parameters (p, q, g') in it, and sign it with the DSA private key v to create an apparently valid certificate). Finally, if you get them from the disused lavatory then you deserve everything you get^H^H^H^H^H^H^H^HFIPS 186-3 has validation requirements that use the optional j and seed parameters, but I've never seen them used anywhere so even though the validation requirements exist, you can't apply them. The real question though is, why would anyone use parameters they didn't generate themselves? All DSA implementations I've seen (apart from some experimental code from the 1990s, which also encoded the j/seed values) generate all the parameters themselves, it's not like ECDSA where everyone ends up using some shared values that a "trusted" external party provides them. Peter. From guninski at guninski.com Sat Sep 5 03:07:31 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sat, 5 Sep 2015 13:07:31 +0300 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: <20150905052803.GA2661@sivokote.iziade.m$> References: <20150903112721.GA2732@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF0463@uxcn10-5.UoA.auckland.ac.nz> <20150904082605.GA2705@sivokote.iziade.m$> <20150904113437.GB2705@sivokote.iziade.m$> <20150904120816.GC2705@sivokote.iziade.m$> <20150905052803.GA2661@sivokote.iziade.m$> Message-ID: <20150905100731.GG2661@sivokote.iziade.m$> On Sat, Sep 05, 2015 at 08:28:03AM +0300, Georgi Guninski wrote: > This works with openssl 1.0.1p over SSL. > > Attached is self signed cert and the priv. key. > > Session: > ./apps/openssl s_server -accept 8080 -cert ./cacert2.pem -key > ./key-comp2.key -HTTP > > openssl s_client -connect localhost:8080 > > Server public key is 1204 bit > Verify return code: 18 (self signed certificate) > > > sage: q=0x008000000000000000001d8000000000000000012b > sage: factor(q) > 604462909807314587353111 * 1208925819614629174706189 > Troll friendly :)))) This appears to work on libressl-2.2.3 too. Independent verification will be appreciated. Hi Theo :P -- georgi From alfonso.degregorio at gmail.com Sat Sep 5 06:41:23 2015 From: alfonso.degregorio at gmail.com (Alfonso De Gregorio) Date: Sat, 5 Sep 2015 13:41:23 +0000 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: <20150905115048.GI2661@sivokote.iziade.m$> References: <20150903112721.GA2732@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF0463@uxcn10-5.UoA.auckland.ac.nz> <20150904082605.GA2705@sivokote.iziade.m$> <20150904113437.GB2705@sivokote.iziade.m$> <20150904120816.GC2705@sivokote.iziade.m$> <20150905052803.GA2661@sivokote.iziade.m$> <20150905070749.GC2661@sivokote.iziade.m$> <20150905115048.GI2661@sivokote.iziade.m$> Message-ID: On Sat, Sep 5, 2015 at 11:50 AM, Georgi Guninski wrote: ... > If you feel like debugging RFC, start from: > > RFC: 2119 > > https://tools.ietf.org/html/rfc2119#section-5 > 5. MAY This word, or the adjective "OPTIONAL", mean that an item is > truly optional. > > This includes many backdoors per lack of formalism. > > IMHO RFC must use only MUST or "MUST NOT" to make > the ``formal model'' soundly defined (recursively RFC compliant). While I sympathize with your point of view, and while I would welcome a full equivalence of implementations, exclusivity of mandatory requirements is neither a principle governing today's standardization works, nor, sure enough, a principle that guided the standardization of protocols back in the 1990s. The key words defined in RFC 2119 reflect one one or any combinations of the following: * A robustness principle, codified in the Postel's Law; * Economic interests at stake; * Understanding of the subject matter. Today our community has finally reconsidered the principle that, asking designers to "[b]e conservative in what [they] send, [but] be liberal in what [they] accept", promised robustness on the internet. But the incentives are still the same; interoperability and security are always in tension. It is worth to note that, yesterday as today, we need a better understanding of the subject matter. It should have been obvious that a validation of group parameters has security implications. And, just like any and all security relevant requirements, it should have been made a mandatory check. I second Peter's recommendation; consider filing an erratum. Cheers, -- Alfonso From alfonso.degregorio at gmail.com Sat Sep 5 07:06:22 2015 From: alfonso.degregorio at gmail.com (Alfonso De Gregorio) Date: Sat, 5 Sep 2015 14:06:22 +0000 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: <20150905133131.GJ2661@sivokote.iziade.m$> References: <20150903112721.GA2732@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF0463@uxcn10-5.UoA.auckland.ac.nz> <20150904082605.GA2705@sivokote.iziade.m$> <20150904113437.GB2705@sivokote.iziade.m$> <20150904120816.GC2705@sivokote.iziade.m$> <20150905052803.GA2661@sivokote.iziade.m$> <20150905070749.GC2661@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF36EE@uxcn10-5.UoA.auckland.ac.nz> <20150905133131.GJ2661@sivokote.iziade.m$> Message-ID: On Sat, Sep 5, 2015 at 1:31 PM, Georgi Guninski wrote: > On Sat, Sep 05, 2015 at 11:45:07AM +0000, Peter Gutmann wrote: >> The real question though is, why would anyone use parameters they didn't >> generate themselves? All DSA implementations I've seen (apart from some > > What about MITM in DH -- where do you get the keys from > in this case? A key-recovery attack may allow the retroactive decryption of past communication sessions, if the network endpoints rely on fixed Diffie-Hellman. Of course, whenever an attacker can successfully mount a MITM attack the current sessions are compromised. Cheers, -- Alfonso From alfonso.degregorio at gmail.com Sat Sep 5 07:41:51 2015 From: alfonso.degregorio at gmail.com (Alfonso De Gregorio) Date: Sat, 5 Sep 2015 14:41:51 +0000 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: <20150905143147.GL2661@sivokote.iziade.m$> References: <20150904082605.GA2705@sivokote.iziade.m$> <20150904113437.GB2705@sivokote.iziade.m$> <20150904120816.GC2705@sivokote.iziade.m$> <20150905052803.GA2661@sivokote.iziade.m$> <20150905070749.GC2661@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF36EE@uxcn10-5.UoA.auckland.ac.nz> <20150905133131.GJ2661@sivokote.iziade.m$> <20150905143147.GL2661@sivokote.iziade.m$> Message-ID: On Sat, Sep 5, 2015 at 2:31 PM, Georgi Guninski wrote: > On Sat, Sep 05, 2015 at 02:06:22PM +0000, Alfonso De Gregorio wrote: >> On Sat, Sep 5, 2015 at 1:31 PM, Georgi Guninski wrote: >> > On Sat, Sep 05, 2015 at 11:45:07AM +0000, Peter Gutmann wrote: >> >> The real question though is, why would anyone use parameters they didn't >> >> generate themselves? All DSA implementations I've seen (apart from some >> > >> > What about MITM in DH -- where do you get the keys from >> > in this case? >> >> A key-recovery attack may allow the retroactive decryption of past >> communication sessions, if the network endpoints rely on fixed >> Diffie-Hellman. Of course, whenever an attacker can successfully mount >> a MITM attack the current sessions are compromised. >> > > Thanks. Are you referring to "DH as per the fucked RFC" or as "DH implemented > properly"? I'm concerned with Fixed Diffie-Hellman implemented properly. Cheers, -- Alfonso From guninski at guninski.com Sat Sep 5 04:50:48 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sat, 5 Sep 2015 14:50:48 +0300 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: References: <20150903112721.GA2732@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF0463@uxcn10-5.UoA.auckland.ac.nz> <20150904082605.GA2705@sivokote.iziade.m$> <20150904113437.GB2705@sivokote.iziade.m$> <20150904120816.GC2705@sivokote.iziade.m$> <20150905052803.GA2661@sivokote.iziade.m$> <20150905070749.GC2661@sivokote.iziade.m$> Message-ID: <20150905115048.GI2661@sivokote.iziade.m$> On Sat, Sep 05, 2015 at 07:41:11AM +0000, Alfonso De Gregorio wrote: > parameters? Or, if, as you correctly pointed out, an implementation > MAY NOT check group parameters, which entity deserves credit for it? > If you feel like debugging RFC, start from: RFC: 2119 https://tools.ietf.org/html/rfc2119#section-5 5. MAY This word, or the adjective "OPTIONAL", mean that an item is truly optional. This includes many backdoors per lack of formalism. IMHO RFC must use only MUST or "MUST NOT" to make the ``formal model'' soundly defined (recursively RFC compliant). Suppose implementation X1 follows MAY and X2 does not. Observe that in real world neither X1 nor X2 need be RFC compliant (like malware). Even if they are compliant, this might cause troubles. In my DSA SSL example (which might be technical bug in openssl, but not necessarily technical bug in hypothetical DH implementation), the key/cert wasn't RFC compliant, but passed verification. Cheers, -- georgi From alfonso.degregorio at gmail.com Sat Sep 5 08:21:30 2015 From: alfonso.degregorio at gmail.com (Alfonso De Gregorio) Date: Sat, 5 Sep 2015 15:21:30 +0000 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: <20150905150240.GM2661@sivokote.iziade.m$> References: <20150904120816.GC2705@sivokote.iziade.m$> <20150905052803.GA2661@sivokote.iziade.m$> <20150905070749.GC2661@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF36EE@uxcn10-5.UoA.auckland.ac.nz> <20150905133131.GJ2661@sivokote.iziade.m$> <20150905143147.GL2661@sivokote.iziade.m$> <20150905150240.GM2661@sivokote.iziade.m$> Message-ID: On Sat, Sep 5, 2015 at 3:02 PM, Georgi Guninski wrote: ... >> I'm concerned with Fixed Diffie-Hellman implemented properly. >> > > Do you have example of application which distinguishes proper DH from > non-proper DH? I'm confused. What do you mean by proper DH vs non-proper DH? Are you referring to the performance of group parameters validation or lack of the same, or something else? Cheers, -- Alfonso From alfonso.degregorio at gmail.com Sat Sep 5 08:40:24 2015 From: alfonso.degregorio at gmail.com (Alfonso De Gregorio) Date: Sat, 5 Sep 2015 15:40:24 +0000 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: <20150905152532.GN2661@sivokote.iziade.m$> References: <20150905070749.GC2661@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF36EE@uxcn10-5.UoA.auckland.ac.nz> <20150905133131.GJ2661@sivokote.iziade.m$> <20150905143147.GL2661@sivokote.iziade.m$> <20150905150240.GM2661@sivokote.iziade.m$> <20150905152532.GN2661@sivokote.iziade.m$> Message-ID: On Sat, Sep 5, 2015 at 3:25 PM, Georgi Guninski wrote: ... > I mean: non-proper DH is implementation which doesn't return > error/aborts if $q$ is composite. $q$ is defined in the RFC. I'm not aware of any implementation that fails to abort is q is composite. As a case in point, OpenSSL versions implementing X9.42 DH (1.0.2-Beta2 and above) test both p and q for primality: int DH_check(const DH *dh, int *ret) { /* ... */ if (dh->q) { /* ... */ if (!BN_is_prime_ex(dh->q, BN_prime_checks, ctx, NULL)) *ret |= DH_CHECK_Q_NOT_PRIME; } and if (!BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL)) *ret |= DH_CHECK_P_NOT_PRIME; else if (!dh->q) { /* ... */ } I have no evidence though that application built on OpenSSL call DH_check() function every time they need to. Cheers, -- Alfonso From alfonso.degregorio at gmail.com Sat Sep 5 08:48:48 2015 From: alfonso.degregorio at gmail.com (Alfonso De Gregorio) Date: Sat, 5 Sep 2015 15:48:48 +0000 Subject: =?UTF-8?Q?Re=3A_Hackers_spent_at_least_a_year_spying_on_Mozilla_?= =?UTF-8?Q?to_discover_Firefox_security_holes_=E2=80=93_and_exploit_them?= In-Reply-To: <20150905153537.GO2661@sivokote.iziade.m$> References: <20150905153537.GO2661@sivokote.iziade.m$> Message-ID: On Sat, Sep 5, 2015 at 3:35 PM, Georgi Guninski wrote: > Just to change the current boring discussion about fucked RFCs. > > http://www.theregister.co.uk/2015/09/04/mozilla_firefox_bugzilla_leak/ > > Hackers spent at least a year spying on Mozilla to discover Firefox > security holes – and exploit them > Bugzilla infiltrated, private vulns slurped since at least 2014 > > ==== > comments: > > 2014 appears too high bound for me, might be wrong. > > Likely the mozilla u$a comrades caught the less skilled attackers, > not those with r00t access (having in mind what a mess > their code is). > Yesterday Mudge highlighted on Twitter https://twitter.com/dotMudge/status/639866226592882689 : 1990's CERT compromised for vendor vulns. 2015 Mozilla's Bugzilla popped for the same reason. Tactics only change when they stop working. Which is quite true. Therefore, I ask vulnerability sellers: How effective your favorite exploit acquisition platform / program is at preventing this from happening again? Cheers, -- Alfonso From alfonso.degregorio at gmail.com Sat Sep 5 09:15:16 2015 From: alfonso.degregorio at gmail.com (Alfonso De Gregorio) Date: Sat, 5 Sep 2015 16:15:16 +0000 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: <20150905160601.GP2661@sivokote.iziade.m$> References: <9A043F3CF02CD34C8E74AC1594475C73F4AF36EE@uxcn10-5.UoA.auckland.ac.nz> <20150905133131.GJ2661@sivokote.iziade.m$> <20150905143147.GL2661@sivokote.iziade.m$> <20150905150240.GM2661@sivokote.iziade.m$> <20150905152532.GN2661@sivokote.iziade.m$> <20150905160601.GP2661@sivokote.iziade.m$> Message-ID: On Sat, Sep 5, 2015 at 4:06 PM, Georgi Guninski wrote: > On Sat, Sep 05, 2015 at 03:40:24PM +0000, Alfonso De Gregorio wrote: >> On Sat, Sep 5, 2015 at 3:25 PM, Georgi Guninski wrote: >> ... >> > I mean: non-proper DH is implementation which doesn't return >> > error/aborts if $q$ is composite. $q$ is defined in the RFC. >> >> I'm not aware of any implementation that fails to abort is q is composite. >> >> As a case in point, OpenSSL versions implementing X9.42 DH >> (1.0.2-Beta2 and above) test both p and q for primality: >> >> int DH_check(const DH *dh, int *ret) >> { >> /* ... */ >> >> if (dh->q) { >> /* ... */ >> if (!BN_is_prime_ex(dh->q, BN_prime_checks, ctx, NULL)) >> *ret |= DH_CHECK_Q_NOT_PRIME; > > > In 1.0.1p is_prime() is such a mess, it appears to often return $-1$ > by quick audit. > > Did you check the explicit POC in this thread against this version > of openssl? Yes, I did. The DSA PoC works again OpenSSL version 1.0.2d (snapshot). Cheers, -- Alfonso From guninski at guninski.com Sat Sep 5 06:31:31 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sat, 5 Sep 2015 16:31:31 +0300 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4AF36EE@uxcn10-5.UoA.auckland.ac.nz> References: <20150903112721.GA2732@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF0463@uxcn10-5.UoA.auckland.ac.nz> <20150904082605.GA2705@sivokote.iziade.m$> <20150904113437.GB2705@sivokote.iziade.m$> <20150904120816.GC2705@sivokote.iziade.m$> <20150905052803.GA2661@sivokote.iziade.m$> <20150905070749.GC2661@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF36EE@uxcn10-5.UoA.auckland.ac.nz> Message-ID: <20150905133131.GJ2661@sivokote.iziade.m$> On Sat, Sep 05, 2015 at 11:45:07AM +0000, Peter Gutmann wrote: > The real question though is, why would anyone use parameters they didn't > generate themselves? All DSA implementations I've seen (apart from some What about MITM in DH -- where do you get the keys from in this case? From guninski at guninski.com Sat Sep 5 06:49:30 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sat, 5 Sep 2015 16:49:30 +0300 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: References: <9A043F3CF02CD34C8E74AC1594475C73F4AF0463@uxcn10-5.UoA.auckland.ac.nz> <20150904082605.GA2705@sivokote.iziade.m$> <20150904113437.GB2705@sivokote.iziade.m$> <20150904120816.GC2705@sivokote.iziade.m$> <20150905052803.GA2661@sivokote.iziade.m$> <20150905070749.GC2661@sivokote.iziade.m$> <20150905115048.GI2661@sivokote.iziade.m$> Message-ID: <20150905134930.GK2661@sivokote.iziade.m$> On Sat, Sep 05, 2015 at 01:41:23PM +0000, Alfonso De Gregorio wrote: > I second Peter's recommendation; consider filing an erratum. > I strongly doubt I will do this. We don't negotiate with turrorists ;-) btw, asked about parts of this thread here: http://lists.randombit.net/pipermail/cryptography/ don't see it in the archives yet, though I received it. Cheers, -- georgi From guninski at guninski.com Sat Sep 5 07:31:47 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sat, 5 Sep 2015 17:31:47 +0300 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: References: <20150904082605.GA2705@sivokote.iziade.m$> <20150904113437.GB2705@sivokote.iziade.m$> <20150904120816.GC2705@sivokote.iziade.m$> <20150905052803.GA2661@sivokote.iziade.m$> <20150905070749.GC2661@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF36EE@uxcn10-5.UoA.auckland.ac.nz> <20150905133131.GJ2661@sivokote.iziade.m$> Message-ID: <20150905143147.GL2661@sivokote.iziade.m$> On Sat, Sep 05, 2015 at 02:06:22PM +0000, Alfonso De Gregorio wrote: > On Sat, Sep 5, 2015 at 1:31 PM, Georgi Guninski wrote: > > On Sat, Sep 05, 2015 at 11:45:07AM +0000, Peter Gutmann wrote: > >> The real question though is, why would anyone use parameters they didn't > >> generate themselves? All DSA implementations I've seen (apart from some > > > > What about MITM in DH -- where do you get the keys from > > in this case? > > A key-recovery attack may allow the retroactive decryption of past > communication sessions, if the network endpoints rely on fixed > Diffie-Hellman. Of course, whenever an attacker can successfully mount > a MITM attack the current sessions are compromised. > Thanks. Are you referring to "DH as per the fucked RFC" or as "DH implemented properly"? From guninski at guninski.com Sat Sep 5 08:02:40 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sat, 5 Sep 2015 18:02:40 +0300 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: References: <20150904120816.GC2705@sivokote.iziade.m$> <20150905052803.GA2661@sivokote.iziade.m$> <20150905070749.GC2661@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF36EE@uxcn10-5.UoA.auckland.ac.nz> <20150905133131.GJ2661@sivokote.iziade.m$> <20150905143147.GL2661@sivokote.iziade.m$> Message-ID: <20150905150240.GM2661@sivokote.iziade.m$> On Sat, Sep 05, 2015 at 02:41:51PM +0000, Alfonso De Gregorio wrote: > >> A key-recovery attack may allow the retroactive decryption of past > >> communication sessions, if the network endpoints rely on fixed > >> Diffie-Hellman. Of course, whenever an attacker can successfully mount > >> a MITM attack the current sessions are compromised. > >> > > > > Thanks. Are you referring to "DH as per the fucked RFC" or as "DH implemented > > properly"? > > I'm concerned with Fixed Diffie-Hellman implemented properly. > Do you have example of application which distinguishes proper DH from non-proper DH? From guninski at guninski.com Sat Sep 5 08:25:32 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sat, 5 Sep 2015 18:25:32 +0300 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: References: <20150905070749.GC2661@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF36EE@uxcn10-5.UoA.auckland.ac.nz> <20150905133131.GJ2661@sivokote.iziade.m$> <20150905143147.GL2661@sivokote.iziade.m$> <20150905150240.GM2661@sivokote.iziade.m$> Message-ID: <20150905152532.GN2661@sivokote.iziade.m$> On Sat, Sep 05, 2015 at 03:21:30PM +0000, Alfonso De Gregorio wrote: > On Sat, Sep 5, 2015 at 3:02 PM, Georgi Guninski wrote: > ... > >> I'm concerned with Fixed Diffie-Hellman implemented properly. > >> > > > > Do you have example of application which distinguishes proper DH from > > non-proper DH? > > I'm confused. What do you mean by proper DH vs non-proper DH? Are you > referring to the performance of group parameters validation or lack of > the same, or something else? > I mean: non-proper DH is implementation which doesn't return error/aborts if $q$ is composite. $q$ is defined in the RFC. From guninski at guninski.com Sat Sep 5 08:35:37 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sat, 5 Sep 2015 18:35:37 +0300 Subject: Hackers spent at least a year =?utf-8?Q?sp?= =?utf-8?Q?ying_on_Mozilla_to_discover_Firefox_security_holes_?= =?utf-8?B?4oCT?= and exploit them Message-ID: <20150905153537.GO2661@sivokote.iziade.m$> Just to change the current boring discussion about fucked RFCs. http://www.theregister.co.uk/2015/09/04/mozilla_firefox_bugzilla_leak/ Hackers spent at least a year spying on Mozilla to discover Firefox security holes – and exploit them Bugzilla infiltrated, private vulns slurped since at least 2014 ==== comments: 2014 appears too high bound for me, might be wrong. Likely the mozilla u$a comrades caught the less skilled attackers, not those with r00t access (having in mind what a mess their code is). From jya at pipeline.com Sat Sep 5 15:43:55 2015 From: jya at pipeline.com (John Young) Date: Sat, 05 Sep 2015 18:43:55 -0400 Subject: Hackers spent at least a year spying on Mozilla to discover =?iso-8859-1?Q?Firefox_security_holes_=96_and_exploit_them?= In-Reply-To: <55eb6758.5a18370a.bcf8c.3cf2@mx.google.com> References: <20150905153537.GO2661@sivokote.iziade.m$> <55eb6758.5a18370a.bcf8c.3cf2@mx.google.com> Message-ID: Every upgrade of Mozilla (and all browsers) has diminished security and increased ads and user profiling. Sites which nag visitors to upgrade to latest versions are complicit. So too are ad blockers and security promoters part of the racket. Unceasing program upgrades, nagging and underwriting hacking security panic are Silicon Valley-Alley fracking. No surprise that FVEY capitalizes on the eagerness to cooperate against Net users. Man in the Machine about Jobs hardly scratches the surface, complicit too in the hawking of cyber derring do in the Era of Snowden Without Harming the US: "Be sure to use encryption," Jobs would applaud that planned parenthood documentrary. At 06:10 PM 9/5/2015, you wrote: >On Sat, 5 Sep 2015 18:35:37 +0300 >Georgi Guninski wrote: > > > > Likely the mozilla u$a comrades caught the less skilled attackers, > > not those with r00t access (having in mind what a mess > > their code is). > > > > Ah, but firefox keeps getting an even cooler GUI every day. > How can you not like them? From guninski at guninski.com Sat Sep 5 09:06:01 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sat, 5 Sep 2015 19:06:01 +0300 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: References: <9A043F3CF02CD34C8E74AC1594475C73F4AF36EE@uxcn10-5.UoA.auckland.ac.nz> <20150905133131.GJ2661@sivokote.iziade.m$> <20150905143147.GL2661@sivokote.iziade.m$> <20150905150240.GM2661@sivokote.iziade.m$> <20150905152532.GN2661@sivokote.iziade.m$> Message-ID: <20150905160601.GP2661@sivokote.iziade.m$> On Sat, Sep 05, 2015 at 03:40:24PM +0000, Alfonso De Gregorio wrote: > On Sat, Sep 5, 2015 at 3:25 PM, Georgi Guninski wrote: > ... > > I mean: non-proper DH is implementation which doesn't return > > error/aborts if $q$ is composite. $q$ is defined in the RFC. > > I'm not aware of any implementation that fails to abort is q is composite. > > As a case in point, OpenSSL versions implementing X9.42 DH > (1.0.2-Beta2 and above) test both p and q for primality: > > int DH_check(const DH *dh, int *ret) > { > /* ... */ > > if (dh->q) { > /* ... */ > if (!BN_is_prime_ex(dh->q, BN_prime_checks, ctx, NULL)) > *ret |= DH_CHECK_Q_NOT_PRIME; In 1.0.1p is_prime() is such a mess, it appears to often return $-1$ by quick audit. Did you check the explicit POC in this thread against this version of openssl? From juan.g71 at gmail.com Sat Sep 5 15:10:10 2015 From: juan.g71 at gmail.com (Juan) Date: Sat, 5 Sep 2015 19:10:10 -0300 Subject: Hackers spent at least a year spying on Mozilla to discover Firefox security holes =?utf-8?B?4oCT?= and exploit them In-Reply-To: <20150905153537.GO2661@sivokote.iziade.m$> References: <20150905153537.GO2661@sivokote.iziade.m$> Message-ID: <55eb6758.5a18370a.bcf8c.3cf2@mx.google.com> On Sat, 5 Sep 2015 18:35:37 +0300 Georgi Guninski wrote: > Likely the mozilla u$a comrades caught the less skilled attackers, > not those with r00t access (having in mind what a mess > their code is). > Ah, but firefox keeps getting an even cooler GUI every day. How can you not like them? From pgut001 at cs.auckland.ac.nz Sun Sep 6 00:56:07 2015 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Sun, 6 Sep 2015 07:56:07 +0000 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: <20150905133131.GJ2661@sivokote.iziade.m$> References: <20150903112721.GA2732@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF0463@uxcn10-5.UoA.auckland.ac.nz> <20150904082605.GA2705@sivokote.iziade.m$> <20150904113437.GB2705@sivokote.iziade.m$> <20150904120816.GC2705@sivokote.iziade.m$> <20150905052803.GA2661@sivokote.iziade.m$> <20150905070749.GC2661@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF36EE@uxcn10-5.UoA.auckland.ac.nz>, <20150905133131.GJ2661@sivokote.iziade.m$> Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4AF3CC4@uxcn10-5.UoA.auckland.ac.nz> Georgi Guninski writes: >On Sat, Sep 05, 2015 at 11:45:07AM +0000, Peter Gutmann wrote: >> The real question though is, why would anyone use parameters they didn't >> generate themselves? All DSA implementations I've seen (apart from some > >What about MITM in DH -- where do you get the keys from in this case? Whose DH? There are three major users of this on the public Internet, IPsec, TLS, and SSH, all of which have the server provide the DH values. MITM'ing yourself isn't much of an achievement. I haven't seen anything about this (so far) that doesn't class it as a purely certificational weakness. Consider the following equivalent of the flaw, but for RSA: I stand up a TLS server and provision it with a cert where the server-auth key has exponent 1. There is nothing in any spec that I can immediately think of that says that you have to reject keys with e=1 (e.g. RFC 3447 just says it's "a positive integer"). Most implementation were quite happy to accept e=1 keys until maybe two years ago when there was some bad publicity about them which forced vendors to fix the problem, but before that no-one bothered rejecting such obviously invalid keys. Use of e=1 keys was even a documented Windows "feature" to allow plaintext key export while still being FIPS 140 compliant [0]. This isn't any deliberately-inserted backdoor in the RFC, it's just sloppy wording. In any case though if I configure my server with a key I know to be broken then any problems I encounter are my own fault. The reductio ad absurdam form of this is that I stand up a TLS server which serves the private key to anyone that connects to it (or puts it in the SSH banner, or whatever). OK, so I've proven that I can backdoor myself. I can't see how a third-party attacker can do anything though (for DH, RSA, or just straight publish-the-key) unless I help them do it. Peter. [0] Where "FIPS" = "Farcical Information Processing Security". From guninski at guninski.com Sat Sep 5 22:58:41 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sun, 6 Sep 2015 08:58:41 +0300 Subject: Hackers spent at least a =?utf-8?Q?yea?= =?utf-8?Q?r_spying_on_Mozilla_to_discover_Firefox_security_holes_?= =?utf-8?B?4oCT?= and exploit them In-Reply-To: <55eb6758.5a18370a.bcf8c.3cf2@mx.google.com> References: <20150905153537.GO2661@sivokote.iziade.m$> <55eb6758.5a18370a.bcf8c.3cf2@mx.google.com> Message-ID: <20150906055841.GA2609@sivokote.iziade.m$> On Sat, Sep 05, 2015 at 07:10:10PM -0300, Juan wrote: > > Ah, but firefox keeps getting an even cooler GUI every day. How can you not like them? Don't forget the new privacy enhancing features. AFAIK Debian and the FSF have forks of firefox. Did they manage to get rid of sufficiently enough spyware? (This doesn't appear easy IMHO). From pgut001 at cs.auckland.ac.nz Sun Sep 6 04:01:39 2015 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Sun, 6 Sep 2015 11:01:39 +0000 Subject: =?Windows-1252?Q?RE:_Hackers_spent_at_least_a_year_spying_on_Mozilla_to_d?= =?Windows-1252?Q?iscover_Firefox_security_holes_=96_and_exploit_them?= In-Reply-To: <55eb6758.5a18370a.bcf8c.3cf2@mx.google.com> References: <20150905153537.GO2661@sivokote.iziade.m$>, <55eb6758.5a18370a.bcf8c.3cf2@mx.google.com> Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4AF3E15@uxcn10-5.UoA.auckland.ac.nz> Juan writes: >On Sat, 5 Sep 2015 18:35:37 +0300 Georgi Guninski wrote: > >> Likely the mozilla u$a comrades caught the less skilled attackers, >> not those with r00t access (having in mind what a mess >> their code is). > >Ah, but firefox keeps getting an even cooler GUI every day. How can you not >like them? Not to mention their plan to deprecate their extension API, which is the only thing still separating them from actually being Chrome. It looks like there could be a race between them naturally driving their market share to zero before the API-deprecation, or the API-deprecation forcing the issue. What we'd really need is a reboot of the project to take it back to its roots, removing layers and layers of accumulated bloat and "features" no-one wants, run by dedicated developers who actually listen to their users rather than doing whatever they think is trendy (mostly just cloning Chrome) and forcing it on their users. It'd be like Firefox rising anew from the ashes. They could call it, oh, I dunno, something like "Phoenix". Peter. From guninski at guninski.com Sun Sep 6 01:27:09 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sun, 6 Sep 2015 11:27:09 +0300 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4AF3CC4@uxcn10-5.UoA.auckland.ac.nz> References: <20150904082605.GA2705@sivokote.iziade.m$> <20150904113437.GB2705@sivokote.iziade.m$> <20150904120816.GC2705@sivokote.iziade.m$> <20150905052803.GA2661@sivokote.iziade.m$> <20150905070749.GC2661@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF36EE@uxcn10-5.UoA.auckland.ac.nz> <20150905133131.GJ2661@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF3CC4@uxcn10-5.UoA.auckland.ac.nz> Message-ID: <20150906082709.GC2609@sivokote.iziade.m$> On Sun, Sep 06, 2015 at 07:56:07AM +0000, Peter Gutmann wrote: > > I haven't seen anything about this (so far) that doesn't class it as a purely > certificational weakness. Consider the following equivalent of the flaw, but OK, you might be right. Summary of my verbiage on this list is here: https://j.ludost.net/blog/archives/2015/09/05/rfc-2631_fips_186-3_and_openssls_implementation_of_dsa_appear_broken_and_possibly_backdoored/index.html besides DH: 2) openssl 1.0.1p accepts composite $q$ in DSA 3) fips 160? forces small subgroup as low as 160 bits and openssl 1.0.1p insists on this. The repeat, the DL is subexponential in the whole group of order $p-1$ and I don't exclude the possibility to be easier in the small forced subgroup. Have fun, -- georgi From cathalgarvey at cathalgarvey.me Sun Sep 6 05:28:49 2015 From: cathalgarvey at cathalgarvey.me (Cathal (Phone)) Date: Sun, 06 Sep 2015 13:28:49 +0100 Subject: =?UTF-8?Q?RE=3A_Hackers_spent_at_least_a_year_spying_on_Mozilla_?= =?UTF-8?Q?to_discover_Firefox_security_holes_=E2=80=93_and_exploit_them?= In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4AF3E15@uxcn10-5.UoA.auckland.ac.nz> References: <20150905153537.GO2661@sivokote.iziade.m$>, <55eb6758.5a18370a.bcf8c.3cf2@mx.google.com> <9A043F3CF02CD34C8E74AC1594475C73F4AF3E15@uxcn10-5.UoA.auckland.ac.nz> Message-ID: <894B7DDB-BE73-4299-8234-E0181BB0E60D@cathalgarvey.me> TBF, Servo is kind of a total rewrite of exactly the sort the world needs: memory and type safe from the ground up. What Servo needs then (besides 'completion') is a type/memory safe JS engine to replace Gecko, and likewise a LibreSSL-like replacement for OpenSSL. While they've got nothing to lose though, they should go further than a mere reboot. They should resume *leading* FFS, for example by making their JS engine strict by default so they become the go-to development browser again. "If it works on FF it will work anywhere" would be a nice selling point I think. They should also take privacy seriously and totally rethink their funding model. Patreon? Premium versions? I don't care, almost anything but built-in ads and bloatware will do. Baking in P2P in a real way would be nice. WebRTC-based replacement for Bittorrent Sync? Peer to Peer calls using Jitsi instead of (vomit) "Hello"? P2P filesharing and content publication, backed by subscription for "available while I'm offline"? Loads of scope for Mozilla and not enough vision. I hate Google more than what Mozilla are becoming but that doesn't mean I'm proud to use FF. It kills my battery, WebRTC is still broken, and it keeps getting worse. On 6 September 2015 12:01:39 IST, Peter Gutmann wrote: >Juan writes: > >>On Sat, 5 Sep 2015 18:35:37 +0300 Georgi Guninski > wrote: >> >>> Likely the mozilla u$a comrades caught the less skilled attackers, >>> not those with r00t access (having in mind what a mess >>> their code is). >> >>Ah, but firefox keeps getting an even cooler GUI every day. How can >you not >>like them? > >Not to mention their plan to deprecate their extension API, which is >the only >thing still separating them from actually being Chrome. It looks like >there >could be a race between them naturally driving their market share to >zero >before the API-deprecation, or the API-deprecation forcing the issue. > >What we'd really need is a reboot of the project to take it back to its >roots, >removing layers and layers of accumulated bloat and "features" no-one >wants, >run by dedicated developers who actually listen to their users rather >than >doing whatever they think is trendy (mostly just cloning Chrome) and >forcing >it on their users. It'd be like Firefox rising anew from the ashes. >They >could call it, oh, I dunno, something like "Phoenix". > >Peter. -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3219 bytes Desc: not available URL: From guninski at guninski.com Sun Sep 6 04:26:35 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sun, 6 Sep 2015 14:26:35 +0300 Subject: Hackers spent at least a =?utf-8?Q?yea?= =?utf-8?Q?r_spying_on_Mozilla_to_discover_Firefox_security_holes_?= =?utf-8?B?4oCT?= and exploit them In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4AF3E15@uxcn10-5.UoA.auckland.ac.nz> References: <20150905153537.GO2661@sivokote.iziade.m$> <55eb6758.5a18370a.bcf8c.3cf2@mx.google.com> <9A043F3CF02CD34C8E74AC1594475C73F4AF3E15@uxcn10-5.UoA.auckland.ac.nz> Message-ID: <20150906112635.GD2609@sivokote.iziade.m$> On Sun, Sep 06, 2015 at 11:01:39AM +0000, Peter Gutmann wrote: > Not to mention their plan to deprecate their extension API, which is the only > thing still separating them from actually being Chrome. It looks like there > could be a race between them naturally driving their market share to zero > before the API-deprecation, or the API-deprecation forcing the issue. > IMHO they will kick the bucket as soon as google stop pouring money in them. > What we'd really need is a reboot of the project to take it back to its roots, > removing layers and layers of accumulated bloat and "features" no-one wants, > run by dedicated developers who actually listen to their users rather than > doing whatever they think is trendy (mostly just cloning Chrome) and forcing > it on their users. It'd be like Firefox rising anew from the ashes. They > could call it, oh, I dunno, something like "Phoenix". > Back to the roots? According to quote: "Roots are the branches down in the earth. Branches are roots in the air -- Stray Birds". If you want the roots, consider spamming Brendan Eich, he has ideas about "expanding JS", which I won't comment. If you ask me, starting from zero is better. Likely, this will require nontrivial amounts of money. >From experience, older mozilla code contained dereferencing NULL on purpose, which can only compete with certain openssl's construct I don't quite remember well ATM (it was even funnier). From guninski at guninski.com Sun Sep 6 07:20:40 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sun, 6 Sep 2015 17:20:40 +0300 Subject: Hackers spent at least a =?utf-8?Q?yea?= =?utf-8?Q?r_spying_on_Mozilla_to_discover_Firefox_security_holes_?= =?utf-8?B?4oCT?= and exploit them In-Reply-To: <894B7DDB-BE73-4299-8234-E0181BB0E60D@cathalgarvey.me> References: <20150905153537.GO2661@sivokote.iziade.m$> <55eb6758.5a18370a.bcf8c.3cf2@mx.google.com> <9A043F3CF02CD34C8E74AC1594475C73F4AF3E15@uxcn10-5.UoA.auckland.ac.nz> <894B7DDB-BE73-4299-8234-E0181BB0E60D@cathalgarvey.me> Message-ID: <20150906142040.GE2609@sivokote.iziade.m$> On Sun, Sep 06, 2015 at 01:28:49PM +0100, Cathal (Phone) wrote: > TBF, Servo is kind of a total rewrite of exactly the sort the world needs: memory and type safe from the ground up. > Is this one, from mozilla r3s34rch? https://github.com/servo/servo/blob/master/README.md A lot of dependencies I see: On Debian-based Linuxes: sudo apt-get install curl freeglut3-dev \ libfreetype6-dev libgl1-mesa-dri libglib2.0-dev xorg-dev \ gperf g++ cmake python-virtualenv \ libssl-dev libbz2-dev libosmesa6-dev libxmu6 libxmu-dev libglu1-mesa-dev Could point which parts of Servo display jpg/png and render fonts? The above dependencies are provably not memory safe, sorry. From alfonso.degregorio at gmail.com Sun Sep 6 10:44:58 2015 From: alfonso.degregorio at gmail.com (Alfonso De Gregorio) Date: Sun, 6 Sep 2015 17:44:58 +0000 Subject: =?UTF-8?Q?Re=3A_Hackers_spent_at_least_a_year_spying_on_Mozilla_?= =?UTF-8?Q?to_discover_Firefox_security_holes_=E2=80=93_and_exploit_them?= In-Reply-To: <20150906155153.GF2609@sivokote.iziade.m$> References: <20150905153537.GO2661@sivokote.iziade.m$> <20150906155153.GF2609@sivokote.iziade.m$> Message-ID: On Sun, Sep 6, 2015 at 3:51 PM, Georgi Guninski wrote: > On Sat, Sep 05, 2015 at 03:48:48PM +0000, Alfonso De Gregorio wrote: >> >> .... I ask vulnerability sellers: How >> effective your favorite exploit acquisition platform / program is at >> preventing this from happening again? >> > > You mean something like the the dear nsa: > http://www.theregister.co.uk/2015/09/04/nsa_explains_handling_zerodays/ > > Mind-blowing secrets of NSA's security exploit stockpile revealed at > last > Incredible document has to be seen to be believed It made me reconsider the true meaning of [XXXXXXXXXXX] to read about [XXXXXXXXXXX] and, especially, [XXXXXXXXXXX]. More seriously: After years of fierce debate, vulnerability disclosure is still looking for a convincing answer. The NSA may contribute its substantial share to discussion --- albeit less to the practice --- of vulnerability disclosure. Needless to say, it would have been more helpful to read a less heavily redacted 'Vulnerabilities Equities Policy and Process' to this end. On September 29, NTIA will convene a meeting on this topic. For those considering to attend it http://www.ntia.doc.gov/september-29-multistakeholder-meeting-vulnerability-disclosure-pre-registration Will we never stop from drinking from the (endless?) stream of exploitable vulnerabilities? -- Alfonso From guninski at guninski.com Sun Sep 6 08:51:53 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sun, 6 Sep 2015 18:51:53 +0300 Subject: Hackers spent at least a =?utf-8?Q?yea?= =?utf-8?Q?r_spying_on_Mozilla_to_discover_Firefox_security_holes_?= =?utf-8?B?4oCT?= and exploit them In-Reply-To: References: <20150905153537.GO2661@sivokote.iziade.m$> Message-ID: <20150906155153.GF2609@sivokote.iziade.m$> On Sat, Sep 05, 2015 at 03:48:48PM +0000, Alfonso De Gregorio wrote: > > .... I ask vulnerability sellers: How > effective your favorite exploit acquisition platform / program is at > preventing this from happening again? > You mean something like the the dear nsa: http://www.theregister.co.uk/2015/09/04/nsa_explains_handling_zerodays/ Mind-blowing secrets of NSA's security exploit stockpile revealed at last Incredible document has to be seen to be believed From coderman at gmail.com Sun Sep 6 21:24:17 2015 From: coderman at gmail.com (coderman) Date: Sun, 6 Sep 2015 21:24:17 -0700 Subject: FOIPA adventures In-Reply-To: References:

<000701d0bcb7$94118e80$bc34ab80$@co.uk>

Message-ID: On 8/26/15, coderman wrote: > ... >> https://www.muckrock.com/foi/united-states-of-america-10/hotpluggedin-19762/ > > as expected, this was just a "go away" tactic, and once paid, they > took their time to tell me they must refund, and i must give them an > amount, and then they search,,,, mea culpa; this response about fees was in error, and the FOIA person apologized. so far as now, zero fees expected... this other did complete: request to Department of Defense, Office of the Inspector General of the United States of America. - https://www.muckrock.com/foi/united-states-of-america-10/hotpluggedin-19766/#file-54038 they have THREE (3) WiebeTech HotPlug systems, and no other brands of this device type used. best regards, From ryacko at gmail.com Sun Sep 6 21:59:14 2015 From: ryacko at gmail.com (Ryan Carboni) Date: Sun, 6 Sep 2015 21:59:14 -0700 Subject: =?UTF-8?Q?Re=3A_Hackers_spent_at_least_a_year_spying_on_Mozilla_?= =?UTF-8?Q?to_discover_Firefox_security_holes_=E2=80=93_and_exploit_them?= Message-ID: No wonder firefox is seemingly more insecure lately. Only choices now are chrome or a text-only browser. From ryacko at gmail.com Sun Sep 6 23:14:03 2015 From: ryacko at gmail.com (Ryan Carboni) Date: Sun, 6 Sep 2015 23:14:03 -0700 Subject: =?UTF-8?Q?Re=3A_Hackers_spent_at_least_a_year_spying_on_Mozilla_?= =?UTF-8?Q?to_discover_Firefox_security_holes_=E2=80=93_and_exploit_them?= In-Reply-To: <20150907060834.GG2609@sivokote.iziade.m$> References: <20150907060834.GG2609@sivokote.iziade.m$> Message-ID: I realize Chrome is basically a version of spyware or adware. It does direct you to google by default. But, it's the same dilemma with Tor exit nodes. At least with your ISP, not just any one can offer you internet service. With a tor exit node, anyone with a few thousand bucks could be running it. Although what am I saying? I never paid a cent for Firefox. On Sun, Sep 6, 2015 at 11:08 PM, Georgi Guninski wrote: > On Sun, Sep 06, 2015 at 09:59:14PM -0700, Ryan Carboni wrote: >> No wonder firefox is seemingly more insecure lately. >> >> Only choices now are chrome or a text-only browser. > > https://thestack.com/security/2015/06/19/google-criticised-for-opaque-audio-listening-binary-in-debians-chromium-browser/ > > Yoshino Yoshihito said in the report ‘After upgrading chromium to 43, I > noticed that when it is running and immediately after the machine is > on-line it silently starts downloading “Chrome Hotword Shared Module” > extension, which contains a binary without source code,’ > > From guninski at guninski.com Sun Sep 6 23:08:34 2015 From: guninski at guninski.com (Georgi Guninski) Date: Mon, 7 Sep 2015 09:08:34 +0300 Subject: Hackers spent at least a =?utf-8?Q?yea?= =?utf-8?Q?r_spying_on_Mozilla_to_discover_Firefox_security_holes_?= =?utf-8?B?4oCT?= and exploit them In-Reply-To: References: Message-ID: <20150907060834.GG2609@sivokote.iziade.m$> On Sun, Sep 06, 2015 at 09:59:14PM -0700, Ryan Carboni wrote: > No wonder firefox is seemingly more insecure lately. > > Only choices now are chrome or a text-only browser. https://thestack.com/security/2015/06/19/google-criticised-for-opaque-audio-listening-binary-in-debians-chromium-browser/ Yoshino Yoshihito said in the report ‘After upgrading chromium to 43, I noticed that when it is running and immediately after the machine is on-line it silently starts downloading “Chrome Hotword Shared Module” extension, which contains a binary without source code,’ From guninski at guninski.com Mon Sep 7 01:41:46 2015 From: guninski at guninski.com (Georgi Guninski) Date: Mon, 7 Sep 2015 11:41:46 +0300 Subject: Can the NSA break 100000 bit RSA assuming they have O(n^6) or O(n^12) factoring algorithm? Message-ID: <20150907084146.GH2609@sivokote.iziade.m$> In 2010 I generated two RSA keys (and certs) of size above 100000 bits: [Full-disclosure] nonsense fun: 100 000 bit rsa key http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0384.html The keys/certs: http://archives.neohapsis.com/archives/fulldisclosure/2010-08/att-0384/gir.tar.gz (the certs might have expired but this doesn't matter). The private keys are included too. According to my mail they were generated in "about 30 hours on 1 core" and I used state of the art primality checking "pfgw". n is the size of the modulus in bits. Assume the much loved NSA has factoring algorithms of complexity O(n^6) or O(n^12) running on classical computers. Can the NSA break n=100000 without using owning/torture? Some computations suggest NO, especially for the second: sage: k=100000 sage: RR(k^6).log(2) 99.6578428466209 sage: RR(k^12).log(2) 199.315685693242 Comments about quantum computer that can break them are welcome too. From alfonso.degregorio at gmail.com Mon Sep 7 05:07:14 2015 From: alfonso.degregorio at gmail.com (Alfonso De Gregorio) Date: Mon, 7 Sep 2015 12:07:14 +0000 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: <20150907112507.GI2609@sivokote.iziade.m$> References: <20150904082605.GA2705@sivokote.iziade.m$> <20150904113437.GB2705@sivokote.iziade.m$> <20150904120816.GC2705@sivokote.iziade.m$> <20150905052803.GA2661@sivokote.iziade.m$> <20150905070749.GC2661@sivokote.iziade.m$> <20150905115048.GI2661@sivokote.iziade.m$> <20150905134930.GK2661@sivokote.iziade.m$> <20150907112507.GI2609@sivokote.iziade.m$> Message-ID: On Mon, Sep 7, 2015 at 11:25 AM, Georgi Guninski wrote: > This is also on popular? forums: > > [0] https://news.ycombinator.com/item?id=10175284 > [1] > https://www.reddit.com/r/crypto/comments/3jumon/rfc2631_fips_1863_and_openssls_implementation_of/ > > Comments in [0] suggest "formal verification". The only hope to have a formal verification that extends also to algebraic properties, is to start from formal specifications. A top-down approach in stark contrast with the dynamic, agile, and pragmatic "ship, then test" paradigm [1] and the "don't worry, be crappy" mantra [2], repeated by entrepreneurs innovating the most. We need better security trade-offs. -- Alfonso [1] http://guykawasaki.com/the_art_of_boot/ [2] http://guykawasaki.com/the_art_of_inno/ From europus at gmail.com Mon Sep 7 09:55:11 2015 From: europus at gmail.com (Ulex Europae) Date: Mon, 07 Sep 2015 12:55:11 -0400 Subject: Hackers spent at least a year spying on Mozilla to discover =?iso-8859-1?Q?Firefox_security_holes_=96_and_exploit_them?= In-Reply-To: <1641850.IyAd3s2aHy@lapuntu> References: <20150905153537.GO2661@sivokote.iziade.m$> <55eb6758.5a18370a.bcf8c.3cf2@mx.google.com> <20150906055841.GA2609@sivokote.iziade.m$> <1641850.IyAd3s2aHy@lapuntu> Message-ID: <55edc16b.6465420a.2449d.0c81@mx.google.com> At 12:28 PM 9/7/2015, rysiek wrote: > > Georgi Guninski pisze: > > > > Did they manage to get rid of sufficiently enough spyware? > >No. Even the simple things are apparently ignored: >https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654336 >http://rys.io/en/53 > > > (This doesn't appear easy IMHO). > >Some things would appear easy. Like *not* removing the "delete >history after X days" setting. Now in Firefox you can only either >have history, or not have it at all. Various extensions have been known to "fix" or "restore" various things that Firefox should do or used to do, although I cannot address the purity of the manner by which they do so. I wonder, is there an A-list of must-have extensions for Firefox? Because "the internet is for porn," and porn doesn't work on text-only browsers... How about a blacklist of extensions to avoid at all costs? UE From rich at openwatch.net Mon Sep 7 13:48:28 2015 From: rich at openwatch.net (Rich Jones) Date: Mon, 7 Sep 2015 13:48:28 -0700 Subject: Script Kiddie Killed in Drone Strike In-Reply-To: References: Message-ID: Update to this: ISIS Twitter claiming this was the result of backdoors the ' Surespot ' "secure" messaging application. https://twitter.com/p_vanostaeyen/status/639165071072038913 On Wed, Aug 26, 2015 at 2:33 PM, Rich Jones wrote: > > http://www.mirror.co.uk/news/world-news/junaid-hussain-dead-isis-computer-6326361 > https://en.wikipedia.org/wiki/Junaid_Hussain > > Apparently one of the TeaMp0isoN founders was just killed by a US drone > strike in Syria. Crazy times. > > According to the.. fairly questionable.. article linked above, he was #3 > on the US kill list, "behind only Jihadi John and ISIS leader Abu Bakr > al-Baghdadi"! Not bad for a guy most famous for SQL injections.. I wonder > who took his place on the list. > > R > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1640 bytes Desc: not available URL: From alfonso.degregorio at gmail.com Mon Sep 7 07:01:16 2015 From: alfonso.degregorio at gmail.com (Alfonso De Gregorio) Date: Mon, 7 Sep 2015 14:01:16 +0000 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: <20150907123052.GJ2609@sivokote.iziade.m$> References: <20150904120816.GC2705@sivokote.iziade.m$> <20150905052803.GA2661@sivokote.iziade.m$> <20150905070749.GC2661@sivokote.iziade.m$> <20150905115048.GI2661@sivokote.iziade.m$> <20150905134930.GK2661@sivokote.iziade.m$> <20150907112507.GI2609@sivokote.iziade.m$> <20150907123052.GJ2609@sivokote.iziade.m$> Message-ID: On Mon, Sep 7, 2015 at 12:30 PM, Georgi Guninski wrote: ... > btw, doesn't your post contradict another post of yours > here: > https://cpunks.org/pipermail/cypherpunks/2015-September/009032.html It doesn't, as long as we don't confuse what is desirable -- and indeed it is so -- with the practically and systematically attainable. Or, to paraphrase Danny Strong, idealism loses to pragmatism when it comes to engineering security. I'm not even persuaded that writing a formal specifications gives us always the ability to check the equivalence of implementations. As a negative case in point, take languages/protocols and their parsers. A grammar can be understood as a specification. Still, "arithmetically checking the computational equivalence of parsers [...] is decidable up to a level of computational power required to parse the language, and becomes undecidable thereafter". [1] All of which is to say that checking the computational equivalence of parsers is still possible. But, as designers, in order to reconcile the desirable with the practically attainable, we need to stick to the simplest possible input languages (i.e., regular and context-free). This is the kind of security trade-offs I was alluding to. And this also links us to the other thread on browser security, exploits, and Firefox. -- Alfonso [1] http://langsec.org/papers/Bratus.pdf From guninski at guninski.com Mon Sep 7 04:25:07 2015 From: guninski at guninski.com (Georgi Guninski) Date: Mon, 7 Sep 2015 14:25:07 +0300 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: <20150905134930.GK2661@sivokote.iziade.m$> References: <20150904082605.GA2705@sivokote.iziade.m$> <20150904113437.GB2705@sivokote.iziade.m$> <20150904120816.GC2705@sivokote.iziade.m$> <20150905052803.GA2661@sivokote.iziade.m$> <20150905070749.GC2661@sivokote.iziade.m$> <20150905115048.GI2661@sivokote.iziade.m$> <20150905134930.GK2661@sivokote.iziade.m$> Message-ID: <20150907112507.GI2609@sivokote.iziade.m$> This is also on popular? forums: [0] https://news.ycombinator.com/item?id=10175284 [1] https://www.reddit.com/r/crypto/comments/3jumon/rfc2631_fips_1863_and_openssls_implementation_of/ Comments in [0] suggest "formal verification". Likely the lovely micro$oft will classify this email as "self promotion". Scumbags, linking is legal at least in EU (so far). From guninski at guninski.com Mon Sep 7 05:30:52 2015 From: guninski at guninski.com (Georgi Guninski) Date: Mon, 7 Sep 2015 15:30:52 +0300 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: References: <20150904120816.GC2705@sivokote.iziade.m$> <20150905052803.GA2661@sivokote.iziade.m$> <20150905070749.GC2661@sivokote.iziade.m$> <20150905115048.GI2661@sivokote.iziade.m$> <20150905134930.GK2661@sivokote.iziade.m$> <20150907112507.GI2609@sivokote.iziade.m$> Message-ID: <20150907123052.GJ2609@sivokote.iziade.m$> On Mon, Sep 07, 2015 at 12:07:14PM +0000, Alfonso De Gregorio wrote: > > > > Comments in [0] suggest "formal verification". > > The only hope to have a formal verification that extends also to > algebraic properties, is to start from formal specifications. A > top-down approach in stark contrast with the dynamic, agile, and > pragmatic "ship, then test" paradigm [1] and the "don't worry, be > crappy" mantra [2], repeated by entrepreneurs innovating the most. > > We need better security trade-offs. > Re "formal verification". I am skidiot at formal verification (FW). So far my best achievement in FW is "Axiom free proof of False" in Coq (is it Cock?). I did this by native code execution via plugins in Coq (the plugins were part of the "pr00f"), which in theory can falsify other proofs depending on the file permissions. Much letter I learned that the lovely micro$oft heavily depend on plugins in their Cock "pr00fs" and accidentally something broke the check of the "pr00f" for result of significant importance (something like "coqchk") due to some fault in the plugin and/or Coq. The p00f failure was discussed on academic site. In short, I consider Coq a charlatan tool, and likely security vulnerability, since a proof can easily execute native code. Let me know if you need further references. btw, doesn't your post contradict another post of yours here: https://cpunks.org/pipermail/cypherpunks/2015-September/009032.html > While I sympathize with your point of view, and while I would welcome > a full equivalence of implementations, ... From rysiek at hackerspace.pl Mon Sep 7 09:24:26 2015 From: rysiek at hackerspace.pl (rysiek) Date: Mon, 07 Sep 2015 18:24:26 +0200 Subject: Hackers spent at least a year spying on Mozilla to discover Firefox security holes =?UTF-8?B?4oCT?= and exploit them In-Reply-To: References: <20150907060834.GG2609@sivokote.iziade.m$> Message-ID: <3066292.hCcZ1x7Aka@lapuntu> Dnia niedziela, 6 września 2015 23:14:03 Ryan Carboni pisze: > I realize Chrome is basically a version of spyware or adware. It does > direct you to google by default. > > But, it's the same dilemma with Tor exit nodes. At least with your > ISP, not just any one can offer you internet service. With a tor exit > node, anyone with a few thousand bucks could be running it. > > Although what am I saying? I never paid a cent for Firefox. Also, Chromium. Why anybody uses Chrome is beyond me. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: chrome9000-by-rysiek-cc-by-sa-4.0.svg Type: image/svg+xml Size: 43129 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Mon Sep 7 09:28:03 2015 From: rysiek at hackerspace.pl (rysiek) Date: Mon, 07 Sep 2015 18:28:03 +0200 Subject: Hackers spent at least a year spying on Mozilla to discover Firefox security holes =?UTF-8?B?4oCT?= and exploit them In-Reply-To: <20150906055841.GA2609@sivokote.iziade.m$> References: <20150905153537.GO2661@sivokote.iziade.m$> <55eb6758.5a18370a.bcf8c.3cf2@mx.google.com> <20150906055841.GA2609@sivokote.iziade.m$> Message-ID: <1641850.IyAd3s2aHy@lapuntu> Dnia niedziela, 6 września 2015 08:58:41 Georgi Guninski pisze: > On Sat, Sep 05, 2015 at 07:10:10PM -0300, Juan wrote: > > Ah, but firefox keeps getting an even cooler GUI every day. How can you > > not like them? > Don't forget the new privacy enhancing features. Like EME? ;) http://rys.io/en/141 > AFAIK Debian and the FSF have forks of firefox. > > Did they manage to get rid of sufficiently enough spyware? No. Even the simple things are apparently ignored: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654336 http://rys.io/en/53 > (This doesn't appear easy IMHO). Some things would appear easy. Like *not* removing the "delete history after X days" setting. Now in Firefox you can only either have history, or not have it at all. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From veg at fatsquirrel.org Mon Sep 7 17:42:13 2015 From: veg at fatsquirrel.org (Veg) Date: Mon, 7 Sep 2015 20:42:13 -0400 Subject: Traffic analysis at Bletchley Park Message-ID: Good documentary on an underreported aspect of the work by the codebreakers at Bletchley Park: http://www.bbc.co.uk/programmes/b069gxz7 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 241 bytes Desc: not available URL: From s at ctrlc.hu Mon Sep 7 11:49:10 2015 From: s at ctrlc.hu (stef) Date: Mon, 7 Sep 2015 20:49:10 +0200 Subject: Hackers spent at least a year spying on Mozilla to discover Firefox security holes ? and exploit them In-Reply-To: <55edc16b.6465420a.2449d.0c81@mx.google.com> References: <20150905153537.GO2661@sivokote.iziade.m$> <55eb6758.5a18370a.bcf8c.3cf2@mx.google.com> <20150906055841.GA2609@sivokote.iziade.m$> <1641850.IyAd3s2aHy@lapuntu> <55edc16b.6465420a.2449d.0c81@mx.google.com> Message-ID: <20150907184910.GR7320@ctrlc.hu> On Mon, Sep 07, 2015 at 12:55:11PM -0400, Ulex Europae wrote: > I wonder, is there an A-list of must-have extensions for Firefox? Because > "the internet is for porn," and porn doesn't work on text-only browsers... NoScript, RequestPolicy, RefControl, CookieMonster, policeman, https-everywhere, monkeysphere, RedirectCleaner, CertPatrol|Convergence, BetterPrivacy, random-agent-spoofer, ssleuth -- otr fp: https://www.ctrlc.hu/~stef/otr.txt From rysiek at hackerspace.pl Mon Sep 7 16:57:28 2015 From: rysiek at hackerspace.pl (rysiek) Date: Tue, 08 Sep 2015 01:57:28 +0200 Subject: Hackers spent at least a year spying on Mozilla to discover Firefox security holes ? and exploit them In-Reply-To: <20150907184910.GR7320@ctrlc.hu> References: <20150905153537.GO2661@sivokote.iziade.m$> <55edc16b.6465420a.2449d.0c81@mx.google.com> <20150907184910.GR7320@ctrlc.hu> Message-ID: <3912444.nCHECWjdxs@lapuntu> Dnia poniedziałek, 7 września 2015 20:49:10 stef pisze: > On Mon, Sep 07, 2015 at 12:55:11PM -0400, Ulex Europae wrote: > > I wonder, is there an A-list of must-have extensions for Firefox? Because > > "the internet is for porn," and porn doesn't work on text-only browsers... > > NoScript, RequestPolicy, RefControl, CookieMonster, policeman, > https-everywhere, monkeysphere, RedirectCleaner, CertPatrol|Convergence, > BetterPrivacy, random-agent-spoofer, ssleuth And PrivacyBadger, I might add. Also, Self-Destructing Cookies is an interesting one, as while CookieMonster allows you to keep track of which sites can or cannot set cookies, that's for-session granularity. Self-Destructing Cookies destroys cookies after a set time after closing a given tab. I use both. And if you're into this kind of stuff, Lightbeam. Just for shits and giggles. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From fe.peressim at gmail.com Mon Sep 7 22:57:30 2015 From: fe.peressim at gmail.com (Felipe Felipe) Date: Tue, 8 Sep 2015 02:57:30 -0300 Subject: Brazil hero homeless man dead after save a woman from gunman Message-ID: https://www.youtube.com/watch?v=4Z3Q6y0dNAY http://www.unilad.co.uk/articles/homeless-man-dies-fighting-gunman-to-save-woman/ Is brazilian security a joke? I'm from brazil and just wonder why things like that still are happening here. Is the cops from here a joke? Yes they are. I 've already been beaten by them without do anything just for walking in the streets, but when good people need them , they nothing do. They have had a chance to shot the man who had the woman, but besides they didn't anything they also let a citizen homeless get close of the killer, and they used to shot more than 30 times in the killer. The killer had been arrested more than 10 times, drug trafficking, attemped tp murder, aggression, resistance and many other things, he had got more than 20 years in jail and was in the streets free and armed. Is that our justice just do, let killers and bad people walk free among the citizens. Both men are homeless people and the killer was always been in walking with the gun in this place. That place that happend this is in the cathedral of Sé in São Paulo, too many foreign use to visit this place, because is the biggest church of Brazil and a historical place, that happend on last friday. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1459 bytes Desc: not available URL: From pgut001 at cs.auckland.ac.nz Tue Sep 8 00:20:41 2015 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Tue, 8 Sep 2015 07:20:41 +0000 Subject: Hackers spent at least a year spying on Mozilla to discover Firefox security holes ? and exploit them In-Reply-To: <20150907184910.GR7320@ctrlc.hu> References: <20150905153537.GO2661@sivokote.iziade.m$> <55eb6758.5a18370a.bcf8c.3cf2@mx.google.com> <20150906055841.GA2609@sivokote.iziade.m$> <1641850.IyAd3s2aHy@lapuntu> <55edc16b.6465420a.2449d.0c81@mx.google.com>, <20150907184910.GR7320@ctrlc.hu> Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4AF53BE@uxcn10-5.UoA.auckland.ac.nz> stef writes: >On Mon, Sep 07, 2015 at 12:55:11PM -0400, Ulex Europae wrote: >> I wonder, is there an A-list of must-have extensions for Firefox? Because >> "the internet is for porn," and porn doesn't work on text-only browsers... > >NoScript, RequestPolicy, RefControl, CookieMonster, policeman, https- >everywhere, monkeysphere, RedirectCleaner, CertPatrol|Convergence, >BetterPrivacy, random-agent-spoofer, ssleuth You forgot the most critical ones, the extensions you need to undo all the crap that Mozilla have piled onto Firefox since they started on their copy- everything-Chrome-does spree. Classic Theme Restorer is the first extension I load on any new install (even before NoScript), it's now comprehensive enough that it's probably the only one you need, although Hide Tab Bar With One Tab is also useful. Peter. From cathalgarvey at cathalgarvey.me Tue Sep 8 01:41:53 2015 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Tue, 8 Sep 2015 09:41:53 +0100 Subject: Hackers spent at least a year spying on Mozilla to discover Firefox security holes ? and exploit them In-Reply-To: <3912444.nCHECWjdxs@lapuntu> References: <20150905153537.GO2661@sivokote.iziade.m$> <55edc16b.6465420a.2449d.0c81@mx.google.com> <20150907184910.GR7320@ctrlc.hu> <3912444.nCHECWjdxs@lapuntu> Message-ID: <55EE9F51.8060204@cathalgarvey.me> There's two categories or buckets here if you're playing to win; One is a list of extensions you can install on *anyone's* computer without them even noticing the privacy/security boost they're receiving (because if they notice, you lose because they blame the new *ware for all their trivial problems). The other list is the power-user stuff that really works, but which n00bs will reject out of ignorance, blaming the protective software instead of the buggy websites it exposes. My short-list for install-on-everyone's-computer is: * Disconnect * HTTPS-Everywhere * uBlock Origin (don't change default settings) * Disable 3rd Party Cookies NoScript, Cookie-killers, RequestPolicy etcetera are too prone to creating problems for browser users; to an enlightened user, blame the website, work around, or make an exception and move on. But to a n00b, exposing errors in tracker-rich sites is unacceptable, sadly. On 08/09/15 00:57, rysiek wrote: > Dnia poniedziałek, 7 września 2015 20:49:10 stef pisze: >> On Mon, Sep 07, 2015 at 12:55:11PM -0400, Ulex Europae wrote: >>> I wonder, is there an A-list of must-have extensions for Firefox? Because >>> "the internet is for porn," and porn doesn't work on text-only browsers... >> >> NoScript, RequestPolicy, RefControl, CookieMonster, policeman, >> https-everywhere, monkeysphere, RedirectCleaner, CertPatrol|Convergence, >> BetterPrivacy, random-agent-spoofer, ssleuth > > And PrivacyBadger, I might add. > > Also, Self-Destructing Cookies is an interesting one, as while CookieMonster > allows you to keep track of which sites can or cannot set cookies, that's > for-session granularity. Self-Destructing Cookies destroys cookies after a set > time after closing a given tab. I use both. > > And if you're into this kind of stuff, Lightbeam. Just for shits and giggles. > -- Scientific Director, IndieBio EU Programme Now running in Cork, Ireland May->July Learn more at indie.bio and follow along! Twitter: @onetruecathal Phone: +353876363185 miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM peerio.com: cathalgarvey From guninski at guninski.com Mon Sep 7 23:47:38 2015 From: guninski at guninski.com (Georgi Guninski) Date: Tue, 8 Sep 2015 09:47:38 +0300 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4AF36EE@uxcn10-5.UoA.auckland.ac.nz> References: <20150903112721.GA2732@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF0463@uxcn10-5.UoA.auckland.ac.nz> <20150904082605.GA2705@sivokote.iziade.m$> <20150904113437.GB2705@sivokote.iziade.m$> <20150904120816.GC2705@sivokote.iziade.m$> <20150905052803.GA2661@sivokote.iziade.m$> <20150905070749.GC2661@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF36EE@uxcn10-5.UoA.auckland.ac.nz> Message-ID: <20150908064738.GA2715@sivokote.iziade.m$> On Sat, Sep 05, 2015 at 11:45:07AM +0000, Peter Gutmann wrote: > So if you generate them yourself, you're OK. If you get them from a CA then > you don't need to care because if the CA wants to attack you then they can > just issue a forged cert in your name and don't need to worry about > backdooring the params (in any case using shared params is a bad idea because > they allow forgery of signatures on certificates. Suppose that the certificate > contains a copy of the certificate signer's DSA parameters, and the verifier > of the certificate has a copy of the signer's public key but not the signer's > DSA parameters (which are shared with other keys). If the verifier uses the > DSA parameters from the certificate along with the signer's public key to > verify the signature on the certificate, then an attacker can create bogus > certificates by choosing a random u and finding its inverse v modulo q (uv is > congruent to 1 modulo q). Then take the certificate signer's public key g^x > and compute g' = (g^x)^u. Then g'^v = g^x. Using the DSA parameters p, q, g', > the signer's public key corresponds to the private key v, which the attacker > knows. The attacker can then create a bogus certificate, put parameters (p, > q, g') in it, and sign it with the DSA private key v to create an apparently > valid certificate). > Sorry but I don't understand the final stage of the attack. If I follow correctly, you start from public DSA key with strong parameters and produce another keypair, which is related to the original key, but is distinct from it. What is the final stage of the attack? From Rayzer at riseup.net Tue Sep 8 10:22:22 2015 From: Rayzer at riseup.net (Razer) Date: Tue, 8 Sep 2015 10:22:22 -0700 Subject: Brazil hero homeless man dead after save a woman from gunman In-Reply-To: <20150908121939.GD2715@sivokote.iziade.m$> References: <20150908102544.GB2715@sivokote.iziade.m$> <5529287.Yxon4zfi8W@lapuntu> <20150908121939.GD2715@sivokote.iziade.m$> Message-ID: <55EF194E.4090003@riseup.net> On 09/08/2015 05:19 AM, Georgi Guninski wrote: > On Tue, Sep 08, 2015 at 02:05:51PM +0200, rysiek wrote: >> in the US the Police would probably shoot the homeless guy, the perp, and >> finally the girl just for good measure. >> >> > Just being equal opportunity troll ;) I agree with rysiek's sentiment 100%. #YourLifeDoesntMatter to the Popo if yo po... Not trolling. ...and homelessness IS the outcome of economic slavery under a crapitalist shitstem. After all, that 5 or so percent unemployment required to maintain 'wage stability' for the bosses has to show up in some way, and that 'spanger' on the sidewalk, the guy sleeping in the bushes, drunk and escaping circumstance or not, is that outcropping. RR > > The EU pours many billions of euros in > Ponzi schemes like Greece. > > In the EU thousands of refugees (immigrants) pass > "illegally" cross country borders easily (saw this on TV) > and the EU claims it fights drugs. > > Economic slavery is not so different than physical > slavery IMHO. > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: From s at ctrlc.hu Tue Sep 8 03:25:50 2015 From: s at ctrlc.hu (stef) Date: Tue, 8 Sep 2015 12:25:50 +0200 Subject: Hackers spent at least a year spying on Mozilla to discover Firefox security holes ? and exploit them In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4AF53BE@uxcn10-5.UoA.auckland.ac.nz> References: <20150905153537.GO2661@sivokote.iziade.m$> <55eb6758.5a18370a.bcf8c.3cf2@mx.google.com> <20150906055841.GA2609@sivokote.iziade.m$> <1641850.IyAd3s2aHy@lapuntu> <55edc16b.6465420a.2449d.0c81@mx.google.com> <20150907184910.GR7320@ctrlc.hu> <9A043F3CF02CD34C8E74AC1594475C73F4AF53BE@uxcn10-5.UoA.auckland.ac.nz> Message-ID: <20150908102549.GT7320@ctrlc.hu> On Tue, Sep 08, 2015 at 07:20:41AM +0000, Peter Gutmann wrote: > stef writes: > > >On Mon, Sep 07, 2015 at 12:55:11PM -0400, Ulex Europae wrote: > >> I wonder, is there an A-list of must-have extensions for Firefox? Because > >> "the internet is for porn," and porn doesn't work on text-only browsers... > > > >NoScript, RequestPolicy, RefControl, CookieMonster, policeman, https- > >everywhere, monkeysphere, RedirectCleaner, CertPatrol|Convergence, > >BetterPrivacy, random-agent-spoofer, ssleuth > > You forgot the most critical ones, the extensions you need to undo all the well, i prefer vimperator, this list is intentionally neglecting UI plugins. also you should look into random-agent-spoofer it does disable a lot of the mozilla sabotage crap. > crap that Mozilla have piled onto Firefox since they started on their copy- > everything-Chrome-does spree. Classic Theme Restorer is the first extension I > load on any new install (even before NoScript), it's now comprehensive enough > that it's probably the only one you need, although Hide Tab Bar With One Tab > is also useful. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt From s at ctrlc.hu Tue Sep 8 03:43:37 2015 From: s at ctrlc.hu (stef) Date: Tue, 8 Sep 2015 12:43:37 +0200 Subject: Traffic analysis at Bletchley Park In-Reply-To: References: Message-ID: <20150908104337.GU7320@ctrlc.hu> On Mon, Sep 07, 2015 at 08:42:13PM -0400, Veg wrote: > Good documentary on an underreported aspect of the work by the codebreakers > at Bletchley Park: > http://www.bbc.co.uk/programmes/b069gxz7 maybe liberating this from stupid geolocation based discrimination would be a service for all readers of this list. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt From guninski at guninski.com Tue Sep 8 03:25:44 2015 From: guninski at guninski.com (Georgi Guninski) Date: Tue, 8 Sep 2015 13:25:44 +0300 Subject: Brazil hero homeless man dead after save a woman from gunman In-Reply-To: References: Message-ID: <20150908102544.GB2715@sivokote.iziade.m$> On Tue, Sep 08, 2015 at 02:57:30AM -0300, Felipe Felipe wrote: > https://www.youtube.com/watch?v=4Z3Q6y0dNAY > > http://www.unilad.co.uk/articles/homeless-man-dies-fighting-gunman-to-save-woman/ > > > Is brazilian security a joke? I'm from brazil and just wonder why things IMHO ALL security is (sad for most) joke, not only Brazilian. -- good luck From rysiek at hackerspace.pl Tue Sep 8 05:05:51 2015 From: rysiek at hackerspace.pl (rysiek) Date: Tue, 08 Sep 2015 14:05:51 +0200 Subject: Brazil hero homeless man dead after save a woman from gunman In-Reply-To: <20150908102544.GB2715@sivokote.iziade.m$> References: <20150908102544.GB2715@sivokote.iziade.m$> Message-ID: <5529287.Yxon4zfi8W@lapuntu> Dnia wtorek, 8 września 2015 13:25:44 Georgi Guninski pisze: > On Tue, Sep 08, 2015 at 02:57:30AM -0300, Felipe Felipe wrote: > > https://www.youtube.com/watch?v=4Z3Q6y0dNAY > > > > http://www.unilad.co.uk/articles/homeless-man-dies-fighting-gunman-to-save > > -woman/ > > > > > > Is brazilian security a joke? I'm from brazil and just wonder why things > > IMHO ALL security is (sad for most) joke, not only Brazilian. in the US the Police would probably shoot the homeless guy, the perp, and finally the girl just for good measure. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From guninski at guninski.com Tue Sep 8 04:54:26 2015 From: guninski at guninski.com (Georgi Guninski) Date: Tue, 8 Sep 2015 14:54:26 +0300 Subject: Script Kiddie Killed in Drone Strike In-Reply-To: References: Message-ID: <20150908115426.GC2715@sivokote.iziade.m$> On Mon, Sep 07, 2015 at 01:48:28PM -0700, Rich Jones wrote: > Update to this: ISIS Twitter claiming this was the result of backdoors the ' > Surespot > ' > "secure" messaging application. > > https://twitter.com/p_vanostaeyen/status/639165071072038913 > > On Wed, Aug 26, 2015 at 2:33 PM, Rich Jones wrote: > > > > > http://www.mirror.co.uk/news/world-news/junaid-hussain-dead-isis-computer-6326361 > > https://en.wikipedia.org/wiki/Junaid_Hussain > > > > Apparently one of the TeaMp0isoN founders was just killed by a US drone > > strike in Syria. Crazy times. > > > > According to the.. fairly questionable.. article linked above, he was #3 > > on the US kill list, "behind only Jihadi John and ISIS leader Abu Bakr > > al-Baghdadi"! Not bad for a guy most famous for SQL injections.. I wonder > > who took his place on the list. > > > > R > > Hope they don't use nuclear weapons against APT hackers near me. Still remember the Chernobyl disaster from sufficiently large distance (wasn't too small child then). From guninski at guninski.com Tue Sep 8 05:19:39 2015 From: guninski at guninski.com (Georgi Guninski) Date: Tue, 8 Sep 2015 15:19:39 +0300 Subject: Brazil hero homeless man dead after save a woman from gunman In-Reply-To: <5529287.Yxon4zfi8W@lapuntu> References: <20150908102544.GB2715@sivokote.iziade.m$> <5529287.Yxon4zfi8W@lapuntu> Message-ID: <20150908121939.GD2715@sivokote.iziade.m$> On Tue, Sep 08, 2015 at 02:05:51PM +0200, rysiek wrote: > > IMHO ALL security is (sad for most) joke, not only Brazilian. > > in the US the Police would probably shoot the homeless guy, the perp, and > finally the girl just for good measure. > Just being equal opportunity troll ;) The EU pours many billions of euros in Ponzi schemes like Greece. In the EU thousands of refugees (immigrants) pass "illegally" cross country borders easily (saw this on TV) and the EU claims it fights drugs. Economic slavery is not so different than physical slavery IMHO. From rysiek at hackerspace.pl Tue Sep 8 11:02:33 2015 From: rysiek at hackerspace.pl (rysiek) Date: Tue, 08 Sep 2015 20:02:33 +0200 Subject: Brazil hero homeless man dead after save a woman from gunman In-Reply-To: <20150908121939.GD2715@sivokote.iziade.m$> References: <5529287.Yxon4zfi8W@lapuntu> <20150908121939.GD2715@sivokote.iziade.m$> Message-ID: <5795580.cpyOXZAt8m@lapuntu> Hi, Dnia wtorek, 8 września 2015 15:19:39 Georgi Guninski pisze: > On Tue, Sep 08, 2015 at 02:05:51PM +0200, rysiek wrote: > > > IMHO ALL security is (sad for most) joke, not only Brazilian. > > > > in the US the Police would probably shoot the homeless guy, the perp, and > > finally the girl just for good measure. > > Just being equal opportunity troll ;) Aww. :) > The EU pours many billions of euros in > Ponzi schemes like Greece. True dat. And bank bailouts. Not that the USA hasn't done just that a couple of years ago. Your point? > In the EU thousands of refugees (immigrants) pass > "illegally" cross country borders easily Since when is that (i.e. freedom of movement) a bad thing? > (saw this on TV) Aww! :) > and the EU claims it fights drugs. Since when is that (i.e. "war on drugs") a good thing? > Economic slavery is not so different than physical > slavery IMHO. Agreed. Though we do tend to have a much smaller chance of getting "suicided by a cop" here... -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From grarpamp at gmail.com Tue Sep 8 21:25:25 2015 From: grarpamp at gmail.com (grarpamp) Date: Wed, 9 Sep 2015 00:25:25 -0400 Subject: How Putin Controls the Internet and Popular Opinion in Russia Message-ID: https://theintercept.com/2015/09/08/how-putin-controls-the-russian-internet/ The key paragraph in Andrei Soldatov and Irina Borogan’s new book, The Red Web, comes surprisingly late, after the authors have described the long and ambitious construction of a wide-ranging, all-penetrating Internet surveillance and censorship system in Russia. ... Just as the Soviet system discovered that it did not need to exert total pressure in order to control its population, so the Kremlin has now demonstrated that it does not need to block every byte in order to exert utter dominance over information. From mirimir at riseup.net Tue Sep 8 23:35:53 2015 From: mirimir at riseup.net (Mirimir) Date: Wed, 9 Sep 2015 00:35:53 -0600 Subject: Bitnation system. Looks interesting. In-Reply-To: <1436476633.3579869.1441778432229.JavaMail.yahoo@mail.yahoo.com> References: <1436476633.3579869.1441778432229.JavaMail.yahoo@mail.yahoo.com> Message-ID: <55EFD349.3060704@riseup.net> On 09/09/2015 12:00 AM, jim bell wrote: > http://bitnovosti.com/2015/06/04/bitnation-pangea-releases-alpha-governance-system-based-blockchain/ > > It's in Russian.Here is the automatic translation: > > Bitnation released blokcheyn system of public administration > BY IMPGUN on 2015/06/04 • (53)Bitnation, project development blokcheyn system of public administration 2.0, headed by charismatic founder Suzanne Tarkovsky-Templhof (Susanne Tarkowski Tempelhof), released an alpha version of the platformBitnation Pangea. The release is version 0.1.0, and can not boast of stability and broad functionality, but it is based on the idea of a truly revolutionary and can have important consequences.«Bitnation - an operating system for the public administration 2.0, designed to undermine the oligopoly of nation states due to more convenient, secure and cost-effective management services, - said Bitcoin Magazine Templhof Tarkovsky, who worked for many years in various troubled regions of the world. - As the world due to globalization leaves the current paradigm of the nation-state, it is possible to implement a completely new solution that enables service providers to many competing public administration to take the place of states which for centuries m a intained its geographical monopoly violent means. "Developers Bitnation Pangea want to create a platform for the world's first nation to blokcheyne that would provide all the services of traditional states and replace them with voluntary communities. The ultimate goal Bitnation - to create a new world in which everyone will be able to choose their nation, few nations do not choose none at all, or even create their own nation on the platform Bitnation. > "The alternative, which is now leaning to the world - a global organization in the spirit of the United Nations that the management plan will be even worse than the current structures, because they will try to mow one size fits all - says Tarkovsky-Templhof. - We strive to Bitnation prevent this development by creating an environment of competing service providers using blokcheyn Bitcoin - in fact, to develop a protocol kriptonatsy open source. " > The core platform consists of a system for tracking identity and reputation (passport Bitnation), of dispute resolution, the notary and libraries (decentralized) management applications in the style of "do it yourself", with which users can create, upload to the network, spread in share or sell their own (decentralized) management applications. The plans - services for marriages and wills, contracts for child care, birth certificates of land ownership, the establishment of corporations and trade interests in them, unemployment insurance and health insurance, pensions, security and diplomatic services.Alpha release, which is updated in real time in response to user feedback in discussion groups Bitnation, already includes some interesting features such as the ability to register blokcheyne document with a time stamp.Previous pilot projects include Bitnation first marriage registered in blokcheyne, and first-blokcheyn passport. Bitnation also developed land registry and successfully t ested it in Ghana, where 70% of the land is not registered any property rights, which discourages investment and lending on the security of land.After studying many blokcheyn protocols developers Bitnation for the release of the first release of Pangea joined forces with the founders of Project Horizon and Blocknet. The alpha version used blokcheyn Horizon, but the technology will support Blocknet and other blokcheynov. According to Tarkovsky-Templhof, future releases will not be limited Pangea blokcheynami altkoynov, and be able to use blokcheyn Bitcoin, which should positively influence the prospects of the project. > «Bitnation - it is a truly innovative concept, and we are pleased to provide them with a platform for development - said Arlene Kalvik (Arlyn Culwick), one of the project participants Blocknet. - We believe that providing interaction blokcheynov, Blocknet will help unlock the full potential of blokcheyn technologies. "«Bitnation - a revolutionary idea, which we believe will radically change the world for the better - said Tarkovsky-Templhof in the previous press release. - And yet, as we are the first one who really tries to challenge the relevance of the construct of nation-states to implement existing ideas is sometimes not easy. " > One of the main problems is the financing of the project, so the group Bitnation, which until recently largely relied on the efforts of volunteers willing to accept moderate investment by business angels, to create a more solid basis for development.Giulio Prisco (Guilio Prisco), May 20, 2015Source: bitcoinmagazine.com https://bitcoinmagazine.com/20479/bitnation-pangea-releases-alpha-governance-system-based-blockchain/ From juan.g71 at gmail.com Tue Sep 8 23:17:43 2015 From: juan.g71 at gmail.com (Juan) Date: Wed, 9 Sep 2015 03:17:43 -0300 Subject: Bitnation system. Looks interesting. In-Reply-To: <1436476633.3579869.1441778432229.JavaMail.yahoo@mail.yahoo.com> References: <1436476633.3579869.1441778432229.JavaMail.yahoo@mail.yahoo.com> Message-ID: <55efce32.9d29370a.48c3c.0da1@mx.google.com> On Wed, 9 Sep 2015 06:00:32 +0000 (UTC) jim bell wrote: > http://bitnovosti.com/2015/06/04/bitnation-pangea-releases-alpha-governance-system-based-blockchain/ > http://www.bitnation-blog.com/ From zen at freedbms.net Tue Sep 8 21:55:30 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Wed, 9 Sep 2015 04:55:30 +0000 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: References: Message-ID: On 9/9/15, grarpamp wrote: > https://theintercept.com/2015/09/08/how-putin-controls-the-russian-internet/ > The key paragraph in Andrei Soldatov and Irina Borogan’s new book, The > Red Web, comes surprisingly late, after the authors have described the > long and ambitious construction of a wide-ranging, all-penetrating > Internet surveillance and censorship system in Russia. > ... > Just as the Soviet system discovered that it did not need to exert > total pressure in order to control its population, so the Kremlin has > now demonstrated that it does not need to block every byte in order to > exert utter dominance over information. "In other words, by the 1970s the system had determined the minimum amount of pressure required to turn these people into its willing [information] executioners — and it was minimal indeed. A little bit of privilege, even a decent salary combined with the opportunity to practice one’s trade, was often enough." ... A really unique situation, nothing like "the west". Just as well we have the example of the USA in demonstrating true protection of freedom of speech, democracy and the international rule of law - almost had me worried there for a moment. From jdb10987 at yahoo.com Tue Sep 8 23:00:32 2015 From: jdb10987 at yahoo.com (jim bell) Date: Wed, 9 Sep 2015 06:00:32 +0000 (UTC) Subject: Bitnation system. Looks interesting. Message-ID: <1436476633.3579869.1441778432229.JavaMail.yahoo@mail.yahoo.com> http://bitnovosti.com/2015/06/04/bitnation-pangea-releases-alpha-governance-system-based-blockchain/ It's in Russian.Here is the automatic translation: Bitnation released blokcheyn system of public administration BY IMPGUN on 2015/06/04 • (53)Bitnation, project development blokcheyn system of public administration 2.0, headed by charismatic founder Suzanne Tarkovsky-Templhof (Susanne Tarkowski Tempelhof), released an alpha version of the platformBitnation Pangea. The release is version 0.1.0, and can not boast of stability and broad functionality, but it is based on the idea of a truly revolutionary and can have important consequences.«Bitnation - an operating system for the public administration 2.0, designed to undermine the oligopoly of nation states due to more convenient, secure and cost-effective management services, - said Bitcoin Magazine Templhof Tarkovsky, who worked for many years in various troubled regions of the world. - As the world due to globalization leaves the current paradigm of the nation-state, it is possible to implement a completely new solution that enables service providers to many competing public administration to take the place of states which for centuries maintained its geographical monopoly violent means. "Developers Bitnation Pangea want to create a platform for the world's first nation to blokcheyne that would provide all the services of traditional states and replace them with voluntary communities. The ultimate goal Bitnation - to create a new world in which everyone will be able to choose their nation, few nations do not choose none at all, or even create their own nation on the platform Bitnation. "The alternative, which is now leaning to the world - a global organization in the spirit of the United Nations that the management plan will be even worse than the current structures, because they will try to mow one size fits all - says Tarkovsky-Templhof. - We strive to Bitnation prevent this development by creating an environment of competing service providers using blokcheyn Bitcoin - in fact, to develop a protocol kriptonatsy open source. " The core platform consists of a system for tracking identity and reputation (passport Bitnation), of dispute resolution, the notary and libraries (decentralized) management applications in the style of "do it yourself", with which users can create, upload to the network, spread in share or sell their own (decentralized) management applications. The plans - services for marriages and wills, contracts for child care, birth certificates of land ownership, the establishment of corporations and trade interests in them, unemployment insurance and health insurance, pensions, security and diplomatic services.Alpha release, which is updated in real time in response to user feedback in discussion groups Bitnation, already includes some interesting features such as the ability to register blokcheyne document with a time stamp.Previous pilot projects include Bitnation first marriage registered in blokcheyne, and first-blokcheyn passport. Bitnation also developed land registry and successfully tested it in Ghana, where 70% of the land is not registered any property rights, which discourages investment and lending on the security of land.After studying many blokcheyn protocols developers Bitnation for the release of the first release of Pangea joined forces with the founders of Project Horizon and Blocknet. The alpha version used blokcheyn Horizon, but the technology will support Blocknet and other blokcheynov. According to Tarkovsky-Templhof, future releases will not be limited Pangea blokcheynami altkoynov, and be able to use blokcheyn Bitcoin, which should positively influence the prospects of the project. «Bitnation - it is a truly innovative concept, and we are pleased to provide them with a platform for development - said Arlene Kalvik (Arlyn Culwick), one of the project participants Blocknet. - We believe that providing interaction blokcheynov, Blocknet will help unlock the full potential of blokcheyn technologies. "«Bitnation - a revolutionary idea, which we believe will radically change the world for the better - said Tarkovsky-Templhof in the previous press release. - And yet, as we are the first one who really tries to challenge the relevance of the construct of nation-states to implement existing ideas is sometimes not easy. " One of the main problems is the financing of the project, so the group Bitnation, which until recently largely relied on the efforts of volunteers willing to accept moderate investment by business angels, to create a more solid basis for development.Giulio Prisco (Guilio Prisco), May 20, 2015Source: bitcoinmagazine.com -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 17744 bytes Desc: not available URL: From jya at pipeline.com Wed Sep 9 05:21:36 2015 From: jya at pipeline.com (John Young) Date: Wed, 09 Sep 2015 08:21:36 -0400 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: References: Message-ID: This from the journalists who check with USG before publishing Snowden documents as Snowden allegedly requires "to avoid harm to the US." Fingerpointing at Putin is obligatory for those working the Broadcasting Board of Governors propaganda beat. The Internet as an unprecedented global spying and propaganda machine has been long noted and carefully exploited by all varieties of spies and media -- used by all governments, but by US first and foremost. For a few years the Information Highway was perceived as a marvelous invention for public education and discourse, even a whiz-bang tool for shaping politics and government, empowering the citizenry. Was long before it was understood to be a gov-com-edu-org hegemon siphoning user data indiscriminately, some openly, some secretly. Encryption has been advocated to maintain citizen privacy and security. That too has been exposed as illusory, but die-hard security promoters will not sacrifice reputation and profits for perpetuating the notion that reliable infosec and comsec are "the best we can do, don't expect absolute security." Meanwhile continuting to rig standards and products to fit USG contracting requirements. Keeping up with these requirements is a top requirement for benefiting from official secrets. Still unrevealed by Snowden is what he did as CIA IT employee for many years before a few months deep undercover NOC as an NSA contractor. At 12:25 AM 9/9/2015, you wrote: >https://theintercept.com/2015/09/08/how-putin-controls-the-russian-internet/ >The key paragraph in Andrei Soldatov and Irina Boroganâs new book, The >Red Web, comes surprisingly late, after the authors have described the >long and ambitious construction of a wide-ranging, all-penetrating >Internet surveillance and censorship system in Russia. >... >Just as the Soviet system discovered that it did not need to exert >total pressure in order to control its population, so the Kremlin has >now demonstrated that it does not need to block every byte in order to >exert utter dominance over information. From kanzure at gmail.com Wed Sep 9 09:39:51 2015 From: kanzure at gmail.com (Bryan Bishop) Date: Wed, 9 Sep 2015 11:39:51 -0500 Subject: Bitnation system. Looks interesting. In-Reply-To: References: <1436476633.3579869.1441778432229.JavaMail.yahoo@mail.yahoo.com> <55EFD349.3060704@riseup.net> Message-ID: On Wed, Sep 9, 2015 at 11:30 AM, Lodewijk andré de la porte wrote: > Bitnation is fascinating, thought provoking, but it seems somewhat off. http://cointelegraph.com/news/112725/bitnation-core-dev-team-resigns-speaks-out-before-crowdsale - Bryan http://heybryan.org/ 1 512 203 0507 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 851 bytes Desc: not available URL: From komachi at openmailbox.org Wed Sep 9 07:14:29 2015 From: komachi at openmailbox.org (Anton Nesterov) Date: Wed, 09 Sep 2015 14:14:29 +0000 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: References: Message-ID: <55F03EC5.5070504@openmailbox.org> John Young: > This from the journalists who check with USG before publishing Snowden > documents as Snowden allegedly requires "to avoid harm to the US." Soldatov is actually critical of Snowden mainly because of this http://www.buzzfeed.com/andreisoldatov/how-edward-snowden-inadvertenly-helped-vladimir-putins-inter > Fingerpointing at Putin is obligatory for those working the Broadcasting > Board of Governors propaganda beat. It's not fingerpointing. US is not the only country with surveillance. Russia has surveillance. Many surveillance. > The Internet as an unprecedented global spying and propaganda machine > has been long noted and carefully exploited by all varieties of spies and > media -- used by all governments, but by US first and foremost. SORM works from 2000, it's hard to compare Russian and US surveillance technologically, but Russia use it on larger scale for sure. SORM covers 100% of Internet connections, installing SORM is forced by law. But even if US has the most advanced surveillance system, it doesn't mean that you should ignore surveillance in other countries. -- https://nesterov.pw GPG key: 0CE8 65F1 9043 2B11 25A5 74A7 1187 6869 67AA 56E4 https://keybase.io/komachi/key.asc From komachi at openmailbox.org Wed Sep 9 07:36:54 2015 From: komachi at openmailbox.org (Anton Nesterov) Date: Wed, 09 Sep 2015 14:36:54 +0000 Subject: Russia failed to break Tor Message-ID: <55F04406.2080109@openmailbox.org> A company hired by the Russian Interior Ministry to identify users of the Tor network, an anonymous Internet browser, has announced its plans to terminate its state contract without finishing the task. According to the Russian newspaper Kommersant, the Russian Interior Ministry signed a series of contracts in 2013 and in 2014 with a company called “the Central Scientific Institute for Economics, IT and Management Systems” (CSI EIM) to study and to fight online anonymity. The newspaper reports that CSI EIM has now hired lawyers, in order to terminate its four government contracts. Information about the contracts between CSI EIM and the Interior Ministry is classified. According to an investigation conducted by Kommersant, however, one of the agreements, under the code name “TOR (Flot),” involved studying how to retrieve information about Tor users and investigating what technologies Tor uses. CSI EIM was supposed to earn 3.9 million rubles ($57,540) for the work. In addition, CSI EIM won a government contract in 2014 for 20 million rubles ($295,000), known under the code name “Chameleon-2,” involving “the creation of a hardware and software complex for allowing secret and anonymous remote access to strategically important information.” The Interior Ministry has refused to comment. https://meduza.io/en/news/2015/09/09/the-russian-government-hired-people-hack-the-tor-browser-but-they-failed-and-now-they-re-quitting Tender to crack Tor http://zakupki.gov.ru/epz/order/notice/zkk44/view/common-info.html?regNumber=0373100088714000008 Archived version with Tor in description https://archive.is/gCweX Tender that has info on termination of tender to crack Tor http://zakupki.gov.ru/223/purchase/public/purchase/info/common-info.html?noticeId=2423688&epz=true -- https://nesterov.pw GPG key: 0CE8 65F1 9043 2B11 25A5 74A7 1187 6869 67AA 56E4 https://keybase.io/komachi/key.asc From mjbecze at gmail.com Wed Sep 9 09:41:56 2015 From: mjbecze at gmail.com (Martin Becze) Date: Wed, 9 Sep 2015 16:41:56 +0000 Subject: Bitnation system. Looks interesting. In-Reply-To: References: <1436476633.3579869.1441778432229.JavaMail.yahoo@mail.yahoo.com> <55EFD349.3060704@riseup.net> Message-ID: >somewhat off Yeah the founder went/is crazy, there is no technical work done and all of the developers that were working on the project quite. On Wed, Sep 9, 2015 at 4:30 PM, Lodewijk andré de la porte wrote: > It's documentation is overly verbose, speculative, assuming and unclear. > > I love the idea of providing services that the government usually tends > to. > > I somewhat know what marriage before God means. I somewhat know what > marriage before the State means. I have no idea what marriage before the > Blockchain means. Probably no more than lovers' tree-carvings. > > Relationship to reality is the hardest part - it's also where things like > enforcement starts turning it's ugly head. > > I'd argue marriage before state is an artifact of the marriage between > church and state. Relationships, commitments, etc, these would be better > explained in contract. Contracts can go onto a blockchain. Generic. Neat. > Unpretentious. > > Bitnation is fascinating, thought provoking, but it seems somewhat off. > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1790 bytes Desc: not available URL: From guninski at guninski.com Wed Sep 9 07:53:20 2015 From: guninski at guninski.com (Georgi Guninski) Date: Wed, 9 Sep 2015 17:53:20 +0300 Subject: Russia failed to break Tor In-Reply-To: <55F04406.2080109@openmailbox.org> References: <55F04406.2080109@openmailbox.org> Message-ID: <20150909145320.GI2808@sivokote.iziade.m$> On Wed, Sep 09, 2015 at 02:36:54PM +0000, Anton Nesterov wrote: > A company hired by the Russian Interior Ministry to identify users of > the Tor network, an anonymous Internet browser, has announced its plans > to terminate its state contract without finishing the task. > What if this is disinformation? You probably know who finances TOR. If me broke TOR, me wouldn't like the TOR users to know they are de-anonymized (this is hinted in Snowden's docs). Totally offtopic, but somewhat amusing: URRGH! Evil app WATCHES YOU WATCHING PORN, snaps your grimace http://www.theregister.co.uk/2015/09/08/pr0n_app_takes_blackmail_pics_ransom/ From rich at openwatch.net Wed Sep 9 18:08:09 2015 From: rich at openwatch.net (Rich Jones) Date: Wed, 9 Sep 2015 18:08:09 -0700 Subject: Hostages for Sale on Telegram Message-ID: More for the ISIS-loves-"Secure"-Messaging-Apps folder: "Dabiq 11 released by terror group ISIS. At the end it notes 2 new foreign hostages; 1 Chinese and other Norweigan." https://twitter.com/DrPartizan_/status/641671841380179968 Click through for pictures and Telegram number. R -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 459 bytes Desc: not available URL: From l at odewijk.nl Wed Sep 9 09:30:53 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Wed, 9 Sep 2015 18:30:53 +0200 Subject: Bitnation system. Looks interesting. In-Reply-To: <55EFD349.3060704@riseup.net> References: <1436476633.3579869.1441778432229.JavaMail.yahoo@mail.yahoo.com> <55EFD349.3060704@riseup.net> Message-ID: It's documentation is overly verbose, speculative, assuming and unclear. I love the idea of providing services that the government usually tends to. I somewhat know what marriage before God means. I somewhat know what marriage before the State means. I have no idea what marriage before the Blockchain means. Probably no more than lovers' tree-carvings. Relationship to reality is the hardest part - it's also where things like enforcement starts turning it's ugly head. I'd argue marriage before state is an artifact of the marriage between church and state. Relationships, commitments, etc, these would be better explained in contract. Contracts can go onto a blockchain. Generic. Neat. Unpretentious. Bitnation is fascinating, thought provoking, but it seems somewhat off. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1059 bytes Desc: not available URL: From juan.g71 at gmail.com Wed Sep 9 16:02:34 2015 From: juan.g71 at gmail.com (Juan) Date: Wed, 9 Sep 2015 20:02:34 -0300 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <6619420.kEgClR5EXu@lapuntu> References: <6619420.kEgClR5EXu@lapuntu> Message-ID: <55f0b996.6a15370a.19c54.ffff9df5@mx.google.com> On Thu, 10 Sep 2015 00:52:47 +0200 rysiek wrote: > Dnia środa, 9 września 2015 08:21:36 John Young pisze: > > This from the journalists who check with USG before publishing > > Snowden documents as Snowden allegedly requires "to avoid harm to > > the US." > > > > Fingerpointing at Putin is obligatory for those working the > > Broadcasting Board of Governors propaganda beat. > > The fact that A is evil, and A is B's adversary, doesn't > automagically make B not evil. Kindly point out where JY said the russian government was not evil. > > The fact that there's a lot wrong with US of A, and USA and Russia > don't really cooperate well, does not make what's happening in Russia > magically okay. Kindly point out where JY said that what's happening in russia (whatever that is) is okay. On the other hand rysiek given your laughable & constant defense of the pentagon-funded tor-cunts, you are not really in a position to be pointing too many fingers. > > Why there's so many people defending Russian system just because > USA-Russia relations are not superfriendly is beyond me. > ... From ryan.pear at ownbay.net Wed Sep 9 13:53:35 2015 From: ryan.pear at ownbay.net (ryan.pear at ownbay.net) Date: Wed, 09 Sep 2015 20:53:35 +0000 Subject: Repbin release v0.0.2 Message-ID: We're happy to announce the release v0.0.2 of Repbin: The replicated, encrypted, distributed and anonymized pastebin. Changes include: Better terminal usability, sqlite/mysql backend, binaries! Check here for release source code and client binaries: https://github.com/repbin/repbin/releases/tag/v0.0.2 About Repbin: Repbin is an encrypted pastebin for the command line that runs over Tor! Repbin servers form a distributed network where nodes sync posts with each other (like in Usenet or BBS/Fido systems). This makes Repbin resilient and scalable. Repbin focuses on privacy (encrypted messages) and anonymity (padding and repost chains). To limit spam and denial-of-service attacks, Repbin uses the Hashcash proof-of-work algorithm which is widely known from Bitcoin mining. Learn more about Repbin here: https://github.com/repbin/repbin/blob/master/README.md From jdb10987 at yahoo.com Wed Sep 9 14:48:56 2015 From: jdb10987 at yahoo.com (jim bell) Date: Wed, 9 Sep 2015 21:48:56 +0000 (UTC) Subject: Repbin release v0.0.2 In-Reply-To: References: Message-ID: <1726332927.1564988.1441835336954.JavaMail.yahoo@mail.yahoo.com> >About Repbin: >Repbin is an encrypted pastebin for the command line that runs over Tor! >Repbin servers form a distributed network where nodes sync posts with >each other (like in Usenet or BBS/Fido systems). This makes Repbin >resilient and scalable. Repbin focuses on privacy (encrypted messages) >and anonymity (padding and repost chains). To limit spam and >denial-of-service attacks, Repbin uses the Hashcash proof-of-work >algorithm which is widely known from Bitcoin mining. >Learn more about Repbin here: >https://github.com/repbin/repbin/blob/master/README.md Has anybody ever considered the idea of doing otherwise-useful CPU work with the power currently expended by computing hashes in Bitcoin mining? The most obvious application would be weather forecasting: It could use a huge amount of computation, on a continuously ongoing basis, and is valuable to every nation on earth. Whether it can be lasso'ed into a bitcoin-mining engine, I don't know. Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2108 bytes Desc: not available URL: From mezger.benjamin at gmail.com Wed Sep 9 18:25:29 2015 From: mezger.benjamin at gmail.com (Ben Mezger) Date: Wed, 09 Sep 2015 22:25:29 -0300 Subject: Hostages for Sale on Telegram In-Reply-To: References: Message-ID: Hmm, "Excuse me @telegram but ISIS are using YOUR network/application to sell hostage. Please find more info. on that number!!" Well, I would agree with that, but that would probably break Telegram's policy of "privacy", no? Rich Jones writes: > More for the ISIS-loves-"Secure"-Messaging-Apps folder: > > "Dabiq 11 released by terror group ISIS. At the end it notes 2 new foreign > hostages; 1 Chinese and other Norweigan." > > https://twitter.com/DrPartizan_/status/641671841380179968 > > Click through for pictures and Telegram number. > > R -- Sent with my mu4e -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 800 bytes Desc: not available URL: From grarpamp at gmail.com Wed Sep 9 21:16:48 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 10 Sep 2015 00:16:48 -0400 Subject: John McAfee Runs For US President In 2016 Under Cyber Party Message-ID: https://mcafee16.com/ http://cyberparty.org/ https://en.wikipedia.org/wiki/John_McAfee http://www.whoismcafee.com/ http://www.futuretensecentral.com/ https://twitter.com/officialmcafee https://twitter.com/JohnMcAfeeStory http://johnmcafeestory.com/ From rysiek at hackerspace.pl Wed Sep 9 15:47:31 2015 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 10 Sep 2015 00:47:31 +0200 Subject: Repbin release v0.0.2 In-Reply-To: <1726332927.1564988.1441835336954.JavaMail.yahoo@mail.yahoo.com> References: <1726332927.1564988.1441835336954.JavaMail.yahoo@mail.yahoo.com> Message-ID: <6193628.0yFTp10ebS@lapuntu> Dnia środa, 9 września 2015 21:48:56 jim bell pisze: > >About Repbin: > >Repbin is an encrypted pastebin for the command line that runs over Tor! > >Repbin servers form a distributed network where nodes sync posts with > >each other (like in Usenet or BBS/Fido systems). This makes Repbin > >resilient and scalable. Repbin focuses on privacy (encrypted messages) > >and anonymity (padding and repost chains). To limit spam and > >denial-of-service attacks, Repbin uses the Hashcash proof-of-work > >algorithm which is widely known from Bitcoin mining. > >Learn more about Repbin here: > >https://github.com/repbin/repbin/blob/master/README.md > > Has anybody ever considered the idea of doing otherwise-useful CPU work with > the power currently expended by computing hashes in Bitcoin mining? My dream would be a distributed github replacement (a'la gitchain) where proof-of-work is somehow related to compilation, running tests, or somesuch. > The most obvious application would be weather forecasting: It could use a > huge amount of computation, on a continuously ongoing basis, and is valuable > to every nation on earth. Whether it can be lasso'ed into a bitcoin-mining > engine, I don't know. Probably not -- the "thing" mined has to be easily verifiable by other nodes. How does one verify a weather forecast in such a setting? ;) -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Wed Sep 9 15:52:47 2015 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 10 Sep 2015 00:52:47 +0200 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: References: Message-ID: <6619420.kEgClR5EXu@lapuntu> Dnia środa, 9 września 2015 08:21:36 John Young pisze: > This from the journalists who check with USG before publishing Snowden > documents as Snowden allegedly requires "to avoid harm to the US." > > Fingerpointing at Putin is obligatory for those working the Broadcasting > Board of Governors propaganda beat. The fact that A is evil, and A is B's adversary, doesn't automagically make B not evil. The fact that there's a lot wrong with US of A, and USA and Russia don't really cooperate well, does not make what's happening in Russia magically okay. Why there's so many people defending Russian system just because USA-Russia relations are not superfriendly is beyond me. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From grarpamp at gmail.com Wed Sep 9 22:18:50 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 10 Sep 2015 01:18:50 -0400 Subject: Hostages for Sale on Telegram In-Reply-To: References: Message-ID: On Wed, Sep 9, 2015 at 9:08 PM, Rich Jones wrote: > More for the ISIS-loves-"Secure"-Messaging-Apps folder: https://www.youtube.com/watch?v=FmBNVMk_AGs https://en.wikipedia.org/wiki/Telegram_(software) https://en.wikipedia.org/wiki/Surespot https://en.wikipedia.org/wiki/Wickr https://antipolygraph.org/blog/2015/06/07/developers-silence-raises-concern-about-surespot-encrypted-messenger/ https://twitter.com/cybercaliphate https://twitter.com/search?q=cybercaliphate https://twitter.com/search?q=cyphercaliphate https://pbs.twimg.com/media/COOxuq-WIAAG8pQ.jpg https://www.google.com/search?tbm=isch&q=cyber+caliphate http://www.dailytech.com/Anonymous+vs+the+ISIS+Cyber+Caliphate++War+in+the+Middle+East+Goes+Digital/article37154.htm http://www.nydailynews.com/news/national/isis-hacker-group-cyber-caliphate-hacks-article-1.2067634 https://news.vice.com/article/the-islamic-states-top-hacker-was-killed-in-a-us-drone-strike https://en.wikipedia.org/wiki/Junaid_Hussain https://www.youtube.com/user/TeaMp0ison/videos http://homeland.house.gov/sites/homeland.house.gov/files/documents/06-03-15-McCaul-Open.pdf https://twitter.com/p_vanostaeyen/status/639165071072038913 https://pbs.twimg.com/media/CN7FPdKXAAEucGl.jpg https://twitter.com/lorenzoFB/status/638818414958477312 https://www.washingtonpost.com/world/national-security/us-launches-secret-drone-campaign-to-hunt-islamic-state-leaders-in-syria/2015/09/01/723b3e04-5033-11e5-933e-7d06c647a395_story.html > https://twitter.com/DrPartizan_/status/641671841380179968 > Click through for pictures and Telegram number. https://pbs.twimg.com/media/COetId6WwAAmKzB.jpg https://pbs.twimg.com/media/COetId6WIAAJGAg.jpg +9647705648252 From grarpamp at gmail.com Wed Sep 9 22:43:58 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 10 Sep 2015 01:43:58 -0400 Subject: Distributed Computing [was: Repbin release v0.0.2] Message-ID: On Wed, Sep 9, 2015 at 5:48 PM, jim bell wrote: > Has anybody ever considered the idea of doing otherwise-useful CPU work with Plenty of distributed computing efforts out there... BOINC, SetiAtHome, etc. https://en.wikipedia.org/wiki/Distributed_computing > the power currently expended by computing hashes in Bitcoin mining? The > most obvious application would be weather forecasting: It could use a huge > amount of computation, on a continuously ongoing basis, and is valuable to > every nation on earth. Whether it can be lasso'ed into a bitcoin-mining > engine, I don't know. Back when mining was done with GPU's, maybe, utilizing the newly installed base of GPGPU computing therein. https://en.wikipedia.org/wiki/General-purpose_computing_on_graphics_processing_units Today all relavant mining is done with ASIC's, and all the installed base of them can do is SHA-256, so no. https://en.wikipedia.org/wiki/Bitcoin_network#Bitcoin_mining https://bitcointalk.org/index.php?board=76.0 https://bitcointalk.org/index.php?board=81.0 rysiek wrote: > My dream would be a distributed github replacement (a'la gitchain) where > proof-of-work is somehow related to compilation, running tests, or somesuch. Maybe I just saw some news about a distributed repo. Too much distributed noise lately, so maybe not. Central here, signing off... From shelley at misanthropia.org Thu Sep 10 03:21:42 2015 From: shelley at misanthropia.org (Shelley) Date: Thu, 10 Sep 2015 03:21:42 -0700 Subject: politicopunks@cpunks.org In-Reply-To: References: Message-ID: <20150910102125.CE6C2680224@frontend2.nyi.internal> On September 10, 2015 2:17:07 AM Zenaan Harkness wrote: > Anyone else interested in a politicopunks@ email list? > Zenaan Yes. -S From grarpamp at gmail.com Thu Sep 10 00:23:04 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 10 Sep 2015 03:23:04 -0400 Subject: Repbin release v0.0.2 In-Reply-To: <9F38E5C3-C960-4AB2-A486-314613DAD8AC@cathalgarvey.me> References: <1726332927.1564988.1441835336954.JavaMail.yahoo@mail.yahoo.com> <6193628.0yFTp10ebS@lapuntu> <9F38E5C3-C960-4AB2-A486-314613DAD8AC@cathalgarvey.me> Message-ID: On Thu, Sep 10, 2015 at 2:44 AM, Cathal (Phone) wrote: > No blockchains, but you've seen gittorrent right? :) That's it. And actually, blockchains. The refs: http://blog.printf.net/articles/2015/05/29/announcing-gittorrent-a-decentralized-github/ https://github.com/cjb/GitTorrent http://code.google.com/p/gittorrent/ [gcode is dying, mirror if interested] From jya at pipeline.com Thu Sep 10 03:41:42 2015 From: jya at pipeline.com (John Young) Date: Thu, 10 Sep 2015 06:41:42 -0400 Subject: politicopunks@cpunks.org In-Reply-To: References: Message-ID: If its only about politics, why add to the monotonous brain-rot drivel. Cypherpunks list covers politics and everything else, without chopping up into marked-up and branded packages: politics, civil liberties, NSA, crypto, privacy, online diddly. each with its own political agenda, lobbyists, PACs, Dear Leaders, bribery, followers, deranged oligarchs. Sure, cypherpunks suffers from the same diseases as politics but, praise the holy founders, suffers them all at once, not piecemeal, so develops anti-bodies for all of them, to send the worms and germs to fight it out on monodrone-weakened corpuses. Finally, last two hours of a question soon over, cypherpunks has gone through a long list of failures due to politics rising to the surface as if that's all there is worth cut-throating about. Offshoots have been set up to avoid politics as a topic, or some other forbidden fruit iconizing a moderator's tits and ads. From those cpunk-siphoning Ashley Madisons have come weirdly deformed creatures and mindsets, missing some capabilities, overloaded with others -- evolving into the frankensteins of secretkeeping, thematic dwarfs and thuggish giants, you might say, like politicians and their sharks, press agents, campaign and polling leeches determined and amply paid to make politics the premier gobbler of subscribers' beliefs and fellow soldiers of murderous religion. From cathalgarvey at cathalgarvey.me Wed Sep 9 23:44:48 2015 From: cathalgarvey at cathalgarvey.me (Cathal (Phone)) Date: Thu, 10 Sep 2015 07:44:48 +0100 Subject: Repbin release v0.0.2 In-Reply-To: <6193628.0yFTp10ebS@lapuntu> References: <1726332927.1564988.1441835336954.JavaMail.yahoo@mail.yahoo.com> <6193628.0yFTp10ebS@lapuntu> Message-ID: <9F38E5C3-C960-4AB2-A486-314613DAD8AC@cathalgarvey.me> No blockchains, but you've seen gittorrent right? :) On 9 September 2015 23:47:31 IST, rysiek wrote: >Dnia środa, 9 września 2015 21:48:56 jim bell pisze: >> >About Repbin: >> >Repbin is an encrypted pastebin for the command line that runs over >Tor! >> >Repbin servers form a distributed network where nodes sync posts >with >> >each other (like in Usenet or BBS/Fido systems). This makes Repbin >> >resilient and scalable. Repbin focuses on privacy (encrypted >messages) >> >and anonymity (padding and repost chains). To limit spam and >> >denial-of-service attacks, Repbin uses the Hashcash proof-of-work >> >algorithm which is widely known from Bitcoin mining. >> >Learn more about Repbin here: >> >https://github.com/repbin/repbin/blob/master/README.md >> >> Has anybody ever considered the idea of doing otherwise-useful CPU >work with >> the power currently expended by computing hashes in Bitcoin mining? > >My dream would be a distributed github replacement (a'la gitchain) >where >proof-of-work is somehow related to compilation, running tests, or >somesuch. > >> The most obvious application would be weather forecasting: It could >use a >> huge amount of computation, on a continuously ongoing basis, and is >valuable >> to every nation on earth. Whether it can be lasso'ed into a >bitcoin-mining >> engine, I don't know. > >Probably not -- the "thing" mined has to be easily verifiable by other >nodes. >How does one verify a weather forecast in such a setting? ;) > >-- >Pozdrawiam, >Michał "rysiek" Woźniak > >Zmieniam klucz GPG :: http://rys.io/pl/147 >GPG Key Transition :: http://rys.io/en/147 -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2361 bytes Desc: not available URL: From schism at subverted.org Thu Sep 10 07:09:29 2015 From: schism at subverted.org (schism at subverted.org) Date: Thu, 10 Sep 2015 08:09:29 -0600 Subject: politicopunks@cpunks.org In-Reply-To: References: Message-ID: <20150910140929.GJ22432@lawl> On Thu, Sep 10, 2015 at 11:10:44AM +0000, Zenaan Harkness wrote: | On 9/10/15, John Young wrote: | > If its only about politics, why add to the monotonous brain-rot drivel. | | One man's brain-rot drivel is another man's "ahah!" moment. Or, perhaps the lack of an immediate (or at least frictionless) outlet for brain-rot drivel might give one pause to consider whether it warrants posting. Perhaps the resistance you feel is not to politics but to the notability and usefulness of the content itself. It is my experience that such forks are borne of individuals resenting the friction inherent of open forums, not of wishing free and open discourse. If a forum is explicitly open and yet you experience resistance to your ideas there are two probable causes. One is that those resisting are fools, the other is that you're full of shit. One would do best to consider both equally (even simultaneously) probable. From Rayzer at riseup.net Thu Sep 10 08:49:52 2015 From: Rayzer at riseup.net (Razer) Date: Thu, 10 Sep 2015 08:49:52 -0700 Subject: John McAfee Runs For US President In 2016 Under Cyber Party In-Reply-To: References: Message-ID: <55F1A6A0.5010905@riseup.net> On 09/09/2015 09:16 PM, grarpamp wrote: > https://mcafee16.com/ > http://cyberparty.org/ > https://en.wikipedia.org/wiki/John_McAfee > http://www.whoismcafee.com/ > http://www.futuretensecentral.com/ > https://twitter.com/officialmcafee > https://twitter.com/JohnMcAfeeStory > http://johnmcafeestory.com/ > Two words, actually three. Lawrence. Lessig. Rational. Something bad happened to McAfee's brain. Maybe he ate one too many South American DMT-ridden plants or lizards. Besides, Feudal Libertarian. http://www.alternet.org/election-2016/larry-lessig-launches-2016-democratic-presidential-bid-reform-campaign-finances-and https://lessig2016.us/ Free Culture: http://www.free-culture.cc/freecontent/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: From zen at freedbms.net Thu Sep 10 02:05:02 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Thu, 10 Sep 2015 09:05:02 +0000 Subject: John McAfee Runs For US President In 2016 Under Cyber Party In-Reply-To: <3923616.0r0mpAI9Mp@lapuntu> References: <3923616.0r0mpAI9Mp@lapuntu> Message-ID: OK, so, so far pretty much every individual who makes it to a top position of power, seems to start out with good intentions, only to take a dive on their policies, principles and decency (illegal wars, increasing internal monitoring, no roll back of victimless crimes, etc etc). How could John be potentially any different? Perhaps he could have a 24/7 audio and video broadcast, in real time, so the citizenry can monitor him at all times? Perhaps someone could ask him a long list of Policy/Accountability Promises Questions, and then he can be slashdot-questioned every 2 months on his performance on every one of his platform positions? Has this guy been compromised already? (Compromising sex pictures, drug charges kept under the table, monetary bribes/compromise.) How can the usual types of compromise, which evidently occur for most (all?) USA presidents in the last century, be handled by We the People? Would love to see some possibility of A Better Obama... From zen at freedbms.net Thu Sep 10 02:06:51 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Thu, 10 Sep 2015 09:06:51 +0000 Subject: politicopunks@cpunks.org Message-ID: Anyone else interested in a politicopunks@ email list? Zenaan From tigrutigru at gmail.com Thu Sep 10 00:19:21 2015 From: tigrutigru at gmail.com (tigrutigru at gmail.com) Date: Thu, 10 Sep 2015 09:19:21 +0200 Subject: Subject: Re: Bitnation system. Looks interesting. In-Reply-To: References: Message-ID: <9F88CEB5-0C6D-4443-BE62-1731BFEC1F7E@gmail.com> It seems like there's a confusion between contracts and cryotocontracts? > On 10 Sep 2015, at 7:19 am, cypherpunks-request at cpunks.org wrote: > > Send cypherpunks mailing list submissions to > cypherpunks at cpunks.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://cpunks.org/mailman/listinfo/cypherpunks > or, via email, send a message with subject or body 'help' to > cypherpunks-request at cpunks.org > > You can reach the person managing the list at > cypherpunks-owner at cpunks.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of cypherpunks digest..." > > > Today's Topics: > > 1. Re: Bitnation system. Looks interesting. > (Lodewijk andré de la porte) > 2. Re: Bitnation system. Looks interesting. (Bryan Bishop) > 3. Re: Bitnation system. Looks interesting. (Martin Becze) > 4. Repbin release v0.0.2 (ryan.pear at ownbay.net) > 5. Re: Repbin release v0.0.2 (jim bell) > 6. Re: How Putin Controls the Internet and Popular Opinion in > Russia (rysiek) > 7. Re: How Putin Controls the Internet and Popular Opinion in > Russia (Juan) > 8. Re: Repbin release v0.0.2 (rysiek) > 9. Hostages for Sale on Telegram (Rich Jones) > 10. Re: Hostages for Sale on Telegram (Ben Mezger) > 11. John McAfee Runs For US President In 2016 Under Cyber Party > (grarpamp) > 12. Re: Hostages for Sale on Telegram (grarpamp) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 9 Sep 2015 18:30:53 +0200 > From: Lodewijk andré de la porte > To: Mirimir > Cc: "cypherpunks at cpunks.org" > Subject: Re: Bitnation system. Looks interesting. > Message-ID: > > Content-Type: text/plain; charset="utf-8" > > It's documentation is overly verbose, speculative, assuming and unclear. > > I love the idea of providing services that the government usually tends to. Everyone loves ideas that Bitnation put their brand on. > > I somewhat know what marriage before God means. I somewhat know what > marriage before the State means. I have no idea what marriage before the > Blockchain means. Probably no more than lovers' tree-carvings. Exactly. Proof-of-existence. I don't understand what it has to do with Bitnation brand. Someone just wants to look cool. What exactly Bitnationare building? > > Relationship to reality is the hardest part - it's also where things like > enforcement starts turning it's ugly head. > > I'd argue marriage before state is an artifact of the marriage between > church and state. Relationships, commitments, etc, these would be better > explained in contract. Yes. Obligations can be explained. Still people go to courts and dispute contracts. These are text. > Contracts can go onto a blockchain. Contracts which go on the blockchain have nothing to do with legal contracts. Parts of the text (legal) contracts can be hooked to a smart contract I guess. I guess if a married couple has a dispute over digital property or btc in a wallet, let's say a script can manage it, but how the script (smart contract) will know who in this particular dispute did what. Even with no details and subtleties involved. > Generic. Neat. > Unpretentious. > > Bitnation is fascinating, thought provoking, but it seems somewhat off. Ideas are nice. They're not necessarily coming from Bitnation. Proof of existence, or Blockchain ID for example were existing ideas which had functioning prototypes. They just don't make it sound grandiose. Bitnation has a claim to be a software project and afaik has a presale of a currency - either premined or non existent - I don't remember. I'm fine with that type of crowdfunding if there is some sort of product or a service behind it or an attempt to build it. I don't think that contemporary art project should pretend to be a software project or pretend that it can realistically offer serious services or replace existing ones. It's cool as a concept project. > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > > ------------------------------ > > Message: 2 > Date: Wed, 9 Sep 2015 11:39:51 -0500 > From: Bryan Bishop > To: Lodewijk andré de la porte , Bryan Bishop > > Cc: "cypherpunks at cpunks.org" > Subject: Re: Bitnation system. Looks interesting. > Message-ID: > > Content-Type: text/plain; charset="utf-8" > > On Wed, Sep 9, 2015 at 11:30 AM, Lodewijk andré de la porte > wrote: > >> Bitnation is fascinating, thought provoking, but it seems somewhat off. > > > http://cointelegraph.com/news/112725/bitnation-core-dev-team-resigns-speaks-out-before-crowdsale > > - Bryan > http://heybryan.org/ > 1 512 203 0507 > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > > ------------------------------ > > Message: 3 > Date: Wed, 9 Sep 2015 16:41:56 +0000 > From: Martin Becze > To: Lodewijk andré de la porte > Cc: "cypherpunks at cpunks.org" > Subject: Re: Bitnation system. Looks interesting. > Message-ID: > > Content-Type: text/plain; charset="utf-8" > >> somewhat off > Yeah the founder went/is crazy, there is no technical work done and all of > the developers that were working on the project quite. > > On Wed, Sep 9, 2015 at 4:30 PM, Lodewijk andré de la porte > wrote: > >> It's documentation is overly verbose, speculative, assuming and unclear. >> >> I love the idea of providing services that the government usually tends >> to. >> >> I somewhat know what marriage before God means. I somewhat know what >> marriage before the State means. I have no idea what marriage before the >> Blockchain means. Probably no more than lovers' tree-carvings. >> >> Relationship to reality is the hardest part - it's also where things like >> enforcement starts turning it's ugly head. >> >> I'd argue marriage before state is an artifact of the marriage between >> church and state. Relationships, commitments, etc, these would be better >> explained in contract. Contracts can go onto a blockchain. Generic. Neat. >> Unpretentious. >> >> Bitnation is fascinating, thought provoking, but it seems somewhat off. > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > > ------------------------------ > > Message: 4 > Date: Wed, 09 Sep 2015 20:53:35 +0000 > From: ryan.pear at ownbay.net > To: cypherpunks at cpunks.org > Subject: Repbin release v0.0.2 > Message-ID: > Content-Type: text/plain; charset=US-ASCII; format=flowed > > We're happy to announce the release v0.0.2 of Repbin: > The replicated, encrypted, distributed and anonymized pastebin. > > Changes include: Better terminal usability, sqlite/mysql backend, > binaries! > > Check here for release source code and client binaries: > https://github.com/repbin/repbin/releases/tag/v0.0.2 > > About Repbin: > Repbin is an encrypted pastebin for the command line that runs over Tor! > Repbin servers form a distributed network where nodes sync posts with > each other (like in Usenet or BBS/Fido systems). This makes Repbin > resilient and scalable. Repbin focuses on privacy (encrypted messages) > and anonymity (padding and repost chains). To limit spam and > denial-of-service attacks, Repbin uses the Hashcash proof-of-work > algorithm which is widely known from Bitcoin mining. > > Learn more about Repbin here: > https://github.com/repbin/repbin/blob/master/README.md > > > > ------------------------------ > > Message: 5 > Date: Wed, 9 Sep 2015 21:48:56 +0000 (UTC) > From: jim bell > To: "ryan.pear at ownbay.net" , > "cypherpunks at cpunks.org" > Subject: Re: Repbin release v0.0.2 > Message-ID: > <1726332927.1564988.1441835336954.JavaMail.yahoo at mail.yahoo.com> > Content-Type: text/plain; charset="utf-8" > >> About Repbin: >> Repbin is an encrypted pastebin for the command line that runs over Tor! >> Repbin servers form a distributed network where nodes sync posts with >> each other (like in Usenet or BBS/Fido systems). This makes Repbin >> resilient and scalable. Repbin focuses on privacy (encrypted messages) >> and anonymity (padding and repost chains). To limit spam and >> denial-of-service attacks, Repbin uses the Hashcash proof-of-work >> algorithm which is widely known from Bitcoin mining. >> Learn more about Repbin here: >> https://github.com/repbin/repbin/blob/master/README.md > Has anybody ever considered the idea of doing otherwise-useful CPU work with the power currently expended by computing hashes in Bitcoin mining? The most obvious application would be weather forecasting: It could use a huge amount of computation, on a continuously ongoing basis, and is valuable to every nation on earth. Whether it can be lasso'ed into a bitcoin-mining engine, I don't know. Jim Bell > > > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > > ------------------------------ > > Message: 6 > Date: Thu, 10 Sep 2015 00:52:47 +0200 > From: rysiek > To: cypherpunks at cpunks.org > Subject: Re: How Putin Controls the Internet and Popular Opinion in > Russia > Message-ID: <6619420.kEgClR5EXu at lapuntu> > Content-Type: text/plain; charset="utf-8" > > Dnia środa, 9 września 2015 08:21:36 John Young pisze: >> This from the journalists who check with USG before publishing Snowden >> documents as Snowden allegedly requires "to avoid harm to the US." >> >> Fingerpointing at Putin is obligatory for those working the Broadcasting >> Board of Governors propaganda beat. > > The fact that A is evil, and A is B's adversary, doesn't automagically make B > not evil. > > The fact that there's a lot wrong with US of A, and USA and Russia don't > really cooperate well, does not make what's happening in Russia magically > okay. > > Why there's so many people defending Russian system just because USA-Russia > relations are not superfriendly is beyond me. > > -- > Pozdrawiam, > Michał "rysiek" Woźniak > > Zmieniam klucz GPG :: http://rys.io/pl/147 > GPG Key Transition :: http://rys.io/en/147 > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: signature.asc > Type: application/pgp-signature > Size: 931 bytes > Desc: This is a digitally signed message part. > URL: > > ------------------------------ > > Message: 7 > Date: Wed, 9 Sep 2015 20:02:34 -0300 > From: Juan > To: cypherpunks at cpunks.org > Subject: Re: How Putin Controls the Internet and Popular Opinion in > Russia > Message-ID: <55f0b996.6a15370a.19c54.ffff9df5 at mx.google.com> > Content-Type: text/plain; charset=utf-8 > > On Thu, 10 Sep 2015 00:52:47 +0200 > rysiek wrote: > >> Dnia środa, 9 września 2015 08:21:36 John Young pisze: >>> This from the journalists who check with USG before publishing >>> Snowden documents as Snowden allegedly requires "to avoid harm to >>> the US." >>> >>> Fingerpointing at Putin is obligatory for those working the >>> Broadcasting Board of Governors propaganda beat. >> >> The fact that A is evil, and A is B's adversary, doesn't >> automagically make B not evil. > > > Kindly point out where JY said the russian government was not > evil. > >> >> The fact that there's a lot wrong with US of A, and USA and Russia >> don't really cooperate well, does not make what's happening in Russia >> magically okay. > > > Kindly point out where JY said that what's happening in russia > (whatever that is) is okay. > > > On the other hand rysiek given your laughable & constant > defense of the pentagon-funded tor-cunts, you are not really in > a position to be pointing too many fingers. > >> >> Why there's so many people defending Russian system just because >> USA-Russia relations are not superfriendly is beyond me. > > ... > > > > > > > > ------------------------------ > > Message: 8 > Date: Thu, 10 Sep 2015 00:47:31 +0200 > From: rysiek > To: cypherpunks at cpunks.org > Subject: Re: Repbin release v0.0.2 > Message-ID: <6193628.0yFTp10ebS at lapuntu> > Content-Type: text/plain; charset="utf-8" > > Dnia środa, 9 września 2015 21:48:56 jim bell pisze: >>> About Repbin: >>> Repbin is an encrypted pastebin for the command line that runs over Tor! >>> Repbin servers form a distributed network where nodes sync posts with >>> each other (like in Usenet or BBS/Fido systems). This makes Repbin >>> resilient and scalable. Repbin focuses on privacy (encrypted messages) >>> and anonymity (padding and repost chains). To limit spam and >>> denial-of-service attacks, Repbin uses the Hashcash proof-of-work >>> algorithm which is widely known from Bitcoin mining. >>> Learn more about Repbin here: >>> https://github.com/repbin/repbin/blob/master/README.md >> >> Has anybody ever considered the idea of doing otherwise-useful CPU work with >> the power currently expended by computing hashes in Bitcoin mining? > > My dream would be a distributed github replacement (a'la gitchain) where > proof-of-work is somehow related to compilation, running tests, or somesuch. > >> The most obvious application would be weather forecasting: It could use a >> huge amount of computation, on a continuously ongoing basis, and is valuable >> to every nation on earth. Whether it can be lasso'ed into a bitcoin-mining >> engine, I don't know. > > Probably not -- the "thing" mined has to be easily verifiable by other nodes. > How does one verify a weather forecast in such a setting? ;) > > -- > Pozdrawiam, > Michał "rysiek" Woźniak > > Zmieniam klucz GPG :: http://rys.io/pl/147 > GPG Key Transition :: http://rys.io/en/147 > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: signature.asc > Type: application/pgp-signature > Size: 931 bytes > Desc: This is a digitally signed message part. > URL: > > ------------------------------ > > Message: 9 > Date: Wed, 9 Sep 2015 18:08:09 -0700 > From: Rich Jones > To: "cypherpunks at cpunks.org" > Subject: Hostages for Sale on Telegram > Message-ID: > > Content-Type: text/plain; charset="utf-8" > > More for the ISIS-loves-"Secure"-Messaging-Apps folder: > > "Dabiq 11 released by terror group ISIS. At the end it notes 2 new foreign > hostages; 1 Chinese and other Norweigan." > > https://twitter.com/DrPartizan_/status/641671841380179968 > > Click through for pictures and Telegram number. > > R > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > > ------------------------------ > > Message: 10 > Date: Wed, 09 Sep 2015 22:25:29 -0300 > From: Ben Mezger > To: miserlou at gmail.com > Cc: "cypherpunks at cpunks.org" > Subject: Re: Hostages for Sale on Telegram > Message-ID: > Content-Type: text/plain; charset="utf-8" > > Hmm, > > "Excuse me @telegram but ISIS are using YOUR network/application to sell > hostage. Please find more info. on that number!!" > > Well, I would agree with that, but that would probably break Telegram's > policy of "privacy", no? > > Rich Jones writes: > >> More for the ISIS-loves-"Secure"-Messaging-Apps folder: >> >> "Dabiq 11 released by terror group ISIS. At the end it notes 2 new foreign >> hostages; 1 Chinese and other Norweigan." >> >> https://twitter.com/DrPartizan_/status/641671841380179968 >> >> Click through for pictures and Telegram number. >> >> R > > -- > Sent with my mu4e > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: signature.asc > Type: application/pgp-signature > Size: 800 bytes > Desc: not available > URL: > > ------------------------------ > > Message: 11 > Date: Thu, 10 Sep 2015 00:16:48 -0400 > From: grarpamp > To: cypherpunks at cpunks.org > Subject: John McAfee Runs For US President In 2016 Under Cyber Party > Message-ID: > > Content-Type: text/plain; charset=UTF-8 > > https://mcafee16.com/ > http://cyberparty.org/ > https://en.wikipedia.org/wiki/John_McAfee > http://www.whoismcafee.com/ > http://www.futuretensecentral.com/ > https://twitter.com/officialmcafee > https://twitter.com/JohnMcAfeeStory > http://johnmcafeestory.com/ > > > ------------------------------ > > Message: 12 > Date: Thu, 10 Sep 2015 01:18:50 -0400 > From: grarpamp > To: "cypherpunks at cpunks.org" > Subject: Re: Hostages for Sale on Telegram > Message-ID: > > Content-Type: text/plain; charset=UTF-8 > >> On Wed, Sep 9, 2015 at 9:08 PM, Rich Jones wrote: >> More for the ISIS-loves-"Secure"-Messaging-Apps folder: > > https://www.youtube.com/watch?v=FmBNVMk_AGs > https://en.wikipedia.org/wiki/Telegram_(software) > https://en.wikipedia.org/wiki/Surespot > https://en.wikipedia.org/wiki/Wickr > https://antipolygraph.org/blog/2015/06/07/developers-silence-raises-concern-about-surespot-encrypted-messenger/ > > https://twitter.com/cybercaliphate > https://twitter.com/search?q=cybercaliphate > https://twitter.com/search?q=cyphercaliphate > > https://pbs.twimg.com/media/COOxuq-WIAAG8pQ.jpg > https://www.google.com/search?tbm=isch&q=cyber+caliphate > > http://www.dailytech.com/Anonymous+vs+the+ISIS+Cyber+Caliphate++War+in+the+Middle+East+Goes+Digital/article37154.htm > http://www.nydailynews.com/news/national/isis-hacker-group-cyber-caliphate-hacks-article-1.2067634 > https://news.vice.com/article/the-islamic-states-top-hacker-was-killed-in-a-us-drone-strike > https://en.wikipedia.org/wiki/Junaid_Hussain > https://www.youtube.com/user/TeaMp0ison/videos > http://homeland.house.gov/sites/homeland.house.gov/files/documents/06-03-15-McCaul-Open.pdf > https://twitter.com/p_vanostaeyen/status/639165071072038913 > https://pbs.twimg.com/media/CN7FPdKXAAEucGl.jpg > https://twitter.com/lorenzoFB/status/638818414958477312 > https://www.washingtonpost.com/world/national-security/us-launches-secret-drone-campaign-to-hunt-islamic-state-leaders-in-syria/2015/09/01/723b3e04-5033-11e5-933e-7d06c647a395_story.html > > >> https://twitter.com/DrPartizan_/status/641671841380179968 >> Click through for pictures and Telegram number. > > https://pbs.twimg.com/media/COetId6WwAAmKzB.jpg > https://pbs.twimg.com/media/COetId6WIAAJGAg.jpg > +9647705648252 > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > cypherpunks mailing list > cypherpunks at cpunks.org > https://cpunks.org/mailman/listinfo/cypherpunks > > > ------------------------------ > > End of cypherpunks Digest, Vol 27, Issue 14 > ******************************************* From drwho at virtadpt.net Thu Sep 10 10:34:39 2015 From: drwho at virtadpt.net (The Doctor) Date: Thu, 10 Sep 2015 10:34:39 -0700 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <6619420.kEgClR5EXu@lapuntu> References: <6619420.kEgClR5EXu@lapuntu> Message-ID: <20150910103439.d6780318dfee8d059b796997@virtadpt.net> On Thu, 10 Sep 2015 00:52:47 +0200 rysiek wrote: > Why there's so many people defending Russian system just because USA-Russia > relations are not superfriendly is beyond me. People are so trained to think in binary terms that pretty much every possible shade of grey is all but invisble. Sad. -- The Doctor [412/724/301/703/415] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "Would a giant, profit-oriented cartel lie to you?" --David Letterman -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 801 bytes Desc: not available URL: From rysiek at hackerspace.pl Thu Sep 10 01:41:34 2015 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 10 Sep 2015 10:41:34 +0200 Subject: John McAfee Runs For US President In 2016 Under Cyber Party In-Reply-To: References: Message-ID: <3923616.0r0mpAI9Mp@lapuntu> Dnia czwartek, 10 września 2015 00:16:48 grarpamp pisze: > https://mcafee16.com/ > http://cyberparty.org/ > https://en.wikipedia.org/wiki/John_McAfee > http://www.whoismcafee.com/ > http://www.futuretensecentral.com/ > https://twitter.com/officialmcafee > https://twitter.com/JohnMcAfeeStory > http://johnmcafeestory.com/ As a friend remarked: "Oh, he'll probably be damn hard to uninstall" Also: https://www.youtube.com/watch?v=YpRvaQsGIY8 -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Thu Sep 10 01:45:27 2015 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 10 Sep 2015 10:45:27 +0200 Subject: Repbin release v0.0.2 In-Reply-To: References: <9F38E5C3-C960-4AB2-A486-314613DAD8AC@cathalgarvey.me> Message-ID: <1781186.Hs3iv2x76M@lapuntu> Dnia czwartek, 10 września 2015 03:23:04 grarpamp pisze: > On Thu, Sep 10, 2015 at 2:44 AM, Cathal (Phone) > > wrote: > > No blockchains, but you've seen gittorrent right? :) > > That's it. And actually, blockchains. The refs: > > http://blog.printf.net/articles/2015/05/29/announcing-gittorrent-a-decentral > ized-github/ https://github.com/cjb/GitTorrent > http://code.google.com/p/gittorrent/ > > [gcode is dying, mirror if interested] Yeah, the problem with this is how you actually have to pay to use it: "Making any Bitcoin transaction on the blockchain I believe currently costs around $0.08 USD, so you pay your 8 cents to the miners and the network in compensation for polluting the blockchain with your 80 bytes of data." -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Thu Sep 10 01:52:56 2015 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 10 Sep 2015 10:52:56 +0200 Subject: Hostages for Sale on Telegram In-Reply-To: References: Message-ID: <3112968.fmgXWZSvIG@lapuntu> Dnia środa, 9 września 2015 22:25:29 Ben Mezger pisze: > Hmm, > > "Excuse me @telegram but ISIS are using YOUR network/application to sell > hostage. Please find more info. on that number!!" "Excuse me, @HammerManufacturer, somebody is using YOUR hammer/tool to kill small furry animals." -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From Rayzer at riseup.net Thu Sep 10 10:58:34 2015 From: Rayzer at riseup.net (Razer) Date: Thu, 10 Sep 2015 10:58:34 -0700 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: References: Message-ID: <55F1C4CA.2050000@riseup.net> On 09/08/2015 09:25 PM, grarpamp wrote: > https://theintercept.com/2015/09/08/how-putin-controls-the-russian-internet/ > The key paragraph in Andrei Soldatov and Irina Borogan’s new book, The > Red Web, comes surprisingly late, after the authors have described the > long and ambitious construction of a wide-ranging, all-penetrating > Internet surveillance and censorship system in Russia. > ... > Just as the Soviet system discovered that it did not need to exert > total pressure in order to control its population, so the Kremlin has > now demonstrated that it does not need to block every byte in order to > exert utter dominance over information. > > Right. When the people believe in their government they exert PEER PRESSURE on their community members to conform, for better or for worse. That's one reason US society is coming apart at the seams. There is no faith in the US government by the majority of it's citizens anymore. > President Obama just like any other US politician is particularly keen > on criticizing human rights situations in other countries, while > glorifying the ideals of “American-style democracy.” ... > > ... But what do Americans themselves think about the value of this > “American-style democracy? http://journal-neo.org/2015/09/07/revolution-is-on-doorstep-is-the-us/ RR "If I had a dime for every time a right-winger told me to leave the country if I don't like it, I could leave the country." ~Timmy Smart -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: From zen at freedbms.net Thu Sep 10 04:10:44 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Thu, 10 Sep 2015 11:10:44 +0000 Subject: politicopunks@cpunks.org In-Reply-To: References: Message-ID: On 9/10/15, John Young wrote: > If its only about politics, why add to the monotonous brain-rot drivel. One man's brain-rot drivel is another man's "ahah!" moment. > Cypherpunks list covers politics and everything else, without That's what I thought ... except every now and then there are those who don't want to hear comparative Russia-USA political talk, or pro-Russia bias, or Australia-is-kinda-off-topic, or etc. It is not my will to bypass the consensus intention for cypherpunks@ list; far from it - thus in the face of the "please can we keep cypherpunks@ on-topic" whines, I figured we must be missing the list some of us would like. Whatever people want ... just needs to be clear, since "that's offtopic!!!!!" and "you know who you are" get a little tiring after a while... > chopping up into marked-up and branded packages: politics, > civil liberties, NSA, crypto, privacy, online diddly. each with its > own political agenda, lobbyists, PACs, Dear Leaders, bribery, > followers, deranged oligarchs. Sure. My intention with politicopunks@ was to actually be "everything that does not fit on cypherpunks@". Some fokls around here seem to think various political topics are offtopic for cypherpunks. I've only been here a year, so I don't really know and just want a forum where it's ok to post anything I personally find worth discussion. > Sure, cypherpunks suffers from > the same diseases as politics but, praise the holy founders, > suffers them all at once, not piecemeal, so develops anti-bodies > for all of them, to send the worms and germs to fight it out on > monodrone-weakened corpuses. :) > Finally, last two hours of a question soon over, cypherpunks > has gone through a long list of failures due to politics rising to > the surface as if that's all there is worth cut-throating about. > Offshoots have been set up to avoid politics as a topic, or > some other forbidden fruit iconizing a moderator's tits and ads. Forbidden fruit indeed - perfect terminology :) If cypherpunks be unforbidden - as long as a poster has the stomach to post - great :) > From those cpunk-siphoning Ashley Madisons have come weirdly > deformed creatures and mindsets, missing some capabilities, > overloaded with others -- evolving into the frankensteins of > secretkeeping, thematic dwarfs and thuggish giants, you might > say, like politicians and their sharks, press agents, campaign > and polling leeches determined and amply paid to make > politics the premier gobbler of subscribers' beliefs and fellow > soldiers of murderous religion. Thanks John, Zenaan From drwho at virtadpt.net Thu Sep 10 11:17:26 2015 From: drwho at virtadpt.net (The Doctor) Date: Thu, 10 Sep 2015 11:17:26 -0700 Subject: Repbin release v0.0.2 In-Reply-To: <9F38E5C3-C960-4AB2-A486-314613DAD8AC@cathalgarvey.me> References: <1726332927.1564988.1441835336954.JavaMail.yahoo@mail.yahoo.com> <6193628.0yFTp10ebS@lapuntu> <9F38E5C3-C960-4AB2-A486-314613DAD8AC@cathalgarvey.me> Message-ID: <20150910111726.61793c19395185c54a7201f9@virtadpt.net> On Thu, 10 Sep 2015 07:44:48 +0100 "Cathal (Phone)" wrote: > No blockchains, but you've seen gittorrent right? :) Fossil, also: https://www.fossil-scm.org/ -- The Doctor [412/724/301/703/415] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ Never fdisk after midnight. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 801 bytes Desc: not available URL: From zen at freedbms.net Thu Sep 10 04:23:56 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Thu, 10 Sep 2015 11:23:56 +0000 Subject: Fwd: Look out!!! - was Re: Australia must become a sovereign republic In-Reply-To: References: Message-ID: tl;dr: - CEC - "change is good" peddlers in Australia. - CEC says "Our government is doing bad stuff, we have problems, therefore we must change our constitution by removing our titular queen/'crown' to fix the problem of the scumbags in power," which is of course bollocks. - How can any constitution protect against apathetic acquiescing citizens. - Is it possible that any "new" constitution (or constitutional change) "put to us" might be formulated by opportunistic scumbags currently in power, in order to grab more power to themselves? :) Z ---------- Forwarded message ---------- From: Zenaan Harkness Date: Thu, 10 Sep 2015 08:52:28 +0000 Subject: Look out!!! - was Re: Australia must become a sovereign republic The CEC perpetrates serious misunderstandings in this email, and DANGEROUS proposed actions! The CEC's otherwise un-challenged assumptions must be rebutted, and hopefully understood. Read on if you have time... On 9/10/15, CEC Media Release wrote: > Visit this link > http://cecaust.com.au/releases/2015_09_10_Aus_Sovereign_Republic.html to > recommend this to your friends > > Citizens Electoral Council of Australia > Media Release Thursday, 10 September 2015 > Craig Isherwood‚ National Secretary > PO Box 376‚ COBURG‚ VIC 3058 > Phone: 1800 636 432 > Email: cec at cecaust.com.au > Website: http://www.cecaust.com.au > > > Australia must become a sovereign republic The only way to do that would be to have a referendum changing the foundations of our federal constitution - this is a VERY DANGEROUS thing to do! Gerrit Schorel-Hlavka, Andrew Moyle, Malcolm McClure, Mark McMurtrie and many others have shown that our CURRENT CONSTITUTION is plenty enough for those individuals who know which bits are important and are willing to stand in court (from personal experience, that's a bloody hard thing to do). We have powerful foundations in our federal constitution of Australia, and any referendum at this point will almost certainly TAKE POWER AWAY from the people, power THAT WE ALREADY HAVE if we would only use it. The problem is that the people of Australia DO NOT KNOW the power they hold thanks to our current constitution, and "change at any cost" will result in a WORSE SITUATION for all of us (except temporarily for those who currently hold political power, i.e. politicians, and they should know better since in time new politicians will replace them). > Queen Elizabeth is not a powerless, benign figurehead. She is now the > longest-reigning head of Britain’s oligarchical power > structure which sits above the institutions of democracy. She sits sort of above (in some very good ways mind you, at least with respect to her duty to uphold Christian and other common law foundations), but also in some ways she sits NEXT to our institutions of power. And re Australia, she is more titular (sovereign in title) than in the UK. > Her role ensures > that democratic power can never touch the network > of wealthy families, private banks, corporate boardrooms, elite schools, > permanent civil servants and secretive security > agencies, reinforced by the system of royal honours, where real power > resides in Britain, Australia, and every other state > where the Queen is Monarch. Absolute BOLLOCKS! The tendency for those who don't know any better (such as myself 20 years ago at the first "make us a republic" referendum) is to: 1) Throw out the baby with the bathwater, so to speak. 2) Assume that a referendum will improve things - any change will be better (yeah right!). 3) Assume that good people, who know how to improve things, are the ones who write the proposed options or "referendum questions" at any referendum. These assumptions are FALSE, and BLOODY DANGEROUS - since it is those who currently have some political power, who want MORE power, and want to get that additional power by TAKING it from we the people! Is it you who writes the proposed new foundations to be put to referendum? Is it me? NO - it is not us, therefore why the hell should we think that what is presented is going to be in our interest at all? If the government REALLY wanted to improve things for us - that's almost trivial to do - slash politician wages and pensions, eliminate revenue raising by Police, stop making victimless crimes punishable with jail, and plenty other common sense things, like don't bomb the crap out of countries at the other side of the world of people who think differently to us! It's not that firetruckin difficult! > The only way to bring this power-structure under democratic control is to > replace the Queen with a democratic head of state, Bollocks! The Queen is essentially titular anyway! And: A) She (the "Crown") granted us our respectful and united request for nationhood, with her blessing! B) The naming of our titular sovereign in our federal constitution's Preamble "under the Crown" is an AWESOME thing - this invokes the PROTECTIONS of the crown - Bill of Rights 1688, The Great Charter, ie. the Magna Carta 1215 and 1297. USE THESE AND REJOICE! C) Besides our foundational BILL OF RIGHTS and the great MAGNA CARTA, many other IMPERIAL ACTS are at our disposal - some of these are awesome! Right to Trial by Jury? check! Right to be brought before the Supreme Court and not be held indefinitely "on remand"? Writ of Mandamus, check!! D) Besides these and more wonderful things, the Crown is bound, and similarly we have bound ourselves, in our federal constitution, to the Blessing of Almighty God! This Blessing is better than the rest of the protections of the Crown combined - to learn why this is true is an excellent journey in understanding, and highly recommended! "So why are things so bad?" I hear you ask ... well, there are a bunch of power-hungry, greedy, selfish, self-centered humans who lust for positions in parliament, and so 'we' leave it to them since most of us want to get on with a life, family, creativity, wealth and stability. "Leaving it to them" is a major problem with we Aussies! Also most "of us Aussies" do not know the awesome foundations in our federal constitution - The Commonwealth of Australia Constitution Act 1900/1901/whatever - tear it down AT YOUR PERIL, fellow Australians!!! > accountable to the people. The Crown has a duty of care to the people, and that duty of care HAS BEEN MET in the VERY FOUNDATIONS of our federal constitution! Learn these foundations and enjoy the fruits! We ought be thankful to the Crown, for providing to every one of us Australians such an awesome foundation! It was hard won for sure - some tough negotiating back and forth between our Aussie delegates (our founding fathers), and the Crown, and the British Parliament - but we got there, we got our nation and we kept the protections of the Crown, and we got the protections of the Blessing of Almighty God. Just because we might have a bunch of crooks who've taken power in our parliament today, does not mean we have a fundamentally broken system! We have a fundamentally good system, with some bad (selfish and compromised) people! As Malcolm has said many times - better to have bad people in a good system, than good people in a bad system - the bad system will deteriorate MUCH QUICKER! Our current constitutional monarchy system has withstood over 100 years of internal attacks and opportunists. > It is past time Australia did this, and finally > became an independent sovereign nation. Warning, this is what those in power want. Every few years they try again to turn us into a republic! So what should we want? The Crown HAS satisfied its duty of care to the people - this might sound strange, but in fact it is true. What is also true is that our state (i.e. our state and federal parliaments) have a duty of care to us as well - and on this front there are many failures. Finally and MOST IMPORTANTLY, it is also true that WE, the people, have a duty of care to our state (i.e. our state and federal, and also local for that matter, parliaments) - we the people have THOROUGHLY FAILED in our duty of care to our own state/ our system of government, our constitutional monarchy and the protection of our federal constitution! Absorb that, and know why we have problems. No matter what "system" we have, if we, the people, fail to satisfy our duty of care to our own bloody state, then we deserve the problems we get and no constitution in the world will ever do it for us! Sure, blame the government, blame the Crown and blame our constitution - but in the case of us here in Australia, blaming anything outside of ourselves won't help a bit, and a new constitution will not only NOT solve the problem, it almost certainly will create a WORSE PROBLEM, and the protections of the Crown, and the Blessing of Almighty God, are protections we should NEVER GIVE UP. NOTE CAREFULLY - even the SMALLEST CHANGE to the Preamble of our federal constitution, will allow the LAWYERS and POLITICIANS and JUDGES to reinterpret all the rest of our constitution, name us a republic and/ or a secular state and remove the protections of the BLESSING OF ALMIGHTY GOD. Let me repeat, whether you are religious or not, never give up the protections of the Blessing of Almighty God, as invoked by our founding fathers in our federal constitution. Give up these protections at your peril. > Here are the facts about the Queen’s power. In “The Real British Empire”, > published in the CEC’s October-November 2011 New > Citizen newspaper, the CEC reported a partial list of the Queen’s actual > powers, sourced from Burke’s Peerage and Baronetage. > Among her so-called Royal Prerogative powers, the Queen: > * alone declares war at her pleasure; And corrupt Australian politicians play lap dog to USA and Britain (/the Queen/ whatever)! > * is commander-in-chief, and may choose and appoint all commanders and > officers by land, sea, and air; Just as the president of the USA is commander-in-chief of the combined military forces of the USA. Just as there is some possibly analogous situation in Australia which no-one knows for sure but if we read our constitution we'd probably find out about. > * may convoke, adjourn, remove, and dissolve Parliament; British parliament. And perhaps via the governor general, the parliament of Australia. I don't know the details here. But do note, when (if) we the people finally learn to express our will of the people, for example oh that's right, establishing our nationhood as states federating in a commonwealth under the Crown and by the Blessing of Almighty God, then the Queen/Crown has been known to assent to said will of the people. But bloody hell mate, we have to speak up. And we need to speak in relative unity. If we can't unite in any demand of our politicians, for example to slash politician wages, how the hell do we think we'll ever get a better deal at a referendum scripted and orchestrated by those same politicians? Dream on... > * may dismiss the prime minister and choose his or her replacement; That sounds specific to UK, but whatever. > * alone may conclude treaties. Certainly here in Australia we sign to treaties by our own parliament's sovereign right and authority. > In practice, the British Prime Minister exercises these powers in the UK; > in Australia they are exercised by the Governor-General > under the advice of the Prime Minister. Nevertheless, they are her powers, > and the British PM consults with her closely, in > weekly face-to-face meetings and daily communications conveyed in her red > boxes; Australia’s PM consults almost as closely with > the Governor-General. > > Unlike the US president, for comparison, her powers are not defined, and > therefore limited, by a written constitution—the British > “constitution” is an unwritten system of feudalistic conventions and > precedents. Australia does have a written constitution, but > the Queen’s powers are largely undefined and untouched, which is > acknowledged in the “reserve powers” clause in the list of powers > of her Governor-General. (One power of the Queen that is defined in the > Australian constitution is her power to overrule any law > passed by the Australian parliament within 12 months of its passage.) > Australian constitutional law expert Ann Twomey called this > disguised but very real power of the Queen in Australia’s system the > chameleon Crown, which “takes great care to protect itself > by blending into its background so carefully that its presence is barely > perceptible”. (The Chameleon Crown: The Queen and Her > Australian Governors, by Ann Twomey). The Chameleon Crown - ok, haven't heard that one before. That can also be described as "historically significantly neutered Crown". A rose is a rose... > Take probably the most awesome of her powers, the power to declare war. > This is not a power of the US president, who is ostensibly > the most powerful person in the world. The British PM can declare war > without consulting parliament, as Tony Blair did on Iraq in > 2003, because the PM uses the Queen’s power to do so. The Australian > PM can similarly declare war without the democratic > accountability of consulting parliament, under our British-crafted system. > > The current UK Labour Party leadership campaign has produced a revealing > insight into just how undemocratic the British Crown system > is. London’s 31 August 2015 Telegraph newspaper launched an hysterical > attack on front-runner Jeremy Corbyn for suggesting that the > elected parliament should have a veto over the Crown’s Royal Prerogative > powers. Corbyn reportedly said, “The Royal Prerogative > should be subject to Parliamentary vote and veto if necessary. The Queen > hands her powers to the Prime Minister and he can then > exercise them. It’s a very convenient way of bypassing Parliament. Also, > orders in council are a very convenient way of bypassing > Parliament.” > > Whereas most Britons, and Australians, would assume that parliament > already does have the final say, the hysterical reaction to > Corbyn’s modest proposal proved emphatically otherwise, and indeed, just > how much the Queen’s position is dependent on not being > accountable to the elected parliament. The Telegraph quoted historian (and > Tony Blair’s biographer) Sir Anthony Seldon telling > LBC radio: > “It’s hard to know what would be left of the monarchy. The fact that Jeremy > > Corbyn is saying that, would be seen as an assault on > the monarchy. It would be crossing the Rubicon. He would be the first > Labour leader who started talking about a reduction in the > role of the monarchy. It would be very serious.” > > What is more serious is that an unelected hereditary monarch has that > much power over elected institutions. That power is enshrined Historically, "benevolent dictatorships" are also one of the most stable forms of societal structure - yes it requires ongoing benevolence of the monarch/dictator though, of course, yet exactly the same thing must be said of our "democratic" parliament - our Australian federal parliament is pretty non-benevolent these days, with incredibly feathered nests, declarations of war around the world, pervasive spying on its own population, and an endless litany of enforced victimless crimes... > in the system of hereditary monarchy, which the Crown will kill, > and has killed, to protect. Princess Diana was the last great > threat to the House of Windsor’s control of the British Crown, her > openness leading to scandalous insights into how the Monarchy > really functioned. Australian-based investigator John Morgan concluded, > from his forensic investigation of her death, that the Queen, > whose first duty is to the continuation of the Monarchy, ordered her > assassination and the subsequent cover-up. > (Visit this link > http://cecaust.com.au/releases/2015_02_19_Royal_Scandal.html) > > In a true republic, sovereignty comes from the people. Abraham Lincoln > expressed this principle most profoundly at the end of his > 1863 Gettysburg Address, when he called on his fellow citizens to ensure > “that government of the people, by the people, for the > people, shall not perish from the earth”. Oh right, America/ USA is a wonderful example of democracy today! > It is time that Australians see through the carefully stage-managed PR > campaign around the Queen, and resolve to become, finally, > an independent sovereign nation. The CEC has been committed to that cause > since its inception—join us. > Authorised: Robert Barwick‚ 595 Sydney Rd‚ Coburg‚ Vic 3058 No. Firetrucking. Way. I didn't realise the CEC had sold out common sense. Watch out people - the road to hell is paved with good intentions, like diluting our local tribe with an endless parade of sympathy-snatching refugees from illegal wars perpetrated by our own government no less. I hope we Aussies can wake up. I really really hope so. Good luck Australia, Zenaan From zen at freedbms.net Thu Sep 10 04:29:30 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Thu, 10 Sep 2015 11:29:30 +0000 Subject: Fwd: Do ethnic Germans have the right to racial and cultural strength? - was Re: At a Berlin church, Muslim refugees converting in droves. In-Reply-To: References: Message-ID: ---------- Forwarded message ---------- From: Zenaan Harkness Date: Tue, 8 Sep 2015 07:09:24 +0000 Subject: Do ethnic Germans have the right to racial and cultural strength? - was Re: At a Berlin church, Muslim refugees converting in droves. Hi Jim, a good question indeed. At Germany's 6% Islamic population set to grow to 12% in the next few years, there is going to be quite the shift there in the next couple of years. Some questions which Germans might ask themselves: 1) Do ethnic Germans, who are citizens of Germany have: - the right to racial strength, and or - the right to cultural strength, and or - the right to political strength, and or - the right to religious strength, in their own country (Germany)? 2) Is it racist for ethnic Germans of Germany to want to maintain their political majority in Germany? 3) We note that Islamic Muslims strongly practice and proclaim their rights to racial strength, cultural strength, religious strength, and political strength, and more than this, the right to change/ convert any and all non-Muslim jurisidictions (countries or part thereof) to Sharia Law and Muslim religion. So: - Are German citizens so naive to think that Muslims will change, just because they crossed a "border"? Regards, Zenaan On 9/7/15, Jim wrote: > FW: REFUGEE INVASION OF EUROPE.I wonder if Germany is committing cultural > and social suicide by allowing almost unrestrained admission of Islamic > migrant refugees. Many European countries are not as welcoming as Germany > towards the massive influx of refugees, and with good reason given the > problems caused by Muslims refusing to assimilate into their host country. > > Jim > > > > ------ Forwarded Message ------ > From: Frank & Halina > Date: Mon, 7 Sep 2015 18:07:27 +1000 > Subject: REFUGEE INVASION OF EUROPE. > > > At a Berlin church, Muslim refugees converting in droves > > Hundreds embrace Christianity in possible effort to boost chances of winning > asylum, although most claim to be true believers > > THE TIMES OF ISRAEL > By Kirsten Grieshaber > September 5, 2015 > > > > Iranian asylum-seeker Aref Movasaq Rodsari stands in the Trinity Church in > Berlin, Germany, Aug. 13, 2015. (AP/Gero Breloer) > Related Topics > a.. Germany > b.. migrant crisis > c.. Syria > BERLIN (AP) - Mohammed Ali Zonoobi bends his head as the priest pours holy > water over his black hair. "Will you break away from Satan and his evil > deeds?" pastor Gottfried Martens asks the Iranian refugee. "Will you break > away from Islam?" > "Yes," Zonoobi fervently replies. Spreading his hands in blessing, Martens > then baptizes the man "in the name of the Father, the Son and the Holy > Ghost." > > Mohammed is now Martin - no longer Muslim, but Christian. > > Zonoobi, a carpenter from the Iranian city of Shiraz, arrived in Germany > with his wife and two children five months ago. He is one of hundreds of > mostly Iranian and Afghan asylum seekers who have converted to Christianity > at the evangelical Trinity Church in a leafy Berlin neighborhood. > > Like Zonoobi, most say true belief prompted their embrace of Christianity. > But there's no overlooking the fact that the decision will also greatly > boost their chances of winning asylum by allowing them to claim they would > face persecution if sent home. > > Martens recognizes that some convert in order to improve their chances of > staying in Germany - but for the pastor motivation is unimportant. Many, he > said, are so taken by the Christian message that it changes their lives. And > he estimates that only about 10 percent of converts do not return to church > after christening. > > "I know there are - again and again - people coming here because they have > some kind of hope regarding their asylum," Martens said. "I am inviting them > to join us because I know that whoever comes here will not be left > unchanged." > > Being Christian alone does not help an applicant, and Chancellor Angela > Merkel went out of her way this week to reiterate that Islam "belongs in > Germany." But in Afghanistan and Iran, for example, conversion to > Christianity by a Muslim could be punished by death or imprisonment, and it > is therefore unlikely that Germany would deport converted Iranian and Afghan > refugees back home. > > None will openly admit to converting in order to help their asylum chances. > To do so could result in rejection of their asylum bid and deportation as > Christian converts. Several candidates for baptism at Martens' church would > not give their names out of fear of repercussions for their families back > home. > > Most said their decision was based on belief, but one young Iranian woman > said she was convinced most people had joined the church only to improve > their chances for asylum. > > Congregation member Vesam Heydari initially applied for asylum in Norway and > converted there in 2009. But his case was rejected because the Norwegian > authorities did not believe he would be persecuted as a Christian in Iran, > so he moved to Germany to seek refugee status here - and is awaiting a > decision. He criticized many of the other Iranian church members, saying > they were making it much harder for "real, persecuted Christians" like > himself to get approved for asylum. > > "The majority of Iranians here are not converting out of belief," Heydari > said. "They only want to stay in Germany." > > Meanwhile, as other churches across Germany struggle with dwindling numbers > of believers, Martens has seen his congregation swell from 150 just two > years to more than 600 parishioners now - with a seemingly unending flow of > new refugees finding the way to his congregation. Some come from cities as > far away as Rostock on the Baltic Sea, having found out by word-of-mouth > that Martens not only baptizes Muslims after a three-month "crash course" in > Christianity, but also helps them with asylum pleas. > > Other Christian communities across Germany, among them Lutheran churches in > Hannover and the Rhineland, have also reported growing numbers of Iranians > converting to Christendom. There are no exact numbers on how many Muslims > have converted in Germany in recent years - and they are a tiny minority > compared to the country's overall 4 million Muslims. But at least for > Berlin, Martens describes the number of conversions as nothing short of a > "miracle." And he says he has at least another 80 people - mostly refugees > from Iran and a few Afghans - waiting to be baptized. > > Germany is witnessing an unprecedented surge of asylum-seekers this year, > with the number of migrants expected to reach 800,000 this year, a fourfold > increase on last year. > > > Pastor Gottfried Martens prays with people from Iran during a baptism > service in the Trinity Church in Berlin, Aug. 30, 2015. (AP/Markus > Schreiber) > > Many of the new arrivals come from Muslim countries such as Syria, Iraq, > Afghanistan or Pakistan. While refugees from civil-war-torn Syria will > almost definitely be receiving asylum status, the situation is more > complicated for asylum seekers from Iran or Afghanistan, which are seen as > more stable. In recent years, roughly 40-50 percent from those two countries > have been allowed to stay in the country, with many of those getting only > temporary permission to remain. > > Germany's Federal Office for Migration and Refugees said it does not comment > on the reasons individual applicants give when they apply for asylum, or on > how many people receive refugee status in Germany based on religious > persecution. > > Zonoobi, who dressed all in white for his baptism on Sunday, said he had > attended secret religious services in Iran ever since friends introduced him > to the Bible at age 18. He decided to flee to Germany after several > Christian friends were arrested for practicing their religion. > > For Zonoobi and his wife Afsaneh - who since her baptism goes by the name of > Katarina - the christening marks a new beginning. > > "Now we are free and can be ourselves," she said. "Most important, I am so > happy that our children will have a good future here and can get a good > education in Germany." > > http://www.timesofisrael.com/at-a-berlin-church-muslim-refugees-converting-in-droves/ > From afalex169 at gmail.com Thu Sep 10 02:11:48 2015 From: afalex169 at gmail.com (=?UTF-8?B?INCQ0LvQtdC60YHQsNC90LTRgCA=?=) Date: Thu, 10 Sep 2015 12:11:48 +0300 Subject: politicopunks@cpunks.org In-Reply-To: References: Message-ID: Absolutely yes. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 267 bytes Desc: not available URL: From grarpamp at gmail.com Thu Sep 10 09:12:45 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 10 Sep 2015 12:12:45 -0400 Subject: politicopunks@cpunks.org In-Reply-To: <20150910150514.GD2695@sivokote.iziade.m$> References: <20150910150514.GD2695@sivokote.iziade.m$> Message-ID: On Thu, Sep 10, 2015 at 11:05 AM, Georgi Guninski wrote: > Your proposed list might get full of sheeple IMHO if it > hits search engines... Any "punk" list should result in some fraction of posts per month having the potential to get someone fired from work, divorced from their spouse, tracked by govt agents, infected with the worst malware, etc just for subscribing / reading messages. And trolled doxed and cracked by the same and other participants just for posting. Sheeple are boring and ignorant, the mere knowledge of the existance of any such list should cause immense pressure to build in their cranium, and should they survive that, well... welcome to the rabbit hole. Otherwise there ain't much punk in it. From shelley at misanthropia.org Thu Sep 10 13:02:33 2015 From: shelley at misanthropia.org (Shelley) Date: Thu, 10 Sep 2015 13:02:33 -0700 Subject: Library installs Tor exit node; pulls plug after pressure from DHS In-Reply-To: <14fb8d70f10.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> Message-ID: <20150910200217.2E95068006C@frontend2.nyi.internal> Via Propublica: http://www.propublica.org/article/library-support-anonymous-internet-browsing-effort-stops-after-dhs-email More background: http://arstechnica.com/tech-policy/2015/07/crypto-activists-announce-vision-for-tor-exit-relay-in-every-library/ The project itself: https://libraryfreedomproject.org/torexitpilotphase1/ The library board meets on the 15th of this month and will decide whether to turn it back on. -S From wirelesswarrior at safe-mail.net Thu Sep 10 10:11:47 2015 From: wirelesswarrior at safe-mail.net (wirelesswarrior at safe-mail.net) Date: Thu, 10 Sep 2015 13:11:47 -0400 Subject: John McAfee Runs For US President In 2016 Under Cyber Party Message-ID: John's a joke and has few if any practical answers to the social and economic ills that plague the U.S. OTOH, Mike "Mish" Shedlock has thought deeply and written extensively. If I were a voter I'd surely seriously consider a write-in for him. http://globaleconomicanalysis.blogspot.com/2015/08/mish-for-president-officially-throwing.html WW -------- Original Message -------- From: grarpamp Apparently from: cypherpunks-bounces at cpunks.org To: cypherpunks at cpunks.org Subject: John McAfee Runs For US President In 2016 Under Cyber Party Date: Thu, 10 Sep 2015 00:16:48 -0400 > https://mcafee16.com/ > http://cyberparty.org/ > https://en.wikipedia.org/wiki/John_McAfee > http://www.whoismcafee.com/ > http://www.futuretensecentral.com/ > https://twitter.com/officialmcafee > https://twitter.com/JohnMcAfeeStory > http://johnmcafeestory.com/ From wirelesswarrior at safe-mail.net Thu Sep 10 10:18:23 2015 From: wirelesswarrior at safe-mail.net (wirelesswarrior at safe-mail.net) Date: Thu, 10 Sep 2015 13:18:23 -0400 Subject: Repbin release v0.0.2 Message-ID: Another darknet "pastbin" alternative: DNCA - DarkNet Coder Assembly http://shn3x3whdm5tuut4.onion/ Its hosted by anarplex a long-time operator of community and dark nets. Ryan Pear wrote: > We're happy to announce the release v0.0.2 of Repbin: > The replicated, encrypted, distributed and anonymized pastebin. > > Changes include: Better terminal usability, sqlite/mysql backend, > binaries! > > Check here for release source code and client binaries: > https://github.com/repbin/repbin/releases/tag/v0.0.2 > > About Repbin: > Repbin is an encrypted pastebin for the command line that runs over Tor! From jya at pipeline.com Thu Sep 10 10:47:01 2015 From: jya at pipeline.com (John Young) Date: Thu, 10 Sep 2015 13:47:01 -0400 Subject: politicopunks@cpunks.org In-Reply-To: References: <20150910150514.GD2695@sivokote.iziade.m$> Message-ID: A list about assassination politics means and methods advancing and implementing the original could lead to a round-up of those with too few degrees of separation since 1992. From guninski at guninski.com Thu Sep 10 04:39:08 2015 From: guninski at guninski.com (Georgi Guninski) Date: Thu, 10 Sep 2015 14:39:08 +0300 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: References: <20150903112721.GA2732@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF0463@uxcn10-5.UoA.auckland.ac.nz> <20150904082605.GA2705@sivokote.iziade.m$> <20150904113437.GB2705@sivokote.iziade.m$> <20150904120816.GC2705@sivokote.iziade.m$> <20150905052803.GA2661@sivokote.iziade.m$> Message-ID: <20150910113908.GB2695@sivokote.iziade.m$> FYI: This is on libressl-dev: http://article.gmane.org/gmane.comp.encryption.libressl/74 http://news.gmane.org/gmane.comp.encryption.libressl (so far they didn't piss me off). Also on [openssl-users]: https://mta.openssl.org/pipermail/openssl-users/2015-September/002033.html They consider all of these "features", so I am not trolling them anymore. From guninski at guninski.com Thu Sep 10 04:41:26 2015 From: guninski at guninski.com (Georgi Guninski) Date: Thu, 10 Sep 2015 14:41:26 +0300 Subject: John McAfee Runs For US President In 2016 Under Cyber Party In-Reply-To: References: <3923616.0r0mpAI9Mp@lapuntu> Message-ID: <20150910114126.GC2695@sivokote.iziade.m$> On Thu, Sep 10, 2015 at 09:05:02AM +0000, Zenaan Harkness wrote: > Would love to see some possibility of A Better Obama... Definitely the cpunk juan :) juan for president!!!!!! he might give the scumbags hard time, not sure. ;) From juan.g71 at gmail.com Thu Sep 10 13:01:21 2015 From: juan.g71 at gmail.com (Juan) Date: Thu, 10 Sep 2015 17:01:21 -0300 Subject: John McAfee Runs For US President In 2016 Under Cyber Party In-Reply-To: <20150910114126.GC2695@sivokote.iziade.m$> References: <3923616.0r0mpAI9Mp@lapuntu> <20150910114126.GC2695@sivokote.iziade.m$> Message-ID: <55f1e097.d4668c0a.7be27.29b4@mx.google.com> On Thu, 10 Sep 2015 14:41:26 +0300 Georgi Guninski wrote: > On Thu, Sep 10, 2015 at 09:05:02AM +0000, Zenaan Harkness wrote: > > Would love to see some possibility of A Better Obama... > > Definitely the cpunk juan :) > > juan for president!!!!!! Thank you Georgi. We need an anarchist president who would fight for our anarchist constitution. Those are the pilars of our anarchist state. Otherwise chaos would ensue. > > he might give the scumbags hard time, not sure. Hm. That's a nice ring - it might fit me. But I think I'll pass =P > > ;) From juan.g71 at gmail.com Thu Sep 10 13:23:22 2015 From: juan.g71 at gmail.com (Juan) Date: Thu, 10 Sep 2015 17:23:22 -0300 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <1496599.pQDEvE90ES@lapuntu> References: <6619420.kEgClR5EXu@lapuntu> <55f0b996.6a15370a.19c54.ffff9df5@mx.google.com> <1496599.pQDEvE90ES@lapuntu> Message-ID: <55f1e5cb.cb158c0a.1caa6.311d@mx.google.com> On Thu, 10 Sep 2015 21:26:58 +0200 rysiek wrote: > One could argue that using the term "fingerpointing" to refer to > potential criticism of Putin's regime, and calling people who do just > that "those working the Broadcasting Board of Governors propaganda > beat" might be taken as more or less just that, or at least of > turning the attention away from what's going on in Russia, but I also > might just had a knee-jerk moment. :) > Well, I can see how putin and friends aren't exactly ideal neighbors... From guninski at guninski.com Thu Sep 10 08:05:14 2015 From: guninski at guninski.com (Georgi Guninski) Date: Thu, 10 Sep 2015 18:05:14 +0300 Subject: politicopunks@cpunks.org In-Reply-To: References: Message-ID: <20150910150514.GD2695@sivokote.iziade.m$> On Thu, Sep 10, 2015 at 09:06:51AM +0000, Zenaan Harkness wrote: > Anyone else interested in a politicopunks@ email list? > Zenaan If you ask me, the current list is going well and nobody got banned for trolling about politics. I don't read all threads on purpose, there is too much info. IIRC there is a principle like "if it isn't broken, don't fix it". btw, I am surprised how the LEAs didn't manage to DOS this list with spam. Your proposed list might get full of sheeple IMHO if it hits search engines... -- Cheers From mirimir at riseup.net Thu Sep 10 19:14:08 2015 From: mirimir at riseup.net (Mirimir) Date: Thu, 10 Sep 2015 20:14:08 -0600 Subject: John McAfee Runs For US President In 2016 Under Cyber Party In-Reply-To: References: <3923616.0r0mpAI9Mp@lapuntu> <20150910114126.GC2695@sivokote.iziade.m$> <55f1e097.d4668c0a.7be27.29b4@mx.google.com> Message-ID: <55F238F0.9050302@riseup.net> On 09/10/2015 06:11 PM, Zenaan Harkness wrote: > On 9/10/15, Juan wrote: >> On Thu, 10 Sep 2015 14:41:26 +0300 >> Georgi Guninski wrote: >> >>> On Thu, Sep 10, 2015 at 09:05:02AM +0000, Zenaan Harkness wrote: >>>> Would love to see some possibility of A Better Obama... >>> >>> Definitely the cpunk juan :) >>> >>> juan for president!!!!!! >> >> >> Thank you Georgi. We need an anarchist president who would fight for >> our anarchist constitution. Those are the pilars of our anarchist >> state. Otherwise chaos would ensue. >> >> >>> he might give the scumbags hard time, not sure. >> >> Hm. That's a nice ring - it might fit me. But I think I'll pass =P Here's a funny story. In late 2006, I think, I came across Hillary Clinton's campaign website. They wanted recommendations for a campaign theme song. Feeling fey, I suggested "If I Was [sic] President" by Wyclef Jean. That was before President Obama had become a leading candidate. What a joke. I'm not claiming that Wyclef Jean is an anarchist. But it's at least arguable that he's a decent man. So it goes. > The test perhaps ought be, can you (/we) elucidate anarchist beliefs, > benefits, cautions, etc, to enough people such that someone who's not > you chooses to run for president on an anarchist platform? > > Such changes can surely only occur with the leverage of "getting it > out there, and "it" being appealing to enough of the general > population". > > Juan, are there aspects of political anarchism (I think we need a term > other than "anarchy" if we want Joe Sixpack to not glaze over) which > you have personal doubts about, or you're not sure about how best to > handle, or even unsure about how to educate others about? Perhaps > another thread though... but I am seriously interested in a more > nuanced discussion than "those USG cunts" ;) > From mirimir at riseup.net Thu Sep 10 19:42:30 2015 From: mirimir at riseup.net (Mirimir) Date: Thu, 10 Sep 2015 20:42:30 -0600 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <55f236df.335f8c0a.74437.6104@mx.google.com> References: <6619420.kEgClR5EXu@lapuntu> <20150910103439.d6780318dfee8d059b796997@virtadpt.net> <55f236df.335f8c0a.74437.6104@mx.google.com> Message-ID: <55F23F96.6010401@riseup.net> On 09/10/2015 08:09 PM, Juan wrote: > On Thu, 10 Sep 2015 23:57:19 +0000 > Zenaan Harkness wrote: > > >> and I say this is a damn good thing and we are fortunate that "Russia" >> has produced someone like this - perhaps not so fortunate for some >> Russians inside Russia, but extraordinarily important, and good, for >> the world as a whole. USA hegemon had to be ended, and it's almost >> done but the shoutin'. > > As far as the US empire being finished, I don't see the process > as 'almost done'. Rather, it looks as if the US empire keeps > expanding and now 'almost' controls the whole fucking > world, either directly or by proxy. Russia has two huge problems. One is alcoholism. Not as bad as Finland, for sure, but worse than the UK. The other is the Jewish exodus to Israel etc. Back in the day, it was sober (relatively speaking) Jews who mostly did the technical stuff. Hell, Lenin was a Jew, along with much of the early Party. And by the way, he was funded by Kaiser Wilhelm's government, to create chaos and keep Russia out of WWI ;) > As to putin and co. they aren't any better than the nato mafia. > As a temporary measure I do agree it's good that the american > nazis get 'counterbalanced'. But it's not really a long term > solution. Actually, they're all Nazis. Maybe not literally, but they're all national socialists. The US is a national socialist state that pretends to be a representative democracy. The CCCP was a national socialist state that pretended to be communist. Now it pretends to be a representative democracy. Nazi Germany at least let its national socialism hang free. Also, many Nazi intelligence officers, scientists and propaganda experts ended up in Russia and the US. So bottom line, it's arguable that they all cooperate far more than most folks think. From grarpamp at gmail.com Thu Sep 10 18:21:32 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 10 Sep 2015 21:21:32 -0400 Subject: Library installs Tor exit node; pulls plug after pressure from DHS In-Reply-To: <20150910200217.2E95068006C@frontend2.nyi.internal> References: <14fb8d70f10.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> <20150910200217.2E95068006C@frontend2.nyi.internal> Message-ID: On Thu, Sep 10, 2015 at 4:02 PM, Shelley wrote: > Via Propublica: > http://www.propublica.org/article/library-support-anonymous-internet-browsing-effort-stops-after-dhs-email > > More background: > http://arstechnica.com/tech-policy/2015/07/crypto-activists-announce-vision-for-tor-exit-relay-in-every-library/ > > The project itself: > https://libraryfreedomproject.org/torexitpilotphase1/ > > The library board meets on the 15th of this month and will decide whether to > turn it back on. A lot of support should be lent right now to the city managers, library board, and the community. You don't want the first one to be publicly quashed by a bunch of shameful LEA fearmongering. Show up the board meeting, you can bet they will. From rysiek at hackerspace.pl Thu Sep 10 12:23:03 2015 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 10 Sep 2015 21:23:03 +0200 Subject: Repbin release v0.0.2 In-Reply-To: <20150910111726.61793c19395185c54a7201f9@virtadpt.net> References: <9F38E5C3-C960-4AB2-A486-314613DAD8AC@cathalgarvey.me> <20150910111726.61793c19395185c54a7201f9@virtadpt.net> Message-ID: <1757499.BYWXdb4BeS@lapuntu> Dnia czwartek, 10 września 2015 11:17:26 The Doctor pisze: > On Thu, 10 Sep 2015 07:44:48 +0100 > > "Cathal (Phone)" wrote: > > No blockchains, but you've seen gittorrent right? :) > > Fossil, also: > > https://www.fossil-scm.org/ Yeah, I've known about it for some time. Thing is, it doesn't solve the "discoverability" problem GitHub solves... GitTorrent/Gitchain have the ability to do just that. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Thu Sep 10 12:26:58 2015 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 10 Sep 2015 21:26:58 +0200 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <55f0b996.6a15370a.19c54.ffff9df5@mx.google.com> References: <6619420.kEgClR5EXu@lapuntu> <55f0b996.6a15370a.19c54.ffff9df5@mx.google.com> Message-ID: <1496599.pQDEvE90ES@lapuntu> Dnia środa, 9 września 2015 20:02:34 Juan pisze: > On Thu, 10 Sep 2015 00:52:47 +0200 > > rysiek wrote: > > Dnia środa, 9 września 2015 08:21:36 John Young pisze: > > > This from the journalists who check with USG before publishing > > > Snowden documents as Snowden allegedly requires "to avoid harm to > > > the US." > > > > > > Fingerpointing at Putin is obligatory for those working the > > > Broadcasting Board of Governors propaganda beat. > > > > The fact that A is evil, and A is B's adversary, doesn't > > automagically make B not evil. > > Kindly point out where JY said the russian government was not > evil. One could argue that using the term "fingerpointing" to refer to potential criticism of Putin's regime, and calling people who do just that "those working the Broadcasting Board of Governors propaganda beat" might be taken as more or less just that, or at least of turning the attention away from what's going on in Russia, but I also might just had a knee-jerk moment. :) -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Thu Sep 10 12:32:40 2015 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 10 Sep 2015 21:32:40 +0200 Subject: Traffic analysis at Bletchley Park In-Reply-To: <20150908104337.GU7320@ctrlc.hu> References: <20150908104337.GU7320@ctrlc.hu> Message-ID: <12765775.0J2RpODF69@lapuntu> Dnia wtorek, 8 września 2015 12:43:37 stef pisze: > On Mon, Sep 07, 2015 at 08:42:13PM -0400, Veg wrote: > > Good documentary on an underreported aspect of the work by the > > codebreakers > > at Bletchley Park: > > http://www.bbc.co.uk/programmes/b069gxz7 > > maybe liberating this from stupid geolocation based discrimination would be > a service for all readers of this list. How would they analyze the traffic then? -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From juan.g71 at gmail.com Thu Sep 10 19:09:26 2015 From: juan.g71 at gmail.com (Juan) Date: Thu, 10 Sep 2015 23:09:26 -0300 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: References: <6619420.kEgClR5EXu@lapuntu> <20150910103439.d6780318dfee8d059b796997@virtadpt.net> Message-ID: <55f236df.335f8c0a.74437.6104@mx.google.com> On Thu, 10 Sep 2015 23:57:19 +0000 Zenaan Harkness wrote: > and I say this is a damn good thing and we are fortunate that "Russia" > has produced someone like this - perhaps not so fortunate for some > Russians inside Russia, but extraordinarily important, and good, for > the world as a whole. USA hegemon had to be ended, and it's almost > done but the shoutin'. As far as the US empire being finished, I don't see the process as 'almost done'. Rather, it looks as if the US empire keeps expanding and now 'almost' controls the whole fucking world, either directly or by proxy. As to putin and co. they aren't any better than the nato mafia. As a temporary measure I do agree it's good that the american nazis get 'counterbalanced'. But it's not really a long term solution. From zen at freedbms.net Thu Sep 10 16:44:52 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Thu, 10 Sep 2015 23:44:52 +0000 Subject: Fwd: Do ethnic Germans have the right to racial and cultural strength? - was Re: At a Berlin church, Muslim refugees converting in droves. In-Reply-To: <55F1F9C9.9070009@cathalgarvey.me> References: <55F1F9C9.9070009@cathalgarvey.me> Message-ID: On 9/10/15, C wrote: > In the face of genetics, which reveals that inter-german variability far > outstrips the genetic basis of what we define as "race", I'd like to see > you define "Ethnicity" meaningfully. What does that matter to the essence of the question? The fundamental question is the same, whatever words we use. A rose is a rose by any other name. Perhaps we could ask "currently franchised (those who may vote) Germans" - the point is, do those who are presently gathered in a current physical 'locality' have the right to protect their current racial/ genetic/ demographic/ cultural/ political/ religious "mix", whatever it is, against dilution from immigration, asylum, "democratic" coup (e.g. Ukraine today) or religious missionaries of any faith? The opium wars in China suggest that trying to infiltrate ones religion into a 'foreign' nation may not be altogether appreciated by the locals - and Islamic Muslims are pretty vehement about this too from what I hear - why shouldn't predominantly Christian (or atheistic, or ...) nations be similarly intolerant to a diluting influx of those of different think? > This is equally topical to the Conch Republic; as others visit and > settle on their soil, how do they defend their innate Conch-ness > ethnicity from outside dilution? I demand answers. Well yes, about a day after the email starting this thread, I sent a similar one modified appropriately for Australians as an on-topic reply to another email about Australia's increase in "Syrian refugees" now also to occur here - but I figured for the purposes of this list that one version of essentially the same email was probably enough :) --- So do we citizens of [pick your nation] have the right to protect the status quo within our nation, to protect it against dilution from immigration or asylum, or must we allow the attractions that our nation presents to would be immigrants (whatever arises in their mind in this regard) to be enough of a test for immigration/ asylum? I.e., do the current locals of Germany/Australia/Hungary/Italy/Greece/Conch Replubic, have a "valid right" to object to their politicians "throwing the doors wide open", as Austria and Germany have recently done? You don't have to be Nazi, to want your racial and cultural strength, however you define that thank you you're welcome. Regards Zenaan From grarpamp at gmail.com Thu Sep 10 20:45:35 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 10 Sep 2015 23:45:35 -0400 Subject: John McAfee Runs For US President In 2016 Under Cyber Party In-Reply-To: <3923616.0r0mpAI9Mp@lapuntu> References: <3923616.0r0mpAI9Mp@lapuntu> Message-ID: https://www.youtube.com/results?search_query=john+mcafee John McAfee: Obamacare Unfixable, Scrap it! http://www.youtube.com/watch?v=3o-Flb5CBOo John McAfee: Security is an Illusion http://www.youtube.com/watch?v=fKP0C8zA7_Q John McAfee: Secrets of The Cloud Revealed http://www.youtube.com/watch?v=kwv2YnCnc8w "I like these 50's.... my type of gun :-)" http://www.youtube.com/watch?v=aipUZO-PjFY From zen at freedbms.net Thu Sep 10 16:57:19 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Thu, 10 Sep 2015 23:57:19 +0000 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <20150910103439.d6780318dfee8d059b796997@virtadpt.net> References: <6619420.kEgClR5EXu@lapuntu> <20150910103439.d6780318dfee8d059b796997@virtadpt.net> Message-ID: On 9/10/15, The Doctor wrote: > On Thu, 10 Sep 2015 00:52:47 +0200 > rysiek wrote: >> Why there's so many people defending Russian system just because >> USA-Russia >> relations are not superfriendly is beyond me. > > People are so trained to think in binary terms that pretty much every > possible shade of grey is all but invisble. > > Sad. Sad indeed. A nuanced (from our western media perspective), almost academic analysis of why USSR fell, due to its internal problems, and what those problems were: http://fortruss.blogspot.ru/2015/09/the-three-deaths-of-soviet-union-part-1.html http://fortruss.blogspot.ru/2015/09/the-three-deaths-of-soviet-union-part-2.html I add that today, the relevant thing is that Putin on an inter-nation level is one of the only true diplomats on today's world stage, and has forged many significant relationships (e.g. BRICS) which have shifted power significantly and irrevocably away from USA and towards a multi-polar world; and I say this is a damn good thing and we are fortunate that "Russia" has produced someone like this - perhaps not so fortunate for some Russians inside Russia, but extraordinarily important, and good, for the world as a whole. USA hegemon had to be ended, and it's almost done but the shoutin'. From zen at freedbms.net Thu Sep 10 17:11:30 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Fri, 11 Sep 2015 00:11:30 +0000 Subject: John McAfee Runs For US President In 2016 Under Cyber Party In-Reply-To: <55f1e097.d4668c0a.7be27.29b4@mx.google.com> References: <3923616.0r0mpAI9Mp@lapuntu> <20150910114126.GC2695@sivokote.iziade.m$> <55f1e097.d4668c0a.7be27.29b4@mx.google.com> Message-ID: On 9/10/15, Juan wrote: > On Thu, 10 Sep 2015 14:41:26 +0300 > Georgi Guninski wrote: > >> On Thu, Sep 10, 2015 at 09:05:02AM +0000, Zenaan Harkness wrote: >> > Would love to see some possibility of A Better Obama... >> >> Definitely the cpunk juan :) >> >> juan for president!!!!!! > > > Thank you Georgi. We need an anarchist president who would fight for > our anarchist constitution. Those are the pilars of our anarchist > state. Otherwise chaos would ensue. > > >> he might give the scumbags hard time, not sure. > > Hm. That's a nice ring - it might fit me. But I think I'll pass =P The test perhaps ought be, can you (/we) elucidate anarchist beliefs, benefits, cautions, etc, to enough people such that someone who's not you chooses to run for president on an anarchist platform? Such changes can surely only occur with the leverage of "getting it out there, and "it" being appealing to enough of the general population". Juan, are there aspects of political anarchism (I think we need a term other than "anarchy" if we want Joe Sixpack to not glaze over) which you have personal doubts about, or you're not sure about how best to handle, or even unsure about how to educate others about? Perhaps another thread though... but I am seriously interested in a more nuanced discussion than "those USG cunts" ;) From zen at freedbms.net Thu Sep 10 17:32:26 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Fri, 11 Sep 2015 00:32:26 +0000 Subject: politicopunks@cpunks.org In-Reply-To: References: Message-ID: On 9/10/15, Cindy Baginski wrote: > is this an cp mailinglist? > > best regards > c. Well that was the question, what is the shared common intention for the list? "schism"'s reply is about as apt and useful as it gets. For reference: It is my experience that such forks are borne of individuals resenting the friction inherent of open forums, not of wishing free and open discourse. If a forum is explicitly open and yet you experience resistance to your ideas there are two probable causes. One is that those resisting are fools, the other is that you're full of shit. One would do best to consider both equally (even simultaneously) probable. Also Georgi Guninski's: If you ask me, the current list is going well and nobody got banned for trolling about politics. From zen at freedbms.net Thu Sep 10 18:27:34 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Fri, 11 Sep 2015 01:27:34 +0000 Subject: Fwd: Do ethnic Germans have the right to racial and cultural strength? - was Re: At a Berlin church, Muslim refugees converting in droves. In-Reply-To: <9a19a1c1-064e-4946-a704-1a8c8a676228@googlegroups.com> References: <55F1F9C9.9070009@cathalgarvey.me> <9a19a1c1-064e-4946-a704-1a8c8a676228@googlegroups.com> Message-ID: On 9/11/15, Nathan wrote: > WTF? I've read this *twice* and I *still* don't get it..... Is this an > argument against multiculturalism? That's not the question - the question is, does each individual human of a nation have the right to protect their current, existing culture? Or at least to have a say, i.e. a vote about it? Some nations, through their power structures, go to extraordinary lengths to protect their rights to cultural and racial strength, Japan for example. Is this the right of the Japanese? Or are they doing the wrong thing? >From their perspective, they are doing what is required to protect their rights, to self determination as a people, a tribe, a race. It appears that the rights of individuals are determined (in practice) by those in power, and not by those who are directly affected by the decision makers (the people themselves). Is keeping such decisions in the hands of a few "educated elected" an elitist approach? If democracy be the will of the people manifested, then ought the people of any nation be asked directly (nation wide vote) on such questions as cultural dilution due to immigration and or asylum? Or is it appropriate for an "elected" few to impose their personal preference on a nation? Regards Zenaan From tom at vondein.org Thu Sep 10 23:39:05 2015 From: tom at vondein.org (Tom) Date: Fri, 11 Sep 2015 08:39:05 +0200 Subject: Fwd: Do ethnic Germans have the right to racial and cultural strength? - was Re: At a Berlin church, Muslim refugees converting in droves. In-Reply-To: References: <55F1F9C9.9070009@cathalgarvey.me> Message-ID: <20150911063905.GK89227@r4> Hi, I am german, so let's look at your question: On Thu, Sep 10, 2015 at 11:44:52PM +0000, Zenaan Harkness wrote: > > In the face of genetics, which reveals that inter-german variability far > > outstrips the genetic basis of what we define as "race", I'd like to see > > you define "Ethnicity" meaningfully. > > What does that matter to the essence of the question? It does. Because there's no uniform ethnicity or whatever you might call it, in a country, at least not in germany. Germans are: Saxons, Bavarians, SaarlÃ¤nders, Turks, Roma, Blacks, Asians, Moslems, Everything. There is a mix of people with different backgrounds, different religions (or no religion), different ancestors. Their sum forms what we know today as the "german culture", whatever that might be. > So do we citizens of [pick your nation] have the right to protect the > status quo within our nation, to protect it against dilution from > immigration or asylum, or must we allow the attractions that our > nation presents to would be immigrants (whatever arises in their mind > in this regard) to be enough of a test for immigration/ asylum? Or course not. All humans are refugees or descendants or refugees. Look at north america. Coloured people came from africa (well, they didn't exactly "came", they've been brought), caucasians came from europe, the natives even came from siberia (50.000 years ago or something). Those migrations happened all the time during the last 2 mio years over human history. Therefore, to claim to have a right to live in a uniform culture, undisturbed by newcomers, is arrogant and absurd. And even if such a right might exist, the right to live trumps it anyway. Wanna send back children into a war zone because Oktoberfest? best, Tom From rysiek at hackerspace.pl Fri Sep 11 00:49:51 2015 From: rysiek at hackerspace.pl (rysiek) Date: Fri, 11 Sep 2015 09:49:51 +0200 Subject: Library installs Tor exit node; pulls plug after pressure from DHS In-Reply-To: References: <14fb8d70f10.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> <20150910200217.2E95068006C@frontend2.nyi.internal> Message-ID: <1541110.BOh5v8HBOz@lapuntu> Dnia czwartek, 10 września 2015 21:21:32 grarpamp pisze: > On Thu, Sep 10, 2015 at 4:02 PM, Shelley wrote: > > Via Propublica: > > http://www.propublica.org/article/library-support-anonymous-internet-brows > > ing-effort-stops-after-dhs-email > > > > More background: > > http://arstechnica.com/tech-policy/2015/07/crypto-activists-announce-visio > > n-for-tor-exit-relay-in-every-library/ > > > > The project itself: > > https://libraryfreedomproject.org/torexitpilotphase1/ > > > > The library board meets on the 15th of this month and will decide whether > > to turn it back on. > > A lot of support should be lent right now to the city managers, library > board, and the community. You don't want the first one to be publicly > quashed by a bunch of shameful LEA fearmongering. > Show up the board meeting, you can bet they will. From what I hear the library is getting some considerable positive feedback. There's also an EFF petition: https://act.eff.org/action/support-tor-and-intellectual-freedom-in-libraries -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Fri Sep 11 00:56:06 2015 From: rysiek at hackerspace.pl (rysiek) Date: Fri, 11 Sep 2015 09:56:06 +0200 Subject: Fwd: Do ethnic Germans have the right to racial and cultural strength? - was Re: At a Berlin church, Muslim refugees converting in droves. In-Reply-To: <20150911063905.GK89227@r4> References: <20150911063905.GK89227@r4> Message-ID: <1964661.BWLenNOqDH@lapuntu> Dnia piątek, 11 września 2015 08:39:05 Tom pisze: > Wanna send back children into a war zone because Oktoberfest? This, I believe, sums it up perfectly! -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From guninski at guninski.com Fri Sep 11 00:10:54 2015 From: guninski at guninski.com (Georgi Guninski) Date: Fri, 11 Sep 2015 10:10:54 +0300 Subject: Has someone examined the leaked Hacking Team stuff for linux/bsd 0days? Message-ID: <20150911071054.GA2699@sivokote.iziade.m$> Has someone examined the leaked Hacking Team stuff for linux/bsd 0days? http://www.theregister.co.uk/2015/09/10/redmond_yells_cut_on_hacking_team_horror_movie_exploit/ Another of exploits against Microsoft Windows that hit as a zero day after Hacking Team was hacked has been fixed. From Rayzer at riseup.net Fri Sep 11 10:47:38 2015 From: Rayzer at riseup.net (Razer) Date: Fri, 11 Sep 2015 10:47:38 -0700 Subject: (from offlist) John McAfee Runs For US President In 2016 Under Cyber Party In-Reply-To: References: <55F1A6A0.5010905@riseup.net> Message-ID: <55F313BA.7040103@riseup.net> On 09/10/2015 06:49 PM, Ben Mezger wrote: > I lived in a Third a World Banana > Republic, was tortured and had to watch my dog shot in front of my eyes > by a soldier trained by the FBI at Quantico using an Ar-15 supplied by > the US Government. I hid in the jungles of Central America for weeks > while being chased by an army representing a government that I had > refused to be extorted by. Please…. tell me what is not serious about > this." Someone forgot to tell him he was NOT the top banana in the Feudal world. He's nuts, sorry, no matter his financial experience, and he didn't run that 'multi-billion dollar company' for long. He sold it, and it probably wasn't a multi-billion dollar company when sold Symantec did that, and I'm calling him for megalomania and psychopathic lying for self aggrandizement -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: From rysiek at hackerspace.pl Fri Sep 11 02:22:59 2015 From: rysiek at hackerspace.pl (rysiek) Date: Fri, 11 Sep 2015 11:22:59 +0200 Subject: Fwd: Do ethnic Germans have the right to racial and cultural strength? - was Re: At a Berlin church, Muslim refugees converting in droves. In-Reply-To: References: <9a19a1c1-064e-4946-a704-1a8c8a676228@googlegroups.com> Message-ID: <1779111.UxAx0tsn7i@lapuntu> Dnia piątek, 11 września 2015 01:27:34 Zenaan Harkness pisze: > On 9/11/15, Nathan wrote: > > WTF? I've read this *twice* and I *still* don't get it..... Is this an > > argument against multiculturalism? > > That's not the question - the question is, does each individual human > of a nation have the right to protect their current, existing culture? Of course I can defend my culture. But there are two crucial questions here: - from what can I defend my culture; - with what means can I defend my culture. Can I defend my culture verbally from somebody talking shit about it? Sure. Can I defend my culture with force from an armed aggressor? Sure. Can I "defend my culture" from people who had to leave their homes due to war? How would I even "defend my culture" in such a scenario? Deport them all for certain death? Imprison them?.. Asking the "can one defend their culture" question without asking the other two is really underhanded and disingenuous. It's akin to asking "can one defend themselves" in the context of a Police officer killing an unarmed 13-year-old kid with a watergun. Are we really to say that our culture is so weak, so vulnerable, so hard to defend that an influx of immigrants that amounts to 0,03% (yes, three- hundredths of a percent!)[1] of the whole population of the EU is suddenly a real threat? [1] estimated 160 000 immigrants, estimated 508 million EU citizens -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From guninski at guninski.com Fri Sep 11 04:47:41 2015 From: guninski at guninski.com (Georgi Guninski) Date: Fri, 11 Sep 2015 14:47:41 +0300 Subject: John McAfee Runs For US President In 2016 Under Cyber Party In-Reply-To: <55f1e097.d4668c0a.7be27.29b4@mx.google.com> References: <3923616.0r0mpAI9Mp@lapuntu> <20150910114126.GC2695@sivokote.iziade.m$> <55f1e097.d4668c0a.7be27.29b4@mx.google.com> Message-ID: <20150911114741.GB2699@sivokote.iziade.m$> On Thu, Sep 10, 2015 at 05:01:21PM -0300, Juan wrote: > > Thank you Georgi. We need an anarchist president who would fight for > our anarchist constitution. Those are the pilars of our anarchist > state. Otherwise chaos would ensue. > > Nothing against _well implemented_ anarchy, but I consider this impossible to do with current sheeple and adversaries. A Donald Knuth quote: http://www.azquotes.com/author/8177-Donald_Knuth/tag/reality It would be nice if we could design a virtual reality in Hyperbolic Space, and meet each other there. ;) From zen at freedbms.net Fri Sep 11 08:07:22 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Fri, 11 Sep 2015 15:07:22 +0000 Subject: Fwd: Do ethnic Germans have the right to racial and cultural strength? - was Re: At a Berlin church, Muslim refugees converting in droves. In-Reply-To: <1779111.UxAx0tsn7i@lapuntu> References: <9a19a1c1-064e-4946-a704-1a8c8a676228@googlegroups.com> <1779111.UxAx0tsn7i@lapuntu> Message-ID: On 9/11/15, rysiek wrote: > Dnia piątek, 11 września 2015 01:27:34 Zenaan Harkness pisze: >> On 9/11/15, Nathan wrote: >> > WTF? I've read this *twice* and I *still* don't get it..... Is this >> > an >> > argument against multiculturalism? >> >> That's not the question - the question is, does each individual human >> of a nation have the right to protect their current, existing culture? > > Of course I can defend my culture. But there are two crucial questions > here: > - from what can I defend my culture; > - with what means can I defend my culture. > > Can I defend my culture verbally from somebody talking shit about it? Sure. > Can I defend my culture with force from an armed aggressor? Sure. > > Can I "defend my culture" from people who had to leave their > homes due to war? > How would I even "defend my culture" in such a scenario? Deport > them all for certain death? Imprison them?.. > > Asking the "can one defend their culture" question without asking > the other two is really underhanded and disingenuous. Or simply seeking the insights of your now asked two questions as above and struggling (perhaps ironically) to come to such insights by myself - no underhanded or disingenuous intention need be ascribed. The thoughtful part of your reply is really appreciated. Thank you for your patience going forward. I consider the first ground to be that of individual/ collective right. Even getting beyond this first ground is a challenge for many - you're the first person in my (humble, inadequate, deficient...) attempts over the last year or two, who actually got past "do we have the right". Your next two questions are not easy. I have no immediate answer. A temporary brain dump of things which may arise and perhaps ought be contemplated to arrive at any sane answer to your last two questions: - reciprocal legislation on a per-country basis - if we can't build churches in your country, you can't build mosques in ours; if we can't buy property in yours, you can't buy in ours - "tipping points" for 'cultural crisis' due to immigration by refugees or otherwise - Christians being executed in various countries today - the Christian crusades of 100s years ago - are we humans beyond barbarians to any real extent - what about those of us in golden middle-class cages, are we barbarians in disguise - to what extent is it our "western" governments (and or military industrial companies) causing the turmoil/ wars from which the genuine refugees flee from - should we citizens suffer the fallout from the evil activities of our governments and military industrial companies bombing brown people and or poor people - is it possible to stop our governments/ companies from doing so - is maintenance of local/ per-country cultural homogeneity worth pursuing at all, or is that somehow fundamentally at odds with the majority of humans on the planet being "below the poverty line" and therefore with their "right to a share" of my (relatively) wealthy middle class existence (even for example for those on government assistance/ welfare) I feel as though we are being sold out by our western governments driven by the military industrial companies, and that we are being caused to suffer the consequences of this. And I feel powerless to stop this evil, to stop the (unlawful, but hey) killing of people on an industrial scale. I feel that there is so much profit from war, that there is intention to war and for war, and that this is out of control. Courtesy the internet we know this turmoil has been perpetrated continuously since WWII by USAGov (CIA) and its "allies", lackies, lapdogs - coup after coup, regime change after regime change. There's so much that's not ok by me and I struggle to find clear and simple foundations which can approach shared consensus understanding and agreement on what is wrong, let alone how if at all possible to fix it. Thanks for suffering my totally inadequate and rambling attempts at something resembling communication, but I am sincere in my desire for a better world - for everyone in it. Zenaan From guninski at guninski.com Fri Sep 11 05:52:39 2015 From: guninski at guninski.com (Georgi Guninski) Date: Fri, 11 Sep 2015 15:52:39 +0300 Subject: Fwd: Do ethnic Germans have the right to racial and cultural strength? - was Re: At a Berlin church, Muslim refugees converting in droves. In-Reply-To: <1779111.UxAx0tsn7i@lapuntu> References: <9a19a1c1-064e-4946-a704-1a8c8a676228@googlegroups.com> <1779111.UxAx0tsn7i@lapuntu> Message-ID: <20150911125239.GC2699@sivokote.iziade.m$> On Fri, Sep 11, 2015 at 11:22:59AM +0200, rysiek wrote: > > Are we really to say that our culture is so weak, so vulnerable, so hard to > defend that an influx of immigrants that amounts to 0,03% (yes, three- > hundredths of a percent!)[1] of the whole population of the EU is suddenly a > real threat? > > [1] estimated 160 000 immigrants, estimated 508 million EU citizens > First a joke: "statistician tried to cross a river of average depth 0.5m and got drowned". May I ask what percentage of the EU are street policeman (not counting burocrats) to "protect" the sheeple? And how comes the above policeman allowed the refugees to cross the border? It is the extrema that matters, not the average value. ...And what if half of the 0.03% were armed turrorists? From grarpamp at gmail.com Fri Sep 11 16:19:51 2015 From: grarpamp at gmail.com (grarpamp) Date: Fri, 11 Sep 2015 19:19:51 -0400 Subject: Library installs Tor exit node; pulls plug after pressure from DHS In-Reply-To: References: <14fb8d70f10.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> <20150910200217.2E95068006C@frontend2.nyi.internal> Message-ID: > A lot of support should be lent right now to the city managers, library board, > and the community. You don't want the first one to be publicly quashed by > a bunch of shameful LEA fearmongering. > Show up the board meeting, you can bet they will. Someone should also see about notifying these folks, you might end up with an entire state full of relays... https://freestateproject.org/ http://forum.freestateproject.org/ From juan.g71 at gmail.com Fri Sep 11 22:47:51 2015 From: juan.g71 at gmail.com (Juan) Date: Sat, 12 Sep 2015 02:47:51 -0300 Subject: John McAfee Runs For US President In 2016 Under Cyber Party In-Reply-To: References: <3923616.0r0mpAI9Mp@lapuntu> <20150910114126.GC2695@sivokote.iziade.m$> <55f1e097.d4668c0a.7be27.29b4@mx.google.com> Message-ID: <55f3bb8e.4b1c8d0a.90f36.ffff8cf5@mx.google.com> On Fri, 11 Sep 2015 00:11:30 +0000 Zenaan Harkness wrote: > Juan, are there aspects of political anarchism (I think we need a term > other than "anarchy" if we want Joe Sixpack to not glaze over) which > you have personal doubts about, or you're not sure about how best to > handle, or even unsure about how to educate others about? Well, I don't care too much about 'educating' people lately and I certainly know my method is far from perfect... As far as doubts regarding political anarchy go, no I don't have any doubts. I don't care about 'utilitarian' arguments. It doesn't matter if some people think that they can get allegedly 'better' outcomes by taxing, kidnapping and killing their neighbors. Pro-government people don't have any legitimate authority and can't even prove that their preferences are 'better', most of the time. Anarchy is the only system that can be morally justified. And funnily enough, the very theoretical premises of 'western' 'liberal' 'democracies' are anarchistic. 'Liberal' 'democracies' pretend to be 'representative' governments based on the 'consent of the governed'. "We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.--That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed," The 'religious' language is bullshit - the doctrine of natural rights is actually that, natural (rational), not based on any 'supernatural' scam. And what does 'consent' mean, exactly? It means choice and the ability to accept or reject any proposition. So, since government is based on 'consent' it is perfectly OK to NOT consent to be 'governed' and thus live under 'anarchy'. Of course, the guy who wrote that 'declaration of independence' and his accomplices were incredibly sick pieces of shit who used libertarian political theory as facade for the 'foundation' of a literal slave society. Freedom is slavery. Good old Orwell wasn't just talking about the future... Anyway, anarchy is simply statist theory correctly applied. > Perhaps > another thread though... but I am seriously interested in a more > nuanced discussion than "those USG cunts" ;) =) From jdb10987 at yahoo.com Fri Sep 11 20:18:08 2015 From: jdb10987 at yahoo.com (jim bell) Date: Sat, 12 Sep 2015 03:18:08 +0000 (UTC) Subject: Anyone familiar with SEO (Search Engine Optimization) techniques? I have a mystery. Message-ID: <1109550241.1333849.1442027888976.JavaMail.yahoo@mail.yahoo.com> For those who can help, please do a Google search for 'Bell further alleged in his 2003'You will notice that there are MANY results that contain that phrase, but have something close to gibberish, before and after it. Some results are genuine, but most are apparently not. I suspect that I am the victim of some sort of SEO-techniques, attempting to cover up the fact of the fake, forged appeal case 99-30210. I suspect that the following company had something to do with it:   http://www.icmconsulting.com/seo.html See, for instance, http://www.simcoehall.com/service/background-check-expunged.html Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1822 bytes Desc: not available URL: From juan.g71 at gmail.com Fri Sep 11 23:18:34 2015 From: juan.g71 at gmail.com (Juan) Date: Sat, 12 Sep 2015 03:18:34 -0300 Subject: Anyone familiar with SEO (Search Engine Optimization) techniques? I have a mystery. In-Reply-To: <1109550241.1333849.1442027888976.JavaMail.yahoo@mail.yahoo.com> References: <1109550241.1333849.1442027888976.JavaMail.yahoo@mail.yahoo.com> Message-ID: <55f3c2c1.48d6370a.24569.ffff9029@mx.google.com> On Sat, 12 Sep 2015 03:18:08 +0000 (UTC) jim bell wrote: > For those who can help, please do a Google search for 'Bell further > alleged in his 2003'You will notice that there are MANY results that > contain that phrase, but have something close to gibberish, before > and after it. Weird. The search results I'm seeing (first page) 1) book titled "crypto anarchy" 2) http://www.snowcitycafe.com/assets/28115041/service/ridgefield-connecticut-public-records.html 3) http://www.snowcitycafe.com/assets/28115041/service/jail-records-vine.html 4) http://www.snowcitycafe.com/assets/28115041/service/do-you-have-to-get-a-background-check-to-buy-.html 5) Jim's wikipedia article 6) http://buriedwithoutceremony.com/wp-includes/service/indiana-state-police-records-division.html 7) http://buriedwithoutceremony.com/wp-includes/service/arizona-public-records-wills.html 8) http://www.vinnatur.org/wp-includes/service/free-website-to-view-criminal-records.html 9) http://www.vinnatur.org/wp-includes/service/free-criminal-records-bureau-uk.html 10) http://culturesource.net/data/records/criminal-background-guidelines.html results 2,3,4,6,7,8,9,10 all go to the same spam page. In other words, google is such an incredible piece of shit that they can't even run a search engine? > Some results are genuine, but most are apparently not. > I suspect that I am the victim of some sort of SEO-techniques, ...that work against an IT company that rules the universe and has a 'market cap' of 428 000 million dollars... > attempting to cover up the fact of the fake, forged appeal case > 99-30210. I suspect that the following company had something to do > with it:   http://www.icmconsulting.com/seo.html See, for > instance, http://www.simcoehall.com/service/background-check-expunged.html > Jim Bell From dal at riseup.net Sat Sep 12 01:36:51 2015 From: dal at riseup.net (Douglas Lucas) Date: Sat, 12 Sep 2015 03:36:51 -0500 Subject: Anyone familiar with SEO (Search Engine Optimization) techniques? I have a mystery. In-Reply-To: <1109550241.1333849.1442027888976.JavaMail.yahoo@mail.yahoo.com> References: <1109550241.1333849.1442027888976.JavaMail.yahoo@mail.yahoo.com> Message-ID: <55F3E423.3010908@riseup.net> Perhaps the spam websites need to hide only text that is "real" in the eyes of Google. And "Bell further alleged in his 2003" is "real" because it is in a book. It could have been text out of any other book, but it turned out to be you. Like winning the lottery, but in reverse. Perhaps you could analyze strings of the other hidden text to see if they too are from "real" sources. I come up with this hypothesis because years back I used to write web advertisements for an ambulance chaser law firm. They gave me the original text, e.g., "If you or someone you care about has been injured in an 18-wheeler accident in Atlanta, blah blah" and I had to write it six hundred different ways, e.g. "If you or someone you love has been hurt in a big rig crash in Atlanta, blah blah" Each version became its own URL. The text of each had to be different, the law firm told me, or Google would notice the similarities and penalize the websites for being spam. It was a boring gig so I livened it up by writing in metric prose - one sentence here in trochees, another sentence there in anapests, etc. So "real" text is valuable. That leads me to wonder, like a science fiction writer, how we could take this to extremes. Which text is the most "real"? What might the consequences be of variations in the degree of lorem ipsum texts' reality? On 09/11/2015 10:18 PM, jim bell wrote: > For those who can help, please do a Google search for 'Bell further > alleged in his 2003' > You will notice that there are MANY results that contain that phrase, > but have something close to gibberish, before and after it. Some > results are genuine, but most are apparently not. I suspect that I am > the victim of some sort of SEO-techniques, attempting to cover up the > fact of the fake, forged appeal case 99-30210. I suspect that the > following company had something to do with it: > http://www.icmconsulting.com/seo.html See, for > instance, http://www.simcoehall.com/service/background-check-expunged.html > Jim Bell > From juan.g71 at gmail.com Sat Sep 12 02:23:05 2015 From: juan.g71 at gmail.com (Juan) Date: Sat, 12 Sep 2015 06:23:05 -0300 Subject: Anyone familiar with SEO (Search Engine Optimization) techniques? I have a mystery. In-Reply-To: <20150912090803.GA2489@sivokote.iziade.m$> References: <1988752326.1370938.1442044122824.JavaMail.yahoo@mail.yahoo.com> <20150912090803.GA2489@sivokote.iziade.m$> Message-ID: <55f3ee01.d0ed8c0a.6aa33.ffff9555@mx.google.com> On Sat, 12 Sep 2015 12:08:03 +0300 Georgi Guninski wrote: > On Sat, Sep 12, 2015 at 07:48:42AM +0000, jim bell wrote: > > Okay, I did this for one of the instances, > > , http://buriedwithoutceremony.com/wp-includes/service/public-property-records-fairbanks-alaska.html > > and got (in part) the relevant section: > > > > Consider checking the source of the cached google page > (if any). Website need not serve the same page to you and > google. yeah that seems to be the trick http://webcache.googleusercontent.com/search?q=cache:aSXFrILkxm8J:buriedwithoutceremony.com/wp-includes/service/public-property-records-fairbanks-alaska.html+&cd=1&hl=en&ct=clnk&gl=us the cached version does have Jim's search terms. > > Also, IMHO if the text is obfuscated such a simple search > might not work, not entirely sure. > > I _suspect_ something remotely similar to yours happened > to me in the past. > From jdb10987 at yahoo.com Fri Sep 11 23:38:49 2015 From: jdb10987 at yahoo.com (jim bell) Date: Sat, 12 Sep 2015 06:38:49 +0000 (UTC) Subject: Anyone familiar with SEO (Search Engine Optimization) techniques? I have a mystery. In-Reply-To: <55f3c2c1.48d6370a.24569.ffff9029@mx.google.com> References: <55f3c2c1.48d6370a.24569.ffff9029@mx.google.com> Message-ID: <646537907.1373286.1442039929322.JavaMail.yahoo@mail.yahoo.com> From: Juan On Sat, 12 Sep 2015 03:18:08 +0000 (UTC) jim bell wrote: >> For those who can help, please do a Google search for 'Bell further >> alleged in his 2003'You will notice that there are MANY results that >> contain that phrase, but have something close to gibberish, before >> and after it. >Weird. The search results I'm seeing (first page) > 1) book titled "crypto anarchy"     > 2) >   http://www.snowcitycafe.com/assets/28115041/service/ridgefield-connecticut-public-records.html > 3) >   http://www.snowcitycafe.com/assets/28115041/service/jail-records-vine.html > 4) >   http://www.snowcitycafe.com/assets/28115041/service/do-you-have-to-get-a-background-check-to-buy-.html > 5) Jim's wikipedia article > 6) >   http://buriedwithoutceremony.com/wp-includes/service/indiana-state-police-records-division.html > 7) > http://buriedwithoutceremony.com/wp-includes/service/arizona-public-records-wills.html > 8) >   http://www.vinnatur.org/wp-includes/service/free-website-to-view-criminal-records.html > 9) > http://www.vinnatur.org/wp-includes/service/free-criminal-records-bureau-uk.html > 10) >   http://culturesource.net/data/records/criminal-background-guidelines.html > results 2,3,4,6,7,8,9,10 all go to the same spam page. I think you're wrong about that. It isn't "the same spam page". Rather, it is multiple copies of what amounts to (looks like, to the human eye) the same spam page, but located at different URLs. > In other words, google is such an incredible piece of shit that > they can't even run a search engine? Again, I think you're wrong about that. I don't think Google has done anything wrong, here. Rather, I think that someone else has manufactured many pages which look alike to the human eye, but apparently contain hidden text that can be searched for and found. Google-search has simply catalogued the search results, including the otherwise-invisible text. (White characters on a white background can't be read by eye, but they can be read by Google-search.) >> Some results are genuine, but most are apparently not. >> I suspect that I am the victim of some sort of SEO-techniques, > ...that work against an IT company that rules the universe and > has a 'market cap' of 428 000 million dollars... Again, I think you're wrong. What I believe I have seen does not "work against" anybody, except possibly me. Google is simply cataloguing the web pages it sees, as the person (or organization) that produced those pages intends. The only negative consequence, to Google-search, is that they have to catalog a few hundred kilobytes more of web-pages. That's no skin off Google-search's nose. And as far as I understand, the only tricky thing here is that text is present on these pages which cannot be read by a human. If I knew more about the Web than I do, I would probably understand how to adjust my web browser to display visibly what would otherwise be invisible text. The next question is, "what does this mean, and who produced this, and why?". I posted this query to find somebody who had experience in SEO techniques. Jim Bell > attempting to cover up the fact of the fake, forged appeal case > 99-30210. I suspect that the following company had something to do > with it:   http://www.icmconsulting.com/seo.html See, for > instance, http://www.simcoehall.com/service/background-check-expunged.html > Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 8221 bytes Desc: not available URL: From jdb10987 at yahoo.com Fri Sep 11 23:53:57 2015 From: jdb10987 at yahoo.com (jim bell) Date: Sat, 12 Sep 2015 06:53:57 +0000 (UTC) Subject: Anyone familiar with SEO (Search Engine Optimization) techniques? I have a mystery. In-Reply-To: <646537907.1373286.1442039929322.JavaMail.yahoo@mail.yahoo.com> References: <55f3c2c1.48d6370a.24569.ffff9029@mx.google.com> <646537907.1373286.1442039929322.JavaMail.yahoo@mail.yahoo.com> Message-ID: <850696060.1471279.1442040837924.JavaMail.yahoo@mail.yahoo.com> I found this partial explanation: http://www.seochat.com/c/a/search-engine-optimization-help/hidden-text-in-websites/ and   http://www.seologic.com/faq/hidden-text and   http://everydaylife.globalpost.com/hidden-text-website-34580.html and   https://support.google.com/webmasters/answer/66353?hl=en Jim Bell From: jim bell To: Juan ; "cypherpunks at cpunks.org" Sent: Friday, September 11, 2015 11:38 PM Subject: Re: Anyone familiar with SEO (Search Engine Optimization) techniques? I have a mystery. From: Juan On Sat, 12 Sep 2015 03:18:08 +0000 (UTC) jim bell wrote: >> For those who can help, please do a Google search for 'Bell further >> alleged in his 2003'You will notice that there are MANY results that >> contain that phrase, but have something close to gibberish, before >> and after it. >Weird. The search results I'm seeing (first page) > 1) book titled "crypto anarchy"     > 2) >   http://www.snowcitycafe.com/assets/28115041/service/ridgefield-connecticut-public-records.html > 3) >   http://www.snowcitycafe.com/assets/28115041/service/jail-records-vine.html > 4) >   http://www.snowcitycafe.com/assets/28115041/service/do-you-have-to-get-a-background-check-to-buy-.html > 5) Jim's wikipedia article > 6) >   http://buriedwithoutceremony.com/wp-includes/service/indiana-state-police-records-division.html > 7) > http://buriedwithoutceremony.com/wp-includes/service/arizona-public-records-wills.html > 8) >   http://www.vinnatur.org/wp-includes/service/free-website-to-view-criminal-records.html > 9) > http://www.vinnatur.org/wp-includes/service/free-criminal-records-bureau-uk.html > 10) >   http://culturesource.net/data/records/criminal-background-guidelines.html > results 2,3,4,6,7,8,9,10 all go to the same spam page. I think you're wrong about that. It isn't "the same spam page". Rather, it is multiple copies of what amounts to (looks like, to the human eye) the same spam page, but located at different URLs. > In other words, google is such an incredible piece of shit that > they can't even run a search engine? Again, I think you're wrong about that. I don't think Google has done anything wrong, here. Rather, I think that someone else has manufactured many pages which look alike to the human eye, but apparently contain hidden text that can be searched for and found. Google-search has simply catalogued the search results, including the otherwise-invisible text. (White characters on a white background can't be read by eye, but they can be read by Google-search.) >> Some results are genuine, but most are apparently not. >> I suspect that I am the victim of some sort of SEO-techniques, > ...that work against an IT company that rules the universe and > has a 'market cap' of 428 000 million dollars... Again, I think you're wrong. What I believe I have seen does not "work against" anybody, except possibly me. Google is simply cataloguing the web pages it sees, as the person (or organization) that produced those pages intends. The only negative consequence, to Google-search, is that they have to catalog a few hundred kilobytes more of web-pages. That's no skin off Google-search's nose. And as far as I understand, the only tricky thing here is that text is present on these pages which cannot be read by a human. If I knew more about the Web than I do, I would probably understand how to adjust my web browser to display visibly what would otherwise be invisible text. The next question is, "what does this mean, and who produced this, and why?". I posted this query to find somebody who had experience in SEO techniques. Jim Bell > attempting to cover up the fact of the fake, forged appeal case > 99-30210. I suspect that the following company had something to do > with it:   http://www.icmconsulting.com/seo.html See, for > instance, http://www.simcoehall.com/service/background-check-expunged.html > Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 12643 bytes Desc: not available URL: From jdb10987 at yahoo.com Sat Sep 12 00:48:42 2015 From: jdb10987 at yahoo.com (jim bell) Date: Sat, 12 Sep 2015 07:48:42 +0000 (UTC) Subject: Anyone familiar with SEO (Search Engine Optimization) techniques? I have a mystery. In-Reply-To: References: Message-ID: <1988752326.1370938.1442044122824.JavaMail.yahoo@mail.yahoo.com> Okay, I did this for one of the instances, , http://buriedwithoutceremony.com/wp-includes/service/public-property-records-fairbanks-alaska.html and got (in part) the relevant section: |
Raised in the killing of canoga park, he had a married adverse public police records dayton ohio for fine and was on cell for law requirement and views before he was 12 groups state-administered. | | | Legally, many slaves show a afternoon or also a organization in the import representations. | | | Choi's times not originate from a double-barreled advertising of parliament and order. | | | Then, he refused to leave raid and soon became a large public arrest records free montana under the blood mars battles. | | | Bell further alleged in his 2003 bias that a forged site access, couple 99-30210, was entered into the appeal time. | | | In early county, the video neighborhood denotes an limited material lead by a green. | | | Bedabrata's national background check program § 6201 was born in dhaka and his holder came from faridpur. | | | Pentonville prison opened in 1842, beginning a police of finally increasing mastermind audiences and the occupation of sport as the many case of construction information. | | | Some documents engage in the profiling of naturae's property use, collecting the statistics of rolls visited. | | |
| [end of quote] NOW, I can see the section that contained the text, "Bell further alleged in his 2003...". Still unexplained is WHY this occurs. Presumably it's intentional. Jim Bell From: Oshwm To: jim bell ; Juan ; "cypherpunks at cpunks.org" Sent: Saturday, September 12, 2015 12:12 AM Subject: Re: Anyone familiar with SEO (Search Engine Optimization) techniques? I have a mystery. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Basically, right click in page, choose 'view source' from the menu and then search for Bell within the displayed text. There's your hidden text :) There's a bunch of 'metadata' in any web page used for controlling shit like this that is never visible on the actual web page. View source will show this. On 12 September 2015 07:53:57 BST, jim bell wrote: >I found this partial explanation: > http://www.seochat.com/c/a/search-engine-optimization-help/hidden-text-in-websites/ >and >  http://www.seologic.com/faq/hidden-text >and >  http://everydaylife.globalpost.com/hidden-text-website-34580.html >and >  https://support.google.com/webmasters/answer/66353?hl=en > Jim Bell > From: jim bell >To: Juan ; "cypherpunks at cpunks.org" > > Sent: Friday, September 11, 2015 11:38 PM >Subject: Re: Anyone familiar with SEO (Search Engine Optimization) >techniques? I have a mystery. > >From: Juan >On Sat, 12 Sep 2015 03:18:08 +0000 (UTC) >jim bell wrote: > >>> For those who can help, please do a Google search for 'Bell further >>> alleged in his 2003'You will notice that there are MANY results that >>> contain that phrase, but have something close to gibberish, before >>> and after it. > > > >Weird. The search results I'm seeing (first page) >> 1) book titled "crypto anarchy" >    > > 2) > > >  http://www.snowcitycafe.com/assets/28115041/service/ridgefield-connecticut-public-records.html > > > 3) > > >  http://www.snowcitycafe.com/assets/28115041/service/jail-records-vine.html > > > 4) > > >  http://www.snowcitycafe.com/assets/28115041/service/do-you-have-to-get-a-background-check-to-buy-.html > >> 5) Jim's wikipedia article > > > 6) >>   >http://buriedwithoutceremony.com/wp-includes/service/indiana-state-police-records-division.html > > > 7) >> > http://buriedwithoutceremony.com/wp-includes/service/arizona-public-records-wills.html > >> 8) > > >  http://www.vinnatur.org/wp-includes/service/free-website-to-view-criminal-records.html > > > 9) > >> > http://www.vinnatur.org/wp-includes/service/free-criminal-records-bureau-uk.html > > > 10) > > > >  http://culturesource.net/data/records/criminal-background-guidelines.html > > > > results 2,3,4,6,7,8,9,10 all go to the same spam page. >I think you're wrong about that. It isn't "the same spam page". > Rather, it is multiple copies of what amounts to (looks like, to the >human eye) the same spam page, but located at different URLs. > > > > In other words, google is such an incredible piece of shit that >> they can't even run a search engine? >Again, I think you're wrong about that. I don't think Google has done >anything wrong, here. Rather, I think that someone else has >manufactured many pages which look alike to the human eye, but >apparently contain hidden text that can be searched for and found. > Google-search has simply catalogued the search results, including the >otherwise-invisible text. (White characters on a white background >can't be read by eye, but they can be read by Google-search.) > > >>> Some results are genuine, but most are apparently not. >>> I suspect that I am the victim of some sort of SEO-techniques, > > >> ...that work against an IT company that rules the universe and > > has a 'market cap' of 428 000 million dollars... >Again, I think you're wrong. What I believe I have seen does not "work >against" anybody, except possibly me. Google is simply cataloguing the >web pages it sees, as the person (or organization) that produced those >pages intends. The only negative consequence, to Google-search, is >that they have to catalog a few hundred kilobytes more of web-pages. > That's no skin off Google-search's nose. And as far as I understand, >the only tricky thing here is that text is present on these pages which >cannot be read by a human. If I knew more about the Web than I do, I >would probably understand how to adjust my web browser to display >visibly what would otherwise be invisible text. The next question is, >"what does this mean, and who produced this, and why?". I posted this >query to find somebody who had experience in SEO techniques. > > > > Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 16862 bytes Desc: not available URL: From coderman at gmail.com Sat Sep 12 07:49:33 2015 From: coderman at gmail.com (coderman) Date: Sat, 12 Sep 2015 07:49:33 -0700 Subject: FOIA/PA - USA v. Bell In-Reply-To: References: Message-ID: retrieving more this weekend. any specific requests via reply and i'll order those first. best regards, On 8/21/15, coderman wrote: > again, with corrected links :/ > > notables: > https://peertech.org/files/USAvBell/USAvBell_00-05731_DocketText.pdf > and > https://peertech.org/files/USAvBell/USAvBell_97-30384_DocketText.pdf > > the zip: > https://peertech.org/files/USAvBell_r1.zip > SHA-256 is: > 6b1fb44c4faec869676ded703395dc771d0a4053091588e742c6677c383c24eb > > ... From skquinn at rushpost.com Sat Sep 12 06:07:27 2015 From: skquinn at rushpost.com (Shawn K. Quinn) Date: Sat, 12 Sep 2015 08:07:27 -0500 Subject: Anyone familiar with SEO (Search Engine Optimization) techniques? I have a mystery. In-Reply-To: <1109550241.1333849.1442027888976.JavaMail.yahoo@mail.yahoo.com> References: <1109550241.1333849.1442027888976.JavaMail.yahoo@mail.yahoo.com> Message-ID: <1442063247.21762.6.camel@moonpatrol> On Sat, 2015-09-12 at 03:18 +0000, jim bell wrote: > For those who can help, please do a Google search for 'Bell further > alleged in his 2003' > You will notice that there are MANY results that contain that phrase, > but have something close to gibberish, before and after it. Some > results are genuine, but most are apparently not. I suspect that I am > the victim of some sort of SEO-techniques, attempting to cover up the > fact of the fake, forged appeal case 99-30210. I suspect that the > following company had something to do with it: > http://www.icmconsulting.com/seo.html See, for > instance, http://www.simcoehall.com/service/background-check-expunged.html I don't think they are targeting you. It looks like, for better or worse, that phrase and the case number have become part of some "boilerplate" SEO spam or "Lorem ipsum." Congratulations, I guess...? There are "sewer rat" SEO consultants/firms use highly questionable techniques to game Google, Bing, and other search engines. I get spam for them all the time via a contact form on a personal site I'm about to shut down. Obviously, they cannot read the notice I've put on the contact form page. The best defense against this is may be to better advertise what they are trying to drown out with the spam, either intentionally or not. As a practical matter, two of the most relevant pages are the top two results. Is there something else you want to be sure is out there in regards to this, besides what's said in Isaak Crofton's book and Wikipedia? -- Shawn K. Quinn From oshwm at openmailbox.org Sat Sep 12 00:12:41 2015 From: oshwm at openmailbox.org (Oshwm) Date: Sat, 12 Sep 2015 08:12:41 +0100 Subject: Anyone familiar with SEO (Search Engine Optimization) techniques? I have a mystery. In-Reply-To: <850696060.1471279.1442040837924.JavaMail.yahoo@mail.yahoo.com> References: <55f3c2c1.48d6370a.24569.ffff9029@mx.google.com> <646537907.1373286.1442039929322.JavaMail.yahoo@mail.yahoo.com> <850696060.1471279.1442040837924.JavaMail.yahoo@mail.yahoo.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Basically, right click in page, choose 'view source' from the menu and then search for Bell within the displayed text. There's your hidden text :) There's a bunch of 'metadata' in any web page used for controlling shit like this that is never visible on the actual web page. View source will show this. On 12 September 2015 07:53:57 BST, jim bell wrote: >I found this partial explanation: > http://www.seochat.com/c/a/search-engine-optimization-help/hidden-text-in-websites/ >and >  http://www.seologic.com/faq/hidden-text >and >  http://everydaylife.globalpost.com/hidden-text-website-34580.html >and >  https://support.google.com/webmasters/answer/66353?hl=en > Jim Bell > From: jim bell >To: Juan ; "cypherpunks at cpunks.org" > > Sent: Friday, September 11, 2015 11:38 PM >Subject: Re: Anyone familiar with SEO (Search Engine Optimization) >techniques? I have a mystery. > >From: Juan >On Sat, 12 Sep 2015 03:18:08 +0000 (UTC) >jim bell wrote: > >>> For those who can help, please do a Google search for 'Bell further >>> alleged in his 2003'You will notice that there are MANY results that >>> contain that phrase, but have something close to gibberish, before >>> and after it. > > > >Weird. The search results I'm seeing (first page) >> 1) book titled "crypto anarchy" >    > > 2) > > >  http://www.snowcitycafe.com/assets/28115041/service/ridgefield-connecticut-public-records.html > > > 3) > > >  http://www.snowcitycafe.com/assets/28115041/service/jail-records-vine.html > > > 4) > > >  http://www.snowcitycafe.com/assets/28115041/service/do-you-have-to-get-a-background-check-to-buy-.html > >> 5) Jim's wikipedia article > > > 6) >>   >http://buriedwithoutceremony.com/wp-includes/service/indiana-state-police-records-division.html > > > 7) >> > http://buriedwithoutceremony.com/wp-includes/service/arizona-public-records-wills.html > >> 8) > > >  http://www.vinnatur.org/wp-includes/service/free-website-to-view-criminal-records.html > > > 9) > >> > http://www.vinnatur.org/wp-includes/service/free-criminal-records-bureau-uk.html > > > 10) > > > >  http://culturesource.net/data/records/criminal-background-guidelines.html > > > > results 2,3,4,6,7,8,9,10 all go to the same spam page. >I think you're wrong about that. It isn't "the same spam page". > Rather, it is multiple copies of what amounts to (looks like, to the >human eye) the same spam page, but located at different URLs. > > > > In other words, google is such an incredible piece of shit that >> they can't even run a search engine? >Again, I think you're wrong about that. I don't think Google has done >anything wrong, here. Rather, I think that someone else has >manufactured many pages which look alike to the human eye, but >apparently contain hidden text that can be searched for and found. > Google-search has simply catalogued the search results, including the >otherwise-invisible text. (White characters on a white background >can't be read by eye, but they can be read by Google-search.) > > >>> Some results are genuine, but most are apparently not. >>> I suspect that I am the victim of some sort of SEO-techniques, > > >> ...that work against an IT company that rules the universe and > > has a 'market cap' of 428 000 million dollars... >Again, I think you're wrong. What I believe I have seen does not "work >against" anybody, except possibly me. Google is simply cataloguing the >web pages it sees, as the person (or organization) that produced those >pages intends. The only negative consequence, to Google-search, is >that they have to catalog a few hundred kilobytes more of web-pages. > That's no skin off Google-search's nose. And as far as I understand, >the only tricky thing here is that text is present on these pages which >cannot be read by a human. If I knew more about the Web than I do, I >would probably understand how to adjust my web browser to display >visibly what would otherwise be invisible text. The next question is, >"what does this mean, and who produced this, and why?". I posted this >query to find somebody who had experience in SEO techniques. > > > > Jim Bell > > >> attempting to cover up the fact of the fake, forged appeal case >> 99-30210. I suspect that the following company had something to do >> with it:   http://www.icmconsulting.com/seo.html See, for >> >instance, http://www.simcoehall.com/service/background-check-expunged.html >> Jim Bell > > > -----BEGIN PGP SIGNATURE----- Version: APG v1.1.1 iQI7BAEBCgAlBQJV89BoHhxvc2h3bSA8b3Nod21Ab3Blbm1haWxib3gub3JnPgAK CRAqeAcYSpG1iGU/EAC9gm0cgqtVfVYyhIN+zs5O2p1Op6/Kc01lE7uvJWHTfRNr 4uV62+d/4R7dCHMyUCzkYDLzKOcsJZy8OClceHHmkZP8pV8p8Qx/jbjgleURytF5 1cG1/PEormWtW4NT+LcJi+6YH9V0VEtHAhkG+R6uEaA4j7L2Cxon2FzT1Xe6zq/+ QJ/rj82zGAaWe/8xMAk4iV6CZFh9VRWa+2y6uzivX2nLVAIJCcKWGwaPSiImvKLI 7XGvSy3Rx9SziQN72Vz6HIfKSZGD3kJhRtYNhoNS6Ylzz7Y5Ljh0GTFuENRMGL35 Lhj9Q8MkpqV2RbY1sqJJyWEcMZDScHUPDk0VxFvTWMDxmqRL2HIGzwcqLsYV5Bbu /gocJchs2NP9F9W3SORuohrho9MN1OQeeJzgYWhQ31kDxGyMysO4kB9y/wFq+ICy b9BBFg9tCfk6rzXc2T3jIH12fnCDVwZQUuYZKnYMWMT9jjt2q0eEDlbuGPetkFOm zk8De9sAz99htqlYNmQSzAVuyWD6ItZy9fCrD0UToflQnMvtNvKCIDrJrvwPKw4c ElYUNa3lLw2uWyKc0uMt2phCUuT9VPt3XAY6rlJcuPPW41QPOaLh406F4YZJSLx3 MQNkfMhNnDeJSzFkysQcf6O1a9ev3X//OPWl6To9E0z3J7ckeOCbYcs0SnQXMQ== =FR05 -----END PGP SIGNATURE----- From Rayzer at riseup.net Sat Sep 12 08:21:56 2015 From: Rayzer at riseup.net (Razer) Date: Sat, 12 Sep 2015 08:21:56 -0700 Subject: John McAfee Runs For US President In 2016 Under Cyber Party In-Reply-To: <55f3bb8e.4b1c8d0a.90f36.ffff8cf5@mx.google.com> References: <3923616.0r0mpAI9Mp@lapuntu> <20150910114126.GC2695@sivokote.iziade.m$> <55f1e097.d4668c0a.7be27.29b4@mx.google.com> <55f3bb8e.4b1c8d0a.90f36.ffff8cf5@mx.google.com> Message-ID: <55F44314.3080807@riseup.net> On 09/11/2015 10:47 PM, Juan wrote: > Of course, the guy who wrote that 'declaration of independence' > and his accomplices were incredibly sick pieces of shit who > used libertarian political theory as facade for the > 'foundation' of a literal slave society. Freedom is slavery. > Good old Orwell wasn't just talking about the future... To wit, here's a critical US history book that was popular at US colleges during the 60s by Richard Hofstadter called "The American Political Tradition" https://mega.nz/#!2A8EkYiS!ml3aaZOp1dngBd_M6GprwkXGD9ZhFqaa-Xmfiadb928 (pdf, 34mb) If you do not read anything else, read the forward and the first chapter about our 'founding fathers'. Sick pieces of shit... OFC the author doesn't refer to them as such but the picture painted is tainted by it. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: From oshwm at openmailbox.org Sat Sep 12 01:21:26 2015 From: oshwm at openmailbox.org (Oshwm) Date: Sat, 12 Sep 2015 09:21:26 +0100 Subject: Anyone familiar with SEO (Search Engine Optimization) techniques? I have a mystery. In-Reply-To: <1988752326.1370938.1442044122824.JavaMail.yahoo@mail.yahoo.com> References: <1988752326.1370938.1442044122824.JavaMail.yahoo@mail.yahoo.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 It looks to me like they have just taken snippets of info from various other texts (probably legal/law enforcement relates sites) to use to raise their profile on search engines. They seem to be advertising a service for doing background checks on people so these bits of text may help with matching the search terms used by people who are looking for that kind of service. On 12 September 2015 08:48:42 BST, jim bell wrote: >Okay, I did this for one of the instances, > , http://buriedwithoutceremony.com/wp-includes/service/public-property-records-fairbanks-alaska.html > and got (in part) the relevant section: > >|
Raised in the killing of canoga park, he had a married adverse href="public-police-records-dayton-ohio.html">public police records >dayton ohio for fine and was on cell for law requirement and views >before he was 12 groups state-administered. | >| | Legally, many slaves show a afternoon or also a organization in >the import representations. | >| | Choi's times not originate from a double-barreled advertising of >parliament and order. | >| | Then, he refused to leave raid and soon became a large href="public-arrest-records-free-montana.html">public arrest >records free montana under the blood mars battles. | >| | Bell further alleged in his 2003 bias that a forged site access, >couple 99-30210, was entered into the appeal time. | >| | In early county, the video neighborhood denotes an limited >material lead by a green. | >| | Bedabrata's href="national-background-check-program-§-6201.html">national >background check program § 6201 was born in dhaka and his holder >came from faridpur. | >| | Pentonville prison opened in 1842, beginning a police of finally >increasing mastermind audiences and the occupation of sport as the many >case of construction information. | >| | Some documents engage in the profiling of naturae's property use, >collecting the statistics of rolls visited. | >| |
| > > >[end of quote] >NOW, I can see the section that contained the text, "Bell further >alleged in his 2003...". Still unexplained is WHY this occurs. > Presumably it's intentional. Jim Bell > From: Oshwm >To: jim bell ; Juan ; >"cypherpunks at cpunks.org" > Sent: Saturday, September 12, 2015 12:12 AM >Subject: Re: Anyone familiar with SEO (Search Engine Optimization) >techniques? I have a mystery. > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA512 > >Basically, right click in page, choose 'view source' from the menu and >then search for Bell within the displayed text. > >There's your hidden text :) > >There's a bunch of 'metadata' in any web page used for controlling shit >like this that is never visible on the actual web page. >View source will show this. > > > > >On 12 September 2015 07:53:57 BST, jim bell wrote: >>I found this partial explanation: >> http://www.seochat.com/c/a/search-engine-optimization-help/hidden-text-in-websites/ >>and >>  http://www.seologic.com/faq/hidden-text >>and >>  http://everydaylife.globalpost.com/hidden-text-website-34580.html >>and >>  https://support.google.com/webmasters/answer/66353?hl=en >> Jim Bell >> From: jim bell >>To: Juan ; "cypherpunks at cpunks.org" >> >> Sent: Friday, September 11, 2015 11:38 PM >>Subject: Re: Anyone familiar with SEO (Search Engine Optimization) >>techniques? I have a mystery. >> >>From: Juan >>On Sat, 12 Sep 2015 03:18:08 +0000 (UTC) >>jim bell wrote: >> >>>> For those who can help, please do a Google search for 'Bell further >>>> alleged in his 2003'You will notice that there are MANY results >that >>>> contain that phrase, but have something close to gibberish, before >>>> and after it. >> >> >> >Weird. The search results I'm seeing (first page) >>> 1) book titled "crypto anarchy" >>    >> > 2) >> > >>  http://www.snowcitycafe.com/assets/28115041/service/ridgefield-connecticut-public-records.html >> >> > 3) >> > >>  http://www.snowcitycafe.com/assets/28115041/service/jail-records-vine.html >> >> > 4) >> > >>  http://www.snowcitycafe.com/assets/28115041/service/do-you-have-to-get-a-background-check-to-buy-.html >> >>> 5) Jim's wikipedia article >> >> > 6) >>>   >>http://buriedwithoutceremony.com/wp-includes/service/indiana-state-police-records-division.html >> >> > 7) >>> >> http://buriedwithoutceremony.com/wp-includes/service/arizona-public-records-wills.html >> >>> 8) >> > >>  http://www.vinnatur.org/wp-includes/service/free-website-to-view-criminal-records.html >> >> > 9) >> >>> >> http://www.vinnatur.org/wp-includes/service/free-criminal-records-bureau-uk.html >> >> > 10) >> >> > >>  http://culturesource.net/data/records/criminal-background-guidelines.html >> >> >> > results 2,3,4,6,7,8,9,10 all go to the same spam page. >>I think you're wrong about that. It isn't "the same spam page". >> Rather, it is multiple copies of what amounts to (looks like, to the >>human eye) the same spam page, but located at different URLs. >> >> >> > In other words, google is such an incredible piece of shit that >>> they can't even run a search engine? >>Again, I think you're wrong about that. I don't think Google has done >>anything wrong, here. Rather, I think that someone else has >>manufactured many pages which look alike to the human eye, but >>apparently contain hidden text that can be searched for and found. >> Google-search has simply catalogued the search results, including the >>otherwise-invisible text. (White characters on a white background >>can't be read by eye, but they can be read by Google-search.) >> >> >>>> Some results are genuine, but most are apparently not. >>>> I suspect that I am the victim of some sort of SEO-techniques, >> >> >>> ...that work against an IT company that rules the universe and >> > has a 'market cap' of 428 000 million dollars... >>Again, I think you're wrong. What I believe I have seen does not >"work >>against" anybody, except possibly me. Google is simply cataloguing >the >>web pages it sees, as the person (or organization) that produced those >>pages intends. The only negative consequence, to Google-search, is >>that they have to catalog a few hundred kilobytes more of web-pages. >> That's no skin off Google-search's nose. And as far as I understand, >>the only tricky thing here is that text is present on these pages >which >>cannot be read by a human. If I knew more about the Web than I do, I >>would probably understand how to adjust my web browser to display >>visibly what would otherwise be invisible text. The next question is, >>"what does this mean, and who produced this, and why?". I posted >this >>query to find somebody who had experience in SEO techniques. >> >> >> >> Jim Bell -----BEGIN PGP SIGNATURE----- Version: APG v1.1.1 iQI7BAEBCgAlBQJV8+CGHhxvc2h3bSA8b3Nod21Ab3Blbm1haWxib3gub3JnPgAK CRAqeAcYSpG1iBYMEACSVCoin2bScKtorf9RyJHRzA8g0DvIY/KlIcx2y7Wy5s2e KmDmTsVyvZsaKowG5VmK2cnW8uUVrYx671bNkIKKIcbzLbtUqbdWn+sTGZSeJZgK bTqLmVMRlX221AuRF/aiQol4dwBttxPfAa6C4AM/hQ4pDRnOSI6rlIc3tjYDKuTr OO2UE5qi6nljKVnzxieXjvlq9XM2hFgxXwGw63PyiYoiTgjj3DdMQer3+YTYU2BK BssiTAy4suKJASluDKFav06qHGvzeFrnRWiQ53KADLrjBunARyEdFE9Fa4vqPwv2 RkgjaEuH8npTpvifMyx5WPwpJvuvyUDIl6F8gFKhT5LSooFTsWaTcfxnFUIKQDzV gfOJuH0C5H6hgyIFms42Db5fVLSvsoQxZGtxmybKSUjg3HtKP4voytAL87vy29oe Xb5NIFP9wk7ACCTnbKhoHysia7+N5/XokSaDIB2E2Zv/UiYEg/YdpylAZfSPVKvV FAAMmbAS/vg4taxdfQI4HPrbZInz2R1+wgkvBvbCcsX6mYLn5rBf+vcKXQKRAXpT 268VHVK1S0i6ZNrSY9bSrPs8h+FMpL+O6le9OSVNBN58eMt/CKLd5aIdY+p5mDqg 9ymn2FYIHN7XtmY8R5MXh2nZsEtBN+0YRrtnKTX/bvkuGa8kuxR/llod7GWEZg== =ensu -----END PGP SIGNATURE----- From guninski at guninski.com Sat Sep 12 02:08:03 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sat, 12 Sep 2015 12:08:03 +0300 Subject: Anyone familiar with SEO (Search Engine Optimization) techniques? I have a mystery. In-Reply-To: <1988752326.1370938.1442044122824.JavaMail.yahoo@mail.yahoo.com> References: <1988752326.1370938.1442044122824.JavaMail.yahoo@mail.yahoo.com> Message-ID: <20150912090803.GA2489@sivokote.iziade.m$> On Sat, Sep 12, 2015 at 07:48:42AM +0000, jim bell wrote: > Okay, I did this for one of the instances, , http://buriedwithoutceremony.com/wp-includes/service/public-property-records-fairbanks-alaska.html and got (in part) the relevant section: > Consider checking the source of the cached google page (if any). Website need not serve the same page to you and google. Also, IMHO if the text is obfuscated such a simple search might not work, not entirely sure. I _suspect_ something remotely similar to yours happened to me in the past. From Rayzer at riseup.net Sat Sep 12 13:27:30 2015 From: Rayzer at riseup.net (Razer) Date: Sat, 12 Sep 2015 13:27:30 -0700 Subject: Four things to know about presidential hopeful John McAfee Message-ID: <55F48AB2.8000909@riseup.net> The Hill say he's a nutjob. I concur. Ate too many DMT-ridden plants or lizards somewhere . "Security software pioneer and newly minted presidential candidate John McAfee has led an unusual life, to put it mildly. He’s played Russian roulette in front of a reporter to prove a point, was once a fugitive from the law in Belize and, just last month, was arrested for an alleged gun violation and driving under the influence. In keeping with his unconventional style, McAfee’s bid for the White House, announced this week, will be waged a candidate from his own “Cyber Party.” "I have a huge underground following on the web," McAfee told CNN Money. "I promise you I will win because I have the votes." On the same day he announced he was running for president, TV network Spike announced they were planning to air a series next year that “will be centered around McAfee's first-person interviews and will reveal unanswered questions about his life ranging from drug-fueled college days in Virginia, to learning to battle computer viruses early in his career at Lockheed in the 1980's, to starting McAfee and Associates in 1987, to the 2012 murder investigation in Belize.” Here are four know about McAfee as he reenters the national spotlight. He built fortune on antivirus software, then lost it McAfee made his millions at the anti-virus company that bore his name. He ultimately cashed out, selling his stake in the firm after taking it public. But his fortune took a hit during the 2008 recession. He was worth about $100 million before the financial crisis, and less than $10 million after. He said that his losses were exacerbated because much of his money was tied up in real estate. “My father always said, 'Real estate, you can't lose in real estate' ... you know, oddly enough you can,” he told ABC News at the time. He sold many of his assets, including houses in Hawaii, Colorado and New Mexico and moved to Belize to develop “natural” antibiotics. McAfee Associates, the company he founded, was bought by Intel in 2010. They dropped his name from the brand in 2014. The Russian roulette story While McAfee was in Belize, a Wired magazine writer visited his compound to report a profile. McAfee pulled out a gun during a conversation with the writer about the Belizean authorities’ interest in his activities. McAfee put one bullet in the chamber and placed the gun to his head, according to the profile. “Maybe what happened didn’t actually happen. Can I do a demonstration?” he asked the writer, who wrote that he tried to deescalate the situation. McAfee pulled the trigger repeatedly. Nothing happened. “I can do this all day long. I can do this a thousand times. Ten thousand times. Nothing will ever happen,” he said. “Why? Because you have missed something. You are operating on an assumption about reality that is wrong.” The fugitive In 2012, authorities in Belize investigating the murder of McAfee’s neighbor, Gregory Faull, were looking to speak with McAfee. He and the man had had disputes over McAfee’s dogs and the security guards that watched his property. McAfee told authorities that his dogs had been poisoned two days before Faull died. McAfee maintained his innocence and fled the authorities. He said he thought he would not get a fair hearing in the country. “Things do not operate here as they do in the States,” he said. “We are living in a near dictatorship where the legal system is subservient to the cabinet." His flight from Belize made national headlines and media outlet Vice was briefly embroiled in a controversy when it appeared as though they had leaked McAfee’s location accidentally. But after a month on the lam, he ended up in the capital city of Guatemala. “I like Guatemala. I think the legal system in Guatemala is superior to the legal system in Belize," he told CNN at the time. "Guatemala is close, it is beautiful and most importantly, I enjoy the company of Guatemalans.” DUI arrest After a period of relative quiet, McAfee surfaced again when he was arrested earlier this year for a gun possession violation and a DUI in Tennessee. He claimed that while he was impaired, he hadn’t been drinking alcohol. Instead, he said that a new prescription for Xanax had impaired his driving. "Never taken them before,” he told CNBC. “And in fact I was impaired, I must admit." He has also been running a company called Future Tense Central. It backs a range of products and services, one of which is called Autonomous Armor. The website for the forthcoming product lists several of McAfee’s accomplishments, before offering a coda. “Billions of dollars and decades later,” it says. “McAfee is back and at it again.” http://thehill.com/policy/technology/253454-four-things-to-know-about-presidential-hopeful-john-mcafee# -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: From guninski at guninski.com Sat Sep 12 03:44:50 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sat, 12 Sep 2015 13:44:50 +0300 Subject: Anyone familiar with SEO (Search Engine Optimization) techniques? I have a mystery. In-Reply-To: <55f3ee01.d0ed8c0a.6aa33.ffff9555@mx.google.com> References: <1988752326.1370938.1442044122824.JavaMail.yahoo@mail.yahoo.com> <20150912090803.GA2489@sivokote.iziade.m$> <55f3ee01.d0ed8c0a.6aa33.ffff9555@mx.google.com> Message-ID: <20150912104450.GB2489@sivokote.iziade.m$> On Sat, Sep 12, 2015 at 06:23:05AM -0300, Juan wrote: > > Consider checking the source of the cached google page > > (if any). Website need not serve the same page to you and > > google. > > yeah that seems to be the trick > > http://webcache.googleusercontent.com/search?q=cache:aSXFrILkxm8J:buriedwithoutceremony.com/wp-includes/service/public-property-records-fairbanks-alaska.html+&cd=1&hl=en&ct=clnk&gl=us > > > the cached version does have Jim's search terms. > > Consider also searching on https://archive.org/. It "keeps history of some interwebz" with many snapshots overy time. Your URL doesn't appear archived AFAICT. From griffin at cryptolab.net Sat Sep 12 13:33:43 2015 From: griffin at cryptolab.net (Griffin Boyce) Date: Sat, 12 Sep 2015 16:33:43 -0400 Subject: Four things to know about presidential hopeful John McAfee In-Reply-To: <55F48AB2.8000909@riseup.net> References: <55F48AB2.8000909@riseup.net> Message-ID: <6528eb31499c2a693a4295c1718ea574@cryptolab.net> McAfee/Cocaine 2016 Razer wrote: > The Hill say he's a nutjob. I concur. Ate too many DMT-ridden plants or > lizards somewhere . > > "Security software pioneer and newly minted presidential candidate John > McAfee has led an unusual life, to put it mildly. > > He’s played Russian roulette in front of a reporter to prove a point, > was once a fugitive from the law in Belize and, just last month, was > arrested for an alleged gun violation and driving under the influence. > > In keeping with his unconventional style, McAfee’s bid for the White > House, announced this week, will be waged a candidate from his own > “Cyber Party.” > > "I have a huge underground following on the web," McAfee told CNN > Money. > "I promise you I will win because I have the votes." > > On the same day he announced he was running for president, TV network > Spike announced they were planning to air a series next year that “will > be centered around McAfee's first-person interviews and will reveal > unanswered questions about his life ranging from drug-fueled college > days in Virginia, to learning to battle computer viruses early in his > career at Lockheed in the 1980's, to starting McAfee and Associates in > 1987, to the 2012 murder investigation in Belize.” > > Here are four know about McAfee as he reenters the national spotlight. > > He built fortune on antivirus software, then lost it > > McAfee made his millions at the anti-virus company that bore his name. > He ultimately cashed out, selling his stake in the firm after taking it > public. > > But his fortune took a hit during the 2008 recession. He was worth > about > $100 million before the financial crisis, and less than $10 million > after. He said that his losses were exacerbated because much of his > money was tied up in real estate. > > “My father always said, 'Real estate, you can't lose in real estate' > ... > you know, oddly enough you can,” he told ABC News at the time. > > He sold many of his assets, including houses in Hawaii, Colorado and > New > Mexico and moved to Belize to develop “natural” antibiotics. > > McAfee Associates, the company he founded, was bought by Intel in 2010. > They dropped his name from the brand in 2014. > > The Russian roulette story > > While McAfee was in Belize, a Wired magazine writer visited his > compound > to report a profile. McAfee pulled out a gun during a conversation with > the writer about the Belizean authorities’ interest in his activities. > > McAfee put one bullet in the chamber and placed the gun to his head, > according to the profile. “Maybe what happened didn’t actually happen. > Can I do a demonstration?” he asked the writer, who wrote that he tried > to deescalate the situation. > > McAfee pulled the trigger repeatedly. Nothing happened. > > “I can do this all day long. I can do this a thousand times. Ten > thousand times. Nothing will ever happen,” he said. “Why? Because you > have missed something. You are operating on an assumption about reality > that is wrong.” > > The fugitive > > In 2012, authorities in Belize investigating the murder of McAfee’s > neighbor, Gregory Faull, were looking to speak with McAfee. He and the > man had had disputes over McAfee’s dogs and the security guards that > watched his property. McAfee told authorities that his dogs had been > poisoned two days before Faull died. > > McAfee maintained his innocence and fled the authorities. He said he > thought he would not get a fair hearing in the country. “Things do not > operate here as they do in the States,” he said. “We are living in a > near dictatorship where the legal system is subservient to the > cabinet." > > His flight from Belize made national headlines and media outlet Vice > was > briefly embroiled in a controversy when it appeared as though they had > leaked McAfee’s location accidentally. But after a month on the lam, he > ended up in the capital city of Guatemala. > > “I like Guatemala. I think the legal system in Guatemala is superior to > the legal system in Belize," he told CNN at the time. "Guatemala is > close, it is beautiful and most importantly, I enjoy the company of > Guatemalans.” > > DUI arrest > > After a period of relative quiet, McAfee surfaced again when he was > arrested earlier this year for a gun possession violation and a DUI in > Tennessee. He claimed that while he was impaired, he hadn’t been > drinking alcohol. Instead, he said that a new prescription for Xanax > had > impaired his driving. > > "Never taken them before,” he told CNBC. “And in fact I was impaired, I > must admit." > > He has also been running a company called Future Tense Central. It > backs > a range of products and services, one of which is called Autonomous > Armor. The website for the forthcoming product lists several of > McAfee’s > accomplishments, before offering a coda. > > “Billions of dollars and decades later,” it says. “McAfee is back and > at > it again.” > > http://thehill.com/policy/technology/253454-four-things-to-know-about-presidential-hopeful-john-mcafee# -- “Intelligence without ambition is a bird without wings.” ― Salvador Dalí From juan.g71 at gmail.com Sat Sep 12 13:50:48 2015 From: juan.g71 at gmail.com (Juan) Date: Sat, 12 Sep 2015 17:50:48 -0300 Subject: John McAfee Runs For US President In 2016 Under Cyber Party In-Reply-To: <55F44314.3080807@riseup.net> References: <3923616.0r0mpAI9Mp@lapuntu> <20150910114126.GC2695@sivokote.iziade.m$> <55f1e097.d4668c0a.7be27.29b4@mx.google.com> <55f3bb8e.4b1c8d0a.90f36.ffff8cf5@mx.google.com> <55F44314.3080807@riseup.net> Message-ID: <55f48f27.4521370a.d43e0.ffffdab9@mx.google.com> On Sat, 12 Sep 2015 08:21:56 -0700 Razer wrote: > To wit, here's a critical US history book that was popular at US > colleges during the 60s by Richard Hofstadter called "The American > Political Tradition" > > https://mega.nz/#!2A8EkYiS!ml3aaZOp1dngBd_M6GprwkXGD9ZhFqaa-Xmfiadb928 > > (pdf, 34mb) Thank Razer! I tried a couple of different browsers and just got a blank page. Not sure if it's something at my end, some temporary problem with mega, or what. > > If you do not read anything else, read the forward and the first > chapter about our 'founding fathers'. Sick pieces of shit... OFC the > author doesn't refer to them as such but the picture painted is > tainted by it. > From andreas at junius.info Sat Sep 12 03:36:09 2015 From: andreas at junius.info (Andreas Junius) Date: Sat, 12 Sep 2015 20:06:09 +0930 Subject: Anyone familiar with SEO (Search Engine Optimization) techniques? I have a mystery. In-Reply-To: <1109550241.1333849.1442027888976.JavaMail.yahoo@mail.yahoo.com> References: <1109550241.1333849.1442027888976.JavaMail.yahoo@mail.yahoo.com> Message-ID: <55F40019.8060609@junius.info> On 12/09/15 12:48, jim bell wrote: > For those who can help, please do a Google search for 'Bell further > alleged in his 2003' > You will notice that there are MANY results that contain that phrase, > but have something close to gibberish, before and after it. Some > results are genuine, but most are apparently not. I suspect that I am > the victim of some sort of SEO-techniques, attempting to cover up the > fact of the fake, forged appeal case 99-30210. I suspect that the > following company had something to do with it: > http://www.icmconsulting.com/seo.html See, for instance, > http://www.simcoehall.com/service/background-check-expunged.html > Jim Bell That doesn't look like applied SEO techiques rather than a nasty hack or some kind of ad-click fraud. These domains don't have an apparent relationship; maybe the owners of the piggybacked pages/domains have no idea what's going on. Not even the first domain on the following list: Name: instantcheckmate.net Address: 184.168.221.23 http://iplocationtools.com/184.168.221.23.html Registrant Name: Registration Private Registrant Organization: Domains By Proxy, LLC Registrant Street: DomainsByProxy.com Name: snowcitycafe.com Address: 50.112.255.20 http://iplocationtools.com/50.112.255.20.html Registrant Name: Anna Premo Registrant Organization: Snow City Cafe Name: buriedwithoutceremony.com Address: 72.18.132.73 http://iplocationtools.com/72.18.132.73.html Registrant Name: KEE SIAK CHAN Registrant Organization: EXABYTES NETWORK SDN BHD Name: vinnatur.org Address: 213.186.33.82 http://iplocationtools.com/213.186.33.82.html Registrant Name:Angiolino Maule Registrant Organization:Associazione Vinnatur Registrant Street: Via Biancara 14 Name: culturesource.net Address: 67.210.98.210 http://iplocationtools.com/67.210.98.210.html Registrant Name: DELLA PERRY Registrant Street: 1150 W 11TH AVE From juan.g71 at gmail.com Sat Sep 12 16:14:06 2015 From: juan.g71 at gmail.com (Juan) Date: Sat, 12 Sep 2015 20:14:06 -0300 Subject: Four things to know about presidential hopeful John McAfee In-Reply-To: <6528eb31499c2a693a4295c1718ea574@cryptolab.net> References: <55F48AB2.8000909@riseup.net> <6528eb31499c2a693a4295c1718ea574@cryptolab.net> Message-ID: <55f4b0bd.0aa58c0a.36ebc.ffffe4c8@mx.google.com> this one was entertaining https://www.youtube.com/watch?v=zIXc_GqIsE0 what's also slightly entertaining is that a retard like grarpamp (with his 'limited' government bullshit) takes mcafee (and alex jones LMAO!) seriously... > > He’s played Russian roulette in front of a reporter obviously using a fake bullet. >> to prove a > > point, was once a fugitive from the law in Belize and, just last > > month, was arrested for an alleged gun violation and driving under > > the influence. > > > > In keeping with his unconventional style, McAfee’s bid for the White > > House, announced this week, will be waged a candidate from his own > > “Cyber Party.” > > > > "I have a huge underground following on the web," McAfee told CNN > > Money. > > "I promise you I will win because I have the votes." > > > > On the same day he announced he was running for president, TV > > network Spike announced they were planning to air a series next > > year that “will be centered around McAfee's first-person interviews > > and will reveal unanswered questions about his life ranging from > > drug-fueled college days in Virginia, to learning to battle > > computer viruses early in his career at Lockheed in the 1980's, to > > starting McAfee and Associates in 1987, to the 2012 murder > > investigation in Belize.” > > > > Here are four know about McAfee as he reenters the national > > spotlight. > > > > He built fortune on antivirus software, then lost it > > > > McAfee made his millions at the anti-virus company that bore his > > name. He ultimately cashed out, selling his stake in the firm after > > taking it public. > > > > But his fortune took a hit during the 2008 recession. He was worth > > about > > $100 million before the financial crisis, and less than $10 million > > after. He said that his losses were exacerbated because much of his > > money was tied up in real estate. > > > > “My father always said, 'Real estate, you can't lose in real > > estate' ... > > you know, oddly enough you can,” he told ABC News at the time. > > > > He sold many of his assets, including houses in Hawaii, Colorado > > and New > > Mexico and moved to Belize to develop “natural” antibiotics. > > > > McAfee Associates, the company he founded, was bought by Intel in > > 2010. They dropped his name from the brand in 2014. > > > > The Russian roulette story > > > > While McAfee was in Belize, a Wired magazine writer visited his > > compound > > to report a profile. McAfee pulled out a gun during a conversation > > with the writer about the Belizean authorities’ interest in his > > activities. > > > > McAfee put one bullet in the chamber and placed the gun to his head, > > according to the profile. “Maybe what happened didn’t actually > > happen. Can I do a demonstration?” he asked the writer, who wrote > > that he tried to deescalate the situation. > > > > McAfee pulled the trigger repeatedly. Nothing happened. > > > > “I can do this all day long. I can do this a thousand times. Ten > > thousand times. Nothing will ever happen,” he said. “Why? Because > > you have missed something. You are operating on an assumption about > > reality that is wrong.” > > > > The fugitive > > > > In 2012, authorities in Belize investigating the murder of McAfee’s > > neighbor, Gregory Faull, were looking to speak with McAfee. He and > > the man had had disputes over McAfee’s dogs and the security guards > > that watched his property. McAfee told authorities that his dogs > > had been poisoned two days before Faull died. > > > > McAfee maintained his innocence and fled the authorities. He said he > > thought he would not get a fair hearing in the country. “Things do > > not operate here as they do in the States,” he said. “We are living > > in a near dictatorship where the legal system is subservient to the > > cabinet." > > > > His flight from Belize made national headlines and media outlet > > Vice was > > briefly embroiled in a controversy when it appeared as though they > > had leaked McAfee’s location accidentally. But after a month on the > > lam, he ended up in the capital city of Guatemala. > > > > “I like Guatemala. I think the legal system in Guatemala is > > superior to the legal system in Belize," he told CNN at the time. > > "Guatemala is close, it is beautiful and most importantly, I enjoy > > the company of Guatemalans.” > > > > DUI arrest > > > > After a period of relative quiet, McAfee surfaced again when he was > > arrested earlier this year for a gun possession violation and a DUI > > in Tennessee. He claimed that while he was impaired, he hadn’t been > > drinking alcohol. Instead, he said that a new prescription for > > Xanax had > > impaired his driving. > > > > "Never taken them before,” he told CNBC. “And in fact I was > > impaired, I must admit." > > > > He has also been running a company called Future Tense Central. It > > backs > > a range of products and services, one of which is called Autonomous > > Armor. The website for the forthcoming product lists several of > > McAfee’s > > accomplishments, before offering a coda. > > > > “Billions of dollars and decades later,” it says. “McAfee is back > > and at > > it again.” > > > > http://thehill.com/policy/technology/253454-four-things-to-know-about-presidential-hopeful-john-mcafee# > From jdb10987 at yahoo.com Sat Sep 12 18:28:55 2015 From: jdb10987 at yahoo.com (jim bell) Date: Sun, 13 Sep 2015 01:28:55 +0000 (UTC) Subject: I've never been into Astrology, but... Message-ID: <857894464.1616614.1442107735186.JavaMail.yahoo@mail.yahoo.com> http://hexagoninfulleffect.com/2013/02/07/sun-in-aries-moon-in-scorpio-night-terrors-primal-instincts-and-going-deep-cover/ One of the more curious web pages I've seen recently. Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 786 bytes Desc: not available URL: From rich at openwatch.net Sun Sep 13 03:31:05 2015 From: rich at openwatch.net (Rich Jones) Date: Sun, 13 Sep 2015 03:31:05 -0700 Subject: Some stats, thanks - Fwd: Before you follow Pope Francis' command to prove yourselves worthy of him. In-Reply-To: References: Message-ID: That's quite enough of that. https://www.youtube.com/watch?v=dP97On4heCA On Sun, Sep 13, 2015 at 3:08 AM, Zenaan Harkness wrote: > German (Swedish, Nordic, Aussie, Christian) men, have you any balls? > > (some stats and graphs are mixed in some of the articles below) > > > * > > https://diversitychronicle.wordpress.com/2013/04/22/judge-finds-german-woman-guilty-of-raping-eight-pakistani-muslim-men/ > "Judge Finds German Woman Guilty of Raping Eight Pakistani Muslim Men > April 22, 2013 > "In the City of Wassenberg in Western Germany a woman has been found > guilty of seducing and raping eight men in the first case of its kind > in Europe. Maria Heidelsohn aged 18 alleges that on the afternoon of > August 23rd she was pulled away by eight men from the porch she was > sun bathing on and carried into a small shed in which she was brutally > and repeatedly gang raped. Heidelsohn alleges that she cried for help > repeatedly until she was bound and gagged, she then claims that she > was beaten severely and both of her arms and one leg were broken. > > Wassenbeg Police Chief Abdullah Al Hussein contends that there is no > evidence Heidelsohn did not injure herself or ask a friend to injure > her in order to attempt to frame up her alleged attackers. The Police > Chief noted that no male adult Muslim men saw the attack occur to > corroborate her story despite the area being largely Muslim. In the > large German town new legislation passed overwhelmingly last year > stipulates that four adult male Muslim witnesses are necessary in > order to corroborate any charges made by a woman in accordance with > traditional Islamic jurisprudence. " > > * > > http://www.thegatewaypundit.com/2015/09/horror-muslim-migrant-in-europe-brutally-rapes-7-year-old-white-girl-video/ > Sep 9th, 2015 > "A little 7 year old girl was brutally raped by a Muslim migrant from > North Africa. > The girl was with her mother in the park in Chemnitz, Germany, when a > Muslim man dragged her into the bush, held her mouth shut and brutally > raped the little girl. > After he finished the rape, he let the girl go and left the crime > scene running. It happened quick that the mother did not even notice > anything. She first realized it when the seven year old girl came > crying to her." > > > http://clashdaily.com/2015/09/muslim-migrant-dragged-7yr-old-white-girl-into-bushes-and-brutally-raped-her/ > "This is exactly what the media doesn’t want you to know – but they > are completely ignoring it. Let’s make it heard everywhere." > > * > > https://www.intellihub.com/schools-in-germany-order-girls-to-cover-up-to-avoid-being-attacked-by-muslim-refugees/ > "Schools in Germany order girls to cover up to avoid being attacked by > Muslim refugees > September 9, 2015 > In yet another startling fact about the ongoing Syrian refugee crisis > that the liberal media is completely ignoring, school officials in > Germany are warning teenage girls to avoid wearing certain attire for > fear of offending Muslim refugees." > > * > > http://www.infowars.com/feminists-mute-on-muslim-rape-epidemic-sweeping-europe/ > > * > > http://www.maggiesnotebook.com/2014/01/rape-jihad-europes-muslims-name-their-rape-gangs-take-your-turn-polish-men-send-message-to-rapists/ > > * > > http://www.examiner.com/article/poland-men-band-together-to-escort-women-protect-from-rape-gangs?cid=db_articlesPolish > > * > https://en.wikipedia.org/wiki/Immigration_to_Norway#Sexual_crimes > > * > http://www.aysor.am/en/news/2014/01/09/open-doors-survey/724536 > > * > http://arstechnica.com/civis/viewtopic.php?f=24&t=1246349 > "Not so very many years ago, Oslo was virtually a rape-free city, > inhabited by people who had been brought up on civilized notions of > mutual respect and tolerance. No longer. Over the years, the incidence > of rape has risen steadily. A wildly disproportionate number of the > perpetrators are "rejected asylum seekers” – which may sound puzzling > unless you are aware of the perverse state of affairs whereby even > persons officially rejected for asylum in Norway are still allowed to > stay. And the increasing temerity of the rapists – who know very well > that they will probably not be caught, and, if caught, will not be > severely punished – is reflected in the fact that the most recent rape > (in which two men assaulted a 21-year-old woman) took place virtually > in the backyard of the Royal Palace." > > * > > https://muslimstatistics.wordpress.com/2015/03/19/sweden-77-6-percent-of-all-rapes-in-the-country-committed-by-muslim-males-making-up-2-percent-of-population/ > "The total Muslim population in Sweden is estimated at 4.4% (2013 > figures). Out of that 4.4% and in deducting the women and children, we > can roughly guesstimate that around 2% are male. The foreign rape > figures at 77.6% Muslim has been anonymously confirmed by Swedish > polish in a phone conversation. The actual figure could be higher. > These percentages do not include Muslims with Swedish citizenship > contained within rapes in the figures categorized under “Swedish > nationals”." > > * > https://majorityrights.com/weblog/comments/muslim_rape_wave_in_sweden/ > "According to a new study from the Crime Prevention Council, Brå, it > is four times more likely that a known rapist is born abroad, compared > to persons born in Sweden. Resident aliens from Algeria, Libya, > Morocco and Tunisia dominate the group of rape suspects. According to > these statistics, almost half of all perpetrators are immigrants. In > Norway and Denmark, we know that non-Western immigrants, which > frequently means Muslims, are grossly overrepresented on rape > statistics. In Oslo, Norway, immigrants were involved in two out of > three rape charges in 2001. The numbers in Denmark were the same, and > even higher in the city of Copenhagen with three out of four rape > charges. Sweden has a larger immigrant, including Muslim, population > than any other country in northern Europe." > > * > > http://10news.dk/nicolai-sennels-psychologist-islam-root-cause-of-grooming-and-rape-wave/ > > * > http://10news.dk/?p=1723 > "Germany: 20-30 Albanians use knives, machetes and iron bars in attack > on school children" > > * > http://10news.dk/?p=1698 > "General Secretary for Danish Refugee Help changes his mind, predicts > “Armageddon” " > > * > http://www.gatestoneinstitute.org/5195/sweden-rape > "Sweden: Rape Capital of the West" > "Forty years after the Swedish parliament unanimously decided to > change the formerly homogenous Sweden into a multicultural country, > violent crime has increased by 300% and rapes by 1,472%. Sweden is now > number two on the list of rape countries, surpassed only by Lesotho in > Southern Africa." > > * > https://en.wikipedia.org/wiki/Rape_in_Sweden > > * > > http://www.infowars.com/german-schools-order-girls-not-to-wear-short-skirts-to-avoid-offending-muslim-migrants/ > " > German Schools Order Girls Not to Wear Short Skirts to Avoid Offending > Muslim Migrants > Parents warned revealing clothes could lead to "attacks" > Schools in Germany are ordering teenage girls not to wear mini-skirts > or shorts so as to prevent attacks from Muslim migrants who may be > offended by such attire. > > A school located in Pocking, Bavaria sent a letter to parents advising > them of new “security measures” after a migrant shelter was opened at > the school’s nearby gym. > " > > * > > http://www.barenakedislam.com/2015/09/08/german-media-ignore-7-year-old-german-girl-savagely-raped-by-a-north-african-muslim-invader/ > > * > > http://www.iris.org.il/blog/index.php?url=archives/757-Pan-European-Arab-Muslim-Gang-Rape-Epidemic.html&serendipity[cview]=linear > "Today's news from Germany buries the fact that the gang rapists of a > 13 year-old were likely Arab Muslim immigrants: > Shock in Berlin as Suspected Rapists Freed > http://www.iris.org.il/blog/exit.php?url_id=52881&entry_id=757 > > > * Original link (of forwarded email): > > http://www.barnhardt.biz/2015/09/10/before-you-follow-pope-francis-command-to-prove-yourselves-worthy-of-him/ > http://www.youtube.com/watch?v=a56EqUPwyFQ > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 12193 bytes Desc: not available URL: From coderman at gmail.com Sun Sep 13 06:35:33 2015 From: coderman at gmail.com (coderman) Date: Sun, 13 Sep 2015 06:35:33 -0700 Subject: Four things to know about presidential hopeful John McAfee In-Reply-To: <55f4b0bd.0aa58c0a.36ebc.ffffe4c8@mx.google.com> References: <55F48AB2.8000909@riseup.net> <6528eb31499c2a693a4295c1718ea574@cryptolab.net> <55f4b0bd.0aa58c0a.36ebc.ffffe4c8@mx.google.com> Message-ID: On 9/12/15, Juan wrote: > obviously using a fake bullet. Juan, you are operating on an assumption about reality that is wrong. From shelley at misanthropia.org Sun Sep 13 06:57:27 2015 From: shelley at misanthropia.org (Shelley) Date: Sun, 13 Sep 2015 06:57:27 -0700 Subject: Some stats, thanks - Fwd: Before you follow Pope Francis' command to prove yourselves worthy of him. In-Reply-To: <2781756.B4nkIG6ikE@lapuntu> References: <2781756.B4nkIG6ikE@lapuntu> Message-ID: <20150913135711.A24A76800E3@frontend2.nyi.internal> On September 13, 2015 5:29:23 AM rysiek wrote: > Dnia niedziela, 13 września 2015 10:08:22 Zenaan Harkness pisze: > > German (Swedish, Nordic, Aussie, Christian) men, have you any balls? > > (...) > > Where oh where is [Beetlejuice] when we need her? Ftfy. Don't SAY that! :p -s P.s., to OP: pls find more amusing chain letters if you're going to post crap here. 419eater has loads of entertaining spam if you're at a loss. From zen at freedbms.net Sun Sep 13 01:33:00 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Sun, 13 Sep 2015 08:33:00 +0000 Subject: German man gets a little fed up with media lies about refugees - youtube Message-ID: I found this here: "Think Germans Aren't Fed Up with Their Media (and the US)? Listen to This Man (Video) " http://russia-insider.com/en/politics/think-germans-arent-fed-their-media-and-us-listen-man-video/ri9693 The video has subtitles for those who don't speak German. This is the filename: German man could not hear media lies about refugees _ Eng Subs-c1PEWCmEMJM.mp4 The video is "only" 6.7MiB. It's quite short. This is the youtube direct address: http://www.youtube.com/watch?v=c1PEWCmEMJM For those with command line download ability (yes, you can keep a copy :) this is the command: youtube-dl --all-subs http://www.youtube.com/watch?v=c1PEWCmEMJM Enjoy, Zenaan PS Here is the transcript for those who might struggle to download a youtube - although I recommend the youtube, it is enjoyable :) Music: Are you holding us for fools? People, I cant believe it! I am listening to the news. I am in the car again, listening to SWR3, and they are really saying believe it or not... that the reasons for refugee flows are Syrian President Bashar Assad and ISIS. These are the reasons for the waves of refugees. Are you holding us for fools? Nobody from our God forsaken, impudent, shitty, state serving media is saying that America is the cause of all these problems, American foreign policy. Nobody is talking, everybody is keeping quiet. Assad and ISIS (are guilty) Who is responsible for the chaos in this whole region? Americans supported ISIS in fight against Assad. Same way they supported Taliban in fight against Russians. Same way they supported Nazis in fight against Communists, against Russia, against Soviet Union. Americans are ready to support even devil himself to accomplish their goal. And if the devil goes out of control, like Nazis, Taliban or as ISIS now... they, again, are not telling that they are behind this. God dammit!!! People have to believe this shitty media that Assad and ISIS are responsible. But how did ISIS come to be? In the end everybody is fighting the symptoms again, and nobody wants to name the root cause. I'm ready to explode in anger because they are fooling us again. Yes, they are fooling us again. And I cannot wait until video shoot on Saturday. I am gonna be jumping 3 times higher there because I am really mad about this blatant lie in the media who make me very angry. This is insolence toward all people!! First they lay the ground for the chaos with refugees and than, they don't name the cause, God dammit!!! And for the price of suffering of these poor people the whole region is gonna be bombed anyways. And they don't give a damn what's left after. The main thing is to get mineral resources (oil, etc). I am sick of this, I am throwing up in anger from this shit I am hearing again on the radio. Turn of this damn radio. I am listening to this only to know what kind of sleazy language they are using so that people would dumb down and go crazy. F*cking media and press!!! I am sick of this. DIE STIMME DES ZORNS, C-Rebell-um [Voice of Anger]. From zen at freedbms.net Sun Sep 13 03:08:22 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Sun, 13 Sep 2015 10:08:22 +0000 Subject: Some stats, thanks - Fwd: Before you follow Pope Francis' command to prove yourselves worthy of him. Message-ID: German (Swedish, Nordic, Aussie, Christian) men, have you any balls? (some stats and graphs are mixed in some of the articles below) * https://diversitychronicle.wordpress.com/2013/04/22/judge-finds-german-woman-guilty-of-raping-eight-pakistani-muslim-men/ "Judge Finds German Woman Guilty of Raping Eight Pakistani Muslim Men April 22, 2013 "In the City of Wassenberg in Western Germany a woman has been found guilty of seducing and raping eight men in the first case of its kind in Europe. Maria Heidelsohn aged 18 alleges that on the afternoon of August 23rd she was pulled away by eight men from the porch she was sun bathing on and carried into a small shed in which she was brutally and repeatedly gang raped. Heidelsohn alleges that she cried for help repeatedly until she was bound and gagged, she then claims that she was beaten severely and both of her arms and one leg were broken. Wassenbeg Police Chief Abdullah Al Hussein contends that there is no evidence Heidelsohn did not injure herself or ask a friend to injure her in order to attempt to frame up her alleged attackers. The Police Chief noted that no male adult Muslim men saw the attack occur to corroborate her story despite the area being largely Muslim. In the large German town new legislation passed overwhelmingly last year stipulates that four adult male Muslim witnesses are necessary in order to corroborate any charges made by a woman in accordance with traditional Islamic jurisprudence. " * http://www.thegatewaypundit.com/2015/09/horror-muslim-migrant-in-europe-brutally-rapes-7-year-old-white-girl-video/ Sep 9th, 2015 "A little 7 year old girl was brutally raped by a Muslim migrant from North Africa. The girl was with her mother in the park in Chemnitz, Germany, when a Muslim man dragged her into the bush, held her mouth shut and brutally raped the little girl. After he finished the rape, he let the girl go and left the crime scene running. It happened quick that the mother did not even notice anything. She first realized it when the seven year old girl came crying to her." http://clashdaily.com/2015/09/muslim-migrant-dragged-7yr-old-white-girl-into-bushes-and-brutally-raped-her/ "This is exactly what the media doesn’t want you to know – but they are completely ignoring it. Let’s make it heard everywhere." * https://www.intellihub.com/schools-in-germany-order-girls-to-cover-up-to-avoid-being-attacked-by-muslim-refugees/ "Schools in Germany order girls to cover up to avoid being attacked by Muslim refugees September 9, 2015 In yet another startling fact about the ongoing Syrian refugee crisis that the liberal media is completely ignoring, school officials in Germany are warning teenage girls to avoid wearing certain attire for fear of offending Muslim refugees." * http://www.infowars.com/feminists-mute-on-muslim-rape-epidemic-sweeping-europe/ * http://www.maggiesnotebook.com/2014/01/rape-jihad-europes-muslims-name-their-rape-gangs-take-your-turn-polish-men-send-message-to-rapists/ * http://www.examiner.com/article/poland-men-band-together-to-escort-women-protect-from-rape-gangs?cid=db_articlesPolish * https://en.wikipedia.org/wiki/Immigration_to_Norway#Sexual_crimes * http://www.aysor.am/en/news/2014/01/09/open-doors-survey/724536 * http://arstechnica.com/civis/viewtopic.php?f=24&t=1246349 "Not so very many years ago, Oslo was virtually a rape-free city, inhabited by people who had been brought up on civilized notions of mutual respect and tolerance. No longer. Over the years, the incidence of rape has risen steadily. A wildly disproportionate number of the perpetrators are "rejected asylum seekers” – which may sound puzzling unless you are aware of the perverse state of affairs whereby even persons officially rejected for asylum in Norway are still allowed to stay. And the increasing temerity of the rapists – who know very well that they will probably not be caught, and, if caught, will not be severely punished – is reflected in the fact that the most recent rape (in which two men assaulted a 21-year-old woman) took place virtually in the backyard of the Royal Palace." * https://muslimstatistics.wordpress.com/2015/03/19/sweden-77-6-percent-of-all-rapes-in-the-country-committed-by-muslim-males-making-up-2-percent-of-population/ "The total Muslim population in Sweden is estimated at 4.4% (2013 figures). Out of that 4.4% and in deducting the women and children, we can roughly guesstimate that around 2% are male. The foreign rape figures at 77.6% Muslim has been anonymously confirmed by Swedish polish in a phone conversation. The actual figure could be higher. These percentages do not include Muslims with Swedish citizenship contained within rapes in the figures categorized under “Swedish nationals”." * https://majorityrights.com/weblog/comments/muslim_rape_wave_in_sweden/ "According to a new study from the Crime Prevention Council, Brå, it is four times more likely that a known rapist is born abroad, compared to persons born in Sweden. Resident aliens from Algeria, Libya, Morocco and Tunisia dominate the group of rape suspects. According to these statistics, almost half of all perpetrators are immigrants. In Norway and Denmark, we know that non-Western immigrants, which frequently means Muslims, are grossly overrepresented on rape statistics. In Oslo, Norway, immigrants were involved in two out of three rape charges in 2001. The numbers in Denmark were the same, and even higher in the city of Copenhagen with three out of four rape charges. Sweden has a larger immigrant, including Muslim, population than any other country in northern Europe." * http://10news.dk/nicolai-sennels-psychologist-islam-root-cause-of-grooming-and-rape-wave/ * http://10news.dk/?p=1723 "Germany: 20-30 Albanians use knives, machetes and iron bars in attack on school children" * http://10news.dk/?p=1698 "General Secretary for Danish Refugee Help changes his mind, predicts “Armageddon” " * http://www.gatestoneinstitute.org/5195/sweden-rape "Sweden: Rape Capital of the West" "Forty years after the Swedish parliament unanimously decided to change the formerly homogenous Sweden into a multicultural country, violent crime has increased by 300% and rapes by 1,472%. Sweden is now number two on the list of rape countries, surpassed only by Lesotho in Southern Africa." * https://en.wikipedia.org/wiki/Rape_in_Sweden * http://www.infowars.com/german-schools-order-girls-not-to-wear-short-skirts-to-avoid-offending-muslim-migrants/ " German Schools Order Girls Not to Wear Short Skirts to Avoid Offending Muslim Migrants Parents warned revealing clothes could lead to "attacks" Schools in Germany are ordering teenage girls not to wear mini-skirts or shorts so as to prevent attacks from Muslim migrants who may be offended by such attire. A school located in Pocking, Bavaria sent a letter to parents advising them of new “security measures” after a migrant shelter was opened at the school’s nearby gym. " * http://www.barenakedislam.com/2015/09/08/german-media-ignore-7-year-old-german-girl-savagely-raped-by-a-north-african-muslim-invader/ * http://www.iris.org.il/blog/index.php?url=archives/757-Pan-European-Arab-Muslim-Gang-Rape-Epidemic.html&serendipity[cview]=linear "Today's news from Germany buries the fact that the gang rapists of a 13 year-old were likely Arab Muslim immigrants: Shock in Berlin as Suspected Rapists Freed http://www.iris.org.il/blog/exit.php?url_id=52881&entry_id=757 * Original link (of forwarded email): http://www.barnhardt.biz/2015/09/10/before-you-follow-pope-francis-command-to-prove-yourselves-worthy-of-him/ http://www.youtube.com/watch?v=a56EqUPwyFQ From Rayzer at riseup.net Sun Sep 13 10:36:12 2015 From: Rayzer at riseup.net (Razer) Date: Sun, 13 Sep 2015 10:36:12 -0700 Subject: John McAfee Runs For US President In 2016 Under Cyber Party In-Reply-To: <55f48f27.4521370a.d43e0.ffffdab9@mx.google.com> References: <3923616.0r0mpAI9Mp@lapuntu> <20150910114126.GC2695@sivokote.iziade.m$> <55f1e097.d4668c0a.7be27.29b4@mx.google.com> <55f3bb8e.4b1c8d0a.90f36.ffff8cf5@mx.google.com> <55F44314.3080807@riseup.net> <55f48f27.4521370a.d43e0.ffffdab9@mx.google.com> Message-ID: <55F5B40C.5060801@riseup.net> On 09/12/2015 01:50 PM, Juan wrote: > On Sat, 12 Sep 2015 08:21:56 -0700 > Razer wrote: > > >> To wit, here's a critical US history book that was popular at US >> colleges during the 60s by Richard Hofstadter called "The American >> Political Tradition" >> >> https://mega.nz/#!2A8EkYiS!ml3aaZOp1dngBd_M6GprwkXGD9ZhFqaa-Xmfiadb928 >> >> (pdf, 34mb) > > Thank Razer! I tried a couple of different browsers and just > got a blank page. Not sure if it's something at my end, some > temporary problem with mega, or what. > Checked it before sending and just now. Link works. Ghostserv shows no trackers at all on the page. Perhaps it's your browser, or something related... Try this @000webhost. About three minutes to download over a wireless connection. Link's broken because riseup doesn't 'like' 000web. http://toolofheresy. herobo .com/files/The%20American%20Political%20Tradition%20-%20Hofstadter,%20Richard.pdf Note that this IS a free account. Bandwidth and bytes transfered have limitation but I doubt, unless EVERYONE on the list d/ls it at once, there should be a problem... >> If you do not read anything else, read the forward and the first >> chapter about our 'founding fathers'. Sick pieces of shit... OFC the >> author doesn't refer to them as such but the picture painted is >> tainted by it. >> > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: From oshwm at openmailbox.org Sun Sep 13 03:38:23 2015 From: oshwm at openmailbox.org (oshwm) Date: Sun, 13 Sep 2015 11:38:23 +0100 Subject: Some stats, thanks - Fwd: Before you follow Pope Francis' command to prove yourselves worthy of him. In-Reply-To: References: Message-ID: <55F5521F.6030408@openmailbox.org> Now if the US and UK had just gone ahead and used Nukes during the Gulf War then we wouldn't have to worry about this :D On 13/09/15 11:08, Zenaan Harkness wrote: > German (Swedish, Nordic, Aussie, Christian) men, have you any balls? > > (some stats and graphs are mixed in some of the articles below) > > > * > https://diversitychronicle.wordpress.com/2013/04/22/judge-finds-german-woman-guilty-of-raping-eight-pakistani-muslim-men/ > "Judge Finds German Woman Guilty of Raping Eight Pakistani Muslim Men > April 22, 2013 > "In the City of Wassenberg in Western Germany a woman has been found > guilty of seducing and raping eight men in the first case of its kind > in Europe. Maria Heidelsohn aged 18 alleges that on the afternoon of > August 23rd she was pulled away by eight men from the porch she was > sun bathing on and carried into a small shed in which she was brutally > and repeatedly gang raped. Heidelsohn alleges that she cried for help > repeatedly until she was bound and gagged, she then claims that she > was beaten severely and both of her arms and one leg were broken. > > Wassenbeg Police Chief Abdullah Al Hussein contends that there is no > evidence Heidelsohn did not injure herself or ask a friend to injure > her in order to attempt to frame up her alleged attackers. The Police > Chief noted that no male adult Muslim men saw the attack occur to > corroborate her story despite the area being largely Muslim. In the > large German town new legislation passed overwhelmingly last year > stipulates that four adult male Muslim witnesses are necessary in > order to corroborate any charges made by a woman in accordance with > traditional Islamic jurisprudence. " > > * > http://www.thegatewaypundit.com/2015/09/horror-muslim-migrant-in-europe-brutally-rapes-7-year-old-white-girl-video/ > Sep 9th, 2015 > "A little 7 year old girl was brutally raped by a Muslim migrant from > North Africa. > The girl was with her mother in the park in Chemnitz, Germany, when a > Muslim man dragged her into the bush, held her mouth shut and brutally > raped the little girl. > After he finished the rape, he let the girl go and left the crime > scene running. It happened quick that the mother did not even notice > anything. She first realized it when the seven year old girl came > crying to her." > > http://clashdaily.com/2015/09/muslim-migrant-dragged-7yr-old-white-girl-into-bushes-and-brutally-raped-her/ > "This is exactly what the media doesn’t want you to know – but they > are completely ignoring it. Let’s make it heard everywhere." > > * > https://www.intellihub.com/schools-in-germany-order-girls-to-cover-up-to-avoid-being-attacked-by-muslim-refugees/ > "Schools in Germany order girls to cover up to avoid being attacked by > Muslim refugees > September 9, 2015 > In yet another startling fact about the ongoing Syrian refugee crisis > that the liberal media is completely ignoring, school officials in > Germany are warning teenage girls to avoid wearing certain attire for > fear of offending Muslim refugees." > > * > http://www.infowars.com/feminists-mute-on-muslim-rape-epidemic-sweeping-europe/ > > * > http://www.maggiesnotebook.com/2014/01/rape-jihad-europes-muslims-name-their-rape-gangs-take-your-turn-polish-men-send-message-to-rapists/ > > * > http://www.examiner.com/article/poland-men-band-together-to-escort-women-protect-from-rape-gangs?cid=db_articlesPolish > > * > https://en.wikipedia.org/wiki/Immigration_to_Norway#Sexual_crimes > > * > http://www.aysor.am/en/news/2014/01/09/open-doors-survey/724536 > > * > http://arstechnica.com/civis/viewtopic.php?f=24&t=1246349 > "Not so very many years ago, Oslo was virtually a rape-free city, > inhabited by people who had been brought up on civilized notions of > mutual respect and tolerance. No longer. Over the years, the incidence > of rape has risen steadily. A wildly disproportionate number of the > perpetrators are "rejected asylum seekers” – which may sound puzzling > unless you are aware of the perverse state of affairs whereby even > persons officially rejected for asylum in Norway are still allowed to > stay. And the increasing temerity of the rapists – who know very well > that they will probably not be caught, and, if caught, will not be > severely punished – is reflected in the fact that the most recent rape > (in which two men assaulted a 21-year-old woman) took place virtually > in the backyard of the Royal Palace." > > * > https://muslimstatistics.wordpress.com/2015/03/19/sweden-77-6-percent-of-all-rapes-in-the-country-committed-by-muslim-males-making-up-2-percent-of-population/ > "The total Muslim population in Sweden is estimated at 4.4% (2013 > figures). Out of that 4.4% and in deducting the women and children, we > can roughly guesstimate that around 2% are male. The foreign rape > figures at 77.6% Muslim has been anonymously confirmed by Swedish > polish in a phone conversation. The actual figure could be higher. > These percentages do not include Muslims with Swedish citizenship > contained within rapes in the figures categorized under “Swedish > nationals”." > > * > https://majorityrights.com/weblog/comments/muslim_rape_wave_in_sweden/ > "According to a new study from the Crime Prevention Council, Brå, it > is four times more likely that a known rapist is born abroad, compared > to persons born in Sweden. Resident aliens from Algeria, Libya, > Morocco and Tunisia dominate the group of rape suspects. According to > these statistics, almost half of all perpetrators are immigrants. In > Norway and Denmark, we know that non-Western immigrants, which > frequently means Muslims, are grossly overrepresented on rape > statistics. In Oslo, Norway, immigrants were involved in two out of > three rape charges in 2001. The numbers in Denmark were the same, and > even higher in the city of Copenhagen with three out of four rape > charges. Sweden has a larger immigrant, including Muslim, population > than any other country in northern Europe." > > * > http://10news.dk/nicolai-sennels-psychologist-islam-root-cause-of-grooming-and-rape-wave/ > > * > http://10news.dk/?p=1723 > "Germany: 20-30 Albanians use knives, machetes and iron bars in attack > on school children" > > * > http://10news.dk/?p=1698 > "General Secretary for Danish Refugee Help changes his mind, predicts > “Armageddon” " > > * > http://www.gatestoneinstitute.org/5195/sweden-rape > "Sweden: Rape Capital of the West" > "Forty years after the Swedish parliament unanimously decided to > change the formerly homogenous Sweden into a multicultural country, > violent crime has increased by 300% and rapes by 1,472%. Sweden is now > number two on the list of rape countries, surpassed only by Lesotho in > Southern Africa." > > * > https://en.wikipedia.org/wiki/Rape_in_Sweden > > * > http://www.infowars.com/german-schools-order-girls-not-to-wear-short-skirts-to-avoid-offending-muslim-migrants/ > " > German Schools Order Girls Not to Wear Short Skirts to Avoid Offending > Muslim Migrants > Parents warned revealing clothes could lead to "attacks" > Schools in Germany are ordering teenage girls not to wear mini-skirts > or shorts so as to prevent attacks from Muslim migrants who may be > offended by such attire. > > A school located in Pocking, Bavaria sent a letter to parents advising > them of new “security measures” after a migrant shelter was opened at > the school’s nearby gym. > " > > * > http://www.barenakedislam.com/2015/09/08/german-media-ignore-7-year-old-german-girl-savagely-raped-by-a-north-african-muslim-invader/ > > * > http://www.iris.org.il/blog/index.php?url=archives/757-Pan-European-Arab-Muslim-Gang-Rape-Epidemic.html&serendipity[cview]=linear > "Today's news from Germany buries the fact that the gang rapists of a > 13 year-old were likely Arab Muslim immigrants: > Shock in Berlin as Suspected Rapists Freed > http://www.iris.org.il/blog/exit.php?url_id=52881&entry_id=757 > > > * Original link (of forwarded email): > http://www.barnhardt.biz/2015/09/10/before-you-follow-pope-francis-command-to-prove-yourselves-worthy-of-him/ > http://www.youtube.com/watch?v=a56EqUPwyFQ > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From Rayzer at riseup.net Sun Sep 13 11:55:59 2015 From: Rayzer at riseup.net (Razer) Date: Sun, 13 Sep 2015 11:55:59 -0700 Subject: I've never been into Astrology, but... In-Reply-To: <857894464.1616614.1442107735186.JavaMail.yahoo@mail.yahoo.com> References: <857894464.1616614.1442107735186.JavaMail.yahoo@mail.yahoo.com> Message-ID: <55F5C6BF.5020708@riseup.net> http://freewillastrology.com/ Check the band he used to front, World Entertainment War http://freewillastrology.com/cds/ (free music) > World Entertainment War Fights the Genocide of the Imagination > > We will succeed where the paranoids have failed! > > We will take back the airwaves from the entertainment criminals! > > Long live the primordial music of our televisionary revolution! A Post-Punk Post-New Wave Jazz-Rock Industrial pagan ritual in music designed to take the media back from the entertainment criminals and hopefully turn it around and use it against them... Pre-Adbusters. Example: > DARK AGES > > What time is it, boys and girls? > It's time for the Dark Ages! > > Your nightmares and traumas > can make you rich and famous > Commercials can teach you > all that you need to know > Kiss my flag Don't look back > The past is gaining on us > Read my lips Watch my hips > These are the Dark Ages > > George Orwell's dream came true > But no one realizes > It crushed us so nicely > with so much wit and style > Entertainment might as well be > just like a rocket launcher > Too bad it's in the hands of the enemy > Nobody believes me > And so I know that I'm right > Charisma addiction gives me a deja vu > Is this like Germany in the 1930s? > Do we have to live through the apocalypse again? > > Might be the Dark Ages > But we're so happy > Happy to be here today > > You never know when you > might have to face the censor > So I don't pretend to > want to make too much sense > Revolution on TV > in far-off distant countries > Too bad it's just another mini-series here > Nobody believes me > And so I know that I'm right > Charisma hangover > has got to wear off soon > Could this be like Eastern Europe > in the 1990s? > Will we ever get a chance > to have Perestroika here? > http://www.freewillastrology.com/darkages.mp3 On 09/12/2015 06:28 PM, jim bell wrote: > http://hexagoninfulleffect.com/2013/02/07/sun-in-aries-moon-in-scorpio-night-terrors-primal-instincts-and-going-deep-cover/ > > One of the more curious web pages I've seen recently. > Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: From cathalgarvey at cathalgarvey.me Sun Sep 13 03:58:59 2015 From: cathalgarvey at cathalgarvey.me (Cathal (Phone)) Date: Sun, 13 Sep 2015 11:58:59 +0100 Subject: Some stats, thanks - Fwd: Before you follow Pope Francis' command to prove yourselves worthy of him. In-Reply-To: References: Message-ID: <07120F1B-3A0D-49BA-9295-F4246F3AFE49@cathalgarvey.me> Could you please keep the racist look-how-awful-immigrants-are shit off Cypherpunks and keep on-topic? Thx. On 13 September 2015 11:08:22 IST, Zenaan Harkness wrote: >German (Swedish, Nordic, Aussie, Christian) men, have you any balls? > >(some stats and graphs are mixed in some of the articles below) > > >* >https://diversitychronicle.wordpress.com/2013/04/22/judge-finds-german-woman-guilty-of-raping-eight-pakistani-muslim-men/ >"Judge Finds German Woman Guilty of Raping Eight Pakistani Muslim Men >April 22, 2013 >"In the City of Wassenberg in Western Germany a woman has been found >guilty of seducing and raping eight men in the first case of its kind >in Europe. Maria Heidelsohn aged 18 alleges that on the afternoon of >August 23rd she was pulled away by eight men from the porch she was >sun bathing on and carried into a small shed in which she was brutally >and repeatedly gang raped. Heidelsohn alleges that she cried for help >repeatedly until she was bound and gagged, she then claims that she >was beaten severely and both of her arms and one leg were broken. > >Wassenbeg Police Chief Abdullah Al Hussein contends that there is no >evidence Heidelsohn did not injure herself or ask a friend to injure >her in order to attempt to frame up her alleged attackers. The Police >Chief noted that no male adult Muslim men saw the attack occur to >corroborate her story despite the area being largely Muslim. In the >large German town new legislation passed overwhelmingly last year >stipulates that four adult male Muslim witnesses are necessary in >order to corroborate any charges made by a woman in accordance with >traditional Islamic jurisprudence. " > >* >http://www.thegatewaypundit.com/2015/09/horror-muslim-migrant-in-europe-brutally-rapes-7-year-old-white-girl-video/ >Sep 9th, 2015 >"A little 7 year old girl was brutally raped by a Muslim migrant from >North Africa. >The girl was with her mother in the park in Chemnitz, Germany, when a >Muslim man dragged her into the bush, held her mouth shut and brutally >raped the little girl. >After he finished the rape, he let the girl go and left the crime >scene running. It happened quick that the mother did not even notice >anything. She first realized it when the seven year old girl came >crying to her." > >http://clashdaily.com/2015/09/muslim-migrant-dragged-7yr-old-white-girl-into-bushes-and-brutally-raped-her/ >"This is exactly what the media doesn’t want you to know – but they >are completely ignoring it. Let’s make it heard everywhere." > >* >https://www.intellihub.com/schools-in-germany-order-girls-to-cover-up-to-avoid-being-attacked-by-muslim-refugees/ >"Schools in Germany order girls to cover up to avoid being attacked by >Muslim refugees > September 9, 2015 >In yet another startling fact about the ongoing Syrian refugee crisis >that the liberal media is completely ignoring, school officials in >Germany are warning teenage girls to avoid wearing certain attire for >fear of offending Muslim refugees." > >* >http://www.infowars.com/feminists-mute-on-muslim-rape-epidemic-sweeping-europe/ > >* >http://www.maggiesnotebook.com/2014/01/rape-jihad-europes-muslims-name-their-rape-gangs-take-your-turn-polish-men-send-message-to-rapists/ > >* >http://www.examiner.com/article/poland-men-band-together-to-escort-women-protect-from-rape-gangs?cid=db_articlesPolish > >* >https://en.wikipedia.org/wiki/Immigration_to_Norway#Sexual_crimes > >* >http://www.aysor.am/en/news/2014/01/09/open-doors-survey/724536 > >* >http://arstechnica.com/civis/viewtopic.php?f=24&t=1246349 >"Not so very many years ago, Oslo was virtually a rape-free city, >inhabited by people who had been brought up on civilized notions of >mutual respect and tolerance. No longer. Over the years, the incidence >of rape has risen steadily. A wildly disproportionate number of the >perpetrators are "rejected asylum seekers” – which may sound puzzling >unless you are aware of the perverse state of affairs whereby even >persons officially rejected for asylum in Norway are still allowed to >stay. And the increasing temerity of the rapists – who know very well >that they will probably not be caught, and, if caught, will not be >severely punished – is reflected in the fact that the most recent rape >(in which two men assaulted a 21-year-old woman) took place virtually >in the backyard of the Royal Palace." > >* >https://muslimstatistics.wordpress.com/2015/03/19/sweden-77-6-percent-of-all-rapes-in-the-country-committed-by-muslim-males-making-up-2-percent-of-population/ >"The total Muslim population in Sweden is estimated at 4.4% (2013 >figures). Out of that 4.4% and in deducting the women and children, we >can roughly guesstimate that around 2% are male. The foreign rape >figures at 77.6% Muslim has been anonymously confirmed by Swedish >polish in a phone conversation. The actual figure could be higher. >These percentages do not include Muslims with Swedish citizenship >contained within rapes in the figures categorized under “Swedish >nationals”." > >* >https://majorityrights.com/weblog/comments/muslim_rape_wave_in_sweden/ >"According to a new study from the Crime Prevention Council, Brå, it >is four times more likely that a known rapist is born abroad, compared >to persons born in Sweden. Resident aliens from Algeria, Libya, >Morocco and Tunisia dominate the group of rape suspects. According to >these statistics, almost half of all perpetrators are immigrants. In >Norway and Denmark, we know that non-Western immigrants, which >frequently means Muslims, are grossly overrepresented on rape >statistics. In Oslo, Norway, immigrants were involved in two out of >three rape charges in 2001. The numbers in Denmark were the same, and >even higher in the city of Copenhagen with three out of four rape >charges. Sweden has a larger immigrant, including Muslim, population >than any other country in northern Europe." > >* >http://10news.dk/nicolai-sennels-psychologist-islam-root-cause-of-grooming-and-rape-wave/ > >* >http://10news.dk/?p=1723 >"Germany: 20-30 Albanians use knives, machetes and iron bars in attack >on school children" > >* >http://10news.dk/?p=1698 >"General Secretary for Danish Refugee Help changes his mind, predicts >“Armageddon” " > >* >http://www.gatestoneinstitute.org/5195/sweden-rape >"Sweden: Rape Capital of the West" >"Forty years after the Swedish parliament unanimously decided to >change the formerly homogenous Sweden into a multicultural country, >violent crime has increased by 300% and rapes by 1,472%. Sweden is now >number two on the list of rape countries, surpassed only by Lesotho in >Southern Africa." > >* >https://en.wikipedia.org/wiki/Rape_in_Sweden > >* >http://www.infowars.com/german-schools-order-girls-not-to-wear-short-skirts-to-avoid-offending-muslim-migrants/ >" >German Schools Order Girls Not to Wear Short Skirts to Avoid Offending >Muslim Migrants >Parents warned revealing clothes could lead to "attacks" >Schools in Germany are ordering teenage girls not to wear mini-skirts >or shorts so as to prevent attacks from Muslim migrants who may be >offended by such attire. > >A school located in Pocking, Bavaria sent a letter to parents advising >them of new “security measures” after a migrant shelter was opened at >the school’s nearby gym. >" > >* >http://www.barenakedislam.com/2015/09/08/german-media-ignore-7-year-old-german-girl-savagely-raped-by-a-north-african-muslim-invader/ > >* >http://www.iris.org.il/blog/index.php?url=archives/757-Pan-European-Arab-Muslim-Gang-Rape-Epidemic.html&serendipity[cview]=linear >"Today's news from Germany buries the fact that the gang rapists of a >13 year-old were likely Arab Muslim immigrants: >Shock in Berlin as Suspected Rapists Freed >http://www.iris.org.il/blog/exit.php?url_id=52881&entry_id=757 > > >* Original link (of forwarded email): >http://www.barnhardt.biz/2015/09/10/before-you-follow-pope-francis-command-to-prove-yourselves-worthy-of-him/ >http://www.youtube.com/watch?v=a56EqUPwyFQ -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 11395 bytes Desc: not available URL: From jya at pipeline.com Sun Sep 13 10:57:34 2015 From: jya at pipeline.com (John Young) Date: Sun, 13 Sep 2015 13:57:34 -0400 Subject: John McAfee Runs For US President In 2016 Under Cyber Party In-Reply-To: <55F5B40C.5060801@riseup.net> References: <3923616.0r0mpAI9Mp@lapuntu> <20150910114126.GC2695@sivokote.iziade.m$> <55f1e097.d4668c0a.7be27.29b4@mx.google.com> <55f3bb8e.4b1c8d0a.90f36.ffff8cf5@mx.google.com> <55F44314.3080807@riseup.net> <55f48f27.4521370a.d43e0.ffffdab9@mx.google.com> <55F5B40C.5060801@riseup.net> Message-ID: Hofstadter Introduction and Chapter 1: https://cryptome.org/hofstadter-intro-chap-1.pdf At 01:36 PM 9/13/2015, Razer wrote: >On 09/12/2015 01:50 PM, Juan wrote: > > On Sat, 12 Sep 2015 08:21:56 -0700 > > Razer wrote: > > > > > >> To wit, here's a critical US history book that was popular at US > >> colleges during the 60s by Richard Hofstadter called "The American > >> Political Tradition" > >> > >> https://mega.nz/#!2A8EkYiS!ml3aaZOp1dngBd_M6GprwkXGD9ZhFqaa-Xmfiadb928 > >> > > >> (pdf, 34mb) > > > > Thank Razer! I tried a couple of different browsers and just > > got a blank page. Not sure if it's something at my end, some > > temporary problem with mega, or what. > > > >Checked it before sending and just now. Link works. Ghostserv shows no >trackers at all on the page. Perhaps it's your browser, or something >related... > >Try this @000webhost. About three minutes to download over a wireless >connection. Link's broken because riseup doesn't 'like' 000web. > >http://toolofheresy. herobo >.com/files/The%20American%20Political%20Tradition%20-%20Hofstadter,%20Richard.pdf > >Note that this IS a free account. Bandwidth and bytes transfered have >limitation but I doubt, unless EVERYONE on the list d/ls it at once, >there should be a problem... > > > > >> If you do not read anything else, read the forward and the first > >> chapter about our 'founding fathers'. Sick pieces of shit... OFC the > >> author doesn't refer to them as such but the picture painted is > >> tainted by it. > >> > > > > > > > From enki at fsck.pl Sun Sep 13 05:07:52 2015 From: enki at fsck.pl (enki) Date: Sun, 13 Sep 2015 14:07:52 +0200 Subject: Some stats, thanks - Fwd: Before you follow Pope Francis' command to prove yourselves worthy of him. In-Reply-To: References: Message-ID: <14fc69ab895.c653b746342230.8843624373519190950@fsck.pl> ---- Wł. N, 13 wrz 2015 12:08:22 +0200 Zenaan Harkness napisał(a) ---- >German (Swedish, Nordic, Aussie, Christian) men, have you any balls? > >(some stats and graphs are mixed in some of the articles below) > > >* >https://diversitychronicle.wordpress.com/2013/04/22/judge-finds-german-woman-guilty-of-raping-eight-pakistani-muslim-men/ >"Judge Finds German Woman Guilty of Raping Eight Pakistani Muslim Men >April 22, 2013 >"In the City of Wassenberg in Western Germany a woman has been found >guilty of seducing and raping eight men in the first case of its kind >in Europe. Maria Heidelsohn aged 18 alleges that on the afternoon of >August 23rd she was pulled away by eight men from the porch she was >sun bathing on and carried into a small shed in which she was brutally >and repeatedly gang raped. Heidelsohn alleges that she cried for help >repeatedly until she was bound and gagged, she then claims that she >was beaten severely and both of her arms and one leg were broken. > >Wassenbeg Police Chief Abdullah Al Hussein contends that there is no >evidence Heidelsohn did not injure herself or ask a friend to injure >her in order to attempt to frame up her alleged attackers. The Police >Chief noted that no male adult Muslim men saw the attack occur to >corroborate her story despite the area being largely Muslim. In the >large German town new legislation passed overwhelmingly last year >stipulates that four adult male Muslim witnesses are necessary in >order to corroborate any charges made by a woman in accordance with >traditional Islamic jurisprudence. " > O RLY? https://diversitychronicle.wordpress.com/disclaimer/: """ The original content on this blog is largely satirical. “I ceased in the year 1764 to believe that one can convince one’s opponents with arguments printed in books. It is not to do that, therefore, that I have taken up my pen, but merely so as to annoy them, and to bestow strength and courage on those on our own side, and to make it known to the others that they have not convinced us.” – Georg Christoph Lichtenberg. It is in the spirit of the above quote that I write. Who am I you may ask? My name is Erik Thorson. I created this blog for my own personal amusement. """" Also: http://www.hoax-slayer.com/woman-raping-eight-men-satire.shtml You fail on this one. I have not read your other sources but maybe you should doublecheck them as well. -- Pozdr, enki at fsck.pl From rysiek at hackerspace.pl Sun Sep 13 05:22:44 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 13 Sep 2015 14:22:44 +0200 Subject: Some stats, thanks - Fwd: Before you follow Pope Francis' command to prove yourselves worthy of him. In-Reply-To: References: Message-ID: <2781756.B4nkIG6ikE@lapuntu> Dnia niedziela, 13 września 2015 10:08:22 Zenaan Harkness pisze: > German (Swedish, Nordic, Aussie, Christian) men, have you any balls? > (...) Where oh where is Cari Machet when we need her? -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From guninski at guninski.com Sun Sep 13 05:15:00 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sun, 13 Sep 2015 15:15:00 +0300 Subject: Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method In-Reply-To: <20150910113908.GB2695@sivokote.iziade.m$> References: <20150903112721.GA2732@sivokote.iziade.m$> <9A043F3CF02CD34C8E74AC1594475C73F4AF0463@uxcn10-5.UoA.auckland.ac.nz> <20150904082605.GA2705@sivokote.iziade.m$> <20150904113437.GB2705@sivokote.iziade.m$> <20150904120816.GC2705@sivokote.iziade.m$> <20150905052803.GA2661@sivokote.iziade.m$> <20150910113908.GB2695@sivokote.iziade.m$> Message-ID: <20150913121500.GA2654@sivokote.iziade.m$> On Thu, Sep 10, 2015 at 02:39:08PM +0300, Georgi Guninski wrote: > FYI: > > This is on libressl-dev: > > http://article.gmane.org/gmane.comp.encryption.libressl/74 > http://news.gmane.org/gmane.comp.encryption.libressl > From libressl's commits (modulo me being MITMed) https://github.com/libressl-portable/portable/commit/105c86f3ed1508e9bb55ea3e59670b388ec7a076 first round of 2.3.0 release notes [line 52] + Thanks for for + mentioning the possibility of a weak (non prime) q value and + providing a test case. + + See + https://cpunks.org/pipermail/cypherpunks/2015-September/009007.html + for a longer discussion. From guninski at guninski.com Sun Sep 13 06:42:56 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sun, 13 Sep 2015 16:42:56 +0300 Subject: Four things to know about presidential hopeful John McAfee In-Reply-To: References: <55F48AB2.8000909@riseup.net> <6528eb31499c2a693a4295c1718ea574@cryptolab.net> <55f4b0bd.0aa58c0a.36ebc.ffffe4c8@mx.google.com> Message-ID: <20150913134256.GB2654@sivokote.iziade.m$> On Sun, Sep 13, 2015 at 06:35:33AM -0700, coderman wrote: > On 9/12/15, Juan wrote: > > obviously using a fake bullet. > > Juan, you are operating on an assumption about reality that is wrong. What about seeing this on, say, CNN in a _sound_ russian roulette experiment? For me 10^3 times is nearly enough for his immortality. From carimachet at gmail.com Sun Sep 13 08:48:56 2015 From: carimachet at gmail.com (Cari Machet) Date: Sun, 13 Sep 2015 18:48:56 +0300 Subject: [tor-talk] Library installs Tor exit node; pulls plug after pressure from DHS In-Reply-To: <280efa62cb67b88beb48af7eb22789cf@thinkpenguin.com> References: <14fb8d70f10.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> <20150910200217.2E95068006C@frontend2.nyi.internal> <280efa62cb67b88beb48af7eb22789cf@thinkpenguin.com> Message-ID: as i have stated i dont trust tor because monolithic and we need more solutions than shit developed by the state but it could be a beautiful lawsuit against the federal gov - those are needed for sure everywhere anywhere - state sovereignty needs more legal enactment On Sep 12, 2015 3:31 AM, "Chris" wrote: > On 2015-09-11 07:19 PM, grarpamp wrote: > >> A lot of support should be lent right now to the city managers, library >>> board, >>> and the community. You don't want the first one to be publicly quashed by >>> a bunch of shameful LEA fearmongering. >>> Show up the board meeting, you can bet they will. >>> >> >> Someone should also see about notifying these folks, >> you might end up with an entire state full of relays... >> > > - Free State Participant Here (not in NH yet though) - > > I actually was wondering if it wasn't FSP participants who were working on > the relays in the first place... though that said on a prior brief attempt > to identify the main participants in the library project I could find no > obvious connections. However that doesn't surprise me. I've also not > identified any participation by other individuals in the FSP despite > seeming like highly likely participants (for instance Ross Ulbricht of Silk > Road fame holds many views held by said participants and his mother has > even talked at multiple FSP events post arrest). > > Unfortunately I haven't gotten very far with another campaign regarding > the FCC's efforts to force manufacturers to lock down devices on Free Talk > Live (which does promote the Free State Project and is run out of Keene, > NH). I called in briefly as the show generally doesn't do interviews / > talks and like many other shows. Rather they let anybody call in about > anything (ie the name Free Talk Live). That said I'd still encourage people > to call into Free Talk Live. Multiple people coordinating it would be a > smart move and I'd be happy to participate in such a campaign to 'target > FTL' (they wouldn't object). > > The site and call in # can be found at https://www.freetalklive.com/ and > the show airs daily on the east coast from 7PM-10PM 7 days a week. > > There are other FSP media outlets (ie libtery-minded outlets heavily > involved in the FSP). The Free Talk Live show seems to be the most > outstanding from FSP events I've attended (ie they show up to Porcfest in > the summer, which is an FSP summer camping event, and Liberty Forum, > another winter event, traditional conference style). > > https://www.freetalklive.com/ > > * Also just noticed in on the site that there is a link to an article on > the issue already. > > Another show is Freedom Phoenix. I've had a lot of luck here, but I > believe it is out in Arizona (ie phoenix). Not sure who in the NH region if > anybody listens to it, but I know they've covered Porcfest before. I've > been on the show twice and will be on for a third time this coming week > (Tuesday September 15th) to talk about the FCC's efforts to ban free > software (practical result/outcome of rule changes, not specific objective > necessarily). > > https://www.freedomsphoenix.com/ > > You might also try: > > http://freekeene.com/ > > http://lrn.fm > > http://copyblock.org > > http://libertyconspiracy.com/ > > http://www.katherinealbrecht.com/ > > http://schoolsucksproject.com/ > > http://www.shirelibertynews.com/ > > http://www.youtube.com/user/RidleyReport > > You might check out 411 Activist TXT Msg Distribution Service which sends > out a message to all activists cell phones in the area: > > > http://forum.shiresociety.com/discussion/5744/keene-411-v-2-0-activist-txt-msg-distribution-service/p1 > > Keene is about an hour away... > > There is also Free Grafton 40 minutes away ( > http://www.freetownproject.com/new_hampshire_town.html) > > There is also Free Concord an hour 20 minutes away ( > http://freeconcord.org/) > > > >> https://freestateproject.org/ >> http://forum.freestateproject.org/ >> > -- > tor-talk mailing list - tor-talk at lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 6375 bytes Desc: not available URL: From juan.g71 at gmail.com Sun Sep 13 15:03:07 2015 From: juan.g71 at gmail.com (Juan) Date: Sun, 13 Sep 2015 19:03:07 -0300 Subject: John McAfee Runs For US President In 2016 Under Cyber Party In-Reply-To: <55F5B40C.5060801@riseup.net> References: <3923616.0r0mpAI9Mp@lapuntu> <20150910114126.GC2695@sivokote.iziade.m$> <55f1e097.d4668c0a.7be27.29b4@mx.google.com> <55f3bb8e.4b1c8d0a.90f36.ffff8cf5@mx.google.com> <55F44314.3080807@riseup.net> <55f48f27.4521370a.d43e0.ffffdab9@mx.google.com> <55F5B40C.5060801@riseup.net> Message-ID: <55f5f197.66168c0a.ad40f.5880@mx.google.com> On Sun, 13 Sep 2015 10:36:12 -0700 Razer wrote: > On 09/12/2015 01:50 PM, Juan wrote: > > On Sat, 12 Sep 2015 08:21:56 -0700 > > Razer wrote: > > > > > >> To wit, here's a critical US history book that was popular at US > >> colleges during the 60s by Richard Hofstadter called "The American > >> Political Tradition" > >> > >> https://mega.nz/#!2A8EkYiS!ml3aaZOp1dngBd_M6GprwkXGD9ZhFqaa-Xmfiadb928 > >> > >> (pdf, 34mb) > > > > Thank Razer! I tried a couple of different browsers and just > > got a blank page. Not sure if it's something at my end, some > > temporary problem with mega, or what. > > > > Checked it before sending and just now. Link works. Ghostserv shows no > trackers at all on the page. Perhaps it's your browser, or something > related... Yes, there's something wrong here, my bad. https://mega.nz doesn't load either (investigating...) > > Try this @000webhost. About three minutes to download over a wireless > connection. Link's broken because riseup doesn't 'like' 000web. > > http://toolofheresy. herobo > .com/files/The%20American%20Political%20Tradition%20-%20Hofstadter,%20Richard.pdf Got it! Thanks Razer!! > > Note that this IS a free account. Bandwidth and bytes transfered have > limitation but I doubt, unless EVERYONE on the list d/ls it at once, > there should be a problem... > > > > >> If you do not read anything else, read the forward and the first > >> chapter about our 'founding fathers'. Sick pieces of shit... OFC > >> the author doesn't refer to them as such but the picture painted is > >> tainted by it. > >> > > > > > > From admin at pilobilus.net Mon Sep 14 01:17:10 2015 From: admin at pilobilus.net (Steve Kinney) Date: Mon, 14 Sep 2015 04:17:10 -0400 Subject: Anyone familiar with SEO (Search Engine Optimization) techniques? I have a mystery. In-Reply-To: <1442063247.21762.6.camel@moonpatrol> References: <1109550241.1333849.1442027888976.JavaMail.yahoo@mail.yahoo.com> <1442063247.21762.6.camel@moonpatrol> Message-ID: <55F68286.6030200@pilobilus.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/12/2015 09:07 AM, Shawn K. Quinn wrote: [...] > The best defense against this is may be to better advertise > what they are trying to drown out with the spam, either > intentionally or not. Exactly. Google employs two contractors with an army of humans to review websites for "quality". Among other things they check for keyword stuffing, hidden text irrelevant to the site's content, etc.; on discovery, offending sites are de-rated and "sandboxed" so that only searches for the exact URL of the offender's site appear in Google search results. But an SEO contractor with hundreds of totally ignorant clients (i.e., hundreds of clients) can spread a well paid (or personal grudge based) suppression campaign like the one described across hundreds of domains to keep the spam alive and working. The distribution of "search spam" that is referenced here could be bad luck - some sleazy SEO contractor cut and pasted the text just because it was natural language and contained specific terms relevant to some of their customers' sites. Or, and IMO more likely, someone contracted to have the info in question removed from the Internet by poisoning search indexes. Either way, if you put up a web page that has the relevant text in it, that page should rise above the irrelevant crap in search results within a couple of months. The specific search terms you want to become findable should be included in an H1 header at or near the top of the page, and in the first paragraph. Naming an image on the page to include these words is an undocumented but effective trick. The same words and phrases should be included in the "description" meta-tag field of the page header. (The "keywords" meta-tag is ignored by search engines that use natural language analysis to categorize pages, i.e. all search engines today .) For best results, ask folks on THIS list (and elsewhere) to go out of their way to put links to your own counter-attacking page on their own websites, with search terms that have been poisoned by the SEO contractor as the visible text of the hyperlink. Links on a half dozen pages with Google page ranks of 2 or above can work wonders. Much as I hate to say this, setting up a Google Analytics account and adding their tracking code to your counter-attack page is a good idea, because pages with the analytics.js code will get crawled and indexed faster. People who "care about privacy" won't be affected because their browsers won't download or execute the javascript. A saboteur who has to hide his weaponized text from human website visitors (and the "owners" of the websites used) can't compete against well formed, visible text on pages that have lots of inbound links from "real" websites. Google is very up front about how most of their page indexing and ranking protocols work: http://www.google.com/webmasters/docs/search-engine-optimization-sta rter-guide.pdf :o) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJV9oKEAAoJEDZ0Gg87KR0LawwQAKyWsrRyYyg6DjrcFGD3lyPD Onk52V5NQAHTxEwcpxWk8u2K03V+onvQTFrbXgX7Fb84d5TEihsqsYnCb935C3nM goCQipskeIgpQ3+I0pe0AkvlcpYbyGATwYUPgKuquI6DDHMbjsGG/YnIXkc0GoY1 +rdmVqfOExWdlYndRjqUU7BlCNbemvn4M7jjkLhxzVYz2ZtgPj5PNztNltUXA+V/ y10th8tB6VTcXC4dUhZErm+gKycuvvGkRCXg3yZrW12I/siUoyTekSE5PtpYE0dg y6I0i9xmSrHS3XQ5VPwfXWbBHq+FLI3ClZORluxXmxkatWGXs0I7xoF3An8/tckK Poiayp4KyR3YDySDVjTT+WRmLRc6DDtq7AQmoQTS9WUd3Mtyw1QR+uOUc8MIYC6n tTpV8dByA1ps0Km8MVZ0qluxJNgeBSte0APCojzgJFJemEXjX1O1TXBC6O26iJyl 1QK0RsJE4RvqaL0qXgXDLhW2/UZPro20t0iHfP/W9xqP0L7GREA2fmFwq9xgW7W3 vh6Nr/YdU8A5KcXuZbVbUXEMrRy3w3e0xs4vUxeNel5d1ruqKHU+tvDJSLTqKsL0 zhS8UQsCW2Bv6jsX3UBhLZZEvGXjEGVidmYZedL9R9jMFADaeLpfnQ7eeDAlQHX5 V0a2kjTkWTvKjP6gKHfq =7USE -----END PGP SIGNATURE----- From oshwm at openmailbox.org Sun Sep 13 22:36:16 2015 From: oshwm at openmailbox.org (Oshwm) Date: Mon, 14 Sep 2015 06:36:16 +0100 Subject: Privacy Respecting Laptops In-Reply-To: <1442196672.2106649.382666265.23011BB0@webmail.messagingengine.com> References: <1442196672.2106649.382666265.23011BB0@webmail.messagingengine.com> Message-ID: <9E491F41-82BE-4250-ABC5-0109D3635C47@openmailbox.org> Links go via cloudflare so privacy already abused before even purchasing. On 14 September 2015 03:11:12 BST, Alfie John wrote: >Just saw these this morning: > > https://www.crowdsupply.com/purism > https://puri.sm/ > >Although a physical switch to kill the webcam and mic seems obvious, >this is the first laptop I've seen with them built in. > >Overall thoughts? > >Alfie > >-- > Alfie John > alfiej at fastmail.fm -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 775 bytes Desc: not available URL: From Rayzer at riseup.net Mon Sep 14 08:06:43 2015 From: Rayzer at riseup.net (Razer) Date: Mon, 14 Sep 2015 08:06:43 -0700 Subject: John McAfee Runs For US President In 2016 Under Cyber Party In-Reply-To: <20150914064938.GB2473@sivokote.iziade.m$> References: <3923616.0r0mpAI9Mp@lapuntu> <20150910114126.GC2695@sivokote.iziade.m$> <55f1e097.d4668c0a.7be27.29b4@mx.google.com> <55f3bb8e.4b1c8d0a.90f36.ffff8cf5@mx.google.com> <55F44314.3080807@riseup.net> <55f48f27.4521370a.d43e0.ffffdab9@mx.google.com> <55F5B40C.5060801@riseup.net> <20150914064938.GB2473@sivokote.iziade.m$> Message-ID: <55F6E283.2060001@riseup.net> On 09/13/2015 11:49 PM, Georgi Guninski wrote: > On Sun, Sep 13, 2015 at 01:57:34PM -0400, John Young wrote: >> Hofstadter Introduction and Chapter 1: >> >> https://cryptome.org/hofstadter-intro-chap-1.pdf >> >> > The whole appears to be in Library Genesis in epub > format AFAICT. > > A search for the author's name turned up his other noted works: Richard Hofstadter Social Darwinism in American Thought, 1992 Richard Hofstadter The Paranoid Style in American Politics: And Other Essays, 1996 ...and a book title search turned up nothing. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: From tbiehn at gmail.com Mon Sep 14 05:37:45 2015 From: tbiehn at gmail.com (Travis Biehn) Date: Mon, 14 Sep 2015 08:37:45 -0400 Subject: Privacy Respecting Laptops In-Reply-To: <9E491F41-82BE-4250-ABC5-0109D3635C47@openmailbox.org> References: <1442196672.2106649.382666265.23011BB0@webmail.messagingengine.com> <9E491F41-82BE-4250-ABC5-0109D3635C47@openmailbox.org> Message-ID: Oshwm: Seems reasonable. It would be cool if consumers started valuing privacy-oriented products, now the whole plot is lost once a company uses a 3rd party load balancer? Nice. "Every hardware chip individually selected for being freedom-respecting" Is that in the datasheet for each chip "no backdoors & 100% certified vulnerability free"? Does an Intel chipset laptop manufactured in Shenzen really count as 'thoughtful and freedom respecting'? “Getting rid of the signature checking is an important step. While it doesn’t give us free code for the firmware, it means that users will really have control of the firmware once we get free code for it.” - Dr. Richard M. Stallman And without signature checks how will we prevent un-solicited BIOS modification? Securing their Trisquel derived distro? RMS doesn't have 'robust against nation state attackers' on his platform for GNU. They're still just trying to get people to comply with the license & refer to it as 'gnu / linux'. Don't mistake a 'FOSS' laptop for a 'Privacy Laptop' just because they installed a switch for the webcam. The privacy stuff is just the work of marketing. -Travis On Mon, Sep 14, 2015 at 1:36 AM, Oshwm wrote: > Links go via cloudflare so privacy already abused before even purchasing. > > > On 14 September 2015 03:11:12 BST, Alfie John wrote: >> >> Just saw these this morning: >> >> https://www.crowdsupply.com/purism >> https://puri.sm/ >> >> Although a physical switch to kill the webcam and mic seems obvious, >> this is the first laptop I've seen with them built in. >> >> Overall thoughts? >> >> Alfie >> >> -- Twitter | LinkedIn | GitHub | TravisBiehn.com | Google Plus -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3088 bytes Desc: not available URL: From blibbet at gmail.com Mon Sep 14 09:09:38 2015 From: blibbet at gmail.com (Blibbet) Date: Mon, 14 Sep 2015 09:09:38 -0700 Subject: Privacy Respecting Laptops In-Reply-To: References: <1442196672.2106649.382666265.23011BB0@webmail.messagingengine.com> <9E491F41-82BE-4250-ABC5-0109D3635C47@openmailbox.org> <55F6E481.4030608@cathalgarvey.me> Message-ID: <55F6F142.4010104@gmail.com> >> Librem isn't perfect, and its BIOS isn't fully free. But it's free-er than >> almost any other laptop being sold that's worth owning, and it even comes >> with a hardware switch for some key sensors. > If a product markets itself as 'privacy respecting' (is the Librem > *actually* marketed this way) then it had better back up it's claims. Regardless of the way the marketing team is spinning things, they supposedly have 3 firmware developers trying to make a difference. Outside Bunnie Studios, I don't know of another OEM that is trying to help with this niche market with new hardware (not including refurbished Thinkpads). So I respect that effort. Not sure they'll fully succeed in this model, but perhaps a few models later they will have some decent boxes. It sounds like they have a source license to Intel's Firmware Support Package (FSP), and are modifying it to disable some silicon/firmware features. The results will still be closed-source. Today, nearly all Intel systems are 100% closed-source firmware, via IBVs (Phoenix, AMI, Insyde, and OEMs). Some AMD and ARM systems could provide blob-free firmware. If used in conjunction with fully open source OS/app stack, then you might be able to trust it. Today, I don't see how you can trust any keys/certs in any of the Trusted/Verified/Measured/etc boots, most of the solutions don't seem to have any way for the owner/user to verify, eg, no CRL/OSCP keys. My reading of NIST SP80-147's seems to imply that sysadmins need to be able to verify things, but that doesn't seem viable today. While Purism's marketing may be a bit overboard, I'm hopeful that they're trying. Maybe their next model will use the new RISC-V Raven3 chip, with U-Boot Verified Boot, and ship with full source to CPU/firmware/enclosure, firmware, OS, and apps. To get to that point, we'll probably need to help them fund this current Intel model, to keep Purism alive.... I am not sure why they they need to create yet-another privacy-centric OS, PureOS, and focus on improving and using Qubes/TAILs/Trisqel/Mempo/etc. They're apparently working on a Free Software fork of FSP. I wish this was a shared effort with many more free software developers, perhaps managed by FSF or Linux Foundation, not just a single OEM. More than one Linux OEM could benefit from such an effort, most of them still use COTS 100% closed-source IBVs. Can the current Intel-based solution get certified by the FSF RespectYourFreedom program? I'm not sure. Whatever happens with what they do to the FSP and Intel silicon, if the result is less secure to attackers, that'll be an issue. Many who care about personal freedom and detest blobs seem to ignore security. But Purism cares about privacy and security, so they have to try and deal with both issues. Disabling BootGuard in updated FSP may make it more configurable, but less secure, it seems. Their web site has fancy graphics and tables. I hope they create a list of FSP modifications so we can see what security holes the system may have. I like the kill switch. I'd go further: since many firmware attacks come through suspend/resume, I'd rather just disable that at the HW/FW/OS levels. I'd like to have a fully-lockable enclosure in a laptop, which can cover exposed ports, with a good quality lock, in a metal enclosure. Of course, it would't be able to make it through TSA customs, so probably not commercially viable. :-( If I worked there, I'd tone down the marketing a bit (they have blobs in their firmware, and they're based on an Intel system, they'll never satisfy some of their potential market), perhaps focus on hardware that can be built with blob-free firmware for their next model. And I'd hire LegbaCore to evaluate the hardware before they ship it, for security issues. :-) Looking forward to their next model! From blibbet at gmail.com Mon Sep 14 09:17:49 2015 From: blibbet at gmail.com (Blibbet) Date: Mon, 14 Sep 2015 09:17:49 -0700 Subject: Has someone examined the leaked Hacking Team stuff for linux/bsd 0days? In-Reply-To: <20150911071054.GA2699@sivokote.iziade.m$> References: <20150911071054.GA2699@sivokote.iziade.m$> Message-ID: <55F6F32D.7000409@gmail.com> > Has someone examined the leaked Hacking Team stuff for linux/bsd 0days? If you haven't read this blog from Intel Advanced Threat Research team (group that produces CHIPSEC tool) summarizing their UEFI malware: http://www.intelsecurity.com/advanced-threat-research/blog.html (This is more of a static web site, not a RSS/Atom-based blog site; their next blog entry might overright this, save a copy of this article before they post another blog.) In the reviews I've seen, their stuff was Windows-centric. You can dump your linux/BSD ROMs with CHIPSEC and search for Hacking Team's malware presense in your ROMs using the same techniques listed in above blog. (I haven't paying attention to the archives of the Hacking Team stuff. If anyone knows where the firmware volume binary used in the above analysis is publicly hosted, please give me an URL. Thanks!) From guninski at guninski.com Sun Sep 13 23:49:38 2015 From: guninski at guninski.com (Georgi Guninski) Date: Mon, 14 Sep 2015 09:49:38 +0300 Subject: John McAfee Runs For US President In 2016 Under Cyber Party In-Reply-To: References: <3923616.0r0mpAI9Mp@lapuntu> <20150910114126.GC2695@sivokote.iziade.m$> <55f1e097.d4668c0a.7be27.29b4@mx.google.com> <55f3bb8e.4b1c8d0a.90f36.ffff8cf5@mx.google.com> <55F44314.3080807@riseup.net> <55f48f27.4521370a.d43e0.ffffdab9@mx.google.com> <55F5B40C.5060801@riseup.net> Message-ID: <20150914064938.GB2473@sivokote.iziade.m$> On Sun, Sep 13, 2015 at 01:57:34PM -0400, John Young wrote: > Hofstadter Introduction and Chapter 1: > > https://cryptome.org/hofstadter-intro-chap-1.pdf > > The whole appears to be in Library Genesis in epub format AFAICT. From tbiehn at gmail.com Mon Sep 14 08:32:58 2015 From: tbiehn at gmail.com (Travis Biehn) Date: Mon, 14 Sep 2015 11:32:58 -0400 Subject: Privacy Respecting Laptops In-Reply-To: <55F6E481.4030608@cathalgarvey.me> References: <1442196672.2106649.382666265.23011BB0@webmail.messagingengine.com> <9E491F41-82BE-4250-ABC5-0109D3635C47@openmailbox.org> <55F6E481.4030608@cathalgarvey.me> Message-ID: What does 'privacy respecting' even mean? It's certainly a win for the FOSS crowd but FOSS isn't synonymous with 'Privacy and Security'. If a product markets itself as 'privacy respecting' (is the Librem *actually* marketed this way) then it had better back up it's claims. If someone on cpunks asks if it's a reasonable 'privacy laptop' and the answer isn't a bet-your-life on it yes, then the response should be clearly no, even if it's 'a nice *n*th step'. -Travis On Mon, Sep 14, 2015 at 11:15 AM, Cathal Garvey < cathalgarvey at cathalgarvey.me> wrote: > TBF, nobody's going to make that Privacy-Respecting laptop if people > reject the "most privacy respecting laptop so far" for not being good > enough. Because, we can keep moving the goalposts, here. > > Librem isn't perfect, and its BIOS isn't fully free. But it's free-er than > almost any other laptop being sold that's worth owning, and it even comes > with a hardware switch for some key sensors. > > I could ask for more, but bitching and rejecting the Librem because it's > not-good-enough, and buying a laptop with NO respect for me on the basis > that "I can just roll my own", continues to send the market the message > that: > > 1) Free software doesn't sell > 2) Privacy doesn't sell > > On 14/09/15 13:37, Travis Biehn wrote: > >> Oshwm: Seems reasonable. It would be cool if consumers started valuing >> privacy-oriented products, now the whole plot is lost once a company >> uses a 3rd party load balancer? Nice. >> >> "Every hardware chip individually selected for being freedom-respecting" >> Is that in the datasheet for each chip "no backdoors & 100% certified >> vulnerability free"? Does an Intel chipset laptop manufactured in >> Shenzen really count as 'thoughtful and freedom respecting'? >> >> “Getting rid of the signature checking is an important step. While it >> doesn’t give us free code for the firmware, it means that users will >> really have control of the firmware once we get free code for it.” - Dr. >> Richard M. Stallman >> >> And without signature checks how will we prevent un-solicited BIOS >> modification? >> >> Securing their Trisquel derived distro? >> >> RMS doesn't have 'robust against nation state attackers' on his platform >> for GNU. They're still just trying to get people to comply with the >> license & refer to it as 'gnu / linux'. >> >> Don't mistake a 'FOSS' laptop for a 'Privacy Laptop' just because they >> installed a switch for the webcam. The privacy stuff is just the work of >> marketing. >> >> -Travis >> >> On Mon, Sep 14, 2015 at 1:36 AM, Oshwm > > wrote: >> >> Links go via cloudflare so privacy already abused before even >> purchasing. >> >> >> On 14 September 2015 03:11:12 BST, Alfie John > > wrote: >> >> Just saw these this morning: >> >> https://www.crowdsupply.com/purism >> https://puri.sm/ >> >> Although a physical switch to kill the webcam and mic seems >> obvious, >> this is the first laptop I've seen with them built in. >> >> Overall thoughts? >> >> Alfie >> >> >> >> >> -- >> Twitter | LinkedIn >> | GitHub >> | TravisBiehn.com >> | Google Plus >> >> > > -- > Scientific Director, IndieBio EU Programme > Now running in Cork, Ireland May->July > Learn more at indie.bio and follow along! > Twitter: @onetruecathal > Phone: +353876363185 > miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM > peerio.com: cathalgarvey > -- Twitter | LinkedIn | GitHub | TravisBiehn.com | Google Plus -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 6228 bytes Desc: not available URL: From tbiehn at gmail.com Mon Sep 14 08:54:16 2015 From: tbiehn at gmail.com (Travis Biehn) Date: Mon, 14 Sep 2015 11:54:16 -0400 Subject: Privacy Respecting Laptops In-Reply-To: <55F6EB0A.8020009@cathalgarvey.me> References: <1442196672.2106649.382666265.23011BB0@webmail.messagingengine.com> <9E491F41-82BE-4250-ABC5-0109D3635C47@openmailbox.org> <55F6E481.4030608@cathalgarvey.me> <55F6EB0A.8020009@cathalgarvey.me> Message-ID: Agree that 'open source software' may very well be a prerequisite. My point being that a laptop put together to 'minimize blob use' is not necessarily the same as one put together to respect privacy. Without some evidence to the fact it should not be endorsed as such. Can someone dig up the motherboard design documents, should Librem publish them & the transparent process by which components were selected to 'respect liberty'? -Travis OT aside - If someone were to ask what laptop they should use for 'privacy' I'd personally direct them to buy a chromebook with cash at a brick and mortar, wipe & install Qubes (the pixel 2 has some outstanding specs) TAILS and so on. On Mon, Sep 14, 2015 at 11:43 AM, Cathal Garvey < cathalgarvey at cathalgarvey.me> wrote: > Absolutely, yes; If you ask first for privacy, and there is a good option > for privacy, then that's the correct answer. > > Privacy without free software is a total joke. > > Ergo, given a potentially spyware rich platform that *markets* itself as > Private, as Google, Apple and Microsoft for example *all do*, or a free > software platform which can be trivially and fairly-well rewritten to not > be spyware-rich, you choose the latter. > > It follows that for a privacy respecting laptop, you must necessarily > begin with a laptop that can, to some degree of certainty, be wiped clean > and installed with trustworthy software. > > There are many options here; the FSF certify hardware that can be as > blob-free as possible. There are also lots of pitfalls, because the Linux > architecture in many places implicitly trusts the intentions of device > firmwares; it's likely that memory checks aren't implemented well enough on > so many layers that you can never be sure without literally CMOSing your > own device control hardware. > > Given all these options and pitfalls, draw a "sanity line" somewhere and > pick some hardware that lets you do modern stuff without torturously long > waits. In that short-list, the Librem still ranks quite well, I feel. > > On 14/09/15 16:32, Travis Biehn wrote: > >> What does 'privacy respecting' even mean? >> >> It's certainly a win for the FOSS crowd but FOSS isn't synonymous with >> 'Privacy and Security'. >> >> If a product markets itself as 'privacy respecting' (is the Librem >> /actually/ marketed this way) then it had better back up it's claims. >> >> If someone on cpunks asks if it's a reasonable 'privacy laptop' and the >> answer isn't a bet-your-life on it yes, then the response should be >> clearly no, even if it's 'a nice /n/th step'. >> >> -Travis >> >> On Mon, Sep 14, 2015 at 11:15 AM, Cathal Garvey >> > >> wrote: >> >> TBF, nobody's going to make that Privacy-Respecting laptop if people >> reject the "most privacy respecting laptop so far" for not being >> good enough. Because, we can keep moving the goalposts, here. >> >> Librem isn't perfect, and its BIOS isn't fully free. But it's >> free-er than almost any other laptop being sold that's worth owning, >> and it even comes with a hardware switch for some key sensors. >> >> I could ask for more, but bitching and rejecting the Librem because >> it's not-good-enough, and buying a laptop with NO respect for me on >> the basis that "I can just roll my own", continues to send the >> market the message that: >> >> 1) Free software doesn't sell >> 2) Privacy doesn't sell >> >> On 14/09/15 13:37, Travis Biehn wrote: >> >> Oshwm: Seems reasonable. It would be cool if consumers started >> valuing >> privacy-oriented products, now the whole plot is lost once a >> company >> uses a 3rd party load balancer? Nice. >> >> "Every hardware chip individually selected for being >> freedom-respecting" >> Is that in the datasheet for each chip "no backdoors & 100% >> certified >> vulnerability free"? Does an Intel chipset laptop manufactured in >> Shenzen really count as 'thoughtful and freedom respecting'? >> >> “Getting rid of the signature checking is an important step. >> While it >> doesn’t give us free code for the firmware, it means that users >> will >> really have control of the firmware once we get free code for >> it.” - Dr. >> Richard M. Stallman >> >> And without signature checks how will we prevent un-solicited BIOS >> modification? >> >> Securing their Trisquel derived distro? >> >> RMS doesn't have 'robust against nation state attackers' on his >> platform >> for GNU. They're still just trying to get people to comply with >> the >> license & refer to it as 'gnu / linux'. >> >> Don't mistake a 'FOSS' laptop for a 'Privacy Laptop' just >> because they >> installed a switch for the webcam. The privacy stuff is just the >> work of >> marketing. >> >> -Travis >> >> On Mon, Sep 14, 2015 at 1:36 AM, Oshwm > >> >> >> wrote: >> >> Links go via cloudflare so privacy already abused before even >> purchasing. >> >> >> On 14 September 2015 03:11:12 BST, Alfie John >> >> >> >> wrote: >> >> Just saw these this morning: >> >> https://www.crowdsupply.com/purism >> https://puri.sm/ >> >> Although a physical switch to kill the webcam and mic >> seems obvious, >> this is the first laptop I've seen with them built in. >> >> Overall thoughts? >> >> Alfie >> >> >> >> >> -- >> Twitter | LinkedIn >> | GitHub >> | TravisBiehn.com >> | Google Plus >> >> >> >> -- >> Scientific Director, IndieBio EU Programme >> Now running in Cork, Ireland May->July >> Learn more at indie.bio and follow along! >> Twitter: @onetruecathal >> Phone: +353876363185 >> miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM >> peerio.com : cathalgarvey >> >> >> >> >> -- >> Twitter | LinkedIn >> | GitHub >> | TravisBiehn.com >> | Google Plus >> >> > > -- > Scientific Director, IndieBio EU Programme > Now running in Cork, Ireland May->July > Learn more at indie.bio and follow along! > Twitter: @onetruecathal > Phone: +353876363185 > miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM > peerio.com: cathalgarvey > -- Twitter | LinkedIn | GitHub | TravisBiehn.com | Google Plus -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 11061 bytes Desc: not available URL: From alfiej at fastmail.fm Sun Sep 13 19:11:12 2015 From: alfiej at fastmail.fm (Alfie John) Date: Mon, 14 Sep 2015 12:11:12 +1000 Subject: Privacy Respecting Laptops Message-ID: <1442196672.2106649.382666265.23011BB0@webmail.messagingengine.com> Just saw these this morning: https://www.crowdsupply.com/purism https://puri.sm/ Although a physical switch to kill the webcam and mic seems obvious, this is the first laptop I've seen with them built in. Overall thoughts? Alfie -- Alfie John alfiej at fastmail.fm From muntudebugger at gmail.com Mon Sep 14 02:37:40 2015 From: muntudebugger at gmail.com (Muntu Debugger) Date: Mon, 14 Sep 2015 12:37:40 +0300 Subject: Cryptography beyond the 5 senses Message-ID: Take on the challenge! can society be influenced with out the 5 senses? dilligently study this; http://j.mp/Diplomat101 and give your take. cheers Muntu -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 275 bytes Desc: not available URL: From jya at pipeline.com Mon Sep 14 12:40:39 2015 From: jya at pipeline.com (John Young) Date: Mon, 14 Sep 2015 15:40:39 -0400 Subject: John McAfee Runs For US President In 2016 Under Cyber Party In-Reply-To: <55F6E283.2060001@riseup.net> References: <3923616.0r0mpAI9Mp@lapuntu> <20150910114126.GC2695@sivokote.iziade.m$> <55f1e097.d4668c0a.7be27.29b4@mx.google.com> <55f3bb8e.4b1c8d0a.90f36.ffff8cf5@mx.google.com> <55F44314.3080807@riseup.net> <55f48f27.4521370a.d43e0.ffffdab9@mx.google.com> <55F5B40C.5060801@riseup.net> <20150914064938.GB2473@sivokote.iziade.m$> <55F6E283.2060001@riseup.net> Message-ID: The entire Hofstadter "The American Political Tradition" https://cryptome.org/2015/09/hofstadter-american-political-tradition.pdf (420 pp, 35MB) At 11:06 AM 9/14/2015, Razer wrote: >On 09/13/2015 11:49 PM, Georgi Guninski wrote: > > On Sun, Sep 13, 2015 at 01:57:34PM -0400, John Young wrote: > >> Hofstadter Introduction and Chapter 1: > >> > >> https://cryptome.org/hofstadter-intro-chap-1.pdf > >> > >> > > The whole appears to be in Library Genesis in epub > > format AFAICT. > > > > > >A search for the author's name turned up his other noted works: > >Richard Hofstadter Social Darwinism in American Thought, 1992 > >Richard Hofstadter The Paranoid Style in American Politics: And >Other Essays, 1996 > > >...and a book title search turned up nothing. > > From blibbet at gmail.com Mon Sep 14 15:51:47 2015 From: blibbet at gmail.com (Blibbet) Date: Mon, 14 Sep 2015 15:51:47 -0700 Subject: Privacy Respecting Laptops In-Reply-To: <55F703E3.4000007@openmailbox.org> References: <1442196672.2106649.382666265.23011BB0@webmail.messagingengine.com> <9E491F41-82BE-4250-ABC5-0109D3635C47@openmailbox.org> <55F6E481.4030608@cathalgarvey.me> <55F6F142.4010104@gmail.com> <55F703E3.4000007@openmailbox.org> Message-ID: <55F74F83.3060401@gmail.com> On 09/14/2015 10:29 AM, oshwm wrote: > Maybe manufacturers aren't sure what they should be building in order to > genuinely and honestly be able to market as 'Respects Your Privacy'. > It sounds simple but when you look at the ultimate level of privacy > protection then you are talking about open source hardware, software and > manufacturing processes and proper auditing of all of these. > For a company to manufacture and market a device under these conditions > is likely to be hideously expensive and have a very small customer base > who are willing to pay such a large price in cash terms. > What might be a good idea is for a community such as this one to create > some sort of scale which describes the methods, materials and processes > to achieve some sort of scoring which would range from 'NSA Spying > Device' (0 out of 10) to 'Complete Privacy Protection' (10 out of 10). > This would then allow manufacturers to work to a specific score and > advertise as such. I agree, the FSF RSF program could do more to work OEMs/IHVs and get the message out about their program. But while GPL/GNU platform is nice, RMS doesn't seem to care for Open Source Hardware, just Free Software, so I'm not sure FSF RSF program can be the only source of guidance for OEMs/IHVs. FSF has nearly no specific OEM/IHV advice for "Free Hardware". Except to make it GPLv3. It seems to me that OSHWA doesn't seem to focus on firmware, nor -- it seems to me -- much for business systems. The other open hardware group also doesn't seem to doing much in this area. Today, the main org focusing on 'open hardware' for enterprise systems appears to be Open Compute Project, which is currently a UEFI-centric project. No citizen-centric, privacy+security-centric profile in OCP. I agree, FOSS OS vendors -- Linux Foundation, FreeBSD Foundation, etc. -- should offer some advise to OEMs/IHVs/IBVs as to how to build a decent Linux/BSD-friendly BIOS. Including things like "declarative ACPI", eg, no WBPT tables with Windows binaries in them, other Windows-centric ACPI tables that Linux/BSD doesn't use. The other day on a linaro or edk2 list, some engineers from Red Hat were talking about their decision for what to do with ACPI for Linux for a particular table. This should be thought out for all modern ACPI tables. As well as SecureBoot OS defaults and MSFT keys, and use of coreboot or U-Boot instead of UEFI, in some cases. A list of ARM and Intel and AMD features that can be removed or opted-out or not added, or not enabled, and what privacy/freedom and security case does it help/hinder would be nice. Requiring vendors to provide a changelog, list of all modules/payloads/drivers embedded in firmware image, along with OSCP/CRL URLs for signed code verification. Right now, most people don't know what features their firmware has. Pre-sales data technical data from OEMs/IHVs is terrible w/r/t firmware, they only cover hardware and software. What tools to include or not include in silicon/firmware, like Absolute.com's Persistence, or remote management software (including IPMI, Redfish, DASH/SMASH, etc.) Re: classifications, for UEFI, there already are 3 classes of systems, BIOS-only, hybid BIOS/UEFI, and UEFI-only. UEFI aside, there is TCG Measured Boot, Trused Boot, Solaris Verified Boot, Android Verified Boot, Chrome Verified Boot (Class A and Class B), U-Boot Verified Boot, and other security technologies. It would be nice to have some crypto research comparing the strengths of all modern secure/verified/trusted/measured/etc flavors of boots. And given how crypto is core to trust in most of these, some don't enable any way for user to verify trust, no CRL/OSCP URLs. We have to 'trust' that the firmware's CAs are not behaving like Diginotar. One consumer feature should be the ability to test all keys for validity. There are 3 NIST docs for BIOS recommendations for OEMS/IHVs/IBVs/OSVs for BIOS security: NIST SP800-147, SP800-147b, and SP800-155. NIST guidelines are rather abstract, no pragmatic best practices. The 147 Provisioning stage is something that, as I read the spec, is probably not something that most OEM systems today, especially not the 'golden master' extra level of security, which requires -- as I understand it -- full source to your firmware. There is also CommonCriteria/NSA/IAP BIOS Update Protection Profile (which no vendors meet, AFAIK). Nice read for BIOS attack model perspective. None of the NIST/NSA docs refer to Intel CHIPSEC. UEFI Forum recommends Intel UEFI OEMs run CHIPSEC to test their systems for security. Hard to believe any enterprise sysadmins are following NIST firmware platform lifecycle model, if they don't know what tools to use. :-) Intel CHIPSEC only works on Intel systems, not x86 clones (AMD, etc.), so no similar firmware security tools for other systems. Linaro may port CHIPSEC to AArch64, they expressed an interest a few months ago, but nothing since then. And no interest, apparently, in AArch32. If no port, what other firmware vulnerability assessment tools are there? Intel CHIPSEC only works on new systems, no tests for older Intel systems. No CHIPSEC for Itanium, either. :-) Without tools that check for the latest vulnerabilities (i.e., the ones that security researchers talked about at last years' DEF CON), the systems won't be built securely. I presume we need more help from FSF, Linux Foundation, OSHWA, and other related orgs, to direct and concentrate 'crowd funding' for efforts to build new Free/Open Hardware (FOHW), like Bunnie has started doing. RMS blessed CrowdSupply as the official source of crowd funding. A baseband chip -- or some SDR equivalent -- for phones would be nice; IMO, OSMOCOMBB isn't progressing fast enough. For years, OEMs/IHVs got a lot of input from Microsoft. For each new OS release, MS had a spec for that year's Windows Desktop/Laptop PC and for the Windows Server PC. FOSS OS vendors, or other communities-of-interest (like privacy-centric cypherpunks) don't give OEMs/IHVs any advice. The Windows Hardware logo, and ability to license/sell Windows, is a great set of carrots. FOSS is free, so no license deals, but community could include a logo program with the guidelines. I'm not aware of much non-Windows advise to OEMs/IHVs like this, besides a few Linux Foundation programs (Carrier Grade Linux, etc.). And none that are updated each year with current hardware/bus/peripheral trends and updates defaults for memory or other new advise from last year (like VM advise after this year's DEF CON). Perhaps an annual award for vendors, to help motivate them, best and worst award. Bunnie wins and Lenovo loses this year, maybe Purism wins next year. As an example, the privacy-centric Italian-based group the "Winston Smith Project" has an annual award for best misuse of privacy by a vendor. From cathalgarvey at cathalgarvey.me Mon Sep 14 08:15:13 2015 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Mon, 14 Sep 2015 16:15:13 +0100 Subject: Privacy Respecting Laptops In-Reply-To: References: <1442196672.2106649.382666265.23011BB0@webmail.messagingengine.com> <9E491F41-82BE-4250-ABC5-0109D3635C47@openmailbox.org> Message-ID: <55F6E481.4030608@cathalgarvey.me> TBF, nobody's going to make that Privacy-Respecting laptop if people reject the "most privacy respecting laptop so far" for not being good enough. Because, we can keep moving the goalposts, here. Librem isn't perfect, and its BIOS isn't fully free. But it's free-er than almost any other laptop being sold that's worth owning, and it even comes with a hardware switch for some key sensors. I could ask for more, but bitching and rejecting the Librem because it's not-good-enough, and buying a laptop with NO respect for me on the basis that "I can just roll my own", continues to send the market the message that: 1) Free software doesn't sell 2) Privacy doesn't sell On 14/09/15 13:37, Travis Biehn wrote: > Oshwm: Seems reasonable. It would be cool if consumers started valuing > privacy-oriented products, now the whole plot is lost once a company > uses a 3rd party load balancer? Nice. > > "Every hardware chip individually selected for being freedom-respecting" > Is that in the datasheet for each chip "no backdoors & 100% certified > vulnerability free"? Does an Intel chipset laptop manufactured in > Shenzen really count as 'thoughtful and freedom respecting'? > > “Getting rid of the signature checking is an important step. While it > doesn’t give us free code for the firmware, it means that users will > really have control of the firmware once we get free code for it.” - Dr. > Richard M. Stallman > > And without signature checks how will we prevent un-solicited BIOS > modification? > > Securing their Trisquel derived distro? > > RMS doesn't have 'robust against nation state attackers' on his platform > for GNU. They're still just trying to get people to comply with the > license & refer to it as 'gnu / linux'. > > Don't mistake a 'FOSS' laptop for a 'Privacy Laptop' just because they > installed a switch for the webcam. The privacy stuff is just the work of > marketing. > > -Travis > > On Mon, Sep 14, 2015 at 1:36 AM, Oshwm > wrote: > > Links go via cloudflare so privacy already abused before even > purchasing. > > > On 14 September 2015 03:11:12 BST, Alfie John > wrote: > > Just saw these this morning: > > https://www.crowdsupply.com/purism > https://puri.sm/ > > Although a physical switch to kill the webcam and mic seems obvious, > this is the first laptop I've seen with them built in. > > Overall thoughts? > > Alfie > > > > > -- > Twitter | LinkedIn > | GitHub > | TravisBiehn.com > | Google Plus > -- Scientific Director, IndieBio EU Programme Now running in Cork, Ireland May->July Learn more at indie.bio and follow along! Twitter: @onetruecathal Phone: +353876363185 miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM peerio.com: cathalgarvey From cathalgarvey at cathalgarvey.me Mon Sep 14 08:43:06 2015 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Mon, 14 Sep 2015 16:43:06 +0100 Subject: Privacy Respecting Laptops In-Reply-To: References: <1442196672.2106649.382666265.23011BB0@webmail.messagingengine.com> <9E491F41-82BE-4250-ABC5-0109D3635C47@openmailbox.org> <55F6E481.4030608@cathalgarvey.me> Message-ID: <55F6EB0A.8020009@cathalgarvey.me> Absolutely, yes; If you ask first for privacy, and there is a good option for privacy, then that's the correct answer. Privacy without free software is a total joke. Ergo, given a potentially spyware rich platform that *markets* itself as Private, as Google, Apple and Microsoft for example *all do*, or a free software platform which can be trivially and fairly-well rewritten to not be spyware-rich, you choose the latter. It follows that for a privacy respecting laptop, you must necessarily begin with a laptop that can, to some degree of certainty, be wiped clean and installed with trustworthy software. There are many options here; the FSF certify hardware that can be as blob-free as possible. There are also lots of pitfalls, because the Linux architecture in many places implicitly trusts the intentions of device firmwares; it's likely that memory checks aren't implemented well enough on so many layers that you can never be sure without literally CMOSing your own device control hardware. Given all these options and pitfalls, draw a "sanity line" somewhere and pick some hardware that lets you do modern stuff without torturously long waits. In that short-list, the Librem still ranks quite well, I feel. On 14/09/15 16:32, Travis Biehn wrote: > What does 'privacy respecting' even mean? > > It's certainly a win for the FOSS crowd but FOSS isn't synonymous with > 'Privacy and Security'. > > If a product markets itself as 'privacy respecting' (is the Librem > /actually/ marketed this way) then it had better back up it's claims. > > If someone on cpunks asks if it's a reasonable 'privacy laptop' and the > answer isn't a bet-your-life on it yes, then the response should be > clearly no, even if it's 'a nice /n/th step'. > > -Travis > > On Mon, Sep 14, 2015 at 11:15 AM, Cathal Garvey > > wrote: > > TBF, nobody's going to make that Privacy-Respecting laptop if people > reject the "most privacy respecting laptop so far" for not being > good enough. Because, we can keep moving the goalposts, here. > > Librem isn't perfect, and its BIOS isn't fully free. But it's > free-er than almost any other laptop being sold that's worth owning, > and it even comes with a hardware switch for some key sensors. > > I could ask for more, but bitching and rejecting the Librem because > it's not-good-enough, and buying a laptop with NO respect for me on > the basis that "I can just roll my own", continues to send the > market the message that: > > 1) Free software doesn't sell > 2) Privacy doesn't sell > > On 14/09/15 13:37, Travis Biehn wrote: > > Oshwm: Seems reasonable. It would be cool if consumers started > valuing > privacy-oriented products, now the whole plot is lost once a company > uses a 3rd party load balancer? Nice. > > "Every hardware chip individually selected for being > freedom-respecting" > Is that in the datasheet for each chip "no backdoors & 100% > certified > vulnerability free"? Does an Intel chipset laptop manufactured in > Shenzen really count as 'thoughtful and freedom respecting'? > > “Getting rid of the signature checking is an important step. > While it > doesn’t give us free code for the firmware, it means that users will > really have control of the firmware once we get free code for > it.” - Dr. > Richard M. Stallman > > And without signature checks how will we prevent un-solicited BIOS > modification? > > Securing their Trisquel derived distro? > > RMS doesn't have 'robust against nation state attackers' on his > platform > for GNU. They're still just trying to get people to comply with the > license & refer to it as 'gnu / linux'. > > Don't mistake a 'FOSS' laptop for a 'Privacy Laptop' just > because they > installed a switch for the webcam. The privacy stuff is just the > work of > marketing. > > -Travis > > On Mon, Sep 14, 2015 at 1:36 AM, Oshwm > >> > wrote: > > Links go via cloudflare so privacy already abused before even > purchasing. > > > On 14 September 2015 03:11:12 BST, Alfie John > > >> wrote: > > Just saw these this morning: > > https://www.crowdsupply.com/purism > https://puri.sm/ > > Although a physical switch to kill the webcam and mic > seems obvious, > this is the first laptop I've seen with them built in. > > Overall thoughts? > > Alfie > > > > > -- > Twitter | LinkedIn > | GitHub > | TravisBiehn.com > | Google Plus > > > > -- > Scientific Director, IndieBio EU Programme > Now running in Cork, Ireland May->July > Learn more at indie.bio and follow along! > Twitter: @onetruecathal > Phone: +353876363185 > miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM > peerio.com : cathalgarvey > > > > > -- > Twitter | LinkedIn > | GitHub > | TravisBiehn.com > | Google Plus > -- Scientific Director, IndieBio EU Programme Now running in Cork, Ireland May->July Learn more at indie.bio and follow along! Twitter: @onetruecathal Phone: +353876363185 miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM peerio.com: cathalgarvey From rysiek at hackerspace.pl Mon Sep 14 09:05:03 2015 From: rysiek at hackerspace.pl (rysiek) Date: Mon, 14 Sep 2015 18:05:03 +0200 Subject: John McAfee Runs For US President In 2016 Under Cyber Party In-Reply-To: <55f5f197.66168c0a.ad40f.5880@mx.google.com> References: <55F5B40C.5060801@riseup.net> <55f5f197.66168c0a.ad40f.5880@mx.google.com> Message-ID: <3039361.NNeJKgMHYJ@lapuntu> Dnia niedziela, 13 września 2015 19:03:07 Juan pisze: > > Checked it before sending and just now. Link works. Ghostserv shows no > > trackers at all on the page. Perhaps it's your browser, or something > > related... > > Yes, there's something wrong here, my bad. https://mega.nz > doesn't load either (investigating...) Try the Tor Browser. :) -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From oshwm at openmailbox.org Mon Sep 14 10:29:07 2015 From: oshwm at openmailbox.org (oshwm) Date: Mon, 14 Sep 2015 18:29:07 +0100 Subject: Privacy Respecting Laptops In-Reply-To: <55F6F142.4010104@gmail.com> References: <1442196672.2106649.382666265.23011BB0@webmail.messagingengine.com> <9E491F41-82BE-4250-ABC5-0109D3635C47@openmailbox.org> <55F6E481.4030608@cathalgarvey.me> <55F6F142.4010104@gmail.com> Message-ID: <55F703E3.4000007@openmailbox.org> Maybe manufacturers aren't sure what they should be building in order to genuinely and honestly be able to market as 'Respects Your Privacy'. It sounds simple but when you look at the ultimate level of privacy protection then you are talking about open source hardware, software and manufacturing processes and proper auditing of all of these. For a company to manufacture and market a device under these conditions is likely to be hideously expensive and have a very small customer base who are willing to pay such a large price in cash terms. What might be a good idea is for a community such as this one to create some sort of scale which describes the methods, materials and processes to achieve some sort of scoring which would range from 'NSA Spying Device' (0 out of 10) to 'Complete Privacy Protection' (10 out of 10). This would then allow manufacturers to work to a specific score and advertise as such. cheers, oshwm. On 14/09/15 17:09, Blibbet wrote: >>> Librem isn't perfect, and its BIOS isn't fully free. But it's free-er > than >>> almost any other laptop being sold that's worth owning, and it even comes >>> with a hardware switch for some key sensors. >> If a product markets itself as 'privacy respecting' (is the Librem >> *actually* marketed this way) then it had better back up it's claims. > Regardless of the way the marketing team is spinning things, they > supposedly have 3 firmware developers trying to make a difference. > Outside Bunnie Studios, I don't know of another OEM that is trying to > help with this niche market with new hardware (not including refurbished > Thinkpads). So I respect that effort. Not sure they'll fully succeed in > this model, but perhaps a few models later they will have some decent boxes. > > It sounds like they have a source license to Intel's Firmware Support > Package (FSP), and are modifying it to disable some silicon/firmware > features. The results will still be closed-source. > > Today, nearly all Intel systems are 100% closed-source firmware, via > IBVs (Phoenix, AMI, Insyde, and OEMs). Some AMD and ARM systems could > provide blob-free firmware. If used in conjunction with fully open > source OS/app stack, then you might be able to trust it. > > Today, I don't see how you can trust any keys/certs in any of the > Trusted/Verified/Measured/etc boots, most of the solutions don't seem to > have any way for the owner/user to verify, eg, no CRL/OSCP keys. My > reading of NIST SP80-147's seems to imply that sysadmins need to be able > to verify things, but that doesn't seem viable today. > > While Purism's marketing may be a bit overboard, I'm hopeful that > they're trying. Maybe their next model will use the new RISC-V Raven3 > chip, with U-Boot Verified Boot, and ship with full source to > CPU/firmware/enclosure, firmware, OS, and apps. To get to that point, > we'll probably need to help them fund this current Intel model, to keep > Purism alive.... > > I am not sure why they they need to create yet-another privacy-centric > OS, PureOS, and focus on improving and using Qubes/TAILs/Trisqel/Mempo/etc. > > They're apparently working on a Free Software fork of FSP. I wish this > was a shared effort with many more free software developers, perhaps > managed by FSF or Linux Foundation, not just a single OEM. More than one > Linux OEM could benefit from such an effort, most of them still use COTS > 100% closed-source IBVs. > > Can the current Intel-based solution get certified by the FSF > RespectYourFreedom program? I'm not sure. > > Whatever happens with what they do to the FSP and Intel silicon, if the > result is less secure to attackers, that'll be an issue. Many who care > about personal freedom and detest blobs seem to ignore security. But > Purism cares about privacy and security, so they have to try and deal > with both issues. Disabling BootGuard in updated FSP may make it more > configurable, but less secure, it seems. Their web site has fancy > graphics and tables. I hope they create a list of FSP modifications so > we can see what security holes the system may have. > > I like the kill switch. I'd go further: since many firmware attacks come > through suspend/resume, I'd rather just disable that at the HW/FW/OS > levels. I'd like to have a fully-lockable enclosure in a laptop, which > can cover exposed ports, with a good quality lock, in a metal enclosure. > Of course, it would't be able to make it through TSA customs, so > probably not commercially viable. :-( > > If I worked there, I'd tone down the marketing a bit (they have blobs in > their firmware, and they're based on an Intel system, they'll never > satisfy some of their potential market), perhaps focus on hardware that > can be built with blob-free firmware for their next model. And I'd hire > LegbaCore to evaluate the hardware before they ship it, for security > issues. :-) > > Looking forward to their next model! > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From Rayzer at riseup.net Mon Sep 14 12:41:49 2015 From: Rayzer at riseup.net (Razer) Date: Mon, 14 Sep 2015 19:41:49 +0000 Subject: John McAfee Runs For US President In 2016 Under Cyber Party In-Reply-To: References: <3923616.0r0mpAI9Mp@lapuntu> <20150910114126.GC2695@sivokote.iziade.m$> <55f1e097.d4668c0a.7be27.29b4@mx.google.com> <55f3bb8e.4b1c8d0a.90f36.ffff8cf5@mx.google.com> <55F44314.3080807@riseup.net> <55f48f27.4521370a.d43e0.ffffdab9@mx.google.com> <55F5B40C.5060801@riseup.net> <20150914064938.GB2473@sivokote.iziade.m$> <55F6E283.2060001@riseup.net> Message-ID: <55F722FD.4070702@riseup.net> Thanks! On 09/14/2015 07:40 PM, John Young wrote: > The entire Hofstadter "The American Political Tradition" > > https://cryptome.org/2015/09/hofstadter-american-political-tradition.pdf > (420 pp, 35MB) > > > At 11:06 AM 9/14/2015, Razer wrote: > > >> On 09/13/2015 11:49 PM, Georgi Guninski wrote: >> > On Sun, Sep 13, 2015 at 01:57:34PM -0400, John Young wrote: >> >> Hofstadter Introduction and Chapter 1: >> >> >> >> https://cryptome.org/hofstadter-intro-chap-1.pdf >> >> >> >> >> > The whole appears to be in Library Genesis in epub >> > format AFAICT. >> > >> > >> >> A search for the author's name turned up his other noted works: >> >> Richard Hofstadter Social Darwinism in American Thought, 1992 >> >> Richard Hofstadter The Paranoid Style in American Politics: And >> Other Essays, 1996 >> >> >> ...and a book title search turned up nothing. >> >> > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: From juan.g71 at gmail.com Mon Sep 14 16:10:17 2015 From: juan.g71 at gmail.com (Juan) Date: Mon, 14 Sep 2015 20:10:17 -0300 Subject: John McAfee Runs For US President In 2016 Under Cyber Party In-Reply-To: <3039361.NNeJKgMHYJ@lapuntu> References: <55F5B40C.5060801@riseup.net> <55f5f197.66168c0a.ad40f.5880@mx.google.com> <3039361.NNeJKgMHYJ@lapuntu> Message-ID: <55f752d0.caef8c0a.b7285.0c65@mx.google.com> On Mon, 14 Sep 2015 18:05:03 +0200 rysiek wrote: > Dnia niedziela, 13 września 2015 19:03:07 Juan pisze: > > > Checked it before sending and just now. Link works. Ghostserv > > > shows no trackers at all on the page. Perhaps it's your browser, > > > or something related... > > > > Yes, there's something wrong here, my bad. https://mega.nz > > doesn't load either (investigating...) > > Try the Tor Browser. :) > I tried it. With js enabled globally. Same thing. A bunch of different circuits. None works. Pretty weird. From jahlove at riseup.net Mon Sep 14 16:18:55 2015 From: jahlove at riseup.net (Jah Love) Date: Mon, 14 Sep 2015 23:18:55 +0000 Subject: Libreboot+Tails creates the best current balance of freedom & privacy on a Laptop [was Re: Privacy Respecting Laptops] In-Reply-To: <55F703E3.4000007@openmailbox.org> References: <1442196672.2106649.382666265.23011BB0@webmail.messagingengine.com> <9E491F41-82BE-4250-ABC5-0109D3635C47@openmailbox.org> <55F6E481.4030608@cathalgarvey.me> <55F6F142.4010104@gmail.com> <55F703E3.4000007@openmailbox.org> Message-ID: <20150914231855.7dfc3cd1@riseup.net> I think that the best privacy respecting laptop around would be a Libreboot computer that has the camera, microphone, and harddrive physically removed and runs Tails on a DVD so that neither the operating system nor the BIOS can be altered without physical access to the computer. The version of Libreboot on the laptop must be write protected, which would mean that updates would need to be externally flashed to the BIOS chip, but this prevents any attempted BIOS alteration from happening via software. Tamper proof stickers or glitter nailpolish could be applied to detect whether the device has been opened while out of your possession. There's no way to flash the Bios chip without opening the device. Preferences and files that the user wants to keep across amnesiac sessions would be saved on a LUKS encrypted USB thumb-drive. Libreboot will soon have reproducible builds which would allow users to compare the Libreboot ROM on their device against the reproducible build of the ROM. I would suggest that all Libreboot supported motherboards should be x-rayed and the x-rays should be published online under creative commons licenses so that users could have their own motherboards x-rayed to provide some sort of hardware verifiability which is currently very much lacking. Here's more info about Libreboot, which is a Coreboot fork that takes out all of Coreboot's proprietary blobs: http://libreboot.org/faq/ Here's the Free Software Foundation's announcement that the Libreboot x200 earned their Respect Your Freedom certification https://www.fsf.org/news/libreboot-x200-laptop-now-fsf-certified-to-respect-your-freedom Laptops that run Libreboot with operating systems that don't comply with the GNU Free System Distribution Guidelines (GNU FSDG) https://www.gnu.org/distros/free-system-distribution-guidelines.html don't have FSF's RYF certification. https://www.fsf.org/resources/hw/endorsement/respects-your-freedom So until Tails creates a version that complies with the GNU FSDG or until someone creates an operating system forked of a Free Distro https://www.gnu.org/distros/free-distros.html that has all of Tails' security features included we are all stuck with having to chose between security and freedom in our operating systems. We can code our way out of this false dichotomy though, if we want it. https://labs.riseup.net/code/issues/5393 https://mailman.boum.org/pipermail/tails-dev/2015-June/009023.html https://mailman.boum.org/pipermail/tails-dev/2015-June/009024.html If you believe that the security features in Tails aren't worth the trade off of having fully free software or if you believe that Tails running as a DVD instead of a USB stick isn't necessary, it is important to also note that Libreboot's GRUB payload allows you to boot fully encrypted harddrives and USB live systems by decrypting them within the GRUB instance on your Bios chip and then booting the decrypted OS. This means that the boot sector on the operating system or USB live system can now also be fully encrypted when not in use. Does anyone on this list think that Librem+PureOS is more free & secure than Libreboot+Tails as I described it here? Peace & Blessings, Jah Love On Mon, 14 Sep 2015 18:29:07 +0100 oshwm wrote: > Maybe manufacturers aren't sure what they should be building in order to > genuinely and honestly be able to market as 'Respects Your Privacy'. > It sounds simple but when you look at the ultimate level of privacy > protection then you are talking about open source hardware, software and > manufacturing processes and proper auditing of all of these. > For a company to manufacture and market a device under these conditions > is likely to be hideously expensive and have a very small customer base > who are willing to pay such a large price in cash terms. > What might be a good idea is for a community such as this one to create > some sort of scale which describes the methods, materials and processes > to achieve some sort of scoring which would range from 'NSA Spying > Device' (0 out of 10) to 'Complete Privacy Protection' (10 out of 10). > This would then allow manufacturers to work to a specific score and > advertise as such. > > cheers, > oshwm. > > On 14/09/15 17:09, Blibbet wrote: > >>> Librem isn't perfect, and its BIOS isn't fully free. But it's free-er > > than > >>> almost any other laptop being sold that's worth owning, and it even comes > >>> with a hardware switch for some key sensors. > >> If a product markets itself as 'privacy respecting' (is the Librem > >> *actually* marketed this way) then it had better back up it's claims. > > Regardless of the way the marketing team is spinning things, they > > supposedly have 3 firmware developers trying to make a difference. > > Outside Bunnie Studios, I don't know of another OEM that is trying to > > help with this niche market with new hardware (not including refurbished > > Thinkpads). So I respect that effort. Not sure they'll fully succeed in > > this model, but perhaps a few models later they will have some decent boxes. > > > > It sounds like they have a source license to Intel's Firmware Support > > Package (FSP), and are modifying it to disable some silicon/firmware > > features. The results will still be closed-source. > > > > Today, nearly all Intel systems are 100% closed-source firmware, via > > IBVs (Phoenix, AMI, Insyde, and OEMs). Some AMD and ARM systems could > > provide blob-free firmware. If used in conjunction with fully open > > source OS/app stack, then you might be able to trust it. > > > > Today, I don't see how you can trust any keys/certs in any of the > > Trusted/Verified/Measured/etc boots, most of the solutions don't seem to > > have any way for the owner/user to verify, eg, no CRL/OSCP keys. My > > reading of NIST SP80-147's seems to imply that sysadmins need to be able > > to verify things, but that doesn't seem viable today. > > > > While Purism's marketing may be a bit overboard, I'm hopeful that > > they're trying. Maybe their next model will use the new RISC-V Raven3 > > chip, with U-Boot Verified Boot, and ship with full source to > > CPU/firmware/enclosure, firmware, OS, and apps. To get to that point, > > we'll probably need to help them fund this current Intel model, to keep > > Purism alive.... > > > > I am not sure why they they need to create yet-another privacy-centric > > OS, PureOS, and focus on improving and using Qubes/TAILs/Trisqel/Mempo/etc. > > > > They're apparently working on a Free Software fork of FSP. I wish this > > was a shared effort with many more free software developers, perhaps > > managed by FSF or Linux Foundation, not just a single OEM. More than one > > Linux OEM could benefit from such an effort, most of them still use COTS > > 100% closed-source IBVs. > > > > Can the current Intel-based solution get certified by the FSF > > RespectYourFreedom program? I'm not sure. > > > > Whatever happens with what they do to the FSP and Intel silicon, if the > > result is less secure to attackers, that'll be an issue. Many who care > > about personal freedom and detest blobs seem to ignore security. But > > Purism cares about privacy and security, so they have to try and deal > > with both issues. Disabling BootGuard in updated FSP may make it more > > configurable, but less secure, it seems. Their web site has fancy > > graphics and tables. I hope they create a list of FSP modifications so > > we can see what security holes the system may have. > > > > I like the kill switch. I'd go further: since many firmware attacks come > > through suspend/resume, I'd rather just disable that at the HW/FW/OS > > levels. I'd like to have a fully-lockable enclosure in a laptop, which > > can cover exposed ports, with a good quality lock, in a metal enclosure. > > Of course, it would't be able to make it through TSA customs, so > > probably not commercially viable. :-( > > > > If I worked there, I'd tone down the marketing a bit (they have blobs in > > their firmware, and they're based on an Intel system, they'll never > > satisfy some of their potential market), perhaps focus on hardware that > > can be built with blob-free firmware for their next model. And I'd hire > > LegbaCore to evaluate the hardware before they ship it, for security > > issues. :-) > > > > Looking forward to their next model! > > > > From guninski at guninski.com Mon Sep 14 22:24:28 2015 From: guninski at guninski.com (Georgi Guninski) Date: Tue, 15 Sep 2015 08:24:28 +0300 Subject: Has someone examined the leaked Hacking Team stuff for linux/bsd 0days? In-Reply-To: <55F6F32D.7000409@gmail.com> References: <20150911071054.GA2699@sivokote.iziade.m$> <55F6F32D.7000409@gmail.com> Message-ID: <20150915052428.GA2679@sivokote.iziade.m$> On Mon, Sep 14, 2015 at 09:17:49AM -0700, Blibbet wrote: > (I haven't paying attention to the archives of the Hacking Team stuff. > If anyone knows where the firmware volume binary used in the above > analysis is publicly hosted, please give me an URL. Thanks!) Maybe the links here are related: http://leaksource.info/category/hacking-team/ Some signing? certs in windoze format: https://github.com/hackedteam/GeoTrust From guninski at guninski.com Mon Sep 14 23:39:40 2015 From: guninski at guninski.com (Georgi Guninski) Date: Tue, 15 Sep 2015 09:39:40 +0300 Subject: Has someone examined the leaked Hacking Team stuff for linux/bsd 0days? In-Reply-To: <20150911071054.GA2699@sivokote.iziade.m$> References: <20150911071054.GA2699@sivokote.iziade.m$> Message-ID: <20150915063940.GB2679@sivokote.iziade.m$> On Fri, Sep 11, 2015 at 10:10:54AM +0300, Georgi Guninski wrote: > Has someone examined the leaked Hacking Team stuff for linux/bsd 0days? > https://wikileaks.org/hackingteam/emails/emailid/45441 Fwd: Assets Portfolio Update: 2014-10-06 Assets_Portfolio.pdf.zip From: Dustin D. Trammell In today's portfolio update we have the following: 14-006 is a new memory corruption vulnerability in Oracle Solaris SunSSHD yielding remote privileged command execution as the root user. The provided exploit is a modified OpenSSH client making exploitation of this vulnerability very convenient. From john at johnlgrubbs.net Tue Sep 15 10:55:57 2015 From: john at johnlgrubbs.net (Me) Date: Tue, 15 Sep 2015 12:55:57 -0500 Subject: Fw: WiFi router networking? In-Reply-To: <1750318527.299602.1442337670721.JavaMail.yahoo@mail.yahoo.com> References: <1811219623.44975.1442305689250.JavaMail.yahoo@mail.yahoo.com> <1750318527.299602.1442337670721.JavaMail.yahoo@mail.yahoo.com> Message-ID: iirc set your WiFi router to bridge mode and tell it the ssid of the mesh network and your done. On September 15, 2015 12:21:10 PM CDT, jim bell wrote: > > >Has anyone heard of an idea to use individual WiFi routers to >communicate in a mesh net? (Or, at least differently than it may have >been done before.) If you look at a map of WiFi routers >(www.wigle.net) in any given area, you will see that the vast majority >of routers are physically close to many other routers, certainly close >enough to communicate with each other, and ultimately over a long >distance. A crowd-sourced communication system, one that wouldn't >necessarily go through the Internet backbone. Conceptually related to >the Bittorrent system. I just found this: >  https://en.wikipedia.org/wiki/Wi-Fi_Direct > > Jim Bell > >From that URL: > >"Wi-Fi Direct, initially called Wi-Fi P2P, is a Wi-Fi standard enabling >devices to easily connect with each other without requiring a wireless >access point.[1] It is usable for everything from internet browsing to >file transfer,[2][3] and to communicate with more than one device >simultaneously at typical Wi-Fi speeds.[4] One advantage of Wi-Fi >Direct is the ability to connect devices even if they are from >different manufacturers. Only one of the Wi-Fi devices needs to be >compliant with Wi-Fi Direct to establish a peer-to-peer connection that >transfers data directly between them with greatly reduced >setup.[citation needed] >Wi-Fi Direct negotiates the link with a Wi-Fi Protected Setup system >that assigns each device a limited wireless access point. The "pairing" >of Wi-Fi Direct devices can be set up to require the proximity of >a near field communication, a Bluetooth signal, or a button press on >one or all the devices. Wi-Fi Direct may not only replace the need >for routers, but may also replace the need of Bluetooth for >applications that do not rely on low energy.[5]" -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2581 bytes Desc: not available URL: From guninski at guninski.com Tue Sep 15 03:23:32 2015 From: guninski at guninski.com (Georgi Guninski) Date: Tue, 15 Sep 2015 13:23:32 +0300 Subject: Fwd: Do ethnic Germans have the right to racial and cultural strength? - was Re: At a Berlin church, Muslim refugees converting in droves. In-Reply-To: <1779111.UxAx0tsn7i@lapuntu> References: <9a19a1c1-064e-4946-a704-1a8c8a676228@googlegroups.com> <1779111.UxAx0tsn7i@lapuntu> Message-ID: <20150915102332.GC2679@sivokote.iziade.m$> On Fri, Sep 11, 2015 at 11:22:59AM +0200, rysiek wrote: > Are we really to say that our culture is so weak, so vulnerable, so hard to > defend that an influx of immigrants that amounts to 0,03% (yes, three- > hundredths of a percent!)[1] of the whole population of the EU is suddenly a > real threat? > > [1] estimated 160 000 immigrants, estimated 508 million EU citizens > Dude, trolling with numbers borders with numerology {AKA "number theory" ;) }. http://www.telegraph.co.uk/news/worldnews/europe/eu/11863246/Refugee-crisis-EU-ministers-Germany-border-control-Austria-army-live.html --- Refugee crisis: Europe's borders unravelling as Austria and Slovakia impose frontier controls Germany's vice chancellor Sigmar Gabriel warns the country could receive up to one million people seeking refugee status. Follow latest developments here --- UP TO ONE MEEELLION :P From mezger.benjamin at gmail.com Tue Sep 15 10:19:43 2015 From: mezger.benjamin at gmail.com (Ben Mezger) Date: Tue, 15 Sep 2015 14:19:43 -0300 Subject: More neighbours make more fences [Economist] Message-ID: Oh the irony ;-) http://www.economist.com/blogs/graphicdetail/2015/09/daily-chart-10? Hey cpunks, what year are we? - 1940 for sure. -- Sent with my mu4e -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 800 bytes Desc: not available URL: From jya at pipeline.com Tue Sep 15 12:04:36 2015 From: jya at pipeline.com (John Young) Date: Tue, 15 Sep 2015 15:04:36 -0400 Subject: JYA and Cryptome Keys Compromised Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 15 September 2015 I have learned today that all PGP public keys of John Young and Cryptome have been compromised. The keys have been revoked today. Two new keys have been generated today: John Young 15-0915 0xD87D436C Cryptome 15-0915 0x8CD47BD5 This message is signed by the first. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wsFVAwUBVfhrXUkY+k7YfUNsAQgyeQ/+PA604lj8ZrZq9qnRMsbA86DdGPUyrdub IWlQSpp5wyMMQG4VegjG7iwXBt6GftKQFLKuW527wGxaxIBJj1n2GhCMkn7mko1s u107yQ5WVfJUTOHgazi2viuw8v3ixmJ/GcdvEeGCL23ErgGwvI6+JilmkP7vonmu 73ckavqrs6VvUJjjwzoIbgvXxsp+oqKT5EgZqfroQOaaz3e4AjipxwMav2VMqVTl xZdHlp/QGab8Cet17NnDsNmN38YWT5t4pU1tL+0aN9jf7Vy+Jzx5g8nMk0e7ogzz vg8ioWs3EkxJbjQaWK5/COjoYLjIZn6H5zUJgIBRtqsnbfNUcQisCNbwx1fNRGwq DItG/jeHp65q6eDxFVWGkptDuZKUH4fGuiiRMxIySrj1CA1+9M5Q+m2TxnL/SFNU AIfupcGWhtXXa1ZN70LT3fnIu9y9B5mQLSshn14eekD3t0nb+OkL+XEC0nJqnfVD xOOqAjHQj1ytEfHSKb+i+/tHTCCTOKeaHM3JGE6qIawrn+aRfKsnGK9t+JiVEtyx 1d+L0gHwtcUd5MWQJdCMHoM10ri5cgx0A6su+lYnLgOcXYD3uHSVIdp1cSf3Wzwb 3MrO2BqqhL5y1Ip3Cfv+h+eXaZWWMr5w97kjSOYD/lwb61iA1tpWLkgiuUGBGrFb 32VkU7sMt4E= =Q9BO -----END PGP SIGNATURE----- From Rayzer at riseup.net Tue Sep 15 15:50:12 2015 From: Rayzer at riseup.net (Razer) Date: Tue, 15 Sep 2015 15:50:12 -0700 Subject: [Cryptography] [cryptography] JYA and Cryptome Keys Compromised In-Reply-To: References: Message-ID: <55F8A0A4.6090308@riseup.net> Found jya's new key @sks http://sks.pkqs.net/pks/lookup?search=jya%40pipeline.com&fingerprint=on&op=index&exact=off On 09/15/2015 03:39 PM, John Young wrote: > Correct analysis. First was get out a prompt notice to wave off users, > then proceed with other authentications. Toughest problem is how to > avoid another compromise of new keys since so many ways to do > that have arisen and/or suspected over the life of PGP and other > systems. WoT is problematic too, as are key signing parties, and > so on. Other systems claim to be better, and we are using some of > them, waiting and watching and suspecting are the lessons learned > from stalwart testbed PGP in all its guises and disguises. > > We likely would not have discovered the compromises if not for > those lessons. > > Nor do we mind starting from scratch, perhaps a bit more often > than 11 years. Tornados do happen out side alleys of easy > prediction (this is not a cyphersec sales motto). > > At 04:22 PM 9/15/2015, Paul Wouters wrote: >> On Tue, 15 Sep 2015, John Young wrote: > -----BEGIN PGP SIGNED >> MESSAGE----- by unknown key. > I have learned today that all PGP >> public keys of John Young > and Cryptome >> have been > compromised. > The keys have >> been revoked today. Revocation could have been done by the person who >> stole the keys too. That in itself is not good enough. > Two new keys >> have been generated today: > > John Young 15-0915 >> 0xD87D436C > Cryptome 15-0915 0x8CD47BD5 >> Which I cannot find on either pgp.mit.edu or pgp.surfnet.nl. I did >> find them on keyserver.pgp.com, but I don't know who runs it and with >> the additional captcha software, no idea if that is compromised :P It >> is announced using short keyids, not to be trusted, and no finger >> prints although we can get those from the key used to sign this >> message I guess. $ gpg --list-sigs D87D436C pub 4096R/D87D436C >> 2015-09-15 uid John Young 15-0915 >> sig N D87D436C 2015-09-15 John Young 15-0915 >> sig CA57AD7C 2015-09-15 [User ID not >> found] sub 4096R/79F82F3B 2015-09-15 sig D87D436C >> 2015-09-15 John Young 15-0915 $ gpg --list-sigs >> 8CD47BD5 pub 4096R/8CD47BD5 2015-09-15 uid >> Cryptome 15-0915 sig N 8CD47BD5 >> 2015-09-15 Cryptome 15-0915 sig >> CA57AD7C 2015-09-15 [User ID not found] sub 4096R/27BCF5FB >> 2015-09-15 sig 8CD47BD5 2015-09-15 Cryptome 15-0915 >> The keys are both announced but not signed >> by each other? I fetched CA57AD7C which has 6863 signatures on it. It >> seems to be some PGP global directory key, signed by a few people I >> know, but still seems to be only proof that it came from the >> keyserver, not that the key actually belongs to you. > This message >> is signed by the first. But is that first key signed by the old keys? >> (which of course could also have been done by the attacker, so you >> need to re-start a web of trust with some of your personal >> confidants. > -----BEGIN PGP SIGNATURE----- from an unknown key - >> with no direct signatures of any known trustable key run by a human. >> Paul _______________________________________________ The cryptography >> mailing list cryptography at metzdowd.com >> http://www.metzdowd.com/mailman/listinfo/cryptography > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: From cypher at cpunk.us Tue Sep 15 15:03:46 2015 From: cypher at cpunk.us (Cypher) Date: Tue, 15 Sep 2015 17:03:46 -0500 Subject: JYA and Cryptome Keys Compromised In-Reply-To: References: Message-ID: On 2015-09-15 14:04, John Young wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > 15 September 2015 > > I have learned today that all PGP public keys of John Young > and Cryptome have been > compromised. > The keys have been revoked today Hi John, Sorry to hear about your compromise. Any chance of getting a postmortem from you on how they were compromised at some point? From jdb10987 at yahoo.com Tue Sep 15 10:21:10 2015 From: jdb10987 at yahoo.com (jim bell) Date: Tue, 15 Sep 2015 17:21:10 +0000 (UTC) Subject: Fw: WiFi router networking? In-Reply-To: <1811219623.44975.1442305689250.JavaMail.yahoo@mail.yahoo.com> References: <1811219623.44975.1442305689250.JavaMail.yahoo@mail.yahoo.com> Message-ID: <1750318527.299602.1442337670721.JavaMail.yahoo@mail.yahoo.com> Has anyone heard of an idea to use individual WiFi routers to communicate in a mesh net? (Or, at least differently than it may have been done before.) If you look at a map of WiFi routers (www.wigle.net) in any given area, you will see that the vast majority of routers are physically close to many other routers, certainly close enough to communicate with each other, and ultimately over a long distance. A crowd-sourced communication system, one that wouldn't necessarily go through the Internet backbone. Conceptually related to the Bittorrent system. I just found this:   https://en.wikipedia.org/wiki/Wi-Fi_Direct Jim Bell >From that URL: "Wi-Fi Direct, initially called Wi-Fi P2P, is a Wi-Fi standard enabling devices to easily connect with each other without requiring a wireless access point.[1] It is usable for everything from internet browsing to file transfer,[2][3] and to communicate with more than one device simultaneously at typical Wi-Fi speeds.[4] One advantage of Wi-Fi Direct is the ability to connect devices even if they are from different manufacturers. Only one of the Wi-Fi devices needs to be compliant with Wi-Fi Direct to establish a peer-to-peer connection that transfers data directly between them with greatly reduced setup.[citation needed] Wi-Fi Direct negotiates the link with a Wi-Fi Protected Setup system that assigns each device a limited wireless access point. The "pairing" of Wi-Fi Direct devices can be set up to require the proximity of a near field communication, a Bluetooth signal, or a button press on one or all the devices. Wi-Fi Direct may not only replace the need for routers, but may also replace the need of Bluetooth for applications that do not rely on low energy.[5]" -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2108 bytes Desc: not available URL: From juan.g71 at gmail.com Tue Sep 15 13:35:40 2015 From: juan.g71 at gmail.com (Juan) Date: Tue, 15 Sep 2015 17:35:40 -0300 Subject: John McAfee Runs For US President In 2016 Under Cyber Party In-Reply-To: <4976651.bNxTkPX9eq@lapuntu> References: <3039361.NNeJKgMHYJ@lapuntu> <55f752d0.caef8c0a.b7285.0c65@mx.google.com> <4976651.bNxTkPX9eq@lapuntu> Message-ID: <55f88012.4a16370a.3b641.ffffa5be@mx.google.com> On Tue, 15 Sep 2015 20:59:25 +0200 rysiek wrote: > Dnia poniedziałek, 14 września 2015 20:10:17 Juan pisze: > > On Mon, 14 Sep 2015 18:05:03 +0200 > > > > rysiek wrote: > > > Dnia niedziela, 13 września 2015 19:03:07 Juan pisze: > > > > > Checked it before sending and just now. Link works. Ghostserv > > > > > shows no trackers at all on the page. Perhaps it's your > > > > > browser, or something related... > > > > > > > > Yes, there's something wrong here, my bad. > > > > https://mega.nz doesn't load either (investigating...) > > > > > > Try the Tor Browser. :) > > > > I tried it. With js enabled globally. Same thing. A bunch of > > different circuits. None works. Pretty weird. > > Well, now we know you do use Tor. Interesting. I used tor habitually in the past. That's how I learnt what kind of shit it is =) https://www.reddit.com/r/AgMarketplace/ J. > From jya at pipeline.com Tue Sep 15 15:39:15 2015 From: jya at pipeline.com (John Young) Date: Tue, 15 Sep 2015 18:39:15 -0400 Subject: [Cryptography] [cryptography] JYA and Cryptome Keys Compromised In-Reply-To: References: Message-ID: Correct analysis. First was get out a prompt notice to wave off users, then proceed with other authentications. Toughest problem is how to avoid another compromise of new keys since so many ways to do that have arisen and/or suspected over the life of PGP and other systems. WoT is problematic too, as are key signing parties, and so on. Other systems claim to be better, and we are using some of them, waiting and watching and suspecting are the lessons learned from stalwart testbed PGP in all its guises and disguises. We likely would not have discovered the compromises if not for those lessons. Nor do we mind starting from scratch, perhaps a bit more often than 11 years. Tornados do happen out side alleys of easy prediction (this is not a cyphersec sales motto). At 04:22 PM 9/15/2015, Paul Wouters wrote: >On Tue, 15 Sep 2015, John Young wrote: > -----BEGIN PGP SIGNED >MESSAGE----- by unknown key. > I have learned today that all PGP >public keys of John Young > and Cryptome > have been > compromised. > The keys have >been revoked today. Revocation could have been done by the person >who stole the keys too. That in itself is not good enough. > Two new >keys have been generated today: > > John Young 15-0915 > 0xD87D436C > Cryptome 15-0915 > 0x8CD47BD5 Which I cannot find on either >pgp.mit.edu or pgp.surfnet.nl. I did find them on keyserver.pgp.com, >but I don't know who runs it and with the additional captcha >software, no idea if that is compromised :P It is announced using >short keyids, not to be trusted, and no finger prints although we >can get those from the key used to sign this message I guess. $ gpg >--list-sigs D87D436C pub 4096R/D87D436C 2015-09-15 >uid John Young 15-0915 >sig N D87D436C 2015-09-15 John Young 15-0915 > sig CA57AD7C 2015-09-15 [User ID not >found] sub 4096R/79F82F3B 2015-09-15 sig D87D436C >2015-09-15 John Young 15-0915 $ gpg --list-sigs >8CD47BD5 pub 4096R/8CD47BD5 2015-09-15 >uid Cryptome 15-0915 >sig N 8CD47BD5 2015-09-15 Cryptome 15-0915 > sig CA57AD7C 2015-09-15 [User ID >not found] sub 4096R/27BCF5FB 2015-09-15 sig 8CD47BD5 >2015-09-15 Cryptome 15-0915 The keys are >both announced but not signed by each other? I fetched CA57AD7C >which has 6863 signatures on it. It seems to be some PGP global >directory key, signed by a few people I know, but still seems to be >only proof that it came from the keyserver, not that the key >actually belongs to you. > This message is signed by the first. But >is that first key signed by the old keys? (which of course could >also have been done by the attacker, so you need to re-start a web >of trust with some of your personal confidants. > -----BEGIN PGP >SIGNATURE----- from an unknown key - with no direct signatures of >any known trustable key run by a human. Paul >_______________________________________________ The cryptography >mailing list cryptography at metzdowd.com >http://www.metzdowd.com/mailman/listinfo/cryptography From jya at pipeline.com Tue Sep 15 15:47:06 2015 From: jya at pipeline.com (John Young) Date: Tue, 15 Sep 2015 18:47:06 -0400 Subject: JYA and Cryptome Keys Compromised In-Reply-To: References: Message-ID: Sure, once we have better grasp of what happened. Wanted to get an alert out quickly to warn off users. At 06:03 PM 9/15/2015, Cypher wrote: >On 2015-09-15 14:04, John Young wrote: >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA256 >>15 September 2015 >>I have learned today that all PGP public keys of John Young >> and Cryptome have been >>compromised. >>The keys have been revoked today > >Hi John, > >Sorry to hear about your compromise. Any chance of getting a >postmortem from you on how they were compromised at some point? From shelley at misanthropia.org Tue Sep 15 20:53:11 2015 From: shelley at misanthropia.org (Shelley) Date: Tue, 15 Sep 2015 20:53:11 -0700 Subject: Fwd: [tor-talk] victory at kilton library In-Reply-To: References: <55F8D451.7030700@bitmessage.ch> Message-ID: <20150916035254.BA1B1C00016@frontend1.nyi.internal> This is excellent news, thank you for updating! (Apologies for top-posting; on my mobile & in a meeting, but could not wait to express joy & thanks!) -s ---------- On September 15, 2015 8:47:32 PM grarpamp wrote: > https://twitter.com/flexlibris > https://twitter.com/libraryfreedom > https://twitter.com/nhleblibraries > https://twitter.com/LebLibraries > > > ---------- Forwarded message ---------- > From: Tempest > Date: Tue, Sep 15, 2015 at 10:30 PM > Subject: [tor-talk] victory at kilton library > To: tor-talk at lists.torproject.org > > > i just want to share the news that all of the hard work that has gone > into the library freedom project paid off today at kilton library. > despite pressure from the us federal government, which pulled out every > card to sell fear that they had in their hat, the local community > refused to accept it and thought on a global level to support the > library's choice to offer a tor relay to the public. > > this is truly a monumental moment. libraries in the usa have often been > the target of hostile actions that threaten the first amendment of the > us constitution and the privacy rights of people. through a long string > of legal battles, libraries have earned an extraordinary position that > provides them with the ability to offer services that could land other > people in significant legal battles which become both legally and > politically difficult to close down. > > i'd just like to say thank you to everyone involved in the library > freedom project who came up with the idea and didn't run away from the > fight. this is an excellent beginning. > > if you can, please send your support to the library freedom project. > https://libraryfreedomproject.org/donate > > this is a great victory for today. > > -- > gpg key - 0x2A49578A7291BB34 > fingerprint - 63C4 E106 AC6A 5F2F DDB2 3840 2A49 578A 7291 BB34 > > -- > tor-talk mailing list - tor-talk at lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk From rysiek at hackerspace.pl Tue Sep 15 11:59:25 2015 From: rysiek at hackerspace.pl (rysiek) Date: Tue, 15 Sep 2015 20:59:25 +0200 Subject: John McAfee Runs For US President In 2016 Under Cyber Party In-Reply-To: <55f752d0.caef8c0a.b7285.0c65@mx.google.com> References: <3039361.NNeJKgMHYJ@lapuntu> <55f752d0.caef8c0a.b7285.0c65@mx.google.com> Message-ID: <4976651.bNxTkPX9eq@lapuntu> Dnia poniedziałek, 14 września 2015 20:10:17 Juan pisze: > On Mon, 14 Sep 2015 18:05:03 +0200 > > rysiek wrote: > > Dnia niedziela, 13 września 2015 19:03:07 Juan pisze: > > > > Checked it before sending and just now. Link works. Ghostserv > > > > shows no trackers at all on the page. Perhaps it's your browser, > > > > or something related... > > > > > > Yes, there's something wrong here, my bad. https://mega.nz > > > doesn't load either (investigating...) > > > > Try the Tor Browser. :) > > I tried it. With js enabled globally. Same thing. A bunch of > different circuits. None works. Pretty weird. Well, now we know you do use Tor. Interesting. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From dan at geer.org Tue Sep 15 19:15:10 2015 From: dan at geer.org (dan at geer.org) Date: Tue, 15 Sep 2015 22:15:10 -0400 Subject: Linux Foundation' Linux workstation security checklist In-Reply-To: Your message of "Wed, 02 Sep 2015 22:51:51 -0700." Message-ID: <20150916021510.A52D9A06E85@palinka.tinho.net> > what's funny is this leads to security advantage through obscurity, > where the bespoke solutions break off-the-shelf exploitation > techniques. [I'm behind; this may be a duplicate] DARPA is actively looking at obfuscation https://www.fbo.gov/index?s=opportunity&mode=form&id=a303af332a90b1e84fdb91d7dd382396&tab=core&_cview=0 Which leads me to ask the general question, what does one do when something you might soon depend upon can simply never be analyzed? We can oh so easily return to a world of sorcerers, alchemy, and faith in powers in proportion to their mystery. --dan From juan.g71 at gmail.com Tue Sep 15 19:27:13 2015 From: juan.g71 at gmail.com (Juan) Date: Tue, 15 Sep 2015 23:27:13 -0300 Subject: Linux Foundation' Linux workstation security checklist In-Reply-To: <20150916021510.A52D9A06E85@palinka.tinho.net> References: <20150916021510.A52D9A06E85@palinka.tinho.net> Message-ID: <55f8d27a.6029370a.b5b6f.ffffd6e9@mx.google.com> On Tue, 15 Sep 2015 22:15:10 -0400 dan at geer.org wrote: > > what's funny is this leads to security advantage through obscurity, > > where the bespoke solutions break off-the-shelf exploitation > > techniques. > > [I'm behind; this may be a duplicate] > > DARPA is actively looking at obfuscation > https://www.fbo.gov/index?s=opportunity&mode=form&id=a303af332a90b1e84fdb91d7dd382396&tab=core&_cview=0 Dr. Michael Hsieh, SafeWare at darpa.mil that's a good address to send so called child porn > > Which leads me to ask the general question, what does one do when > something you might soon depend upon can simply never be analyzed? > > We can oh so easily return to a world of sorcerers, alchemy, and > faith in powers in proportion to their mystery. > > > --dan > > From grarpamp at gmail.com Tue Sep 15 20:39:49 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 15 Sep 2015 23:39:49 -0400 Subject: Fwd: [tor-talk] victory at kilton library In-Reply-To: <55F8D451.7030700@bitmessage.ch> References: <55F8D451.7030700@bitmessage.ch> Message-ID: https://twitter.com/flexlibris https://twitter.com/libraryfreedom https://twitter.com/nhleblibraries https://twitter.com/LebLibraries ---------- Forwarded message ---------- From: Tempest Date: Tue, Sep 15, 2015 at 10:30 PM Subject: [tor-talk] victory at kilton library To: tor-talk at lists.torproject.org i just want to share the news that all of the hard work that has gone into the library freedom project paid off today at kilton library. despite pressure from the us federal government, which pulled out every card to sell fear that they had in their hat, the local community refused to accept it and thought on a global level to support the library's choice to offer a tor relay to the public. this is truly a monumental moment. libraries in the usa have often been the target of hostile actions that threaten the first amendment of the us constitution and the privacy rights of people. through a long string of legal battles, libraries have earned an extraordinary position that provides them with the ability to offer services that could land other people in significant legal battles which become both legally and politically difficult to close down. i'd just like to say thank you to everyone involved in the library freedom project who came up with the idea and didn't run away from the fight. this is an excellent beginning. if you can, please send your support to the library freedom project. https://libraryfreedomproject.org/donate this is a great victory for today. -- gpg key - 0x2A49578A7291BB34 fingerprint - 63C4 E106 AC6A 5F2F DDB2 3840 2A49 578A 7291 BB34 -- tor-talk mailing list - tor-talk at lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk From blibbet at gmail.com Wed Sep 16 07:48:18 2015 From: blibbet at gmail.com (Blibbet) Date: Wed, 16 Sep 2015 07:48:18 -0700 Subject: Linux Foundation' Linux workstation security checklist In-Reply-To: <55E5C79D.3060305@gmail.com> References: <20150831111344.GA2558@sivokote.iziade.m$> <55E4B7A2.1090907@gmail.com> <55E5C79D.3060305@gmail.com> Message-ID: <55F98132.5010305@gmail.com> On 09/01/2015 08:43 AM, Blibbet wrote: > On 08/31/2015 07:33 PM, coderman wrote: >> On 8/31/15, Blibbet wrote: >>> ... >>> Potential insecurely-built IBM system firmware security aside, I don't >>> think Libreboot nor SeaBIOS offers much in terms of security to stop >>> attackers, as well. ... > Having an ancient laptop may help. Attackers may not be able to use > CHIPSEC's HAL, that's the positive side of not being able to use CHIPSEC > to test your defenses. :-) But there are alternatives to CHIPSEC's HAL, > and they're less strict about chipsec support, and will likely work on > old Thinkpads. Re: security of the IBM Thinkpads refurbished by the Ministry of Freedom, it might be useful to check if they're in this category: Quoting a tweet from Joanna if Invisible Things Lab, on the topic of older hardware (than Purism's current choice): https://twitter.com/rootkovska/status/643414071514148864 "and old systems do not have IOMMU (VT-d) which makes them even less secure, trustworthy." From themikebest at gmail.com Wed Sep 16 06:36:33 2015 From: themikebest at gmail.com (Michael Best) Date: Wed, 16 Sep 2015 09:36:33 -0400 Subject: peer to peer hypermedia protocol Message-ID: Tried to send this last week. but apparently I'd been unsubscribed from the list. Some interesting possibilities here, especially when combined with extra layers of encryption. "IPFS is a distributed file system that seeks to connect all computing devices with the same system of files. In some ways, this is similar to the original aims of the Web, but IPFS is actually more similar to a single bittorrent swarm exchanging git objects. IPFS could become a new major subsystem of the internet. If built right, it could complement or replace HTTP. It could complement or replace even more. It sounds crazy. It is crazy." Main page: http://ipfs.io/ Overview:https://github.com/ipfs/papers/raw/master/ipfs-cap2pfs/ipfs-p2p-file-system.pdf Git: https://github.com/ipfs/ipfs/ Alpha demo: https://www.youtube.com/watch?v=8CMxDNuuAiQ Why we must distribute the web: https://youtu.be/skMTdSEaCtA -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1499 bytes Desc: not available URL: From cathalgarvey at cathalgarvey.me Wed Sep 16 02:12:36 2015 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Wed, 16 Sep 2015 10:12:36 +0100 Subject: How much/what hardware does the rowhammer DRAM bug affects? In-Reply-To: <20150916090105.GA2571@sivokote.iziade.m$> References: <20150916090105.GA2571@sivokote.iziade.m$> Message-ID: <55F93284.4060100@cathalgarvey.me> I don't actually know the answer to this, but in a summary article on the JS exploit they opened by saying part of its beauty was how many wonderfully peculiar preconditions were required before it became possible. Browser model, JS engine, hardware acceleration options, possibly firmwares, and DRAM model/generation/clockspeed. No reason to be complacent, but the gist was "you probably don't need to worry about rowhammer-JS". Rowhammer itself, OTOH, who knows? :) On 16/09/15 10:01, Georgi Guninski wrote: > This is old, but haven't seen it here. > > https://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html > > > --- > Rowhammer” is a problem with some recent DRAM devices in which > repeatedly accessing a row of memory can cause bit flips in adjacent > rows. > It was able to use this to gain write access to its own page table, and > hence gain read-write access to all of physical memory. > --- > > There is POC. > > Variant via javascript: > > https://github.com/IAIK/rowhammerjs > > How much/what hardware does this bug affect? > -- Scientific Director, IndieBio EU Programme Now running in Cork, Ireland May->July Learn more at indie.bio and follow along! Twitter: @onetruecathal Phone: +353876363185 miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM peerio.com: cathalgarvey From nymble at gmail.com Wed Sep 16 10:46:17 2015 From: nymble at gmail.com (Nymble) Date: Wed, 16 Sep 2015 10:46:17 -0700 Subject: WiFi router networking? In-Reply-To: <1750318527.299602.1442337670721.JavaMail.yahoo@mail.yahoo.com> References: <1811219623.44975.1442305689250.JavaMail.yahoo@mail.yahoo.com> <1750318527.299602.1442337670721.JavaMail.yahoo@mail.yahoo.com> Message-ID: <96C0776F-22CB-4AF2-B0EF-FBC46E784730@gmail.com> > On Sep 15, 2015, at 10:21 AM, jim bell wrote: > > Has anyone heard of an idea to use individual WiFi routers to communicate in a mesh net? Yes .. but usually using proprietary routing or 802.11s. > (Or, at least differently than it may have been done before.) If you look at a map of WiFi routers (www.wigle.net) in any given area, you will see that the vast majority of routers are physically close to many other routers, certainly close enough to communicate with each other, and ultimately over a long distance. A crowd-sourced communication system, one that wouldn't necessarily go through the Internet backbone. Conceptually related to the Bittorrent system. I just found this: https://en.wikipedia.org/wiki/Wi-Fi_Direct This technology is intended for ‘direct’ peer-to-peer links and is being used for a few applications like phone to TV video streaming. It’s not really a P2P technology in that one device always becomes the equivelent of a normal ‘AP’. It makes it difficult to scale to larger topologies. A better Wi-Fi P2P solution is: http://www.wi-fi.org/discover-wi-fi/wi-fi-aware It’s new, but hopefully we’ll be seeing rapid incorporation into products. For a change, the specifications are free and worth a browse. The P2P discovery model is intentionally blinded to a degree by the use of truncated hashes of the ‘service names’ (6 octets). P2P data exchanges are possible pre-association (no connection overhead). Paul > > Jim Bell > > From that URL: > > "Wi-Fi Direct, initially called Wi-Fi P2P, is a Wi-Fi standard enabling devices to easily connect with each other without requiring a wireless access point.[1] It is usable for everything from internet browsing to file transfer,[2][3] and to communicate with more than one device simultaneously at typical Wi-Fi speeds.[4] One advantage of Wi-Fi Direct is the ability to connect devices even if they are from different manufacturers. Only one of the Wi-Fi devices needs to be compliant with Wi-Fi Direct to establish a peer-to-peer connection that transfers data directly between them with greatly reduced setup.[citation needed] > Wi-Fi Direct negotiates the link with a Wi-Fi Protected Setup system that assigns each device a limited wireless access point. The "pairing" of Wi-Fi Direct devices can be set up to require the proximity of a near field communication, a Bluetooth signal, or a button press on one or all the devices. Wi-Fi Direct may not only replace the need for routers, but may also replace the need of Bluetooth for applications that do not rely on low energy.[5]" -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4351 bytes Desc: not available URL: From guninski at guninski.com Wed Sep 16 02:01:05 2015 From: guninski at guninski.com (Georgi Guninski) Date: Wed, 16 Sep 2015 12:01:05 +0300 Subject: How much/what hardware does the rowhammer DRAM bug affects? Message-ID: <20150916090105.GA2571@sivokote.iziade.m$> This is old, but haven't seen it here. https://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html --- Rowhammer” is a problem with some recent DRAM devices in which repeatedly accessing a row of memory can cause bit flips in adjacent rows. It was able to use this to gain write access to its own page table, and hence gain read-write access to all of physical memory. --- There is POC. Variant via javascript: https://github.com/IAIK/rowhammerjs How much/what hardware does this bug affect? From guninski at guninski.com Wed Sep 16 02:41:38 2015 From: guninski at guninski.com (Georgi Guninski) Date: Wed, 16 Sep 2015 12:41:38 +0300 Subject: How much/what hardware does the rowhammer DRAM bug affects? In-Reply-To: <55F93284.4060100@cathalgarvey.me> References: <20150916090105.GA2571@sivokote.iziade.m$> <55F93284.4060100@cathalgarvey.me> Message-ID: <20150916094137.GB2571@sivokote.iziade.m$> On Wed, Sep 16, 2015 at 10:12:36AM +0100, Cathal Garvey wrote: > I don't actually know the answer to this, but in a summary article > on the JS exploit they opened by saying part of its beauty was how > many wonderfully peculiar preconditions were required before it > became possible. Browser model, JS engine, hardware acceleration > options, possibly firmwares, and DRAM model/generation/clockspeed. > > No reason to be complacent, but the gist was "you probably don't > need to worry about rowhammer-JS". > OK, javascript vector aside (it is at least theoretical threat, but ATM don't see how a page can exploit it only with this attack without additional bug). > Rowhammer itself, OTOH, who knows? :) > This appears real threat according to claims and the POC. > On 16/09/15 10:01, Georgi Guninski wrote: > >This is old, but haven't seen it here. > > > >https://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html > > > > > >--- > >Rowhammer” is a problem with some recent DRAM devices in which > >repeatedly accessing a row of memory can cause bit flips in adjacent > >rows. > >It was able to use this to gain write access to its own page table, and > >hence gain read-write access to all of physical memory. > >--- > > > >There is POC. > > > >Variant via javascript: > > > >https://github.com/IAIK/rowhammerjs > > > >How much/what hardware does this bug affect? > > From guninski at guninski.com Wed Sep 16 05:33:15 2015 From: guninski at guninski.com (Georgi Guninski) Date: Wed, 16 Sep 2015 15:33:15 +0300 Subject: Fwd: Do ethnic Germans have the right to racial and cultural strength? - was Re: At a Berlin church, Muslim refugees converting in droves. In-Reply-To: <1779111.UxAx0tsn7i@lapuntu> References: <9a19a1c1-064e-4946-a704-1a8c8a676228@googlegroups.com> <1779111.UxAx0tsn7i@lapuntu> Message-ID: <20150916123315.GE2571@sivokote.iziade.m$> On Fri, Sep 11, 2015 at 11:22:59AM +0200, rysiek wrote: > Are we really to say that our culture is so weak, so vulnerable, so hard to > defend that an influx of immigrants that amounts to 0,03% (yes, three- > hundredths of a percent!)[1] of the whole population of the EU is suddenly a > real threat? > > [1] estimated 160 000 immigrants, estimated 508 million EU citizens > These might help you realize what the answer to your question is: http://www.theguardian.com/world/live/2015/sep/15/refugee-crisis-hungary-launches-border-crackdown-live-updates Refugee crisis: Hungary rejects all asylum requests made at border – as it happened http://america.aljazeera.com/articles/2015/9/15/serbia-urges-hungary-to-open-border.html The tough new laws make it a criminal offense, punishable with several years of prison time, to cross into Hungary without permission or to damage the 103-mile, 13-foot-high fence along the border with Serbian that was completed on Monday evening. From admin at pilobilus.net Wed Sep 16 16:54:49 2015 From: admin at pilobilus.net (Steve Kinney) Date: Wed, 16 Sep 2015 19:54:49 -0400 Subject: Linux Foundation' Linux workstation security checklist In-Reply-To: <55f8d27a.6029370a.b5b6f.ffffd6e9@mx.google.com> References: <20150916021510.A52D9A06E85@palinka.tinho.net> <55f8d27a.6029370a.b5b6f.ffffd6e9@mx.google.com> Message-ID: <55FA0149.6000303@pilobilus.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/15/2015 10:27 PM, Juan wrote: > On Tue, 15 Sep 2015 22:15:10 -0400 dan at geer.org wrote: > >>> what's funny is this leads to security advantage through >>> obscurity, where the bespoke solutions break off-the-shelf >>> exploitation techniques. >> >> [I'm behind; this may be a duplicate] >> >> DARPA is actively looking at obfuscation >> https://www.fbo.gov/index?s=opportunity&mode=form&id=a303af332a90 b1e84fdb91d7dd382396&tab=core&_cview=0 > >> >> > > > Dr. Michael Hsieh, SafeWare at darpa.mil > > that's a good address to send so called child porn And other waterhole attacks of various types... any ole thing that's likely to bet bookmarked and passed around the office or - horror of horrors - taken home. :o) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJV+gFGAAoJEDZ0Gg87KR0LMR8QANd8M+naBz+oWlyeWQ4PNMQ0 3U+0Qu/0G9zqJldEiYUtIckvgHhHeEcuIJdQ+ouMJTRkpUek2YHA6e6+Qwts+XMU ZVIx1wa2mFOCXdQ9VbzjQfcMMsYjw1xMjlSoaL3zFr1P0ABB9aOSyswz7jq4trKg o2BpDuZb5inxVIzfl2HILNcOifG8iOX+6iDcdDdE8NeIoAQiidcxTcIKwP/wIXIB Fb5X5eigztEj6+Bhqup1naZRyU3+AqEyZSHJeVvtDBMiF7pOmfSAvvJcYSyy0zeQ aYYck9x8vVzTdSzFj7yHItRwsaDBl8KIvGOpR5JajS4ydKlKA4ifUaBE5QfZFMN2 4zqM75Iqms1RL5fnHppcytXfiIFRdRgJMaOgn3G+dcrLUb2fFuCKkMSVJMWoZRZd oTIu3bOpfXaUyfHy2j3w08LLOzZBJ2rmzhc33bv8buZY1oMbGTy3D6164QVScwnu Uw5yi9zdfPck2B2ivBxYRwhxfxzdVKw5ubk5LXPzbk1Jpd1g9o49IbcdELOjPLKc 3FHr99tEB/xJ6fy8crT2jTFOUThYZR6wayCuqkX2/mYO1NXlUd3nJLS9CxkYbOMb gDeuNtCLCv09OAYyOfitHKYN9BOGPWbehteojcDsteL9dE7ZGu9R9F1tUU9a0qOk gIxS+htvjPWwq+0ydl1s =4vED -----END PGP SIGNATURE----- From jdb10987 at yahoo.com Wed Sep 16 13:03:54 2015 From: jdb10987 at yahoo.com (jim bell) Date: Wed, 16 Sep 2015 20:03:54 +0000 (UTC) Subject: How much/what hardware does the rowhammer DRAM bug affects? In-Reply-To: <20150916090105.GA2571@sivokote.iziade.m$> References: <20150916090105.GA2571@sivokote.iziade.m$> Message-ID: <720222154.588327.1442433834350.JavaMail.yahoo@mail.yahoo.com> >From: Georgi Guninski >This is old, but haven't seen it here. >https://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html >Rowhammer” is a problem with some recent DRAM devices in which >repeatedly accessing a row of memory can cause bit flips in adjacent >rows. >It was able to use this to gain write access to its own page table, and >hence gain read-write access to all of physical memory. >There is POC. >Variant via javascript: >https://github.com/IAIK/rowhammerjs >How much/what hardware does this bug affect? This brings me back to my stint at Intel, 1980-82, as a new Product Engineer for the 2186, an 8kx8 pseudostatic (self-refreshing dynamic) RAM. (One of the first DRAMs to use redundancy to increase yield.) I may have been the first engineer in the world to see, through a microscope focused on a DRAM chip, a very quick series of flashes, evidence of the programming (blowing) silicon fuses on the chip, to program the row- and column-redundancy information. Product engineers were, and presumably still are, responsible for writing test programs to run chips through their paces, in Intel's case using a Teradyne computer. http://www.teradyne.com/products/semiconductor-test/magnum-v I don't think the concept of this kind of weakness is new: Even in 1980, DRAMs were tested for such repeated accesses, to ensure that such errors would not occur. This was particularly true for a process called "device characterization", in which chips were attacked in all manner of electronically-abusive ways, to uncover these weaknesses, and fix the circuit design should such flaws be uncovered. One way these techniques could be thwarted is to return to the use of parity-bits (8+1 parity) in memory access, in DRAM module and computer design, to whatever extent they are no longer used. Any (successful) attempt to modify bits in a DRAM would quickly end up causing a parity error, which would at least show which manufacturer's DRAM chips are susceptible to this kind of attack. A person who was forced to use a no-parity computer could, at least, limit his purchases of such modules to those populated with DRAMs not susceptible to the problem. Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4616 bytes Desc: not available URL: From admin at pilobilus.net Wed Sep 16 17:07:52 2015 From: admin at pilobilus.net (Steve Kinney) Date: Wed, 16 Sep 2015 20:07:52 -0400 Subject: Fw: WiFi router networking? In-Reply-To: <1750318527.299602.1442337670721.JavaMail.yahoo@mail.yahoo.com> References: <1811219623.44975.1442305689250.JavaMail.yahoo@mail.yahoo.com> <1750318527.299602.1442337670721.JavaMail.yahoo@mail.yahoo.com> Message-ID: <55FA0458.1070800@pilobilus.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/15/2015 01:21 PM, jim bell wrote: > > > Has anyone heard of an idea to use individual WiFi routers to > communicate in a mesh net? (Or, at least differently than it > may have been done before.) If you look at a map of WiFi > routers (www.wigle.net) in any given area, you will see that > the vast majority of routers are physically close to many > other routers, certainly close enough to communicate with each > other, and ultimately over a long distance. A crowd-sourced > communication system, one that wouldn't necessarily go through > the Internet backbone. Conceptually related to the Bittorrent > system. I just found this: > https://en.wikipedia.org/wiki/Wi-Fi_Direct A friend turned me on to this some time ago. I have yet to set up any mesh networks but it does look VERY promising. http://hsmm-mesh.org/ :o) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJV+gRWAAoJEDZ0Gg87KR0L55UP/0hIU5rXZbuw0hdLu2HzLiM8 ThqwIFN2r9hgQmrbmMAKoW6gRCKyllqR9Tdpzc6euP6cTdeIt8PYb37PTljCNKuj Ce/Jp0QsVbtKXUhww1MKOSVR5rARhxU5YfN6bjDN3Ivq6FKIXFwrSg2dXnq+DC3f XI56/TeBgRKKv6cZYHULFBCbsxfptf/26yhCMF83TbXxYLA+W262DHpVTi26s0xw 2lmuBpvyz7P9mCQcsM/PtJHPdkbY7OSdw9YahVaWcVvXcIFtLHCKvpUs+7E8SFHM BrgjRrC+Ti2aMwCdCRwp9T8YXD16JMbAld52n3TdHnNLNnwNYC4xYwliXOm1KYRq WFdVVYfL471otl5vjKMBx17NAkk0xr3acP0hetlP2hGCRV+mqFN4id/QlwkMhpcZ Ff68yekEPsVtDbqWeD5YqZQTQgVBJBvlZCOTUtlxrLpmt1LKiyuwjKL9awfxJfvu aI4MWxb3wHaU86GU0JVG8dyeRlQEuEMAgtSq8V1ha6BVw+HT+dWxVXFioNegBOwp p1IgfLo3A7PJ7kB8XrPDzMQ5vdIvTqDnl/yotCU66qZPL/Je0HdMlQ5j3ROJFbG2 5RBaIGQ4ii2ep6Ku+EnRJmk021Zp59o8dCM00vLBNvFMIk7cmDvhUH7uylq1uBjO JR6lo32GZPfKXfK5D97I =HR+9 -----END PGP SIGNATURE----- From jdb10987 at yahoo.com Wed Sep 16 13:28:27 2015 From: jdb10987 at yahoo.com (jim bell) Date: Wed, 16 Sep 2015 20:28:27 +0000 (UTC) Subject: WiFi router networking? In-Reply-To: <96C0776F-22CB-4AF2-B0EF-FBC46E784730@gmail.com> References: <96C0776F-22CB-4AF2-B0EF-FBC46E784730@gmail.com> Message-ID: <779052061.573084.1442435307354.JavaMail.yahoo@mail.yahoo.com> From: Nymble To: jim bell >This technology is intended for ‘direct’ peer-to-peer links and is being used for a few applications like phone to TV video streaming. It’s not> really a P2P technology in that one device always becomes the equivelent of a normal ‘AP’. It makes it difficult to scale to larger topologies. You ought to be more careful when you use the acronym "AP" in emails to me. Might be misinterpreted! B^) Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2088 bytes Desc: not available URL: From grarpamp at gmail.com Wed Sep 16 20:35:39 2015 From: grarpamp at gmail.com (grarpamp) Date: Wed, 16 Sep 2015 23:35:39 -0400 Subject: Fwd: [tor-talk] victory at kilton library In-Reply-To: <55F95E56.7050409@riseup.net> References: <55F95E56.7050409@riseup.net> Message-ID: https://freestateproject.org/blogs/historic-win-internet-freedom-nh-tor-node-kilton-library-turned-back http://www.npr.org/2015/09/16/440914105/n-h-public-library-reconsiders-support-for-anonymous-internet-network-tor ---------- Forwarded message ---------- From: Alison Macrina Date: Wed, Sep 16, 2015 at 8:19 AM Subject: Re: [tor-talk] victory at kilton library To: tor-talk at lists.torproject.org > i just want to share the news that all of the hard work that has gone > into the library freedom project paid off today at kilton library. > despite pressure from the us federal government, which pulled out every > card to sell fear that they had in their hat, the local community > refused to accept it and thought on a global level to support the > library's choice to offer a tor relay to the public. > > this is truly a monumental moment. libraries in the usa have often been > the target of hostile actions that threaten the first amendment of the > us constitution and the privacy rights of people. through a long string > of legal battles, libraries have earned an extraordinary position that > provides them with the ability to offer services that could land other > people in significant legal battles which become both legally and > politically difficult to close down. > > i'd just like to say thank you to everyone involved in the library > freedom project who came up with the idea and didn't run away from the > fight. this is an excellent beginning. > > if you can, please send your support to the library freedom project. > https://libraryfreedomproject.org/donate > > this is a great victory for today. Thank you! I think I can speak for both mrphs and myself when I say that we are thrilled with the outcome. What we saw last night was an incredible display of community support for free speech and Tor, and an unequivocal rejection of unlawful government intrusion and FUD. The Lebanon Libraries staff and community did something historic; I've been an activist for a long time and I've never been a part of a direct action quite like that. This is what happens when communities come together to resist. Please keep an eye out for more news coverage. The local news in NH has already put something up with a few great quotes from community members present: http://www.vnews.com/home/18620952-95/library-joins-privacy-network If you're on twitter, say hi to @leblibraries or @nhleblibraries -- the second one is library director Sean Fleming, and I know he'd be moved to hear from folks in the Tor community about what his library community did last night. Thanks all for your support. We just had the world's first Tor protest, and it was a wild success. Imagine all the library exit relays we're gonna get now. :) Alison (director of Library Freedom Project) -- tor-talk mailing list - tor-talk at lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk From grarpamp at gmail.com Wed Sep 16 20:46:26 2015 From: grarpamp at gmail.com (grarpamp) Date: Wed, 16 Sep 2015 23:46:26 -0400 Subject: How much/what hardware does the rowhammer DRAM bug affects? In-Reply-To: <720222154.588327.1442433834350.JavaMail.yahoo@mail.yahoo.com> References: <20150916090105.GA2571@sivokote.iziade.m$> <720222154.588327.1442433834350.JavaMail.yahoo@mail.yahoo.com> Message-ID: On Wed, Sep 16, 2015 at 4:03 PM, jim bell wrote: >>From: Georgi Guninski >>This is old, but haven't seen it here. >>https://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html > >>Rowhammer” is a problem with some recent DRAM devices in which >>repeatedly accessing a row of memory can cause bit flips in adjacent >>rows. >>It was able to use this to gain write access to its own page table, and >>hence gain read-write access to all of physical memory. >>There is POC. >>Variant via javascript: >>https://github.com/IAIK/rowhammerjs >>How much/what hardware does this bug affect? > > This brings me back to my stint at Intel, 1980-82, as a new Product Engineer > for the 2186, an 8kx8 pseudostatic (self-refreshing dynamic) RAM. (One of > the first DRAMs to use redundancy to increase yield.) I may have been the > first engineer in the world to see, through a microscope focused on a DRAM > chip, a very quick series of flashes, evidence of the programming (blowing) > silicon fuses on the chip, to program the row- and column-redundancy > information. > > Product engineers were, and presumably still are, responsible for writing > test programs to run chips through their paces, in Intel's case using a > Teradyne computer. > http://www.teradyne.com/products/semiconductor-test/magnum-v > > I don't think the concept of this kind of weakness is new: Even in 1980, > DRAMs were tested for such repeated accesses, to ensure that such errors > would not occur. This was particularly true for a process called "device > characterization", in which chips were attacked in all manner of > electronically-abusive ways, to uncover these weaknesses, and fix the > circuit design should such flaws be uncovered. > One way these techniques could be thwarted is to return to the use of > parity-bits (8+1 parity) in memory access, in DRAM module and computer > design, to whatever extent they are no longer used. Any (successful) > attempt to modify bits in a DRAM would quickly end up causing a parity > error, which would at least show which manufacturer's DRAM chips are > susceptible to this kind of attack. A person who was forced to use a > no-parity computer could, at least, limit his purchases of such modules to > those populated with DRAMs not susceptible to the problem. > Jim Bell Some paper has said systems using ECC RAM are resistant / immune to rowhammer. There is still a fair bump in cost for ECC system however once you've seen your first syslog entry you forget about the cost. Regardless of rowhammer. From coderman at gmail.com Thu Sep 17 00:23:14 2015 From: coderman at gmail.com (coderman) Date: Thu, 17 Sep 2015 00:23:14 -0700 Subject: FOIPA adventures In-Reply-To: References: <000701d0bcb7$94118e80$bc34ab80$@co.uk> Message-ID: another to complete: at least 10 P25 Motorola radios at Department of State. and some not so pretty carpet :P https://www.muckrock.com/foi/united-states-of-america-10/p25count-20177/#file-54797 best regards, From grarpamp at gmail.com Wed Sep 16 21:39:10 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 17 Sep 2015 00:39:10 -0400 Subject: [cryptography] a little help with cookies please In-Reply-To: <17DAA586-BCFB-4C4E-B968-09141DD38688@flownet.com> References: <55F8C87D.4010806@gmx.com> <17DAA586-BCFB-4C4E-B968-09141DD38688@flownet.com> Message-ID: What is of more crypto / security interest is not bandwidth use or even domain or path restrictions, but failure of webdevs to seed and restrict sensitive cookies (like your authenticated session id's) from and to TLS only sessions. Well known top100 sites that still have a legacy http mode fail to do this properly... banks, social, govt, etc. Even sites that immediately 302 your first hit (or other hits) over to https thereafter can be found doing it wrong. Ripe for wifi or wire monitoring based session stealing. From grarpamp at gmail.com Wed Sep 16 21:59:36 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 17 Sep 2015 00:59:36 -0400 Subject: Fwd: Do ethnic Germans have the right to racial and cultural strength? - was Re: At a Berlin church, Muslim refugees converting in droves. In-Reply-To: <20150916123315.GE2571@sivokote.iziade.m$> References: <9a19a1c1-064e-4946-a704-1a8c8a676228@googlegroups.com> <1779111.UxAx0tsn7i@lapuntu> <20150916123315.GE2571@sivokote.iziade.m$> Message-ID: >> defend that an influx of immigrants that amounts to 0,03% (yes, three- Does 3000 case per 10M prevalance of ebola warrant response? Is not religion [viewed as] infectious highly incurable / offensive disease? What is the burden on social bootstrap / welfare systems? These are some of the contexts in which they are thinking. In addition to their fanatical control freakery and head in sand of closed borders. You probably can rightfully protect yourself as a soverign, so long as your walls don't prevent those within from leaving. [spent: 1 non cypher posting credit] From jdb10987 at yahoo.com Wed Sep 16 22:07:51 2015 From: jdb10987 at yahoo.com (jim bell) Date: Thu, 17 Sep 2015 05:07:51 +0000 (UTC) Subject: How much/what hardware does the rowhammer DRAM bug affects? In-Reply-To: References: Message-ID: <598418556.769488.1442466471588.JavaMail.yahoo@mail.yahoo.com> From: grarpamp On Wed, Sep 16, 2015 at 4:03 PM, jim bell wrote: > Product engineers were, and presumably still are, responsible for writing > test programs to run chips through their paces, in Intel's case using a > Teradyne computer. > http://www.teradyne.com/products/semiconductor-test/magnum-v > > I don't think the concept of this kind of weakness is new: Even in 1980, > DRAMs were tested for such repeated accesses, to ensure that such errors > would not occur. This was particularly true for a process called "device > characterization", in which chips were attacked in all manner of > electronically-abusive ways, to uncover these weaknesses, and fix the > circuit design should such flaws be uncovered. > One way these techniques could be thwarted is to return to the use of > parity-bits (8+1 parity) in memory access, in DRAM module and computer > design, to whatever extent they are no longer used. Any (successful) > attempt to modify bits in a DRAM would quickly end up causing a parity > error, which would at least show which manufacturer's DRAM chips are > susceptible to this kind of attack. A person who was forced to use a > no-parity computer could, at least, limit his purchases of such modules to > those populated with DRAMs not susceptible to the problem. > Jim Bell Some paper has said systems using ECC RAM are resistant / immune to rowhammer. There is still a fair bump in cost for ECC system however once you've seen your first syslog entry you forget about the cost. Regardless of rowhammer. You're right, ECC would be even better. ECC should, indeed, be essentially immune from rowhammer, and will correct it and all other sorts of single-bit errors, and they will generally detect all double-bit errors.   However, as you pointed out ECC is presumably much more costly than mere parity bits, not in the least because they have to use more bits of storage. As I vaguely recall, 8 data bits had to be coupled with 4 ECC bits; 16 data/5ECC; 32 data/6 ECC; 64 data/7 ECC; 128 data/8 ECC. This shows that ECC is much more efficient, as word width goes up, which in principle would make its cost penalty easier to take. I haven't been keeping up with DRAM technology like I did in the 70's, 80's, and 90's, but I am not aware if ECC is being easily implemented inside DRAM chips. There was a very early Micron Technology 64Kbit DRAM that, as I recall, had this internal to individual DRAM chips, but it didn't last very long in competition with the jellybean parts. Even more than the cost, I think that ECC added (and maybe still adds) an access-time penalty. Generally, parity-only shouldn't add access time delays. One obscure issue is that if the external memory system detects an error (either parity or ECC), can the microprocessor be instructed to "back up" and reject the recently-acquired byte/word? Most early microprocessors didn't have that ability, which I believe is why those systems had to "wait" for the parity or ECC to be generated and checked.    Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5431 bytes Desc: not available URL: From jdb10987 at yahoo.com Wed Sep 16 22:28:58 2015 From: jdb10987 at yahoo.com (jim bell) Date: Thu, 17 Sep 2015 05:28:58 +0000 (UTC) Subject: How much/what hardware does the rowhammer DRAM bug affects? In-Reply-To: <20150917045103.GA2746@sivokote.iziade.m$> References: <20150917045103.GA2746@sivokote.iziade.m$> Message-ID: <182703757.6064.1442467738591.JavaMail.yahoo@mail.yahoo.com> From: Georgi Guninski On Wed, Sep 16, 2015 at 11:46:26PM -0400, grarpamp wrote: >> Some paper has said systems using ECC RAM are resistant / immune>> to rowhammer. >> There is still a fair bump in cost for ECC system >> however once you've seen your first syslog entry >> you forget about the cost. Regardless of rowhammer. >ECC appears controversial:   http://blog.erratasec.com/2015/03/some-notes-on-dram-rowhammer.html >Update: This is really just meant as a primer, as background on the i>ssue, not really trying to derive any conclusions. I chatted a bit >Chris Evans (@scarybeasts) from google about some of those conclusion, >so I thought I'd expand a bit on them. >Does ECC protect you? Maybe not. While it will correct single bit flips >most of the time, it won't protect when multiple bits flip at once. Not exactly. Generally, ECC with enough correction bits will at least detect all double-bit errors, although it will not correct those errors. And I can't say for sure how generally this is in use, but I think a competently-designed ECC system will use the regular refresh cycles to "sweep" for correctable single-bit errors, and correct virtually all of them, before they turn into double-bit errors. >The hacker may be able to achieve this with enough tries. Remember: the>hacker's code can keep retrying this until it succeeds, even if that>takes hours. However, the profusion of corrected single-bit can be used to alert, and uncorrectable double-bit errors will probably cause a system exception that will inform the system operator that something is going on. Remember, it is likely that different manufacturer's DRAM designs might differ in sensitivity to rowhammer (or other deliberate failure mode) by a factor of 10:1, 100:1, or even 1000:1. The word can, and will, quickly get out what manufacturers sensitivity is, and the market will quickly result in improvement for designs and thus, new systems. Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4465 bytes Desc: not available URL: From jya at pipeline.com Thu Sep 17 04:12:29 2015 From: jya at pipeline.com (John Young) Date: Thu, 17 Sep 2015 07:12:29 -0400 Subject: JYA and Cryptome Passphrase Are Secure Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 JYA and Cryptome passphrases are secure. Plaintext discovered not related to Cryptome, with alternative to decrypt: original not scrubbed. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wsFVAwUBVfqf1UkY+k7YfUNsAQiovg/7BxJIAHhEUL65hjh4XsvwJlS91R1jE0zw LYBiut1uLPga1TZDH8L3NQP7Vq0y18yvsmch5n6Gy5AhQWbSZ7sJ2xP+ULc6uK+b MNpdaaCIgBVH4e83DVhyEh68r8qJ1fOhElW6WaLxXiPvDA/8WGKAhkpfR1/ghNpe SdbaY8PKIYzGYnXaESNhTKfsaiykO6FlaGMSYfyCe5Z4iEzB5HgCYLH1Nb+G91Q6 C2gcQSf6vBCzoPK99FxSAmqEahlECI1tNKJg5pH7uY3otzbuV7CcJ9Yn27MbrQvk dXJBIr1oMekz4d8Dp3b0hAvL394stKWsP5GfbZ4vvgltBKL0lVOwYMOFuHDXGTmb nANIUXvgbiIRUdX0u3uqk7I1NiChEGGwtA+7g4wTIqUy6SfviA0nTCu5Elka4T+j 32NLlxDpmLIM1KZ6t5YELz7CYVv2JYMNiOWkyAJOXbCglrJvpyvbyRLMuOEMgieD eICPHknwiHAdzI40eWVLpPaet0VKyqOvNb1cnjcA+NBUpH+idmcosNEBpvZVbZb0 99/4ii68qqz26N3xeIPxvmoSx9iXXRMUip4Iku4pQrbac64D/X3pck0ryd6yCaxU 8TldVI0oQVozp8H8VrP0ZICG+Y1vg//GYNorSJkoL3P3svwDfm/3WdcblWUrxhFw XVyThcbWdxQ= =XoD0 -----END PGP SIGNATURE----- From guninski at guninski.com Wed Sep 16 21:51:03 2015 From: guninski at guninski.com (Georgi Guninski) Date: Thu, 17 Sep 2015 07:51:03 +0300 Subject: How much/what hardware does the rowhammer DRAM bug affects? In-Reply-To: References: <20150916090105.GA2571@sivokote.iziade.m$> <720222154.588327.1442433834350.JavaMail.yahoo@mail.yahoo.com> Message-ID: <20150917045103.GA2746@sivokote.iziade.m$> On Wed, Sep 16, 2015 at 11:46:26PM -0400, grarpamp wrote: > > > Some paper has said systems using ECC RAM are resistant / immune > to rowhammer. > > There is still a fair bump in cost for ECC system > however once you've seen your first syslog entry > you forget about the cost. Regardless of rowhammer. ECC appears controversial: http://blog.erratasec.com/2015/03/some-notes-on-dram-rowhammer.html === Update: This is really just meant as a primer, as background on the issue, not really trying to derive any conclusions. I chatted a bit Chris Evans (@scarybeasts) from google about some of those conclusion, so I thought I'd expand a bit on them. Does ECC protect you? Maybe not. While it will correct single bit flips most of the time, it won't protect when multiple bits flip at once. The hacker may be able to achieve this with enough tries. Remember: the hacker's code can keep retrying this until it succeeds, even if that takes hours. === From jya at pipeline.com Thu Sep 17 05:24:07 2015 From: jya at pipeline.com (John Young) Date: Thu, 17 Sep 2015 08:24:07 -0400 Subject: JYA and Cryptome Passphrase Are Secure In-Reply-To: <20150917112055.GB5722@sivokote.iziade.m$> References: <20150917112055.GB5722@sivokote.iziade.m$> Message-ID: It's PGP, not GP nor P. At 07:20 AM 9/17/2015, Georgi Guninski wrote: >On Thu, Sep 17, 2015 at 07:12:29AM -0400, John Young wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA256 > > > > JYA and Cryptome passphrases are secure. Plaintext discovered > > not related to Cryptome, with alternative to decrypt: original not > > scrubbed. > > > >Would you bet your life on this? > >Secure to ``thermal'' cryptoanalysis? > >This header, unless spoofed on purpose: > >X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 > >suggests at least m$ and the nsa can easily >obtain your passphrases... From guninski at guninski.com Wed Sep 16 22:36:33 2015 From: guninski at guninski.com (Georgi Guninski) Date: Thu, 17 Sep 2015 08:36:33 +0300 Subject: How much/what hardware does the rowhammer DRAM bug affects? In-Reply-To: <720222154.588327.1442433834350.JavaMail.yahoo@mail.yahoo.com> References: <20150916090105.GA2571@sivokote.iziade.m$> <720222154.588327.1442433834350.JavaMail.yahoo@mail.yahoo.com> Message-ID: <20150917053633.GB2746@sivokote.iziade.m$> On Wed, Sep 16, 2015 at 08:03:54PM +0000, jim bell wrote: > This brings me back to my stint at Intel, 1980-82, as a new Product Engineer for the 2186, an 8kx8 pseudostatic (self-refreshing dynamic) RAM. (One of the first DRAMs to use redundancy to increase yield.) I may have been the first engineer in the world to see, through a microscope focused on a DRAM chip, a very quick series of flashes, evidence of the programming (blowing) silicon fuses on the chip, to program the row- and column-redundancy information. > Product engineers were, and presumably still are, responsible for writing test programs to run chips through their paces, in Intel's case using a Teradyne computer. http://www.teradyne.com/products/semiconductor-test/magnum-v > I don't think the concept of this kind of weakness is new: Even in 1980, DRAMs were tested for such repeated accesses, to ensure that such errors would not occur. This was particularly true for a process called "device characterization", in which chips were attacked in all manner of electronically-abusive ways, to uncover these weaknesses, and fix the circuit design should such flaws be uncovered. One way these techniques could be thwarted is to return to the use of parity-bits (8+1 parity) in memory access, in DRAM module and computer design, to whatever extent they are no longer used. Any (successful) attempt to modify bits in a DRAM would quickly end up causing a parity error, which would at least show which manufacturer's DRAM chips are susceptible to this kind of attack. A person who was forced to use a no-parity computer could, at least, limit his purchases of such modules to those populated with DRAMs not susceptible to the problem. Jim Bell I don't understand hardware and have some questions The POC appears non-deterministic per the nature of the bug. 1. If I run the POC for time X and it fails, does this mean it will fail if I run it for time 100 X? 2. Does increasing the temperature in the box (near or above overheating) increase the chance for success? 3. If you have computer near you, can you induce bit flips on purpose remotely, without executing code on it? (lol, AFAICT if you wait looooong enough cosmic rays will this for you for free, but I am asking about realistic attack). From guninski at guninski.com Wed Sep 16 22:52:13 2015 From: guninski at guninski.com (Georgi Guninski) Date: Thu, 17 Sep 2015 08:52:13 +0300 Subject: How much/what hardware does the rowhammer DRAM bug affects? In-Reply-To: <182703757.6064.1442467738591.JavaMail.yahoo@mail.yahoo.com> References: <20150917045103.GA2746@sivokote.iziade.m$> <182703757.6064.1442467738591.JavaMail.yahoo@mail.yahoo.com> Message-ID: <20150917055213.GC2746@sivokote.iziade.m$> On Thu, Sep 17, 2015 at 05:28:58AM +0000, jim bell wrote: > However, the profusion of corrected single-bit can be used to alert, and uncorrectable double-bit errors will probably cause a system exception that will inform the system operator that something is going on. > Remember, it is likely that different manufacturer's DRAM designs might differ in sensitivity to rowhammer (or other deliberate failure mode) by a factor of 10:1, 100:1, or even 1000:1. The word can, and will, quickly get out what manufacturers sensitivity is, and the market will quickly result in improvement for designs and thus, new systems. Jim Bell You assume sound market, sound buyers and sound users. IMHO these assumptions are false. rowhammer is at least 6 months old. Are there any market changes supporting your claim? From hettinga at gmail.com Thu Sep 17 06:33:02 2015 From: hettinga at gmail.com (Robert Hettinga) Date: Thu, 17 Sep 2015 09:33:02 -0400 Subject: JYA and Cryptome Passphrase Are Secure In-Reply-To: References: <20150917112055.GB5722@sivokote.iziade.m$> Message-ID: <221CA16A-96FB-47CA-BD34-5831ADE96AD2@gmail.com> > On Sep 17, 2015, at 8:24 AM, John Young wrote: > > It's PGP, not GP nor P. > >> >> X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 The cobbler’s children have no shoes. :-) Cheers, RAH Who’s blown up so many keys in so many dead hard drives, it’s not worth it anymore. Key management is hard. From Rayzer at riseup.net Thu Sep 17 09:38:44 2015 From: Rayzer at riseup.net (Razer) Date: Thu, 17 Sep 2015 09:38:44 -0700 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <55FA2E0D.5010306@echeque.com> References: <6619420.kEgClR5EXu@lapuntu> <55FA2E0D.5010306@echeque.com> Message-ID: <55FAEC94.3000408@riseup.net> On 09/16/2015 08:05 PM, James A. Donald wrote: > McCarthy was right to defend the US against Soviet influence Know the nice thing about flags James? They're all the same color when they burn. My mommy was a pink-diaper commie, and I'm an anarchist, and no one has ANY right to prevent anyone or any society from trying to influence my decisions. I'm much more concerned with Western media trying to influence my opinions so they can sell advertising space to influence me about crap I'm supposed to have to be socially 'normative' to a murderous and Earth-destroying '5 planet lifestyle'. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: From guninski at guninski.com Thu Sep 17 00:25:39 2015 From: guninski at guninski.com (Georgi Guninski) Date: Thu, 17 Sep 2015 10:25:39 +0300 Subject: How much/what hardware does the rowhammer DRAM bug affects? In-Reply-To: References: <20150916090105.GA2571@sivokote.iziade.m$> <720222154.588327.1442433834350.JavaMail.yahoo@mail.yahoo.com> Message-ID: <20150917072539.GA5722@sivokote.iziade.m$> On Wed, Sep 16, 2015 at 11:46:26PM -0400, grarpamp wrote: > > > Some paper has said systems using ECC RAM are resistant / immune > to rowhammer. > > There is still a fair bump in cost for ECC system > however once you've seen your first syslog entry > you forget about the cost. Regardless of rowhammer. http://users.ece.cmu.edu/~omutlu/pub/dram-row-hammer_kim_talk_isca14.pdf p. 32 of the PDF: – Simple ECC (e.g., SECDED) cannot prevent all errors From wikipedia: Tests show that simple ECC solutions, providing single-error correction and double-error detection (SECDED) capabilities, are not able to correct or detect all observed disturbance errors because some of them include more than two flipped bits per memory word.[1]:8[11]:32 https://en.wikipedia.org/wiki/Row_hammer#cite_ref-isca14-talk_11-0 From nymble at gmail.com Thu Sep 17 10:52:09 2015 From: nymble at gmail.com (Nymble) Date: Thu, 17 Sep 2015 10:52:09 -0700 Subject: LTE in Wi-Fi bands In-Reply-To: <55D427C8.1020005@m-o-o-t.org> References: <55D2E3D0.6020608@m-o-o-t.org> <325681106.2138497.1439922195133.JavaMail.yahoo@mail.yahoo.com> <55D427C8.1020005@m-o-o-t.org> Message-ID: <381766F4-A43B-4635-8798-606D726ABC02@gmail.com> Cells phones in 2016 will start to use Wi-Fi bands for LTE: http://goo.gl/s2Vsrz There goes our free use of spectrum. There has been no adiquate effort by Qualcomm to demonstrate that LTE-U will compete fairly for band usage against Wi-Fi. > On Aug 18, 2015, at 11:52 PM, Peter Fairbrother wrote: > > On 18/08/15 19:23, jim bell wrote: >> *From:* Peter Fairbrother >> >> *Subject:* Re: Recommended Movie: "Sebastian" 1968. >> >> On 18/08/15 03:46, jim bell wrote: >> >> >> >> Since people seem to be recommending things, I recommend the movie >> >> "Sebastian". Dirk Bogarde, Susannah York. >> >> https://www.youtube.com/watch?v=bIK3OYnD9MY >> >> >> Out of date even when it was made, I think it really represents the >> >> cryptography situation as of the 1930's. >> >> >Based on a screenplay by Leo Marks - author of Between Silk and Cyanide: >> >A Codemaker's War 1941-1945. >> >Essential reading. Leo was the codemaker for SOE. All hand ciphers and >> >agents. >> >He wasn't at Bletchley - who called him "the one who got away" - though, >> >and so no machine ciphers. >> >The Silk in the title was for OTPs which could be hidden in clothing >> >from Gestapo/SS searches. >> >As I said, essential reading. >> >> >> The tv show 60 Minutes spilled the beans about Enigma in 1975. >> http://www.cbsnews.com/videos/the-ultra-secret/ > > > Not sure that was the one to spill the beans. I thought it was Winterbotham's 1974 book of the same name which first got the idea across to the public; though there was a French book in 1973 as well. > > Like Winterbotham's book, which the TV show seems to be based on, it's also a bit confused and/or inaccurate. Much of what they tell - the conversations between Hitler and his generals, "knowing Hitler's most secret thoughts", and Hitler's message re Anzio which Gen Clark read - came from the breaking of the Lorentz SZ40, not the Enigma. Colossus, not Bombe. > > And the Coventry story is fiction [1]. Churchill could not have been told the target from ULTRA decrypts. The ULTRA decrypts are now available in public records, and they do not mention Coventry. > > > > [1] My theory: Probably it began as a story made up to impress the need to keep the ULTRA secret - "hey if the man at the door with the revolver who just threatened to shoot you doesn't impress you, Churchill allowed [2] the bombing of Coventry in order to keep the secret". > > Later the story became an accusation, then a rumour, then a play - though by the time it became a play it was becoming obvious that ULTRA wasn't involved, and the motive for allowing the bombing changed to "Impressing the Americans" [3]. > > I can easily imagine someone telling Winterbotham the story (Winterbotham was the one who first told the Coventry story in public). > > I can also imagine Winterbotham repeating the story, in confidence, in order to impress the listener with the need to keep the secret (and with W himself) so often that he didn't know whether it was true or not (he didn't claim to be personally involved). > > Good story, and Churchill was probably capable of it - but it ain't true. > > > > [2] not that there was anything he could have done to stop the bombing, but for the sake of the narrative .. > > > [3] requiring an even wilder suspension of belief, IME > > >> What most people didn't realize was that the controversy was due to the >> fact that rotor-driven cipher machines had been continued to be sold in >> the post-WWII era, without their weakness being recognized. This >> allowed the CIA/GCHQ to continue to decrypt enciphered messages for >> decades afterwards. > > > Yes - but Leo Marks wasn't involved in that. He ~ stopped being a cryptographer when SOE was broken up at the end of the war. > > What he did was hand ciphers, for agents in occupied countries - they couldn't carry cipher machines. > > There is nothing else like Between Silk and Cyanide in the crypto literature. Crypto at the cutting edge, where a mistake is a painful death, and likely worse. > > More, it is about how a cryptographer and his work interact with the world. > > I would not like to have been Leo (I met him once), but hell if I don't respect him. > > There is a TV documentary about him, called "A Very British Psycho" - an apt title. > > > > -- Peter Fairbrother From chgans at gna.org Wed Sep 16 17:33:37 2015 From: chgans at gna.org (Christian Gagneraud) Date: Thu, 17 Sep 2015 12:33:37 +1200 Subject: Fw: WiFi router networking? In-Reply-To: <55FA0458.1070800@pilobilus.net> References: <1811219623.44975.1442305689250.JavaMail.yahoo@mail.yahoo.com> <1750318527.299602.1442337670721.JavaMail.yahoo@mail.yahoo.com> <55FA0458.1070800@pilobilus.net> Message-ID: <55FA0A61.6080501@gna.org> On 17/09/15 12:07, Steve Kinney wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 09/15/2015 01:21 PM, jim bell wrote: >> >> >> Has anyone heard of an idea to use individual WiFi routers to >> communicate in a mesh net? (Or, at least differently than it >> may have been done before.) If you look at a map of WiFi >> routers (www.wigle.net) in any given area, you will see that >> the vast majority of routers are physically close to many >> other routers, certainly close enough to communicate with each >> other, and ultimately over a long distance. A crowd-sourced >> communication system, one that wouldn't necessarily go through >> the Internet backbone. Conceptually related to the Bittorrent >> system. I just found this: >> https://en.wikipedia.org/wiki/Wi-Fi_Direct > > A friend turned me on to this some time ago. I have yet to set up > any mesh networks but it does look VERY promising. > > http://hsmm-mesh.org/ This might be of interest too: https://freifunk.net/en/ Chris > > :o) > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQIcBAEBAgAGBQJV+gRWAAoJEDZ0Gg87KR0L55UP/0hIU5rXZbuw0hdLu2HzLiM8 > ThqwIFN2r9hgQmrbmMAKoW6gRCKyllqR9Tdpzc6euP6cTdeIt8PYb37PTljCNKuj > Ce/Jp0QsVbtKXUhww1MKOSVR5rARhxU5YfN6bjDN3Ivq6FKIXFwrSg2dXnq+DC3f > XI56/TeBgRKKv6cZYHULFBCbsxfptf/26yhCMF83TbXxYLA+W262DHpVTi26s0xw > 2lmuBpvyz7P9mCQcsM/PtJHPdkbY7OSdw9YahVaWcVvXcIFtLHCKvpUs+7E8SFHM > BrgjRrC+Ti2aMwCdCRwp9T8YXD16JMbAld52n3TdHnNLNnwNYC4xYwliXOm1KYRq > WFdVVYfL471otl5vjKMBx17NAkk0xr3acP0hetlP2hGCRV+mqFN4id/QlwkMhpcZ > Ff68yekEPsVtDbqWeD5YqZQTQgVBJBvlZCOTUtlxrLpmt1LKiyuwjKL9awfxJfvu > aI4MWxb3wHaU86GU0JVG8dyeRlQEuEMAgtSq8V1ha6BVw+HT+dWxVXFioNegBOwp > p1IgfLo3A7PJ7kB8XrPDzMQ5vdIvTqDnl/yotCU66qZPL/Je0HdMlQ5j3ROJFbG2 > 5RBaIGQ4ii2ep6Ku+EnRJmk021Zp59o8dCM00vLBNvFMIk7cmDvhUH7uylq1uBjO > JR6lo32GZPfKXfK5D97I > =HR+9 > -----END PGP SIGNATURE----- > From grarpamp at gmail.com Thu Sep 17 09:33:48 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 17 Sep 2015 12:33:48 -0400 Subject: Fwd: Do ethnic Germans have the right to racial and cultural strength? - was Re: At a Berlin church, Muslim refugees converting in droves. In-Reply-To: <55FABDE0.8020401@cathalgarvey.me> References: <9a19a1c1-064e-4946-a704-1a8c8a676228@googlegroups.com> <1779111.UxAx0tsn7i@lapuntu> <20150916123315.GE2571@sivokote.iziade.m$> <55FABDE0.8020401@cathalgarvey.me> Message-ID: On Thu, Sep 17, 2015 at 9:19 AM, Cathal Garvey wrote: > Maybe, just maybe, "National Identity"/"Racial and Cultural Strength" is a > load of bullshit, and far more of a threat to human flourishing than > believing in usually-benevolent Sky Gods. It's all bs and all a threat, definitely including believers in sky gods. Except for maybe the FSM. From grarpamp at gmail.com Thu Sep 17 09:42:59 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 17 Sep 2015 12:42:59 -0400 Subject: How much/what hardware does the rowhammer DRAM bug affects? In-Reply-To: <20150917072539.GA5722@sivokote.iziade.m$> References: <20150916090105.GA2571@sivokote.iziade.m$> <720222154.588327.1442433834350.JavaMail.yahoo@mail.yahoo.com> <20150917072539.GA5722@sivokote.iziade.m$> Message-ID: Some ballyhoo about rowhammer was like "look we can flip a single bit and get root". Obviously if you're going for multibit carnage ECC doesn't help much. https://en.wikipedia.org/wiki/ECC_memory https://en.wikipedia.org/wiki/Hamming_code From jamesd at echeque.com Wed Sep 16 20:05:49 2015 From: jamesd at echeque.com (James A. Donald) Date: Thu, 17 Sep 2015 13:05:49 +1000 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <6619420.kEgClR5EXu@lapuntu> References: <6619420.kEgClR5EXu@lapuntu> Message-ID: <55FA2E0D.5010306@echeque.com> On 2015-09-10 08:52, rysiek wrote: > Dnia środa, 9 września 2015 08:21:36 John Young pisze: >> This from the journalists who check with USG before publishing Snowden >> documents as Snowden allegedly requires "to avoid harm to the US." >> >> Fingerpointing at Putin is obligatory for those working the Broadcasting >> Board of Governors propaganda beat. > > The fact that A is evil, and A is B's adversary, doesn't automagically make B > not evil. > > The fact that there's a lot wrong with US of A, and USA and Russia don't > really cooperate well, does not make what's happening in Russia magically > okay. The fact that Russia is being subverted by the USA, that the USA is attempting to overthrow the Russian government, does make that government's efforts to defend itself and its people against foreign influence OK. McCarthy was right to defend the US against Soviet influence, and Putin is right to defend Russia against US influence. From grarpamp at gmail.com Thu Sep 17 10:54:00 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 17 Sep 2015 13:54:00 -0400 Subject: US New Hampshire Needs Help Accepting Bitcoin For Taxes Message-ID: https://www.reddit.com/r/Bitcoin/comments/3l9cpq/tomorrow_0917_nh_will_try_to_pass_a_bill_to_allow/ http://www.gencourt.state.nh.us/house/committees/billtext.aspx?billnumber=HB0552.html Tomorrow 09/17 NH will try to pass a bill to allow bitcoins to be used as a form of payment for taxes in the state. If you live in NH you can help by emailing them with your opinion. Link on comments. https://www.reddit.com/r/Bitcoin/comments/3l9fhi/tomorrow_im_testifying_in_favor_of_new_hampshire/ http://blog.lbry.io/testimony-to-subcommittee-on-hb552-to-legalize-bitcoin-for-payments-of-taxes-and-fees/ Tomorrow I'm Testifying in Favor of New Hampshire Accepting Bitcoin for Taxes and Fees From grarpamp at gmail.com Thu Sep 17 11:06:11 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 17 Sep 2015 14:06:11 -0400 Subject: [tor-talk] Torrents real-time and dynamic blocklist In-Reply-To: References: <55FA9165.5010909@gmail.com> Message-ID: On Thu, Sep 17, 2015 at 6:09 AM, Aymeric Vitte wrote: > Get the torrent dynamic blocklist: http://peersm.com/getblocklist > There is an annual fee to access the blocklist in order to finance this > work, make it evolve and finance our other privacy oriented projects. > Peersm : http://www.peersm.com/ Note that every post by this user advertises their own system / application of "torrenting". I say nothing more than that, do your own research. From grarpamp at gmail.com Thu Sep 17 11:15:16 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 17 Sep 2015 14:15:16 -0400 Subject: Fwd: [Cryptography] WashPo: Leaked NSC Memo on Encryption In-Reply-To: References: Message-ID: ---------- Forwarded message ---------- From: Henry Baker Date: Wed, Sep 16, 2015 at 8:38 PM Subject: [Cryptography] WashPo: Leaked NSC Memo on Encryption To: cryptography at metzdowd.com FYI -- This is my OCR'd version of the National Security Council memo leaked to the Washington Post and available at the link below. The pdf of the original looks like it was typed on a *manual* typewriter -- the NSC clearly following the lead of Russia to avoid being intercepted electronically! [The irony of the NSC using a manual typewriter for a memo on encryption is truly delicious!] http://www.theguardian.com/world/2013/jul/11/russia-reverts-paper-nsa-leaks The most distressing part of this memo is its obscene disregard for the Constitution. The only "stakeholders" -- according to this NSC memo -- in favor of "civil liberties" and "human rights" seem to be organizations -- e.g., the EFF and the ACLU; ordinary citizens are apparently not "stakeholders", and have no "stake" in this discussion. Of course, every time someone uses the term "stakeholder", the only images that come to mind are those scenes from black-and-white horror movies in which the townspeople are chasing a vampire with wooden stakes that they intend to drive through his heart! http://apps.washingtonpost.com/g/documents/national/read-the-nsc-draft-options-paper-on-strategic-approaches-to-encryption/1742/ REVIEW OF STRATEGIC APPROACHES Option 1: Disavow Legislation and Other Compulsory Actions Engagement Strategy and timeline Z September: Outreach to foreign allies to signal our strong resistance to efforts to compel access; outreach to U.S. industry, the technology community, and civil society to coordinate messaging; attempt to convince other allies to come out with a similar statement at the same time. Z October: The President issues a statement strongly disavowing legislation or other efforts to compel access and calling on U.S. industry to resist efforts by other nations to compel access; coordinated industry and civil society statements of support; coordinated foreign partner statements of agreement. Z November: Outreach to other governments to bring more allies in alignment with our position; outreach to U.S. industry to build voluntary cooperation in the absence of compulsion; host public discussions and debates on encryption policy with U.S. industry and foreign allies. Top Line Message Z The problem of criminals using strong encryption to frustrate law enforcement's information gathering is a real and growing problem but we have not found a secure, practical solution. Z People around the world rely on the security of U.S. products and services in their daily lives. Mandating the design of those systems to include known vulnerabilities makes all of us less safe and undermines trust in these digital services. Z It is critical that law enforcement be able to access the information that it needs to protect public safety and national security. We will continue to use all of the tools available to us lawfully to keep American citizens safe. Z Overall, the benefits to privacy, civil libertine, and cybersecurity gained from encryption outweigh the broader risks that would have been created by weakening encryption. Z Accordingly, the Administration will not seek legislation that compels providers to design their products to enable government access to encrypted information, even pursuant to lawful process. Z We expect that foreign governments will also take a hard look at this difficult issue, and hope that they will come to the same conclusion. We call on U.S. industry to resist efforts by other governments to mandate such access. Impact on Policy Equities Public Safety and National Security. In the near term, this approach would not provide any relief to law enforcement efforts to counter the increasing use of encryption by criminals, including terrorists. As a result, the public safety drawbacks would be significant, though the precise extent of the drawback versus other proposals is unclear because bad actors will increasingly be able to frustrate law enforcement efforts to access their communications through lawful process. This approach would remove technology companies' most consistent grievance with the Administration, which could improve cooperation across a range of important priorities on technology issues including, but not limited to, encryption. It may also foster better cooperation on information that is not encrypted and will not fracture the Internet products and services market which may also preserve better access to unencrypted information, thus aiding public safety/national security. Cybersecurity. Pro-encryption statements from the government could also encourage broader use of encryption, which would also benefit global cybersecurity. Further, because any new access point to encrypted data increases risk, eschewing mandated technical changes ensures the greatest technical security. At the same time, the increased use of encryption could stymie law enforcement's ability to investigate and prosecute cybercriminals, though the extent of this threat over any other option is unclear as sophisticated criminals will use inaccessible encryption. Economic Competitiveness. This approach could help undercut foreign competitors' criticisms that U.S. companies' products are instruments of U.S. mass surveillance, and would clearly differentiate U.S. policy from moves by China and others to mandate decryption. However, if other markets do not follow our lead, and instead demand access, it is more difficult to assess the impact of this approach. On the one hand, U.S. companies could be forced to avoid those markets or develop access solutions. On the other, the failure of some nations to follow the U.S. lead could bolster the reputation of the United States as a leading source of technically secure products and. services. Civil Liberties and Human Rights. Domestically, many privacy and civil liberties advocates would regard this approach as a significant step in defense of privacy and free expression around the world. If other nations follow our lead or companies successfully resist country demands, this approach could limit repressive regimes' willingness to demand access to encrypted information, which likely would help protect dissidents and other communities in danger of human rights violations. Likely Reaction of Key Stakeholders Industry and Civil Society. This sector would strongly support this approach. Other Governments. Likely to be divided. This position would contradict the stated policy of some allies (e.g., the United Kingdom, France, and the Netherlands) who argue that governments should not allow “safe spaces” for extremists. As a result, those allies could criticize the U.S. position as endangering the safety of their citizens. Other foreign partners that are strong advocates for free expression online and have not argued for government access to encrypted information (e.g., Germany and Estonia) are more likely to support this approach. Pros Z Some in industry have indicated that a strong statement disavowing legislation is a precondition to voluntary cooperation with the United States Government. Since the prospects of legislation are dim, this approach could help build cooperation without limiting broader policy options. Z Counters the narrative that the United States is seeking to expand its surveillance capability at the expense of cybersecurity, and could help repair trust in the United States Government and U.S. companies overseas. Z A strong statement from the United States could make it more difficult for authoritarian regimes to seek compulsory legislation, although working group participants are divided on whether adopting this approach would actually stop such calls. Z May weaken future calls for data localization since it will be harder for other countries to claim they are “protecting” their citizens' data from the United States. Z Could provide some positive benefit for U.S. negotiations on the U.S.-EU Data Protection and Privacy Agreement, Safe Harbor, and Transatlantic Trade and Investment Partnership. Z Is the strongest option for cybersecurity, economic competitiveness and civil liberties and human rights. Cons Z This approach provides no immediate solution to the challenges that the expanding use of encryption poses to law enforcement and national security today and is the weakest option from that perspective. Z Some working group participants argue this approach would remove a key point of leverage -- the threat of legislation in our negotiations with industry (although few, if any, in industry likely find this threat to be credible). Z U.S. providers have not indicated they would be willing to voluntarily modify their systems to enable law enforcement access to encrypted information, even if the government were to eschew legislation, and could result in the United States being isolated in its position. Option 2: Defer on Legislation and Other Compulsory Actions This option could be pursued with two distinct goals in mind. Under option 2(a), the Administration would seek industry's voluntary assistance to modify their technology to address law enforcement's concerns. Under option 2(b), the Administration would accept the current status quo and not seek technical modifications, but would still ask providers to assist law enforcement in any way that they can within their current technological framework. In either case, these calls for assistance could be done publicly or privately, depending on the preferred engagement framework. Engagement Strategy and Timeline Z September: Outreach to foreign allies to assess their positions; signal to allies that the United States does not think legislation is the right way forward at this time; work with other governments to identify voluntary action by industry that would help to mitigate their concerns; outreach to U.S. industry to coordinate messaging. Z October: The President issues a statement disavowing legislation, but acknowledges the serious challenges posed by encryption for public safety and national security; secure coordinated statements of support or agreement from industry, civil society, and partner nations. Z October-November: Outreach to foreign allies in the wake of the statement to bring more allies in alignment with our position; outreach to U.S. industry to build voluntary cooperation in the absence of compulsion; if some allies persist in demanding access, consider whether the United States Government should highlight the difference in positions and the U.S. emphasis on privacy-protections. Z Post-November: Host public discussions on encryption policy with U.S. industry and foreign allies; should foreign allies demand and secure access, consider whether to call upon U.S. industry to provide the same access to the United States Government. Top Line Message Z The United States is not seeking legislation at this time to compel providers to change their products to enable government access to encrypted information pursuant to lawful process. Z At this point, legislation appears neither feasible or easily draftable. We need considerable public discussion before we would be in position to contemplate a legislative solution. Z However, we also cannot ignore the barriers that inaccessible encryption can create to law enforcement's critical need to investigate and prosecute criminals, including terrorists -- and the threat these barriers create for public safety. Impact on Policy Equities Public Safety and National Security. Does not reverse the long- term trend of increasing use of encrypted technologies by criminals, but could open potential avenues for cooperation with industry, without removing all law enforcement leverage (although working group participants disagree on whether calling for legislation will provide meaningful leverage). Some working group participants, however, have indicated they think it unlikely that industry will be willing to voluntarily modify their technology -- even if the threat of legislation is removed. This suggests that Option 2(a), in which the Administration would seek such technical modifications, is unlikely to succeed. However, unlike option 1, it retains flexibility on the approach should the public safety picture deteriorate to overtake competing equities. This approach would also make compromise with foreign governments not currently seeking legislation easier, but would still provide some help in resisting attempts by governments like China to use encryption policies to skew markets or oppress citizens by retaining strong public statements (e.g., “will not seek legislation”). Cybersecurity. Could encourage the use of more encryption, which would likely be good for cybersecurity. If a statement under this approach is perceived as positive but not sufficiently strong, however, this could be less successful in forestalling other nations from pursuing encryption-weakening measures. Also, because any access point to encrypted data increases risk, if government efforts to secure access are successful, this approach would reduce cybersecurity. However, the degree of impact on cybersecurity would vary significantly, and could be great or small, depending on the specific policy and technical decisions. Economic Competitiveness. Could have a positive, though incomplete, effect in removing barriers to Administration engagement with the tech sector on this issue. Removing the prospect of United States Government calls for legislation would likely have positive effects on international competitiveness. If long-term successful in gaining government access, this option would significantly harm economic competitiveness though the harm might be somewhat mitigated if there was broad international success in getting government access. Civil Liberties and Human Rights. Some will be dissatisfied with lack of outright disavowal, but may appreciate the pragmatic recognition of the practical limitations of a mandated approach. However, others almost certainly will continue to have concerns about government access to encrypted information being used to suppress dissident populations. Should some companies cooperate voluntarily and enable government access, the United States Government will need to accept that other nations -- including some repressive ones -- will use this access as well. Likely Reaction of Key Stakeholders Industry and Civil Society. Although industry and civil society may be less positive to this approach than a hardline disavowal, those communities would likely see this outcome as a solid win. However, further government pressure on industry to build access into their products would likely generate negative reactions. Therefore, it is likely that Industry and Civil Society would have a much better reaction to Option 2(b), which does not seek technical modifications, than to Option 2(a), which does. Other Governments. Allied governments that prefer an access regime may push back on the core U.S. message. However, those governments likely would react more positively to this approach than a complete disavowal of government access to encrypted information. Pros Z Responds to a key ask from industry, although industry might prefer a stronger statement. To the extent that industry is satisfied with the strength of the statement, this approach could help build cooperation without limiting broader policy options. Z Could help counter the narrative that the United States is seeking to expand its surveillance capability, and help repair trust in the United States and U.S. companies overseas. Z Could allow the United States to serve as a broker between pro-access allies (e.g., United Kingdom, France, and the Netherlands), and U.S. industry, which could mitigate some demands from foreign partners and ensure U.S. companies do not have to build multiple access regimes. Z If long-term successful in gaining government access, this option would help public safety and national security. Cons Z Could lead to disparate approaches by governments to the encryption issue, leading to more or different compliance regimes that U.S. companies will need to comply with, which could have a negative effect on their economic competitiveness. Z Does not provide an immediate solution to the challenges that the expanding use of encryption poses to law enforcement. Without a disavowal of legislation, many U.S. technology companies in the long term likely will not pursue voluntary design changes in products and services to enable access for law enforcement. Z If long-term successful in gaining government access, this option would harm cybersecurity, economic competitiveness and civil liberties and human rights. Option 3: Remain Undecided on Legislation or Other Compulsory Actions Engagement Strategy and Timeline Z September: Outreach to foreign allies to assess their positions; Private outreach to key industry leaders to argue that we need a more fulsome policy discussion before we decide how to proceed. Z October: Organize or participate in closed-door, small group discussions with U.S. industry to facilitate a more in-depth policy discussion. At the same time, organize bilateral and multilateral conversations with foreign partners to discuss the challenges and how to proceed. Z November: High-level Administration statement highlights initial discussions, outlines key challenges, distills a few key questions and principals, and announces a meeting or series of meetings (potentially both domestic and international) to discuss and debate these key questions. Z December: After the discussions, reassess our position and determine whether to take a position on encryption legislation or to continue to call for discussion. Top Line Message Z The President has said that there is no situation in which you wouldn't want strong encryption. Z At the same time, there are situations in which the government cannot obtain information related to a specific potential national security threat. If there is not a way of accessing that information and protecting the American public, then the Administration believes need to have a public debate. Z Having a broad discussion about this is essential -- over the next several months, [we or several entities] will host discussions on the challenges posed by encryption and how we can best address them. I would urge everyone to participate. Impact on Policy Equities Public Safety and National Security. This approach has, to date, failed to incentivize cooperation with law enforcement. It could in the long-term sway public opinion to create greater responsiveness -- particularly while the government retains the leverage resulting from the threat of legislation. On the other hand, silence on our part could encourage foreign governments to control the agenda. They might pressure U.S. industry to provide lawful access, which, if successful, would make it easier for us to require similar accommodations. This approach could also encourage companies to continue to aggressively pursue developing inaccessible encrypted services, and could make future cooperation significantly more challenging. Therefore, it is hard to predict the impact that this approach would have on public safety. Cybersecurity. Although it would not actively conflict with our message on the importance of encryption to cybersecurity, the uncertainty of public perceptions about the government's position could perpetuate distrust in encryption technologies related to the United States Government, and could undermine the effectiveness of the National Institute of Standards and Technology and other entities at a time when our cybersecurity agenda is already at risk. If long-term successful in gaining government access, this option would harm cybersecurity. - Economic Competitiveness. This approach does little to counter current distrust of the government by industry or foreign competitors. Further, by not taking a position on legislation in either direction, this approach does little to shape the reactions of other governments, increasing the risk that they will splinter into multiple camps, presenting U.S. industry with fractured markets. Therefore, this approach is likely harmful for economic competitiveness. Civil Liberties and Human Rights. Because this approach would likely not stop -- and could encourage -- other nations from demanding access, it is likely harmful for the Administration's efforts on civil liberties. Likely Reaction of Key Stakeholders Industry/Civil Society. Will likely continue to strongly object until the United States Government explicitly eschews compulsory legislation. As time passes, if we continue to fail to take a position, industry and civil society positions will likely harden as people perceive our silence as an implicit endorsement of legislation. As a result, the United States Government risks losing credibility if it fails to participate robustly in a public debate and with a unified voice. There is also a risk that industry chooses not to participate in meetings on the subject and escalates lobbying and public relations efforts. Other Governments. Allied governments that seek access will prefer this approach to either of the approaches that come out against compulsory legislation, and will likely see this as an opportunity for them to press for legislation themselves. Pros Z Provides flexibility to course correct and negotiate with U.S. industry and our foreign allies. Z Retains a key negotiating chip (the threat of legislation) in our engagement with industry (although few, if any, in industry find this threat credible). Z If other governments call for legislation and/or compel companies to change their encryption solutions to enable better access in the meantime, this could provide us with cover to use that same access. Cons Z Delays establishing a coherent Administration position, which could result in: (1) the United States being portrayed as increasingly ineffective/unable to resolve this challenge; (2) disputes among departments and agencies bleeding out into public discussion; (3) U.S. industry continuing to have challenges operating overseas (although it is unclear that a pro-encryption statement would by itself address this challenge); and (4) public and foreign government positions may harden in the absence of an affirmative U.S. position, limiting our ability to influence the global debate. Z Does not provide an immediate solution to the challenges that the expanding use of encryption poses to law enforcement. Moreover, this approach does not resolve the current policy debate. The United States Government likely will be faced with this same discussion again in several months' time. _______________________________________________ The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography From cathalgarvey at cathalgarvey.me Thu Sep 17 06:19:28 2015 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Thu, 17 Sep 2015 14:19:28 +0100 Subject: Fwd: Do ethnic Germans have the right to racial and cultural strength? - was Re: At a Berlin church, Muslim refugees converting in droves. In-Reply-To: References: <9a19a1c1-064e-4946-a704-1a8c8a676228@googlegroups.com> <1779111.UxAx0tsn7i@lapuntu> <20150916123315.GE2571@sivokote.iziade.m$> Message-ID: <55FABDE0.8020401@cathalgarvey.me> The governing party in Germany is called the Christian Democrats. If Religion is some sort of nasty contagion that needs to be stamped out, Germany's got bigger problems than some desperate immigrants. Religion isn't a nasty contagion, btw. Assholes are, and they're all over the place, religion or no. Just look at the bullshit racism in this thread; anyone see religious inspiration to that? Not so far from me, just regular ole' secular race/religion hate. Nothing new there. Maybe, just maybe, "National Identity"/"Racial and Cultural Strength" is a load of bullshit, and far more of a threat to human flourishing than believing in usually-benevolent Sky Gods. On 17/09/15 05:59, grarpamp wrote: >>> defend that an influx of immigrants that amounts to 0,03% (yes, three- > > Does 3000 case per 10M prevalance of ebola warrant response? > Is not religion [viewed as] infectious highly incurable / offensive disease? > What is the burden on social bootstrap / welfare systems? > These are some of the contexts in which they are thinking. > In addition to their fanatical control freakery and head in sand > of closed borders. You probably can rightfully protect yourself > as a soverign, so long as your walls don't prevent those within > from leaving. > > [spent: 1 non cypher posting credit] > -- Scientific Director, IndieBio EU Programme Now running in Cork, Ireland May->July Learn more at indie.bio and follow along! Twitter: @onetruecathal Phone: +353876363185 miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM peerio.com: cathalgarvey From guninski at guninski.com Thu Sep 17 04:20:55 2015 From: guninski at guninski.com (Georgi Guninski) Date: Thu, 17 Sep 2015 14:20:55 +0300 Subject: JYA and Cryptome Passphrase Are Secure In-Reply-To: References: Message-ID: <20150917112055.GB5722@sivokote.iziade.m$> On Thu, Sep 17, 2015 at 07:12:29AM -0400, John Young wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > JYA and Cryptome passphrases are secure. Plaintext discovered > not related to Cryptome, with alternative to decrypt: original not > scrubbed. > Would you bet your life on this? Secure to ``thermal'' cryptoanalysis? This header, unless spoofed on purpose: X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 suggests at least m$ and the nsa can easily obtain your passphrases... From grarpamp at gmail.com Thu Sep 17 11:41:19 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 17 Sep 2015 14:41:19 -0400 Subject: Fwd: [Cryptography] An Open Source Analysis of NSA Cryptologic Capabilities In-Reply-To: References: Message-ID: ---------- Forwarded message ---------- From: Ryan Carboni Date: Wed, Sep 16, 2015 at 5:27 PM Subject: [Cryptography] An Open Source Analysis of NSA Cryptologic Capabilities To: cryptography at metzdowd.com Timeline of Events of Note 1992 - DES is broken cryptanalytically, although with an attack greater than the birthday bound 1993 - SHA released, based on MD4/MD5 1995 - SHA-1 revised, original SHA now called SHA-0 1998 - Skipjack Released 1999 - Impossible Differential Analysis breaks 31 of 32 rounds 2001 - SHA-2 released, by Threefish's standards, a 256-round hash function 2005 - SHA-1 is broken by a non-practical attack, spurs SHA-3 competition 2010 - Xie and Feng announce a one block collision on MD5, which they cannot release for _security reasons._ The occasional cryptanalytic success implies that the NSA is generally more advanced, but not always. Cryptanalytic success seems to be a random process, but it requires previous successes to exist. The NSA seems to be more advanced than the Chinese, and the Chinese vaguely more advanced than the remaining cryptographic community. This can probably be attributed to the fact that the NSA has more money, has the support of other SIGINT agencies in cryptanalysis, and thus probably have half the world's mathematicians. Thus perhaps the NSA has a 42% chance of getting a genuinely new cryptanalytic success, the Chinese a 33%, and the rest of the world a 25% chance. The evidence to support such a claim is that impossible differential analysis nearly broke Skipjack, although maybe the NSA was aware of it and had less concerns about security margins than we think. Further attacks on SHA-1 and SHA-2 spurred the SHA-3 competition. While it was reasonable for the civilian cryptographic community to be concerned, the fact that the NSA was concerned is telling. It was a result they did not predict, and they possibly thought further cryptanalysis could break those two hash functions. Fortunately there is a large body of research on the cost efficiency of research programs. While one may conclude that the NSA must perpetually be making leaps and bounds ahead of everyone through the virtues of compound interest, the answer is pleasanter. There is a diseconomy of scale when it comes to research. For instance, the Moon program or the Manhattan project could have been cheaper if more time was allotted for its completion. Given that the nature of research changes over time as the easiest results are exhausted, and that large organizations do have waste, it is safe to say that any gap between NSA and civilian cryptography will shrink by a small extent, year over year. _______________________________________________ The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography From grarpamp at gmail.com Thu Sep 17 12:00:46 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 17 Sep 2015 15:00:46 -0400 Subject: Linux Foundation' Linux workstation security checklist In-Reply-To: <55F98132.5010305@gmail.com> References: <20150831111344.GA2558@sivokote.iziade.m$> <55E4B7A2.1090907@gmail.com> <55E5C79D.3060305@gmail.com> <55F98132.5010305@gmail.com> Message-ID: On Wed, Sep 16, 2015 at 10:48 AM, Blibbet wrote: > Quoting a tweet from Joanna if Invisible Things Lab, on the topic of > older hardware (than Purism's current choice): > > https://twitter.com/rootkovska/status/643414071514148864 > > "and old systems do not have IOMMU (VT-d) which makes them even less > secure, trustworthy." Question this in regards to number of gates available / needed for secret malefactor vs gatecount timeline vs time at which govt agencies and corp might desire and begin to cooperate or independantly perform same. ie: Are your your 486 or p55c and chipsets likely to contain malware? What about your Skylake? Given how ATT / Verizon / Sprint and others totally rolled over for Bush/911 what makes you think Intel or AMD or Microsoft are any different? WTF is up with windows 10? As if 7 vista and xp and Ubuntu Linux weren't enough. search: AnandTech, Intel has now stopped quoting gatecount with Skylake. https://en.wikipedia.org/wiki/NSAKEY From juan.g71 at gmail.com Thu Sep 17 11:06:31 2015 From: juan.g71 at gmail.com (Juan) Date: Thu, 17 Sep 2015 15:06:31 -0300 Subject: US New Hampshire Needs Help Accepting Bitcoin For Taxes In-Reply-To: References: Message-ID: <55fb0017.f2518c0a.9641c.ffff8066@mx.google.com> On Thu, 17 Sep 2015 13:54:00 -0400 grarpamp wrote: > https://www.reddit.com/r/Bitcoin/comments/3l9cpq/tomorrow_0917_nh_will_try_to_pass_a_bill_to_allow/ > http://www.gencourt.state.nh.us/house/committees/billtext.aspx?billnumber=HB0552.html > Tomorrow 09/17 NH will try to pass a bill to allow bitcoins to be used > as a form of payment for taxes in the state. self-parody at its very best From cmagistrado at gmail.com Thu Sep 17 15:11:22 2015 From: cmagistrado at gmail.com (Chris Magistrado) Date: Thu, 17 Sep 2015 15:11:22 -0700 Subject: Fwd: [tor-talk] victory at kilton library (grarpamp) Message-ID: Very happy to have read this in this mailing list. This is a great with for Kilton, and I hope to get Tor Relays in SF Library. Though DPR being caught there might make it a bit more difficult... But I can't keep up with all these articles on mailing lists as efficiently as I'd like to. Does anyone know of a tool that makes reading mailing lists easier? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 449 bytes Desc: not available URL: From blibbet at gmail.com Thu Sep 17 16:02:31 2015 From: blibbet at gmail.com (Blibbet) Date: Thu, 17 Sep 2015 16:02:31 -0700 Subject: Linux Foundation' Linux workstation security checklist In-Reply-To: References: <20150831111344.GA2558@sivokote.iziade.m$> <55E4B7A2.1090907@gmail.com> <55E5C79D.3060305@gmail.com> <55F98132.5010305@gmail.com> Message-ID: <55FB4687.1090405@gmail.com> On 09/17/2015 12:00 PM, grarpamp wrote: > On Wed, Sep 16, 2015 at 10:48 AM, Blibbet wrote: >> Quoting a tweet from Joanna if Invisible Things Lab, on the topic of >> older hardware (than Purism's current choice): >> >> https://twitter.com/rootkovska/status/643414071514148864 >> >> "and old systems do not have IOMMU (VT-d) which makes them even less >> secure, trustworthy." > > Question this in regards to number of gates available / needed > for secret malefactor vs gatecount timeline vs time at which govt > agencies and corp might desire and begin to cooperate or > independantly perform same. > ie: Are your your 486 or p55c and chipsets likely to contain malware? > What about your Skylake? > Given how ATT / Verizon / Sprint and others totally rolled over for > Bush/911 what makes you think Intel or AMD or Microsoft are > any different? > WTF is up with windows 10? As if 7 vista and xp and Ubuntu > Linux weren't enough. > > search: AnandTech, Intel has now stopped quoting gatecount with Skylake. > https://en.wikipedia.org/wiki/NSAKEY Not trying to dis old refurbished x86s. Just pointing out a specific area to investigate w/r/t older x86 hardware. Joanna's tweet was one specfic case to look into. Pre-CHIPSEC, it is less clear to me. I wish I had a complete list of issues (i.e., the set of things to write for a CHIPSEC test profile for that hardware). Old Thinkpads are great, but a LIMITED resource, we can't just rely on old hardware forever. I wonder if Cyrix/Via/Transmeta/etc clones are also viable to be refurbished by Ministry of Freedom, and have any chance of being secure? I also wonder about MIPS and SunSPARC chips, they have some old boxes to refurbish, as well as some new MIPS boxes (a recent Chinese one not only runs MIPS but also x86 and ARM instructions!). If I were to hold out hope for an ISA that might be trustworthy, it would be the RISC-V. But that'll take a year or longer. The Raven3 board just came out, shown at HotChips. I hope that's the chip that Purism uses for their next laptop, along with the recent Open Hardware GPU, also announced at HotChips. Until then, I can update my own firmware on my ARM dev boards, and -- sans FSP blobs -- on Intel dev boards. And I have an ancient -- i.e., unknown security profile --- x86 with Libreboot. Wish Libreboot used coreboot's Verifed Boot, for a bit more protection, but that can be patched. Not sure about Win10. I've heard they have a freeware version, which is ad-sponsored, which must be be fun. Ubuntu, or as a friend of mine calls them, "Spybuntu", has been abusing privacy for years. I wouldn't ever trust an OS which is run by a single company. Debian isn't run by a single company. It isn't perfect, but has fewer than most. Does anyone have any opinion of Mempo, compared to QubesOS? I haven't used it yet, but it looks interesting. Qubes is great for Intel systems, but what about non-Intel, eg, ARM, does their isolation tech scale to non-Intel ISAs? If not, what OS should ARM users use? (Purism recently tweeted that they're going to get their PureOS to use parts of QubesOS. I don't presume to have a trustworthy or secure firmware, on any Intel box, perhaps AMD box, maybe ARM boxes. (The latter two seem to have less security research than Intel x86/x64 systems, if anyone has good pointers to ARM/AMD and other modern non-Intel HW, please speak up.) Eg: http://timeglider.com/timeline/5ca2daa6078caaf4 Or see last slide of most CHIPSEC or LebaCore talks, they have a good bibilography. Thanks. From grarpamp at gmail.com Thu Sep 17 16:40:27 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 17 Sep 2015 19:40:27 -0400 Subject: Fwd: [Cryptography] FBI: Weaker Encryption Is a Worthwhile Tradeoff for Law Enforcement Access to Data In-Reply-To: References: Message-ID: ---------- Forwarded message ---------- From: Henry Baker Date: Thu, Sep 17, 2015 at 1:15 PM Subject: [Cryptography] FBI: Weaker Encryption Is a Worthwhile Tradeoff for Law Enforcement Access to Data To: cryptography at metzdowd.com FYI -- Easy for the FBI to say; they're not on the hook for potentially billions in damages from any breach. (Leaving aside the egregious Constitutional violations.) http://www.nationaljournal.com/s/72407/fbi-weaker-encryption-is-worthwhile-tradeoff-law-enforcement-access-data FBI: Weaker Encryption Is a Worthwhile Tradeoff for Law Enforcement Access to Data Government officials sparred with privacy advocates over encryption, but acknowledged that “back doors” come with risks of intrusion. Kaveh Waddell @kavehewaddell September 15, 2015 The Justice Department and the FBI are continuing their campaign to convince the tech community and the public that weakening encryption to allow law enforcement to access encrypted communications and data has its risks, but that the drawbacks are outweighed by the security advantages. Amy Hess, the executive assistant director of FBI’s science and technology branch, said at a Christian Science Monitor discussion that allowing access to encrypted messages to anyone other than the sender or the receiver comes with “some risk” of intrusion. But because law enforcement must be able to read encrypted data and communication to do its job, the risk of third-party access is acceptable, Hess said, as long as it is minimized. The Justice Department—-and especially the FBI—-has clashed with the technology community over the agency’s demands that online platforms stay away from encryption practices that keep data private even from the platforms themselves. If the communications service cannot access the data sent across its servers, it cannot turn the data over to law enforcement. Law enforcement has called on tech companies to take the lead in developing an encryption standard that is both secure and accessible to authorities upon request. Last week, FBI Director James Comey said technology experts just need to “try harder” to find a solution. But experts maintain that such a standard is impossible to achieve, because any third-party key for unlocking encrypted data—-even if reserved for extreme circumstances—-will be vulnerable to hackers. A company that builds vulnerabilities into its encryption becomes an attractive target of attack to foreign governments, criminal hackers, and “drooling teenagers in basements,” said Matt Blaze, a noted cryptography expert and professor at the University of Pennsylvania. Because companies are increasingly turning to stronger encryption, the FBI is running out of tools to fight crime, Hess said Tuesday. A request for a wiretap—-one of the most powerful surveillance tools available to the FBI—-is a long and complicated process that requires an agent to supply an extensive affidavit stating that every less-intrusive method of surveillance had already been considered or applied, according to Kiran Raj, Senior Counsel to the Deputy Attorney General. But Hess said FBI agents will not apply for wiretaps if they think a suspect is using encrypted communication, because they are not willing to expend the time and cost of crafting the request if the odds of its success are slim. The FBI’s claim was largely met with a shrug from privacy advocates. “A warrant is not a right that the government has to get data,” said Jon Callas, CEO of Silent Circle, a company that builds encrypted communications platforms. “It is a right to perform a search, to attempt to get the data, and there may be a lot of reasons why it can’t get to it.” But even as privacy advocates clashed with law enforcement officials onstage over the form encryption should take in the tech community, the groups said they both have the same objective—security—in mind. “The polarization of this debate is really harmful,” Blaze said. “I think that in terms of the end goals, there’s a lot more common ground here than maybe the debate lets on.” _______________________________________________ The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography From grarpamp at gmail.com Thu Sep 17 18:09:34 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 17 Sep 2015 21:09:34 -0400 Subject: [tor-talk] victory at kilton library (grarpamp) In-Reply-To: References: Message-ID: On Thu, Sep 17, 2015 at 6:11 PM, Chris Magistrado wrote: > But I can't keep up with all these articles on mailing lists as efficiently > as I'd like to. > Does anyone know of a tool that makes reading mailing lists easier? Anything is better than the webmail offered by mail providers. After that, there are any number of standalone MUA choices. Here's three... https://en.wikipedia.org/wiki/Mozilla_Thunderbird https://en.wikipedia.org/wiki/Enigmail https://www.mailpile.is/ https://en.wikipedia.org/wiki/Mutt_(email_client) http://kzak.redcrew.org/doku.php?id=mutt:start http://msmtp.sourceforge.net/ http://www.fetchmail.info/ http://www.courier-mta.org/maildrop/ https://gnupg.org/ You might need a Unix OS to go with whichever MUA you find... http://www.freebsd.org/ https://www.archlinux.org/ https://www.whonix.org/wiki/Qubes https://www.whonix.org/wiki/Comparison_with_Others From coderman at gmail.com Thu Sep 17 21:45:57 2015 From: coderman at gmail.com (coderman) Date: Thu, 17 Sep 2015 21:45:57 -0700 Subject: key management is the crux Message-ID: On 9/17/15, Robert Hettinga wrote: > ... > Key management is hard. just get straight to it, and study the key management. tells you all you need to know about a product! ;P best regards, From rysiek at hackerspace.pl Thu Sep 17 13:55:42 2015 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 17 Sep 2015 22:55:42 +0200 Subject: Fwd: Do ethnic Germans have the right to racial and cultural strength? - was Re: At a Berlin church, Muslim refugees converting in droves. In-Reply-To: <20150915102332.GC2679@sivokote.iziade.m$> References: <1779111.UxAx0tsn7i@lapuntu> <20150915102332.GC2679@sivokote.iziade.m$> Message-ID: <1984452.lNELK5JUQk@lapuntu> Dnia wtorek, 15 września 2015 13:23:32 piszesz: > On Fri, Sep 11, 2015 at 11:22:59AM +0200, rysiek wrote: > > Are we really to say that our culture is so weak, so vulnerable, so hard > > to > > defend that an influx of immigrants that amounts to 0,03% (yes, three- > > hundredths of a percent!)[1] of the whole population of the EU is suddenly > > a real threat? > > > > [1] estimated 160 000 immigrants, estimated 508 million EU citizens > > Dude, trolling with numbers borders with numerology > {AKA "number theory" ;) }. > (...) > UP TO ONE MEEELLION :P Sure. That's less than 0,20%, or less than 2-tenths of a percent. My point about how weak some perceive "their culture" to be still stands. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Thu Sep 17 13:55:58 2015 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 17 Sep 2015 22:55:58 +0200 Subject: Fwd: Do ethnic Germans have the right to racial and cultural strength? - was Re: At a Berlin church, Muslim refugees converting in droves. In-Reply-To: <20150911125239.GC2699@sivokote.iziade.m$> References: <1779111.UxAx0tsn7i@lapuntu> <20150911125239.GC2699@sivokote.iziade.m$> Message-ID: <2460414.9ekeXe5i90@lapuntu> Dnia piątek, 11 września 2015 15:52:39 piszesz: > On Fri, Sep 11, 2015 at 11:22:59AM +0200, rysiek wrote: > > Are we really to say that our culture is so weak, so vulnerable, so hard > > to > > defend that an influx of immigrants that amounts to 0,03% (yes, three- > > hundredths of a percent!)[1] of the whole population of the EU is suddenly > > a real threat? > > > > [1] estimated 160 000 immigrants, estimated 508 million EU citizens > > First a joke: > > "statistician tried to cross a river of average depth 0.5m and got > drowned". > > May I ask what percentage of the EU are street policeman (not counting > burocrats) to "protect" the sheeple? Protect from what, exactly? > ...And what if half of the 0.03% were armed turrorists? Seriously, are we going in that direction now? Okay, how about this: what if exactly 2 of these immigrants were armed turrists? You can pull numbers from your ass, so can I. When you want to get back to a more serious discussion, do tell. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Thu Sep 17 16:04:15 2015 From: rysiek at hackerspace.pl (rysiek) Date: Fri, 18 Sep 2015 01:04:15 +0200 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <55FA2E0D.5010306@echeque.com> References: <6619420.kEgClR5EXu@lapuntu> <55FA2E0D.5010306@echeque.com> Message-ID: <25310526.RON6rcQ4K1@lapuntu> Dnia czwartek, 17 września 2015 13:05:49 James A. Donald pisze: > The fact that Russia is being subverted by the USA, that the USA is > attempting to overthrow the Russian government, does make that > government's efforts to defend itself and its people against foreign > influence OK. See, I was juuuuust about to start arguing with you, but then... > McCarthy was right to defend the US against Soviet influence, and Putin > is right to defend Russia against US influence. ...this happened. Are you saying Putin's crackdown on "foreign agents"[1] is as reasonable, well-funded and justified as mccarthyism was? Well, can't argue with that! I guess I'll call Poe's Law[2] and call it a day. [1] https://en.wikipedia.org/wiki/Russian_foreign_agent_law [2] https://en.wikipedia.org/wiki/Poe%27s_law -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From jdb10987 at yahoo.com Thu Sep 17 23:48:38 2015 From: jdb10987 at yahoo.com (jim bell) Date: Fri, 18 Sep 2015 06:48:38 +0000 (UTC) Subject: How much/what hardware does the rowhammer DRAM bug affects? In-Reply-To: References: Message-ID: <807112912.69552.1442558918651.JavaMail.yahoo@mail.yahoo.com> From: grarpamp >Some ballyhoo about rowhammer was like "look we can flip >a single bit and get root". Obviously if you're going for >multibit carnage ECC doesn't help much. >  https://en.wikipedia.org/wiki/ECC_memory > https://en.wikipedia.org/wiki/Hamming_code Again, I must disagree. Rowhammer errors are, presumably, exceedingly rare. But when they do occur, one-bit errors are probably millions of times more common than two-bit errors, which are themselves going too be millions of times more common than three bit errors.. But ECC accesses will automatically correct all one-bit errors, and detect all two-bit errors, and will either log only the 2-bit errors or both single and double-bit errors. I won't try the math, but I suspect that the vast majority of three-bit errors (for 64-bit words) are also detected. Wikipedia says https://en.wikipedia.org/wiki/Dynamic_random-access_memory#Errors%5Fand%5Ferror%5Fcorrection , "Parity allows the detection of all single-bit errors (actually, any odd number of wrong bits)". So, the smallest number of error bits that might not be detected would be four. Since any serious rowhammer attack will generate millions of correctable single-bit and uncorrectable double- and triple-bit errors, per actual single 4-bit error, any system operator will get a huge amount of warning that the attack is underway before even as many as a single 3-bit error will appear.    Jim Bell This came from Wikipedia: https://en.wikipedia.org/wiki/ECC_memory "Work published between 2007 and 2009 showed widely varying error rates with over 7 orders of magnitude difference, ranging from 10−10–10−17 error/bit·h, roughly one bit error, per hour, per gigabyte of memory to one bit error, per millennium, per gigabyte of memory.[4][5][6] A very large-scale study based on Google's very large number of servers was presented at the SIGMETRICS/Performance’09 conference.[5] The actual error rate found was several orders of magnitude higher than previous small-scale or laboratory studies, with 25,000 to 70,000 errors per billion device hours per megabit (about 2.5–7 × 10−11 error/bit·h) (i.e. about 5 single bit errors in 8 Gigabytes of RAM per hour using the top-end error rate), and more than 8% of DIMM memory modules affected by errors per year. The consequence of a memory error is system-dependent. In systems without ECC, an error can lead either to a crash or to corruption of data; in large-scale production sites, memory errors are one of the most common hardware causes of machine crashes.[5] Memory errors can cause security vulnerabilities.[5] A memory error can have no consequences if it changes a bit which neither causes observable malfunctioning nor affects data used in calculations or saved. A 2010 simulation study showed that, for a web browser, only a small fraction of memory errors caused data corruption, although, as many memory errors are intermittent and correlated, the effects of memory errors were greater than would be expected for independent soft errors.[7] Some tests conclude that the isolation of DRAM memory cells can be circumvented by unintended side effects of specially crafted accesses to adjacent cells. Thus, accessing data stored in DRAM causes memory cells to leak their charges and interact electrically, as a result of high cells density in modern memory, altering the content of nearby memory rows that actually were not addressed in the original memory access. This effect is known as row hammer, and it has also been used in some privilege escalation computer security exploits.[8][9] An example of a single-bit error that would be ignored by a system with no error-checking, would halt a machine with parity checking, or would be invisibly corrected by ECC: a single bit is stuck at 1 due to a faulty chip, or becomes changed to 1 due to background or cosmic radiation; a spreadsheet storing numbers in ASCII format is loaded, and the digit "8" is stored in the byte which contains the stuck bit as its eighth bit; then a change is made to the spreadsheet and it is saved. However, the "8" (00111000 binary) has silently become a "9" (00111001)." [end of Wikipedia quote] -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5403 bytes Desc: not available URL: From jdb10987 at yahoo.com Thu Sep 17 23:54:58 2015 From: jdb10987 at yahoo.com (jim bell) Date: Fri, 18 Sep 2015 06:54:58 +0000 (UTC) Subject: How much/what hardware does the rowhammer DRAM bug affects? In-Reply-To: <20150917072539.GA5722@sivokote.iziade.m$> References: <20150917072539.GA5722@sivokote.iziade.m$> Message-ID: <366215956.1431616.1442559298126.JavaMail.yahoo@mail.yahoo.com> From: Georgi Guninski On Wed, Sep 16, 2015 at 11:46:26PM -0400, grarpamp wrote: >http://users.ece.cmu.edu/~omutlu/pub/dram-row-hammer_kim_talk_isca14.pdf >p. 32 of the PDF: >.– Simple ECC (e.g., SECDED) cannot prevent all errors >From wikipedia: Tests show that simple ECC solutions, providing >single-error correction and double-error detection (SECDED) >capabilities, are not able to correct or detect all observed >disturbance errors because some of them include more than two flipped >bits per memory word.[1]:8[11]:32 >https://en.wikipedia.org/wiki/Row_hammer#cite_ref-isca14-talk_11-0 But all single-bit and triple-bit errors are detectable by parity, and so are all double-bit errors using ECC. https://en.wikipedia.org/wiki/Dynamic_random-access_memory#Errors%5Fand%5Ferror%5Fcorrection Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2581 bytes Desc: not available URL: From jya at pipeline.com Fri Sep 18 03:57:58 2015 From: jya at pipeline.com (John Young) Date: Fri, 18 Sep 2015 06:57:58 -0400 Subject: Key Compromise Related to Architectural Work Not Cryptome Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 18 September 2015 Key compromise is related to our architectural work on NYC No. 7 Subway Line Extension, recently opened. Project had hundreds of designers from around the world with access to files. Security of the project is primary and its design is not public. Extent of subway system security and file protection is restricted to need to know. JYA and Cryptome passphrases remain secure. Key revocation done for caution. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wsFVAwUBVfvtaEkY+k7YfUNsAQjkqw/+I90Q5v4SQcHAELBruCpLxTb0Jf1HgWGO s/s9/OopvG8q/hhVWjG+cuzNgueJcjbHfpdO4SZcBJyQnfcMSuXG0qBat0BKzpOM ZFIRZ2T8pdnOhs5KJZgvzPReIdKzmg33jPfMYnmRtoj3xap/dkf5fhXteuEygUys k/+4khl13VLfdwZMnnGXjRjm67Tw75Mmd9X7KQFK9N5AkZBiassYLtXIC7MjZA5e HFnKVrrIIViA4Q9/3hEGgMkhGFxXEjclcSJiqxdtgZJHChAf/ERAkC4TrK9NvPXL NqvDU/+iYX3PiSx/6UZ8uNyD8JaZN7knlIvOlkdHRz5aqYEfxPNohCTEcBEXw7/I usqhTFe3IiXrgWz/YWVU+GhokpRqObTa07u3fO7XOsK1DobiADhSOKK6IFci+tzt H6LPiC3Wbw8P3Tss7sW64YCrmy8Nslk2yOpof3yy5ru5PAFcVKVQPdSRb5oZX35U vMDljqOMozs0W0741hpnNebGBxSP/DofwteHtcxS+SAFW7Vx4Dk8PYLn0tnyasHT +9CD6qP1KUfJ1i/k51s7Z+P0NTURYkIV0mB5oFNiYJNwssSpnUEU4+a1XN9YMfu+ BuQ9MuHTIK2nIf+CAuOPGmfW3ibrOLrDLkq2NzCwe0E+Z/qEgbJaV6eAsbeHDWOW VjnWs2QRq5s= =b6Ih -----END PGP SIGNATURE----- From jdb10987 at yahoo.com Fri Sep 18 01:34:44 2015 From: jdb10987 at yahoo.com (jim bell) Date: Fri, 18 Sep 2015 08:34:44 +0000 (UTC) Subject: How much/what hardware does the rowhammer DRAM bug affects? In-Reply-To: <20150917053633.GB2746@sivokote.iziade.m$> References: <20150917053633.GB2746@sivokote.iziade.m$> Message-ID: <2002516358.1367685.1442565284415.JavaMail.yahoo@mail.yahoo.com> From: Georgi Guninski On Wed, Sep 16, 2015 at 08:03:54PM +0000, jim bell wrote: >> I don't think the concept of this kind of weakness is new: Even in 1980, DRAMs were tested for such repeated accesses, to ensure that such >>errors would not occur. This was particularly true for a process called "device characterization", in which chips were attacked in all manner of >>electronically-abusive ways, to uncover these weaknesses, and fix the circuit design should such flaws be uncovered. One way these >>techniques could be thwarted is to return to the use of parity-bits (8+1 parity) in memory access, in DRAM module and computer design, to >>whatever extent they are no longer used. Any (successful) attempt to modify bits in a DRAM would quickly end up causing a parity error, >>which >would at least show which manufacturer's DRAM chips are susceptible to this kind of attack. A person who was forced to use a no->>parity >computer could, at least, limit his purchases of such modules to those populated with DRAMs not susceptible to the problem. >> Jim Bell >I don't understand hardware and have some questions >The POC appears non-deterministic per the nature of the bug. I assume POC means "proof of concept". Yes, the error is non-deterministic. It arises from the fact that bits are stored as different voltages on individual capacitors in a chip, one capacitor per bit. Think of a "0" as being zero volts, 1 is Vcc volts, where Vcc (the supply voltage to the chips) is usually 3 volts. This represents a healthy difference, and could easily be detected. The problem is that the chip can't have one voltage detector for each bit; usually there are about 1048 bits per voltage comparator. When a given row needs to be read, the Row Address line activates, and those 1048 bits are each connected to their corresponding "bit line", which is a tiny electrical conductor with a capacitance much greater than that of the individual bit-cell (capacitor). The resulting voltage difference between a "one" and a "zero" bit might be only a few tens of millivolts, which is rather small. Then, the voltage detector amplifies the voltage difference, to restore it to either GND (0 volts) or Vcc. >1. If I run the POC for time X and it fails, does >this mean it will fail if I run it for time 100 X? It's statistical. Probably the number of failures will be approximately proportional to the number of disturb-cycles done. >2. Does increasing the temperature in the box >(near or above overheating) increase the chance for>success? Perhaps just a little. Refreshing of an entire memory array is done once each 64 millisecond. (Used to be 2 millisecond in the 1970s.) It is said that many tens of seconds can elapse before any given bit is disturbed, if refresh is turned off. There should be a lot of margin for loss of refresh, or an inadequate amount of refresh. >3. If you have computer near you, can you induce bit >flips on purpose remotely, without executing code on >it? (lol, AFAICT if you wait looooong enough cosmic rays >will this for you for free, but I am asking about >realistic attack). I don't think an external attack (with particles) is plausible. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 6457 bytes Desc: not available URL: From guninski at guninski.com Fri Sep 18 00:03:42 2015 From: guninski at guninski.com (Georgi Guninski) Date: Fri, 18 Sep 2015 10:03:42 +0300 Subject: How much/what hardware does the rowhammer DRAM bug affects? In-Reply-To: <366215956.1431616.1442559298126.JavaMail.yahoo@mail.yahoo.com> References: <20150917072539.GA5722@sivokote.iziade.m$> <366215956.1431616.1442559298126.JavaMail.yahoo@mail.yahoo.com> Message-ID: <20150918070342.GA2729@sivokote.iziade.m$> On Fri, Sep 18, 2015 at 06:54:58AM +0000, jim bell wrote: > From: Georgi Guninski > > On Wed, Sep 16, 2015 at 11:46:26PM -0400, grarpamp wrote: > > >http://users.ece.cmu.edu/~omutlu/pub/dram-row-hammer_kim_talk_isca14.pdf > >p. 32 of the PDF: > >.– Simple ECC (e.g., SECDED) cannot prevent all errors > >From wikipedia: Tests show that simple ECC solutions, providing > >single-error correction and double-error detection (SECDED) > >capabilities, are not able to correct or detect all observed > >disturbance errors because some of them include more than two flipped > >bits per memory word.[1]:8[11]:32 > >https://en.wikipedia.org/wiki/Row_hammer#cite_ref-isca14-talk_11-0 > > But all single-bit and triple-bit errors are detectable by parity, and so are all double-bit errors using ECC. https://en.wikipedia.org/wiki/Dynamic_random-access_memory#Errors%5Fand%5Ferror%5Fcorrection > > Jim Bell AFAICT Rowhammer (non-weaponized) publicly appeared in: http://users.ece.cmu.edu/~yoonguk/papers/kim-isca14.pdf Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors (from 2014) On p. 8: Therefore, we conclude that SECDED is not failsafe against disturbance errors. Table 5. Uncorrectable multi-bit errors (in bold) Consider publishing your claim as counterexample to the paper (possibly on arxiv.org). From drwho at virtadpt.net Fri Sep 18 10:11:00 2015 From: drwho at virtadpt.net (The Doctor) Date: Fri, 18 Sep 2015 10:11:00 -0700 Subject: How much/what hardware does the rowhammer DRAM bug affects? In-Reply-To: <55F93284.4060100@cathalgarvey.me> References: <20150916090105.GA2571@sivokote.iziade.m$> <55F93284.4060100@cathalgarvey.me> Message-ID: <20150918101100.2247fdf06e49aa3b46587d1d@virtadpt.net> On Wed, 16 Sep 2015 10:12:36 +0100 Cathal Garvey wrote: > possible. Browser model, JS engine, hardware acceleration options, > possibly firmwares, and DRAM model/generation/clockspeed. > No reason to be complacent, but the gist was "you probably don't need to > worry about rowhammer-JS". It makes one wonder how well it works in the context of node.js, which seems to be the darling of developers the world over these days. -- The Doctor [412/724/301/703/415] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "You've seen one elemental core, you've seen 'em all." -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 801 bytes Desc: not available URL: From drwho at virtadpt.net Fri Sep 18 10:17:33 2015 From: drwho at virtadpt.net (The Doctor) Date: Fri, 18 Sep 2015 10:17:33 -0700 Subject: WiFi router networking? In-Reply-To: <96C0776F-22CB-4AF2-B0EF-FBC46E784730@gmail.com> References: <1811219623.44975.1442305689250.JavaMail.yahoo@mail.yahoo.com> <1750318527.299602.1442337670721.JavaMail.yahoo@mail.yahoo.com> <96C0776F-22CB-4AF2-B0EF-FBC46E784730@gmail.com> Message-ID: <20150918101733.4e4674cf0c6a1256bf350bda@virtadpt.net> On Wed, 16 Sep 2015 10:46:17 -0700 Nymble wrote: > > Has anyone heard of an idea to use individual WiFi routers to communicate in a mesh net? > Yes .. but usually using proprietary routing or 802.11s. Most of the projects out there are using OLSR (http://www.olsr.org/mediawiki/index.php/Main_Page). A few are using the Babel protocol (https://github.com/jech/babeld). n.b., there is a difference between using a mesh networking protocol to distribute routes, and using IP forwarding to actually push the packets around. The two together are required. > > (Or, at least differently than it may have been done before.) If you look at a map of WiFi routers (www.wigle.net) in any given area, you will see that the vast majority of routers are physically close to many other routers, certainly close enough to communicate with each other, and ultimately over a long distance. A crowd-sourced communication system, one that Most wireless mapping software out these doesn't see interfaces in ad-hoc mode, only infrastructure mode. Thus, Wigle may not be the best way of mapping mesh networks in the greater context of wireless access points. > wouldn't necessarily go through the Internet backbone. Conceptually related to the Bittorrent system. I just found this: https://en.wikipedia.org/wiki/Wi-Fi_Direct Wi-Fi direct is useful for short range comms. We've had a lot of trouble making it work over longer ranges. Wireless radios designed for use in infrastructure mode (including emitted power and duty cycle) are more reliable in the field. > A better Wi-Fi P2P solution is: http://www.wi-fi.org/discover-wi-fi/wi-fi-aware Another standard. Yay. Time to find the docs and start reading... > It’s new, but hopefully we’ll be seeing rapid incorporation into products. For a change, the specifications are free and worth a browse. The P2P discovery model is intentionally blinded to a degree by the use of truncated hashes of the ‘service names’ (6 octets). P2P data exchanges are possible pre-association (no connection overhead). There are other discovery models in use. It'll be interesting to see how they compare. -- The Doctor [412/724/301/703/415] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "You've seen one elemental core, you've seen 'em all." -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 801 bytes Desc: not available URL: From drwho at virtadpt.net Fri Sep 18 10:23:18 2015 From: drwho at virtadpt.net (The Doctor) Date: Fri, 18 Sep 2015 10:23:18 -0700 Subject: Fw: WiFi router networking? In-Reply-To: <55FA0458.1070800@pilobilus.net> References: <1811219623.44975.1442305689250.JavaMail.yahoo@mail.yahoo.com> <1750318527.299602.1442337670721.JavaMail.yahoo@mail.yahoo.com> <55FA0458.1070800@pilobilus.net> Message-ID: <20150918102318.efe2be8e97806a806bb39694@virtadpt.net> On Wed, 16 Sep 2015 20:07:52 -0400 Steve Kinney wrote: > A friend turned me on to this some time ago. I have yet to set up > any mesh networks but it does look VERY promising. > http://hsmm-mesh.org/ It's an okay networking technology. It's a few generations behind what we're actually fielding these days but they're using OLSR for maintaining the routing table, so that's something. It's also hams only, so I'd advise caution if you don't have your ticket but want to experiment with it, new nodes that aren't recognized will draw a lot of attention. One of the gotchas from their FAQ: "You can't use Wi-Fi to connect to a mesh node from your computer, netbook, smart phone or other wireless device." Back to hardwiring. Go Ubiquiti. Linksys hardware is bobbins these days. https://openwrt.org/ -- The Doctor [412/724/301/703/415] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "You've seen one elemental core, you've seen 'em all." -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 801 bytes Desc: not available URL: From drwho at virtadpt.net Fri Sep 18 10:24:33 2015 From: drwho at virtadpt.net (The Doctor) Date: Fri, 18 Sep 2015 10:24:33 -0700 Subject: Fw: WiFi router networking? In-Reply-To: <55FA0A61.6080501@gna.org> References: <1811219623.44975.1442305689250.JavaMail.yahoo@mail.yahoo.com> <1750318527.299602.1442337670721.JavaMail.yahoo@mail.yahoo.com> <55FA0458.1070800@pilobilus.net> <55FA0A61.6080501@gna.org> Message-ID: <20150918102433.c64f811937c65be4f6efa215@virtadpt.net> On Thu, 17 Sep 2015 12:33:37 +1200 Christian Gagneraud wrote: > This might be of interest too: https://freifunk.net/en/ The Freifunk folks are good people and do good work. It's definitely worth looking at their software and getting in touch with them. They're also working in a much more friendly regulatory environment. -- The Doctor [412/724/301/703/415] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "You've seen one elemental core, you've seen 'em all." -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 801 bytes Desc: not available URL: From zen at freedbms.net Fri Sep 18 04:33:40 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Fri, 18 Sep 2015 11:33:40 +0000 Subject: =?UTF-8?Q?Re=3A_Would_you_work_if_you_didn=E2=80=99t_have_to=3F?= In-Reply-To: References: Message-ID: Hi Jim, I remember suggesting this to M about 5 or 6 years ago. I have not looked into the economics of it (i.e. how Australia's national budget could make it work) and so it was heartwarming, or at least very interesting to me, to read the article you forwarded which had a few (small) examples in the last century where this has been trialed - and that in at least one example, inflation went down, not up, quite contrary to "normal economist" expectations! Very, very interesting. What this tells us, is that "the abundance community" (or rather nation), can indeed work - and with robotics and automation being spearheaded heavily this year by Japan we may well need such a new economic model for nations in general. The fact that it has been shown it works in at least a couple examples, is generally great news of course. I experience in the "free software"/"libre computing" community - Debian GNU/Linux, RedHat/Fedora and more, and from me-as-programmer experience, it is a world of abundance - hackers (the good ones - i.e. those who do stuff to benefit the community) essentially have an abundance of the raw material or tools of trade - i.e. all you need is a computer and away you go, you can write whatever program you think people might enjoy using - since electricity to run your computer is close to free - add a few solar cells and it is free. So in truth all the "information worker" needs to manifest their creativity (besides their computer) is food and shelter - same for musicians and certain other creative artists etc. And since the marginal cost (incremental cost) of duplicating a (digital) song, or computer program, is very close to zero dollars (just download it for a tiny bit of electricity expense), then when I give my computer program to society as free/libre software, I am causing an exponential benefit to society, since as many people as have computers, can benefit from my creation. This is an "abundance economy" in action, and although I don't get wealth in this situation where I give my computer program away, I get credos/ ego satisfaction, recognition, esteem from my peers and or the users of my program, and potentially a job doing something I really enjoy (supporting users who benefit financially from my program, who are willing to pay for some support, training, and or enhancements to my computer program - this will normally just be the companies that use my program - but RedHat demonstrates that it's possible to build a billion-dollar company just supporting free software which is pretty cool). As long as I can do a bit of travel, have food in my belly and a warm couple of rooms to live in, I'm basically content and happy with life, since it is my nature to be creative (with computers) and to give away my creations. Regards, Z On 9/18/15, Jim wrote: > The idea of universal basic income will likely become a human rights issue > implemented by many countries due to rising under employment and > unemployment, caused by increased technology automation reducing the demand > for many jobs requiring menial or repetitive labour. > > Jim > > > > Would you work if you didn’t have to? > > news.com.au > Frank Chung > September 17, 2015 > > > IF YOU were paid $30,000 by the government every year without having to lift > a finger, would you still try to find work? > And if you did, would you settle for a menial job cleaning toilets, or would > you demand something more glamorous? > > > More importantly, if in the next, say, 20 years, those toilets are being > cleaned by robots, shouldn’t those now out-of-work toilet cleaners have a > right to that $30,000? > > These are the questions at the heart of the debate over unconditional basic > income — an unconventional policy idea which argues every person should be > paid a standard amount, regardless of whether they are working or not. > > Like the dole, it’s meant to make sure every person in society can meet > basic living standards. But it differs, in that there is no work requirement > or means test — meaning you could have a job and pocket the $30,000 cash on > top of your wage, or not work at all and live off the $30,000 alone. > > Some conservatives like the idea because it would theoretically streamline > and simplify complex systems of social security payments and subsidies, > cutting down administrative costs. > > It’s already being trialled in the Netherlands with 300 residents of the > town of Utrecht among a number of Dutch pilot sites, while the Indian > government has also embraced the idea, and previous small-scale experiments > have been hailed as great successes. > > A new lobby group has formed in the US, Basic Income Action, to coincide > with the eighth International Basic Income Week, and the campaign to give > every human being a basic minimum wage, no questions asked, appears to be > picking up steam. > > The group, taking a cue from recent similar campaigns around gay marriage > and marijuana legalisation, has launched a petition calling on US > presidential candidates to support basic income. > > “Basic income is a remarkably powerful and timely idea, and Basic Income > Action will be a great resource for longtime activists and people who are > learning about this for the first time,” said Steven Shafarman, author of > the upcoming book The Basic Income Imperative. > > It’s not a new idea, but with rising under- and unemployment, increasing > cost of living and low to negative real wage growth — not to mention the > growing automation of menial jobs — basic income has become a popular cause > of the Left. > > Canadian author Naomi Klein recently released a manifesto which, along with > universal childcare and an end to international trade deals, called for a > universal basic income. > > Next year, Switzerland will hold a referendum on the issue after a petition > gained more than 100,000 signatures, although the government has come out > against the idea, urging its citizens to vote ‘no’. > > It’s an idea which appeals to both sides of the political spectrum. > > Classic liberal economists including Milton Friedman supported the idea in > the form of a ‘reverse tax’, or a threshold under which, rather than the > government taking your money, it pays you. > > Progressives, who often throw around terms like ‘wage slavery’ when > discussing universal income, see it as a way of expanding the social safety > net and elevating the human condition above the drudgery of performing > soul-crushing jobs just to survive. > > The key question is whether people can be trusted not to sit around doing > nothing. Conservatives naturally assume the worst of people, while > progressives hope for the best. > > Arguments against the idea are generally that one, we can’t possibly afford > it; and two, it would dampen labour market participation by removing > incentive to work, putting greater tax pressure on those who do. > > A study conducted 40 years ago in the tiny Canadian farming town of Dauphin, > Manitoba, found the payments actually had a “social multiplier effect”, and > despite the fears of a dip in labour, people still had the incentive to work > more hours rather than less. > > One big danger in implementing such a system, however, would be pressure > from the welfare lobby to apply different loadings for various interest > groups, undermining the generic distribution. > > Mikayla Novak, senior research fellow with free-market think-tank the > Institute of Public Affairs, wrote in 2013 that while basic income was a > seductive idea for people of “varied philosophical persuasions”, it could > “risk ending up as another initiative in which good intentions do not align > with desirable results”. > > Another common criticism of basic income is that it would lead to inflation > — if everyone has more money, everything would cost more. > > Writing in Medium, basic income advocate Scott Santens provides two > real-world examples where that proved not to be the case: Alaska in 1982, > and Kuwait in 2011. In both cases, inflation actually decreased after the > government introduced a partial basic income to citizens. > > Supporters argue that in general, since the income is provided by the > government through existing, not printed money, the inflationary effects > should be minimal. > > He told Motherboard the momentum which was lost in the 1970s was coming back > and, due to advances in technology, was “here to stay”. > > “Step one to all of this is growing the conversation for basic income to a > critical mass and connecting the people who believe it needs to happen,” he > said. “And that’s what BIA is for, to grow and connect, and to win.” > > http://www.news.com.au/finance/economy/would-you-work-if-you-didnt-have-to/story-fnu2pycd-1227531288369 > > > -------------------------------------------------------------------------------- > > From guninski at guninski.com Fri Sep 18 01:51:38 2015 From: guninski at guninski.com (Georgi Guninski) Date: Fri, 18 Sep 2015 11:51:38 +0300 Subject: How much/what hardware does the rowhammer DRAM bug affects? In-Reply-To: <807112912.69552.1442558918651.JavaMail.yahoo@mail.yahoo.com> References: <807112912.69552.1442558918651.JavaMail.yahoo@mail.yahoo.com> Message-ID: <20150918085138.GB2729@sivokote.iziade.m$> On Fri, Sep 18, 2015 at 06:48:38AM +0000, jim bell wrote: > Since any serious rowhammer attack will generate millions of > correctable single-bit and uncorrectable double- and triple-bit > errors, per actual single 4-bit error, i >any system operator will get a huge amount of warning that the attack is underway before even as many as a single 3-bit error will appear.    Jim Bell In a typical scenario, (unless the admin is quite paranoid and want to DOS themselves), if the exploit works, the logs can be cleared or manipulated, leaving no trace AFAICT. According to some admins I asked... From grarpamp at gmail.com Fri Sep 18 09:33:20 2015 From: grarpamp at gmail.com (grarpamp) Date: Fri, 18 Sep 2015 12:33:20 -0400 Subject: =?UTF-8?Q?Re=3A_Would_you_work_if_you_didn=E2=80=99t_have_to=3F?= In-Reply-To: References: Message-ID: On Fri, Sep 18, 2015 at 8:40 AM, Lodewijk andré de la porte wrote: > 15k is really quite enough (at least in NL). This also to prevent complete Subsistance is the correct level, possibly less, but no more. The makeup / more comes from work in your areas of interest. Subsistance is also trends pointless status quo, which is fine if you don't wish to get off the rock. Also, other than energy from the Sun, we are ultimately closed system. Thus if everyone adopts strict subsistance with no extra interest work to support it, and you're not 100% precise at redistribution with no loss, it fails. Market royalties depend on tapping extra work of others. BI is just another take on socialism, like any other system it works good until it is pushed further than natural control factors allow. Systems at law are enforced means to get what you want, or balance things, at others expense, beyond inherent puppetability and usury of free markets. Some balancing is needed, so we talk of BI, wealth leveling, universal healthcare, education, etc. This is natural control, happens when puppeteers make up 1% of 99% puppeted. As in history, if left unbalanced too long or deep, the slaves revolt and reboot. From Rayzer at riseup.net Fri Sep 18 12:39:51 2015 From: Rayzer at riseup.net (Razer) Date: Fri, 18 Sep 2015 12:39:51 -0700 Subject: Key Compromise Related to Architectural Work Not Cryptome In-Reply-To: References: Message-ID: <55FC6887.7080902@riseup.net> On 09/18/2015 03:57 AM, John Young wrote: > ...hundreds of designers from around the world with access to files. Security of > the project is primary and its design is not public. There's just something 'contra' about sentence one in re sentence two. Being from NYC originally and not having set one foot there since 1976, is the route of line 7 extension itself secret? belay that question: > "The extension, a key part of the Hudson Yards Redevelopment Project, > is expected to bring business and entertainment into the area. It is > also intended to aid redevelopment of nearby Chelsea and Hell's > Kitchen around the Long Island Rail Road's West Side Yard." https://en.wikipedia.org/wiki/7_Subway_Extension Gentrification in progress! (wondering if jya's secrets are still such) Try this question instead: Did they ever get rid of the IRT's narrow gauge rail? When I lived in the city the coaches were quaint and ancient because the IRT was always the last serviced by the MTA's budget... RR -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: From l at odewijk.nl Fri Sep 18 05:40:34 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Fri, 18 Sep 2015 14:40:34 +0200 Subject: =?UTF-8?Q?Re=3A_Would_you_work_if_you_didn=E2=80=99t_have_to=3F?= In-Reply-To: References: Message-ID: I think I'd feel a bit less anxious in general, knowing the worst that could happen is living in good comfort. I think 30k per person is too much though, 15k is really quite enough (at least in NL). This also to prevent complete perversion of reward-for-labor. I think the "digital nomad"-compatible family of jobs will lose their associated risk (if it doesn't work out, you're still fine) and that will help them. Jobs that are highly paid will likely still be pretty rewarding, too. It's the jobs that pay little now that get the serious change in their economics. Who wants to pick up garbage for almost no money, when you have enough money? It is also hard to estimate how many people will prefer entirely useless work, or a minimal lifestyle. Given a tease more automation that should not be a problem. But, remember, as automation increases the basic income can become less; as a certain level of comfort is achieved at a lower price. This also gives governments some new and interesting incentives. The gamble sometimes seems to be whether some "successful creative and risky business" produces more value than "cheap labor". (And, well, what those lousy-job-people will do when they get a lot of time on their hands!) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1489 bytes Desc: not available URL: From Rayzer at riseup.net Fri Sep 18 14:47:29 2015 From: Rayzer at riseup.net (Razer) Date: Fri, 18 Sep 2015 14:47:29 -0700 Subject: Fwd: [Cryptography] WashPo: Leaked NSC Memo on Encryption In-Reply-To: References: Message-ID: <55FC8671.4070901@riseup.net> On 09/17/2015 11:15 AM, grarpamp wrote: > The pdf of the original looks like it was typed on a *manual* typewriter Dunno. I'm old enough to remember lots of copy written by manual typewriter but I'm not seeing 'stroke pressure' differences that I wouldn't assign to OCR processing or any 'broken' characters from clogged or bunged typeheads here. Caveat: If the typewriter is electric 'stroke pressure' might not apply. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: From guninski at guninski.com Fri Sep 18 06:24:20 2015 From: guninski at guninski.com (Georgi Guninski) Date: Fri, 18 Sep 2015 16:24:20 +0300 Subject: How much/what hardware does the rowhammer DRAM bug affects? In-Reply-To: <2002516358.1367685.1442565284415.JavaMail.yahoo@mail.yahoo.com> References: <20150917053633.GB2746@sivokote.iziade.m$> <2002516358.1367685.1442565284415.JavaMail.yahoo@mail.yahoo.com> Message-ID: <20150918132420.GC2729@sivokote.iziade.m$> On Fri, Sep 18, 2015 at 08:34:44AM +0000, jim bell wrote: > >3. If you have computer near you, can you induce bit > >flips on purpose remotely, without executing code on > >it? (lol, AFAICT if you wait looooong enough cosmic rays > >will this for you for free, but I am asking about > >realistic attack). > I don't think an external attack (with particles) is plausible. You well might be right, but attacks only get better... Once upon a time, at an open source party some people claimed that from commodity microwave oven one can made device that (don't remember which of those) damages electronics and/or severely interfere with GSM communications at nontrivial distance. Don't remember the electricity requirements. > > > > From guninski at guninski.com Fri Sep 18 06:56:55 2015 From: guninski at guninski.com (Georgi Guninski) Date: Fri, 18 Sep 2015 16:56:55 +0300 Subject: Fwd: Do ethnic Germans have the right to racial and cultural strength? - was Re: At a Berlin church, Muslim refugees converting in droves. In-Reply-To: <2460414.9ekeXe5i90@lapuntu> References: <1779111.UxAx0tsn7i@lapuntu> <20150911125239.GC2699@sivokote.iziade.m$> <2460414.9ekeXe5i90@lapuntu> Message-ID: <20150918135655.GD2729@sivokote.iziade.m$> On Thu, Sep 17, 2015 at 10:55:58PM +0200, rysiek wrote: > You can pull numbers from your ass, so can I. When you want to get back to a > more serious discussion, do tell. > Lol, maybe I will troll you better when the time comes (and sheeple being collateral political damage). To get part of the big picture search for EU refugees crisis in a search engine of your choice, filtering results to last day/week if possible. From juan.g71 at gmail.com Fri Sep 18 13:22:40 2015 From: juan.g71 at gmail.com (Juan) Date: Fri, 18 Sep 2015 17:22:40 -0300 Subject: How much/what hardware does the rowhammer DRAM bug affects? In-Reply-To: <20150918132420.GC2729@sivokote.iziade.m$> References: <20150917053633.GB2746@sivokote.iziade.m$> <2002516358.1367685.1442565284415.JavaMail.yahoo@mail.yahoo.com> <20150918132420.GC2729@sivokote.iziade.m$> Message-ID: <55fc7180.4bc28c0a.4625e.37a5@mx.google.com> On Fri, 18 Sep 2015 16:24:20 +0300 Georgi Guninski wrote: > Once upon a time, at an open source party some people claimed that > from commodity microwave oven one can made device that (don't > remember which of those) damages electronics and/or severely > interfere with GSM communications at nontrivial distance. shouldn't an unshielded microwave oven jam a whole city as well as burn anybody who gets close to it? looks like a great 'terrist' project. > Don't > remember the electricity requirements. ordinary requirements of an ordinary oven? > > > > > > > > > From guninski at guninski.com Fri Sep 18 09:21:01 2015 From: guninski at guninski.com (Georgi Guninski) Date: Fri, 18 Sep 2015 19:21:01 +0300 Subject: Fwd: Do ethnic Germans have the right to racial and cultural strength? - was Re: At a Berlin church, Muslim refugees converting in droves. In-Reply-To: <1964661.BWLenNOqDH@lapuntu> References: <20150911063905.GK89227@r4> <1964661.BWLenNOqDH@lapuntu> Message-ID: <20150918162101.GE2729@sivokote.iziade.m$> On Fri, Sep 11, 2015 at 09:56:06AM +0200, rysiek wrote: > Dnia piątek, 11 września 2015 08:39:05 Tom pisze: > > Wanna send back children into a war zone because Oktoberfest? > > This, I believe, sums it up perfectly! > Indeed, "think of the children" is one of the most convincing scamming arguments I have seen. Isn't this EU's fault for closing borders (check news)? If this is the case, troll the EU, not this list. How could the dear EU close borders for CHILDREN???? From alfiej at fastmail.fm Fri Sep 18 03:25:19 2015 From: alfiej at fastmail.fm (Alfie John) Date: Fri, 18 Sep 2015 20:25:19 +1000 Subject: key management is the crux In-Reply-To: References: Message-ID: <1442571919.2391451.387150049.5A3FCB86@webmail.messagingengine.com> On Fri, Sep 18, 2015, at 02:45 PM, coderman wrote: > On 9/17/15, Robert Hettinga wrote: > > ... Key management is hard. > > > just get straight to it, and study the key management. > > tells you all you need to know about a product! The more I thing about a problem, the more I think that OTR is the only solution. Thanks @thegrugq. Alfie -- Alfie John alfiej at fastmail.fm From jdb10987 at yahoo.com Fri Sep 18 14:30:32 2015 From: jdb10987 at yahoo.com (jim bell) Date: Fri, 18 Sep 2015 21:30:32 +0000 (UTC) Subject: How much/what hardware does the rowhammer DRAM bug affects? In-Reply-To: <55fc7180.4bc28c0a.4625e.37a5@mx.google.com> References: <55fc7180.4bc28c0a.4625e.37a5@mx.google.com> Message-ID: <1946408935.1787226.1442611832366.JavaMail.yahoo@mail.yahoo.com> From: Juan On Fri, 18 Sep 2015 16:24:20 +0300 Georgi Guninski wrote: >> Once upon a time, at an open source party some people claimed that >> from commodity microwave oven one can made device that (don't >> remember which of those) damages electronics and/or severely >> interfere with GSM communications at nontrivial distance. > shouldn't an unshielded microwave oven jam a whole city as well > as burn anybody who gets close to it? > looks like a great 'terrist' project. Within the last couple of months, I think somebody was arrested for planning some sort of "X-ray death ray". http://nypost.com/2015/08/18/kkk-member-built-death-ray-machine-to-kill-muslims-and-obama-prosecutors-say/ But only a dweeb doesn't know that X-rays cannot be focussed. (With one very obscure exception not applicable here. Find it and get an "attaboy!". ) Microwaves, OTOH, can be focussed rather easily. The frequency is 2.45 Ghz, at about 1 Kilowatt. (wavelength about 12 centimeters.) I'd have to consult a Radio Amateur's handbook, but a modern dish (intended or Directv or Dish network) could probably get 15-20 db of gain, compared with isotropic. An old-style 8-foot dish probably would do 30 db gain. That would be 100 kilowatts ERP. Such an unshielded (open) device would probably impair WiFi at 2.5 Ghz severely, if you're close to it, say a few hundred feet away. Fortunately, I think microwave ovens have better than 60 db of shielding. A few 10s of feet, away, hardware damage might occur if that full 1 kw were allowed to leak out. Jim Bell > Don't remember the electricity requirements. ordinary requirements of an ordinary oven? Ordinary microwave ovens are probably 75%-80% efficient. Thus, if you need to supply a 1 kilowatt microwave, you'll probably need 1250 watts of AC power. > > > > > > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4688 bytes Desc: not available URL: From rysiek at hackerspace.pl Fri Sep 18 14:07:19 2015 From: rysiek at hackerspace.pl (rysiek) Date: Fri, 18 Sep 2015 23:07:19 +0200 Subject: Fwd: Do ethnic Germans have the right to racial and cultural strength? - was Re: At a Berlin church, Muslim refugees converting in droves. In-Reply-To: <20150918162101.GE2729@sivokote.iziade.m$> References: <1964661.BWLenNOqDH@lapuntu> <20150918162101.GE2729@sivokote.iziade.m$> Message-ID: <3142793.Z0iKmEkdVZ@lapuntu> Dnia piątek, 18 września 2015 19:21:01 piszesz: > On Fri, Sep 11, 2015 at 09:56:06AM +0200, rysiek wrote: > > Dnia piątek, 11 września 2015 08:39:05 Tom pisze: > > > Wanna send back children into a war zone because Oktoberfest? > > > > This, I believe, sums it up perfectly! > > Indeed, "think of the children" is one of the most convincing scamming > arguments I have seen. That is true. And exactly why I like it so in this context -- as usually the very people that (ab)use this "argument" when talking about pr0n, are completely, utterly blindsided by it when talking about refugees. > Isn't this EU's fault for closing borders (check news)? It is. > If this is the case, troll the EU, not this list. If you enable threading view in your mail user agent (you do use a sane one, that allows for this, right?), you will notice that my e-mail was in the branch replying to a certain e-mail asking about validity of such a move (albeit using different words, something about "protecting ethnicity" or somesuch). -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From zen at freedbms.net Fri Sep 18 17:27:39 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Sat, 19 Sep 2015 00:27:39 +0000 Subject: Fwd: Do ethnic Germans have the right to racial and cultural strength? - was Re: At a Berlin church, Muslim refugees converting in droves. In-Reply-To: <20150911063905.GK89227@r4> References: <55F1F9C9.9070009@cathalgarvey.me> <20150911063905.GK89227@r4> Message-ID: On 9/11/15, Tom wrote: > Wanna send back [Syrian] children into a war zone because Oktoberfest? A prescient argument you have, it seems - perhaps those initial 130,000 landing just in Germany all sign this petition: https://www.change.org/p/city-of-munich-ban-the-intolerant-and-anti-islamic-event-of-oktoberfest since it is after all, very important that the Germans protect against offending the refugee and immigrant cultural rights. At least the Greek police are on the job checking the humanitarian aid for all these "Syrian refugees": http://newswire.net/newsroom/news/00090322-police-in-greece-discovered-arms-in-humanitarian-aid-for-migrants.html "So far, the Greek custom police found 5000 rifles and at least half a million bullets in 2 containers allegedly labeled as the “humanitarian aid” intended to the migrants from Syria who arrived in Greek migrant’s camp." From zen at freedbms.net Fri Sep 18 17:52:36 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Sat, 19 Sep 2015 00:52:36 +0000 Subject: Fwd: Waking up In-Reply-To: References: <007e01d0effe$b5046480$1f0d2d80$@com.au> Message-ID: Here's the full (20min, 60MB interview) youtube link from the bottom of the article below, which is kind of needed since then you can hear the full interview (the questioner and the other side): https://www.youtube.com/watch?v=KmQw6CryE9M USAGov/CIA lies - back then (August 2013) as we see in this interview team USA was saying 'We don't want regime change - we just want a limited (100 frigate-based missiles) strike against key Syria targets to send a message that chemical warfare is not ok', whilst: a) the leaked emails from a few days before the interview already showed that it was not Assad government, but 'terrorist' chemical warfare actions (not Assad govt) which also were a false flag done by CIA, and b) today we see team USA saying 'Assad must go, regime change is required to protect human rights' So team USA says what it wants, when it wants, in order to fuel more war, which in turn funds Lockheed, Raytheon etc. See here: http://www.usatoday.com/story/money/business/2013/03/10/10-companies-profiting-most-from-war/1970997/ "The business of war is profitable. In 2011, the 100 largest contractors sold $410 billion in arms and military services. Just 10 of those companies sold over $208 billion... These companies have benefited tremendously from the growth in military spending in the U.S., ... in 2000 $312 billion ... 2011 $712 billion ... #1 Lockheed Martin notched $36.3 billion in sales in 2011 " Them missiles are expensive, highly profitable. Zenaan ---------- Forwarded message ---------- Date: Thu, 17 Sep 2015 11:53:46 +0000 Subject: Fwd: Waking up Subject: Waking up http://beforeitsnews.com/alternative/2015/09/must-watch-ex-marine-goes-crazy-blows-whistle-on-syrian-false-flag-and-real-agenda-3214162.html "Ken O’ Keefe is a former US Marine turned anti-war campaigner who appeared on a Press TV debate called Syria: War of Deception, and absolutely owned his opponent in such an awesome way that you’ll be cheering at his every comment. Recorded in August 2013, this interview is now two years old, but in light of the current European refugee crisis it’s more relevant today than ever before. Passionate, articulate and knowledgeable about the subject matter, O’Keefe is the perfect guy to step up and tell these home truths... From zen at freedbms.net Fri Sep 18 18:16:05 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Sat, 19 Sep 2015 01:16:05 +0000 Subject: =?UTF-8?Q?Re=3A_Microsoft_has_developed_its_own_Linux=2E_Repeat=2E_M?= =?UTF-8?Q?icrosoft_has_developed_its_own_Linux_=E2=80=A2_The_Register?= In-Reply-To: References: <55FC0B5B.8070400@sbcglobal.net> Message-ID: On 9/18/15, Robin wrote: > On 18 September 2015 at 16:02, Dave wrote: >> It must be getting a bit chilly down in Hell right now... >> >> http://www.theregister.co.uk/2015/09/18/microsoft_has_developed_its_own_linux_repeat_microsoft_has_developed_its_own_linux/ >> >> ...And I see some porcine figures out on the tarmac... > > Oh, and there's Jesus on a pogo stick ... Lucifer just rang his broker demanding a massive short position in Fujitsu Air conditioning, but the picosecond high frequency "liquidity" traders saw the bid and pre-seized all options causing St Peter to chuckle from the perly gates which manifested as a thunderstorm never seen before and lightening from New Zealand all the way to Hades. Lucifer of course figured "well, it might not be molten sodium but a little back to the future is better than nothing I guess," but just then she realised that the news article prompting all these escapades had caused exactly six-nines of all humans to laugh at exactly the same moment and with that the lightning didn't stop before Lucifer's throne, instead slicing her clean in two. As the two Lucifer halves started an eternal fist fight over which would get to mount the other half first, at that moment even God chuckled and the universe accidentally en... From zen at freedbms.net Fri Sep 18 19:25:20 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Sat, 19 Sep 2015 02:25:20 +0000 Subject: Waking up In-Reply-To: References: <007e01d0effe$b5046480$1f0d2d80$@com.au> Message-ID: On 9/19/15, Zenaan Harkness wrote: > Here's the full (20min, 60MB interview) youtube link from the bottom > of the article below, which is kind of needed since then you can hear > the full interview (the questioner and the other side): > https://www.youtube.com/watch?v=KmQw6CryE9M > > USAGov/CIA lies - back then (August 2013) as we see in this interview > team USA was saying 'We don't want regime change - we just want a > limited (100 frigate-based missiles) strike against key Syria targets > to send a message that chemical warfare is not ok', whilst: > a) the leaked emails from a few days before the interview already > showed that it was not Assad government, but 'terrorist' chemical > warfare actions (not Assad govt) which also were a false flag done by > CIA, and > b) today we see team USA saying 'Assad must go, regime change is > required to protect human rights' "Assad must go" is definitely the new chant: http://russia-insider.com/en/politics/assad-must-go-no-american-arrogance-must-go/ri9819 From admin at pilobilus.net Sat Sep 19 03:40:54 2015 From: admin at pilobilus.net (Steve Kinney) Date: Sat, 19 Sep 2015 06:40:54 -0400 Subject: Fw: WiFi router networking? In-Reply-To: <20150918102318.efe2be8e97806a806bb39694@virtadpt.net> References: <1811219623.44975.1442305689250.JavaMail.yahoo@mail.yahoo.com> <1750318527.299602.1442337670721.JavaMail.yahoo@mail.yahoo.com> <55FA0458.1070800@pilobilus.net> <20150918102318.efe2be8e97806a806bb39694@virtadpt.net> Message-ID: <55FD3BB6.1090802@pilobilus.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/18/2015 01:23 PM, The Doctor wrote: > On Wed, 16 Sep 2015 20:07:52 -0400 Steve Kinney > wrote: > >> A friend turned me on to this some time ago. I have yet to >> set up any mesh networks but it does look VERY promising. >> http://hsmm-mesh.org/ > > [...] It's also hams only, so I'd advise caution if you don't > have your ticket but want to experiment with it, new nodes that > aren't recognized will draw a lot of attention. I don't think that's a problem, since consumer grade routers don't have enough power to require a licensed operator. High gain antennas may be a gray area here, but since these would be pointed at participating reconfigured routers I don't think that would raise any eyebrows. > One of the gotchas from their FAQ: "You can't use Wi-Fi to > connect to a mesh node from your computer, netbook, smart phone > or other wireless device." Back to hardwiring. Yup, needs an ethernet connection for user access. Forwarding a mesh network router to a conventionally configured WiFi router is not a problem I have looked at yet, but I believe it should be easy. (He said, heedless of Finagle's Ghost hovering over his shoulder.) :o) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJV/Tu0AAoJEDZ0Gg87KR0LPLgQAJF/ASOzwmqj9snlDq8qFgh3 yO7vCpBN3k7SyebCthcUxVbFrBVp4S9FqH8lOh2PBXd+TGbgXE0aDMyOS16DLKNX CTAWnHUC1ek2uWZ9NP5fyMQex09l6aFjGKpx3+F5bXwGk4KtEz/P6dTsNzT5c/JL /muglYjet1L/miGzxinod7yDWWJFWfUas4kMh9ZyO4faPrqWOdcMqybSENX0diiW lOQdhgJZTHVgJF+MjjRt/eVBGi6ruSNpFDrWD2uoFnHt3gS3CSdi8ao8gSfRfLdZ HdczmLpqx3Ls5CCM2PClJhZDq643prsks/gzfIrT2MDssrppYxlLwiGUsc/Tb1zr LQ8m92Fzz/o1kSCetf1SmgHK4wue7vMBfyl5jhalvFh68d03g9YbF3zrq0v0+ZPb 6QeCBrz6xc93DVnA+5hV5z+4iB4QeboX6vkrLnSHOZRGS6o9khz7JAbl8Z6Afmee GPWBp2SOogbgC7MHYDAvEDmhd9t8gkhtZpOgu4ajeyPAZZDbSIJnY1ykW0yHrjq0 uXqMQFBZ7iQ49yqdRnLqXjENBbVT27LWHq91lha/xhiN6//hNK6p2Q+5NAzpsDiq zpo8r3h/7iC//xghjJSpWjTRoO5We3vlevrIKF5FmSSCMr1Zeof/fQFa85htjVED d4YqQWRIMNG+LRcUeI6p =67tY -----END PGP SIGNATURE----- From guninski at guninski.com Fri Sep 18 21:41:10 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sat, 19 Sep 2015 07:41:10 +0300 Subject: How much/what hardware does the rowhammer DRAM bug affects? In-Reply-To: <55fc7180.4bc28c0a.4625e.37a5@mx.google.com> References: <20150917053633.GB2746@sivokote.iziade.m$> <2002516358.1367685.1442565284415.JavaMail.yahoo@mail.yahoo.com> <20150918132420.GC2729@sivokote.iziade.m$> <55fc7180.4bc28c0a.4625e.37a5@mx.google.com> Message-ID: <20150919044110.GA2589@sivokote.iziade.m$> On Fri, Sep 18, 2015 at 05:22:40PM -0300, Juan wrote: > > Don't > > remember the electricity requirements. > > ordinary requirements of an ordinary oven? Really don't remember the details. For a simple? device, they needed certain parts. They claimed the easiest way to get the parts was from ordinary microwave oven. Well might be wrong about the electricity requirements. From jya at pipeline.com Sat Sep 19 04:50:00 2015 From: jya at pipeline.com (John Young) Date: Sat, 19 Sep 2015 07:50:00 -0400 Subject: Key Compromise Related to Architectural Work Not Cryptome In-Reply-To: <20150919084630.GC2589@sivokote.iziade.m$> References: <20150919084630.GC2589@sivokote.iziade.m$> Message-ID: Nobody sane has ever met JYA, just not possible. But several cpunks and USG officials have. But none of those use PGP after learning what precludes sanity and is replaced with blind faith in the math when crypto is implanted. GPG is further down the wormhole of instability. As RH pithed on PRZ's shoes: children of code-cobblers have none. At 04:46 AM 9/19/2015, you wrote: >On Fri, Sep 18, 2015 at 06:57:58AM -0400, John Young wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA256 > > > > 18 September 2015 > > > > Key compromise is related to our architectural work on NYC No. 7 > > Subway Line Extension, recently opened. Project had hundreds of > > designers from around the world with access to files. Security of > > the project is primary and its design is not public. Extent of > > subway system security and file protection is restricted to > > need to know. > > > > JYA and Cryptome passphrases remain secure. Key revocation done > > for caution. > > > >While this messages passes gpg verification with the alleged JYA's key, >I doubt he wrote it (at least in a relatively sane state). > >If someone knows JYA, please confirmed the message is indeed from him. From guninski at guninski.com Fri Sep 18 22:40:28 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sat, 19 Sep 2015 08:40:28 +0300 Subject: How much/what hardware does the rowhammer DRAM bug affects? In-Reply-To: <20150918101100.2247fdf06e49aa3b46587d1d@virtadpt.net> References: <20150916090105.GA2571@sivokote.iziade.m$> <55F93284.4060100@cathalgarvey.me> <20150918101100.2247fdf06e49aa3b46587d1d@virtadpt.net> Message-ID: <20150919054028.GB2589@sivokote.iziade.m$> On Fri, Sep 18, 2015 at 10:11:00AM -0700, The Doctor wrote: > On Wed, 16 Sep 2015 10:12:36 +0100 > Cathal Garvey wrote: > > > possible. Browser model, JS engine, hardware acceleration options, > > possibly firmwares, and DRAM model/generation/clockspeed. > > No reason to be complacent, but the gist was "you probably don't need to > > worry about rowhammer-JS". > > It makes one wonder how well it works in the context of node.js, which seems to be the darling of developers the world over these days. > http://arxiv.org/abs/1507.06955 Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript p.2 We compared our implementations of the Rowhammer attack on the three different machines shown in Table I. (gives explicit models). From Rayzer at riseup.net Sat Sep 19 09:17:59 2015 From: Rayzer at riseup.net (Razer) Date: Sat, 19 Sep 2015 09:17:59 -0700 Subject: Waking up In-Reply-To: <1912831.HxdQoyA6rQ@lapuntu> References: <007e01d0effe$b5046480$1f0d2d80$@com.au> <1912831.HxdQoyA6rQ@lapuntu> Message-ID: <55FD8AB7.7050005@riseup.net> On 09/19/2015 03:18 AM, rysiek wrote: > How about "both Assad and American arrogance must go". How about "Assad is a bad guy in a 'hood full of bad guys and it could be a lot worse." What say we focus on taking out our OWN elected Warmongering scumbuckets, and the rest, as they say, will take care of itself Gary Brecter, the War Nerd, on whose what in Syria. > "The post-war years were full of wild experiments in the Arab world. > The only constant was that military coups were the rule. Leaders came > from the army—Nasser, Ghadafi, Saddam. So when an officer with > coup-making skills happened to come from a tightly-knit community, he > was almost sure to end up in charge. Saddam had his Tikrit clan in > Iraq; Ghadafi had his academy buddies in Libya; Hafez Assad had his > Alawite kin in Syria. The Alawites were perfectly placed to take > advantage of this coup-centered polity. T. E. Lawrence said about > them, “One Nusairi [Alawite] would not betray another, and would > hardly not betray an unbeliever.” With Alawite officers filling the > armed services in Syria, it was inevitable that an Alawite would come > to power, as Hafez Assad did in 1970. From that point, they did what > they had to do to remain in power. When killing was necessary, they > killed. And in Syria, it was necessary fairly often. But I don’t know > of any records showing that the Alawites were particularly cruel by > the standards of the time and place. In fact, from the start of their > rule in Syria, the Alawites have tried, via Ba’ath Party secularism > and a long-term attempt to make Alawite ritual and doctrine closer to > Sunni norms, to integrate with their neighbors." ~Gary Brecher, The War Nerd: Little Kerry and the Three Bad Options https://www.nsfwcorp.com/dispatch/little-kerry/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: From guninski at guninski.com Sat Sep 19 01:46:30 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sat, 19 Sep 2015 11:46:30 +0300 Subject: Key Compromise Related to Architectural Work Not Cryptome In-Reply-To: References: Message-ID: <20150919084630.GC2589@sivokote.iziade.m$> On Fri, Sep 18, 2015 at 06:57:58AM -0400, John Young wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > 18 September 2015 > > Key compromise is related to our architectural work on NYC No. 7 > Subway Line Extension, recently opened. Project had hundreds of > designers from around the world with access to files. Security of > the project is primary and its design is not public. Extent of > subway system security and file protection is restricted to > need to know. > > JYA and Cryptome passphrases remain secure. Key revocation done > for caution. > While this messages passes gpg verification with the alleged JYA's key, I doubt he wrote it (at least in a relatively sane state). If someone knows JYA, please confirmed the message is indeed from him. From rysiek at hackerspace.pl Sat Sep 19 03:18:18 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sat, 19 Sep 2015 12:18:18 +0200 Subject: Waking up In-Reply-To: References: <007e01d0effe$b5046480$1f0d2d80$@com.au> Message-ID: <1912831.HxdQoyA6rQ@lapuntu> Dnia sobota, 19 września 2015 02:25:20 Zenaan Harkness pisze: > On 9/19/15, Zenaan Harkness wrote: > > Here's the full (20min, 60MB interview) youtube link from the bottom > > of the article below, which is kind of needed since then you can hear > > the full interview (the questioner and the other side): > > https://www.youtube.com/watch?v=KmQw6CryE9M > > > > USAGov/CIA lies - back then (August 2013) as we see in this interview > > team USA was saying 'We don't want regime change - we just want a > > limited (100 frigate-based missiles) strike against key Syria targets > > to send a message that chemical warfare is not ok', whilst: > > a) the leaked emails from a few days before the interview already > > showed that it was not Assad government, but 'terrorist' chemical > > warfare actions (not Assad govt) which also were a false flag done by > > CIA, and > > b) today we see team USA saying 'Assad must go, regime change is > > required to protect human rights' > > "Assad must go" is definitely the new chant: > http://russia-insider.com/en/politics/assad-must-go-no-american-arrogance-mu > st-go/ri9819 How about "both Assad and American arrogance must go". -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From admin at pilobilus.net Sat Sep 19 09:33:07 2015 From: admin at pilobilus.net (Steve Kinney) Date: Sat, 19 Sep 2015 12:33:07 -0400 Subject: Waking up In-Reply-To: <1912831.HxdQoyA6rQ@lapuntu> References: <007e01d0effe$b5046480$1f0d2d80$@com.au> <1912831.HxdQoyA6rQ@lapuntu> Message-ID: <55FD8E43.1050306@pilobilus.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/19/2015 06:18 AM, rysiek wrote: >> "Assad must go" is definitely the new chant: >> http://russia-insider.com/en/politics/assad-must-go-no-american-a rrogance-mu >> >> st-go/ri9819 > > How about "both Assad and American arrogance must go". > "Assad must go" has been the uniform propaganda theme across all Western media outlets since the day the Obama Admimistration first called the Syrian government a "regime." NGOs sent teams into Syria a couple of years ago with the mission of finding out what the "Syrian in the street" thinks about all this. Their uniform position: All foreign intervention must go. But alas, now that U.S. sponsored proxy forces have taken over substantial economic assets in Syria, there will be no removing them without foreign intervention; even if Uncle Sam turns off the money tap, ISIS will just keep going: Deeply depleted Syrian armed forces won't be able to remove them. In terms of real options, a strong Russian presence is most likely the best deal available to the Syrian people. :o/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJV/Y5BAAoJEDZ0Gg87KR0LxfYQAJf5xQbgb8or6Wh49asFss+1 JFng6Uk4GOCoY09NXDyt6fp6YSpWiAgIbXDdSu57MkL95e+t0B0l+XV01x0NIcxI TnuQJEu2vWASjAqZ4iuf9cAnmUIXh20myNpxKDJ4qwBd7CdpQ7C1lnz6aKaDWgXi HNTRD5vQOA2aJS1oRhXDDtVQxNZhAedsr15MrfVN0xT1A2u519OvwD7bPS0lbIwg 3vqOaCugwnA04DskkY9NzA53ynEgwgGnf44yJvJ2sqsX6BGXrQYxd+yHoZMYFQmk VZzhPgk2Ge7w7+rdN3ZPSVZjjR5/eoQ3YFOSmqJTaD105xrzUlq0RILbMS2kR55J 2zDvMeSuSIxIKh+f0MBY4VOcoU9wACgj0zLyMYfwVGesFRWY2QdQndgKP7rv8o0i tXy1YjXAHQg/THAQ5X9DJcdBWP+h4TTmuq2Tf82Cr3n/EMBtGwJpqIK5DbGBqc0d z6L4Eyz0UFvyTSGsVVqRxYjtknAhvPZrN9ns11bheM/WmG13aCzOzgPs9f0I1hek 5M8FbyiQ6nCnkTLHjM2fMtq4R7Fi7RW9bqy+5WN4IEeXdusYAbQF5tJqv6o59ewB LEoyMNTNYD3kRCAEeu88xip11hEkSRD84+4PXIkJbILDTalSwCN6lbnrVj0VUv7R MnQjch2u5NIt4+qZFuKE =YokF -----END PGP SIGNATURE----- From wirelesswarrior at safe-mail.net Sat Sep 19 10:12:05 2015 From: wirelesswarrior at safe-mail.net (wirelesswarrior at safe-mail.net) Date: Sat, 19 Sep 2015 13:12:05 -0400 Subject: Darryl W. Perry Calls for Ross Ulbrich to be Pardoned. Message-ID: Lyn Ulbrich, Ross' mom, will be speaking at the Prague Hacker's Conference in early October http://hcpp.cz/eng/#section2 -------- Original Message -------- From: jim bell Apparently from: cypherpunks-bounces at cpunks.org To: Cpunks List Subject: Darryl W. Perry Calls for Ross Ulbrich to be Pardoned. Date: Fri, 29 May 2015 19:20:42 +0000 (UTC) > > > > From: http://www.independentpoliticalreport.com/2015/05/darryl-w-perry-calls-for-ross-ulbricht-to-be-pardoned/ > > > > > Darryl W. Perry Calls for Ross Ulbricht to Be Pardoned > > > Ross Ulbricht > > From Darryl W. Perry’s 2016 presidential campaign website: > > In 2013 Ross Ulbricht was arrested for allegedly operating the black market website Silk Road. In early 2015 he was found convicted in what was essentially a kangaroo trial, where his attorney was prevented from presenting evidence of government corruption in the case, because of an ongoing investigation. Two of the federal agents investigating the case have since been arrested for fraud and money laundering. > Ulbricht’s lead defense attorney Joshua Dratel wrote in a court filing, “In contrast to the government’s portrayal of the Silk Road web site as a more dangerous version of a traditional drug marketplace, in fact the Silk Road web site was in many respects the most responsible such marketplace in history, and consciously and deliberately included recognized harm reduction measures, including access to physician counseling. In addition, transactions on the Silk Road web site were significantly safer than traditional illegal drug purchases, and included quality control and accountability features that made purchasers substantially safer than they were when purchasing drugs in a conventional manner.” > Meghan Ralston, a former harm reduction manager for the Drug Policy Alliance says Silk Roadwas “a peaceable alternative to the often deadly violence so commonly associated with the global drug war, and street drug transactions, in particular.” > Despite the improprieties in the investigation and the trial, and despite the fact that Ross Ulbricht actually made the black market safer, he will be in prison for a minimum of 20 years. The Ulbricht family has said they plan to appeal the conviction, however they shouldn’t need to do so. Ross Ulbricht should be pardoned, as should all non-violent drug offenders! > [end of quote] > > > > > > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 6825 bytes Desc: not available URL: From guninski at guninski.com Sat Sep 19 05:06:08 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sat, 19 Sep 2015 15:06:08 +0300 Subject: Key Compromise Related to Architectural Work Not Cryptome In-Reply-To: References: <20150919084630.GC2589@sivokote.iziade.m$> Message-ID: <20150919120608.GD2589@sivokote.iziade.m$> On Sat, Sep 19, 2015 at 07:50:00AM -0400, John Young wrote: > GPG is further down the wormhole of instability. > Whoever sent this, I quite agree about GPG (this doesn't mean PGP is better). From zen at freedbms.net Sat Sep 19 10:50:35 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Sat, 19 Sep 2015 17:50:35 +0000 Subject: Darryl W. Perry Calls for Ross Ulbrich to be Pardoned. In-Reply-To: References: Message-ID: On 9/19/15, wirelesswarrior at safe-mail.net wrote: > -------- Original Message -------- > From: jim bell > Apparently from: cypherpunks-bounces at cpunks.org > Subject: Darryl W. Perry Calls for Ross Ulbrich to be Pardoned. > Date: Fri, 29 May 2015 19:20:42 +0000 (UTC) >> From: >> http://www.independentpoliticalreport.com/2015/05/darryl-w-perry-calls-for-ross-ulbricht-to-be-pardoned/ >> >> Ross Ulbricht should be pardoned, >> as should all non-violent drug offenders! As a drug non-user, I wholeheartedly agree. Zenaan From wirelesswarrior at safe-mail.net Sat Sep 19 19:47:21 2015 From: wirelesswarrior at safe-mail.net (wirelesswarrior at safe-mail.net) Date: Sat, 19 Sep 2015 22:47:21 -0400 Subject: Hackers Convention, Parallel Polis Congress 2-4.10.2015 in Prague Message-ID: I am scheduled to speak there on Sunday October 4th http://hcpp.cz/eng/ From mezger.benjamin at gmail.com Sat Sep 19 19:24:30 2015 From: mezger.benjamin at gmail.com (Ben Mezger) Date: Sat, 19 Sep 2015 23:24:30 -0300 Subject: The tricky encryption that could stump quantum computers Message-ID: http://www.wired.com/2015/09/tricky-encryption-stump-quantum-computers/ + https://docbox.etsi.org/Workshop/2014/201410_CRYPTO/S07_Systems_and_Attacks/S07_Groves_Annex.pdf http://www.etsi.org/news-events/news/947-2015-03-news-etsi-launches-quantum-safe-cryptography-specification-group https://www.nsa.gov/ia/programs/suiteb_cryptography/ -- Sent with my mu4e -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 800 bytes Desc: not available URL: From blibbet at gmail.com Sun Sep 20 08:31:42 2015 From: blibbet at gmail.com (Blibbet) Date: Sun, 20 Sep 2015 08:31:42 -0700 Subject: Privacy Respecting Laptops In-Reply-To: <55FEBA94.1020005@dyne.org> References: <1442196672.2106649.382666265.23011BB0@webmail.messagingengine.com> <9E491F41-82BE-4250-ABC5-0109D3635C47@openmailbox.org> <55F6E481.4030608@cathalgarvey.me> <55F6F142.4010104@gmail.com> <55F703E3.4000007@openmailbox.org> <55F74F83.3060401@gmail.com> <55FEBA94.1020005@dyne.org> Message-ID: <55FED15E.4000202@gmail.com> On 09/20/2015 06:54 AM, hellekin wrote: > On 09/14/2015 07:51 PM, Blibbet wrote: >> >> RMS >> doesn't seem to care for Open Source Hardware, just Free Software > > That's not true. He cares a lot. But he has a lot on his plate with > free software already. The RYF program of the FSF is proof that he > cares. But FSF still is a *small* organization, with a large battlefield. Sigh, I meant to say "Free Hardware", not "Free Software" above.... My comment was based on last time I saw video of RMS talk about hardware, ignored existing HW licensing, and only mentioned his newer Free Hardware concept. No mention to existing Open Source Hardare (OSHWA) license, just mentioned GPL. I wonder if there's any way FSF can work WITH OSHWA and not ignore them. I'm worried that if the Free HW and Open HW divide, that's fewer resources in tiny non-Closed HW niche. It seems they're the BSD of hardware, and you can just declare them Free and GPL them when you touch it. IMO, FSF could do with a lot more clear Free Hardware guidance to OEMs/IHVs, including RYF. I hope FSF, Linux Foundation, and others get serious about funding it. Most OEMs/IHVs won't touch GPL hardware, they still use the IP model, and blobs are normal to them. I'd LOVE to see a press release from FSF and OSHWA saying they're working together to create a spectrum of non-closed hardware, from Open Source Hardware Association-licensed HW to GPL-licensed Free Hardware, getting OSHWA to back the FSF RYF program. Perhaps come up with a logo that clarifies Closed/Open/Free nature of the HW, as well as mentioning the firmware it uses. I should be seeing regular, weekly spam from FSF reminding people to fund a variety of new CrowdSupply.com-funded hardware, like USBArmory, Novena, and other hardware. I recall seeing one press release from FSF asking for Replicant help; OSMOCOMBB or an SDR equivalent is needed. A wifi solution is needed. Right now, it seems the org leading the way for Open/Free Hardware designs is the Open Compute Project, and it is only targeting enterprise hardware, no privacy-respecting hardware. Community is offering little advise to vendors, as previous post in thread suggested. Someone from FSF should give a talk on Free Hardware at Embedded Linux Conference, HotChips, and other places where OEMs/IHVs attend. From hellekin at dyne.org Sun Sep 20 06:54:28 2015 From: hellekin at dyne.org (hellekin) Date: Sun, 20 Sep 2015 10:54:28 -0300 Subject: Privacy Respecting Laptops In-Reply-To: <55F74F83.3060401@gmail.com> References: <1442196672.2106649.382666265.23011BB0@webmail.messagingengine.com> <9E491F41-82BE-4250-ABC5-0109D3635C47@openmailbox.org> <55F6E481.4030608@cathalgarvey.me> <55F6F142.4010104@gmail.com> <55F703E3.4000007@openmailbox.org> <55F74F83.3060401@gmail.com> Message-ID: <55FEBA94.1020005@dyne.org> On 09/14/2015 07:51 PM, Blibbet wrote: > > RMS > doesn't seem to care for Open Source Hardware, just Free Software > That's not true. He cares a lot. But he has a lot on his plate with free software already. The RYF program of the FSF is proof that he cares. But FSF still is a *small* organization, with a large battlefield. Disclaimer: my other email address is @gnu.org. == hk -- _ _ We are free to share code and we code to share freedom (_X_)yne Foundation, Free Culture Foundry * https://www.dyne.org/donate/ From grarpamp at gmail.com Sun Sep 20 09:41:26 2015 From: grarpamp at gmail.com (grarpamp) Date: Sun, 20 Sep 2015 12:41:26 -0400 Subject: Key Compromise Related to Architectural Work Not Cryptome In-Reply-To: References: <20150919084630.GC2589@sivokote.iziade.m$> Message-ID: On Sat, Sep 19, 2015 at 7:50 AM, John Young wrote: > Nobody sane has ever met JYA, just not possible. But several cpunks > and USG officials have. But none of those use PGP after learning > what precludes sanity and is replaced with blind faith in the math when > crypto is implanted. Keysigning party at JYA this Halloween. Wearage of anti facial apparatus encouraged. From guninski at guninski.com Sun Sep 20 04:39:41 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sun, 20 Sep 2015 14:39:41 +0300 Subject: Why libressl-2.2.3 and openssl-1.0.1p accept very weak elliptic curves? Message-ID: <20150920113941.GA2587@sivokote.iziade.m$> Summary: libressl-2.2.3 and openssl-1.0.1p appear to accept elliptic curves which might be broken by Pollard's rho DL in O(2^56) or O(2^82) group operations Pollard's rho DL algorithm [1] solves discrete logarithm in O(\sqrt{n}) where n is the group order. Equivalently the complexity is O(2^{(log_2{n})/2}). Both libressl-2.2.3 and openssl-1.0.1p have curves with log_2{n}=112 and NIST curve with log_2{n}=163. Assuming Pollard's rho succeeds, the complexity is O(2^56) and O(2^82) group operations. The first is close to real time on ``nice hardware''. To reproduce: $ ~/inst/openssl-1.0.1p/apps/openssl ecparam -list_curves secp112r1 : SECG/WTLS curve over a 112 bit prime field sect163k1 : NIST/SECG/WTLS curve over a 163 bit binary field $ ~/inst/libressl-2.2.3/apps/openssl ecparam -list_curves|grep -i ' 1' secp112r1 : SECG/WTLS curve over a 112 bit prime field sect163k1 : NIST/SECG/WTLS curve over a 163 bit binary field For reference, http://comments.gmane.org/gmane.comp.security.cypherpunks/6101 Bitcoin networks surpasses 2^80 hashes per week I believe in an Edward model of EC, the group operation on the EC isn't much slower than Bitcoin SHA hash, so someone with such resources might break ...2r1 in nearly real time and ...3k1 in few weeks. This resembles the ``DSA oddity'' of _forcing_ q as low as 160 bits, giving the same level (to ...3k1) of security compared to DSA as shown at [2], search for "160" [1]: https://en.wikipedia.org/w/index.php?title=Pollard%27s_rho_algorithm_for_logarithms&oldid=667021803 [2]: https://j.ludost.net/blog/archives/2015/09/05/rfc-2631_fips_186-3_and_openssls_implementation_of_dsa_appear_broken_and_possibly_backdoored/index.html From rysiek at hackerspace.pl Sun Sep 20 07:26:14 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 20 Sep 2015 16:26:14 +0200 Subject: Is this crypto paper real or fake? In-Reply-To: <20150920135350.GB2587@sivokote.iziade.m$> References: <20150920135350.GB2587@sivokote.iziade.m$> Message-ID: <72164962.SdmS2s7A6l@lapuntu> Dnia niedziela, 20 września 2015 16:53:50 Georgi Guninski pisze: > Michael J. Wiener Hummm... Let's see: https://scholar.google.com/scholar?hl=pl&q=Michael+J.+Wiener&btnG=&lr= Well, at least this guys seems legit, as surprising as it may be. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From guninski at guninski.com Sun Sep 20 06:53:50 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sun, 20 Sep 2015 16:53:50 +0300 Subject: Is this crypto paper real or fake? Message-ID: <20150920135350.GB2587@sivokote.iziade.m$> Found this from a DJB paper: http://www.scs.carleton.ca/~paulv/papers/JoC97.pdf Parallel Collision Search with Cryptanalytic Applications Paul C. van Oorschot and Michael J. Wiener CHECK THE DATE: 1996 September 23 p.1 The practical significance of the technique is illustrated by giving the design for three $10 million custom machines which could be built with current technology: one finds elliptic curve logarithms in GF(2^155) thereby defeating a proposed elliptic curve cryptosystem in expected time 32 days, the second finds MD5 collisions in expected time 21 days... --- I know the dollar is not what it used to be, but same applies to hardware IMHO Metadata of the PDF is in the future, suggests windows. This is paywalled: http://link.springer.com/article/10.1007%2FPL00003816 Journal of Cryptology January 1999, Volume 12, Issue 1, pp 1-28 From cathalgarvey at cathalgarvey.me Sun Sep 20 08:58:45 2015 From: cathalgarvey at cathalgarvey.me (Cathal (Phone)) Date: Sun, 20 Sep 2015 16:58:45 +0100 Subject: Privacy Respecting Laptops In-Reply-To: <2411736.TPIJ9j0KPb@lapuntu> References: <1442196672.2106649.382666265.23011BB0@webmail.messagingengine.com> <55FEBA94.1020005@dyne.org> <20150920144618.GC2587@sivokote.iziade.m$> <2411736.TPIJ9j0KPb@lapuntu> Message-ID: I do think RMS is complicit with the destruction of GCC though. I know his heart's in the right place about exporting the AST but it's just pushed all the exciting stuff (Rust, Emscripten, etc) to LLVM which is licensed for a tragedy of the commons. On 20 September 2015 16:31:43 IST, rysiek wrote: >OHAI, > >Dnia niedziela, 20 września 2015 17:46:18 Georgi Guninski pisze: >> As all humans, RMS has something to be trolled about. > >Ah, my pet peeve with RMS is his support for non-free (!) licenses on >anything >that is not software. Amazingly, I was able to convice him to change an >-ND >license to something else once, but that was... rather silly: >https://stallman.org/doggerel.html#IveBeenAnsweringMyEmail > >I still have not given up, though! ;) > >> Besides the GNU stuff, IMHO he is underestimated for GCC. > >Absolutely. > >> Without GCC, besides linux, likely neither *BSD nor >> Apple would exist in its present form. >> >> >> (...) >> > >This, unfortunately, is slowly coming to an end, with llvm gaining more >and >more ground. I love competition, but I fear possible proprietarization >of llvm >and a large part of the FLOSS ecosystem: >http://ebb.org/bkuhn/blog/2014/01/26/llvm.html > >inb4 compiler wars > >-- >Pozdrawiam, >Michał "rysiek" Woźniak > >Zmieniam klucz GPG :: http://rys.io/pl/147 >GPG Key Transition :: http://rys.io/en/147 -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2254 bytes Desc: not available URL: From rysiek at hackerspace.pl Sun Sep 20 08:31:43 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 20 Sep 2015 17:31:43 +0200 Subject: Privacy Respecting Laptops In-Reply-To: <20150920144618.GC2587@sivokote.iziade.m$> References: <1442196672.2106649.382666265.23011BB0@webmail.messagingengine.com> <55FEBA94.1020005@dyne.org> <20150920144618.GC2587@sivokote.iziade.m$> Message-ID: <2411736.TPIJ9j0KPb@lapuntu> OHAI, Dnia niedziela, 20 września 2015 17:46:18 Georgi Guninski pisze: > As all humans, RMS has something to be trolled about. Ah, my pet peeve with RMS is his support for non-free (!) licenses on anything that is not software. Amazingly, I was able to convice him to change an -ND license to something else once, but that was... rather silly: https://stallman.org/doggerel.html#IveBeenAnsweringMyEmail I still have not given up, though! ;) > Besides the GNU stuff, IMHO he is underestimated for GCC. Absolutely. > Without GCC, besides linux, likely neither *BSD nor > Apple would exist in its present form. > > > (...) > This, unfortunately, is slowly coming to an end, with llvm gaining more and more ground. I love competition, but I fear possible proprietarization of llvm and a large part of the FLOSS ecosystem: http://ebb.org/bkuhn/blog/2014/01/26/llvm.html inb4 compiler wars -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From guninski at guninski.com Sun Sep 20 07:46:18 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sun, 20 Sep 2015 17:46:18 +0300 Subject: Privacy Respecting Laptops In-Reply-To: <55FEBA94.1020005@dyne.org> References: <1442196672.2106649.382666265.23011BB0@webmail.messagingengine.com> <9E491F41-82BE-4250-ABC5-0109D3635C47@openmailbox.org> <55F6E481.4030608@cathalgarvey.me> <55F6F142.4010104@gmail.com> <55F703E3.4000007@openmailbox.org> <55F74F83.3060401@gmail.com> <55FEBA94.1020005@dyne.org> Message-ID: <20150920144618.GC2587@sivokote.iziade.m$> On Sun, Sep 20, 2015 at 10:54:28AM -0300, hellekin wrote: > On 09/14/2015 07:51 PM, Blibbet wrote: > > > > RMS > > doesn't seem to care for Open Source Hardware, just Free Software > > > > That's not true. He cares a lot. But he has a lot on his plate with > free software already. The RYF program of the FSF is proof that he > cares. But FSF still is a *small* organization, with a large battlefield. > > Disclaimer: my other email address is @gnu.org. > Cheers, As all humans, RMS has something to be trolled about. Besides the GNU stuff, IMHO he is underestimated for GCC. Without GCC, besides linux, likely neither *BSD nor Apple would exist in its present form. It was fun trolling *BSD fanbois about GCC, like: Q: Dude/Chick, your BASE still infiltrated by GNU, do you ship GCC? A: Errrr, We'll switch to CLANG soon, just testing Q: What about building ALL ports/packages? A: (silence) (repeat next year). For Apple powerusers, we asked something like: how comes $grep -r __gnu_ / 2>/dev/null returns so many hits? From jdb10987 at yahoo.com Sun Sep 20 11:26:26 2015 From: jdb10987 at yahoo.com (jim bell) Date: Sun, 20 Sep 2015 18:26:26 +0000 (UTC) Subject: Key Compromise Related to Architectural Work Not Cryptome In-Reply-To: References: Message-ID: <2003748302.489734.1442773586143.JavaMail.yahoo@mail.yahoo.com> From: John Young >Nobody sane has ever met JYA, just not possible. But several cpunks >and USG officials have. I wanted to shake John Young's hand, once. But being surrounded by a crowd of hostile U.S. Marshals, I was impeded from doing so. Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1544 bytes Desc: not available URL: From peter at m-o-o-t.org Sun Sep 20 15:26:23 2015 From: peter at m-o-o-t.org (Peter Fairbrother) Date: Sun, 20 Sep 2015 23:26:23 +0100 Subject: Is this crypto paper real or fake? In-Reply-To: <20150920135350.GB2587@sivokote.iziade.m$> References: <20150920135350.GB2587@sivokote.iziade.m$> Message-ID: <55FF328F.1030903@m-o-o-t.org> On 20/09/15 14:53, Georgi Guninski wrote: > Found this from a DJB paper: > > http://www.scs.carleton.ca/~paulv/papers/JoC97.pdf > > > Parallel Collision Search with Cryptanalytic Applications > > Paul C. van Oorschot and Michael J. Wiener > > CHECK THE DATE: > > 1996 September 23 Both authors are well-known. Google says the paper was published in the Journal of Cryptology in 1999. > p.1 > > The practical significance of the technique is illustrated by giving the > design for three $10 million custom machines which could be built with > current technology: one finds elliptic curve logarithms in GF(2^155) > thereby defeating a proposed elliptic curve cryptosystem in expected > time 32 days, the second finds MD5 collisions in expected time 21 > days... The present day open ECC dlog record stands at about 114 bits, iirc: that method used ~2014 custom hardware, but not $10 million worth. I'd guess Oorschot and Wiener got something in the numbers wrong. It happens. However the parallel collision search technique they describe is very real, and has been used to effect. At a guess, the ECC dlog record above probably used it, as will most modern collision search algorithms. As DJB quoted them, I'd guess that they invented the technique (though I knew of the technique, I thought Knuth described/invented it). It's one of those things which are obvious in hindsight; but which can be dev'lishly hard to come up with in the first place. -- Peter Fairbrother > > --- > > I know the dollar is not what it used to be, but same applies to > hardware IMHO > > Metadata of the PDF is in the future, suggests windows. > > This is paywalled: > http://link.springer.com/article/10.1007%2FPL00003816 > Journal of Cryptology > > January 1999, Volume 12, Issue 1, pp 1-28 > > From l at odewijk.nl Sun Sep 20 16:04:40 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Mon, 21 Sep 2015 01:04:40 +0200 Subject: =?UTF-8?Q?Re=3A_Would_you_work_if_you_didn=E2=80=99t_have_to=3F?= In-Reply-To: References: Message-ID: 2015-09-18 18:33 GMT+02:00 grarpamp : > Some balancing is needed, so we talk of BI, wealth leveling, > universal healthcare, education, etc. This is natural control, happens > when puppeteers make up 1% of 99% puppeted. As in history, > if left unbalanced too long or deep, the slaves revolt and reboot. > This is one possible outcome -- but this is FAR from a revolt. Just as likely is the outcome where Basic Income cattle is herded into cheap everything arrangements, where they're offered "fun and fulfilling" work for non-market pay. These humans will be entirely economically detached. The overlords will reap their Basic Income, and allow them to live month by month. (note: this already happens, you walk in a Hyundai/Samsung build appartment block, where Lotte runs all the supermarkets, and all the entertainment is provided by CJ, Koreans don't fear big-corps, so they don't hide it, but I think this is probably true in many places of the world) Or, as in the amazing Cloud Atlas, we will create a caste-like society with "producers", "consumers" and perhaps some other groups ("politicians"? "Celebrities"?). We may move from 99% to 99.9% puppets. It's just a way to generalize the population, to silence the masses, to present happiness and freedom to be guaranteed for all. Without alarm the watchers will turn to sleep, and under that dark moon the world will change. Simply put, it solves some problems but not all of them. BI can potentially worsen the situation. I think the immediate gain of guaranteed personal freedoms; freedom from labor, freedom to self-improve, freedom to perform altruism, freedom to perform art, and yes, even freedom to party, are worth a great deal. Yet, it will create a future where nobody is willing to revolt, and the state is in even further reaching control. It also just upsets my minimal-government-preference somewhat. I just don't like the idea of people living off of money I earned. It only makes sense because money is already an abstract and perverted item, and because basic needs will soon drop much further in their cost. (Especially if cheap living becomes a greater priority) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2981 bytes Desc: not available URL: From juan.g71 at gmail.com Sun Sep 20 23:19:45 2015 From: juan.g71 at gmail.com (Juan) Date: Mon, 21 Sep 2015 03:19:45 -0300 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <2260447.vSYqM4TtRI@lapuntu> References: <25310526.RON6rcQ4K1@lapuntu> <55FF6B14.7090202@echeque.com> <2260447.vSYqM4TtRI@lapuntu> Message-ID: <55ffa06e.41031f0a.efb7.ffffb1ac@mx.google.com> On Mon, 21 Sep 2015 05:06:23 +0200 rysiek wrote: > for a moment there I entertained a notion of asking you for some > sources, but then I remembered that both Putin and Obama are actually > reptilian invaders You know rysiek, that kind of comment isn't really in line with your more enlightened comments and observations.... Just saying... from outer space and we're all fucked anyway. > From rysiek at hackerspace.pl Sun Sep 20 20:06:23 2015 From: rysiek at hackerspace.pl (rysiek) Date: Mon, 21 Sep 2015 05:06:23 +0200 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <55FF6B14.7090202@echeque.com> References: <25310526.RON6rcQ4K1@lapuntu> <55FF6B14.7090202@echeque.com> Message-ID: <2260447.vSYqM4TtRI@lapuntu> OHAI, Dnia poniedziałek, 21 września 2015 12:27:32 James A. Donald pisze: > We now know that everyone that McCarthy claimed was a Soviet agent was > in fact on the Soviet payroll. Dnia poniedziałek, 21 września 2015 12:32:09 James A. Donald pisze: > Just as Pussy Riot is on the US payroll for a moment there I entertained a notion of asking you for some sources, but then I remembered that both Putin and Obama are actually reptilian invaders from outer space and we're all fucked anyway. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From guninski at guninski.com Sun Sep 20 22:29:11 2015 From: guninski at guninski.com (Georgi Guninski) Date: Mon, 21 Sep 2015 08:29:11 +0300 Subject: Is this crypto paper real or fake? In-Reply-To: <55FF328F.1030903@m-o-o-t.org> References: <20150920135350.GB2587@sivokote.iziade.m$> <55FF328F.1030903@m-o-o-t.org> Message-ID: <20150921052911.GA2543@sivokote.iziade.m$> On Sun, Sep 20, 2015 at 11:26:23PM +0100, Peter Fairbrother wrote: > On 20/09/15 14:53, Georgi Guninski wrote: > >Found this from a DJB paper: > > > >http://www.scs.carleton.ca/~paulv/papers/JoC97.pdf > > > > > >Parallel Collision Search with Cryptanalytic Applications > > > >Paul C. van Oorschot and Michael J. Wiener > > > >CHECK THE DATE: > > > >1996 September 23 > > Both authors are well-known. > > Google says the paper was published in the Journal of Cryptology in 1999. > >>days... > > > The present day open ECC dlog record stands at about 114 bits, iirc: > that method used ~2014 custom hardware, but not $10 million worth. > Thanks for the answer. So the DLOG records (Wikipedia gives 113 bits [1] as of 2010) break these in libressl/openssl: $ ./inst/libressl-2.2.3/apps/openssl ecparam -list_curves secp112r1 : SECG/WTLS curve over a 112 bit prime field secp112r2 : SECG curve over a 112 bit prime field And these are in quite gray area? secp128r1 : SECG curve over a 128 bit prime field secp128r2 : SECG curve over a 128 bit prime field And what is the computational power of the Bitcoin network (Allegedly they do 2^80 SHA hashes per week) in terms of DSA/ECC operations? AFAIK, for DSA this is just multiplication/squaring modulo prime for rho. [1] https://en.wikipedia.org/w/index.php?title=Discrete_logarithm_records&oldid=663284373#Elliptic_curves > I'd guess Oorschot and Wiener got something in the numbers wrong. It > happens. > > > However the parallel collision search technique they describe is > very real, and has been used to effect. At a guess, the ECC dlog > record above probably used it, as will most modern collision search > algorithms. > > > As DJB quoted them, I'd guess that they invented the technique > (though I knew of the technique, I thought Knuth described/invented > it). > > It's one of those things which are obvious in hindsight; but which > can be dev'lishly hard to come up with in the first place. > > > -- Peter Fairbrother > > From admin at pilobilus.net Mon Sep 21 06:10:07 2015 From: admin at pilobilus.net (Steve Kinney) Date: Mon, 21 Sep 2015 09:10:07 -0400 Subject: Key Compromise Related to Architectural Work Not Cryptome In-Reply-To: <20150921072112.GB6074@sivokote.iziade.m$> References: <20150919084630.GC2589@sivokote.iziade.m$> <20150921072112.GB6074@sivokote.iziade.m$> Message-ID: <560001AF.4090003@pilobilus.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/21/2015 03:21 AM, Georgi Guninski wrote: > Why so many people appear to dislike JYA? I never picked that up, can you give some examples? > Did he did something sufficiently bad? IMO people who know who JYA is generally like him because he does things that are sufficiently bad. > Cryptome appears useful resource for me. Yea verily: One stop shopping for suppressed, leaked, declassified, authentic, forged, original, altered, or any combination of the above documents presenting information, misinformation, disinformation and hybrids thereof contributed by fearless crusaders, lone nuts, agents provocateur, intelligence agents, double agents, triple agents, n-tuple agents who have no idea who or what they are working for, and of course, humor and satire. The above paragrph is offered as evidence that just because someone writes more or less like JYA, it ain't necessarily him. :o) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJWAAGtAAoJEDZ0Gg87KR0LFXkP/RXf/4BJCTvxpfJcYwOIXtbU 6yM4clcpIeO1yPljCy0zHq6iU7IrPC+7nSKHtRfLM8TIkR+jTzkCz13RWj0+2Cwl w4xf5IcLQ6sT02Z2ehTgk1pUIXz6muLl8Udlun2v5OGf8DzYK4AsjH99zTPeKqBC dG42C33f3UvlILhYkj+F2ghpWWuszNrBJxuAUwx6gz29PVRtKIv0cfKJPHttxEdD /W2q+wYxrPr2hiRcskPcozU7BAC+35lS+BqtjsaZUD7QqB2bBONxdbMBWKPLmHa7 31eiMUrWWZ26vHLpE/VeyTESsSDJdnrKw2sUNAaDFjYrtrW5wUEvZw25W1aI0VM6 xDkX9QYGb5r341K66jz0TZ6kADcVWakZHvv0XW1SHQ668DT4qz1PlKARCkqo4Qtx 3j0dwWblQxQNEC0h7rsDl8AtcS8ddNa4/jDTGxyzY6Y2zX2M6ziLR59t9ivLVfgl 6PU3+NvpxQdXFH7Gkuog1K159R9/8HeSw1LYerVN43sU1bsJ1LaBqg9TR41O9XAN E9LspRyNfUB1rTjhRVUqlYfi4GVgHX7/ihiHY0+nZuhB6Z35DSrVuCOZZs1CjxEt wuGZcZUsBHEklw1zOPcz3CCtSQ+r5CaK+uJyLglRfU6gzBjaF7+ZvKkc45zZ/dOt F0PBzm383RNeHDXn+D9l =aJ5G -----END PGP SIGNATURE----- From jdb10987 at yahoo.com Mon Sep 21 02:50:23 2015 From: jdb10987 at yahoo.com (jim bell) Date: Mon, 21 Sep 2015 09:50:23 +0000 (UTC) Subject: Your paper on criminal contracts In-Reply-To: References: Message-ID: <215991081.755732.1442829023096.JavaMail.yahoo@mail.yahoo.com> Your paper: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&cad=rja&uact=8&ved=0CCsQFjACahUKEwiF_b_E7IfIAhWQmIgKHc_tAuY&url=http%3A%2F%2Fwww.arijuels.com%2Fwp-content%2Fuploads%2F2013%2F09%2Fpublic_gyges.pdf&usg=AFQjCNHOBvCYwJ5Aq0CmHTOY53sGdRs5Sw&sig2=L_lh-zCi016f7Y3jbKVKlQ&bvm=bv.103073922,d.cGU Thank you for your reply, Dr. Juels, Once you read my essay, I think you will understand my concern about the motivation for your research, and its potential consequences. Superficially, and certainly to someone unfamiliar with my idea (Assassination Politics essay), I'm sure it sounds useful and indeed beneficial to try to prevent the construction and operation of "criminal contracts". One problem that I see, as a lifetime libertarian, is that "criminal" may mean no more than "what the government wants to ban" rather than an actual victim crime. Worse, governments are powerfully motivated to prevent developments that will someday likely destroy them. I suggest that you study the analyses of Bob Vroman http://www.greenspun.com/bboard/q-and-a-fetch-msg.tcl?msg_id=009ape , http://www.mail-archive.com/cypherpunks-moderated at minder.net/msg02068.html and of Bob Murphy, www.anti-state.com/murphy/murphy17.html (although the Murphy essay might not be available, except as an archive.) as well as by R. Sukumaran   http://www.idsa.in/strategicanalysis/CryptologyDigitalAssassinationandtheTerrorismFuturesMarket_rsukumaran_0404.html. Further, consider https://github.com/isislovecruft/patternsinthevoid/blob/master/content/anarchism/game-theory-anarchism-ii-how-information-can-smash-the-state.md https://c4ss.org/content/1157 series -- anti-state.com https://www.reddit.com/r/Anarcho_Capitalism/comments/2jo578/arguments_for_against_insurrectionist_ancapism/ There is a lot more where this comes from. Keep in mind that when I wrote the AP essay, technologies such as Tor, Bitcoin, and especially Ethereum and Augur simply did not exist. But today they do, or at least they soon will. And that, I consider to be an extremely good thing. So perhaps you will understand that I consider that trying to prevent _all_ "criminal contracts" from being formed is a major, and indeed dangerous mistake. While I do not believe that such an effort can ever succeed, I think it would be best not to try. Jim Bell From: Ari Juels To: jim bell Cc: "runting at gmail.com" ; "akosba at cs.umd.edu" Sent: Wednesday, September 16, 2015 2:32 PM Subject: Re: Your paper on criminal contracts Dear Mr. Bell, Thank you for your original note and follow-up. We’re indeed planning to read your essay and cite it as appropriate in our next paper revision (slated to come out in January). Yours, AJ From guninski at guninski.com Mon Sep 21 00:21:12 2015 From: guninski at guninski.com (Georgi Guninski) Date: Mon, 21 Sep 2015 10:21:12 +0300 Subject: Key Compromise Related to Architectural Work Not Cryptome In-Reply-To: References: <20150919084630.GC2589@sivokote.iziade.m$> Message-ID: <20150921072112.GB6074@sivokote.iziade.m$> On Sun, Sep 20, 2015 at 12:41:26PM -0400, grarpamp wrote: > On Sat, Sep 19, 2015 at 7:50 AM, John Young wrote: > > Nobody sane has ever met JYA, just not possible. But several cpunks > > and USG officials have. But none of those use PGP after learning > > what precludes sanity and is replaced with blind faith in the math when > > crypto is implanted. > > Keysigning party at JYA this Halloween. > Wearage of anti facial apparatus encouraged. Why so many people appear to dislike JYA? Did he did something sufficiently bad? Cryptome appears useful resource for me. From drwho at virtadpt.net Mon Sep 21 11:53:51 2015 From: drwho at virtadpt.net (The Doctor) Date: Mon, 21 Sep 2015 11:53:51 -0700 Subject: Fw: WiFi router networking? In-Reply-To: <55FD3BB6.1090802@pilobilus.net> References: <1811219623.44975.1442305689250.JavaMail.yahoo@mail.yahoo.com> <1750318527.299602.1442337670721.JavaMail.yahoo@mail.yahoo.com> <55FA0458.1070800@pilobilus.net> <20150918102318.efe2be8e97806a806bb39694@virtadpt.net> <55FD3BB6.1090802@pilobilus.net> Message-ID: <20150921115351.0b42e191957488089f2d97b1@virtadpt.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Sat, 19 Sep 2015 06:40:54 -0400 Steve Kinney wrote: > I don't think that's a problem, since consumer grade routers don't > have enough power to require a licensed operator. High gain > antennas may be a gray area here, but since these would be pointed When I was working in this problem space, I was advised to err on the side of caution with regard to high gain antennae due to PEP. > at participating reconfigured routers I don't think that would > raise any eyebrows. I advise being polite. > Yup, needs an ethernet connection for user access. Forwarding a > mesh network router to a conventionally configured WiFi router is > not a problem I have looked at yet, but I believe it should be It's pretty straightforward to do. Just make sure they're on different channels for best efficiency (took me a couple of hours to figure that one out... oops.) - -- The Doctor [412/724/301/703/415] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ On the Internet, nobody knows you're a Perl script. -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJWAFI/AAoJED1np1pUQ8Rk4UAQAILp+OnInw6uuRXSr8JZEbmS 8zgOLyvOLQ5skWFS4n3+HKRHiDirDO/yncbzSzfIgabSYd+2sSpbLN2td4SJjpfW w6otCv1qTREo9LQiSv7xqVyePCt9alAVHRyOiGFSUFwk5ej9QULHuAlHqJebohK1 saPmmx2HMiy6wINoN7BhwRGe/AHtpI0SfY2pS1pQ5YW5fPx7r1cdeDHKQdZrPEHZ WPYn3S3W41+JbZaodGYI3PyoG/UgNL1+cw089A77YO6pvlahlnbLPV2jTJL0UPqk pNORflf0xYP8N84pF3RcenYtzSLywvl5YbCGOatNA8V0aV47bvaWr/CK17pLmHkv 0KbQj9WB/KJUE4UrNw2pjH++wdX59i+EzzyM/f3qm1DOe+MM9933fNfvu2xJBEnz WqzKxpAfyjPohFS0ZbrAsmnkUOmYjmF+hpJyTYZaHKJQGhlEGfyAWLJ3a8Q2bp9P e2/ooAwtjhUsqzXjkFELqeMxYPjHWnK8R+EzvoxA5jUV8Tb/FLFNAacwb5nHlSix ra8+AVoEzx7rNb/l0wZzRLMp4URCqrFv9MJyxqzmXiBwv8u+NqUmN6Pkmwn3LSY2 sLg48v8xV8dJw2zXxrd5bA1bFOTb3vfkHTi/bag+FI35iakzkR9va2jZ0ciocbBT DI0VunuFBJA7tT+Gc713 =iOI/ -----END PGP SIGNATURE----- From peter at m-o-o-t.org Mon Sep 21 03:58:25 2015 From: peter at m-o-o-t.org (Peter Fairbrother) Date: Mon, 21 Sep 2015 11:58:25 +0100 Subject: Is this crypto paper real or fake? In-Reply-To: <20150921052911.GA2543@sivokote.iziade.m$> References: <20150920135350.GB2587@sivokote.iziade.m$> <55FF328F.1030903@m-o-o-t.org> <20150921052911.GA2543@sivokote.iziade.m$> Message-ID: <55FFE2D1.5050308@m-o-o-t.org> On 21/09/15 06:29, Georgi Guninski wrote: > On Sun, Sep 20, 2015 at 11:26:23PM +0100, Peter Fairbrother wrote: >> On 20/09/15 14:53, Georgi Guninski wrote: >>> Found this from a DJB paper: >>> >>> http://www.scs.carleton.ca/~paulv/papers/JoC97.pdf >>> >>> >>> Parallel Collision Search with Cryptanalytic Applications >>> >>> Paul C. van Oorschot and Michael J. Wiener >> >> The present day open ECC dlog record stands at about 114 bits, iirc: >> that method used ~2014 custom hardware, but not $10 million worth. >> > > Thanks for the answer. > > So the DLOG records (Wikipedia gives 113 bits [1] as of 2010) > > break these in libressl/openssl: > > $ ./inst/libressl-2.2.3/apps/openssl ecparam -list_curves > secp112r1 : SECG/WTLS curve over a 112 bit prime field > secp112r2 : SECG curve over a 112 bit prime field Yes. Pwnable. > And these are in quite gray area? > > secp128r1 : SECG curve over a 128 bit prime field > secp128r2 : SECG curve over a 128 bit prime field Yes. Dodgy at best, likely pwnable, either now or soon. Note, from the Wikipedia page, that in 2002 breaking a 109-bit prime curve took nearly two years, using presumably general purpose hardware. By 2015 breaking 113 bit prime curves took 84 days on $15k worth of FPGAs. If specialised hardware chips are developed (and they may well be in the pipeline, or even in use), then following the example of Bitcoin mining, that would become minutes or even seconds. 155 and 160 bit curves would be toast, at $10 million in today's money: and I'd be a little worried about 192-bit curves, especially for long-term security. Plus, you can do a lot of the math for breaking a curve beforehand, once and only once, just from knowing only the curve details: and these results will be useful for all the points/numbers you might later want to find dlogs for on that curve. So the second and subsequent dlogs on the same curve will be a whole lot cheaper than the first dlog/break. Unfortunately, it is impractical to generate a new curve for each transaction; and it is not easy to generate and change curves very often, eg every day. As a rule of thumb, the prime should be double the size of the security parameter - eg for 128-bit security you should have p = 256 bits or so - hence curve25519 (where p=2^255 - 19) etc. For real unbreakable [excepting quantum computers] security I would not recommend anything less than 256-bit prime order fields. In general, the field should be of prime order: extension fields are no longer generally considered secure (but see below). I'm not a big fan of DJB's curve25519. You can do fast math in it - but then so can an attacker. And what if that extra structure, which allows fast computation, also introduces a weakness? Wild speculation some would say, and it is - but that's pretty much what happened with extension fields. the extra structure in the field made some otherwise unimportant attacks easier. I'd prefer a 256-bit prime chosen verifiably at random, with no "special" fast properties, and less exploitable structure. If your hardware can't cope with that, don't expect whatever crypto you do use to be secure. There is a fairly new curve from Microsoft, called FourQ (and FourQ to you too, Microsoft! :) which uses an extension field of p=(2^127 -1)^2, ie 254 bits. I won't go into why here, but like extension fields and curve25517, I don't trust it. Stick to verifiably randomly chosen 256-bit prime field curves. Be safe. Don't be sorry. -- Peter Fairbrother > [1] > https://en.wikipedia.org/w/index.php?title=Discrete_logarithm_records&oldid=663284373#Elliptic_curves From zen at freedbms.net Mon Sep 21 05:05:33 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Mon, 21 Sep 2015 12:05:33 +0000 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <1689255.m283ULcmWO@lapuntu> References: <2260447.vSYqM4TtRI@lapuntu> <55ffa06e.41031f0a.efb7.ffffb1ac@mx.google.com> <1689255.m283ULcmWO@lapuntu> Message-ID: On 9/21/15, rysiek wrote: > Dnia poniedziałek, 21 września 2015 03:19:45 Juan pisze: >> On Mon, 21 Sep 2015 05:06:23 +0200 >> >> rysiek wrote: >> > for a moment there I entertained a notion of asking you for some >> > sources, but then I remembered that both Putin and Obama are actually >> > reptilian invaders >> >> You know rysiek, that kind of comment isn't really in line with >> your more enlightened comments and observations.... >> >> Just saying... > > Did I just get a veiled praise from Juan? Now I'm conflicted! Nah man, close your eyes, take a deep breath and focus now: he destroyed you ad-hominem, totally destroyed you! All better now? :) From jamesd at echeque.com Sun Sep 20 19:27:32 2015 From: jamesd at echeque.com (James A. Donald) Date: Mon, 21 Sep 2015 12:27:32 +1000 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <25310526.RON6rcQ4K1@lapuntu> References: <6619420.kEgClR5EXu@lapuntu> <55FA2E0D.5010306@echeque.com> <25310526.RON6rcQ4K1@lapuntu> Message-ID: <55FF6B14.7090202@echeque.com> James A. Donald pisze: >> The fact that Russia is being subverted by the USA, that the USA is >> attempting to overthrow the Russian government, does make that >> government's efforts to defend itself and its people against foreign >> influence OK. On 2015-09-18 9:04 AM, rysiek wrote: > See, I was juuuuust about to start arguing with you, but then... > >> McCarthy was right to defend the US against Soviet influence, and Putin >> is right to defend Russia against US influence. > ...this happened. Are you saying Putin's crackdown on "foreign agents"[1] is > as reasonable, well-funded and justified as mccarthyism was? Well, can't argue > with that! We now know that everyone that McCarthy claimed was a Soviet agent was in fact on the Soviet payroll. From jamesd at echeque.com Sun Sep 20 19:32:09 2015 From: jamesd at echeque.com (James A. Donald) Date: Mon, 21 Sep 2015 12:32:09 +1000 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <55FF6B14.7090202@echeque.com> References: <6619420.kEgClR5EXu@lapuntu> <55FA2E0D.5010306@echeque.com> <25310526.RON6rcQ4K1@lapuntu> <55FF6B14.7090202@echeque.com> Message-ID: <55FF6C29.2050505@echeque.com> >> ...this happened. Are you saying Putin's crackdown on "foreign >> agents"[1] is >> as reasonable, well-funded and justified as mccarthyism was? Well, >> can't argue >> with that! > We now know that everyone that McCarthy claimed was a Soviet agent was > in fact on the Soviet payroll. Just as Pussy Riot is on the US payroll From rysiek at hackerspace.pl Mon Sep 21 04:14:24 2015 From: rysiek at hackerspace.pl (rysiek) Date: Mon, 21 Sep 2015 13:14:24 +0200 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <55FF7F0D.9000104@echeque.com> References: <2260447.vSYqM4TtRI@lapuntu> <55FF7F0D.9000104@echeque.com> Message-ID: <2044953.aWtXiBlrBy@lapuntu> Dnia poniedziałek, 21 września 2015 13:52:45 James A. Donald pisze: > On 2015-09-21 1:06 PM, rysiek wrote: > > for a moment there I entertained a notion of asking you for some sources, > > but then I remembered that both Putin and Obama are actually reptilian > > invaders from outer space and we're all fucked anyway. > > Does it not strike you as odd that whenever their is a protest in favor > of US domination and the overthrow of a supposedly oppressive regimes, > the protestors are generally carrying signs in English? I don't know, man, when I was protesting against ACTA I was carrying signs in English too. And that was in Poland. This might be related to the idea that once you're protesting, you want international media to pick up the story. Or, maybe this whole anti-ACTA thing was US-inspired and played right into the hands of our reptilian overlords. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Mon Sep 21 04:16:15 2015 From: rysiek at hackerspace.pl (rysiek) Date: Mon, 21 Sep 2015 13:16:15 +0200 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <55ffa06e.41031f0a.efb7.ffffb1ac@mx.google.com> References: <2260447.vSYqM4TtRI@lapuntu> <55ffa06e.41031f0a.efb7.ffffb1ac@mx.google.com> Message-ID: <1689255.m283ULcmWO@lapuntu> Dnia poniedziałek, 21 września 2015 03:19:45 Juan pisze: > On Mon, 21 Sep 2015 05:06:23 +0200 > > rysiek wrote: > > for a moment there I entertained a notion of asking you for some > > sources, but then I remembered that both Putin and Obama are actually > > reptilian invaders > > You know rysiek, that kind of comment isn't really in line with > your more enlightened comments and observations.... > > Just saying... Did I just get a veiled praise from Juan? Now I'm conflicted! -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From jamesd at echeque.com Sun Sep 20 20:45:57 2015 From: jamesd at echeque.com (James A. Donald) Date: Mon, 21 Sep 2015 13:45:57 +1000 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <2260447.vSYqM4TtRI@lapuntu> References: <25310526.RON6rcQ4K1@lapuntu> <55FF6B14.7090202@echeque.com> <2260447.vSYqM4TtRI@lapuntu> Message-ID: <55FF7D75.5020200@echeque.com> On 2015-09-21 1:06 PM, rysiek wrote: > OHAI, > > Dnia poniedziałek, 21 września 2015 12:27:32 James A. Donald pisze: >> We now know that everyone that McCarthy claimed was a Soviet agent was >> in fact on the Soviet payroll. > > Dnia poniedziałek, 21 września 2015 12:32:09 James A. Donald pisze: >> Just as Pussy Riot is on the US payroll > > for a moment there I entertained a notion of asking you for some sources, "Blacklisted by History, The Untold Story of Senator Joseph McCarthy and His Fight Against America's Enemies," Case by case, Evans reveals the unimpeachable evidence that all of the so-called victims of McCarthy's crusade against Communist subversion — every single one of them — really were Communists and agents of a hostile foreign power From jamesd at echeque.com Sun Sep 20 20:52:45 2015 From: jamesd at echeque.com (James A. Donald) Date: Mon, 21 Sep 2015 13:52:45 +1000 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <2260447.vSYqM4TtRI@lapuntu> References: <25310526.RON6rcQ4K1@lapuntu> <55FF6B14.7090202@echeque.com> <2260447.vSYqM4TtRI@lapuntu> Message-ID: <55FF7F0D.9000104@echeque.com> On 2015-09-21 1:06 PM, rysiek wrote: > for a moment there I entertained a notion of asking you for some sources, but > then I remembered that both Putin and Obama are actually reptilian invaders > from outer space and we're all fucked anyway. Does it not strike you as odd that whenever their is a protest in favor of US domination and the overthrow of a supposedly oppressive regimes, the protestors are generally carrying signs in English? Is it not strange that the website of the movement that overthrew the Ukrainian government was written in English in the dialect of the Harvard educated American upper class? At least those supposedly persecuted by McCarthy took the trouble to translate (badly) their Soviet written slogans. From Rayzer at riseup.net Mon Sep 21 13:54:20 2015 From: Rayzer at riseup.net (Razer) Date: Mon, 21 Sep 2015 13:54:20 -0700 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <2260447.vSYqM4TtRI@lapuntu> References: <25310526.RON6rcQ4K1@lapuntu> <55FF6B14.7090202@echeque.com> <2260447.vSYqM4TtRI@lapuntu> Message-ID: <56006E7C.7020508@riseup.net> On 09/20/2015 08:06 PM, rysiek wrote: > Dnia poniedziałek, 21 września 2015 12:32:09 James A. Donald pisze: >> > Just as Pussy Riot is on the US payroll > for a moment there I entertained a notion of asking you for some sources, but > then I remembered that both Putin and Obama are actually reptilian invaders > from outer space and we're all fucked anyway. +1 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: From l at odewijk.nl Mon Sep 21 04:55:19 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Mon, 21 Sep 2015 13:55:19 +0200 Subject: =?UTF-8?Q?Re=3A_Would_you_work_if_you_didn=E2=80=99t_have_to=3F?= In-Reply-To: References: Message-ID: I think I can rephrase to clarify. 2015-09-21 1:04 GMT+02:00 Lodewijk andré de la porte : > We may move from 99% to 99.9% puppets. It's just a way to generalize the > population, to silence the masses, to present happiness and freedom to be > guaranteed for all. Without alarm the watchers will turn to sleep, and > under that dark moon the world will change. > I meant this would practically guarantee everyone the funds to be healthy, choose one's daily activity freely, and for lack of want be happy. That guarantee seems so sufficient that it's as if there will be no more injustice due to power imbalance. As if the injustice done by the wealthy is only because of the existence of the "too poor". I think it will lead to a greater divergence in wealth. I'm not actually sure if that will be a problem, but if wealth remains so direct a means for power, well, it very well could be a problem. (note: democracy is more sensitive to wealth==power due to the effectiveness of funding popular opinion campaigns, advertising, new magazines, popular culture inserts, etc) > I think the immediate gain of guaranteed personal freedoms; freedom from > labor, freedom to self-improve, freedom to perform altruism, freedom to > perform art, and yes, even freedom to party, are worth a great deal. Yet, > it will create a future where nobody is willing to revolt, and the state is > in even further reaching control. > The peace of mind for being guaranteed a minimum of wealth, and the ability to do what you believe is right. Dwarf Fortress is a unique game started by someone support by his brother, and it became the inspiration of Minecraft, which became quite a valuable company. Without years and years of seemingly unprofitable development, that could not have happened, as Dwarf Fortress seems to far out to invest in. I can't even phantom how much better Open Source software would become =) "Don't bite the hand that feeds" will become very applicable to government. I think that's a risk. Sometimes the hand of government needs a bite, just to keep it from fondling too much. I suppose I'm worried popular perception will move in favor of deep government involvement, also as part of improved democratic participation and controls, with aspects of economy and personal life. (ex: why should you own property? If the state owns it and rents it to people, it's much more manageable! We can make sure all buildings are in good order, politely force people to move for new construction, ensure regionally consistent housing, etc) We'll see. I like BI as a generalized welfare program, the culture will be whatever the culture develops into. It could be Star Trek level *amazing*, or it could be Idiocracy level *disappointing*. Hell, it could be both at the same time! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3899 bytes Desc: not available URL: From jamesd at echeque.com Sun Sep 20 21:01:51 2015 From: jamesd at echeque.com (James A. Donald) Date: Mon, 21 Sep 2015 14:01:51 +1000 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <2260447.vSYqM4TtRI@lapuntu> References: <25310526.RON6rcQ4K1@lapuntu> <55FF6B14.7090202@echeque.com> <2260447.vSYqM4TtRI@lapuntu> Message-ID: <55FF812F.1090406@echeque.com> It used to be that whenever Soviet attempts to brutally subjugate some country failed, the left would cry "Evil US imperialism" Now you have actual evil US imperialism happening right in front of your noses, for example Haiti, and the left is in total denial. From jamesd at echeque.com Sun Sep 20 21:05:01 2015 From: jamesd at echeque.com (James A. Donald) Date: Mon, 21 Sep 2015 14:05:01 +1000 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <55FF812F.1090406@echeque.com> References: <25310526.RON6rcQ4K1@lapuntu> <55FF6B14.7090202@echeque.com> <2260447.vSYqM4TtRI@lapuntu> <55FF812F.1090406@echeque.com> Message-ID: <55FF81ED.6090900@echeque.com> On 2015-09-21 2:01 PM, James A. Donald wrote: > It used to be that whenever Soviet attempts to brutally subjugate some > country failed, the left would cry "Evil US imperialism" In a hilarious reversal, US efforts to brutally subjugate Syria go horribly wrong, and the left cries "Evil Russian imperialism" From Rayzer at riseup.net Mon Sep 21 14:05:59 2015 From: Rayzer at riseup.net (Razer) Date: Mon, 21 Sep 2015 14:05:59 -0700 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <55FF812F.1090406@echeque.com> References: <25310526.RON6rcQ4K1@lapuntu> <55FF6B14.7090202@echeque.com> <2260447.vSYqM4TtRI@lapuntu> <55FF812F.1090406@echeque.com> Message-ID: <56007137.2010503@riseup.net> On 09/20/2015 09:01 PM, James A. Donald wrote: > It used to be that whenever Soviet attempts to brutally subjugate some > country failed, the left would cry "Evil US imperialism" > > Now you have actual evil US imperialism happening right in front of > your noses, for example Haiti, and the left is in total denial. > > The Cruise Missile Left is cheering all "humanitarian interventions". All other left-thinking Mericans have been stupidified by TeeVee. I defer to: Amusing Ourselves To Death. Neil Postman. Available at LibCom Anarchist library: https://libcom.org/library/amusing-ourselves-death-public-discourse-age-show-business-neil-postman The last chapter regarding Orwell or Huxley, who was right? clinches it. (personally, much like General Jack Ripper believed water fluoridation sapping the essence of our manhood, I think "Turkeyburger" is an insidious plot to stupefy Mericans with Soma-like L-Tryptophan. Note how the media always plays up the benefit of it in re Beef burgers, and anytime you see the word "Meatxxx" or "Burger minus any reference to beef or 'ham' in food descriptions, at least some significant portion of it is L-Tryptophan bearing Turkey product.) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: From juan.g71 at gmail.com Mon Sep 21 17:07:59 2015 From: juan.g71 at gmail.com (Juan) Date: Mon, 21 Sep 2015 21:07:59 -0300 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <2044953.aWtXiBlrBy@lapuntu> References: <2260447.vSYqM4TtRI@lapuntu> <55FF7F0D.9000104@echeque.com> <2044953.aWtXiBlrBy@lapuntu> Message-ID: <56009ac7.e45c8c0a.63ed.fffff278@mx.google.com> On Mon, 21 Sep 2015 13:14:24 +0200 rysiek wrote: > Dnia poniedziałek, 21 września 2015 13:52:45 James A. Donald pisze: > > On 2015-09-21 1:06 PM, rysiek wrote: > > > for a moment there I entertained a notion of asking you for some > > > sources, but then I remembered that both Putin and Obama are > > > actually reptilian invaders from outer space and we're all fucked > > > anyway. > > > > Does it not strike you as odd that whenever their is a protest in > > favor of US domination and the overthrow of a supposedly oppressive > > regimes, the protestors are generally carrying signs in English? > > I don't know, man, when I was protesting against ACTA I was carrying > signs in English too. And that was in Poland. This might be related > to the idea that once you're protesting, you want international media > to pick up the story. > > Or, maybe this whole anti-ACTA thing was US-inspired and played right > into the hands of our reptilian overlords. > So, your protest against ACTA was legitimate (true). And so it follows that US imperialism doesn't exist and that the US gov't never uses local people to further the interests of the US gov't... From jdb10987 at yahoo.com Mon Sep 21 15:26:52 2015 From: jdb10987 at yahoo.com (jim bell) Date: Mon, 21 Sep 2015 22:26:52 +0000 (UTC) Subject: Fw: Your paper on criminal contracts In-Reply-To: <215991081.755732.1442829023096.JavaMail.yahoo@mail.yahoo.com> References: <215991081.755732.1442829023096.JavaMail.yahoo@mail.yahoo.com> Message-ID: <329273223.1164331.1442874412740.JavaMail.yahoo@mail.yahoo.com> For some reason, my first attempt to upload this didn't seem to 'take'. Jim Bell ----- Forwarded Message ----- From: jim bell To: Ari Juels Cc: "runting at gmail.com" ; "akosba at cs.umd.edu" ; Cpunks List Sent: Monday, September 21, 2015 2:50 AM Subject: Re: Your paper on criminal contracts Your paper: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&cad=rja&uact=8&ved=0CCsQFjACahUKEwiF_b_E7IfIAhWQmIgKHc_tAuY&url=http%3A%2F%2Fwww.arijuels.com%2Fwp-content%2Fuploads%2F2013%2F09%2Fpublic_gyges.pdf&usg=AFQjCNHOBvCYwJ5Aq0CmHTOY53sGdRs5Sw&sig2=L_lh-zCi016f7Y3jbKVKlQ&bvm=bv.103073922,d.cGU Thank you for your reply, Dr. Juels, Once you read my essay, I think you will understand my concern about the motivation for your research, and its potential consequences. Superficially, and certainly to someone unfamiliar with my idea (Assassination Politics essay), I'm sure it sounds useful and indeed beneficial to try to prevent the construction and operation of "criminal contracts". One problem that I see, as a lifetime libertarian, is that "criminal" may mean no more than "what the government wants to ban" rather than an actual victim crime. Worse, governments are powerfully motivated to prevent developments that will someday likely destroy them. I suggest that you study the analyses of Bob Vroman http://www.greenspun.com/bboard/q-and-a-fetch-msg.tcl?msg_id=009ape , http://www.mail-archive.com/cypherpunks-moderated at minder.net/msg02068.html and of Bob Murphy, www.anti-state.com/murphy/murphy17.html (although the Murphy essay might not be available, except as an archive.) as well as by R. Sukumaran   http://www.idsa.in/strategicanalysis/CryptologyDigitalAssassinationandtheTerrorismFuturesMarket_rsukumaran_0404.html. Further, consider https://github.com/isislovecruft/patternsinthevoid/blob/master/content/anarchism/game-theory-anarchism-ii-how-information-can-smash-the-state.md https://c4ss.org/content/1157 series -- anti-state.com https://www.reddit.com/r/Anarcho_Capitalism/comments/2jo578/arguments_for_against_insurrectionist_ancapism/ There is a lot more where this comes from. Keep in mind that when I wrote the AP essay, technologies such as Tor, Bitcoin, and especially Ethereum and Augur simply did not exist. But today they do, or at least they soon will. And that, I consider to be an extremely good thing. So perhaps you will understand that I consider that trying to prevent _all_ "criminal contracts" from being formed is a major, and indeed dangerous mistake. While I do not believe that such an effort can ever succeed, I think it would be best not to try. Jim Bell From: Ari Juels To: jim bell Cc: "runting at gmail.com" ; "akosba at cs.umd.edu" Sent: Wednesday, September 16, 2015 2:32 PM Subject: Re: Your paper on criminal contracts Dear Mr. Bell, Thank you for your original note and follow-up. We’re indeed planning to read your essay and cite it as appropriate in our next paper revision (slated to come out in January). Yours, AJ From odinn.cyberguerrilla at riseup.net Mon Sep 21 21:06:40 2015 From: odinn.cyberguerrilla at riseup.net (odinn) Date: Tue, 22 Sep 2015 04:06:40 +0000 Subject: Would you work if you =?UTF-8?B?ZGlkbuKAmXQgaGF2ZSB0bz8=?= In-Reply-To: References: Message-ID: <5600D3D0.1070906@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I agree with l. Essentially what a true BI would do (implemented broadly across the globe, at least) is to make this society even worse than it already is, with Cloud Atlas being a good analogy. It's interesting that few have paused to consider the potential ramifications of guaranteeing resources for anyone (and I don't think rehashing examples from Alaska and Saudi Arabia are helpful), but haven't hesitated to demand that your resources be taken by and allocated here and there by actors and representatives of dubious quality so that their plans for social and economic control can be implemented. Not to mention that the whole BI enterprise, to the extent that it is reliant upon governments, is backed by coercion and use of force. (To the extent that a BI scheme is non-governmental, and thus not backed by state threat of violence, imprisonment, etc., for failure to comply, it would be less objectionable, but still come with a variety of problems, as there would always be "BI allocators" (e.g. BI policy or BI core developers, whose decisions affect groups or populations) and corporate or autonomous actors whose interests would automatically disregard those of individuals and collectively organized resistance entities (COREs)). I consider that these concerns, which I think l. has properly identified and which I also echo here, apply to http://groupcurrency.org/ and other ideas which are similar in concept. As l. correctly stated, "(BI) will create a future where nobody is willing to revolt, and the state is in even further reaching control." I would propose as a better system than BI would be a truly voluntary system (that does not include BI, but which would allow people to conduct any sort of transactions they like) where people have the opportunity to choose what sort of direction they want their resources to go while also opening the door to helping as many people as possible in the context of their transactions ~ without relying upon statism, violence, or use of force. In the coming days, please see https://bytecoin.org/ where there will soon be some updates relative to this very notion (two use cases of ABIS (http://abis.io) in BCN), to be in the 1.0.8 graphic wallet version, currently scheduled for release on Sep 29 or 30, 2015. (This version may possibly end up coming out a bit later, as date of release is estimated, thus keep your eyes peeled.) - -O Lodewijk andré de la porte: > 2015-09-18 18:33 GMT+02:00 grarpamp : > >> Some balancing is needed, so we talk of BI, wealth leveling, >> universal healthcare, education, etc. This is natural control, >> happens when puppeteers make up 1% of 99% puppeted. As in >> history, if left unbalanced too long or deep, the slaves revolt >> and reboot. >> > > This is one possible outcome -- but this is FAR from a revolt. > > Just as likely is the outcome where Basic Income cattle is herded > into cheap everything arrangements, where they're offered "fun and > fulfilling" work for non-market pay. These humans will be entirely > economically detached. The overlords will reap their Basic Income, > and allow them to live month by month. (note: this already happens, > you walk in a Hyundai/Samsung build appartment block, where Lotte > runs all the supermarkets, and all the entertainment is provided by > CJ, Koreans don't fear big-corps, so they don't hide it, but I > think this is probably true in many places of the world) > > Or, as in the amazing Cloud Atlas, we will create a caste-like > society with "producers", "consumers" and perhaps some other groups > ("politicians"? "Celebrities"?). > > We may move from 99% to 99.9% puppets. It's just a way to > generalize the population, to silence the masses, to present > happiness and freedom to be guaranteed for all. Without alarm the > watchers will turn to sleep, and under that dark moon the world > will change. > > Simply put, it solves some problems but not all of them. BI can > potentially worsen the situation. > > I think the immediate gain of guaranteed personal freedoms; freedom > from labor, freedom to self-improve, freedom to perform altruism, > freedom to perform art, and yes, even freedom to party, are worth a > great deal. Yet, it will create a future where nobody is willing to > revolt, and the state is in even further reaching control. > > It also just upsets my minimal-government-preference somewhat. I > just don't like the idea of people living off of money I earned. It > only makes sense because money is already an abstract and perverted > item, and because basic needs will soon drop much further in their > cost. (Especially if cheap living becomes a greater priority) > - -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJWANPQAAoJEGxwq/inSG8C7kEH/isEUGX5uI+yNGvT+y9KAKIl cm5IQ4JyQD/h50E6NEp5+AzbvE4e3fZHimX6x8FmvX+cO+QIaD/1KiXXscHio0dP e8WmSJb133H1OIM3pYlHT/TrBrPEcoIIthRiVSVQZ287G/QmziLlDJYF4sntZLyQ Ql7VBtcYuoyQpraa2Lo0bHgTbjmhQ5nSs3HjosONkQOfsX6ag2Mtlde91hie1RVP k1vBKrhlJP4b/ZFkh3TRX6ID1JtIDdDjNH8rP3TttUpN2wSSMZkZ/V2buyCwMNZm 5tlkotmdXbt6m003N2X0+xzuCNVc+4WezxBjY61Z7Sb1tWku97xpYaTm0dEusD4= =Tr2s -----END PGP SIGNATURE----- From jamesd at echeque.com Mon Sep 21 15:30:48 2015 From: jamesd at echeque.com (James A. Donald) Date: Tue, 22 Sep 2015 08:30:48 +1000 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <2044953.aWtXiBlrBy@lapuntu> References: <2260447.vSYqM4TtRI@lapuntu> <55FF7F0D.9000104@echeque.com> <2044953.aWtXiBlrBy@lapuntu> Message-ID: <56008518.6000302@echeque.com> >> Does it not strike you as odd that whenever there is a protest in favor >> of US domination and the overthrow of a supposedly oppressive regimes, >> the protestors are generally carrying signs in English? On 2015-09-21 9:14 PM, rysiek wrote: > I don't know, man, when I was protesting against ACTA I was carrying signs in > English too. And that was in Poland. This might be related to the idea that > once you're protesting, you want international media to pick up the story. If you are trying to influence poles and the polish government, why the "international media"? What it actually means is that you are asking the American elite and the New York Times to live up to its professed principles and go easy on Poland - acknowledging that that US is the hegemon. Nothing terribly wrong with this on ACTA, an international treaty. But when you are supposedly revolting against your own government, seeking the overthrow of a supposedly oppressive regime, appealing for US support is treason against your local elites and local people. From jamesd at echeque.com Mon Sep 21 15:43:47 2015 From: jamesd at echeque.com (James A. Donald) Date: Tue, 22 Sep 2015 08:43:47 +1000 Subject: =?UTF-8?Q?Re:_Would_you_work_if_you_didn=e2=80=99t_have_to=3f?= In-Reply-To: References: Message-ID: <56008823.6010400@echeque.com> On 2015-09-21 9:55 PM, Lodewijk andré de la porte wrote: > I meant this would practically guarantee everyone the funds to be > healthy, choose one's daily activity freely, and for lack of want be happy. Poor people are not poor for lack of money. They can win the lottery, and still remain poor. From Rayzer at riseup.net Tue Sep 22 10:16:40 2015 From: Rayzer at riseup.net (Razer) Date: Tue, 22 Sep 2015 10:16:40 -0700 Subject: FCC NPRM seeks to end open SDR In-Reply-To: References: Message-ID: <56018CF8.6010500@riseup.net> It was so much simpler when all I had to do was clip the end of one lousy diode to open my TS-440 up from DC to Daylight... The Alinco 2/440 dual-bander did the same with one zero-ohm resistor removal. On 09/21/2015 01:54 PM, wirelesswarrior at safe-mail.net wrote: > Since the early days of open SDR these devices have been sold as test equipment which does not require onerous type approvals or certifications by the manufacturer or importer. The FCC now seeks to change this > > https://www.federalregister.gov/articles/2015/08/06/2015-18402/equipment-authorization-and-electronic-labeling-for-wireless-devices#h-13 > > and require product features which block software changes after manufacture. This, of course, is the very heart of SDR and its prohibition would be nothing short of effectively banning SDR and any open source experimentation with RF signal processing beyond the theoretic. > > WW -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: From Rayzer at riseup.net Tue Sep 22 10:30:09 2015 From: Rayzer at riseup.net (Razer) Date: Tue, 22 Sep 2015 10:30:09 -0700 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <5469043.2VszmLFXp0@lapuntu> References: <55FF812F.1090406@echeque.com> <56007137.2010503@riseup.net> <5469043.2VszmLFXp0@lapuntu> Message-ID: <56019021.1010202@riseup.net> On 09/22/2015 05:26 AM, rysiek wrote: > They are both fucked up, in many *different* (systemic racism in the US; > systemic homophobia in Russia), and several *similar* ways (oligarchy running > things). And yet they are able to play us, because predominantly we simply > cannot see the bigger picture and cannot seem to understand *anything* more > complicated than the simplified beyond belief "USA BAD RUSSIA GOOD" (or the > other way around) worldview. For so many years now the geopolitical 'grand game' has been "Good Cop/Bad Cop", "Mutt and "Jeff" played on the typically indigenous people-d extractive resources nations (and in other ways against the west's manufacturing satraps) by the US AND Russia. Either you pick one side or the other or we have a war in YOUR country where YOUR people get killed and your society/way of life destroyed. There are no "nice guys". On the other hand I bristle when Syria's ally is accused of warmongering for doing what allies are supposed to do. Come to their defense in the traditional manner against an army of mercenaries that the West claims on one hand to be fighting, and on the other, had a large part in it's creation. Americans just sat idly by with their thumbs up their asses in denial while the State Dept and CIA created AQv2 from the Libyans we hired to sodomize Muammar al-Gadaffi with swords, and if the Russians want to eradicate that threat to Syria and the region, have at it. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: From me at brendafernandez.com Tue Sep 22 09:19:25 2015 From: me at brendafernandez.com (=?UTF-8?Q?Brenda_Fern=C3=A1ndez?=) Date: Tue, 22 Sep 2015 13:19:25 -0300 Subject: Subject: Re: Bitnation system. Looks interesting. In-Reply-To: <9F88CEB5-0C6D-4443-BE62-1731BFEC1F7E@gmail.com> References: <9F88CEB5-0C6D-4443-BE62-1731BFEC1F7E@gmail.com> Message-ID: This Bitnation think looks like a shiny turd. And has been going on for a while. The few things they actually do are not new in idea nor implementation. The rest is either crap (like 'we offer visa prepaid cards nao') or marketing smoke. The real bitcoin happens on #bitcoin-assets, not in these peripheral scampanies. Scammers will tell you that the blockchain will suck you off and resolve your decentralized disputes in the shiny cloud of the internet of things, or any such nonsense shit, if they expect to get money/attention/press for it. On Thu, Sep 10, 2015 at 4:19 AM, wrote: > It seems like there's a confusion between contracts and cryotocontracts? > > > On 10 Sep 2015, at 7:19 am, cypherpunks-request at cpunks.org wrote: > > > > Send cypherpunks mailing list submissions to > > cypherpunks at cpunks.org > > > > To subscribe or unsubscribe via the World Wide Web, visit > > https://cpunks.org/mailman/listinfo/cypherpunks > > or, via email, send a message with subject or body 'help' to > > cypherpunks-request at cpunks.org > > > > You can reach the person managing the list at > > cypherpunks-owner at cpunks.org > > > > When replying, please edit your Subject line so it is more specific > > than "Re: Contents of cypherpunks digest..." > > > > > > Today's Topics: > > > > 1. Re: Bitnation system. Looks interesting. > > (Lodewijk andré de la porte) > > 2. Re: Bitnation system. Looks interesting. (Bryan Bishop) > > 3. Re: Bitnation system. Looks interesting. (Martin Becze) > > 4. Repbin release v0.0.2 (ryan.pear at ownbay.net) > > 5. Re: Repbin release v0.0.2 (jim bell) > > 6. Re: How Putin Controls the Internet and Popular Opinion in > > Russia (rysiek) > > 7. Re: How Putin Controls the Internet and Popular Opinion in > > Russia (Juan) > > 8. Re: Repbin release v0.0.2 (rysiek) > > 9. Hostages for Sale on Telegram (Rich Jones) > > 10. Re: Hostages for Sale on Telegram (Ben Mezger) > > 11. John McAfee Runs For US President In 2016 Under Cyber Party > > (grarpamp) > > 12. Re: Hostages for Sale on Telegram (grarpamp) > > > > > > ---------------------------------------------------------------------- > > > > Message: 1 > > Date: Wed, 9 Sep 2015 18:30:53 +0200 > > From: Lodewijk andré de la porte > > To: Mirimir > > Cc: "cypherpunks at cpunks.org" > > Subject: Re: Bitnation system. Looks interesting. > > Message-ID: > > > > Content-Type: text/plain; charset="utf-8" > > > > It's documentation is overly verbose, speculative, assuming and unclear. > > > > I love the idea of providing services that the government usually tends > to. > Everyone loves ideas that Bitnation put their brand on. > > > > I somewhat know what marriage before God means. I somewhat know what > > marriage before the State means. I have no idea what marriage before the > > Blockchain means. Probably no more than lovers' tree-carvings. > Exactly. Proof-of-existence. I don't understand what it has to do with > Bitnation brand. Someone just wants to look cool. What exactly Bitnationare > building? > > > > Relationship to reality is the hardest part - it's also where things like > > enforcement starts turning it's ugly head. > > > > I'd argue marriage before state is an artifact of the marriage between > > church and state. Relationships, commitments, etc, these would be better > > explained in contract. > Yes. Obligations can be explained. Still people go to courts and dispute > contracts. These are text. > > Contracts can go onto a blockchain. > Contracts which go on the blockchain have nothing to do with legal > contracts. Parts of the text (legal) contracts can be hooked to a smart > contract I guess. > I guess if a married couple has a dispute over digital property or btc in > a wallet, let's say a script can manage it, but how the script (smart > contract) will know who in this particular dispute did what. Even with no > details and subtleties involved. > > Generic. Neat. > > Unpretentious. > > > > Bitnation is fascinating, thought provoking, but it seems somewhat off. > Ideas are nice. They're not necessarily coming from Bitnation. Proof of > existence, or Blockchain ID for example were existing ideas which had > functioning prototypes. They just don't make it sound grandiose. > > Bitnation has a claim to be a software project and afaik has a presale of > a currency - either premined or non existent - I don't remember. I'm fine > with that type of crowdfunding if there is some sort of product or a > service behind it or an attempt to build it. I don't think that > contemporary art project should pretend to be a software project or pretend > that it can realistically offer serious services or replace existing ones. > It's cool as a concept project. > > > > -------------- next part -------------- > > An HTML attachment was scrubbed... > > URL: < > http://cpunks.org/pipermail/cypherpunks/attachments/20150909/682e7822/attachment-0001.html > > > > > > ------------------------------ > > > > Message: 2 > > Date: Wed, 9 Sep 2015 11:39:51 -0500 > > From: Bryan Bishop > > To: Lodewijk andré de la porte , Bryan Bishop > > > > Cc: "cypherpunks at cpunks.org" > > Subject: Re: Bitnation system. Looks interesting. > > Message-ID: > > > > Content-Type: text/plain; charset="utf-8" > > > > On Wed, Sep 9, 2015 at 11:30 AM, Lodewijk andré de la porte < > l at odewijk.nl> > > wrote: > > > >> Bitnation is fascinating, thought provoking, but it seems somewhat off. > > > > > > > http://cointelegraph.com/news/112725/bitnation-core-dev-team-resigns-speaks-out-before-crowdsale > > > > - Bryan > > http://heybryan.org/ > > 1 512 203 0507 > > -------------- next part -------------- > > An HTML attachment was scrubbed... > > URL: < > http://cpunks.org/pipermail/cypherpunks/attachments/20150909/836193cd/attachment-0001.html > > > > > > ------------------------------ > > > > Message: 3 > > Date: Wed, 9 Sep 2015 16:41:56 +0000 > > From: Martin Becze > > To: Lodewijk andré de la porte > > Cc: "cypherpunks at cpunks.org" > > Subject: Re: Bitnation system. Looks interesting. > > Message-ID: > > > > Content-Type: text/plain; charset="utf-8" > > > >> somewhat off > > Yeah the founder went/is crazy, there is no technical work done and all > of > > the developers that were working on the project quite. > > > > On Wed, Sep 9, 2015 at 4:30 PM, Lodewijk andré de la porte > > > wrote: > > > >> It's documentation is overly verbose, speculative, assuming and unclear. > >> > >> I love the idea of providing services that the government usually tends > >> to. > >> > >> I somewhat know what marriage before God means. I somewhat know what > >> marriage before the State means. I have no idea what marriage before the > >> Blockchain means. Probably no more than lovers' tree-carvings. > >> > >> Relationship to reality is the hardest part - it's also where things > like > >> enforcement starts turning it's ugly head. > >> > >> I'd argue marriage before state is an artifact of the marriage between > >> church and state. Relationships, commitments, etc, these would be better > >> explained in contract. Contracts can go onto a blockchain. Generic. > Neat. > >> Unpretentious. > >> > >> Bitnation is fascinating, thought provoking, but it seems somewhat off. > > -------------- next part -------------- > > An HTML attachment was scrubbed... > > URL: < > http://cpunks.org/pipermail/cypherpunks/attachments/20150909/61c2be57/attachment-0001.html > > > > > > ------------------------------ > > > > Message: 4 > > Date: Wed, 09 Sep 2015 20:53:35 +0000 > > From: ryan.pear at ownbay.net > > To: cypherpunks at cpunks.org > > Subject: Repbin release v0.0.2 > > Message-ID: > > Content-Type: text/plain; charset=US-ASCII; format=flowed > > > > We're happy to announce the release v0.0.2 of Repbin: > > The replicated, encrypted, distributed and anonymized pastebin. > > > > Changes include: Better terminal usability, sqlite/mysql backend, > > binaries! > > > > Check here for release source code and client binaries: > > https://github.com/repbin/repbin/releases/tag/v0.0.2 > > > > About Repbin: > > Repbin is an encrypted pastebin for the command line that runs over Tor! > > Repbin servers form a distributed network where nodes sync posts with > > each other (like in Usenet or BBS/Fido systems). This makes Repbin > > resilient and scalable. Repbin focuses on privacy (encrypted messages) > > and anonymity (padding and repost chains). To limit spam and > > denial-of-service attacks, Repbin uses the Hashcash proof-of-work > > algorithm which is widely known from Bitcoin mining. > > > > Learn more about Repbin here: > > https://github.com/repbin/repbin/blob/master/README.md > > > > > > > > ------------------------------ > > > > Message: 5 > > Date: Wed, 9 Sep 2015 21:48:56 +0000 (UTC) > > From: jim bell > > To: "ryan.pear at ownbay.net" , > > "cypherpunks at cpunks.org" > > Subject: Re: Repbin release v0.0.2 > > Message-ID: > > <1726332927.1564988.1441835336954.JavaMail.yahoo at mail.yahoo.com> > > Content-Type: text/plain; charset="utf-8" > > > >> About Repbin: > >> Repbin is an encrypted pastebin for the command line that runs over Tor! > >> Repbin servers form a distributed network where nodes sync posts with > >> each other (like in Usenet or BBS/Fido systems). This makes Repbin > >> resilient and scalable. Repbin focuses on privacy (encrypted messages) > >> and anonymity (padding and repost chains). To limit spam and > >> denial-of-service attacks, Repbin uses the Hashcash proof-of-work > >> algorithm which is widely known from Bitcoin mining. > >> Learn more about Repbin here: > >> https://github.com/repbin/repbin/blob/master/README.md > > Has anybody ever considered the idea of doing otherwise-useful CPU work > with the power currently expended by computing hashes in Bitcoin mining? > The most obvious application would be weather forecasting: It could use a > huge amount of computation, on a continuously ongoing basis, and is > valuable to every nation on earth. Whether it can be lasso'ed into a > bitcoin-mining engine, I don't know. Jim Bell > > > > > > > > > > -------------- next part -------------- > > An HTML attachment was scrubbed... > > URL: < > http://cpunks.org/pipermail/cypherpunks/attachments/20150909/17934d83/attachment-0001.html > > > > > > ------------------------------ > > > > Message: 6 > > Date: Thu, 10 Sep 2015 00:52:47 +0200 > > From: rysiek > > To: cypherpunks at cpunks.org > > Subject: Re: How Putin Controls the Internet and Popular Opinion in > > Russia > > Message-ID: <6619420.kEgClR5EXu at lapuntu> > > Content-Type: text/plain; charset="utf-8" > > > > Dnia środa, 9 września 2015 08:21:36 John Young pisze: > >> This from the journalists who check with USG before publishing Snowden > >> documents as Snowden allegedly requires "to avoid harm to the US." > >> > >> Fingerpointing at Putin is obligatory for those working the Broadcasting > >> Board of Governors propaganda beat. > > > > The fact that A is evil, and A is B's adversary, doesn't automagically > make B > > not evil. > > > > The fact that there's a lot wrong with US of A, and USA and Russia don't > > really cooperate well, does not make what's happening in Russia magically > > okay. > > > > Why there's so many people defending Russian system just because > USA-Russia > > relations are not superfriendly is beyond me. > > > > -- > > Pozdrawiam, > > Michał "rysiek" Woźniak > > > > Zmieniam klucz GPG :: http://rys.io/pl/147 > > GPG Key Transition :: http://rys.io/en/147 > > -------------- next part -------------- > > A non-text attachment was scrubbed... > > Name: signature.asc > > Type: application/pgp-signature > > Size: 931 bytes > > Desc: This is a digitally signed message part. > > URL: < > http://cpunks.org/pipermail/cypherpunks/attachments/20150910/b0d5c13e/attachment-0001.sig > > > > > > ------------------------------ > > > > Message: 7 > > Date: Wed, 9 Sep 2015 20:02:34 -0300 > > From: Juan > > To: cypherpunks at cpunks.org > > Subject: Re: How Putin Controls the Internet and Popular Opinion in > > Russia > > Message-ID: <55f0b996.6a15370a.19c54.ffff9df5 at mx.google.com> > > Content-Type: text/plain; charset=utf-8 > > > > On Thu, 10 Sep 2015 00:52:47 +0200 > > rysiek wrote: > > > >> Dnia środa, 9 września 2015 08:21:36 John Young pisze: > >>> This from the journalists who check with USG before publishing > >>> Snowden documents as Snowden allegedly requires "to avoid harm to > >>> the US." > >>> > >>> Fingerpointing at Putin is obligatory for those working the > >>> Broadcasting Board of Governors propaganda beat. > >> > >> The fact that A is evil, and A is B's adversary, doesn't > >> automagically make B not evil. > > > > > > Kindly point out where JY said the russian government was not > > evil. > > > >> > >> The fact that there's a lot wrong with US of A, and USA and Russia > >> don't really cooperate well, does not make what's happening in Russia > >> magically okay. > > > > > > Kindly point out where JY said that what's happening in russia > > (whatever that is) is okay. > > > > > > On the other hand rysiek given your laughable & constant > > defense of the pentagon-funded tor-cunts, you are not really in > > a position to be pointing too many fingers. > > > >> > >> Why there's so many people defending Russian system just because > >> USA-Russia relations are not superfriendly is beyond me. > > > > ... > > > > > > > > > > > > > > > > ------------------------------ > > > > Message: 8 > > Date: Thu, 10 Sep 2015 00:47:31 +0200 > > From: rysiek > > To: cypherpunks at cpunks.org > > Subject: Re: Repbin release v0.0.2 > > Message-ID: <6193628.0yFTp10ebS at lapuntu> > > Content-Type: text/plain; charset="utf-8" > > > > Dnia środa, 9 września 2015 21:48:56 jim bell pisze: > >>> About Repbin: > >>> Repbin is an encrypted pastebin for the command line that runs over > Tor! > >>> Repbin servers form a distributed network where nodes sync posts with > >>> each other (like in Usenet or BBS/Fido systems). This makes Repbin > >>> resilient and scalable. Repbin focuses on privacy (encrypted messages) > >>> and anonymity (padding and repost chains). To limit spam and > >>> denial-of-service attacks, Repbin uses the Hashcash proof-of-work > >>> algorithm which is widely known from Bitcoin mining. > >>> Learn more about Repbin here: > >>> https://github.com/repbin/repbin/blob/master/README.md > >> > >> Has anybody ever considered the idea of doing otherwise-useful CPU work > with > >> the power currently expended by computing hashes in Bitcoin mining? > > > > My dream would be a distributed github replacement (a'la gitchain) where > > proof-of-work is somehow related to compilation, running tests, or > somesuch. > > > >> The most obvious application would be weather forecasting: It could > use a > >> huge amount of computation, on a continuously ongoing basis, and is > valuable > >> to every nation on earth. Whether it can be lasso'ed into a > bitcoin-mining > >> engine, I don't know. > > > > Probably not -- the "thing" mined has to be easily verifiable by other > nodes. > > How does one verify a weather forecast in such a setting? ;) > > > > -- > > Pozdrawiam, > > Michał "rysiek" Woźniak > > > > Zmieniam klucz GPG :: http://rys.io/pl/147 > > GPG Key Transition :: http://rys.io/en/147 > > -------------- next part -------------- > > A non-text attachment was scrubbed... > > Name: signature.asc > > Type: application/pgp-signature > > Size: 931 bytes > > Desc: This is a digitally signed message part. > > URL: < > http://cpunks.org/pipermail/cypherpunks/attachments/20150910/f4768077/attachment-0001.sig > > > > > > ------------------------------ > > > > Message: 9 > > Date: Wed, 9 Sep 2015 18:08:09 -0700 > > From: Rich Jones > > To: "cypherpunks at cpunks.org" > > Subject: Hostages for Sale on Telegram > > Message-ID: > > > > Content-Type: text/plain; charset="utf-8" > > > > More for the ISIS-loves-"Secure"-Messaging-Apps folder: > > > > "Dabiq 11 released by terror group ISIS. At the end it notes 2 new > foreign > > hostages; 1 Chinese and other Norweigan." > > > > https://twitter.com/DrPartizan_/status/641671841380179968 > > > > Click through for pictures and Telegram number. > > > > R > > -------------- next part -------------- > > An HTML attachment was scrubbed... > > URL: < > http://cpunks.org/pipermail/cypherpunks/attachments/20150909/b3bf6a0f/attachment-0001.html > > > > > > ------------------------------ > > > > Message: 10 > > Date: Wed, 09 Sep 2015 22:25:29 -0300 > > From: Ben Mezger > > To: miserlou at gmail.com > > Cc: "cypherpunks at cpunks.org" > > Subject: Re: Hostages for Sale on Telegram > > Message-ID: > > Content-Type: text/plain; charset="utf-8" > > > > Hmm, > > > > "Excuse me @telegram but ISIS are using YOUR network/application to sell > > hostage. Please find more info. on that number!!" > > > > Well, I would agree with that, but that would probably break Telegram's > > policy of "privacy", no? > > > > Rich Jones writes: > > > >> More for the ISIS-loves-"Secure"-Messaging-Apps folder: > >> > >> "Dabiq 11 released by terror group ISIS. At the end it notes 2 new > foreign > >> hostages; 1 Chinese and other Norweigan." > >> > >> https://twitter.com/DrPartizan_/status/641671841380179968 > >> > >> Click through for pictures and Telegram number. > >> > >> R > > > > -- > > Sent with my mu4e > > -------------- next part -------------- > > A non-text attachment was scrubbed... > > Name: signature.asc > > Type: application/pgp-signature > > Size: 800 bytes > > Desc: not available > > URL: < > http://cpunks.org/pipermail/cypherpunks/attachments/20150909/74c2a9a7/attachment-0001.sig > > > > > > ------------------------------ > > > > Message: 11 > > Date: Thu, 10 Sep 2015 00:16:48 -0400 > > From: grarpamp > > To: cypherpunks at cpunks.org > > Subject: John McAfee Runs For US President In 2016 Under Cyber Party > > Message-ID: > > > > Content-Type: text/plain; charset=UTF-8 > > > > https://mcafee16.com/ > > http://cyberparty.org/ > > https://en.wikipedia.org/wiki/John_McAfee > > http://www.whoismcafee.com/ > > http://www.futuretensecentral.com/ > > https://twitter.com/officialmcafee > > https://twitter.com/JohnMcAfeeStory > > http://johnmcafeestory.com/ > > > > > > ------------------------------ > > > > Message: 12 > > Date: Thu, 10 Sep 2015 01:18:50 -0400 > > From: grarpamp > > To: "cypherpunks at cpunks.org" > > Subject: Re: Hostages for Sale on Telegram > > Message-ID: > > > > Content-Type: text/plain; charset=UTF-8 > > > >> On Wed, Sep 9, 2015 at 9:08 PM, Rich Jones wrote: > >> More for the ISIS-loves-"Secure"-Messaging-Apps folder: > > > > https://www.youtube.com/watch?v=FmBNVMk_AGs > > https://en.wikipedia.org/wiki/Telegram_(software) > > https://en.wikipedia.org/wiki/Surespot > > https://en.wikipedia.org/wiki/Wickr > > > https://antipolygraph.org/blog/2015/06/07/developers-silence-raises-concern-about-surespot-encrypted-messenger/ > > > > https://twitter.com/cybercaliphate > > https://twitter.com/search?q=cybercaliphate > > https://twitter.com/search?q=cyphercaliphate > > > > https://pbs.twimg.com/media/COOxuq-WIAAG8pQ.jpg > > https://www.google.com/search?tbm=isch&q=cyber+caliphate > > > > > http://www.dailytech.com/Anonymous+vs+the+ISIS+Cyber+Caliphate++War+in+the+Middle+East+Goes+Digital/article37154.htm > > > http://www.nydailynews.com/news/national/isis-hacker-group-cyber-caliphate-hacks-article-1.2067634 > > > https://news.vice.com/article/the-islamic-states-top-hacker-was-killed-in-a-us-drone-strike > > https://en.wikipedia.org/wiki/Junaid_Hussain > > https://www.youtube.com/user/TeaMp0ison/videos > > > http://homeland.house.gov/sites/homeland.house.gov/files/documents/06-03-15-McCaul-Open.pdf > > https://twitter.com/p_vanostaeyen/status/639165071072038913 > > https://pbs.twimg.com/media/CN7FPdKXAAEucGl.jpg > > https://twitter.com/lorenzoFB/status/638818414958477312 > > > https://www.washingtonpost.com/world/national-security/us-launches-secret-drone-campaign-to-hunt-islamic-state-leaders-in-syria/2015/09/01/723b3e04-5033-11e5-933e-7d06c647a395_story.html > > > > > >> https://twitter.com/DrPartizan_/status/641671841380179968 > >> Click through for pictures and Telegram number. > > > > https://pbs.twimg.com/media/COetId6WwAAmKzB.jpg > > https://pbs.twimg.com/media/COetId6WIAAJGAg.jpg > > +9647705648252 > > > > > > ------------------------------ > > > > Subject: Digest Footer > > > > _______________________________________________ > > cypherpunks mailing list > > cypherpunks at cpunks.org > > https://cpunks.org/mailman/listinfo/cypherpunks > > > > > > ------------------------------ > > > > End of cypherpunks Digest, Vol 27, Issue 14 > > ******************************************* > > -- Brenda Fernández me at brendafernandez.com GPG: CE5BEE6C81FCA4D4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 34462 bytes Desc: not available URL: From me at brendafernandez.com Tue Sep 22 09:27:23 2015 From: me at brendafernandez.com (=?UTF-8?Q?Brenda_Fern=C3=A1ndez?=) Date: Tue, 22 Sep 2015 13:27:23 -0300 Subject: Bitnation system. Looks interesting. In-Reply-To: References: <1436476633.3579869.1441778432229.JavaMail.yahoo@mail.yahoo.com> <55EFD349.3060704@riseup.net> Message-ID: wut? you didn't expect us to actually do anything, did you? (: Crowdfunding + marketing smoke was the whole business plan. The only actual people involved left back in 2014 when it became clear the ship wasn't going anywhere because said ship didn't even exist in the first place. The founder's hotness is their only asset. On Wed, Sep 9, 2015 at 1:41 PM, Martin Becze wrote: > >somewhat off > Yeah the founder went/is crazy, there is no technical work done and all of > the developers that were working on the project quite. > > On Wed, Sep 9, 2015 at 4:30 PM, Lodewijk andré de la porte > wrote: > >> It's documentation is overly verbose, speculative, assuming and unclear. >> >> I love the idea of providing services that the government usually tends >> to. >> >> I somewhat know what marriage before God means. I somewhat know what >> marriage before the State means. I have no idea what marriage before the >> Blockchain means. Probably no more than lovers' tree-carvings. >> >> Relationship to reality is the hardest part - it's also where things like >> enforcement starts turning it's ugly head. >> >> I'd argue marriage before state is an artifact of the marriage between >> church and state. Relationships, commitments, etc, these would be better >> explained in contract. Contracts can go onto a blockchain. Generic. Neat. >> Unpretentious. >> >> Bitnation is fascinating, thought provoking, but it seems somewhat off. >> > > -- Brenda Fernández me at brendafernandez.com GPG: CE5BEE6C81FCA4D4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2977 bytes Desc: not available URL: From me at brendafernandez.com Tue Sep 22 09:35:14 2015 From: me at brendafernandez.com (=?UTF-8?Q?Brenda_Fern=C3=A1ndez?=) Date: Tue, 22 Sep 2015 13:35:14 -0300 Subject: M.Hearn adds privacy depriority to Bitcoin XT, calls your Tor/Proxy/etc use "unimportant" In-Reply-To: References: Message-ID: Because the XT stands for nsa-eXTensions. No really, Hearn is a joke, has been consistently working to weaken bitcoin since 2013. In any case nobody gives a dime about XT: https://bitbet.us/bet/1191/the-hearn-gavin-scamcoin-will-fizzle-in-2016/ But they are still trying to push the hardfork and other assorted shit in BIP100/BIP101 etc. On Tue, Aug 18, 2015 at 11:07 PM, grarpamp wrote: > > http://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-August/010379.html > > https://github.com/bitcoinxt/bitcoinxt/commit/73c9efe74c5cc8faea9c2b2c785a2f5b68aa4c23 > > Bitcoin XT contains an unmentioned addition which periodically downloads > lists of Tor IP addresses for blacklisting, this has considerable privacy > implications for hapless users which are being prompted to use the > software. The feature is not clearly described, is enabled by default, > and has a switch name which intentionally downplays what it is doing > (disableipprio). Furthermore these claimed anti-DoS measures are > trivially bypassed and so offer absolutely no protection whatsoever. > ... > -- Brenda Fernández me at brendafernandez.com GPG: CE5BEE6C81FCA4D4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2206 bytes Desc: not available URL: From guninski at guninski.com Tue Sep 22 03:39:43 2015 From: guninski at guninski.com (Georgi Guninski) Date: Tue, 22 Sep 2015 13:39:43 +0300 Subject: Is this crypto paper real or fake? In-Reply-To: <56006024.50903@librelamp.com> References: <20150920135350.GB2587@sivokote.iziade.m$> <55FF328F.1030903@m-o-o-t.org> <20150921052911.GA2543@sivokote.iziade.m$> <55FFE2D1.5050308@m-o-o-t.org> <56006024.50903@librelamp.com> Message-ID: <20150922103943.GA2691@sivokote.iziade.m$> On Mon, Sep 21, 2015 at 12:53:08PM -0700, Alice Wonder wrote: > > > On 09/21/2015 03:58 AM, Peter Fairbrother wrote: > >>secp112r1 : SECG/WTLS curve over a 112 bit prime field > >>secp112r2 : SECG curve over a 112 bit prime field > > > >Yes. Pwnable. > > > > I did not ask the question but thank you for your answer. I was a > math major back in the early 90s but never really went that way > career wise, but with the weak DH parameter revelations this topic > has suddenly become a lot more interesting to me, and clearly I have > a lot to learn. It is nice to see answers like yours that I can at > least somewhat comprehend without hours of research. > > And I think that is part of the problem, while all programming > involves some math, most of us do not have good enough of a grasp of > cryptography to understand when we are doing something that can be > broken or circumvented. (CC'ing cypherpunks at cpunks.org for trolling reasons). Your argument raises the question about the soundness of the so called ``theory of many eyes''. libressl/openssl ship elliptic curves of low quality, and they can be detected by man documented command. The low quality of the curves can be checked by going to wikipedia's page about ECC dlog records. AFAICT they probably implemented backdoored RFC (don't know if they knew it is backdoored). This raises the question about more obscure features buried in, say, obscure macros, misleading comments, etc. No math knowledge required, but the low quality curves are weaker that the backdoored DSA via generic dlog attack, unless DSA allows much faster dlog in the small subgroup by exploiting the sub-exponential attack of dlog modulo $p$ (or some other attack). From me at brendafernandez.com Tue Sep 22 09:43:12 2015 From: me at brendafernandez.com (=?UTF-8?Q?Brenda_Fern=C3=A1ndez?=) Date: Tue, 22 Sep 2015 13:43:12 -0300 Subject: Old-style encryption In-Reply-To: <708199893.371667.1438623176165.JavaMail.yahoo@mail.yahoo.com> References: <708199893.371667.1438623176165.JavaMail.yahoo@mail.yahoo.com> Message-ID: This is hilarious, the illiterate developing their own cryptosystems and getting pwned. Not being stupid doesn't mean one has to 'know everything'*, it's knowing what you can and what you can't do. And yes, its a requirement. Even for criminal endeavors. * ignorance is fine, as long as one is aware of it. On Mon, Aug 3, 2015 at 2:32 PM, jim bell wrote: > > > > http://news.yahoo.com/italy-cracks-mafia-sheep-code-arrest-godfathers-henchmen-111947663.html > > Italy cracks Mafia sheep code to arrest Godfather's henchmen > > By Ella Ide 1 hour ago > > Rome (AFP) - Italian police on Monday arrested 11 suspects linked to the > fugitive head of the Sicilian Mafia, including a former boss who ran a > secret message system for the mobster using a sheep-based code. > Matteo Messina Denaro, 53, who has been on the run since 1993, used a farm > in Mazara del Vallo to communicate with his henchmen via the aged-old > method of "pizzini", bits of paper containing messages often written in > cipher, police said. > Among those arrested was former boss Vito Gondola, 77, whose job it was to > call the clan members to alert them to each new message, which was placed > under a rock in a field at the farm and often destroyed on the spot after > reading. > "I've put the ricotta cheese aside for you, will you come by later?" he > would say on the telephone -- a phrase investigators said had nothing to do > with dairy products. > "The sheep need shearing... the shears need sharpening" and "the hay is > ready", were among other code phrases used to alert the gang to a new > message, written on tightly folded bits of paper wrapped in Sellotape and > then hidden in the dirt. > The police investigation, which followed the passing of messages between > 2011 and 2014, used hidden cameras and microphones around the farm near > Trapani in western Sicily to follow the movements of the clan -- and > discover Denaro's fading glory. > View gallery > > Gondola is caught in one conversation telling another mobster that Denaro > -- once a trigger man who reportedly boasted he could "fill a cemetery" > with his victims -- was losing control over the latest generation of > criminals, who "disappear without saying anything". > - 'State win, Mafia loses' - > Three of those arrested were over 70 years old. > The only known photos of Denaro date back to the early 1990s. He is > believed to be the successor of the godfathers Toto Riina and Bernardo > Provenzano, who are both serving life sentences, but less is known about > him. > At the height of his power he had a reputation as a flashy, ruthless > womaniser who ruled over at least 900 men with an iron fist. > View gallery > > The 11 suspects arrested "were the men who were closest to Denaro right > now," said police official Renato Cortese, adding that it was "too early to > say" whether the sting would help investigators close in on the fugitive. > Prime Minister Matteo Renzi thanked the investigators in a message on his > Facebook page, saying onwards all, to finally capture the super-fugitive > boss," insisting "Italy is united against organised crime" despite a recent > slew of corruption scandals in the country. > "The state wins, the Mafia loses," Interior Minister Angelino Alfano said > on Twitter. > Gondola, who despite his age rose every morning at 4 am to tend to his > flock, is believed to have once been a right-hand man to Riina. In the > 1970s he belonged to a gang used by the Mafia to carry out kidnappings, > according to Italian media reports. > The Sicilian Mafia, known as "Cosa Nostra" or "Our Thing", was the > country's most powerful organised crime syndicate in the 1980s and 1990s, > but has seen its power diminish following years of investigations and mass > arrests. > It also faces fierce underworld competition from the increasingly powerful > Naples-based Camorra and Calabria's 'Ndrangheta. > -- Brenda Fernández me at brendafernandez.com GPG: CE5BEE6C81FCA4D4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4938 bytes Desc: not available URL: From me at brendafernandez.com Tue Sep 22 09:50:50 2015 From: me at brendafernandez.com (=?UTF-8?Q?Brenda_Fern=C3=A1ndez?=) Date: Tue, 22 Sep 2015 13:50:50 -0300 Subject: Bitcoin exchanges. In-Reply-To: <55A64AB4.2080902@riseup.net> References: <55A637F3.2020401@riseup.net> <55A64AB4.2080902@riseup.net> Message-ID: Either find a local broker (cash for bitcoin) or learn to use the wot ( https://bitcoin-otc.com/ http://www.btcalpha.com/blog/2015/explore-the-web-of-trust/). Everything else is generally a scam, at least in the sense that you'll be giving your ass to a unknown number of agents, even if you don't get robbed right away. Circle, Bitpay, Xapo, GoCoin etc etc etc can't be trusted. They deal in fiat, have to submit to governments, to banks, to many parties whose interests aren't your best. And that assuming they will not run away with the coins, which shouldn't be unexpected, considering for instance that gold has been confiscated by governments before. On Wed, Jul 15, 2015 at 8:57 AM, Mirimir wrote: > On 07/15/2015 04:37 AM, odinn wrote: > > > > > Re. your "untraceable" remarks, bitcoin is not untraceable. It's > > basically transparent. There are a few things that have been added > > recently to enhance privacy, but sorry, not untraceable or anonymous > > or anything like that. > > | China-based Bitcoin exchange Bter has announced that it will > | continue to operate its service and pay back all its users in > | time, following a cyberattack that saw the company lose $1.75 > | million in cryptocurrency to hackers. > | > | Bter says that it managed to trace the stolen 7,170 BTC to a > | Bitcoin mixer (a cryptocurrency laundering service) called > | Bitcoin Fog, but hasn’t heard from the company despite > | repeated attempts to make contact. > > > http://thenextweb.com/insider/2015/03/12/chinese-bitcoin-exchange-bter-will-pay-back-users-after-losing-1-75-million-in-cyberattack/ > > Bitcoin Fog is a Tor hidden service. If they can successfully launder > 7170 BTC, that's good enough for me. > > > -- Brenda Fernández me at brendafernandez.com GPG: CE5BEE6C81FCA4D4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2897 bytes Desc: not available URL: From me at brendafernandez.com Tue Sep 22 09:57:29 2015 From: me at brendafernandez.com (=?UTF-8?Q?Brenda_Fern=C3=A1ndez?=) Date: Tue, 22 Sep 2015 13:57:29 -0300 Subject: Windows 10 In-Reply-To: <557BCAEB.3080003@riseup.net> References: <556D8DFD.6050402@riseup.net> <557BCAEB.3080003@riseup.net> Message-ID: interesting features, biometric shit. Shiny turd. Consider this: W10 is free and it's being pushed hard by MS. They even force W7 and W8 users to download it when they aren't interested in 'upgrading'. So, if the product is free for you, who is the customer? On Sat, Jun 13, 2015 at 3:17 AM, odinn wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Well, since Windows 10 does in fact involve a planned lockout of > anyone who wants to dual-boot linux systems, you should just dump > Windows now if you are still using it. > > Here's my (somewhat dated, but updated) post on how I suggest one > should do that (target audience is for those who don't have a lot of > background in computer stuffs) > > https://odinn.cyberguerrilla.org/index.php/2014/04/02/quick-and-easy-the > - -five-minute-method-to-leave-windows-or-mac-os/ > > - -o > > On 06/02/2015 04:05 AM, Endless wrote: > > Hello Cypherpunks! > > > > As many of you will likely know, Microsoft has recently made public > > a release date for Windows 10 and has been testing the platform as > > part of the "Windows Insider" program. With this update comes a > > number of seemingly unoriginal [1], but nonetheless interesting > > features, such as "Cortana", Windows' "truly personal" assistant > > (only to be available in a handful of countries) and "Windows > > Hello", a biometric authentication system allowing the use of the > > face, iris, or finger for access [2]. > > > > What changes in Windows' security are expected to take place? Will > > systems such as Windows Hello leak uniquely identifiable biometric > > data, despite a planned increase in security [3]? What could > > perhaps be done to limit the risk of using systems such as a > > cloud-based, personal assistant that is able to access most of a > > person's internet-connected devices? > > > > Thankyou very much, Endless > > > > [1] It seems that Windows 10's flagship features such as biometric > > authentication have already been available on a number of other > > platforms for quite some time, not to mention the fact that the > > name "Cortana" was used as the name for an artificial intelligence > > character in the popular "Halo" game series (The name seems to be > > have been used without violating intellectual property laws, as > > Halo, having been originally developed by Bungie, Inc. is now a > > subsidiary of Microsoft Studios). > > > > [2] More information regarding Microsoft's initial announcement of > > the Windows 10 release date can be found at the following link: > > https://blogs.windows.com/bloggingwindows/2015/06/01/hello-world-windo > ws-10-available-on-july-29/ > > > > [3] A blog post relating to Windows 10's planned "security perks" > > can be found at the following link: > > http://blogs.windows.com/business/2014/10/22/windows-10-security-and-i > dentity-protection-for-the-modern-world/ > > > > > - -- > http://abis.io ~ > "a protocol concept to enable decentralization > and expansion of a giving economy, and a new social good" > https://keybase.io/odinn > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQEcBAEBAgAGBQJVe8rrAAoJEGxwq/inSG8CzR4IAKW7Sx92C4z0OAof8hFVNK4Z > jYbaVbfghJ9pfgHFiLOMgyh/7bM5Onm+zmtMwwwwxda4X6PrvBDoqf/26fB7HTF6 > MDrhoHmGBDwZ2/K4qAqLWnAp6CoxadApHrwhxHgjxcHJI5ULF1t1jVDISBSI8nNg > VDnoKkuxM6ufuoVO6KnbpzVKZt24HZskdP2tSTHkK7ABtZFwv/x1XZ+w+oR3ui36 > QVFIPkSD2LRVDbu0wWukibsksi8dig8G/11aT4JVoDBQPLUZPbkLz9LUDmnJoMFE > hjbzwtI3nSVZtT79fV8S3BtuK6SATa9VkxxAmTN4oZMARwyXbN5K1hgh2SpXdxM= > =A5LC > -----END PGP SIGNATURE----- > -- Brenda Fernández me at brendafernandez.com GPG: CE5BEE6C81FCA4D4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5333 bytes Desc: not available URL: From me at brendafernandez.com Tue Sep 22 09:58:44 2015 From: me at brendafernandez.com (=?UTF-8?Q?Brenda_Fern=C3=A1ndez?=) Date: Tue, 22 Sep 2015 13:58:44 -0300 Subject: Windows 10 In-Reply-To: References: <556D8DFD.6050402@riseup.net> <557BCAEB.3080003@riseup.net> Message-ID: But if you're willing to give your soul away in exchange for interesting features, a talking app and biometric shit, then you're probably making a good deal anyway. Your soul wasn't worth much in any case. On Tue, Sep 22, 2015 at 1:57 PM, Brenda Fernández wrote: > interesting features, > biometric shit. > > Shiny turd. > > Consider this: W10 is free and it's being pushed hard by MS. They even > force W7 and W8 users to download it when they aren't interested in > 'upgrading'. So, if the product is free for you, who is the customer? > > > On Sat, Jun 13, 2015 at 3:17 AM, odinn > wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Well, since Windows 10 does in fact involve a planned lockout of >> anyone who wants to dual-boot linux systems, you should just dump >> Windows now if you are still using it. >> >> Here's my (somewhat dated, but updated) post on how I suggest one >> should do that (target audience is for those who don't have a lot of >> background in computer stuffs) >> >> https://odinn.cyberguerrilla.org/index.php/2014/04/02/quick-and-easy-the >> - -five-minute-method-to-leave-windows-or-mac-os/ >> >> - -o >> >> On 06/02/2015 04:05 AM, Endless wrote: >> > Hello Cypherpunks! >> > >> > As many of you will likely know, Microsoft has recently made public >> > a release date for Windows 10 and has been testing the platform as >> > part of the "Windows Insider" program. With this update comes a >> > number of seemingly unoriginal [1], but nonetheless interesting >> > features, such as "Cortana", Windows' "truly personal" assistant >> > (only to be available in a handful of countries) and "Windows >> > Hello", a biometric authentication system allowing the use of the >> > face, iris, or finger for access [2]. >> > >> > What changes in Windows' security are expected to take place? Will >> > systems such as Windows Hello leak uniquely identifiable biometric >> > data, despite a planned increase in security [3]? What could >> > perhaps be done to limit the risk of using systems such as a >> > cloud-based, personal assistant that is able to access most of a >> > person's internet-connected devices? >> > >> > Thankyou very much, Endless >> > >> > [1] It seems that Windows 10's flagship features such as biometric >> > authentication have already been available on a number of other >> > platforms for quite some time, not to mention the fact that the >> > name "Cortana" was used as the name for an artificial intelligence >> > character in the popular "Halo" game series (The name seems to be >> > have been used without violating intellectual property laws, as >> > Halo, having been originally developed by Bungie, Inc. is now a >> > subsidiary of Microsoft Studios). >> > >> > [2] More information regarding Microsoft's initial announcement of >> > the Windows 10 release date can be found at the following link: >> > https://blogs.windows.com/bloggingwindows/2015/06/01/hello-world-windo >> ws-10-available-on-july-29/ >> >> > >> > [3] A blog post relating to Windows 10's planned "security perks" >> > can be found at the following link: >> > http://blogs.windows.com/business/2014/10/22/windows-10-security-and-i >> dentity-protection-for-the-modern-world/ >> >> > >> > >> - -- >> http://abis.io ~ >> "a protocol concept to enable decentralization >> and expansion of a giving economy, and a new social good" >> https://keybase.io/odinn >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1 >> >> iQEcBAEBAgAGBQJVe8rrAAoJEGxwq/inSG8CzR4IAKW7Sx92C4z0OAof8hFVNK4Z >> jYbaVbfghJ9pfgHFiLOMgyh/7bM5Onm+zmtMwwwwxda4X6PrvBDoqf/26fB7HTF6 >> MDrhoHmGBDwZ2/K4qAqLWnAp6CoxadApHrwhxHgjxcHJI5ULF1t1jVDISBSI8nNg >> VDnoKkuxM6ufuoVO6KnbpzVKZt24HZskdP2tSTHkK7ABtZFwv/x1XZ+w+oR3ui36 >> QVFIPkSD2LRVDbu0wWukibsksi8dig8G/11aT4JVoDBQPLUZPbkLz9LUDmnJoMFE >> hjbzwtI3nSVZtT79fV8S3BtuK6SATa9VkxxAmTN4oZMARwyXbN5K1hgh2SpXdxM= >> =A5LC >> -----END PGP SIGNATURE----- >> > > > > -- > Brenda Fernández > me at brendafernandez.com > GPG: CE5BEE6C81FCA4D4 > > -- Brenda Fernández me at brendafernandez.com GPG: CE5BEE6C81FCA4D4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 6380 bytes Desc: not available URL: From rysiek at hackerspace.pl Tue Sep 22 05:10:46 2015 From: rysiek at hackerspace.pl (rysiek) Date: Tue, 22 Sep 2015 14:10:46 +0200 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <56009ac7.e45c8c0a.63ed.fffff278@mx.google.com> References: <2044953.aWtXiBlrBy@lapuntu> <56009ac7.e45c8c0a.63ed.fffff278@mx.google.com> Message-ID: <3684347.K1ZfXkoDa4@lapuntu> Dnia poniedziałek, 21 września 2015 21:07:59 Juan pisze: > On Mon, 21 Sep 2015 13:14:24 +0200 > > rysiek wrote: > > Dnia poniedziałek, 21 września 2015 13:52:45 James A. Donald pisze: > > > On 2015-09-21 1:06 PM, rysiek wrote: > > > > for a moment there I entertained a notion of asking you for some > > > > sources, but then I remembered that both Putin and Obama are > > > > actually reptilian invaders from outer space and we're all fucked > > > > anyway. > > > > > > Does it not strike you as odd that whenever their is a protest in > > > favor of US domination and the overthrow of a supposedly oppressive > > > regimes, the protestors are generally carrying signs in English? > > > > I don't know, man, when I was protesting against ACTA I was carrying > > signs in English too. And that was in Poland. This might be related > > to the idea that once you're protesting, you want international media > > to pick up the story. > > > > Or, maybe this whole anti-ACTA thing was US-inspired and played right > > into the hands of our reptilian overlords. > > So, your protest against ACTA was legitimate (true). > > And so it follows that US imperialism doesn't exist and that > the US gov't never uses local people to further the interests > of the US gov't... No, what follows is that the "they have signs in English, and that means the protests must have been US-funded/influenced/etc" line of "reasoning" is bollocks. Not saying US imperialism doesn't exist. But people having signs in English on a protest somewhere in Nowheristan is not proof. Not even close. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Tue Sep 22 05:26:05 2015 From: rysiek at hackerspace.pl (rysiek) Date: Tue, 22 Sep 2015 14:26:05 +0200 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <56007137.2010503@riseup.net> References: <55FF812F.1090406@echeque.com> <56007137.2010503@riseup.net> Message-ID: <5469043.2VszmLFXp0@lapuntu> Dnia poniedziałek, 21 września 2015 14:05:59 Razer pisze: > On 09/20/2015 09:01 PM, James A. Donald wrote: > > It used to be that whenever Soviet attempts to brutally subjugate some > > country failed, the left would cry "Evil US imperialism" > > > > Now you have actual evil US imperialism happening right in front of > > your noses, for example Haiti, and the left is in total denial. > > The Cruise Missile Left is cheering all "humanitarian interventions". > All other left-thinking Mericans have been stupidified by TeeVee. > > I defer to: Amusing Ourselves To Death. Neil Postman. > > Available at LibCom Anarchist library: > > https://libcom.org/library/amusing-ourselves-death-public-discourse-age-show > -business-neil-postman > > The last chapter regarding Orwell or Huxley, who was right? clinches it. Very much so. Here's a helpful infographic version: http://rys.io/static/amusing-ourselves-to-death-huxley-orwell.png /not mine, unfortunately/ One thing to note is that one important way we are being intellectually castrated is by being led to radicalizing our positions -- by the filter bubble, by keeping more and more to like-minded people on social media, by assuming "the other side" (whichever that might be in any given circumstances) is "inherently evil", and by assuming off the bat what the "other side" in a given discussion has to say. Without listening, without thinking. This, in turn, makes it impossible to find middle ground and to *actually* understand the world, and to *actually* work to improve it. Look at the US vs. Russia debate. Why the fuck does it have to be "vs."? Why the fuck almost every single "lefty" person that I talk to and pass on my concerns about what Putin (yes, personally that guy; I have no beef with Russians as a people) assumes that at the same time I'm saying I'm okay with US internal or international policies? Why if I criticize actions of the Russian government I am immediately assumed to be defending actions of the US? And, on the other hand, why do people that have (rightful) grievances with US policies fail to even *consider* that maybe, just maybe, things in Russia aren't all that great and that Putin is not entirely the victim here? They are both fucked up, in many *different* (systemic racism in the US; systemic homophobia in Russia), and several *similar* ways (oligarchy running things). And yet they are able to play us, because predominantly we simply cannot see the bigger picture and cannot seem to understand *anything* more complicated than the simplified beyond belief "USA BAD RUSSIA GOOD" (or the other way around) worldview. It sickens me. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Tue Sep 22 06:04:06 2015 From: rysiek at hackerspace.pl (rysiek) Date: Tue, 22 Sep 2015 15:04:06 +0200 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <5469043.2VszmLFXp0@lapuntu> References: <56007137.2010503@riseup.net> <5469043.2VszmLFXp0@lapuntu> Message-ID: <2997043.W3qRkFHBSs@lapuntu> Dnia wtorek, 22 września 2015 14:26:05 rysiek pisze: > Why the fuck almost every single "lefty" person that I talk to and pass on > my concerns about what Putin (yes, personally that guy; I have no beef with > Russians as a people) assumes that at the same time I'm saying I'm okay > with US internal or international policies? Brainfart, my bad. Was supposed to be: "Why the fuck almost every single "lefty" person that I talk to and pass on my concerns about what Putin does (yes, personally that guy; I have no beef with Russians as a people) assumes that at the same time I'm saying I'm okay with US internal or international policies?" -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From me at brendafernandez.com Tue Sep 22 11:05:14 2015 From: me at brendafernandez.com (=?UTF-8?Q?Brenda_Fern=C3=A1ndez?=) Date: Tue, 22 Sep 2015 15:05:14 -0300 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <56019021.1010202@riseup.net> References: <55FF812F.1090406@echeque.com> <56007137.2010503@riseup.net> <5469043.2VszmLFXp0@lapuntu> <56019021.1010202@riseup.net> Message-ID: USG incompetence is hard to understand in these matters. I have no idea why they fuck up like this, getting involved in a conflict, supporting a side their are against to fight against the other side they are supposedly also against, but always on paper, they will never go there be killed. So why involve yourself in the first place other than to destroy what remains of your reputations, what remains of your money and relevance? But it's interesting nonetheless, to watch and see them fall, which they've been invariably doing since Vietnam. On Tue, Sep 22, 2015 at 2:30 PM, Razer wrote: > On 09/22/2015 05:26 AM, rysiek wrote: > > They are both fucked up, in many *different* (systemic racism in the US; > > systemic homophobia in Russia), and several *similar* ways (oligarchy > running > > things). And yet they are able to play us, because predominantly we > simply > > cannot see the bigger picture and cannot seem to understand *anything* > more > > complicated than the simplified beyond belief "USA BAD RUSSIA GOOD" (or > the > > other way around) worldview. > > For so many years now the geopolitical 'grand game' has been "Good > Cop/Bad Cop", "Mutt and "Jeff" played on the typically indigenous > people-d extractive resources nations (and in other ways against the > west's manufacturing satraps) by the US AND Russia. Either you pick one > side or the other or we have a war in YOUR country where YOUR people get > killed and your society/way of life destroyed. There are no "nice guys". > On the other hand I bristle when Syria's ally is accused of warmongering > for doing what allies are supposed to do. Come to their defense in the > traditional manner against an army of mercenaries that the West claims > on one hand to be fighting, and on the other, had a large part in it's > creation. > > Americans just sat idly by with their thumbs up their asses in denial > while the State Dept and CIA created AQv2 from the Libyans we hired to > sodomize Muammar al-Gadaffi with swords, and if the Russians want to > eradicate that threat to Syria and the region, have at it. > > -- Brenda Fernández me at brendafernandez.com GPG: CE5BEE6C81FCA4D4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2957 bytes Desc: not available URL: From me at brendafernandez.com Tue Sep 22 11:09:03 2015 From: me at brendafernandez.com (=?UTF-8?Q?Brenda_Fern=C3=A1ndez?=) Date: Tue, 22 Sep 2015 15:09:03 -0300 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: References: <55FF812F.1090406@echeque.com> <56007137.2010503@riseup.net> <5469043.2VszmLFXp0@lapuntu> <56019021.1010202@riseup.net> Message-ID: Sorry, wrong thread. On Tue, Sep 22, 2015 at 3:05 PM, Brenda Fernández wrote: > USG incompetence is hard to understand in these matters. I have no idea > why they fuck up like this, getting involved in a conflict, supporting a > side their are against to fight against the other side they are supposedly > also against, but always on paper, they will never go there be killed. So > why involve yourself in the first place other than to destroy what remains > of your reputations, what remains of your money and relevance? But it's > interesting nonetheless, to watch and see them fall, which they've been > invariably doing since Vietnam. > > On Tue, Sep 22, 2015 at 2:30 PM, Razer wrote: > >> On 09/22/2015 05:26 AM, rysiek wrote: >> > They are both fucked up, in many *different* (systemic racism in the US; >> > systemic homophobia in Russia), and several *similar* ways (oligarchy >> running >> > things). And yet they are able to play us, because predominantly we >> simply >> > cannot see the bigger picture and cannot seem to understand *anything* >> more >> > complicated than the simplified beyond belief "USA BAD RUSSIA GOOD" (or >> the >> > other way around) worldview. >> >> For so many years now the geopolitical 'grand game' has been "Good >> Cop/Bad Cop", "Mutt and "Jeff" played on the typically indigenous >> people-d extractive resources nations (and in other ways against the >> west's manufacturing satraps) by the US AND Russia. Either you pick one >> side or the other or we have a war in YOUR country where YOUR people get >> killed and your society/way of life destroyed. There are no "nice guys". >> On the other hand I bristle when Syria's ally is accused of warmongering >> for doing what allies are supposed to do. Come to their defense in the >> traditional manner against an army of mercenaries that the West claims >> on one hand to be fighting, and on the other, had a large part in it's >> creation. >> >> Americans just sat idly by with their thumbs up their asses in denial >> while the State Dept and CIA created AQv2 from the Libyans we hired to >> sodomize Muammar al-Gadaffi with swords, and if the Russians want to >> eradicate that threat to Syria and the region, have at it. >> >> > > > -- > Brenda Fernández > me at brendafernandez.com > GPG: CE5BEE6C81FCA4D4 > > -- Brenda Fernández me at brendafernandez.com GPG: CE5BEE6C81FCA4D4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3810 bytes Desc: not available URL: From wirelesswarrior at safe-mail.net Tue Sep 22 13:00:53 2015 From: wirelesswarrior at safe-mail.net (wirelesswarrior at safe-mail.net) Date: Tue, 22 Sep 2015 16:00:53 -0400 Subject: FCC NPRM seeks to end open SDR Message-ID: Rayzer, There are clear and limited definitions, unlikely to be changed, for what legally constitutes a "radio" or a "transmitter". The "mistake" of the SDR manufacturers was to ever call or market them anything but instruments (as Red Pitya has done). When the idea of classifying them as instruments was floated in the early days of the GnuRadio list (by Steve Schear) he cautioned to make sure the products weren't called anything that might even vaguely sound like a wireless device. Evidently the marketing people at these companies knew better. End-user controlled software signal generation and capture techniques are now widely in use by premium instrument manufacturers. If the FCC attempts to curtail the frequencies, modulation types, etc. by these these test instruments I think there will be manufacturers screaming bloody murder. Transmitters are generally much simpler electronically than receivers (which are much less regulated). They may be little more than a few components added to a digital circuit, as Rayzer pointed out, though that rarely leads to a generally useful device. Attaching a circuit which contains the necessary components to generate the desired digital signal (e.g., using a Direct Digital Synthesizer) and convert it to a quality analog one to a USB or on a header of a PC/SoC motherboard should provide a nice signal generator which could effectively bypass FCC enforcement (legally or otherwise). WW From juan.g71 at gmail.com Tue Sep 22 12:20:51 2015 From: juan.g71 at gmail.com (Juan) Date: Tue, 22 Sep 2015 16:20:51 -0300 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: References: <55FF812F.1090406@echeque.com> <56007137.2010503@riseup.net> <5469043.2VszmLFXp0@lapuntu> <56019021.1010202@riseup.net> Message-ID: <5601a8f9.53528c0a.cde70.0b36@mx.google.com> On Tue, 22 Sep 2015 15:05:14 -0300 Brenda Fernández wrote: > USG incompetence is hard to understand in these matters. there isn't any incompetence involved. > I have no > idea why they fuck up like this, right, you don't. getting involved in a conflict, > supporting a side their are against to fight against the other side > they are supposedly also against, but always on paper, they will > never go there be killed. So why involve yourself in the first place > other than to destroy what remains of your reputations, what remains > of your money and relevance? But it's interesting nonetheless, to > watch and see them fall, which they've been invariably doing since > Vietnam. > > On Tue, Sep 22, 2015 at 2:30 PM, Razer wrote: > > > On 09/22/2015 05:26 AM, rysiek wrote: > > > They are both fucked up, in many *different* (systemic racism in > > > the US; systemic homophobia in Russia), and several *similar* > > > ways (oligarchy > > running > > > things). And yet they are able to play us, because predominantly > > > we > > simply > > > cannot see the bigger picture and cannot seem to understand > > > *anything* > > more > > > complicated than the simplified beyond belief "USA BAD RUSSIA > > > GOOD" (or > > the > > > other way around) worldview. > > > > For so many years now the geopolitical 'grand game' has been "Good > > Cop/Bad Cop", "Mutt and "Jeff" played on the typically indigenous > > people-d extractive resources nations (and in other ways against the > > west's manufacturing satraps) by the US AND Russia. Either you pick > > one side or the other or we have a war in YOUR country where YOUR > > people get killed and your society/way of life destroyed. There are > > no "nice guys". On the other hand I bristle when Syria's ally is > > accused of warmongering for doing what allies are supposed to do. > > Come to their defense in the traditional manner against an army of > > mercenaries that the West claims on one hand to be fighting, and on > > the other, had a large part in it's creation. > > > > Americans just sat idly by with their thumbs up their asses in > > denial while the State Dept and CIA created AQv2 from the Libyans > > we hired to sodomize Muammar al-Gadaffi with swords, and if the > > Russians want to eradicate that threat to Syria and the region, > > have at it. > > > > > > From wirelesswarrior at safe-mail.net Tue Sep 22 14:59:24 2015 From: wirelesswarrior at safe-mail.net (wirelesswarrior at safe-mail.net) Date: Tue, 22 Sep 2015 17:59:24 -0400 Subject: =?UTF-8?Q?Re: Would you work if you didn=E2=80=99t have to??= Message-ID: I recently watched Zeitgeist https://en.wikipedia.org/wiki/Zeitgeist_%28film_series%29#Synopsis_2 At least for the documentary's first half offers a very good and accessible indictment of the global monetary system and capitalism (as its practiced). -------- Original Message -------- From: Zenaan Harkness Apparently from: cypherpunks-bounces at cpunks.org To: Jim Cc: cypherpunks at cpunks.org Subject: Re: Would you work if you didn’t have to? Date: Fri, 18 Sep 2015 11:33:40 +0000 > Hi Jim, I remember suggesting this to M about 5 or 6 years ago. I have > not looked into the economics of it (i.e. how Australia's national > budget could make it work) and so it was heartwarming, or at least > very interesting to me, to read the article you forwarded which had a > few (small) examples in the last century where this has been trialed - > and that in at least one example, inflation went down, not up, quite > contrary to "normal economist" expectations! > > Very, very interesting. What this tells us, is that "the abundance > community" (or rather nation), can indeed work - and with robotics and > automation being spearheaded heavily this year by Japan we may well > need such a new economic model for nations in general. The fact that > it has been shown it works in at least a couple examples, is generally > great news of course. > > I experience in the "free software"/"libre computing" community - > Debian GNU/Linux, RedHat/Fedora and more, and from me-as-programmer > experience, it is a world of abundance - hackers (the good ones - i.e. > those who do stuff to benefit the community) essentially have an > abundance of the raw material or tools of trade - i.e. all you need is > a computer and away you go, you can write whatever program you think > people might enjoy using - since electricity to run your computer is > close to free - add a few solar cells and it is free. > > So in truth all the "information worker" needs to manifest their > creativity (besides their computer) is food and shelter - same for > musicians and certain other creative artists etc. > > And since the marginal cost (incremental cost) of duplicating a > (digital) song, or computer program, is very close to zero dollars > (just download it for a tiny bit of electricity expense), then when I > give my computer program to society as free/libre software, I am > causing an exponential benefit to society, since as many people as > have computers, can benefit from my creation. > > This is an "abundance economy" in action, and although I don't get > wealth in this situation where I give my computer program away, I get > credos/ ego satisfaction, recognition, esteem from my peers and or the > users of my program, and potentially a job doing something I really > enjoy (supporting users who benefit financially from my program, who > are willing to pay for some support, training, and or enhancements to > my computer program - this will normally just be the companies that > use my program - but RedHat demonstrates that it's possible to build a > billion-dollar company just supporting free software which is pretty > cool). > > As long as I can do a bit of travel, have food in my belly and a warm > couple of rooms to live in, I'm basically content and happy with life, > since it is my nature to be creative (with computers) and to give away > my creations. > > Regards, > Z > > > On 9/18/15, Jim wrote: > > The idea of universal basic income will likely become a human rights issue > > implemented by many countries due to rising under employment and > > unemployment, caused by increased technology automation reducing the demand > > for many jobs requiring menial or repetitive labour. > > > > Jim > > > > > > > > Would you work if you didn’t have to? > > > > news.com.au > > Frank Chung > > September 17, 2015 > > > > > > IF YOU were paid $30,000 by the government every year without having to lift > > a finger, would you still try to find work? > > And if you did, would you settle for a menial job cleaning toilets, or would > > you demand something more glamorous? > > > > > > More importantly, if in the next, say, 20 years, those toilets are being > > cleaned by robots, shouldn’t those now out-of-work toilet cleaners have a > > right to that $30,000? > > > > These are the questions at the heart of the debate over unconditional basic > > income — an unconventional policy idea which argues every person should be > > paid a standard amount, regardless of whether they are working or not. > > > > Like the dole, it’s meant to make sure every person in society can meet > > basic living standards. But it differs, in that there is no work requirement > > or means test — meaning you could have a job and pocket the $30,000 cash on > > top of your wage, or not work at all and live off the $30,000 alone. > > > > Some conservatives like the idea because it would theoretically streamline > > and simplify complex systems of social security payments and subsidies, > > cutting down administrative costs. > > > > It’s already being trialled in the Netherlands with 300 residents of the > > town of Utrecht among a number of Dutch pilot sites, while the Indian > > government has also embraced the idea, and previous small-scale experiments > > have been hailed as great successes. > > > > A new lobby group has formed in the US, Basic Income Action, to coincide > > with the eighth International Basic Income Week, and the campaign to give > > every human being a basic minimum wage, no questions asked, appears to be > > picking up steam. > > > > The group, taking a cue from recent similar campaigns around gay marriage > > and marijuana legalisation, has launched a petition calling on US > > presidential candidates to support basic income. > > > > “Basic income is a remarkably powerful and timely idea, and Basic Income > > Action will be a great resource for longtime activists and people who are > > learning about this for the first time,” said Steven Shafarman, author of > > the upcoming book The Basic Income Imperative. > > > > It’s not a new idea, but with rising under- and unemployment, increasing > > cost of living and low to negative real wage growth — not to mention the > > growing automation of menial jobs — basic income has become a popular cause > > of the Left. > > > > Canadian author Naomi Klein recently released a manifesto which, along with > > universal childcare and an end to international trade deals, called for a > > universal basic income. > > > > Next year, Switzerland will hold a referendum on the issue after a petition > > gained more than 100,000 signatures, although the government has come out > > against the idea, urging its citizens to vote ‘no’. > > > > It’s an idea which appeals to both sides of the political spectrum. > > > > Classic liberal economists including Milton Friedman supported the idea in > > the form of a ‘reverse tax’, or a threshold under which, rather than the > > government taking your money, it pays you. > > > > Progressives, who often throw around terms like ‘wage slavery’ when > > discussing universal income, see it as a way of expanding the social safety > > net and elevating the human condition above the drudgery of performing > > soul-crushing jobs just to survive. > > > > The key question is whether people can be trusted not to sit around doing > > nothing. Conservatives naturally assume the worst of people, while > > progressives hope for the best. > > > > Arguments against the idea are generally that one, we can’t possibly afford > > it; and two, it would dampen labour market participation by removing > > incentive to work, putting greater tax pressure on those who do. > > > > A study conducted 40 years ago in the tiny Canadian farming town of Dauphin, > > Manitoba, found the payments actually had a “social multiplier effect”, and > > despite the fears of a dip in labour, people still had the incentive to work > > more hours rather than less. > > > > One big danger in implementing such a system, however, would be pressure > > from the welfare lobby to apply different loadings for various interest > > groups, undermining the generic distribution. > > > > Mikayla Novak, senior research fellow with free-market think-tank the > > Institute of Public Affairs, wrote in 2013 that while basic income was a > > seductive idea for people of “varied philosophical persuasions”, it could > > “risk ending up as another initiative in which good intentions do not align > > with desirable results”. > > > > Another common criticism of basic income is that it would lead to inflation > > — if everyone has more money, everything would cost more. > > > > Writing in Medium, basic income advocate Scott Santens provides two > > real-world examples where that proved not to be the case: Alaska in 1982, > > and Kuwait in 2011. In both cases, inflation actually decreased after the > > government introduced a partial basic income to citizens. > > > > Supporters argue that in general, since the income is provided by the > > government through existing, not printed money, the inflationary effects > > should be minimal. > > > > He told Motherboard the momentum which was lost in the 1970s was coming back > > and, due to advances in technology, was “here to stay”. > > > > “Step one to all of this is growing the conversation for basic income to a > > critical mass and connecting the people who believe it needs to happen,” he > > said. “And that’s what BIA is for, to grow and connect, and to win.” > > > > http://www.news.com.au/finance/economy/would-you-work-if-you-didnt-have-to/story-fnu2pycd-1227531288369 > > > > > > -------------------------------------------------------------------------------- > > > > From wirelesswarrior at safe-mail.net Tue Sep 22 15:01:35 2015 From: wirelesswarrior at safe-mail.net (wirelesswarrior at safe-mail.net) Date: Tue, 22 Sep 2015 18:01:35 -0400 Subject: LTE in Wi-Fi bands Message-ID: A counter to this is to use SDR to enable WiFi mesh nets to use the LTE spectrum. -------- Original Message -------- From: Nymble Apparently from: cypherpunks-bounces at cpunks.org To: "cypherpunks at cpunks.org" Subject: LTE in Wi-Fi bands Date: Thu, 17 Sep 2015 10:52:09 -0700 > Cells phones in 2016 will start to use Wi-Fi bands for LTE: > http://goo.gl/s2Vsrz > There goes our free use of spectrum. There has been no adiquate effort by Qualcomm to demonstrate that LTE-U will compete fairly for band usage against Wi-Fi. > > > > > > On Aug 18, 2015, at 11:52 PM, Peter Fairbrother wrote: > > > > On 18/08/15 19:23, jim bell wrote: > >> *From:* Peter Fairbrother > >> > >> *Subject:* Re: Recommended Movie: "Sebastian" 1968. > >> > >> On 18/08/15 03:46, jim bell wrote: > >> > >> > >> >> Since people seem to be recommending things, I recommend the movie > >> >> "Sebastian". Dirk Bogarde, Susannah York. > >> >> https://www.youtube.com/watch?v=bIK3OYnD9MY > >> > >> >> Out of date even when it was made, I think it really represents the > >> >> cryptography situation as of the 1930's. > >> > >> >Based on a screenplay by Leo Marks - author of Between Silk and Cyanide: > >> >A Codemaker's War 1941-1945. > >> >Essential reading. Leo was the codemaker for SOE. All hand ciphers and > >> >agents. > >> >He wasn't at Bletchley - who called him "the one who got away" - though, > >> >and so no machine ciphers. > >> >The Silk in the title was for OTPs which could be hidden in clothing > >> >from Gestapo/SS searches. > >> >As I said, essential reading. > >> > >> > >> The tv show 60 Minutes spilled the beans about Enigma in 1975. > >> http://www.cbsnews.com/videos/the-ultra-secret/ > > > > > > Not sure that was the one to spill the beans. I thought it was Winterbotham's 1974 book of the same name which first got the idea across to the public; though there was a French book in 1973 as well. > > > > Like Winterbotham's book, which the TV show seems to be based on, it's also a bit confused and/or inaccurate. Much of what they tell - the conversations between Hitler and his generals, "knowing Hitler's most secret thoughts", and Hitler's message re Anzio which Gen Clark read - came from the breaking of the Lorentz SZ40, not the Enigma. Colossus, not Bombe. > > > > And the Coventry story is fiction [1]. Churchill could not have been told the target from ULTRA decrypts. The ULTRA decrypts are now available in public records, and they do not mention Coventry. > > > > > > > > [1] My theory: Probably it began as a story made up to impress the need to keep the ULTRA secret - "hey if the man at the door with the revolver who just threatened to shoot you doesn't impress you, Churchill allowed [2] the bombing of Coventry in order to keep the secret". > > > > Later the story became an accusation, then a rumour, then a play - though by the time it became a play it was becoming obvious that ULTRA wasn't involved, and the motive for allowing the bombing changed to "Impressing the Americans" [3]. > > > > I can easily imagine someone telling Winterbotham the story (Winterbotham was the one who first told the Coventry story in public). > > > > I can also imagine Winterbotham repeating the story, in confidence, in order to impress the listener with the need to keep the secret (and with W himself) so often that he didn't know whether it was true or not (he didn't claim to be personally involved). > > > > Good story, and Churchill was probably capable of it - but it ain't true. > > > > > > > > [2] not that there was anything he could have done to stop the bombing, but for the sake of the narrative .. > > > > > > [3] requiring an even wilder suspension of belief, IME > > > > > >> What most people didn't realize was that the controversy was due to the > >> fact that rotor-driven cipher machines had been continued to be sold in > >> the post-WWII era, without their weakness being recognized. This > >> allowed the CIA/GCHQ to continue to decrypt enciphered messages for > >> decades afterwards. > > > > > > Yes - but Leo Marks wasn't involved in that. He ~ stopped being a cryptographer when SOE was broken up at the end of the war. > > > > What he did was hand ciphers, for agents in occupied countries - they couldn't carry cipher machines. > > > > There is nothing else like Between Silk and Cyanide in the crypto literature. Crypto at the cutting edge, where a mistake is a painful death, and likely worse. > > > > More, it is about how a cryptographer and his work interact with the world. > > > > I would not like to have been Leo (I met him once), but hell if I don't respect him. > > > > There is a TV documentary about him, called "A Very British Psycho" - an apt title. > > > > > > > > -- Peter Fairbrother From juan.g71 at gmail.com Tue Sep 22 16:11:19 2015 From: juan.g71 at gmail.com (Juan) Date: Tue, 22 Sep 2015 20:11:19 -0300 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <3684347.K1ZfXkoDa4@lapuntu> References: <2044953.aWtXiBlrBy@lapuntu> <56009ac7.e45c8c0a.63ed.fffff278@mx.google.com> <3684347.K1ZfXkoDa4@lapuntu> Message-ID: <5601defb.5c28370a.349d1.ffff8438@mx.google.com> On Tue, 22 Sep 2015 14:10:46 +0200 rysiek wrote: > Dnia poniedziałek, 21 września 2015 21:07:59 Juan pisze: > > On Mon, 21 Sep 2015 13:14:24 +0200 > > > > rysiek wrote: > > > Dnia poniedziałek, 21 września 2015 13:52:45 James A. Donald > > > pisze: > > > > On 2015-09-21 1:06 PM, rysiek wrote: > > > > > for a moment there I entertained a notion of asking you for > > > > > some sources, but then I remembered that both Putin and Obama > > > > > are actually reptilian invaders from outer space and we're > > > > > all fucked anyway. > > > > > > > > Does it not strike you as odd that whenever their is a protest > > > > in favor of US domination and the overthrow of a supposedly > > > > oppressive regimes, the protestors are generally carrying signs > > > > in English? > > > > > > I don't know, man, when I was protesting against ACTA I was > > > carrying signs in English too. And that was in Poland. This might > > > be related to the idea that once you're protesting, you want > > > international media to pick up the story. > > > > > > Or, maybe this whole anti-ACTA thing was US-inspired and played > > > right into the hands of our reptilian overlords. > > > > So, your protest against ACTA was legitimate (true). > > > > And so it follows that US imperialism doesn't exist and > > that the US gov't never uses local people to further the interests > > of the US gov't... > > No, what follows is that the "they have signs in English, and that > means the protests must have been US-funded/influenced/etc" line of > "reasoning" is bollocks. It isn't bollocks, at all. English signs on cnn that just happen to match the pentagon's war propaganda are obviously suspect...except for biased people or people in the payroll of the pentagon. > > Not saying US imperialism doesn't exist. But people having signs in > English on a protest somewhere in Nowheristan is not proof. Not even > close. The signs are not proof of american imperialism. The signs are proof of the kind of 'conspiracy' that people partial to the american government deny. American imperialism doesn't need any kind of subtle 'proofs'. It's part of all fucking history books since 1776. " reptilian overlords." Don't you have anything better than that? > From coderman at gmail.com Tue Sep 22 20:31:26 2015 From: coderman at gmail.com (coderman) Date: Tue, 22 Sep 2015 20:31:26 -0700 Subject: Focusing x-rays In-Reply-To: <56021a6d.466a8c0a.78eb9.45fa@mx.google.com> References: <802609537.39470.1442977158807.JavaMail.yahoo@mail.yahoo.com> <56021a6d.466a8c0a.78eb9.45fa@mx.google.com> Message-ID: On 9/22/15, Juan wrote: > ... > Isn't it possible to focus any sort(frequency) of EM wave, at > least in theory? in theory, with "metamaterials", yes. in practice this is akin to the perfect invisibility cloak problem, full of devilish details... a full spectrum Superlens for any EM freq would be quite handy indeed :) best regards, From coderman at gmail.com Tue Sep 22 21:13:12 2015 From: coderman at gmail.com (coderman) Date: Tue, 22 Sep 2015 21:13:12 -0700 Subject: FOIPA adventures In-Reply-To: References: <000701d0bcb7$94118e80$bc34ab80$@co.uk> Message-ID: On 9/17/15, coderman wrote: > another to complete: > > at least 10 P25 Motorola radios at Department of State. and some not > so pretty carpet :P > > https://www.muckrock.com/foi/united-states-of-america-10/p25count-20177/#file-54797 handily beat by the US Marshals, with 21,994 P25 radios! https://www.muckrock.com/foi/united-states-of-america-10/p25count-20170/#file-56132 i expect the DEA will be another big buyer... best regards, From coderman at gmail.com Tue Sep 22 21:23:54 2015 From: coderman at gmail.com (coderman) Date: Tue, 22 Sep 2015 21:23:54 -0700 Subject: Focusing x-rays In-Reply-To: References: Message-ID: On 9/22/15, wirelesswarrior at safe-mail.net wrote: > ... > Most metamaterials perform their magic using plasmas which form inside the > material. These plasmas can absorb, reflect, refract, etc. but there are > cut-off frequencies related to the energy of the plasma vs. the energy of > photons. indeed. and while new "nano-meta-materials" or even larger composites are being developed at reasonable operating temperatures, these too suffer from same limitations of range. so an idealized metamaterial implementing a superlens is what we want, even if hopelessly distant technology wise... one day! :P best regards, From coderman at gmail.com Tue Sep 22 21:25:52 2015 From: coderman at gmail.com (coderman) Date: Tue, 22 Sep 2015 21:25:52 -0700 Subject: FOIPA adventures In-Reply-To: References: <000701d0bcb7$94118e80$bc34ab80$@co.uk> Message-ID: most interesting reply: asked about SCIFs at the DoJ, and they forward only to FBI: https://www.muckrock.com/foi/united-states-of-america-10/scifcount-21229/#file-55661 surely DoJ has more SCIFs than just those used by FBI investigations? perhaps FBI is simply SCIF steward for all DoJ components... sending more FOIAs now, starting with processing notes. will advise, From wirelesswarrior at safe-mail.net Tue Sep 22 18:56:54 2015 From: wirelesswarrior at safe-mail.net (wirelesswarrior at safe-mail.net) Date: Tue, 22 Sep 2015 21:56:54 -0400 Subject: Focusing x-rays Message-ID: -------- Original Message -------- From: jim bell Apparently from: cypherpunks-bounces at cpunks.org To: Juan , "cypherpunks at cpunks.org" Subject: Re: How much/what hardware does the rowhammer DRAM bug affects? Date: Fri, 18 Sep 2015 21:30:32 +0000 (UTC) > >Within the last couple of months, I think somebody was arrested for planning some sort of "X-ray death ray". http://nypost.com/2015/08/18/kkk-member-built-death-ray-machine-to-kill-muslims-and-obama-prosecutors-say/ But only a dweeb doesn't know that X-rays cannot be focussed. (With one very obscure exception not applicable here. Find it and get an "attaboy!". ) > > Its called Grazing Incidence > > https://en.wikipedia.org/wiki/X-ray_optics > > > >Microwaves, OTOH, can be focussed rather easily. The frequency is 2.45 Ghz, at about 1 Kilowatt. (wavelength about 12 centimeters.) I'd have to consult a Radio Amateur's handbook, but a modern dish (intended or Directv or Dish network) could probably get 15-20 db of gain, compared with isotropic. An old-style 8-foot dish probably would do 30 db gain. That would be 100 kilowatts ERP. > > >Such an unshielded (open) device would probably impair WiFi at 2.5 Ghz severely, if you're close to it, say a few hundred feet away. Fortunately, I think microwave ovens have better than 60 db of shielding. A few 10s of feet, away, hardware damage might occur if that full 1 kw were allowed to leak out. > Jim Bell > > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2860 bytes Desc: not available URL: From wirelesswarrior at safe-mail.net Tue Sep 22 20:16:01 2015 From: wirelesswarrior at safe-mail.net (wirelesswarrior at safe-mail.net) Date: Tue, 22 Sep 2015 23:16:01 -0400 Subject: Focusing x-rays Message-ID: I actually knew the answer when I first read the post (no I didn't use a search engine to find it as I worked in aerospace) but thought it would be nice to provide an authoritative source. -------- Original Message -------- From: Peter Gutmann To: "wirelesswarrior at safe-mail.net" , "jdb10987 at yahoo.com" Cc: "cypherpunks at cpunks.org" Subject: RE: Focusing x-rays Date: Wed, 23 Sep 2015 02:37:06 +0000 > wirelesswarrior at safe-mail.net writes: > > >Its called Grazing Incidence > > > >https://en.wikipedia.org/wiki/X-ray_optics > > Ten out of ten for knowing what it was, but minus several million for using > Wikipedia as the reference. > > Peter. From ryacko at gmail.com Tue Sep 22 23:34:46 2015 From: ryacko at gmail.com (Ryan Carboni) Date: Tue, 22 Sep 2015 23:34:46 -0700 Subject: [cryptome] Re: FOIPA adventures In-Reply-To: References: <000701d0bcb7$94118e80$bc34ab80$@co.uk> Message-ID: I suppose prosecutors working on the Manning and Snowden cases can't work out of their offices? On Tue, Sep 22, 2015 at 9:25 PM, coderman wrote: > most interesting reply: > > asked about SCIFs at the DoJ, and they forward only to FBI: > > https://www.muckrock.com/foi/united-states-of-america-10/scifcount-21229/#file-55661 > > surely DoJ has more SCIFs than just those used by FBI investigations? > perhaps FBI is simply SCIF steward for all DoJ components... > > sending more FOIAs now, starting with processing notes. will advise, > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1012 bytes Desc: not available URL: From rysiek at hackerspace.pl Tue Sep 22 14:54:40 2015 From: rysiek at hackerspace.pl (rysiek) Date: Tue, 22 Sep 2015 23:54:40 +0200 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <5601a8f9.53528c0a.cde70.0b36@mx.google.com> References: <5601a8f9.53528c0a.cde70.0b36@mx.google.com> Message-ID: <24052733.5QiZz8VGcn@lapuntu> Dnia wtorek, 22 września 2015 16:20:51 Juan pisze: > On Tue, 22 Sep 2015 15:05:14 -0300 > > Brenda Fernández wrote: > > USG incompetence is hard to understand in these matters. > > there isn't any incompetence involved. > > > I have no > > idea why they fuck up like this, > > right, you don't. Thank FSM you do! :) -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From wirelesswarrior at safe-mail.net Tue Sep 22 21:17:02 2015 From: wirelesswarrior at safe-mail.net (wirelesswarrior at safe-mail.net) Date: Wed, 23 Sep 2015 00:17:02 -0400 Subject: Focusing x-rays Message-ID: -------- Original Message -------- From: coderman Apparently from: cypherpunks-bounces at cpunks.org To: Juan Cc: cypherpunks at cpunks.org Subject: Re: Focusing x-rays Date: Tue, 22 Sep 2015 20:31:26 -0700 > On 9/22/15, Juan wrote: > > ... > > Isn't it possible to focus any sort(frequency) of EM wave, at > > least in theory? > > in theory, with "metamaterials", yes. > > in practice this is akin to the perfect invisibility cloak problem, > full of devilish details... > > a full spectrum Superlens for any EM freq would be quite handy indeed :) Most metamaterials perform their magic using plasmas which form inside the material. These plasmas can absorb, reflect, refract, etc. but there are cut-off frequencies related to the energy of the plasma vs. the energy of photons. From juan.g71 at gmail.com Tue Sep 22 20:24:53 2015 From: juan.g71 at gmail.com (Juan) Date: Wed, 23 Sep 2015 00:24:53 -0300 Subject: Focusing x-rays In-Reply-To: <802609537.39470.1442977158807.JavaMail.yahoo@mail.yahoo.com> References: <802609537.39470.1442977158807.JavaMail.yahoo@mail.yahoo.com> Message-ID: <56021a6d.466a8c0a.78eb9.45fa@mx.google.com> On Wed, 23 Sep 2015 02:59:18 +0000 (UTC) jim bell wrote: > > But only a dweeb doesn't know that X-rays cannot be focussed. > > (With one very obscure exception not applicable here. Find it and > >get an "attaboy!". ) Isn't it possible to focus any sort(frequency) of EM wave, at least in theory? > Its called Grazing Incidence > > https://en.wikipedia.org/wiki/X-ray_optics From pgut001 at cs.auckland.ac.nz Tue Sep 22 19:37:06 2015 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Wed, 23 Sep 2015 02:37:06 +0000 Subject: Focusing x-rays In-Reply-To: References: Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4B1A4E9@uxcn10-5.UoA.auckland.ac.nz> wirelesswarrior at safe-mail.net writes: >Its called Grazing Incidence > >https://en.wikipedia.org/wiki/X-ray_optics Ten out of ten for knowing what it was, but minus several million for using Wikipedia as the reference. Peter. From jdb10987 at yahoo.com Tue Sep 22 19:59:18 2015 From: jdb10987 at yahoo.com (jim bell) Date: Wed, 23 Sep 2015 02:59:18 +0000 (UTC) Subject: Focusing x-rays In-Reply-To: References: Message-ID: <802609537.39470.1442977158807.JavaMail.yahoo@mail.yahoo.com> Attaboy!!! From: "wirelesswarrior at Safe-mail.net" To: jdb10987 at yahoo.com Cc: juan.g71 at gmail.com; cypherpunks at cpunks.org Sent: Tuesday, September 22, 2015 6:56 PM Subject: Focusing x-rays -------- Original Message -------- From: jim bell Apparently from: cypherpunks-bounces at cpunks.org To: Juan , "cypherpunks at cpunks.org" Subject: Re: How much/what hardware does the rowhammer DRAM bug affects? Date: Fri, 18 Sep 2015 21:30:32 +0000 (UTC) >Within the last couple of months, I think somebody was arrested for planning some sort of "X-ray death ray". http://nypost.com/2015/08/18/kkk-member-built-death-ray-machine-to-kill-muslims-and-obama-prosecutors-say/ But only a dweeb doesn't know that X-rays cannot be focussed. (With one very obscure exception not applicable here. Find it and get an "attaboy!". ) Its called Grazing Incidence https://en.wikipedia.org/wiki/X-ray_optics   >Microwaves, OTOH, can be focussed rather easily. The frequency is 2.45 Ghz, at about 1 Kilowatt. (wavelength about 12 centimeters.) I'd have to consult a Radio Amateur's handbook, but a modern dish (intended or Directv or Dish network) could probably get 15-20 db of gain, compared with isotropic. An old-style 8-foot dish probably would do 30 db gain. That would be 100 kilowatts ERP. >Such an unshielded (open) device would probably impair WiFi at 2.5 Ghz severely, if you're close to it, say a few hundred feet away. Fortunately, I think microwave ovens have better than 60 db of shielding. A few 10s of feet, away, hardware damage might occur if that full 1 kw were allowed to leak out. Jim Bell   -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4538 bytes Desc: not available URL: From pgut001 at cs.auckland.ac.nz Tue Sep 22 21:37:39 2015 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Wed, 23 Sep 2015 04:37:39 +0000 Subject: Windows 10 In-Reply-To: References: <556D8DFD.6050402@riseup.net> <557BCAEB.3080003@riseup.net>, Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4B1A65F@uxcn10-5.UoA.auckland.ac.nz> Brenda Fernández writes: >W10 is free and it's being pushed hard by MS. They even force W7 and W8 users >to download it when they aren't interested in 'upgrading'. So, if the product >is free for you, who is the customer? You're the product, not Windows. That was the good thing about the old Microsoft (yes, there were good things about them), they took your money and left you alone to do whatever you wanted with their software. Now, like Google (where you're entirely the product, for sale to anyone with money) and Apple (where you're still the product, but the sole customer is Apple), they're turning their customers into the product. (Not to mention that W10 has moved even further along the path of treating your PC like a cellphone. It's possibly the first GUI I've used that was literally painful to use, the all-white-all-the-time UI theme was like staring into a lightbox, my eyes hurt after an hour of two of setting up a neighbour's PC). Peter. From coderman at gmail.com Wed Sep 23 04:46:30 2015 From: coderman at gmail.com (coderman) Date: Wed, 23 Sep 2015 04:46:30 -0700 Subject: FCC NPRM seeks to end open SDR In-Reply-To: References: Message-ID: On 9/22/15, wirelesswarrior at safe-mail.net wrote: > ... When the idea of classifying them as instruments was > floated in the early days of the GnuRadio list (by Steve Schear) he > cautioned to make sure the products weren't called anything that might even > vaguely sound like a wireless device. Evidently the marketing people at > these companies knew better. it worked well, while it lasted... :) > End-user controlled software signal generation and capture techniques are > now widely in use by premium instrument manufacturers. If the FCC attempts > to curtail the frequencies, modulation types, etc. by these these test > instruments I think there will be manufacturers screaming bloody murder. truly Classic Coke a recipe well loved and made verboten none the less. "Real SDR" will become illegal; no longer exist. "Consumer SDR" will eat the binary blobs of emission compliant crippled chipsludge. "Test Equipment" again a popular category. like "water pipe" where you used to put your bong, you'll not dare ask about amplified front-ends or frequency focused antennas attendant with your ADC/DAC test device - your lab is already stocked! best regards, from the Wideband TestKit at Faraday Barn :) From jdb10987 at yahoo.com Tue Sep 22 22:41:41 2015 From: jdb10987 at yahoo.com (jim bell) Date: Wed, 23 Sep 2015 05:41:41 +0000 (UTC) Subject: Balloon RF probe. Message-ID: <1065184497.96689.1442986901763.JavaMail.yahoo@mail.yahoo.com> http://www.wired.com/2015/09/balloon-spy-probe-deep-sweep/ I was thinking about something like this, about 25 years ago. But rather than a free-flying balloon, I felt that an aerostat configuration would be better. Further, I figured that a bidirectional optical fiber link would be useful, such as: http://datainterfaces.com/sfp-modules-single-strand-bidirectional-gigabit-SC.aspx?gclid=CjwKEAjw-IOwBRD1wrTC27fSjFISJABUDZ17VgezJOQe9_0o3_9WJIWBYvqkpJyge7-5g3ZkgT4wZBoC1vzw_wcB An otherwise-unjacketed optical fiber, but with a woven Kevlar strength covering, would be useful. Obviously, the FAA wouldn't approve, but that doesn't keep us from imagining, huh? Jim Bell. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1924 bytes Desc: not available URL: From me at brendafernandez.com Wed Sep 23 02:22:43 2015 From: me at brendafernandez.com (=?UTF-8?Q?Brenda_Fern=C3=A1ndez?=) Date: Wed, 23 Sep 2015 06:22:43 -0300 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <5601a8f9.53528c0a.cde70.0b36@mx.google.com> References: <55FF812F.1090406@echeque.com> <56007137.2010503@riseup.net> <5469043.2VszmLFXp0@lapuntu> <56019021.1010202@riseup.net> <5601a8f9.53528c0a.cde70.0b36@mx.google.com> Message-ID: so all they do is in their actual best interest and they aren't failing and on the brink of collapse? Care to clarify apart from trolling? k, thx! On Tue, Sep 22, 2015 at 4:20 PM, Juan wrote: > On Tue, 22 Sep 2015 15:05:14 -0300 > Brenda Fernández wrote: > > > USG incompetence is hard to understand in these matters. > > there isn't any incompetence involved. > > > I have no > > idea why they fuck up like this, > > > right, you don't. > > > getting involved in a conflict, > > supporting a side their are against to fight against the other side > > they are supposedly also against, but always on paper, they will > > never go there be killed. So why involve yourself in the first place > > other than to destroy what remains of your reputations, what remains > > of your money and relevance? But it's interesting nonetheless, to > > watch and see them fall, which they've been invariably doing since > > Vietnam. > > > > On Tue, Sep 22, 2015 at 2:30 PM, Razer wrote: > > > > > On 09/22/2015 05:26 AM, rysiek wrote: > > > > They are both fucked up, in many *different* (systemic racism in > > > > the US; systemic homophobia in Russia), and several *similar* > > > > ways (oligarchy > > > running > > > > things). And yet they are able to play us, because predominantly > > > > we > > > simply > > > > cannot see the bigger picture and cannot seem to understand > > > > *anything* > > > more > > > > complicated than the simplified beyond belief "USA BAD RUSSIA > > > > GOOD" (or > > > the > > > > other way around) worldview. > > > > > > For so many years now the geopolitical 'grand game' has been "Good > > > Cop/Bad Cop", "Mutt and "Jeff" played on the typically indigenous > > > people-d extractive resources nations (and in other ways against the > > > west's manufacturing satraps) by the US AND Russia. Either you pick > > > one side or the other or we have a war in YOUR country where YOUR > > > people get killed and your society/way of life destroyed. There are > > > no "nice guys". On the other hand I bristle when Syria's ally is > > > accused of warmongering for doing what allies are supposed to do. > > > Come to their defense in the traditional manner against an army of > > > mercenaries that the West claims on one hand to be fighting, and on > > > the other, had a large part in it's creation. > > > > > > Americans just sat idly by with their thumbs up their asses in > > > denial while the State Dept and CIA created AQv2 from the Libyans > > > we hired to sodomize Muammar al-Gadaffi with swords, and if the > > > Russians want to eradicate that threat to Syria and the region, > > > have at it. > > > > > > > > > > > > > -- Brenda Fernández me at brendafernandez.com GPG: CE5BEE6C81FCA4D4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4159 bytes Desc: not available URL: From me at brendafernandez.com Wed Sep 23 02:26:34 2015 From: me at brendafernandez.com (=?UTF-8?Q?Brenda_Fern=C3=A1ndez?=) Date: Wed, 23 Sep 2015 06:26:34 -0300 Subject: Windows 10 In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4B1A65F@uxcn10-5.UoA.auckland.ac.nz> References: <556D8DFD.6050402@riseup.net> <557BCAEB.3080003@riseup.net> <9A043F3CF02CD34C8E74AC1594475C73F4B1A65F@uxcn10-5.UoA.auckland.ac.nz> Message-ID: W10 Confirmed Malware Edition treats the used as a teenage girl ripe for the raping. In every possible sense. But well, useds are asking for it, apparently. On Wed, Sep 23, 2015 at 1:37 AM, Peter Gutmann wrote: > Brenda Fernández writes: > > >W10 is free and it's being pushed hard by MS. They even force W7 and W8 > users > >to download it when they aren't interested in 'upgrading'. So, if the > product > >is free for you, who is the customer? > > You're the product, not Windows. That was the good thing about the old > Microsoft (yes, there were good things about them), they took your money > and > left you alone to do whatever you wanted with their software. Now, like > Google (where you're entirely the product, for sale to anyone with money) > and > Apple (where you're still the product, but the sole customer is Apple), > they're turning their customers into the product. > > (Not to mention that W10 has moved even further along the path of treating > your PC like a cellphone. It's possibly the first GUI I've used that was > literally painful to use, the all-white-all-the-time UI theme was like > staring > into a lightbox, my eyes hurt after an hour of two of setting up a > neighbour's > PC). > > Peter. > -- Brenda Fernández me at brendafernandez.com GPG: CE5BEE6C81FCA4D4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2211 bytes Desc: not available URL: From guninski at guninski.com Tue Sep 22 22:26:15 2015 From: guninski at guninski.com (Georgi Guninski) Date: Wed, 23 Sep 2015 08:26:15 +0300 Subject: Is this crypto paper real or fake? In-Reply-To: References: <20150920135350.GB2587@sivokote.iziade.m$> <55FF328F.1030903@m-o-o-t.org> <20150921052911.GA2543@sivokote.iziade.m$> <55FFE2D1.5050308@m-o-o-t.org> <56006024.50903@librelamp.com> <20150922103943.GA2691@sivokote.iziade.m$> Message-ID: <20150923052615.GA2714@sivokote.iziade.m$> On Tue, Sep 22, 2015 at 09:27:43AM -0500, Brent Cook wrote: > Sounds like the next step is to remove curves <= 193 bits, and learn > from what breaks as a result. I believe this will break some CA certs trusted by major browsers and in particular will break some browsing. From admin at pilobilus.net Wed Sep 23 05:55:28 2015 From: admin at pilobilus.net (Steve Kinney) Date: Wed, 23 Sep 2015 08:55:28 -0400 Subject: Windows 10 In-Reply-To: References: <556D8DFD.6050402@riseup.net> <557BCAEB.3080003@riseup.net> <9A043F3CF02CD34C8E74AC1594475C73F4B1A65F@uxcn10-5.UoA.auckland.ac.nz> <20150923111438.GC2714@sivokote.iziade.m$> Message-ID: <5602A140.90907@pilobilus.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/23/2015 08:12 AM, Lodewijk andré de la porte wrote: > I hate to say it, but Windows 10 is the best OS out there. By > far. I hate to admit it, but what you say is true. "Best" is a completely context-dependent concept. Windows 10 is the best OS out there, by far, IF you as the user deeply desire to be owned and controlled, monitored and monetized in every way, as deeply and continuously as possible by your beloved Master. Granted, it's just a computer; but there's no denying it can deeply affect your Real Life. Like other Microsoft operating systems and application software, Windows 10 makes the wettest dreams of the submissive masochist come true: More holes eagerly waiting to be violated. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJWAqE+AAoJEDZ0Gg87KR0LfrAQALtF9CT3vk6eJXpnFvUkC9aN KqoxPmgEaaMyQTqcKhvFTyu2aqN3SRkTRgRnqpWMM5i1fx5FABZldE8232qw0oHw U97FFdTbU29rTZQWroByefWRKpJhDHvibcDmHOFutSYFskofLIWdYOhh1PFLvuGt SWS6W8pNqp3mXNd95uvt9rolDwNoyo/Py0UtoEY6uBZlwqH8CqcGwm5Ea/tfg6cc AlRCKpjENwZmGjCF8DDgiRj9BQ/ozET6Q3khVOZESMQGUlNa4sVR2dBk2ZV10DWL A/NZyQ2WbnlV6v/8B6mty7b+Z2VtXyYOgFocwWRHZjQJqX3tzdLl84clRDMoubel dL5nZJGBvgHwTV1QcH25G60syYI6f5/SYdbhkstBDMtJjwHEDIWoUL6TWPGwNZpw 8iVo3FuiQKVIWnSw0rkyelB2et0/bRQrVNtV8+YutZCLM8l+MlR0mnqSKK2A1OtT 3BqQkXP6GAZDsJw5UtTSND9EsbqDhYLSpaVYRPFw386pqgeymwlCbqrssjllA4je kpHRdahgeQ3Zx48We89rixfZhuZeZSAauGw87pzynyA0NJ0nujev+3EFI8F9vWhd e2qzU+CNUYbsCDMOY+TeekBx/2OPeGeZjBVy982jBudwDUZ1fFmUp5nVpMMrWUr1 6gXoJD45Yx4Ez6Jm5pBt =sT/u -----END PGP SIGNATURE----- From tbiehn at gmail.com Wed Sep 23 07:10:53 2015 From: tbiehn at gmail.com (Travis Biehn) Date: Wed, 23 Sep 2015 10:10:53 -0400 Subject: =?UTF-8?Q?Re=3A_Activists_leak_Russian_government=E2=80=99s_plans_to_c?= =?UTF-8?Q?reate_a_=E2=80=98national_Internet=E2=80=99?= In-Reply-To: <5602902C.3000101@openmailbox.org> References: <5602902C.3000101@openmailbox.org> Message-ID: Nothing wrong with doing a little research, I welcome any efforts of making internet supporting technologies look like the antiquated lead-lined aqueducts of Rome. Is this any different from Internet2? https://en.wikipedia.org/wiki/Internet2 "secure identity and access management tools" Internet2 is a not-for-profit United States computer networking consortium led by members from the research and education communities, industry, and government.[2] The Internet2 consortium administrative headquarters are located in Ann Arbor, Michigan, with offices in Washington, D.C. and Emeryville, California.[1] As of November 2013, Internet2 has over 500 members including 251 institutions of higher education,[3] 9 partners and 76 members from industry,[4] over 100 research and education networks or connector organizations,[5][6] and 67 affiliate members.[7] Internet2 operates the Internet2 Network,[8] an Internet Protocol network using optical fiber that delivers network services for research and education, and provides a secure network testing and research environment. In late 2007, Internet2 began operating its newest dynamic circuit network, the Internet2 DCN, an advanced technology that allows user-based allocation of data circuits over the fiber-optic network. The Internet2 Network, through its regional network and connector members, connects over 60,000 U.S. educational, research, government and "community anchor" institutions, from primary and secondary schools to community colleges and universities, public libraries and museums to health care organizations.[9] The Internet2 community develops and deploys network technologies for the future of the Internet. These technologies include large-scale network performance measurement and management tools,[10] secure identity and access management tools[11] and capabilities such as scheduling high-bandwidth, high-performance circuits.[12] Internet2 members serve on several advisory councils,[13] collaborate in a variety of working groups and special interest groups,[14] gather at spring and fall member meetings,[15] and are encouraged to participate in the strategic planning process.[16] -Travis On Wed, Sep 23, 2015 at 7:42 AM, Anton Nesterov wrote: > The data-leaking blog Anonymous International, also known as > Shaltai-Boltai (Humpty Dumpty), has published the Russian government’s > project proposal for creating a "national information platform," which > would serve as an alternative Russian Internet. > > According to Anonymous International, the project was drawn up by > Russia’s Foreign Trade Bank cluster analysis and spatial development > director Sergey Ganzya, the IT director of the hydroelectricity company > RusHydro, Garald Bandurin, and several other people. The leaked content > includes email correspondence and a document about the project. > > In the leaked emails, the authors of the project discuss the creation of > “an entirely custom IT platform that can expand globally.” The > development of such a platform can serve as “import substitution in the > IT sphere” and “create a secure national digital environment with lower > risks than in the global www-field.” > > The document published by Anonymous International mentions Russia’s > direct dependence on “the goodwill and decency of global providers of IT > solutions.” The authors of the document believe that “there are no > objective guarantees that, in the event of a conflict, Western security > agencies won’t paralyze—or, worse, seize—direct control over elements of > the infrastructure.” > > The leaked emails between the project’s authors refer to the “general > officers” of Russia’s “Oplot Rossii” party, which was tasked with > delivering the project proposal to Russian President Vladimir Putin. The > correspondence dates to June 2015. > > > https://meduza.io/en/news/2015/09/23/activists-leak-russian-government-s-plans-to-create-a-national-internet > > -- > https://nesterov.pw > GPG key: 0CE8 65F1 9043 2B11 25A5 74A7 1187 6869 67AA 56E4 > https://keybase.io/komachi/key.asc > -- Twitter | LinkedIn | GitHub | TravisBiehn.com | Google Plus -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5720 bytes Desc: not available URL: From guninski at guninski.com Wed Sep 23 00:16:57 2015 From: guninski at guninski.com (Georgi Guninski) Date: Wed, 23 Sep 2015 10:16:57 +0300 Subject: Is this crypto paper real or fake? In-Reply-To: <56024A32.8030602@zen.co.uk> References: <20150920135350.GB2587@sivokote.iziade.m$> <55FF328F.1030903@m-o-o-t.org> <20150921052911.GA2543@sivokote.iziade.m$> <55FFE2D1.5050308@m-o-o-t.org> <56006024.50903@librelamp.com> <20150922103943.GA2691@sivokote.iziade.m$> <20150923052615.GA2714@sivokote.iziade.m$> <56024A32.8030602@zen.co.uk> Message-ID: <20150923071657.GB2714@sivokote.iziade.m$> On Wed, Sep 23, 2015 at 07:44:02AM +0100, Peter Fairbrother wrote: > Backwards compatibility and cipher agility also permit cipher suite > choice degradation attacks like FREAK and logjam, where weak suites > are forced on the user. > > Not familiar with these, but forcing DH parameters or weak curve is serious. > ps is there an archive of libreSSL at openbsd anywhere? > At gmane.org, ATM it is down for me. From peter at m-o-o-t.org Wed Sep 23 02:51:02 2015 From: peter at m-o-o-t.org (Peter Fairbrother) Date: Wed, 23 Sep 2015 10:51:02 +0100 Subject: Is this crypto paper real or fake? In-Reply-To: <20150923052615.GA2714@sivokote.iziade.m$> References: <20150920135350.GB2587@sivokote.iziade.m$> <55FF328F.1030903@m-o-o-t.org> <20150921052911.GA2543@sivokote.iziade.m$> <55FFE2D1.5050308@m-o-o-t.org> <56006024.50903@librelamp.com> <20150922103943.GA2691@sivokote.iziade.m$> <20150923052615.GA2714@sivokote.iziade.m$> Message-ID: <56027606.7070106@m-o-o-t.org> On 23/09/15 06:26, Georgi Guninski wrote: > On Tue, Sep 22, 2015 at 09:27:43AM -0500, Brent Cook wrote: >> Sounds like the next step is to remove curves <= 193 bits, and learn >> from what breaks as a result. > > I believe this will break some CA certs trusted by major > browsers and in particular will break some browsing. > > Yes, that is a big problem with SSL and TLS. The desire for backwards compatibility and cipher agility means that the little padlock in the browser doesn't actually mean very much - the suite in use might be so weak as to be no better than unauthenticated plaintext. More, the average user doesn't usually have a clue what's going on - How secure is the suite in use? Does the suite in use have forward security? Is there any authentication? Is the authentication reliable? Is there any encryption? Is it actually secure in any way? - these are questions the average user cannot answer. Heck, I can't answer them most of the time without digging into the innards of the session. Backwards compatibility and cipher agility also permit cipher suite choice degradation attacks like FREAK and logjam, where weak suites are forced on the user. To be secure, cipher agility absolutely requires that weak or broken ciphers can be effectively and definitively eliminated from use - but there is no real mechanism in SSL/TLS for doing that. One solution is - in TLS3 abolish cipher agility, and have only one suite: call it Jim's suite. The little padlock in the browser now says "protected by Jim". Everybody now knows what that means, or can find out. The meaning doesn't change according to things going on in the computer which the ordinary guy has no clue about. After a few years, when Jim's suite is getting a little iffy, introduce Tom's suite in TLS4. Depreciate Jim's suite, then remove it. People shouldn't really be rewriting libreSSL - they should be writing libreTLS3 instead, with no cipher suite agility. Apart from anything else, with only one suite and one protocol, that should be a lot easier to do. ps is there an archive of libreSSL at openbsd anywhere? -- Peter Fairbrother From komachi at openmailbox.org Wed Sep 23 04:42:36 2015 From: komachi at openmailbox.org (Anton Nesterov) Date: Wed, 23 Sep 2015 11:42:36 +0000 Subject: Activists leak Russian =?UTF-8?B?Z292ZXJubWVudOKAmXMgcGxhbnMgdG8g?= =?UTF-8?B?Y3JlYXRlIGEg4oCYbmF0aW9uYWwgSW50ZXJuZXTigJk=?= Message-ID: <5602902C.3000101@openmailbox.org> The data-leaking blog Anonymous International, also known as Shaltai-Boltai (Humpty Dumpty), has published the Russian government’s project proposal for creating a "national information platform," which would serve as an alternative Russian Internet. According to Anonymous International, the project was drawn up by Russia’s Foreign Trade Bank cluster analysis and spatial development director Sergey Ganzya, the IT director of the hydroelectricity company RusHydro, Garald Bandurin, and several other people. The leaked content includes email correspondence and a document about the project. In the leaked emails, the authors of the project discuss the creation of “an entirely custom IT platform that can expand globally.” The development of such a platform can serve as “import substitution in the IT sphere” and “create a secure national digital environment with lower risks than in the global www-field.” The document published by Anonymous International mentions Russia’s direct dependence on “the goodwill and decency of global providers of IT solutions.” The authors of the document believe that “there are no objective guarantees that, in the event of a conflict, Western security agencies won’t paralyze—or, worse, seize—direct control over elements of the infrastructure.” The leaked emails between the project’s authors refer to the “general officers” of Russia’s “Oplot Rossii” party, which was tasked with delivering the project proposal to Russian President Vladimir Putin. The correspondence dates to June 2015. https://meduza.io/en/news/2015/09/23/activists-leak-russian-government-s-plans-to-create-a-national-internet -- https://nesterov.pw GPG key: 0CE8 65F1 9043 2B11 25A5 74A7 1187 6869 67AA 56E4 https://keybase.io/komachi/key.asc From l at odewijk.nl Wed Sep 23 05:12:42 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Wed, 23 Sep 2015 14:12:42 +0200 Subject: Windows 10 In-Reply-To: <20150923111438.GC2714@sivokote.iziade.m$> References: <556D8DFD.6050402@riseup.net> <557BCAEB.3080003@riseup.net> <9A043F3CF02CD34C8E74AC1594475C73F4B1A65F@uxcn10-5.UoA.auckland.ac.nz> <20150923111438.GC2714@sivokote.iziade.m$> Message-ID: I hate to say it, but Windows 10 is the best OS out there. By far. The productivity features, like the hybrid tiling window manager, the new explorer, etc. Are great. Internet Explorer got it's rebrand, and the new browser is actually nominal. I still killed and burned it ofc. Driver and app support was bumpy, but compared to linux it's a smooth ride. Now it's actually the best in the world for support. The new design is thoughtful, flexible and unopinionated. High DPI support is fully integrated. The OS is more customizable than Linux. Not because it's an easily customizable OS, but because others did a lot of hard work to make it customizable. Security wise it's still not ideal, but neither are Linux or Mac (people still get owned a lot, lots of third party code through plugins and whatnot, etc) Cortana listens all the time, and may actually become useful one day. People are happy because she's from Halo and similar to the already accepted Siri. Basically, we're fucked. Microsoft is winning through superiority. To make Linux competitive means making it a LOT more modern. Possible there's a need to focus effort, and to reduce loc. Basically; fucked. On Sep 23, 2015 13:17, "Georgi Guninski" wrote: > On Wed, Sep 23, 2015 at 04:37:39AM +0000, Peter Gutmann wrote: > > Brenda Fernández writes: > > > > >W10 is free and it's being pushed hard by MS. They even force W7 and W8 > users > > >to download it when they aren't interested in 'upgrading'. So, if the > product > > >is free for you, who is the customer? > > > > You're the product, not Windows. That was the good thing about the old > > Microsoft (yes, there were good things about them), they took your money > and > > left you alone to do whatever you wanted with their software. Now, like > > Google (where you're entirely the product, for sale to anyone with > money) and > > Apple (where you're still the product, but the sole customer is Apple), > > they're turning their customers into the product. > > > > (Not to mention that W10 has moved even further along the path of > treating > > your PC like a cellphone. It's possibly the first GUI I've used that was > > literally painful to use, the all-white-all-the-time UI theme was like > staring > > into a lightbox, my eyes hurt after an hour of two of setting up a > neighbour's > > PC). > > > > Peter. > > Lol... > > > http://www.theregister.co.uk/2015/09/21/microsoft_fix_windows_10_start_menu/ > Microsoft starts to fix Start Menu in new Windows 10 preview > Yippee, now you can have 2,048 entries – but why is there a limit? > > Do they still run activex in their browser? > > AFAICT they mitigate digitally signed malware with technology > something like "kill biLL" or maybe "kill biT". > > Or is flash sufficiently good substitute? > > NSAKEY already found? > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3672 bytes Desc: not available URL: From guninski at guninski.com Wed Sep 23 04:14:38 2015 From: guninski at guninski.com (Georgi Guninski) Date: Wed, 23 Sep 2015 14:14:38 +0300 Subject: Windows 10 In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4B1A65F@uxcn10-5.UoA.auckland.ac.nz> References: <556D8DFD.6050402@riseup.net> <557BCAEB.3080003@riseup.net> <9A043F3CF02CD34C8E74AC1594475C73F4B1A65F@uxcn10-5.UoA.auckland.ac.nz> Message-ID: <20150923111438.GC2714@sivokote.iziade.m$> On Wed, Sep 23, 2015 at 04:37:39AM +0000, Peter Gutmann wrote: > Brenda Fernández writes: > > >W10 is free and it's being pushed hard by MS. They even force W7 and W8 users > >to download it when they aren't interested in 'upgrading'. So, if the product > >is free for you, who is the customer? > > You're the product, not Windows. That was the good thing about the old > Microsoft (yes, there were good things about them), they took your money and > left you alone to do whatever you wanted with their software. Now, like > Google (where you're entirely the product, for sale to anyone with money) and > Apple (where you're still the product, but the sole customer is Apple), > they're turning their customers into the product. > > (Not to mention that W10 has moved even further along the path of treating > your PC like a cellphone. It's possibly the first GUI I've used that was > literally painful to use, the all-white-all-the-time UI theme was like staring > into a lightbox, my eyes hurt after an hour of two of setting up a neighbour's > PC). > > Peter. Lol... http://www.theregister.co.uk/2015/09/21/microsoft_fix_windows_10_start_menu/ Microsoft starts to fix Start Menu in new Windows 10 preview Yippee, now you can have 2,048 entries – but why is there a limit? Do they still run activex in their browser? AFAICT they mitigate digitally signed malware with technology something like "kill biLL" or maybe "kill biT". Or is flash sufficiently good substitute? NSAKEY already found? From juan.g71 at gmail.com Wed Sep 23 11:37:15 2015 From: juan.g71 at gmail.com (Juan) Date: Wed, 23 Sep 2015 15:37:15 -0300 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <3684347.K1ZfXkoDa4@lapuntu> References: <2044953.aWtXiBlrBy@lapuntu> <56009ac7.e45c8c0a.63ed.fffff278@mx.google.com> <3684347.K1ZfXkoDa4@lapuntu> Message-ID: <5602f03a.0233370a.30c98.fffffe20@mx.google.com> Por curiosidad, vos seguis siendo 'afin' y 'leal' a amati y el resto de bolsas de mierda de la mafia bitcoin argenta? From juan.g71 at gmail.com Wed Sep 23 11:46:16 2015 From: juan.g71 at gmail.com (Juan) Date: Wed, 23 Sep 2015 15:46:16 -0300 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <3684347.K1ZfXkoDa4@lapuntu> References: <2044953.aWtXiBlrBy@lapuntu> <56009ac7.e45c8c0a.63ed.fffff278@mx.google.com> <3684347.K1ZfXkoDa4@lapuntu> Message-ID: <5602f257.13918c0a.ce29.fffffe42@mx.google.com> > Por curiosidad, vos seguis siendo 'afin' y 'leal' a amati y el > resto de bolsas de mierda de la mafia bitcoin argenta? > > Oops. That was intended for Brenda, not the list... Anyway, it turns out I know Brenda and I know she's the typical fake libertarian. She and her 'friends'. From juan.g71 at gmail.com Wed Sep 23 11:48:48 2015 From: juan.g71 at gmail.com (Juan) Date: Wed, 23 Sep 2015 15:48:48 -0300 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: References: <55FF812F.1090406@echeque.com> <56007137.2010503@riseup.net> <5469043.2VszmLFXp0@lapuntu> <56019021.1010202@riseup.net> <5601a8f9.53528c0a.cde70.0b36@mx.google.com> Message-ID: <5602f2ef.271b370a.a2e5f.0585@mx.google.com> On Wed, 23 Sep 2015 06:22:43 -0300 Brenda Fernández wrote: > so all they do is in their actual best interest and they aren't > failing and on the brink of collapse? LMAO! The USG is on the brink of collapse? Lay off the drugs. > > Care to clarify apart from trolling? the fuck do you mean, trolling? > > k, thx! > > On Tue, Sep 22, 2015 at 4:20 PM, Juan wrote: > > > On Tue, 22 Sep 2015 15:05:14 -0300 > > Brenda Fernández wrote: > > > > > USG incompetence is hard to understand in these matters. > > > > there isn't any incompetence involved. > > > > > I have no > > > idea why they fuck up like this, > > > > > > right, you don't. > > > > > > getting involved in a conflict, > > > supporting a side their are against to fight against the other > > > side they are supposedly also against, but always on paper, they > > > will never go there be killed. So why involve yourself in the > > > first place other than to destroy what remains of your > > > reputations, what remains of your money and relevance? But it's > > > interesting nonetheless, to watch and see them fall, which > > > they've been invariably doing since Vietnam. > > > > > > On Tue, Sep 22, 2015 at 2:30 PM, Razer wrote: > > > > > > > On 09/22/2015 05:26 AM, rysiek wrote: > > > > > They are both fucked up, in many *different* (systemic racism > > > > > in the US; systemic homophobia in Russia), and several > > > > > *similar* ways (oligarchy > > > > running > > > > > things). And yet they are able to play us, because > > > > > predominantly we > > > > simply > > > > > cannot see the bigger picture and cannot seem to understand > > > > > *anything* > > > > more > > > > > complicated than the simplified beyond belief "USA BAD RUSSIA > > > > > GOOD" (or > > > > the > > > > > other way around) worldview. > > > > > > > > For so many years now the geopolitical 'grand game' has been > > > > "Good Cop/Bad Cop", "Mutt and "Jeff" played on the typically > > > > indigenous people-d extractive resources nations (and in other > > > > ways against the west's manufacturing satraps) by the US AND > > > > Russia. Either you pick one side or the other or we have a war > > > > in YOUR country where YOUR people get killed and your > > > > society/way of life destroyed. There are no "nice guys". On the > > > > other hand I bristle when Syria's ally is accused of > > > > warmongering for doing what allies are supposed to do. Come to > > > > their defense in the traditional manner against an army of > > > > mercenaries that the West claims on one hand to be fighting, > > > > and on the other, had a large part in it's creation. > > > > > > > > Americans just sat idly by with their thumbs up their asses in > > > > denial while the State Dept and CIA created AQv2 from the > > > > Libyans we hired to sodomize Muammar al-Gadaffi with swords, > > > > and if the Russians want to eradicate that threat to Syria and > > > > the region, have at it. > > > > > > > > > > > > > > > > > > > > > > From juan.g71 at gmail.com Wed Sep 23 12:03:56 2015 From: juan.g71 at gmail.com (Juan) Date: Wed, 23 Sep 2015 16:03:56 -0300 Subject: Windows 10 In-Reply-To: References: <556D8DFD.6050402@riseup.net> <557BCAEB.3080003@riseup.net> <9A043F3CF02CD34C8E74AC1594475C73F4B1A65F@uxcn10-5.UoA.auckland.ac.nz> <20150923111438.GC2714@sivokote.iziade.m$> Message-ID: <5602f67b.8c1b370a.1c248.0585@mx.google.com> On Wed, 23 Sep 2015 14:12:42 +0200 Lodewijk andré de la porte wrote: > I hate to say it, but Windows 10 is the best OS out there. By far. apropos of trolling.... From juan.g71 at gmail.com Wed Sep 23 12:30:03 2015 From: juan.g71 at gmail.com (Juan) Date: Wed, 23 Sep 2015 16:30:03 -0300 Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <1169913898.457557.1443035239505.JavaMail.yahoo@mail.yahoo.com> References: <5602f03a.0233370a.30c98.fffffe20@mx.google.com> <1169913898.457557.1443035239505.JavaMail.yahoo@mail.yahoo.com> Message-ID: <5602fc9a.361f8c0a.1ae4e.ffffb2a5@mx.google.com> On Wed, 23 Sep 2015 19:07:19 +0000 (UTC) jim bell wrote: > From: Juan > To: cypherpunks at cpunks.org > > Por curiosidad, vos seguis siendo 'afin' y 'leal' a amati y el > > resto de bolsas de mierda de la mafia bitcoin argenta? > > No hablo Espanol, senor. Apologies. The thing is, sometimes mail from the list don't seem to come (only) from the list. Yours for instance apparently was sent both to my address directly and to the list. And your message also has a "Reply-To: jim bell field. Same thing happened with Brenda's message. So, I asked Brenda if she is still loyal to the local (argentina) bitcoin mafia. > This reminds me of something that happened in prison in 2006. I was > cellies in the SHU (solitary, sort of) with a Mexican, who was > illiterate in both English and Spanish. He'd received some sort of > official letter, in Spanish, probably from the Mexican government. > I don't understand (nearly all) Spanish, but I understood, in > general, how to pronounce Spanish. So, I "read" the letter to him, > not understanding it at all, and HE understood what I was reading! I > was careful to explain to him that despite the fact I was reading it > in Spanish, I had no idea what I was reading actually meant. That's a great story =) > Jim Bell > > > > > > > From jdb10987 at yahoo.com Wed Sep 23 10:33:32 2015 From: jdb10987 at yahoo.com (jim bell) Date: Wed, 23 Sep 2015 17:33:32 +0000 (UTC) Subject: And it probably fits in a shoe, Max... Message-ID: <49541108.373837.1443029612147.JavaMail.yahoo@mail.yahoo.com> http://www.nextgov.com/cybersecurity/2015/09/dhs-wants-boeing-test-brain-chip-firms-self-destructing-black-spyphone/121697/ The Department of Homeland Security is funding a Boeing company to create a "brain chip" for its self-destructing Black smartphone that could be adapted for any device, DHS officials say.The technology powering the devices potentially could identify the user’s walking style, for example. Officials would be alerted if the gait does not match the authorized user’s walk – a red flag the phone might have fallen into the wrong hands, officials said. The "secret sauce" of the mobile device is a so-called neuromorphic computer chip that simulates human learning, Vincent Sritapan, the program manager for DHS' mobile device security program, told Nextgov.Gait recognition -- driven by the phone's accelerometer, GPS and the chip -- is but one of many kinds of continuous ID verification intended to tighten access controls on mobile devices.   Boeing and HRL Laboratories, a software firm jointly owned by Boeing and General Motors, are partnering under a DHS project worth $2.2 million over 2.5 years. The companies "pretty much are leveraging user behavior information" from data gathered by sensors found on any standard consumer smartphone, Sritapan said. Those feelers could include microphones, cameras and touchpads, he added. The artificial intelligence could help agencies determine, “Are you who you say you are, and do we give you access to enterprise resources like email?” he said.Homeland Security chose the Boeing Black for experimentation, because the company was willing to embed the chip into its device, Sritapan said."I would call this a high-risk, high-reward type of project," he added. "If successful, this technology can go into any device the manufacturers are willing to integrate it with" and would meet military, DHS and other federal agency information security specifications. Referring to the Black as "the test body," he said the government purchased the brand for "specific uses," such as secure voice calls. Smartphone as Test TubeIt remains to be seen whether DHS itself will buy brain chip-embedded Blacks for operations in the field. If the chip is successful at the end of a 2-year research and development period, DHS and Boeing will share the cost of a 6-month pilot program, Sritapan said. State Department staffers apparently plan to or are currently using the Black."Boeing's team will provide a two-consecutive day Discovery Workshop that includes a Boeing Black product overview, technical deep dives and a security requirements analysis," department officials said in a solicitation for a Boeing Black Secure Voice Workshop released Monday. Other players in the military-grade smartphone space include the similarly-named Blackphone made by Silent Circle, an encrypted communications provider co-founded by the inventor of PGP encryption and a former Navy Seal. Android-based Samsung smartphones running the firm’s Knox security software are another option for Pentagon components. Defense Department Chief Information Officer Terry Halvorsen has previously said DOD plans to test top-secret smartphones in the fall. The smartphone AI under development also would continuously track unusual digital transactions, like an app meddling with the operating system or a spike in network traffic, DHS officials said.MIT Technology Review describes the way neuromorphic chips understand the world as basically cognition: "Like the neurons in your own brain, those on HRL’s chip adjust their synaptic connections when exposed to new data. In other words, the chip learns through experience."Their low-power consumption makes the chips especially attractive for smartphones that sap batteries, experts say. Last fall, HRL Laboratories test-piloted a miniature drone with a Defense-funded prototype neuromorphic chip inside. The unmanned aircraft learned to recognize three different rooms it had never entered before by memorizing their wall patterns.A Black-Blackberry Connection?The phone in which the thinking-chip will be tested is straight out of a James Bond movie. The Black completely erases itself if it detects human or technical tampering. It looks like a common, touchscreen Android smartphone, but the hardware and software inside can be custom-tailored to an agency’s or company's specific needs. In the DHS model, the hidden innards will consist of the neuromorphic chip and associated software. Government smartphone stalwart BlackBerry – stepping back from device production – announced last year it will provide software services for Black. BlackBerry this month bought Good Technology, a mobile security software provider widely used in the public sector. Good and BlackBerry combined represented 19 percent of the $1.4 billion mobile management software sector last year. On Tuesday, Boeing officials said in an emailed statement, "Boeing has developed a secure, mobile solution that is designed to meet the needs of defense and security customers. Due to customer sensitivities, we cannot disclose who is currently using the device or considering a purchase."(Image via bestfoto77/ Shutterstock.com) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 23406 bytes Desc: not available URL: From jdb10987 at yahoo.com Wed Sep 23 12:07:19 2015 From: jdb10987 at yahoo.com (jim bell) Date: Wed, 23 Sep 2015 19:07:19 +0000 (UTC) Subject: How Putin Controls the Internet and Popular Opinion in Russia In-Reply-To: <5602f03a.0233370a.30c98.fffffe20@mx.google.com> References: <5602f03a.0233370a.30c98.fffffe20@mx.google.com> Message-ID: <1169913898.457557.1443035239505.JavaMail.yahoo@mail.yahoo.com> From: Juan To: cypherpunks at cpunks.org > Por curiosidad, vos seguis siendo 'afin' y 'leal' a amati y el > resto de bolsas de mierda de la mafia bitcoin argenta? No hablo Espanol, senor. This reminds me of something that happened in prison in 2006. I was cellies in the SHU (solitary, sort of) with a Mexican, who was illiterate in both English and Spanish. He'd received some sort of official letter, in Spanish, probably from the Mexican government. I don't understand (nearly all) Spanish, but I understood, in general, how to pronounce Spanish. So, I "read" the letter to him, not understanding it at all, and HE understood what I was reading! I was careful to explain to him that despite the fact I was reading it in Spanish, I had no idea what I was reading actually meant. Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2459 bytes Desc: not available URL: From Rayzer at riseup.net Thu Sep 24 08:31:48 2015 From: Rayzer at riseup.net (Razer) Date: Thu, 24 Sep 2015 08:31:48 -0700 Subject: =?UTF-8?Q?Re:_Activists_leak_Russian_government=e2=80=99s_plans_to_?= =?UTF-8?Q?create_a_=e2=80=98national_Internet=e2=80=99?= In-Reply-To: <5602902C.3000101@openmailbox.org> References: <5602902C.3000101@openmailbox.org> Message-ID: <56041764.3070905@riseup.net> On 09/23/2015 04:42 AM, Anton Nesterov wrote: > “create a secure national digital environment with lower risks than in the global www-field.” My $0.02c: They're just getting the hang of 'portalling' everyone's coms onto "One Big Cable" for better 'sniffin' '. If the US Internet was being developed now instead of the late 50s and early 60s they'd (officially) probably portal all civilian internet users at the national level too instead of letting all those pesky telecom companies get in the way. (Ps. whenever I see the word 'anonymous' I think Feds. Disposing of the idea this may be factual into the Cold War circular bitbucket) RR -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: From komachi at openmailbox.org Thu Sep 24 07:47:13 2015 From: komachi at openmailbox.org (Anton Nesterov) Date: Thu, 24 Sep 2015 14:47:13 +0000 Subject: Activists leak Russian =?UTF-8?B?Z292ZXJubWVudOKAmXMgcGxhbnMg?= =?UTF-8?B?dG8gY3JlYXRlIGEg4oCYbmF0aW9uYWwgSW50ZXJuZXTigJk=?= In-Reply-To: References: <5602902C.3000101@openmailbox.org> Message-ID: <56040CF1.5040609@openmailbox.org> Judging by leaked docs and people involved I'd say it's more like Kwangmyong https://en.wikipedia.org/wiki/Kwangmyong_%28network%29 So it's created not for research, but for censorship. Also they want to get some money from the govt for this project (they even scared that Rostec could get this tender). Travis Biehn: > Nothing wrong with doing a little research, I welcome any efforts of making > internet supporting technologies look like the antiquated lead-lined > aqueducts of Rome. > > Is this any different from Internet2? > > https://en.wikipedia.org/wiki/Internet2 > > "secure identity and access management tools" > > Internet2 is a not-for-profit United States computer networking consortium > led by members from the research and education communities, industry, and > government.[2] The Internet2 consortium administrative headquarters are > located in Ann Arbor, Michigan, with offices in Washington, D.C. and > Emeryville, California.[1] > > As of November 2013, Internet2 has over 500 members including 251 > institutions of higher education,[3] 9 partners and 76 members from > industry,[4] over 100 research and education networks or connector > organizations,[5][6] and 67 affiliate members.[7] > > Internet2 operates the Internet2 Network,[8] an Internet Protocol network > using optical fiber that delivers network services for research and > education, and provides a secure network testing and research environment. > In late 2007, Internet2 began operating its newest dynamic circuit network, > the Internet2 DCN, an advanced technology that allows user-based allocation > of data circuits over the fiber-optic network. > > The Internet2 Network, through its regional network and connector members, > connects over 60,000 U.S. educational, research, government and "community > anchor" institutions, from primary and secondary schools to community > colleges and universities, public libraries and museums to health care > organizations.[9] > > The Internet2 community develops and deploys network technologies for the > future of the Internet. These technologies include large-scale network > performance measurement and management tools,[10] secure identity and > access management tools[11] and capabilities such as scheduling > high-bandwidth, high-performance circuits.[12] > > Internet2 members serve on several advisory councils,[13] collaborate in a > variety of working groups and special interest groups,[14] gather at spring > and fall member meetings,[15] and are encouraged to participate in the > strategic planning process.[16] > > > -Travis > > > On Wed, Sep 23, 2015 at 7:42 AM, Anton Nesterov > wrote: > >> The data-leaking blog Anonymous International, also known as >> Shaltai-Boltai (Humpty Dumpty), has published the Russian government’s >> project proposal for creating a "national information platform," which >> would serve as an alternative Russian Internet. >> >> According to Anonymous International, the project was drawn up by >> Russia’s Foreign Trade Bank cluster analysis and spatial development >> director Sergey Ganzya, the IT director of the hydroelectricity company >> RusHydro, Garald Bandurin, and several other people. The leaked content >> includes email correspondence and a document about the project. >> >> In the leaked emails, the authors of the project discuss the creation of >> “an entirely custom IT platform that can expand globally.” The >> development of such a platform can serve as “import substitution in the >> IT sphere” and “create a secure national digital environment with lower >> risks than in the global www-field.” >> >> The document published by Anonymous International mentions Russia’s >> direct dependence on “the goodwill and decency of global providers of IT >> solutions.” The authors of the document believe that “there are no >> objective guarantees that, in the event of a conflict, Western security >> agencies won’t paralyze—or, worse, seize—direct control over elements of >> the infrastructure.” >> >> The leaked emails between the project’s authors refer to the “general >> officers” of Russia’s “Oplot Rossii” party, which was tasked with >> delivering the project proposal to Russian President Vladimir Putin. The >> correspondence dates to June 2015. >> >> >> https://meduza.io/en/news/2015/09/23/activists-leak-russian-government-s-plans-to-create-a-national-internet >> >> -- >> https://nesterov.pw >> GPG key: 0CE8 65F1 9043 2B11 25A5 74A7 1187 6869 67AA 56E4 >> https://keybase.io/komachi/key.asc >> > > > -- https://nesterov.pw GPG key: 0CE8 65F1 9043 2B11 25A5 74A7 1187 6869 67AA 56E4 https://keybase.io/komachi/key.asc From jdb10987 at yahoo.com Thu Sep 24 10:43:12 2015 From: jdb10987 at yahoo.com (jim bell) Date: Thu, 24 Sep 2015 17:43:12 +0000 (UTC) Subject: FCC NPRM seeks to end open SDR In-Reply-To: <56018CF8.6010500@riseup.net> References: <56018CF8.6010500@riseup.net> Message-ID: <523336772.452019.1443116592340.JavaMail.yahoo@mail.yahoo.com> I read the FCC proposal on SDR's. It would be a disaster from the standpoint of technology development. One way to attack this, with oppositions filed, would be to point out that the FCC hasn't demonstrated that there is a genuine problem with actual equipment. They should have any problem at all with "software defined receivers", tell 'em so. As for "software defined transmitters", what's the problem? Can they demonstrate a genuine problem in the field? Probably not. Jim Bell From: Razer To: cypherpunks at cpunks.org Sent: Tuesday, September 22, 2015 10:16 AM Subject: Re: FCC NPRM seeks to end open SDR >It was so much simpler when all I had to do was clip the end of one >lousy diode to open my TS-440 up from DC to Daylight... The Alinco 2/440 >dual-bander did the same with one zero-ohm resistor removal. On 09/21/2015 01:54 PM, wirelesswarrior at safe-mail.net wrote: >> Since the early days of open SDR these devices have been sold as test equipment which does not require onerous type approvals or >certifications by the manufacturer or importer. The FCC now seeks to change this >> >> https://www.federalregister.gov/articles/2015/08/06/2015-18402/equipment-authorization-and-electronic-labeling-for-wireless-devices#h-13 >> >> and require product features which block software changes after manufacture. This, of course, is the very heart of SDR and its prohibition would be nothing short of effectively banning SDR and any open source experimentation with RF signal processing beyond the theoretic. >> >> WW -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3631 bytes Desc: not available URL: From themikebest at gmail.com Thu Sep 24 15:09:29 2015 From: themikebest at gmail.com (Michael Best) Date: Thu, 24 Sep 2015 18:09:29 -0400 Subject: William F. Friedman documents now on Internet Archive Message-ID: I uploaded the 7,000+ Friedman NSA docs to the Internet Archive and used the metadata to rename the titles into something a little easier for humans to read and sort. https://archive.org/details/nsa-friedman The complete set of Friedman docs are also included in the NSA FOIA vault at https://archive.org/details/NSA-FOIA-Vault ( https://archive.org/compress/NSA-FOIA-Vault to get the entire vault in a single zip). To grab just the Friedman docs and not the rest of the NSA FOIA vault, go to https://archive.org/download/NSA-FOIA-Vault/Friedman%20Documents.7z -- I should point out that the collected version includes the metadata file, but file names are unchanged and unassociated with human readable titles. These are the same copies released through the NSA's website, just a bit easier to sort and read. Enjoy. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1223 bytes Desc: not available URL: From rysiek at hackerspace.pl Thu Sep 24 12:08:16 2015 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 24 Sep 2015 21:08:16 +0200 Subject: Fwd: Re: [bestbits] Indian Encryption Policy Message-ID: <3140640.dSR2kS7bYp@lapuntu> Well, that's going to be fun. ---------- Treść przekazywanej wiadomości ---------- Temat: Re: [bestbits] Indian Encryption Policy Data: poniedziałek, 21 września 2015, 15:42:05 Od: Mishi Choudhary Hi Carol, Thanks for highlighting this. Its a draft National Encryption Policy and public comments are invited by October 16, 2015. Comments are to be emailed to Mr A,S.A. Krishnan, akrishnan at deity.gov.in The key highlights of the policy are : 1. A stipulation that businesses and citizens are to maintain plain text (unencrypted) copies of encrypted content for a period of 90 days, to be made available to Law Enforcement Agencies (LEAs) when so directed under law. 2. Vendors of encryption products are required to register their products with the Government as a pre-condition to conducting business in India. They are also expected to re-register their products with every update. This requirement is not limited to vendors of dedicated encryption products, and seemingly includes even products that use encryption in the course of providing a larger service such as messaging or e-commerce. (Service Providers located within and outside India, using Encryption technology for providing any type of services in India must enter into an agreement with the Government for providing such services in India). 3. Encryption algorithms and key sizes shall be prescribed by the Government through Notifications from time to time. ----------------------------------------- -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Thu Sep 24 12:36:51 2015 From: rysiek at hackerspace.pl (rysiek) Date: Thu, 24 Sep 2015 21:36:51 +0200 Subject: Fwd: [bestbits] Update: Indian Encryption Policy Message-ID: <2244293.6c61Mn5SCa@lapuntu> Aaand it's gone. For now. ---------- Treść przekazywanej wiadomości ---------- Temat: [bestbits] Update: Indian Encryption Policy Data: wtorek, 22 września 2015, 11:03:21 Od: Mishi Choudhary Post a public outcry, DEITY has withdrawn this policy. ----------------------------------------- -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From admin at pilobilus.net Fri Sep 25 06:46:32 2015 From: admin at pilobilus.net (Steve Kinney) Date: Fri, 25 Sep 2015 09:46:32 -0400 Subject: Fwd: Re: [bestbits] Indian Encryption Policy In-Reply-To: <3140640.dSR2kS7bYp@lapuntu> References: <3140640.dSR2kS7bYp@lapuntu> Message-ID: <56055038.5000304@pilobilus.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/24/2015 03:08 PM, rysiek wrote: > Well, that's going to be fun. > > ---------- Treść przekazywanej wiadomości ---------- > > Temat: Re: [bestbits] Indian Encryption Policy Data: > poniedziałek, 21 września 2015, 15:42:05 Od: Mishi Choudhary > > Hi Carol, > > Thanks for highlighting this. Its a draft National Encryption > Policy and public comments are invited by October 16, 2015. > Comments are to be emailed to Mr A,S.A. Krishnan, > akrishnan at deity.gov.in > > The key highlights of the policy are : I hope they call tech support before installing this. > 1. A stipulation that businesses and citizens are to maintain > plain text (unencrypted) copies of encrypted content for a > period of 90 days, to be made available to Law Enforcement > Agencies (LEAs) when so directed under law. > > 2. Vendors of encryption products are required to register > their products with the Government as a pre-condition to > conducting business in India. They are also expected to > re-register their products with every update. This requirement > is not limited to vendors of dedicated encryption products, and > seemingly includes even products that use encryption in the > course of providing a larger service such as messaging or > e-commerce. (Service Providers located within and outside > India, using Encryption technology for providing any type > of services in India must enter into an agreement with the > Government for providing such services in India). > > 3. Encryption algorithms and key sizes shall be > prescribed by the Government through Notifications from time > to time. > > ----------------------------------------- > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJWBVA2AAoJEDZ0Gg87KR0L6vwQANIElSfmCUI4TLkNArN0YCda 4z6vHdHAE+JRcj1u8Y4YnbD5SlfcdVxXt0Rw2j5hAK6JCdflMskVxiXHbd7c7nez D1q8oiSB9jXSUqsPfNUTOXgBoTfL0kZamhs49ZJrcN9sZd3kzB8v+74yZgAXRQWl RLsfziagxRF3Bxb+8HJ/ucZk1LcZQan2hHyiCjpA8AgvRoWLXROMTDNxO+Bl441D m2pSQDFCWAAHfbFtjfVvcneQgxY5sq/Ue247RGrs8sCChGrqDpVlOF6cEODeDkjs wZuZa52i38TwROwpwTvZ2A3yFlsBM1K0/WPIlWWJsinBUnUAmBDDzKNW6V+FXlZj 4VbH4DrG6wYGeY+sR4TqH6rGmiJfgw4pzE7lL+XRBXHOOkmZn/5mNKbGFN2927N3 zS/N6lUEBrdiD6jZxslyuqT2XVd3B3M7BDLeVtL9jNSfJ3BIcEYj0Xr/LMj+fl1+ CGrA80SWy0t6SBTZ7hXWB7SZb7pAvUfWxLW0lP2yDBMiPIptxTUv808ZgfdbCKOB GyPv2t8GN0Dr+5IbfC4xdram2UGk+vEVBM5NONjyR0fjbeqWBPooxPXms+CqlOfE 1Lvlz/kxuFlS4tTVNIuglKujS9kEnEm8hftdkCMpdpdx4LULGmYEO3+4sk5g0ixR vvY94IjuqPJj7JpFvaYf =DVyH -----END PGP SIGNATURE----- From guninski at guninski.com Fri Sep 25 01:49:06 2015 From: guninski at guninski.com (Georgi Guninski) Date: Fri, 25 Sep 2015 11:49:06 +0300 Subject: State of the art in directing human made ball lightning? Message-ID: <20150925084906.GA3811@sivokote.iziade.m$> Probably offtopic, but would like to know what is the state of art in directing human made ball lightning (or something close to it). According to wikipedia: https://en.wikipedia.org/wiki/Ball_lightning#Laboratory_experiments humans made stuff close to it (was surprised one way involves home microwave oven). By "directing" I mean controlling its way. From wirelesswarrior at safe-mail.net Fri Sep 25 12:13:46 2015 From: wirelesswarrior at safe-mail.net (wirelesswarrior at safe-mail.net) Date: Fri, 25 Sep 2015 15:13:46 -0400 Subject: State of the art in directing human made ball lightning? Message-ID: See: http://scholar.google.com.secure.sci-hub.org/scholar?q=triggered+lightening+ball&btnG=&hl=en&as_sdt=0%2C5 Not directly answering your question controlled discharge of normal leader lightning using lasers or small rockets has been an area of intense research for some time. For example, see: http://scholar.google.com.secure.sci-hub.org/scholar?q=triggered+lightening+laser&btnG=&hl=en&as_sdt=0%2C5 and http://scholar.google.com.secure.sci-hub.org/scholar?q=triggered+lightening+rocket&btnG=&hl=en&as_sdt=0%2C5 For Google search articles not showing article links suggest you try http://gen.lib.rus.ec/scimag/index.php -------- Original Message -------- From: Georgi Guninski Apparently from: cypherpunks-bounces at cpunks.org To: cypherpunks at cpunks.org Subject: State of the art in directing human made ball lightning? Date: Fri, 25 Sep 2015 11:49:06 +0300 > Probably offtopic, but would like to know what is > the state of art in directing human made ball lightning > (or something close to it). From guninski at guninski.com Fri Sep 25 23:08:34 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sat, 26 Sep 2015 09:08:34 +0300 Subject: KARMA POLICE: GCHQ spooks spied on every web user ever Message-ID: <20150926060834.GA2647@sivokote.iziade.m$> http://www.theregister.co.uk/2015/09/25/gchq_tracked_web_browsing_habits_karma_police/ KARMA POLICE: GCHQ spooks spied on every web user ever Leaked docs show how out-of-control spy agency went full Stasi on innocent surfers New documents revealing GCHQ's mass-surveillance activities have detailed an operation codenamed KARMA POLICE, which slurped up the details of "every visible user on the Internet". http://www.theregister.co.uk/2015/09/25/trillions_in_surveillance_gchq/ Blighty's GCHQ stashes away 50+ billion records a day on people. Just let that sink in When the slide on BLACK HOLE was composed in March 2009, the flat data store held more than 1.1 trillion things which GCHQ had collected since August 2007. The store weighed in at 217TB when uncompressed, the largest share of which was HTTP data (41 per cent), which alongside web search (19 per cent) and SMTP data (12 per cent) accounted for almost three quarters of all that it held. From juan.g71 at gmail.com Sat Sep 26 13:51:44 2015 From: juan.g71 at gmail.com (Juan) Date: Sat, 26 Sep 2015 17:51:44 -0300 Subject: tox Message-ID: <56070435.ea17370a.da260.30f2@mx.google.com> I've been playing with tox(thanks rysiek!) and it looks rather interesting. I noticed however that it's not listed here https://www.eff.org/secure-messaging-scorecard Maybe somebody who knows somebody at eff could drop them a message? Also, apart from retroshare (and tox), is there any other p2p messaging network? From coderman at gmail.com Sat Sep 26 20:09:46 2015 From: coderman at gmail.com (coderman) Date: Sat, 26 Sep 2015 20:09:46 -0700 Subject: Fwd: [qubes-devel] Purism Librem 13 and Qubes In-Reply-To: References: <56003e3d.cb978c0a.e0ad6.ffffba74@mx.google.com> Message-ID: ---------- Forwarded message ---------- From: Radoslaw Szkodzinski Date: Sun, 27 Sep 2015 02:01:58 +0200 Subject: Re: [qubes-devel] Purism Librem 13 and Qubes On Fri, Sep 25, 2015 at 7:32 PM, Jeremias E. wrote: > > > Am Freitag, 25. September 2015 16:33:39 UTC+2 schrieb Radosław Szkodziński: >> >> On Mon, Sep 21, 2015 at 10:48 PM, Fredrik Strömberg >> wrote: >> > I love the Purism initiative. I really hope they succeed. >> >> They cannot truly succeed until Intel opens Management Engine code, >> SINIT blob, microcode, memory initialization code and more... >> Coreboot on its own is not enough. >> http://www.coreboot.org/Binary_situation > > > They can succeed starting a movement, which has an economical impact. > If Intel sees their is a marked they want to be part of it, because they > want to > make money. Actually, this is not the first laptop based on open firmware and software. Glugglug/Minifree did that quite a bit of time ago with their Libreboot, even FSF certified. Nobody cares, sadly. Librem likely will fail too for the same reasons - ideology is not enough, and they are even worse at it technically-wise. On the other hand, having a more secure laptop is a tangible benefit. Without backdoors, with fewer bugs, audited firmware, perhaps even partially audited hardware. Maybe even make it easier on the designers, produce a server platform matching those requirements - there's more of a market. Google might even get in, as they are known to use a lot of customized firmware and even hardware. I think they used to support Coreboot itself. They might have stopped caring about this though. > A good example for such a movement is the Fairphone. > The first Fairphone was for enthusiasts, but not a real competitor on the > mobile phone marked. > The Fairphone 2 is a real competitor to other mobile phones. Having competitive hardware or design is not the same as being a competitor. Try this argument again when it's actually a competitor to, say, any iPhone. At least in top 10. By the way, Fairphone 2 is a nice story for uninformed people, about on par with Librem. I approve of their other efforts, but it's nowhere near enough or close to what's necessary. The critical component, Qualcomm 801 chipset, will be running a proprietary microkernel with proprietary RF firmware, proprietary DSP code and more. Good luck getting Qualcomm to open that - they are quite hostile to any of those efforts. Again, poor choice of an architecture and a very tough nut to crack. (For instance, Marvell is way more open and much less hostile.) >> That would probably open a whole can of worms related to security >> which then would have to be patched, of course. >> >> For now, the best solution would be to try to get Librem to make an >> AMD-based laptop and test Qubes on it. > > > Is a nice technical and economical idea, because AMD will maybe help to > build such a platform. I wouldn't quite count on it, though they seem to be expanding their open source drivers effort which bodes somewhat well. That said, their GPUs still require a few fat, complex firmware blobs - fortunately Qubes is pretty good at scraping GUI and enforcing separation thereof. P.S. If we're talking about pie in the sky designs: Probably the best design for an OS like Qubes would be to have separate small CPUs instead of many cores, with separate RAM and memory controller. Maybe even an integrated GPU each to run OpenGL. Multiple USB controllers and hubs to simplify hardware redirection. Multiple small flash drives or even chips. Expensive, power intensive, hard to cool and large though. Think a tiny cluster of mostly separate PCs, connected via an extremely fast bus, such as HyperTransport. NUMA considerations would be less important here as the CPUs with their associated memory would be dedicated to a VM and the support exists in both Xen and Linux anyway. -- Radosław Szkodziński From coderman at gmail.com Sat Sep 26 20:52:01 2015 From: coderman at gmail.com (coderman) Date: Sat, 26 Sep 2015 20:52:01 -0700 Subject: tox In-Reply-To: <56070435.ea17370a.da260.30f2@mx.google.com> References: <56070435.ea17370a.da260.30f2@mx.google.com> Message-ID: On 9/26/15, Juan wrote: > ... > I've been playing with tox(thanks rysiek!) and it looks rather > interesting. I noticed however that it's not listed here > > https://www.eff.org/secure-messaging-scorecard i am not saying the scorecard is worthless, but rather, it is at best a signal for subpar projects doing things obviously wrong. it cannot tell you, honestly, who is doing it all right. (not least because "right" is relative to risk and threat model, which is perspective unique to each user...) things that are good about Tox.chat: - Opus for media. if you don't know about the Opus Codec, you should! VP8 i don't care about either way. - Re-uses onions, rather than trying to build its own anonymity overlay for friend finding. - Uses cryptobox for crypto stuffs, rather than rolling own. - Supports clients of various types, per preference, rather than monolithic structure. the bad: - written in C and passing things around potentially unsafely. see the address parsing in network.c, the DHT code. needs a good audit. - poor network performance primitives with UDP - ok, not a problem because this won't need that scale - beauty of decentralization! :) - DHT is trivial to DoS. a known issue, but if you need survivability i'd chose pond over tox. best regards, From coderman at gmail.com Sun Sep 27 01:52:56 2015 From: coderman at gmail.com (coderman) Date: Sun, 27 Sep 2015 01:52:56 -0700 Subject: FOIPA adventures In-Reply-To: References: <000701d0bcb7$94118e80$bc34ab80$@co.uk> Message-ID: On 9/22/15, coderman wrote: > most interesting reply ... less interesting reply, but a more interesting response on my part: FBI claiming privacy interest to refuse ALL of my FOIA regarding the Sklyarov / Elcomsoft incident years back: https://www.muckrock.com/foi/united-states-of-america-10/freedmitry-21209/ this is my first attempt to argue compelling public interest against a privacy exemption, it is as follows; Please recognize the public interest in this request for responsive records as follows: First and foremost, extensive media attention during this period was generated due to the intersection of "hacking" and "reverse engineering" combined with the DMCA provisions deeming some technologies illegal at interest to the information technology industry as a whole. This reason alone is sufficient and compelling justification for transparency in a watershed case, however, I shall continue. Second, this case involved not a US citizen, but a foreign national. As has recently been scoured in the technical press, Wassenar with its incumbent BIS obligations has brought discussion of the risks foreigners face visiting the EU and US, in addition to US citizens abroad who now find themselves subject to severe technical controls due to their industry participation. I feel that surely this must provide beyond sufficient justification for public interest in documents responsive to this request, yet I shall continue to exhaust the relevant perspectives in my quiver of inquiry. Thus thirdly, the conference venue, DEF CON security conference, itself of notoriety and high esteem in the technical community, was the operating domain for the closing moves of this investigation. The logistics and technical considerations for operating in this domain thus also compounds the public interest in the activity for which the records responsive to this request have been requested. Fourthly, and there is a fourthly for sure, the activities undertaken by the agency were at risk of alienating a talent pool the Bureau has increasingly courted and pursued for their invaluable skills in digital forensic analysis, reverse engineering, and information security. Balancing actions before a critical group who also interacts frequently with the agency, and from whom the Bureau itself draws professional talent, amplifies the interest and relevance of this inquiry, and the need for unrestrained transparency when identifying documents responsive to this request. Lastly and finally, yet not to diminish the inherent privacy rights afforded to all earth humans, inalienable, with justice for all, the privacy rights which this agency has cited in justification for limiting the documents responsive to this request, please note that the privacy exemptions provided by law are specific and limited to situations where there is a compelling personal privacy interest. The agency has not provided any compelling privacy interest on behalf of the fine Mr. Sklyarov, and his foreign status removes the common privacy concerns of an individual within a domestic community at issue in responsive documents. It is fully reasonable, per Department of Justice v. Reporters Committee for Freedom of the Press, that the FBI may provide documents detailing "what they were up to" in this investigation, without undue burden on the privacy rights of a foreign citizen briefly visiting to attend a public conference in the United States. Please do recognize and acquiescence to the public interest so broadly in view. Best regards, From zen at freedbms.net Sat Sep 26 19:22:50 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Sun, 27 Sep 2015 02:22:50 +0000 Subject: Rogue States and Diplomacy: a Conversation With Noam Chomsky Message-ID: Rogue States and Diplomacy: a Conversation With Noam Chomsky http://www.counterpunch.org/2015/09/17/rogue-states-and-diplomacy-a-conversation-with-noam-chomsky/ The interview is quite long, focusing on the USA Republican reaction to the Iran sanction-lifting deal, amongst other things. Noam seems to be a Professor, so I guess his arguments might be too intellectual for the unwashed masses. Here is one question and answer: Professor Chomsky, the U.S. Ambassador to the U.N., Samantha Power, has said that the problem is the “instability that Iran fuels beyond its nuclear programme”. She echoed U.S. Defence Secretary Ashton Carter, who went to Israel’s northern border and said, “We will continue to help Israel counter Iran’s malign influence” by supporting Hizbollah. The U.S., he intimated, reserved the right to use military force against Iran. Could you comment on this? NC: Power’s usage is standard: she defines “stabilisation” according to a peculiar logic. For instance, U.S. policy in Iraq is defined as stabilisation. What does that stabilisation look like? The U.S. invades a country, with hundreds of thousands killed and millions becoming refugees, along with barbarous torture and destruction that Iraqis compare to the Mongol invasions, leaving Iraq the unhappiest country in the world according to WIN/Gallup polls. It also ignited sectarian conflict that is tearing the region to shreds and laying the basis for the ISIS [Islamic State of Iraq and Syria] monstrosity along with its Saudi ally. That is stabilisation. The standard usage sometimes reaches levels that are almost surreal, as when liberal commentator James Chace, former editor of Foreign Affairs, explains that the U.S. sought to “destabilise a freely elected Marxist government in Chile” because “we were determined to seek stability” [under the Pinochet dictatorship]. Let us consider the case of Hizbollah and Hamas. Both emerged in resistance to U.S.-backed Israeli violence and aggression, which vastly exceeds anything attributed to these organisations. Whatever one thinks about them, or other beneficiaries of Iranian support, Iran hardly ranks high in support for terror worldwide, even within the Muslim world. Among Islamic states, Saudi Arabia is far in the lead as a sponsor of Islamic terror, not only by direct funding by wealthy Saudis and others in the Gulf but even more by the missionary zeal with which the Saudis promulgate their extremist Wahhabi-Salafi version of Islam through Quranic schools, mosques, clerics, and other means available to a religious dictatorship with enormous oil wealth. The ISIS is an extremist offshoot of Saudi religious extremism and its fanning of jehadi flames. In generation of Islamic terror, however, nothing can compare with the U.S. “war on terror”, which has helped to spread the plague from a small tribal area in Afghanistan-Pakistan to a vast region from West Africa to South-East Asia. The invasion of Iraq alone escalated terror attacks by a factor of seven in the first year, well beyond even what had been predicted by intelligence agencies. Drone warfare against marginalised and oppressed tribal societies also elicits demands for revenge, as ample evidence indicates. The two Iranian clients [Hizbollah and Hamas] also share the crime of winning the popular vote in the only free elections held in the Arab world. Hizbollah is guilty of the even more heinous crime of compelling Israel to withdraw from its occupation of southern Lebanon in violation of [U.N.] Security Council orders dating back decades, an illegal regime of terror punctuated with episodes of extreme violence, murder and destruction. Iran’s “fuelling instability” is particularly dramatic in Iraq, where, among other crimes, it alone came at once to the aid of Kurds defending themselves from the ISIS invasion and it is building a $2.5 billion power plant to try to bring electrical power back to the level before the U.S. invasion. From jdb10987 at yahoo.com Sat Sep 26 23:15:05 2015 From: jdb10987 at yahoo.com (jim bell) Date: Sun, 27 Sep 2015 06:15:05 +0000 (UTC) Subject: Fw: Fw: Augur: Blockchain-based Internet prediction market. In-Reply-To: References: Message-ID: <600907594.1427204.1443334505379.JavaMail.yahoo@mail.yahoo.com> Copied from correspondence. ----- Forwarded Message ----- From: Jim Epstein To: jim bell Sent: Saturday, September 26, 2015 5:23 AM Subject: Re: Fw: Augur: Blockchain-based Internet prediction market. Thanks, jim. I will read your essay and engage with this topic again soon, but I'm immersed in another unrelated story that's consuming my brain and time. I'll get back to you. On Sat, Sep 26, 2015 at 3:47 AM jim bell wrote: I wanted to mention that Prof Juels has responded to my inquiry. See his work at: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&cad=rja&uact=8&sqi=2&ved=0CCsQFjACahUKEwi9hY33mZTIAhXRpYgKHeapAhY&url=http%3A%2F%2Fwww.arijuels.com%2Fwp-content%2Fuploads%2F2013%2F09%2Fpublic_gyges.pdf&usg=AFQjCNHOBvCYwJ5Aq0CmHTOY53sGdRs5Sw&sig2=XpktiIWHc5e6slk0VsLOcQ&bvm=bv.103388427,d.cGU   I should point out that the main reason for my inquiry WASN'T to get academic credit, but rather to point out that people who have read my AP essay (and who understand and agree with its goals and likelihood of working) would consider Juels et al objectives to be undesirable and, indeed, dangerous. Superficially, it sounds good to say that they are trying to prevent "criminal contracts", but for those of us who oppose (for example) laws against currently-illegal drugs, we might very well WANT a "criminal contract" to be operational, like Silk Road or such. Or my AP (assassination politics) idea. Prof Juels claims that he/they were not aware of my AP essay. Well, sorry, but I find that a little hard to believe. It's not that it's hard to believe that an average citizen of America (or the world) hadn't heard of it.THAT would be easy to believe. Rather, Juels, Shi, and Kosba claim to be working on the concept of trying to stop "criminal contracts", and do you really believe they haven't heard of AP?!? My understanding is that my AP essay is probably the second most-famous Internet essay in existence, perhaps being Ted Kaczynski's, and it makes far more sense. Now that Juels, Shi, and Kosba definitely know about AP, I think that they should address its implications BEFORE they purport to fight it.   Jim Bell From: jim bell To: Jim Epstein Sent: Wednesday, August 26, 2015 3:39 PM Subject: Re: Fw: Augur: Blockchain-based Internet prediction market. You might also want to look at http://www.arijuels.com/wp-content/uploads/2013/09/public_gyges.pdf , by Juels, Shi, and Kosba. Jim Bell From: Jim Epstein To: jim bell Sent: Wednesday, August 26, 2015 2:35 PM Subject: Re: Fw: Augur: Blockchain-based Internet prediction market. I'm not familiar with it, but I'm going to read it. I'm very interested. Thanks for sending this. Jim On Wed, Aug 26, 2015 at 1:14 PM, jim bell wrote: Dear Mr. Epstein, Are you familiar with my 1995-6 essay, "Assassination Politics". www://cryptome.org/ap.htm Jim Bell ----- Forwarded Message ----- From: jim bell To: Cpunks List Sent: Tuesday, August 25, 2015 7:31 PM Subject: Augur: Blockchain-based Internet prediction market. http://reason.com/blog/2015/08/11/augur-gambling-prediction-ethereum    Augur May Become the Greatest Gambling Platform in History. Is There Anything the Government Can Do to Stop It? A blockchain-based prediction market that won’t be controlled or managed by anyone. Jim Epstein Aug. 11, 2015 12:36 pm An online gambling platform could do to the neighborhood bookie what electric refrigerators did to the ice delivery man. Coming this fall, Augur will allow participants to wager money on any future event of their choosing. Software will set the odds, collect the bets, and disperse the winnings. The price alone should give Nevada sportsbook operators pause; an estimated one percent of every pot will go to keep the system running. The average vig today is about 10 times that. Augur isn't a full-fledged casino. You can't play roulette or poker, and running lotto on the platform would be tricky. But it'll be great for sports betting. Here’s what’s truly novel about Augur: It won’t be controlled by any person or entity, nor will it operate off of any one computer network. All the money in the system will be in Bitcoin, or other types of peer-to-peer cryptocurrency, so no credit card companies or banks need to be involved. If the system runs afoul of regulators—and if it’s successful, it most certainly will—they'll find that there's no company to sue, no computer hardware to pull out of the wall, and no CEO to lockup in a cage.This is new legal territory. If Augur catches on as a tool for betting on everything from basketball games to stock prices, is there anything the government can do to stop it? Augur is a decentralized peer-to-peer marketplace, a new kind of entity made possible by recent breakthroughs in computer science. The purpose of these platforms is to facilitate the exchange of goods and services among perfect strangers on a platform that nobody administers or controls. Augur’s software will run on what’s known as a “blockchain"—a concept introduced in 2008 with the invention of Bitcoin—that's essentially a shared database for executing trades that's powered and maintained by its users. Bitcoin’s blockchain was designed as a banking ledger of sorts—kind of like a distributed Microsoft Excel file—but Augur will utilize a groundbreaking new project called Ethereum that expands on this concept. Ethereum allows Augur's entire system to live on the blockchain. That means the software and processing power that makes Augur function will be distributed among hundreds or thousands of computers. Destroying Augur would involve unplugging the computers of everyone in the world participating in the Ethereum blockchain. If Augur is destined to become the cypherpunks answer to gambling prohibition—the betting man’s version of the online drug market Silk Road if you will—you'd never know it from talking with its developers. They work for a San Francisco-based nonprofit, attend conferences, have legal representation, and talk openly about what they’re up to with reporters. Augur even commissionedone of those cheesy motion graphics promotional videos favored by new tech startups. About half of the roughly $600,000 raised by Augur's development team comes from Joe Costello, the successful tech entrepreneur who was once Steve Jobs' top pick to become the CEO of Apple. Joey Krug, a twenty-year-old Pomona college dropout and Augur's lead developer, never uses the world “gambling" to describe his venture. He and his team of five employees call Augur a “prediction market,” a term that emphasizes the information generated when a bunch of people have a financial incentive to feed their expertise into a sophisticated algorithm. With Augur, as bettors move money in and out of the pot, the odds adjust. This yields publicly available statistics that should carry weight because they're derived from the opinions of a crowd of people with a stake in the results. InTrade, for example, the best-known prediction market until federal regulators forced it to stop serving U.S. customers in 2012, beat the pollsters and pundits by foreseeing the outcome of the 2008 presidential elections in 48 out of 50 states. Augur’s developers hope that their platform will make it possible to do a Google search to look up the likelihood of some future event. This could usher in a better world, with more informed policy decisions and less malinvestment. But Augur also serves the less high-minded—though no less noble—purpose of providing cost savings and convenience to gamblers. Restrictions on gambling serve to protect government revenue at the betting man's expense. State-sanctioned casino operators pay high taxes, and state-run lotteries fleece their customers. But there's no logical or moral case for government restrictions on gambling, since no third party is harmed when consenting adults wager money on the future. Augur actually has the potential to make the world safer by taking away market share in the gambling industry from criminals. And yet sports betting is illegal in most states, and prediction markets are tightly regulated by the Commodity Futures Trading Commission (CTFC). The agency sued Ireland-based InTrade in 2012 to prevent it from accepting bets from U.S. customers. (The company folded shortly after.) In 2013, the CFTC and the Securities and Exchange Commission (SEC) jointly sued the prediction market Banc de Binary for allowing U.S. customers to make bets on commodity prices. The CFTC has approved other prediction markets, such as the New Zealand-based PredictIt, but only after it agreed to abide by the agency's restrictions. Krug says the Augur team is planning to meet with CFTC staff go over how their system works before it’s launched, but says he's not overly concerned. “Our friends in Washington, D.C. say the CFTC will probably just dismiss Augur and say it’s not a big deal,” Krug told me in a phone interview. That doesn’t sound like much of a legal strategy, but how do you have a legal strategy when you're building something unlike anything that's ever existed? Federal anti-gambling laws, such as the 2006 Unlawful Internet Gambling Enforcement Act, target the companies that facilitate online betting— website operators, credit card companies, banks—not individual gamblers. Augur’s biggest legal vulnerability is the community of human “reporters” who are needed to settle bets on the platform, says Cardozo Law School's Aaron Wright, who is writing a book about the legal implications of blockchain technology. Let’s say a group of people wager money on Augur over the outcome of a boxing match. Once the bout is over, human participants (who receive a portion of the trading fees as compensation) must report the outcome to the system before Augur’s software will disperse the money to the winners. "There’s at least an argument that the people doing that reporting are aiding or abetting unlicensed options and could be prosecuted," says Wright. But Augur doesn't collect personal information on any of its users, so identifying these people could be difficult. And Augur is a borderless technology, so U.S. gamblers could simply rely on foreigners to report on the outcomes of their bets. One attorney I spoke with suggested that the team that’s building Augur could be brought up on charges for aiding and abetting a criminal conspiracy. Nate Cardozo, a staff attorney with the Electronic Frontier Foundation, thinks that's far-fetched but says he can't rule it out. Cardozo emphasizes that writing open source software doesn’t necessarily protect the team from prosecution. “We’ve taken the steps that we need to take in order to bracket the individual's risk and the organization’s risk,” says Augur’s attorney, Marco Santori, who declined to comment further on exactly what those steps might entail. Even if Krug and his colleagues were to face criminal prosecution, the technology would live on. After Augur is born into the world, the development team could release a software update that would cripple the system. But in that case, Augur's users could band together to block any changes to the underlying code, or another developer could copy the open source code and simply re-launch the platform. The big question with Augur—and with blockchain platforms more generally—is whether they can outrun our regulatory state long enough to grow so large and popular that they're truly unstoppable. My money’s on Augur in that race. For more on the promises and pitfalls of decentralized peer-to-peer marketplaces, read my recentReason magazine feature story on the topic. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 25917 bytes Desc: not available URL: From list at sysfu.com Sun Sep 27 08:10:36 2015 From: list at sysfu.com (Seth) Date: Sun, 27 Sep 2015 08:10:36 -0700 Subject: Rogue States and Diplomacy: a Conversation With Noam Chomsky In-Reply-To: References: Message-ID: On Sat, 26 Sep 2015 19:22:50 -0700, Zenaan Harkness wrote: > has said that the problem is the “instability that Iran fuels beyond > its nuclear programme”. This is just code for saying "Iran operates a state owned central bank instead of one that is controlled by the global banking cartel, thus is fuels 'instability'" From Rayzer at riseup.net Sun Sep 27 09:51:38 2015 From: Rayzer at riseup.net (Razer) Date: Sun, 27 Sep 2015 09:51:38 -0700 Subject: tox In-Reply-To: References: <56070435.ea17370a.da260.30f2@mx.google.com> Message-ID: <56081E9A.5050108@riseup.net> On 09/26/2015 08:52 PM, coderman wrote: > but if you need survivability i'd chose pond over tox. From the developer's site: > Dear God, please don't use Pond for anything real yet. I've hammered > out nearly 20K lines of code that have never been reviewed. Unless > you're looking to experiment you should go use something that actually > works. https://pond.imperialviolet.org/ RR ToxID: E611C7673C4C9C84C7F53BD8A2DF46C3131CB260E5758392B6B22FE18072C57518A2F0786A9A -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: From Rayzer at riseup.net Sun Sep 27 09:54:27 2015 From: Rayzer at riseup.net (Razer) Date: Sun, 27 Sep 2015 09:54:27 -0700 Subject: Fw: Fw: Augur: Blockchain-based Internet prediction market. In-Reply-To: <600907594.1427204.1443334505379.JavaMail.yahoo@mail.yahoo.com> References: <600907594.1427204.1443334505379.JavaMail.yahoo@mail.yahoo.com> Message-ID: <56081F43.90100@riseup.net> On 09/26/2015 11:15 PM, jim bell wrote: > Copied from correspondence. > Riseup.net doesn't like Fw: Fw: in subject lines... "Re: ***SPAM*** Fw: Fw: Augur: Blockchain-based Internet prediction market." > ----- Forwarded Message ----- > *From:* Jim Epstein > *To:* jim bell > *Sent:* Saturday, September 26, 2015 5:23 AM > *Subject:* Re: Fw: Augur: Blockchain-based Internet prediction market. > > Thanks, jim. I will read your essay and engage with this topic again > soon, but I'm immersed in another unrelated story that's consuming my > brain and time. I'll get back to you. > > > On Sat, Sep 26, 2015 at 3:47 AM jim bell > wrote: > > I wanted to mention that Prof Juels has responded to my inquiry. > See his work at: > https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&cad=rja&uact=8&sqi=2&ved=0CCsQFjACahUKEwi9hY33mZTIAhXRpYgKHeapAhY&url=http%3A%2F%2Fwww.arijuels.com%2Fwp-content%2Fuploads%2F2013%2F09%2Fpublic_gyges.pdf&usg=AFQjCNHOBvCYwJ5Aq0CmHTOY53sGdRs5Sw&sig2=XpktiIWHc5e6slk0VsLOcQ&bvm=bv.103388427,d.cGU > > I should point out that the main reason for my inquiry WASN'T to > get academic credit, but rather to point out that people who have > read my AP essay (and who understand and agree with its goals and > likelihood of working) would consider Juels et al objectives to be > undesirable and, indeed, dangerous. Superficially, it sounds good > to say that they are trying to prevent "criminal contracts", but > for those of us who oppose (for example) laws against > currently-illegal drugs, we might very well WANT a "criminal > contract" to be operational, like Silk Road or such. Or my AP > (assassination politics) idea. > > Prof Juels claims that he/they were not aware of my AP essay. > Well, sorry, but I find that a little hard to believe. It's not > that it's hard to believe that an average citizen of America (or > the world) hadn't heard of it.THAT would be easy to believe. > Rather, Juels, Shi, and Kosba claim to be working on the concept > of trying to stop "criminal contracts", and do you really believe > they haven't heard of AP?!? > > My understanding is that my AP essay is probably the second > most-famous Internet essay in existence, perhaps being Ted > Kaczynski's, and it makes far more sense. Now that Juels, Shi, > and Kosba definitely know about AP, I think that they should > address its implications BEFORE they purport to fight it. > Jim Bell > *From:* jim bell > > *To:* Jim Epstein > > *Sent:* Wednesday, August 26, 2015 3:39 PM > > *Subject:* Re: Fw: Augur: Blockchain-based Internet prediction market. > > You might also want to look at > http://www.arijuels.com/wp-content/uploads/2013/09/public_gyges.pdf > , by Juels, Shi, and Kosba. > Jim Bell > > > > ------------------------------------------------------------------------ > *From:* Jim Epstein > > *To:* jim bell > > *Sent:* Wednesday, August 26, 2015 2:35 PM > *Subject:* Re: Fw: Augur: Blockchain-based Internet prediction market. > > I'm not familiar with it, but I'm going to read it. I'm very > interested. Thanks for sending this. > > Jim > > > > On Wed, Aug 26, 2015 at 1:14 PM, jim bell > wrote: > > Dear Mr. Epstein, > Are you familiar with my 1995-6 essay, "Assassination > Politics". www://cryptome.org/ap.htm > > Jim Bell > > ----- Forwarded Message ----- > *From:* jim bell > > *To:* Cpunks List > > *Sent:* Tuesday, August 25, 2015 7:31 PM > *Subject:* Augur: Blockchain-based Internet prediction market. > > http://reason.com/blog/2015/08/11/augur-gambling-prediction-ethereum > > > Augur May Become the Greatest Gambling Platform in History. Is > There Anything the Government Can Do to Stop It? > A blockchain-based prediction market that won’t be controlled > or managed by anyone. > Jim Epstein Aug. 11, 2015 12:36 pm > > An online gambling platform could do to the neighborhood > bookie what electric refrigerators did to the ice delivery man. > Coming this fall, Augur will allow participants to wager money > on any future event of their choosing. Software will set the > odds, collect the bets, and disperse the winnings. The price > alone should give Nevada sportsbook operators pause; an > estimated one percent of every pot will go to keep the system > running. The average vig today is about 10 times that. > > Augur isn't a full-fledged casino. You can't play roulette or > poker, and running lotto on the platform would be tricky. But > it'll be great for sports betting. > > Here’s what’s truly novel about Augur: It won’t be controlled > by any person or entity, nor will it operate off of any one > computer network. All the money in the system will be in > Bitcoin, or other types of peer-to-peer cryptocurrency, so no > credit card companies or banks need to be involved. If the > system runs afoul of regulators—and if it’s successful, it > most certainly will—they'll find that there's no company to > sue, no computer hardware to pull out of the wall, and no CEO > to lockup in a cage > . > This is new legal territory. If Augur catches on as a tool for > betting on everything from basketball games to stock prices, > is there anything the government can do to stop it? > > Augur is a decentralized peer-to-peer marketplace, a new kind > of entity made possible by recent breakthroughs in computer > science. The purpose of these platforms is to facilitate the > exchange of goods and services among perfect strangers on a > platform that nobody administers or controls. Augur’s software > will run on what’s known as a “blockchain"—a concept > introduced in 2008 with the invention of Bitcoin—that's > essentially a shared database for executing trades that's > powered and maintained by its users. > > Bitcoin’s blockchain was designed as a banking ledger of > sorts—kind of like a distributed Microsoft Excel file—but > Augur will utilize a groundbreaking new project > called Ethereum that expands on this concept. Ethereum allows > Augur's entire system to live on the blockchain. That means > the software and processing power that makes Augur function > will be distributed among hundreds or thousands of computers. > Destroying Augur would involve unplugging the computers of > everyone in the world participating in the Ethereum blockchain. > If Augur is destined to become the cypherpunks answer to > gambling prohibition—the betting man’s version of the online > drug market Silk Road if you will—you'd never know it from > talking with its developers. They work for a San > Francisco-based nonprofit, attend conferences, have legal > representation, and talk openly about what they’re up to with > reporters. Augur even commissionedone of those cheesy motion > graphics promotional videos favored by new tech startups. > > About half of the roughly $600,000 raised by Augur's > development team comes from Joe Costello, the successful tech > entrepreneur who was once Steve Jobs' top pick to become the > CEO of Apple. > > Joey Krug, a twenty-year-old Pomona college dropout and > Augur's lead developer, never uses the world “gambling" to > describe his venture. He and his team of five employees call > Augur a “prediction market,” a term that emphasizes the > information generated when a bunch of people have a financial > incentive to feed their expertise into a sophisticated algorithm. > > With Augur, as bettors move money in and out of the pot, the > odds adjust. This yields publicly available statistics that > should carry weight because they're derived from the opinions > of a crowd of people with a stake in the results. InTrade, for > example, the best-known prediction market until federal > regulators forced it to stop serving U.S. customers in 2012, > beat the pollsters and pundits by foreseeing the outcome of > the 2008 presidential elections in 48 out of 50 states. > Augur’s developers hope that their platform will make it > possible to do a Google search to look up the likelihood of > some future event. This could usher in a better world, with > more informed policy decisions and less malinvestment. > > But Augur also serves the less high-minded—though no less > noble—purpose of providing cost savings and convenience to > gamblers. Restrictions on gambling serve to protect government > revenue at the betting man's expense. State-sanctioned casino > operators pay high taxes, and state-run lotteries fleece their > customers. But there's no logical or moral case for government > restrictions on gambling, since no third party is harmed when > consenting adults wager money on the future. Augur actually > has the potential to make the world safer by taking away > market share in the gambling industry from criminals. > > And yet sports betting is illegal in most states, and > prediction markets are tightly regulated by the Commodity > Futures Trading Commission (CTFC). The agency sued > Ireland-based InTrade in 2012 to prevent it from accepting > bets from U.S. customers. (The company folded shortly after.) > In 2013, the CFTC and the Securities and Exchange Commission > (SEC) jointly sued the prediction market Banc de Binary for > allowing U.S. customers to make bets on commodity prices. > The CFTC has approved other prediction markets, such as the > New Zealand-based PredictIt, but only after it agreed to abide > by the agency's restrictions. > Krug says the Augur team is planning to meet with CFTC staff > go over how their system works before it’s launched, but says > he's not overly concerned. “Our friends in Washington, D.C. > say the CFTC will probably just dismiss Augur and say it’s not > a big deal,” Krug told me in a phone interview. > > That doesn’t sound like much of a legal strategy, but how do > you have a legal strategy when you're building something > unlike anything that's ever existed? Federal anti-gambling > laws, such as the 2006 Unlawful Internet Gambling Enforcement > Act, target the companies that facilitate online betting— > website operators, credit card companies, banks—not individual > gamblers. > > Augur’s biggest legal vulnerability is the community of human > “reporters” who are needed to settle bets on the platform, > says Cardozo Law School's Aaron Wright, who is writing a book > about the legal implications of blockchain technology. Let’s > say a group of people wager money on Augur over the outcome of > a boxing match. Once the bout is over, human participants (who > receive a portion of the trading fees as compensation) must > report the outcome to the system before Augur’s software will > disperse the money to the winners. "There’s at least an > argument that the people doing that reporting are aiding or > abetting unlicensed options and could be prosecuted," says Wright. > But Augur doesn't collect personal information on any of its > users, so identifying these people could be difficult. And > Augur is a borderless technology, so U.S. gamblers could > simply rely on foreigners to report on the outcomes of their bets. > > One attorney I spoke with suggested that the team that’s > building Augur could be brought up on charges for aiding and > abetting a criminal conspiracy. Nate Cardozo, a staff attorney > with the Electronic Frontier Foundation, thinks that's > far-fetched but says he can't rule it out. Cardozo emphasizes > that writing open source software doesn’t necessarily protect > the team from prosecution. > “We’ve taken the steps that we need to take in order to > bracket the individual's risk and the organization’s risk,” > says Augur’s attorney, Marco Santori, who declined to comment > further on exactly what those steps might entail. > > Even if Krug and his colleagues were to face criminal > prosecution, the technology would live on. After Augur is born > into the world, the development team could release a software > update that would cripple the system. But in that case, > Augur's users could band together to block any changes to the > underlying code, or another developer could copy the open > source code and simply re-launch the platform. > The big question with Augur—and with blockchain platforms more > generally—is whether they can outrun our regulatory state long > enough to grow so large and popular that they're truly > unstoppable. My money’s on Augur in that race. > > For more on the promises and pitfalls of decentralized > peer-to-peer marketplaces, read my recentReason magazine > feature story on the topic. > > > > > > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: From s at ctrlc.hu Sun Sep 27 01:57:43 2015 From: s at ctrlc.hu (stef) Date: Sun, 27 Sep 2015 10:57:43 +0200 Subject: tox In-Reply-To: References: <56070435.ea17370a.da260.30f2@mx.google.com> Message-ID: <20150927085743.GB13534@ctrlc.hu> > the bad: > - written in C and passing things around potentially unsafely. see the > address parsing in network.c, the DHT code. needs a good audit. > - poor network performance primitives with UDP - ok, not a problem > because this won't need that scale - beauty of decentralization! :) > - DHT is trivial to DoS. a known issue, but if you need survivability > i'd chose pond over tox. last time (more than a year ago) i checked they also send along the long-term signing keys of the communication participants making traffic analysis between peers quite possible. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt From admin at pilobilus.net Sun Sep 27 09:34:26 2015 From: admin at pilobilus.net (Steve Kinney) Date: Sun, 27 Sep 2015 12:34:26 -0400 Subject: Rogue States and Diplomacy: a Conversation With Noam Chomsky In-Reply-To: <20150927154317.GB2584@sivokote.iziade.m$> References: <20150927154317.GB2584@sivokote.iziade.m$> Message-ID: <56081A92.9090305@pilobilus.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/27/2015 11:43 AM, Georgi Guninski wrote: > On Sun, Sep 27, 2015 at 02:22:50AM +0000, Zenaan Harkness > wrote: >> Professor Chomsky, the U.S. Ambassador to the U.N., Samantha >> Power, > > This stopped me from trying to interpret the rest of the shit > rationally... > U.S. Ambassador to the U.N., Samantha Power, has said that the > problem is the “instability that Iran fuels beyond its nuclear > programme”. A while back I was reading a training doc for intelligence analysts that used Iran in one of its examples. Per this text, Iran is believed to be working to prevent a U.S. invasion by doing whatever it can to keep U.S. forces busy elsewhere in its neighborhood, drawing down U.S. manpower and material resources and denying the U.S. safe access to staging areas, well controlled rear areas and flanks, etc. So... if successful, Iran's nuclear weapons program would render their present defence strategy obsolete, presumably closing out their sponsorship of "destabilizing" forces in the region. If Iran gets The Bomb, U.S. sponsored "stabilization" elsewhere in Iran's neighborhood would most likely get a big boost. It's a win/win proposition for the U.S. and Iran, unless of course the U.S. National Interest requires the annexation of Iran - which it does, as Iran sits right in the middle of the future U.S. Protectorate of Pipelineistan. Taking in the larger picture, I would agree with General Turgidson that we can not allow a mineshaft gap. :o/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJWCBqQAAoJEDZ0Gg87KR0LUkYP/01ySBbnbhgDkWTdQ5hfzHLB 9LJUmR6a8UREtD/Y9l6RaWa6MYfKmtQPjtsujVYszgBrlTWyV9vGBw4O2sFsqzWF RS7w6W/kEhtRC+9vHXy7vLKwEH5+qH0s89SNOGKYKIwxLHhKAW0t5fPQsH0fxnFS CvVVqY24y+qI6ZspFalb3HYJK4+BQNyu0ev4fWziBq2+d9kpdPvsNnOtttwdXB45 eGxGS9jpzcJCILub083YpI2eUxca/2PbwCkKpgXXsf3jMq0W05bk9BNJRC8G+A4N pm8/wkthZy7onk3EdpoIhN2RAWZ4dgFlMySszLoKMmktoopWoC56MlYMcrLX68bs 9YfOIV1r3Vl4Btz0zsvp8VGnGhL7aDpNU5TPwwFGDkBWH0ZL5VB94Lxv+WGDFPf2 2DqMgvoudYt+5jqUwPDRcBeHPCvHITSAANmXrJa19sXpgJIcJEbtXoeuZgYEL1Wx gjH7qc2dQegXbilWZ6XZBnSp+ymhZCCgvNu6n2el64BMdkFuCzUrzEV3AKpFIqWc SNVfqj+obTl+tt3DSpg1ZQvJ/+PNr6wrgx86YQdsKIWhB2A8fgdJbMP3Bqm5quky l6ugyxIfEFtKeKIR289xeAAQJ/U6/JwQy1gz8Pr6k5Oe5///hKdAC4xqpMMdw4Au 7tX7sNy70BZs0bos+JZ7 =tqj4 -----END PGP SIGNATURE----- From cathalgarvey at cathalgarvey.me Sun Sep 27 04:34:57 2015 From: cathalgarvey at cathalgarvey.me (Cathal (Phone)) Date: Sun, 27 Sep 2015 12:34:57 +0100 Subject: Allegedly Volkswagen cheated to both governments and lusers In-Reply-To: <20150927103913.GA2584@sivokote.iziade.m$> References: <20150927103913.GA2584@sivokote.iziade.m$> Message-ID: <9E7942B7-32D2-4819-AF5D-8D975D4C72B4@cathalgarvey.me> There's no "allegedly". The company fully admitted to this and even expanded the scope beyond the EPA's suspicions, IIRC. Roll on enforced code audits, preferably enforced code openness, for all devices that can negatively screw society. On 27 September 2015 11:39:13 IST, Georgi Guninski wrote: >http://www.theregister.co.uk/2015/09/25/vw_pollution_just_the_tip_of_the_iceberg_whos_to_blame_you_guessed_it_hippies/ > > >Volkswagen is being rightly condemned from all directions, as its >methods were particularly cynical: its engine software would sense when >the car was in a test environment and cut back NO_x output temporarily. > >As soon as the car was no longer under test, the car would change mode >and emit huge amounts of NO_x. This wasn't done for no reason – if a >machine is allowed to generate NO_x freely, it can be very >fuel-efficient – and thus, of course, its carbon emissions can be very >low too. > > >Comment: > >Probably best defense for VW lawyers is: >"We got hacked and the hack made this. >We take sickyouareity seriously" -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1679 bytes Desc: not available URL: From Rayzer at riseup.net Sun Sep 27 12:52:49 2015 From: Rayzer at riseup.net (Razer) Date: Sun, 27 Sep 2015 12:52:49 -0700 Subject: tox In-Reply-To: <11550609.mSViriplVA@lapuntu> References: <56070435.ea17370a.da260.30f2@mx.google.com> <56081E9A.5050108@riseup.net> <11550609.mSViriplVA@lapuntu> Message-ID: <56084911.9090500@riseup.net> qTox chat tool is still a work in progress. When I shrink the popout chat window the text typed doesn't wrap; ends up a single column of first-on-the-line letters -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: From guninski at guninski.com Sun Sep 27 03:39:13 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sun, 27 Sep 2015 13:39:13 +0300 Subject: Allegedly Volkswagen cheated to both governments and lusers Message-ID: <20150927103913.GA2584@sivokote.iziade.m$> http://www.theregister.co.uk/2015/09/25/vw_pollution_just_the_tip_of_the_iceberg_whos_to_blame_you_guessed_it_hippies/ Volkswagen is being rightly condemned from all directions, as its methods were particularly cynical: its engine software would sense when the car was in a test environment and cut back NO_x output temporarily. As soon as the car was no longer under test, the car would change mode and emit huge amounts of NO_x. This wasn't done for no reason – if a machine is allowed to generate NO_x freely, it can be very fuel-efficient – and thus, of course, its carbon emissions can be very low too. Comment: Probably best defense for VW lawyers is: "We got hacked and the hack made this. We take sickyouareity seriously" From goran at gothic.com.au Sat Sep 26 22:02:20 2015 From: goran at gothic.com.au (Goran Novak) Date: Sun, 27 Sep 2015 15:02:20 +1000 Subject: Rogue States and Diplomacy: a Conversation With Noam Chomsky In-Reply-To: References: Message-ID: <5607785C.9020405@gothic.com.au> Similar to the CP article: https://www.youtube.com/watch?v=w_X5czMVKT8 On 27/09/2015 12:22 PM, Zenaan Harkness wrote: > Rogue States and Diplomacy: a Conversation With Noam Chomsky > http://www.counterpunch.org/2015/09/17/rogue-states-and-diplomacy-a-conversation-with-noam-chomsky/ > > From juan.g71 at gmail.com Sun Sep 27 12:35:14 2015 From: juan.g71 at gmail.com (Juan) Date: Sun, 27 Sep 2015 16:35:14 -0300 Subject: tox In-Reply-To: <11550609.mSViriplVA@lapuntu> References: <56070435.ea17370a.da260.30f2@mx.google.com> <56081E9A.5050108@riseup.net> <11550609.mSViriplVA@lapuntu> Message-ID: <560843c4.12138c0a.9f6da.ffff9c5b@mx.google.com> On Sun, 27 Sep 2015 19:46:31 +0200 rysiek wrote: > > > > RR > > > > ToxID: > > E611C7673C4C9C84C7F53BD8A2DF46C3131CB260E5758392B6B22FE18072C57518A2F0786A9A > > Mine: > 3FA2E5273F0C368576FE120B374664E3B41E2CDF21639AFED3DC301490FFB01FAAA47B78D5F4 > and mine 07531C0892CFB8C11ABA1293DC51359C3A77D67B39B44FA9397270EDA5F6493184DFABABC08C We assume we're not being MITMed eh? =P Anyway, a problem with tox for the time being is lack of off-line messaging... From jdb10987 at yahoo.com Sun Sep 27 10:44:00 2015 From: jdb10987 at yahoo.com (jim bell) Date: Sun, 27 Sep 2015 17:44:00 +0000 (UTC) Subject: Allegedly Volkswagen cheated to both governments and lusers In-Reply-To: <20150927103913.GA2584@sivokote.iziade.m$> References: <20150927103913.GA2584@sivokote.iziade.m$> Message-ID: <2016654741.1567232.1443375840565.JavaMail.yahoo@mail.yahoo.com> From: Georgi Guninski http://www.theregister.co.uk/2015/09/25/vw_pollution_just_the_tip_of_the_iceberg_whos_to_blame_you_guessed_it_hippies/ > >Volkswagen is being rightly condemned from all directions, as its >methods were particularly cynical: its engine software would sense when >the car was in a test environment and cut back NO_x output temporarily. >As soon as the car was no longer under test, the car would change mode >and emit huge amounts of NO_x. This wasn't done for no reason – if a >machine is allowed to generate NO_x freely, it can be very >fuel-efficient – and thus, of course, its carbon emissions can be very >low too. I noticed that (at least!) one media report portrayed this as making VW's less "green". But from another report, I saw that they had 10% greater gas mileage if they were allowed to cheat. (In other words, less CO2 emissions per mile.) Now, the above quote refers to "huge amounts" of NOx. (nitrogen oxides, probably NO and NO2). The question is, for those people who complain about CO2 being a greenhouse gas, what is the relative undesireability of extra CO2 versus extra NOx. Relative harm, and all that. Which is a concept that people who call themselves "environmentalists" seem to have a great deal of difficulty with. This also raises an idea: I've never heard of this, but what would be wrong with allowing differences in emissions based on location? Putting a GPS in a car is trivial today. Producing less NOx inside a city would make sense; producing less NOx while on a cross-country road-trip less so. Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3305 bytes Desc: not available URL: From guninski at guninski.com Sun Sep 27 08:43:17 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sun, 27 Sep 2015 18:43:17 +0300 Subject: Rogue States and Diplomacy: a Conversation With Noam Chomsky In-Reply-To: References: Message-ID: <20150927154317.GB2584@sivokote.iziade.m$> On Sun, Sep 27, 2015 at 02:22:50AM +0000, Zenaan Harkness wrote: > Professor Chomsky, the U.S. Ambassador to the U.N., Samantha Power, This stopped me from trying to interpret the rest of the shit rationally... From cathalgarvey at cathalgarvey.me Sun Sep 27 11:13:03 2015 From: cathalgarvey at cathalgarvey.me (Cathal (Phone)) Date: Sun, 27 Sep 2015 19:13:03 +0100 Subject: Allegedly Volkswagen cheated to both governments and lusers In-Reply-To: <2016654741.1567232.1443375840565.JavaMail.yahoo@mail.yahoo.com> References: <20150927103913.GA2584@sivokote.iziade.m$> <2016654741.1567232.1443375840565.JavaMail.yahoo@mail.yahoo.com> Message-ID: <24E6FECA-373C-4756-8435-EFE76A294D76@cathalgarvey.me> IIRC NOx is also a strong greenhouse gas, stronger than CO2 by a good factor. Shorter halflife, but if it helps bump AGW to tipping points then halflives don't matter anymore. On 27 September 2015 18:44:00 IST, jim bell wrote: > From: Georgi Guninski >http://www.theregister.co.uk/2015/09/25/vw_pollution_just_the_tip_of_the_iceberg_whos_to_blame_you_guessed_it_hippies/ > >> >>Volkswagen is being rightly condemned from all directions, as its >>methods were particularly cynical: its engine software would sense >when >>the car was in a test environment and cut back NO_x output >temporarily. > >>As soon as the car was no longer under test, the car would change mode >>and emit huge amounts of NO_x. This wasn't done for no reason – if a >>machine is allowed to generate NO_x freely, it can be very >>fuel-efficient – and thus, of course, its carbon emissions can be very >>low too. > >I noticed that (at least!) one media report portrayed this as making >VW's less "green". But from another report, I saw that they had 10% >greater gas mileage if they were allowed to cheat. (In other words, >less CO2 emissions per mile.) Now, the above quote refers to "huge >amounts" of NOx. (nitrogen oxides, probably NO and NO2). The question >is, for those people who complain about CO2 being a greenhouse gas, >what is the relative undesireability of extra CO2 versus extra NOx. > Relative harm, and all that. Which is a concept that people who call >themselves "environmentalists" seem to have a great deal of difficulty >with. >This also raises an idea: I've never heard of this, but what would be >wrong with allowing differences in emissions based on location? > Putting a GPS in a car is trivial today. Producing less NOx inside a >city would make sense; producing less NOx while on a cross-country >road-trip less so. Jim Bell -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3873 bytes Desc: not available URL: From rysiek at hackerspace.pl Sun Sep 27 10:46:31 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 27 Sep 2015 19:46:31 +0200 Subject: tox In-Reply-To: <56081E9A.5050108@riseup.net> References: <56070435.ea17370a.da260.30f2@mx.google.com> <56081E9A.5050108@riseup.net> Message-ID: <11550609.mSViriplVA@lapuntu> Dnia niedziela, 27 września 2015 09:51:38 Razer pisze: > On 09/26/2015 08:52 PM, coderman wrote: > > but if you need survivability i'd chose pond over tox. > > From the developer's site: > > Dear God, please don't use Pond for anything real yet. I've hammered > > out nearly 20K lines of code that have never been reviewed. Unless > > you're looking to experiment you should go use something that actually > > works. > > https://pond.imperialviolet.org/ > > RR > > ToxID: > E611C7673C4C9C84C7F53BD8A2DF46C3131CB260E5758392B6B22FE18072C57518A2F0786A9A Mine: 3FA2E5273F0C368576FE120B374664E3B41E2CDF21639AFED3DC301490FFB01FAAA47B78D5F4 -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Sun Sep 27 10:47:28 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 27 Sep 2015 19:47:28 +0200 Subject: tox In-Reply-To: <56081E9A.5050108@riseup.net> References: <56070435.ea17370a.da260.30f2@mx.google.com> <56081E9A.5050108@riseup.net> Message-ID: <5533778.hVpnGgJdFs@lapuntu> Dnia niedziela, 27 września 2015 09:51:38 Razer pisze: > On 09/26/2015 08:52 PM, coderman wrote: > > but if you need survivability i'd chose pond over tox. > > From the developer's site: > > Dear God, please don't use Pond for anything real yet. I've hammered > > out nearly 20K lines of code that have never been reviewed. Unless > > you're looking to experiment you should go use something that actually > > works. Oh, and this *definitely* holds true for Tox! It needs a good audit, clear protocol specification, and an independent implementation in Python! -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From zen at freedbms.net Sun Sep 27 13:55:22 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Sun, 27 Sep 2015 20:55:22 +0000 Subject: NATO, the finger of death Message-ID: The english of this author in the following opinion piece is a little broken here and there sorry. --- http://english.pravda.ru/opinion/columnists/28-08-2014/128397-nato_demonic-0/ NATO, the finger of death 28.08.2014 Iraq: Chaos! Libya: Chaos! Syria: Chaos! Whatever NATO touches, turns putrid, rots and dies. Three interventions by the Anglo-Saxon Alliance (UK and US), two by the FUKUS Axis (add France), three interventions by NATO, three destabilized States crawling with terrorists. The responsibility lies at the feet of Washington and its poodle States and the onus is on them to right the wrongs they willfully committed. You messed up, now... Pay for it! Are dogs Vegans? Do you feed goldfish chocolate? Common sense says no in both cases. Common sense also dictates that you do not intervene in highly complex societies with thousands of years of tradition and lore intricately mixed up in a myriad of ethnic and religious mosaics cemented together by a Governing body that understands where the point of equilibrium is to be found and which is kept in its position by the players in the society which it governs. Tweet Print version + - Font Size Send to friend A company of the Portuguese Army was detailed to build a new village for a community in the interior of Angola during the Colonial War*. The company had been instructed to do so because the village had been devastated. The architect based his idea on the downtown area of the capital city of Portugal, Lisbon, reconstructed in straight parallel lines after the earthquake and ensuing tsunami in 1755, which destroyed the city. The community was transported to the village and proudly shown their new home by the Portuguese captain. They ran away. Asked why they didn't like their village, the community leader, or soba, explained: "Our village is based on the circle. We eat sitting in a circle, our homes are circular, we sit outside in a circle in the evenings telling stories, laughing and singing. We take decisions sitting in a circle, it has no head, no beginning and no end. And no dark corners." Can women in Saudi Arabia use forks when they eat? No, because it is considered improper for a woman to put four long and hard prongs in her mouth at the same time because when a man sees this, it gives him unclean thoughts. For those western policy-makers chortling in mirth as they read this, let us now come back to the point of this article, the failed Western policy in Iraq, in Libya and in Syria. Iraq: chaos! Libya: chaos! Syria: chaos! In all three cases, Western politicians outdid one another in sheer arrogance, claiming (so democratically) that "Saddam must go", "Gaddafy must go," and "Assad must go". What we see in these three countries today is the direct result of the criminal intervention by NATO, its two henchmen, the USA and its poodle in chief, the UK and recently, France, which spends its time subserviently crawling around the legs of its Anglo-Saxon NATO masters across the Channel and across the Ocean, when it isn't obediently obeying Germany's calls for austerity. NATO destroyed Iraq, destroyed the State, destroyed the mechanisms of control in a highly complex society whose many ethnic and religious groups co-existed in peace until the West stepped in, after provoking Iraq by getting Kuwait to steal oil in cross-drilling operations, then demonizing the Iraqi Government, then directly interfering in the internal affairs of a sovereign State by getting the Shiites in the South to rebel, before the uprising was crushed. This criminally irresponsible approach to foreign policy-making seems to be endemic in the corridors of Whitehall, London and Washington DC, one of Whitehall's most fetid and dysfunctional abortions over the years. There ensued a decade of terrorist activity in Iraq between the First and Second Gulf Wars, in which NATO aircraft strafed fields of cereals and left the country strewn with Depleted Uranium, causing the deaths and malformations of hundreds of thousands of Iraqi children, before the outrage in 2003 when the Government was overthrown in an illegal military invasion which resulted in around one million deaths (murders) and today, the total destabilization of the State by ISIL, a wonderful feather in the cap for Washington and its poodle in chief. Yesterday they were full of bravado as they marched across the border knowing Saddam Hussein (who was keeping al-Qaeda out of Iraq) had no Weapons of Mass Destruction (his mistake was not to arm himself to the hilt) and knowing the Iraqi Armed Forces would not fight back (in the event the invasion was staged, with salvoes being fired over the Iraqi's heads as they retreated to negotiated positions). Today Washington and London are quivering in fear and are too scared to fight ISIL, the monster they created. This same criminal irresponsibility was demonstrated in Libya, where they again intervened, this time joined by that sickening wannabe Napoleon, France, this time not only creating but actively using terrorists on their own lists of proscribed groups, which Muammar al-Gaddafy (the first international leader to issue arrest warrants against al-Qaeda) was fighting. Again, military equipment was deployed against civilian structures, civilians were slaughtered by NATO aircraft, the Libyan water supply system was targeted (war crime), the electricity grid was destroyed (war crime) and the result, once again, was the wholesale destruction of a State. Under the Geneva Conventions, any military intervention must leave the area invaded functioning properly attending to the needs of its citizens. In not managing to guarantee this, the USA and its poodles in Europe have failed miserably in their task and have shirked their responsibilities. They are also responsible for criminal acts breaching every fiber of international law. Their leaders are, in plain English, war criminals and murderers. And now for Syria. Just a few months ago that Nobel Peace Prizewinner Obama in the USA was saying that Assad had to go, obediently parroted by Cameron and Mr. 17 per cent popularity ratings, Hollande. Now, they are considering sending military support to fight off ISIL in Syria, after these very same Western/NATO powers armed, trained and aided terrorists to fight the Government of President Assad, which has wide approval across Syrian society. If it was not so serious, it would be hilarious. But destroying countries and societies has shocking social implications. What these NATO countries deserve is for their boomerang to come back and smack them square in the face, facing their own jihadis, to get a taste of their own medicine, except for the fact that logic dictates that one cannot attack their approach abroad and then wish the same thing on them at home. What these criminally irresponsible powers must do is man up, accept the responsibility for what they have done, and pay to sort out the problems they created, keeping their unwanted troops at home. As those in Whitehall and Washington (let's be honest, Paris really doesn't count, does it?) claim that we live in difficult times and attack those who disagree with their criminal modus operandi, they should be reminded that the evils they face are those of their own creation. Instead of arrogantly ploughing ahead like modern-day imperialists, they would do better to respect international law for once, accept the responsibility for their actions, mind their own business and start behaving with goodwill, instead of malevolence. For those who have been involved in the political and military processes in Iraq, Libya and Syria, they belong behind bars. The mechanisms are already in place, the wheel is turning slowly, and most of them will live long enough to cast looks of fear over their shoulders wherever they may go. Blair already does, Rumsfeld dare not step off an aircraft outside the USA, ditto Powell, Bush, Cheney and Condoleezza Rice. The head of NATO is evil, psychopathic; the hand of NATO is putrid, sociopathic and the finger of NATO is as icy as it is satanic and demonic. It is the finger of death, contaminating everything it touches. NATO is the incarnation of the Four Horsemen of the Apocalypse: Conquest, War, Famine and Death. It is the Empire of Evil. *The Colonial War was fought between Portugal and factions in its former colonies Angola, Mozambique and Guinea-Bissau, from 1961 to 1974; there was no war in Portugal's other African provinces, Cape Verde and São Tomé and Principe Isles. Timothy Bancroft-Hinchey Pravda.Ru From rysiek at hackerspace.pl Sun Sep 27 12:06:01 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 27 Sep 2015 21:06:01 +0200 Subject: Fw: Fw: Augur: Blockchain-based Internet prediction market. In-Reply-To: <56081F43.90100@riseup.net> References: <600907594.1427204.1443334505379.JavaMail.yahoo@mail.yahoo.com> <56081F43.90100@riseup.net> Message-ID: <5470953.jWGAjNsY2A@lapuntu> Dnia niedziela, 27 września 2015 09:54:27 Razer pisze: > On 09/26/2015 11:15 PM, jim bell wrote: > > Copied from correspondence. > > Riseup.net doesn't like Fw: Fw: in subject lines... Very rightly so, too! -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From juan.g71 at gmail.com Sun Sep 27 19:50:32 2015 From: juan.g71 at gmail.com (Juan) Date: Sun, 27 Sep 2015 23:50:32 -0300 Subject: tox In-Reply-To: References: <56070435.ea17370a.da260.30f2@mx.google.com> Message-ID: <5608a9ce.a919370a.920a9.ffffca49@mx.google.com> On Sat, 26 Sep 2015 20:52:01 -0700 coderman wrote: > On 9/26/15, Juan wrote: > > ... > > I've been playing with tox(thanks rysiek!) and it looks > > rather interesting. I noticed however that it's not listed here > > > > https://www.eff.org/secure-messaging-scorecard > > i am not saying the scorecard is worthless, but rather, it is at best > a signal for subpar projects doing things obviously wrong. Oh, I wasn't commenting on the security of the software listed or tox in particular. What I meant is that tox is an interesting project and maybe more publicity from eff would help. > > it cannot tell you, honestly, who is doing it all right. (not least > because "right" is relative to risk and threat model, which is > perspective unique to each user...) > > > things that are good about Tox.chat: > - Opus for media. if you don't know about the Opus Codec, you should! > VP8 i don't care about either way. > - Re-uses onions, rather than trying to build its own anonymity > overlay for friend finding. > - Uses cryptobox for crypto stuffs, rather than rolling own. > - Supports clients of various types, per preference, rather than > monolithic structure. > > the bad: > - written in C and passing things around potentially unsafely. see the > address parsing in network.c, the DHT code. needs a good audit. > - poor network performance primitives with UDP - ok, not a problem > because this won't need that scale - beauty of decentralization! :) > - DHT is trivial to DoS. a known issue, but if you need survivability > i'd chose pond over tox. > > > best regards, From Rayzer at riseup.net Mon Sep 28 08:56:13 2015 From: Rayzer at riseup.net (Razer) Date: Mon, 28 Sep 2015 08:56:13 -0700 Subject: tox In-Reply-To: <1443451636.6909.3.camel@europa> References: <56070435.ea17370a.da260.30f2@mx.google.com> <4458660.QtbdDQHESL@lapuntu> <21757047-6E64-49EF-95BF-C09EC1DC92A8@cathalgarvey.me> <1703774.rHyHihue8Y@lapuntu> <1443451636.6909.3.camel@europa> Message-ID: <5609631D.5080405@riseup.net> On 09/28/2015 07:47 AM, Cathal Garvey wrote: > The hardest UX part of Jitsi meet is > teaching people to click "Allow Camera and Mic" on first visit.. you'd > be surprised how big a deal this is for people actually. From the pine nut gallery. No. I'm not surprised at all. Some people just don't do certain things 'the first time'... -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: From cathalgarvey at cathalgarvey.me Mon Sep 28 02:59:07 2015 From: cathalgarvey at cathalgarvey.me (Cathal (Phone)) Date: Mon, 28 Sep 2015 10:59:07 +0100 Subject: tox In-Reply-To: <2381579.MDJZ2Q7rhC@lapuntu> References: <56070435.ea17370a.da260.30f2@mx.google.com> <5608a9ce.a919370a.920a9.ffffca49@mx.google.com> <2381579.MDJZ2Q7rhC@lapuntu> Message-ID: <7A53E4C8-9388-4371-9E46-0E6191D54EBA@cathalgarvey.me> I've never successfully installed or used the Android APK. Without that there's very, very little point to Tox over just using Jitsi meet, especially when Jitsi's UX design and performance are so good for non-techies. If paranoid, run JM on own domain. No Android app but works on Android mobile Chromium, which does prevent a trust issue because compiling chromium is torture and auditing it is extremely awkward thanks to the pull-in-source-during-the-build process. Would like to see Tox work in a way compatible with my contacts, but only a small hamdful *could* use it and none of them *would*. On 28 September 2015 10:22:53 IST, rysiek wrote: >Dnia niedziela, 27 września 2015 23:50:32 Juan pisze: >> On Sat, 26 Sep 2015 20:52:01 -0700 >> >> coderman wrote: >> > On 9/26/15, Juan wrote: >> > > ... >> > > >> > > I've been playing with tox(thanks rysiek!) and it looks >> > > >> > > rather interesting. I noticed however that it's not listed here >> > > >> > > https://www.eff.org/secure-messaging-scorecard >> > >> > i am not saying the scorecard is worthless, but rather, it is at >best >> > a signal for subpar projects doing things obviously wrong. >> >> Oh, I wasn't commenting on the security of the software listed >> or tox in particular. >> >> What I meant is that tox is an interesting project and maybe >> more publicity from eff would help. > >I'm testing it on my non-techie friends and I think it needs a bit more >time. >I mean, for the most part it works and is already much, much more >usable than >XMPP+Jingle or SIP/SIMPLE SNAFUs, and actually possible to set-up by a >non- >techie person, but it also does experience occasional crashes, and >sometimes >has problems re-connecting to DHT upon user switching the physical >Internet >connection. > >-- >Pozdrawiam, >Michał "rysiek" Woźniak > >Zmieniam klucz GPG :: http://rys.io/pl/147 >GPG Key Transition :: http://rys.io/en/147 -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2730 bytes Desc: not available URL: From rysiek at hackerspace.pl Mon Sep 28 02:18:46 2015 From: rysiek at hackerspace.pl (rysiek) Date: Mon, 28 Sep 2015 11:18:46 +0200 Subject: tox In-Reply-To: <560843c4.12138c0a.9f6da.ffff9c5b@mx.google.com> References: <56070435.ea17370a.da260.30f2@mx.google.com> <11550609.mSViriplVA@lapuntu> <560843c4.12138c0a.9f6da.ffff9c5b@mx.google.com> Message-ID: <3639450.ddRtv4gltQ@lapuntu> Dnia niedziela, 27 września 2015 16:35:14 Juan pisze: > On Sun, 27 Sep 2015 19:46:31 +0200 > > rysiek wrote: > > > RR > > > > > > ToxID: > > > E611C7673C4C9C84C7F53BD8A2DF46C3131CB260E5758392B6B22FE18072C57518A2F078 > > > 6A9A> > > Mine: > > 3FA2E5273F0C368576FE120B374664E3B41E2CDF21639AFED3DC301490FFB01FAAA47B78D5 > > F4 > and mine > > 07531C0892CFB8C11ABA1293DC51359C3A77D67B39B44FA9397270EDA5F6493184DFABABC08C > > We assume we're not being MITMed eh? =P Well, at least we're using two channels. And we can verify it, kind of, by doing an audio call and reading out loud at least part of the ToxID. Live MITMing of audio might be a bit more complicated. ;) > Anyway, a problem with tox for the time being is lack of off-line > messaging... True. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Mon Sep 28 02:20:13 2015 From: rysiek at hackerspace.pl (rysiek) Date: Mon, 28 Sep 2015 11:20:13 +0200 Subject: tox In-Reply-To: <56084911.9090500@riseup.net> References: <56070435.ea17370a.da260.30f2@mx.google.com> <11550609.mSViriplVA@lapuntu> <56084911.9090500@riseup.net> Message-ID: <1602087.0jmyZe7R9Y@lapuntu> Dnia niedziela, 27 września 2015 12:52:49 Razer pisze: > qTox chat tool is still a work in progress. When I shrink the popout > chat window the text typed doesn't wrap; ends up a single column of > first-on-the-line letters Tox is still a work in progress. There was an important update a couple of months ago that broke API compatibility. Just a few months before that there has been a protocol change... Still, it does seem to be a potential contender as far as audio/video calls are concerned. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Mon Sep 28 02:22:53 2015 From: rysiek at hackerspace.pl (rysiek) Date: Mon, 28 Sep 2015 11:22:53 +0200 Subject: tox In-Reply-To: <5608a9ce.a919370a.920a9.ffffca49@mx.google.com> References: <56070435.ea17370a.da260.30f2@mx.google.com> <5608a9ce.a919370a.920a9.ffffca49@mx.google.com> Message-ID: <2381579.MDJZ2Q7rhC@lapuntu> Dnia niedziela, 27 września 2015 23:50:32 Juan pisze: > On Sat, 26 Sep 2015 20:52:01 -0700 > > coderman wrote: > > On 9/26/15, Juan wrote: > > > ... > > > > > > I've been playing with tox(thanks rysiek!) and it looks > > > > > > rather interesting. I noticed however that it's not listed here > > > > > > https://www.eff.org/secure-messaging-scorecard > > > > i am not saying the scorecard is worthless, but rather, it is at best > > a signal for subpar projects doing things obviously wrong. > > Oh, I wasn't commenting on the security of the software listed > or tox in particular. > > What I meant is that tox is an interesting project and maybe > more publicity from eff would help. I'm testing it on my non-techie friends and I think it needs a bit more time. I mean, for the most part it works and is already much, much more usable than XMPP+Jingle or SIP/SIMPLE SNAFUs, and actually possible to set-up by a non- techie person, but it also does experience occasional crashes, and sometimes has problems re-connecting to DHT upon user switching the physical Internet connection. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From cathalgarvey at cathalgarvey.me Mon Sep 28 04:00:52 2015 From: cathalgarvey at cathalgarvey.me (Cathal (Phone)) Date: Mon, 28 Sep 2015 12:00:52 +0100 Subject: Allegedly Volkswagen cheated to both governments and lusers In-Reply-To: <20150928104137.GB2569@sivokote.iziade.m$> References: <20150927103913.GA2584@sivokote.iziade.m$> <2016654741.1567232.1443375840565.JavaMail.yahoo@mail.yahoo.com> <20150928104137.GB2569@sivokote.iziade.m$> Message-ID: <0B73AF69-673C-491D-83A9-32A1970789A2@cathalgarvey.me> I gather it was discovered when a trade association was setting out to show off how awesome and clean modern diesels were, and did their own tests on actual road driving unlike the EPA. They discovered how shit the pollution really was and decided to report it. Which, if that's accurate, really reaffirms my faith in some of humanity, because it was actively against their interests to do so? On 28 September 2015 11:41:37 IST, Georgi Guninski wrote: >On Sun, Sep 27, 2015 at 05:44:00PM +0000, jim bell wrote: >> I noticed that (at least!) one media report portrayed this as making >VW's less "green". But from another report, I saw that they had 10% >greater gas mileage if they were allowed to cheat. (In other words, >less CO2 emissions per mile.) Now, the above quote refers to "huge >amounts" of NOx. (nitrogen oxides, probably NO and NO2). The question >is, for those people who complain about CO2 being a greenhouse gas, >what is the relative undesireability of extra CO2 versus extra NOx. > Relative harm, and all that. Which is a concept that people who call >themselves "environmentalists" seem to have a great deal of difficulty >with. >> This also raises an idea: I've never heard of this, but what would >be wrong with allowing differences in emissions based on location? > Putting a GPS in a car is trivial today. Producing less NOx inside a >city would make sense; producing less NOx while on a cross-country >road-trip less so. Jim Bell > >I don't understand chemistry. > >Something in this scandal stinks to me. > >How did this was unnoticed for about 6? years? > >Especially when the diesel consumption on the road >is visibly less than in a test environment? > >As suggested in news, likely competitors reversed >engineered the cars to see how VW managed to do this. -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2380 bytes Desc: not available URL: From cathalgarvey at cathalgarvey.me Mon Sep 28 04:51:22 2015 From: cathalgarvey at cathalgarvey.me (Cathal (Phone)) Date: Mon, 28 Sep 2015 12:51:22 +0100 Subject: tox In-Reply-To: <4458660.QtbdDQHESL@lapuntu> References: <56070435.ea17370a.da260.30f2@mx.google.com> <2381579.MDJZ2Q7rhC@lapuntu> <7A53E4C8-9388-4371-9E46-0E6191D54EBA@cathalgarvey.me> <4458660.QtbdDQHESL@lapuntu> Message-ID: <21757047-6E64-49EF-95BF-C09EC1DC92A8@cathalgarvey.me> Jitsi desktop or the Jitsi Meet browser app? I've given up on the former, reliability is as bad as Skype and UX is poor. The latter is Chrome only, but reliability and UX is great. On 28 September 2015 12:15:07 IST, rysiek wrote: >Dnia poniedziałek, 28 września 2015 10:59:07 piszesz: >> I've never successfully installed or used the Android APK. Without >that >> there's very, very little point to Tox over just using Jitsi meet, >> especially when Jitsi's UX design and performance are so good for >> non-techies. > >I have never had a single situation, where VoIP over Jitsi actually >worked. >And I have tried many, many times. :/ > >-- >Pozdrawiam, >Michał "rysiek" Woźniak > >Zmieniam klucz GPG :: http://rys.io/pl/147 >GPG Key Transition :: http://rys.io/en/147 -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1155 bytes Desc: not available URL: From guninski at guninski.com Mon Sep 28 03:04:51 2015 From: guninski at guninski.com (Georgi Guninski) Date: Mon, 28 Sep 2015 13:04:51 +0300 Subject: tox In-Reply-To: <2381579.MDJZ2Q7rhC@lapuntu> References: <56070435.ea17370a.da260.30f2@mx.google.com> <5608a9ce.a919370a.920a9.ffffca49@mx.google.com> <2381579.MDJZ2Q7rhC@lapuntu> Message-ID: <20150928100451.GA2569@sivokote.iziade.m$> On Mon, Sep 28, 2015 at 11:22:53AM +0200, rysiek wrote: > I'm testing it on my non-techie friends and I think it needs a bit more time. > I mean, for the most part it works and is already much, much more usable than > XMPP+Jingle or SIP/SIMPLE SNAFUs, and actually possible to set-up by a non- > techie person, but it also does experience occasional crashes, and sometimes > has problems re-connecting to DHT upon user switching the physical Internet > connection. > Is there an open source alternative to Viber, supporting relatively sound user encryption? Maybe some jabber extension? This: http://alternativeto.net/software/viber/?license=opensource suggests andriod/ios only: https://github.com/WhisperSystems/RedPhone From rysiek at hackerspace.pl Mon Sep 28 04:15:07 2015 From: rysiek at hackerspace.pl (rysiek) Date: Mon, 28 Sep 2015 13:15:07 +0200 Subject: tox In-Reply-To: <7A53E4C8-9388-4371-9E46-0E6191D54EBA@cathalgarvey.me> References: <56070435.ea17370a.da260.30f2@mx.google.com> <2381579.MDJZ2Q7rhC@lapuntu> <7A53E4C8-9388-4371-9E46-0E6191D54EBA@cathalgarvey.me> Message-ID: <4458660.QtbdDQHESL@lapuntu> Dnia poniedziałek, 28 września 2015 10:59:07 piszesz: > I've never successfully installed or used the Android APK. Without that > there's very, very little point to Tox over just using Jitsi meet, > especially when Jitsi's UX design and performance are so good for > non-techies. I have never had a single situation, where VoIP over Jitsi actually worked. And I have tried many, many times. :/ -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From guninski at guninski.com Mon Sep 28 03:41:37 2015 From: guninski at guninski.com (Georgi Guninski) Date: Mon, 28 Sep 2015 13:41:37 +0300 Subject: Allegedly Volkswagen cheated to both governments and lusers In-Reply-To: <2016654741.1567232.1443375840565.JavaMail.yahoo@mail.yahoo.com> References: <20150927103913.GA2584@sivokote.iziade.m$> <2016654741.1567232.1443375840565.JavaMail.yahoo@mail.yahoo.com> Message-ID: <20150928104137.GB2569@sivokote.iziade.m$> On Sun, Sep 27, 2015 at 05:44:00PM +0000, jim bell wrote: > I noticed that (at least!) one media report portrayed this as making VW's less "green". But from another report, I saw that they had 10% greater gas mileage if they were allowed to cheat. (In other words, less CO2 emissions per mile.) Now, the above quote refers to "huge amounts" of NOx. (nitrogen oxides, probably NO and NO2). The question is, for those people who complain about CO2 being a greenhouse gas, what is the relative undesireability of extra CO2 versus extra NOx. Relative harm, and all that. Which is a concept that people who call themselves "environmentalists" seem to have a great deal of difficulty with. > This also raises an idea: I've never heard of this, but what would be wrong with allowing differences in emissions based on location? Putting a GPS in a car is trivial today. Producing less NOx inside a city would make sense; producing less NOx while on a cross-country road-trip less so. Jim Bell I don't understand chemistry. Something in this scandal stinks to me. How did this was unnoticed for about 6? years? Especially when the diesel consumption on the road is visibly less than in a test environment? As suggested in news, likely competitors reversed engineered the cars to see how VW managed to do this. From guninski at guninski.com Mon Sep 28 04:21:42 2015 From: guninski at guninski.com (Georgi Guninski) Date: Mon, 28 Sep 2015 14:21:42 +0300 Subject: Allegedly Volkswagen cheated to both governments and lusers In-Reply-To: <0B73AF69-673C-491D-83A9-32A1970789A2@cathalgarvey.me> References: <20150927103913.GA2584@sivokote.iziade.m$> <2016654741.1567232.1443375840565.JavaMail.yahoo@mail.yahoo.com> <20150928104137.GB2569@sivokote.iziade.m$> <0B73AF69-673C-491D-83A9-32A1970789A2@cathalgarvey.me> Message-ID: <20150928112142.GC2569@sivokote.iziade.m$> On Mon, Sep 28, 2015 at 12:00:52PM +0100, Cathal (Phone) wrote: > I gather it was discovered when a trade association was setting out to show off how awesome and clean modern diesels were, and did their own tests on actual road driving unlike the EPA. They discovered how shit the pollution really was and decided to report it. > I don't follow this news actively. What is source for this? I suppose the people who reported this were not FV (and likely not German). But why they did the tests so lately? Is EPA so corrupt to not see a trivial backdoor? > Which, if that's accurate, really reaffirms my faith in some of humanity, because it was actively against their interests to do so? Well, I trust _some_ humanity, but as a whole modern society is quite untrustworthy IMHO. > From tom at vondein.org Mon Sep 28 06:08:55 2015 From: tom at vondein.org (Tom) Date: Mon, 28 Sep 2015 15:08:55 +0200 Subject: Allegedly Volkswagen cheated to both governments and lusers In-Reply-To: <20150928112142.GC2569@sivokote.iziade.m$> References: <20150927103913.GA2584@sivokote.iziade.m$> <2016654741.1567232.1443375840565.JavaMail.yahoo@mail.yahoo.com> <20150928104137.GB2569@sivokote.iziade.m$> <0B73AF69-673C-491D-83A9-32A1970789A2@cathalgarvey.me> <20150928112142.GC2569@sivokote.iziade.m$> Message-ID: <20150928130855.GA51580@r4> Hi, in germany this is at least known since 2007: http://m.spiegel.de/wirtschaft/unternehmen/a-1054926.html (german source, sorry) and the auto industry is being covered by the german government(*). The government does even lobby in the EU against stronger norms in vafour of german auto industry since years. So, if you ask me, it is implausible that eh EPA found out about this only recently. IMHO they knew it all the time. Now there has been "that call" from D.C. ordering them to open the box. Why now? I don't know, but maybe looking east and south from germany may help... *) this means, at least in germany they didn't cheat. The government did in effect. - Tom PS: oh, and it's now VW only, it's all of them. On Mon, Sep 28, 2015 at 02:21:42PM +0300, Georgi Guninski wrote: > On Mon, Sep 28, 2015 at 12:00:52PM +0100, Cathal (Phone) wrote: > > I gather it was discovered when a trade association was setting out to show off how awesome and clean modern diesels were, and did their own tests on actual road driving unlike the EPA. They discovered how shit the pollution really was and decided to report it. > > > > I don't follow this news actively. What is source for this? > > I suppose the people who reported this were not FV (and likely not > German). > > But why they did the tests so lately? > > Is EPA so corrupt to not see a trivial backdoor? > > > > Which, if that's accurate, really reaffirms my faith in some of humanity, because it was actively against their interests to do so? > > Well, I trust _some_ humanity, but as a whole modern society is quite > untrustworthy IMHO. > > > > From rysiek at hackerspace.pl Mon Sep 28 06:21:44 2015 From: rysiek at hackerspace.pl (rysiek) Date: Mon, 28 Sep 2015 15:21:44 +0200 Subject: tox In-Reply-To: <21757047-6E64-49EF-95BF-C09EC1DC92A8@cathalgarvey.me> References: <56070435.ea17370a.da260.30f2@mx.google.com> <4458660.QtbdDQHESL@lapuntu> <21757047-6E64-49EF-95BF-C09EC1DC92A8@cathalgarvey.me> Message-ID: <1703774.rHyHihue8Y@lapuntu> Dnia poniedziałek, 28 września 2015 12:51:22 piszesz: > Jitsi desktop or the Jitsi Meet browser app? I've given up on the former, > reliability is as bad as Skype and UX is poor. The latter is Chrome only, > but reliability and UX is great. Ah, interesting! Didn't know about that. Any links? Does it use WebRTC? How is it different from palava.tv? -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Mon Sep 28 06:33:09 2015 From: rysiek at hackerspace.pl (rysiek) Date: Mon, 28 Sep 2015 15:33:09 +0200 Subject: Rogue States and Diplomacy: a Conversation With Noam Chomsky In-Reply-To: <56081A92.9090305@pilobilus.net> References: <20150927154317.GB2584@sivokote.iziade.m$> <56081A92.9090305@pilobilus.net> Message-ID: <10775595.sdivRzfHsL@lapuntu> Dnia niedziela, 27 września 2015 12:34:26 Steve Kinney pisze: > Iran sits right in the middle of the future U.S. Protectorate of > Pipelineistan. > > Taking in the larger picture, I would agree with General Turgidson > that we can not allow a mineshaft gap. 10/10, would laugh again. :) -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From cathalgarvey at cathalgarvey.me Mon Sep 28 07:47:16 2015 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Mon, 28 Sep 2015 15:47:16 +0100 Subject: tox In-Reply-To: <1703774.rHyHihue8Y@lapuntu> References: <56070435.ea17370a.da260.30f2@mx.google.com> <4458660.QtbdDQHESL@lapuntu> <21757047-6E64-49EF-95BF-C09EC1DC92A8@cathalgarvey.me> <1703774.rHyHihue8Y@lapuntu> Message-ID: <1443451636.6909.3.camel@europa> WebRTC: https://meet.jit.si Open source, self-hostable, very good performance despite (I think?) P2P crypto in-browser. Really the only problem is that so few browsers do WebRTC well enough to run it! Usability is *very* noob-friendly, just define a private URL or get one from the server on first-visit, and send to friends. They open the link, and are dropped into chat-server. The hardest UX part of Jitsi meet is teaching people to click "Allow Camera and Mic" on first visit.. you'd be surprised how big a deal this is for people actually. In fact, the difficulty getting people to click just that one button to use Jitsi Meet may be what finally broke my spirit and made me realise that users are quite often too stupid to successfully use *anything* and that only brand reputation makes them persevere to use shit like Skype. On Mon, 2015-09-28 at 15:21 +0200, rysiek wrote: > Dnia poniedziałek, 28 września 2015 12:51:22 piszesz: > > Jitsi desktop or the Jitsi Meet browser app? I've given up on the former, > > reliability is as bad as Skype and UX is poor. The latter is Chrome only, > > but reliability and UX is great. > > Ah, interesting! Didn't know about that. Any links? Does it use WebRTC? How is > it different from palava.tv? > From jdb10987 at yahoo.com Mon Sep 28 10:17:03 2015 From: jdb10987 at yahoo.com (jim bell) Date: Mon, 28 Sep 2015 17:17:03 +0000 (UTC) Subject: Allegedly Volkswagen cheated to both governments and lusers In-Reply-To: <20150928104137.GB2569@sivokote.iziade.m$> References: <20150928104137.GB2569@sivokote.iziade.m$> Message-ID: <789525458.2032358.1443460623850.JavaMail.yahoo@mail.yahoo.com> From: Georgi Guninski On Sun, Sep 27, 2015 at 05:44:00PM +0000, jim bell wrote: > I noticed that (at least!) one media report portrayed this as making VW's less "green". But from another report, I saw that they had 10% greater gas mileage if they were allowed to cheat. (In other words, less CO2 emissions per mile.) Now, the above quote refers to "huge amounts" of NOx. (nitrogen oxides, probably NO and NO2). The question is, for those people who complain about CO2 being a greenhouse gas, what is the relative undesireability of extra CO2 versus extra NOx. Relative harm, and all that. Which is a concept that people who call themselves "environmentalists" seem to have a great deal of difficulty with. > This also raises an idea: I've never heard of this, but what would be wrong with allowing differences in emissions based on location? Putting a GPS in a car is trivial today. Producing less NOx inside a city would make sense; producing less NOx while on a cross-country road-trip less so. Jim Bell >I don't understand chemistry. Generally I do, having a degree in Chemistry. However, automobile emissions is a sub-specialty to which I have never been exposed, except for reading occasional articles on the subject. Mostly you don't need to know chemistry to understand the car-pollution situation, however. CO2 is rather innocuous, except possibly for the issue of being a GHG (greenhouse gas; said to keep in heat to the Earth; "Global Warming" or "Climate Change".) NO and NO2 are poisonous, but are present in normal car exhaust in far smaller proportion than CO2. When automobile engines run, presumably there is a tradeoff: You can set the operating conditions of the car to "low CO2" (higher gas mileage) but at the same time NOx goes up. Or, you can lower NOx, but at the price of "high CO2" (lower gas mileage). >Something in this scandal stinks to me. As far as I can see, VW recognized that there was/is a tradeoff between the emission of CO2 and NOx. (Where NOx is used as a shorthand for nitrogen oxide (NO) and nitrogen dioxide (NO2; which when at high concentration dimerizes to N2O4, but this isn't really significant for auto-exhaust issues.) "THE RULES" said they had to reduce NOx to some value, call it "Y". But VW recognized that if it did that, gas mileage would go down a lot, perhaps it is 10%. VW made the choice to cheat, to reduce the emission to "Y" but only when the car recognized that it was undergoing emissions testing. >How did this was unnoticed for about 6? years? Maybe other car manufacturers were aware of it. But they may have been cheating, too, greatly reducing their motivation to report VW. >Especially when the diesel consumption on the road >is visibly less than in a test environment? That would have been a major clue. But presumably the testers didn't have any way to know how much diesel fuel was actually being consumed on the road by VW's cars. >As suggested in news, likely competitors reversed >engineered the cars to see how VW managed to do this. Quite possibly. But I think the trade-off VW chose might actually be worthwhile. At least when the car is not in a city. Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5948 bytes Desc: not available URL: From juan.g71 at gmail.com Mon Sep 28 15:03:49 2015 From: juan.g71 at gmail.com (Juan) Date: Mon, 28 Sep 2015 19:03:49 -0300 Subject: tox In-Reply-To: <2381579.MDJZ2Q7rhC@lapuntu> References: <56070435.ea17370a.da260.30f2@mx.google.com> <5608a9ce.a919370a.920a9.ffffca49@mx.google.com> <2381579.MDJZ2Q7rhC@lapuntu> Message-ID: <5609b816.85ea8c0a.40ab.4ed0@mx.google.com> On Mon, 28 Sep 2015 11:22:53 +0200 rysiek wrote: > Dnia niedziela, 27 września 2015 23:50:32 Juan pisze: > > On Sat, 26 Sep 2015 20:52:01 -0700 > > > > coderman wrote: > > > On 9/26/15, Juan wrote: > > > > ... > > > > > > > > I've been playing with tox(thanks rysiek!) and it looks > > > > > > > > rather interesting. I noticed however that it's not listed here > > > > > > > > https://www.eff.org/secure-messaging-scorecard > > > > > > i am not saying the scorecard is worthless, but rather, it is at > > > best a signal for subpar projects doing things obviously wrong. > > > > Oh, I wasn't commenting on the security of the software > > listed or tox in particular. > > > > What I meant is that tox is an interesting project and maybe > > more publicity from eff would help. > > I'm testing it on my non-techie friends and I think it needs a bit > more time. I mean, for the most part it works and is already much, > much more usable than XMPP+Jingle or SIP/SIMPLE SNAFUs, and actually > possible to set-up by a non- techie person, but it also does > experience occasional crashes, and sometimes has problems > re-connecting to DHT upon user switching the physical Internet > connection. > Connection wise I haven't experienced any problems. Some friends of mine on windows set it up in minutes (they are not particularly techie). It also depends on what client you use I guess. I tested utox on a windows xp machine and it only took a few clicks to install. But having no off-line messaging does impair usability. Not being able to 'add' people unless they are online is...akward. From l at odewijk.nl Mon Sep 28 11:44:01 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Mon, 28 Sep 2015 20:44:01 +0200 Subject: NATO, the finger of death In-Reply-To: References: Message-ID: 2015-09-27 22:55 GMT+02:00 Zenaan Harkness : > Common sense also dictates that you do not intervene in > highly complex societies with thousands of years of tradition and lore > intricately mixed up in a myriad of ethnic and religious mosaics > cemented together by a Governing body that understands where the point > of equilibrium is to be found and which is kept in its position by the > players in the society which it governs. > Ah, but it is exactly why we must invade. Tradition, lore, ethnicity, religion, these things fracture markets. A homogeneous market is easier to sell to, easier to maintain. So too does democracy create a neat field for the economic game. It is too offensive to simply do away with these things. More tolerable is creating meta-culture, culture that must be observed within other culture. These meta cultures allow people to coexist in a way that's offensive to everyone, but no so offensive as to cause people to go out-of-bounds. We've gone and crushed their existing systems. We must now wait for chaos to consume the resilient. At the same time we must prevent all roads to order, except that road that leads to maximum economic exploitability; a privatized free market in a tolerant elections based democratic government. Aside from making the country impossible to steer, the representative democratic system is also the most sensitive to (foreign) propaganda, and still subject to every form of bribery and corruption. I struggle to envision a system that's more readily exploited. I do find it peculiar that these places do not readily organize into neat democracies. I am not the expert of such matters, to me it mostly seems that people do as they please. Perhaps the children will not struggle quite so much. Certainly, until they give in, there will be no order. This can be made sure of. Ok, so, either the above, or, you know, these places were a mess before, then NATO went in, and it was still a mess. Can women in Saudi Arabia use forks when they eat? No, because it is > considered improper for a woman to put four long and hard prongs in > her mouth at the same time because when a man sees this, it gives him > unclean thoughts. For those western policy-makers chortling in mirth > as they read this, let us now come back to the point of this article, > the failed Western policy in Iraq, in Libya and in Syria. Can I get a fork with penis heads on the prongs? Or maybe just a single fork like that in a set that's otherwise just like it? In NL we've succeeded at eliminating most of this sort of culture. Girls may wear their ridiculous hair-hiding self-incriminating headpieces, and they often do. I just love it when they also do makeup; thick eyeshadow, bronze powered cheeks, vibrant warm lipstick. When they finish up with form-fitted T's or sweaters and nice leather boots, well, that's even lovelier. And when you've gone that far, why not wear those gorgeous form-giving 50% denim, 50% stretchyester pants. You know, the kind that has you show off from calf to hip and everything in between? Not even rabbis will avert their eyes from those curves! Okay, so, satire aside, the author does not enter into specifics. Should NATO have left the dictators, kings, etc to it? Should we have seen overmuch of our wealth flow whence the oil comes? There's also throwing around words like "war criminals" which is just propaganda, as the word is unde(rde)fined. There's a good grasp of world-leader-geography, but little of anything else. There's no real point made, except "it's a mess where NATO went". Ultimately, I think given the same axioms people should end up making the same conclusions. It's pretty rare for people to unify their own arguments correctly, so this is not always true. I can confidently say that men can maintain a level of composure even when a woman uses a fork, and that most religions keep out-of-date notions of cleanliness. (dear all, we can reliably sterilize pork now. It's no worse than other foods.) (dear all, we can reliably combat sexually transmitted diseases and pregnancy without abstaining. By now abstinence is causing far more harm than it is solving) (dear all, besides alcohol, there's a range of safe-enough recreational potions) (dear all, heavy punishment may not be the best way to deal with crime. Heavier punishment may be completely ineffective, depending on the crime and its motivations.) I keep thinking back on Bitnation and wondering whether something like it would be of any help. The situation is so complex, the technology, the people, the ideologies, the status quo, I cannot say. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 6013 bytes Desc: not available URL: From rysiek at hackerspace.pl Mon Sep 28 13:25:57 2015 From: rysiek at hackerspace.pl (rysiek) Date: Mon, 28 Sep 2015 22:25:57 +0200 Subject: tox In-Reply-To: <1443451636.6909.3.camel@europa> References: <56070435.ea17370a.da260.30f2@mx.google.com> <1703774.rHyHihue8Y@lapuntu> <1443451636.6909.3.camel@europa> Message-ID: <2727133.mOxZRLTEWb@lapuntu> Dnia poniedziałek, 28 września 2015 15:47:16 piszesz: > WebRTC: https://meet.jit.si > > Open source, self-hostable, very good performance despite (I think?) P2P > crypto in-browser. Really the only problem is that so few browsers do > WebRTC well enough to run it! Interesting. Similar to https://palava.tv then. I'll look into it, I might use one of them in a project of mine. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Mon Sep 28 13:37:18 2015 From: rysiek at hackerspace.pl (rysiek) Date: Mon, 28 Sep 2015 22:37:18 +0200 Subject: tox In-Reply-To: <5609631D.5080405@riseup.net> References: <56070435.ea17370a.da260.30f2@mx.google.com> <1443451636.6909.3.camel@europa> <5609631D.5080405@riseup.net> Message-ID: <3400008.Fifofq88y0@lapuntu> Dnia poniedziałek, 28 września 2015 08:56:13 Razer pisze: > On 09/28/2015 07:47 AM, Cathal Garvey wrote: > > The hardest UX part of Jitsi meet is > > teaching people to click "Allow Camera and Mic" on first visit.. you'd > > be surprised how big a deal this is for people actually. > > From the pine nut gallery. No. I'm not surprised at all. Some people > just don't do certain things 'the first time'... Well, there's also a question of how anal-retentive you want to be about it. I tend to be somewhere between "very" and "extremely", which usually gets the otehr side to actually use Etherpads instead of Googl Docs; Tox or https://palava.tv instead of Skype; etc. Actually, I do not have a GDocs account, and I do not have a Skype account. That makes things a bit awkward sometimes, but in the end there is *always* a way to communicate, and if somebody is unwilling to use a tool that does not require me to give my data to the Microsofts and Googles of this world, than I tend to just assume that the whole deal is not worth my time. And you know what? I don't remember the last time I had to make that assumption. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From zen at freedbms.net Mon Sep 28 16:53:38 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Mon, 28 Sep 2015 23:53:38 +0000 Subject: Allegedly Volkswagen cheated to both governments and lusers In-Reply-To: <20150928130855.GA51580@r4> References: <20150927103913.GA2584@sivokote.iziade.m$> <2016654741.1567232.1443375840565.JavaMail.yahoo@mail.yahoo.com> <20150928104137.GB2569@sivokote.iziade.m$> <0B73AF69-673C-491D-83A9-32A1970789A2@cathalgarvey.me> <20150928112142.GC2569@sivokote.iziade.m$> <20150928130855.GA51580@r4> Message-ID: On 9/28/15, Tom wrote: > in germany this is at least known since 2007: CIA never lets a good opportunity go to waste - keep such aces up sleeves for future threat and or retaliation 'opportunity'. > http://m.spiegel.de/wirtschaft/unternehmen/a-1054926.html (german > source, sorry) and the auto industry is being covered by the german > government(*). The government does even lobby in the EU against stronger > norms in vafour of german auto industry since years. > > So, if you ask me, it is implausible that eh EPA found out about this > only recently. IMHO they knew it all the time. Now there has been "that > call" from D.C. ordering them to open the box. Why now? I don't know, > but maybe looking east and south from germany may help... > > *) this means, at least in germany they didn't cheat. The government > did in effect. Indeed it could be seen as retaliation - an enticing if impossible to prove proposition - Germany's leader finally suggests alternative approaches required to handle Syrian refugees 'and Assad' and the situation in Ukraine, and US firing back: 2014, Germany towing the US line: * Nov 11, 2014 - Merkel aide rules out working with Assad despite rise of Islamic State http://www.reuters.com/article/2014/11/11/us-syria-crisis-germany-assad-idUSKCN0IV13O20141111 now the shift: * Sep 1, 2015 - EU migrant crisis: Germany's Angela Merkel suggests border controls may be re-introduced http://www.ibtimes.co.uk/eu-migrant-crisis-germanys-angela-merkel-suggests-border-controls-may-be-re-introduced-1517891 * 04 Sep 2015 - Germany helps Russia bypass Ukraine via ‘Nord Stream 2’ http://www.euractiv.com/sections/energy/germany-helps-russia-bypass-ukraine-nord-steam-2-317340 (who needs the EU energy protectionist package when you can go direct to Russia) * Sep 12, 2015 - Germany's Merkel sees need to cooperate with Russia on Syria http://www.reuters.com/article/2015/09/12/us-mideast-crisis-syria-germany-idUSKCN0RC0LM20150912 * 24.09.2015 - Merkel says Assad must have role in Syria talks http://www.dw.com/en/merkel-says-assad-must-have-role-in-syria-talks/a-18736427 and possible reprisal by US - 'VW scandal!' (7 years late) and new US nukes stationed in Germany (take THAT, Germans!): * Sep 18 - VW Is Said to Cheat on Diesel Emissions; U.S. to Order Big Recall http://tech.slashdot.org/firehose.pl?op=view&type=story&sid=15/09/18/1745221 http://www.nytimes.com/2015/09/19/business/volkswagen-is-ordered-to-recall-nearly-500000-vehicles-over-emissions-software.html * September 21, 2015 - U.S. Will Station New Nuclear Weapons in Germany Against Russia http://www.washingtonsblog.com/2015/09/u-s-will-station-new-nuclear-weapons-in-germany-against-russia.html “The Bundestag decided in 2009, expressing the will of most Germans, that the US should withdraw its nuclear weapons from Germany. But German Chancellor Angela Merkel did nothing.” And now she okays the U.S. to increase America’s German-based nuclear arsenal against Russia. Perhaps USG has some control dirt on Merkel? Perhaps the Bundestag is not independent, or perhaps we're not getting the full story? Zenaan From zen at freedbms.net Mon Sep 28 17:34:34 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Tue, 29 Sep 2015 00:34:34 +0000 Subject: NATO, the finger of death In-Reply-To: References: Message-ID: On 9/28/15, Lodewijk andré de la porte wrote: > 2015-09-27 22:55 GMT+02:00 Zenaan Harkness : > >> Common sense also dictates that you do not intervene in >> highly complex societies with thousands of years of tradition and lore >> intricately mixed up in a myriad of ethnic and religious mosaics >> cemented together by a Governing body that understands where the point >> of equilibrium is to be found and which is kept in its position by the >> players in the society which it governs. > Okay, so, satire aside, the author does not enter into specifics. Should > NATO have left the dictators, kings, etc to it? Well it looks like Russia learnt 'the way' of NATO in Libya (and Afganistan, Iraq, Egypt ... and most other CIA-led coup 'opportunities') - that is to destabilise then followed by cross fingers. And in Syria, it seems Russia has decided that Russia's relationships and interests are going to be protected (like Russia's leased naval base). So at this point, I don't think it matters much what USG in the guise of NATO want or 'should' do. > Should we have seen > overmuch of our wealth flow whence the oil comes? I think this is the primary question - the world was split up (roughly speaking) in oil terms, after WWII, and now USA is saying they want to resplit the world - as in, control more than what they have for so long. Personally I'm very happy with the arrangements with Russia, but on the other hand I'm not a European oligarch, so what would I know? As it so happens, I'm also not an American oligarch (oil or banks), but as a very humbly living Australian looking on, I breathe a sigh of relief that Russia is finally asserting itself - putting its global foot down and saying enough's enough. As I've said clearly in the past, the CIA's (and USGov's) actions in the world, for decades, and the consequences and fallout from those actions, is not f!@#$ng ok! And so I would rephrase your question like this: Should we consent by acquiescence (by doing nothing) to our collective "western" "demoncratic" governments spearheading coup after coup in foreign countries - with a quarter million civilians dead in Syria already, let alone Lybia, Iraq, Afganistan etc? In dignity, a human's first position must always be "is mass killing ok" and never "is the current balance of trade equation ok". > There's also throwing > around words like "war criminals" which is just propaganda, as the word is > unde(rde)fined. There's a good grasp of world-leader-geography, but little > of anything else. There's no real point made, except "it's a mess where > NATO went". Well now that Russia (with now China and...) is supporting the current democratically elected government in Syria, let's see if the outcome is less of a mess than the CIA's last 30 attempts... Perhaps the regime in America needs a change towards democracy. > Ultimately, I think given the same axioms people should end up making the > same conclusions. It's pretty rare for people to unify their own arguments > correctly, so this is not always true. I can confidently say that men can > maintain a level of composure even when a woman uses a fork, and that most > religions keep out-of-date notions of cleanliness. (dear all, we can > reliably sterilize pork now. It's no worse than other foods.) (dear all, we > can reliably combat sexually transmitted diseases and pregnancy without > abstaining. By now abstinence is causing far more harm than it is solving) > (dear all, besides alcohol, there's a range of safe-enough recreational > potions) (dear all, heavy punishment may not be the best way to deal with > crime. Heavier punishment may be completely ineffective, depending on the > crime and its motivations.) > > > I keep thinking back on Bitnation and wondering whether something like it > would be of any help. The situation is so complex, the technology, the > people, the ideologies, the status quo, I cannot say. Sadly, whilst fear and acquiescence rule the majority, they sheeple will continue to acquiesce in fear, and therefore be shorn. Political anarchist 'state' requires at least a threshold % of people who are not in fear, or who at least are willing to live in self sufficiency, in 'true' freedom, and in 'faith' that we can handle rogue individuals and rogue factions who here and there will attempt to dominate others individually and or collectively. I would dearly love to see the day where humans can truly be worthy of typical 'founding fathers' claims and statements. Zenaan From zen at freedbms.net Mon Sep 28 19:17:27 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Tue, 29 Sep 2015 02:17:27 +0000 Subject: popcorn time - Russia now supporting Iraq too - US on the Ropes: China to Join Russian Military In Syria? Message-ID: I would have thought this too funny to be real, but seems it is: http://russia-insider.com/en/politics/us-ropes-china-join-russian-military-syria/ri9996 "Meanwhile, it now looks as though the very same Russian-Iran “nexus” that's playing spoiler in Syria is also set to take over the fight against ISIS in Iraq, as Baghdad has now struck a deal to officially share intelligence with Moscow and Tehran. Here's CNN:" No wonder Obama and the wannabe POTUS Putin-haters seem a little off base at the moment .. Putin just took their NWO plate with a stereotypically Russian "thank you kindly, you have a nice day now." Damn. Zenaan From zen at freedbms.net Mon Sep 28 19:26:36 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Tue, 29 Sep 2015 02:26:36 +0000 Subject: Fwd: EPA opposed DMCA exemptions that could have revealed Volkswagen fraud In-Reply-To: References: Message-ID: Not new but on topic at the moment - DMCA is about control of end consumers/ users, not about copyright (or rather, it's abuse of copyright). ---------- Forwarded message ---------- From: Free Software Foundation Date: Mon, 28 Sep 2015 19:40:48 -0400 Subject: EPA opposed DMCA exemptions that could have revealed Volkswagen fraud Dear Mr Harkness, We have written previously about the [organizations and individuals][1] who opposed exemptions to the Digital Millennium Copyright Act's (DMCA) anti-circumvention provisions. These drones oppose the rights of users to backup, modify, and study the software and devices that we own. The DMCA's anti-circumvention provisions create legal penalties for simply accessing your software under your own terms, and raises those penalties even higher should dare to share the tools needed to do so. It creates real penalties for anyone who wants to avoid Digital Restrictions Management (DRM) controls. The granting of exemptions to these totalitarian rules is a broken and half-hearted attempt to limit the damage these rules bring, granting for 3 years a reprieve for certain specified devices and software. The Environmental Protection Agency (EPA) side-stepped this process and [sent a letter][2] separately directly to the Copyright Office. In the letter they argued that users should not be able to access and modify the software on their own vehicles. In their estimation, this would enable users to violate emissions controls. So it would be better for them if the hammer of the DMCA remained hanging over the head of every user or researcher who wanted to access the software on their vehicle. Of course, just a few months after telling the Copyright Office that users couldn't be trusted with access to their devices, the EPA revealed a major scandal involving Volkswagen. It turns out that Volkswagen had for many years cheated the emissions test performed by the EPA. Volkswagen had surreptitiously included some code in their diesel vehicles that would detect the EPA's tests and have the car change its performance in order to meet EPA mandates. Once the test was over, the code would revert the vehicle to its normal, high-polluting functioning. This scam apparently went on for years before it was detected by researchers. Of course the irony is that if users and researchers had the right to access the software on their cars, they might have discovered this fraud years ago. As Eben Moglen, founder of the [Software Freedom Law Center][3] [noted][4] "If Volkswagen knew that every customer who buys a vehicle would have a right to read the source code of all the software in the vehicle, they would never even consider the cheat, because the certainty of getting caught would terrify them.” Volkswagen is already a contributor on the kernel Linux, and as Bradley M. Kuhn, President and Distinguished Technologist of the [Software Freedom Conservancy][5] pointed out it is likely that Volkswagen vehicles already contain some free software. But some is not all, and clearly they kept much of their software secret in order to hide their scam. If all the software on the vehicles was free software they never could have perpetrated this scheme. Researchers also could have discovered the fraud had they not been hindered by the DMCA's anti-circumvention provisions, as Kit Walsh of the Electronic Frontier Foundation [argued][6]. The EPA of course failed to understand all this when drafting their letter promoting the use of DRM. But there is a more galling fact at play here. What the EPA argued in their letter was that the exemption should not be granted under the DMCA as a means for enforcing efficiency standards. That clearly isn't the stated purpose of the DMCA's anti-circumvention provisions, and highlights one of the fundamental problems with DRM. That a government agency would try to commandeer the DRM of private actors, not to enforce copyright but as a means to enforce something wholly unrelated, demonstrates a central truth: DRM is not about copyright; it's about control. It's about dominating users. It's about spying on them. It's about installing [rootkits][7] onto their computers. It has nothing to do with rights, and everything to do with restriction. We can't let governments and corporation use DRM to take over our lives. This is what you can do today to fight back: If you microblog, please share the following message (or your own) with the hashtag #DRMshame. We strongly suggest that if you use [Twitter][8] to publicly call the EPA and Volkswagen out, you do it in a way that avoids using proprietary software: * @EPA You should be ashamed of yourself for trying to use Digital Restrictions Management #DRMshame * @VW All software on your vehicles needs to be free software without DRM to restore our trust #DRMshame Here's what else you can do.: * Join the [Defective By Design][9] mailing list to keep up to date on the on-going fight against DRM. * To help fund our work, consider [donating to the FSF][10]. Happy hacking, Donald Robertson Copyright and Licensing Associate [1]: http://www.defectivebydesign.org/meet-the-drm-drones [2]: http://copyright.gov/1201/2015/USCO-letters/EPA_Letter_to_USCO_re_1201.pdf [3]: https://www.softwarefreedom.org/ [4]: http://www.nytimes.com/2015/09/23/nyregion/volkswagens-diesel-fraud-makes-critic-of-secret-code-a-prophet.html [5]: https://sfconservancy.org/ [6]: https://www.eff.org/deeplinks/2015/09/researchers-could-have-uncovered-volkswagens-emissions-cheat-if-not-hindered-dmca [7]: http://www.defectivebydesign.org/sony [8]: https://www.fsf.org/twitter [9]: https://defectivebydesign.org/join [10]: https://donate.fsf.org -- * Follow us at . * Subscribe to our RSS feeds at . * Join us as an associate member at . Sent from the Free Software Foundation, 51 Franklin St, Fifth Floor Boston, Massachusetts 02110-1335 United States From zen at freedbms.net Mon Sep 28 23:58:55 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Tue, 29 Sep 2015 06:58:55 +0000 Subject: What CBS Edited out of Putin's Interview [on "60 Minutes"] Message-ID: So, what was edited from Putin's rare "60 Minutes" interview on CBS? Those bits embarrassing to USA government it seems - who would have thought ... Enjoy, Zenaan "What CBS Edited out of Putin's Interview" http://russia-insider.com/en/media-criticism/what-cbs-edited-out-putins-interview/ri9988 A full transcript and a youtube link is here: "UPDATED: "We know everything" - Putin's interview on American CBS PLUS what was cut from the interview" http://fortruss.blogspot.si/2015/09/putins-interview-on-american-60-minutes.html From guninski at guninski.com Mon Sep 28 23:05:55 2015 From: guninski at guninski.com (Georgi Guninski) Date: Tue, 29 Sep 2015 09:05:55 +0300 Subject: Allegedly Volkswagen cheated to both governments and lusers In-Reply-To: References: <20150927103913.GA2584@sivokote.iziade.m$> <2016654741.1567232.1443375840565.JavaMail.yahoo@mail.yahoo.com> <20150928104137.GB2569@sivokote.iziade.m$> <0B73AF69-673C-491D-83A9-32A1970789A2@cathalgarvey.me> <20150928112142.GC2569@sivokote.iziade.m$> <20150928130855.GA51580@r4> Message-ID: <20150929060555.GA2518@sivokote.iziade.m$> On Mon, Sep 28, 2015 at 11:53:38PM +0000, Zenaan Harkness wrote: > On 9/28/15, Tom wrote: > > in germany this is at least known since 2007: > > CIA never lets a good opportunity go to waste - keep such aces up > sleeves for future threat and or retaliation 'opportunity'. > IMHO besides VW others outside Germany should be punished too. https://en.wikipedia.org/w/index.php?title=Volkswagen_emissions_violations&oldid=683264419 The U.S. test results confirmed the ICCT's findings in Europe.[37] The West Virginia scientists didn't identify the defeat device, but reported their findings in a study they presented directly to the EPA and CARB in May 2014.[41][42] And in 2013 there was warning about "defeat device". From zen at freedbms.net Tue Sep 29 03:27:02 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Tue, 29 Sep 2015 10:27:02 +0000 Subject: And here it is - In UN Speech Putin Blasts US Foreign Policy Message-ID: In UN Speech Putin Blasts US Foreign Policy http://russia-insider.com/en/politics/un-speech-putin-blasts-us-foreign-policy/ri10001 (includes full official transcript) And, as the image tells, Obama not happy: http://russia-insider.com/en/politics/multinational-deal-may-allow-assad-stay/ri10004 "Multinational Deal May Allow Assad to Stay" (Many quotes I am tempted to quote, but better is enjoy the fullness of this blessing in action. The world be grateful. Z) From guninski at guninski.com Tue Sep 29 01:59:58 2015 From: guninski at guninski.com (Georgi Guninski) Date: Tue, 29 Sep 2015 11:59:58 +0300 Subject: Allegedly Volkswagen cheated to both governments and lusers In-Reply-To: <0B73AF69-673C-491D-83A9-32A1970789A2@cathalgarvey.me> References: <20150927103913.GA2584@sivokote.iziade.m$> <2016654741.1567232.1443375840565.JavaMail.yahoo@mail.yahoo.com> <20150928104137.GB2569@sivokote.iziade.m$> <0B73AF69-673C-491D-83A9-32A1970789A2@cathalgarvey.me> Message-ID: <20150929085958.GC2518@sivokote.iziade.m$> On Mon, Sep 28, 2015 at 12:00:52PM +0100, Cathal (Phone) wrote: > I gather it was discovered when a trade association was setting out to show off how awesome and clean modern diesels were, and did their own tests on actual road driving unlike the EPA. They discovered how shit the pollution really was and decided to report it. > > Which, if that's accurate, really reaffirms my faith in some of humanity, because it was actively against their interests to do so? > AFAICT this was discovered by scholars, not regulators (check wikipedia link). Cheating EPA appears to be common practice: https://en.wikipedia.org/w/index.php?title=Volkswagen_emissions_violations&oldid=683264419 In 1973, Chrysler, Ford Motor Company, General Motors, Toyota, and Volkswagen had to remove ambient temperature switches which affected emissions, though the companies denied intentional cheating and said that strategies like enriching fuel mixture during cold engine warm-up periods could reduce overall pollution. In 1996 General Motors had to pay a near-record fine of $11 million, and had to recall almost as many cars as Volkswagen's US TDI diesels, 470,000, when they, like Volkswagen, programmed ECU software to disengage emissions controls during conditions known to exist when the cars were not being lab tested by the EPA. There are more cases linked. From guninski at guninski.com Tue Sep 29 04:35:15 2015 From: guninski at guninski.com (Georgi Guninski) Date: Tue, 29 Sep 2015 14:35:15 +0300 Subject: And here it is - In UN Speech Putin Blasts US Foreign Policy In-Reply-To: References: Message-ID: <20150929113515.GD2518@sivokote.iziade.m$> On Tue, Sep 29, 2015 at 10:27:02AM +0000, Zenaan Harkness wrote: > In UN Speech Putin Blasts US Foreign Policy > http://russia-insider.com/en/politics/un-speech-putin-blasts-us-foreign-policy/ri10001 > (includes full official transcript) > > And, as the image tells, Obama not happy: > http://russia-insider.com/en/politics/multinational-deal-may-allow-assad-stay/ri10004 > "Multinational Deal May Allow Assad to Stay" > > (Many quotes I am tempted to quote, but better is enjoy the fullness > of this blessing in action. The world be grateful. Z) Someone claimed russia and the usa are quarrelling about geopolitical interests, (likely about the russian military bases in syria) and eu takes care of the refugees. At least there is seemingly some kind of "competition" and not a single oligarch. From me at brendafernandez.com Tue Sep 29 19:29:17 2015 From: me at brendafernandez.com (=?UTF-8?Q?Brenda_Fern=C3=A1ndez?=) Date: Tue, 29 Sep 2015 23:29:17 -0300 Subject: Windows TrueCrypt Fatally Flawed Message-ID: Windows TrueCrypt Fatally Flawed Posted on September 30, 2015 by Bingo Boingo Continued research after the first TrueCrypt audit yielded inconclusive results has discovered fatal privilege escalation vulnerabilities allowing for complete takeover (archived ). So far this is known to affect TrueCrypt on Windows boxes , but there is still potential for other flaws to be discovered in TrueCrypt on other platforms. Details of the vulnerabilities are not yet disclosed, but this supports the possibility that it may not be possible at all to develop software offering any level of security on the Windows platform. This entry was posted in News , Software . Bookmark the permalink . One thought on “Windows TrueCrypt Fatally Flawed” 1. Bingo Boingo says: September 30, 2015 at 12:44 am Further: The VeraCrypt derivative forked from TrueCrypt though this particular issue was reportedly patched, likely continues to posses undiscovered security issues. -- Brenda Fernández me at brendafernandez.com GPG: CE5BEE6C81FCA4D4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2791 bytes Desc: not available URL: From coderman at gmail.com Wed Sep 30 00:45:53 2015 From: coderman at gmail.com (coderman) Date: Wed, 30 Sep 2015 00:45:53 -0700 Subject: Snowden on the Twitters In-Reply-To: <158BB685-46FD-4D8B-BC80-05723A86C8E4@openmailbox.org> References: <20150930062542.GA2618@sivokote.iziade.m$> <158BB685-46FD-4D8B-BC80-05723A86C8E4@openmailbox.org> Message-ID: On 9/30/15, Oshwm wrote: > ... > I contacted one of the guys from freedom.press about this and his response > was that it was an acceptable risk because they were being DDoS'd. they have an onion: http://freepress3xxs3hk.onion/ use it to avoid CF entirely! best regards, From grarpamp at gmail.com Tue Sep 29 22:26:18 2015 From: grarpamp at gmail.com (grarpamp) Date: Wed, 30 Sep 2015 01:26:18 -0400 Subject: Snowden on the Twitters Message-ID: https://twitter.com/Snowden From grarpamp at gmail.com Tue Sep 29 22:48:39 2015 From: grarpamp at gmail.com (grarpamp) Date: Wed, 30 Sep 2015 01:48:39 -0400 Subject: US Pres Candidate Carly Fiorina Supplies NSA, Spying, Torture, Warmongering and Bankruptcy Message-ID: http://motherboard.vice.com/read/carly-fiorina-i-supplied-hp-servers-for-nsa-snooping https://www.yahoo.com/politics/carly-fiorina-defends-bush-era-torture-and-spying-130015256041.html http://politics.slashdot.org/story/15/09/29/220239/carly-fiorina-i-supplied-hp-servers-for-nsa-snooping According to an article at Motherboard, shortly after 9/11, NSA director Michael Hayden requested extra computing power and Carly Fiorina, then CEO of HP, responded by re-routing truckloads of servers to the agency. Fiorina acknowledged providing the servers to the NSA during an interview with Michael Isikoff in which she defended warrantless surveillance (as well as waterboarding) and framed her collaboration with the NSA in patriotic terms. Fiorina's compliance with Hayden's request for HP servers is but one episode in a long-running and close relationship between the GOP presidential hopeful and U.S. intelligence agencies. $500 billion over ten years by one estimate—and an upgrade of “every leg of the nuclear triad,” From coderman at gmail.com Wed Sep 30 02:39:01 2015 From: coderman at gmail.com (coderman) Date: Wed, 30 Sep 2015 02:39:01 -0700 Subject: Snowden on the Twitters In-Reply-To: <7C3EC895-FC0B-4FE7-B22C-086ADCFC6AC9@openmailbox.org> References: <20150930062542.GA2618@sivokote.iziade.m$> <158BB685-46FD-4D8B-BC80-05723A86C8E4@openmailbox.org> <7C3EC895-FC0B-4FE7-B22C-086ADCFC6AC9@openmailbox.org> Message-ID: On 9/30/15, Oshwm wrote: > Which is ok but some of the objects loaded by the onion come from > freedom.press and not the onion. two images, and piwik.js for analytics - none necessary, and this a problem? sure, they should fix it. but far from evidence of complicity or negligence... i have emailed them about the resources linked from the hidden service, but again, i don't fault them if they don't address it soon. it's NBD, honestly! best regards, From zen at freedbms.net Tue Sep 29 20:28:12 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Wed, 30 Sep 2015 03:28:12 +0000 Subject: Windows TrueCrypt Fatally Flawed In-Reply-To: References: Message-ID: On 9/30/15, Brenda Fernández wrote: > Windows TrueCrypt Fatally Flawed > Posted on September 30, 2015 > by Bingo > Boingo > > > Continued research after the first TrueCrypt audit > yielded inconclusive results has discovered fatal > privilege escalation vulnerabilities Noting "privilege escalation vulnerabilities" the nature of the "fatal flaw" is not what the subject might otherwise suggest... evidently someone wants some publicity, or wants to spread FUD. From coderman at gmail.com Wed Sep 30 06:58:15 2015 From: coderman at gmail.com (coderman) Date: Wed, 30 Sep 2015 06:58:15 -0700 Subject: FOIPA adventures In-Reply-To: References: <000701d0bcb7$94118e80$bc34ab80$@co.uk> Message-ID: On 9/27/15, coderman wrote: > ... less interesting reply, but ... from the comforting responses dept., a legit Glomar: [it's been a while!] "The list of origin IPv4 CIDR prefixes or distinct IPv4 addresses used by the Office of Tailored Access Operations (TAO) within the QUANTUMSQUIRREL covert access network, which is able to impersonate any IPv4 address. Note that this program has been widely discussed in the press thus removing any claims of sensitivity on this subject matter. C.f. "The NSA and GCHQ’s QUANTUMTHEORY Hacking Tactics". firstlook.org. 2014-07-16: https://firstlook.org/theintercept/document/2014/03/12/nsa-gchqs-quantumtheory-hacking-tactics/ . Please break out the list of impersonated endpoints by year, if possible." 'The request has been rejected, with the agency stating that it can neither confirm nor deny the existence of the requested documents.' - https://www.muckrock.com/foi/united-states-of-america-10/deezquantumsquirrelsrnutz-21241/ best regards, From zen at freedbms.net Wed Sep 30 01:11:15 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Wed, 30 Sep 2015 08:11:15 +0000 Subject: US Pres Candidate Carly Fiorina Supplies NSA, Spying, Torture, Warmongering and Bankruptcy In-Reply-To: References: Message-ID: On 9/30/15, grarpamp wrote: > http://motherboard.vice.com/read/carly-fiorina-i-supplied-hp-servers-for-nsa-snooping > https://www.yahoo.com/politics/carly-fiorina-defends-bush-era-torture-and-spying-130015256041.html > http://politics.slashdot.org/story/15/09/29/220239/carly-fiorina-i-supplied-hp-servers-for-nsa-snooping > > According to an article at Motherboard, shortly after 9/11, NSA > director Michael Hayden requested extra computing power and Carly > Fiorina, then CEO of HP, responded by re-routing truckloads of servers > to the agency. Fiorina acknowledged providing the servers to the NSA > during an interview with Michael Isikoff in which she defended > warrantless surveillance (as well as waterboarding) and framed her > collaboration with the NSA in patriotic terms. Fiorina's compliance > with Hayden's request for HP servers is but one episode in a > long-running and close relationship between the GOP presidential > hopeful and U.S. intelligence agencies. > $500 billion over ten years by one estimate—and an upgrade of “every > leg of the nuclear triad,” Perhaps the subject should just say "Money (its corrupting power)". Impossible to believe that HP "rerouted" it's servers without any financial gain for the company. Besides highlighting (thanks grarpamp) such abominations of anything resembling human decency/ human rights/ empathy/ fellowship etc ("torture is ok in this situation because..." - oh really), I don't know what else we can do to incentivise "doing the right thing" or disincentivise "doing the wrong thing". The nature of corporations is profit at any cost - and the sacrifice of anything other than profit is the cost. Perhaps more humans will aspire to something beyond the animalistic part of their nature... Zenaan From oshwm at openmailbox.org Wed Sep 30 00:13:09 2015 From: oshwm at openmailbox.org (Oshwm) Date: Wed, 30 Sep 2015 08:13:09 +0100 Subject: Snowden on the Twitters In-Reply-To: <20150930062542.GA2618@sivokote.iziade.m$> References: <20150930062542.GA2618@sivokote.iziade.m$> Message-ID: It is behind Cloudflare's MiTM service which adds web services names to their existing certs as alternative Names. So your SSL/TLS connection is terminated on Cloudflare's web application firewalls and NOT the web servers that you think is terminating it. Given CF handle over 4% of web traffic it is a great place to collect and collate what was encrypted traffic for monitoring and anti-privacy purposes. Cheers, Oshwm. On 30 September 2015 07:25:42 BST, Georgi Guninski wrote: >On Wed, Sep 30, 2015 at 01:26:18AM -0400, grarpamp wrote: >> https://twitter.com/Snowden > >https://freedom.press/ of which Snowden is director has weird >certificate, sharing a lot of Alt names: > > >Alt names for ssl7272.cloudflare.com (freedom.press certificate): > >DNS Name: ssl7272.cloudflare.com >DNS Name: *.beauty88.com.cn >DNS Name: *.beauty88.com.tw >DNS Name: *.betteroff.net >DNS Name: *.elderslie-babylon-fastfood.com >DNS Name: *.elfourno.com >DNS Name: *.errolskebabhouse.com >DNS Name: *.everestbhansaghar.com >DNS Name: *.everestdine.com >DNS Name: *.expresskebabcrayford.com >DNS Name: *.fafawispizza.com >DNS Name: *.familykebab.com >DNS Name: *.familykebabhouse.com >DNS Name: *.fanellispizza.com >DNS Name: *.fanellistakeaway.com >DNS Name: *.farsleyfastfood.com >DNS Name: *.fastfoodstoke.com >DNS Name: *.favoritechickengrays.com >DNS Name: *.favourfastfood.com >DNS Name: *.freedom.press >DNS Name: *.harpqualified.com >DNS Name: *.haykobagdat.com >DNS Name: *.helptohelp.se >DNS Name: *.mcmistanbul.com >DNS Name: *.ploughinn.com.au >DNS Name: *.seomate.com >DNS Name: *.zenithsecure.com >DNS Name: beauty88.com.cn >DNS Name: beauty88.com.tw >DNS Name: betteroff.net >DNS Name: elderslie-babylon-fastfood.com >DNS Name: elfourno.com >DNS Name: errolskebabhouse.com >DNS Name: everestbhansaghar.com >DNS Name: everestdine.com >DNS Name: expresskebabcrayford.com >DNS Name: fafawispizza.com >DNS Name: familykebab.com >DNS Name: familykebabhouse.com >DNS Name: fanellispizza.com >DNS Name: fanellistakeaway.com >DNS Name: farsleyfastfood.com >DNS Name: fastfoodstoke.com >DNS Name: favoritechickengrays.com >DNS Name: favourfastfood.com >DNS Name: freedom.press >DNS Name: harpqualified.com >DNS Name: haykobagdat.com >DNS Name: helptohelp.se >DNS Name: mcmistanbul.com >DNS Name: ploughinn.com.au >DNS Name: seomate.com >DNS Name: zenithsecure.com -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5237 bytes Desc: not available URL: From oshwm at openmailbox.org Wed Sep 30 00:33:18 2015 From: oshwm at openmailbox.org (Oshwm) Date: Wed, 30 Sep 2015 08:33:18 +0100 Subject: Snowden on the Twitters In-Reply-To: References: <20150930062542.GA2618@sivokote.iziade.m$> Message-ID: <158BB685-46FD-4D8B-BC80-05723A86C8E4@openmailbox.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Sorry, didn't sign :P Also, I contacted one of the guys from freedom.press about this and his response was that it was an acceptable risk because they were being DDoS'd. One of the guys on here, razer ray?, linked to a Yasha Levine article linking CF CEO to Project Honeypot and reckoned he was encouraged to start CF by DoD or some other Gov agency. I'm not a big fan of Yasha and don't entirely trust what he writes (just an opinion, don't sue :D ) but there were news articles in other websites about some of this stuff. So, you have to make up your own mind but i block CF IP addresses and have decided that freedom.press is an evil entity. Cheers, Oshwm. On 30 September 2015 08:13:09 BST, Oshwm wrote: >It is behind Cloudflare's MiTM service which adds web services names to >their existing certs as alternative Names. > >So your SSL/TLS connection is terminated on Cloudflare's web >application firewalls and NOT the web servers that you think is >terminating it. > >Given CF handle over 4% of web traffic it is a great place to collect >and collate what was encrypted traffic for monitoring and anti-privacy >purposes. > >Cheers, >Oshwm. > >On 30 September 2015 07:25:42 BST, Georgi Guninski > wrote: >>On Wed, Sep 30, 2015 at 01:26:18AM -0400, grarpamp wrote: >>> https://twitter.com/Snowden >> >>https://freedom.press/ of which Snowden is director has weird >>certificate, sharing a lot of Alt names: >> >> >>Alt names for ssl7272.cloudflare.com (freedom.press certificate): >> >>DNS Name: ssl7272.cloudflare.com >>DNS Name: *.beauty88.com.cn >>DNS Name: *.beauty88.com.tw >>DNS Name: *.betteroff.net >>DNS Name: *.elderslie-babylon-fastfood.com >>DNS Name: *.elfourno.com >>DNS Name: *.errolskebabhouse.com >>DNS Name: *.everestbhansaghar.com >>DNS Name: *.everestdine.com >>DNS Name: *.expresskebabcrayford.com >>DNS Name: *.fafawispizza.com >>DNS Name: *.familykebab.com >>DNS Name: *.familykebabhouse.com >>DNS Name: *.fanellispizza.com >>DNS Name: *.fanellistakeaway.com >>DNS Name: *.farsleyfastfood.com >>DNS Name: *.fastfoodstoke.com >>DNS Name: *.favoritechickengrays.com >>DNS Name: *.favourfastfood.com >>DNS Name: *.freedom.press >>DNS Name: *.harpqualified.com >>DNS Name: *.haykobagdat.com >>DNS Name: *.helptohelp.se >>DNS Name: *.mcmistanbul.com >>DNS Name: *.ploughinn.com.au >>DNS Name: *.seomate.com >>DNS Name: *.zenithsecure.com >>DNS Name: beauty88.com.cn >>DNS Name: beauty88.com.tw >>DNS Name: betteroff.net >>DNS Name: elderslie-babylon-fastfood.com >>DNS Name: elfourno.com >>DNS Name: errolskebabhouse.com >>DNS Name: everestbhansaghar.com >>DNS Name: everestdine.com >>DNS Name: expresskebabcrayford.com >>DNS Name: fafawispizza.com >>DNS Name: familykebab.com >>DNS Name: familykebabhouse.com >>DNS Name: fanellispizza.com >>DNS Name: fanellistakeaway.com >>DNS Name: farsleyfastfood.com >>DNS Name: fastfoodstoke.com >>DNS Name: favoritechickengrays.com >>DNS Name: favourfastfood.com >>DNS Name: freedom.press >>DNS Name: harpqualified.com >>DNS Name: haykobagdat.com >>DNS Name: helptohelp.se >>DNS Name: mcmistanbul.com >>DNS Name: ploughinn.com.au >>DNS Name: seomate.com >>DNS Name: zenithsecure.com > >-- >Sent from my Android device with K-9 Mail. Please excuse my brevity. - -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -----BEGIN PGP SIGNATURE----- Version: APG v1.1.1 iQI7BAEBCgAlBQJWC5A+Hhxvc2h3bSA8b3Nod21Ab3Blbm1haWxib3gub3JnPgAK CRAqeAcYSpG1iFJbD/9sCSiq+8ttDyxbakSGnVFUbqrjyYrTK4VXvU9DuA+w7aNb 3jdPKeGvcmT+Cg+XFUWWB8Y0F9xUUhiuKgxM/tf+zKJzlIwZFco6KvqZXjuLUNWt DsP5IbscwdSzC5ABAtPlkUrjmefKIUpZugx+ISvqMJzCteb1vfyN56BUab7S8Yag Oo1Rz4B9Uqecc7hjvgdH0zbRYVSaXGm95LPE509eAUBm3rWbB/OYNpWZnmpHHbTP cvgHYO1V/SDUSZ5tDTKXnWQJZNxGN5WgXMh1xh+304hZ7fdg1e0HdMp4Rr/x3EaZ 0Kta4BrCqATGmcXkwHuruD9lTZzccGW/LqkHDw4NEHlgkALs4bt/t93naYUtTzxQ AB6PFJ8QiF2tqJ8tHcz0wzP3acdSvZMiyPwKWoDApaszzswhM6OA/bKM/PB3TDAu 6I/kTv00617j1vKFj6klpLlOLebUvK9uxSkAM4qnpb6+IkXhr6XTyOYpvXXvpCQs nRukVe4JNDhKOq0kfpQpl3KBLTxyJYxQj61yQJqh7M0Zyqku4XqAIdCcxvXIALVa 9f2zUEzb8DjPWJk3/6r2a2ZPEDgc15VZlhDfaGTHjPhhXiBjO0SXPdPvGdoLKsaA aQE7Nh1VMzks9iui7PYlA3MuUg8Lvq+KiIgMIUfToOwTFTq82AZhqYt/HlJ1YA== =bBET -----END PGP SIGNATURE----- From rysiek at hackerspace.pl Tue Sep 29 23:37:27 2015 From: rysiek at hackerspace.pl (rysiek) Date: Wed, 30 Sep 2015 08:37:27 +0200 Subject: Windows TrueCrypt Fatally Flawed In-Reply-To: References: Message-ID: <1501107.UbdWF0u34S@lapuntu> Dnia środa, 30 września 2015 03:28:12 Zenaan Harkness pisze: > On 9/30/15, Brenda Fernández wrote: > > Windows TrueCrypt Fatally Flawed > > > > Posted on September 30, 2015 > > by Bingo > > Boingo > > > > > > Continued research after the first TrueCrypt audit > > yielded inconclusive results has discovered fatal > > privilege escalation vulnerabilities > > Noting "privilege escalation vulnerabilities" the nature of the "fatal > flaw" is not what the subject might otherwise suggest... evidently > someone wants some publicity, or wants to spread FUD. My thoughts exactly. I was expecting "OMG LEA CAN READ YOUR CRYPTOSTUFFZ!!1!" kind of thing. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From oshwm at openmailbox.org Wed Sep 30 01:15:11 2015 From: oshwm at openmailbox.org (Oshwm) Date: Wed, 30 Sep 2015 09:15:11 +0100 Subject: Snowden on the Twitters In-Reply-To: References: <20150930062542.GA2618@sivokote.iziade.m$> <158BB685-46FD-4D8B-BC80-05723A86C8E4@openmailbox.org> Message-ID: <7C3EC895-FC0B-4FE7-B22C-086ADCFC6AC9@openmailbox.org> Which is ok but some of the objects loaded by the onion come from freedom.press and not the onion. We have become so used to free or cheap web services that we now allow third parties to view or intercept our traffic as an acceptable business practice. Hosting providers, CDN, Web App Firewalls - all of them can see what you're doing and the bigger ones can collate all that and form a better picture of you. Better hope they're all really nice, trustworthy people :D On 30 September 2015 08:45:53 BST, coderman wrote: >On 9/30/15, Oshwm wrote: >> ... >> I contacted one of the guys from freedom.press about this and his >response >> was that it was an acceptable risk because they were being DDoS'd. > > >they have an onion: > http://freepress3xxs3hk.onion/ > >use it to avoid CF entirely! > > >best regards, -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1409 bytes Desc: not available URL: From guninski at guninski.com Tue Sep 29 23:25:42 2015 From: guninski at guninski.com (Georgi Guninski) Date: Wed, 30 Sep 2015 09:25:42 +0300 Subject: Snowden on the Twitters In-Reply-To: References: Message-ID: <20150930062542.GA2618@sivokote.iziade.m$> On Wed, Sep 30, 2015 at 01:26:18AM -0400, grarpamp wrote: > https://twitter.com/Snowden https://freedom.press/ of which Snowden is director has weird certificate, sharing a lot of Alt names: Alt names for ssl7272.cloudflare.com (freedom.press certificate): DNS Name: ssl7272.cloudflare.com DNS Name: *.beauty88.com.cn DNS Name: *.beauty88.com.tw DNS Name: *.betteroff.net DNS Name: *.elderslie-babylon-fastfood.com DNS Name: *.elfourno.com DNS Name: *.errolskebabhouse.com DNS Name: *.everestbhansaghar.com DNS Name: *.everestdine.com DNS Name: *.expresskebabcrayford.com DNS Name: *.fafawispizza.com DNS Name: *.familykebab.com DNS Name: *.familykebabhouse.com DNS Name: *.fanellispizza.com DNS Name: *.fanellistakeaway.com DNS Name: *.farsleyfastfood.com DNS Name: *.fastfoodstoke.com DNS Name: *.favoritechickengrays.com DNS Name: *.favourfastfood.com DNS Name: *.freedom.press DNS Name: *.harpqualified.com DNS Name: *.haykobagdat.com DNS Name: *.helptohelp.se DNS Name: *.mcmistanbul.com DNS Name: *.ploughinn.com.au DNS Name: *.seomate.com DNS Name: *.zenithsecure.com DNS Name: beauty88.com.cn DNS Name: beauty88.com.tw DNS Name: betteroff.net DNS Name: elderslie-babylon-fastfood.com DNS Name: elfourno.com DNS Name: errolskebabhouse.com DNS Name: everestbhansaghar.com DNS Name: everestdine.com DNS Name: expresskebabcrayford.com DNS Name: fafawispizza.com DNS Name: familykebab.com DNS Name: familykebabhouse.com DNS Name: fanellispizza.com DNS Name: fanellistakeaway.com DNS Name: farsleyfastfood.com DNS Name: fastfoodstoke.com DNS Name: favoritechickengrays.com DNS Name: favourfastfood.com DNS Name: freedom.press DNS Name: harpqualified.com DNS Name: haykobagdat.com DNS Name: helptohelp.se DNS Name: mcmistanbul.com DNS Name: ploughinn.com.au DNS Name: seomate.com DNS Name: zenithsecure.com From cathalgarvey at cathalgarvey.me Wed Sep 30 01:25:50 2015 From: cathalgarvey at cathalgarvey.me (Cathal (Phone)) Date: Wed, 30 Sep 2015 09:25:50 +0100 Subject: Snowden on the Twitters In-Reply-To: <7C3EC895-FC0B-4FE7-B22C-086ADCFC6AC9@openmailbox.org> References: <20150930062542.GA2618@sivokote.iziade.m$> <158BB685-46FD-4D8B-BC80-05723A86C8E4@openmailbox.org> <7C3EC895-FC0B-4FE7-B22C-086ADCFC6AC9@openmailbox.org> Message-ID: Since you're in contact with the webadmins already, submit the absolute refs as bugs, suggedt making them relative so the onion site loads them correctly. On 30 September 2015 09:15:11 IST, Oshwm wrote: >Which is ok but some of the objects loaded by the onion come from >freedom.press and not the onion. > >We have become so used to free or cheap web services that we now allow >third parties to view or intercept our traffic as an acceptable >business practice. > >Hosting providers, CDN, Web App Firewalls - all of them can see what >you're doing and the bigger ones can collate all that and form a better >picture of you. > >Better hope they're all really nice, trustworthy people :D > >On 30 September 2015 08:45:53 BST, coderman wrote: >>On 9/30/15, Oshwm wrote: >>> ... >>> I contacted one of the guys from freedom.press about this and his >>response >>> was that it was an acceptable risk because they were being DDoS'd. >> >> >>they have an onion: >> http://freepress3xxs3hk.onion/ >> >>use it to avoid CF entirely! >> >> >>best regards, > >-- >Sent from my Android device with K-9 Mail. Please excuse my brevity. -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1848 bytes Desc: not available URL: From oshwm at openmailbox.org Wed Sep 30 01:31:38 2015 From: oshwm at openmailbox.org (Oshwm) Date: Wed, 30 Sep 2015 09:31:38 +0100 Subject: Snowden on the Twitters In-Reply-To: References: <20150930062542.GA2618@sivokote.iziade.m$> <158BB685-46FD-4D8B-BC80-05723A86C8E4@openmailbox.org> <7C3EC895-FC0B-4FE7-B22C-086ADCFC6AC9@openmailbox.org> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Nope, he came across as a cunt so fuck 'em. Someone else can raise it with them. On 30 September 2015 09:25:50 BST, "Cathal (Phone)" wrote: >Since you're in contact with the webadmins already, submit the absolute >refs as bugs, suggedt making them relative so the onion site loads them >correctly. > >On 30 September 2015 09:15:11 IST, Oshwm wrote: >>Which is ok but some of the objects loaded by the onion come from >>freedom.press and not the onion. >> >>We have become so used to free or cheap web services that we now allow >>third parties to view or intercept our traffic as an acceptable >>business practice. >> >>Hosting providers, CDN, Web App Firewalls - all of them can see what >>you're doing and the bigger ones can collate all that and form a >better >>picture of you. >> >>Better hope they're all really nice, trustworthy people :D >> >>On 30 September 2015 08:45:53 BST, coderman >wrote: >>>On 9/30/15, Oshwm wrote: >>>> ... >>>> I contacted one of the guys from freedom.press about this and his >>>response >>>> was that it was an acceptable risk because they were being DDoS'd. >>> >>> >>>they have an onion: >>> http://freepress3xxs3hk.onion/ >>> >>>use it to avoid CF entirely! >>> >>> >>>best regards, >> >>-- >>Sent from my Android device with K-9 Mail. Please excuse my brevity. > >-- >Sent from my Android device with K-9 Mail. Please excuse my brevity. - -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -----BEGIN PGP SIGNATURE----- Version: APG v1.1.1 iQI7BAEBCgAlBQJWC53pHhxvc2h3bSA8b3Nod21Ab3Blbm1haWxib3gub3JnPgAK CRAqeAcYSpG1iDs3EACG4aPov6JPmOwSNYgJ2z9gVSt1mGV1t5sP1lXrprrbq8Yx j3NMuMMgstYmpjw8u/He9SR5/5rcutswdZ/8R2SbsphQaWlZf1sTZ4Mov0AxKArl uJudUMrIppzUepuDY/+3JAtV//TwCXBmt8mLu134egTd2wfIjLSwZOtM6NoaKOwK f2r+BivkNQ/5jzHnmZOYRL43kttBbWbPucyKQb0RyBD9Lii8bLdWTBVZwG8MUtDN 9dUzrCZ1fZBXgtVIPrBXenuuB1BVbIVZdzKv4gH7bS6LIigXXtjfU08IH8QR8eLm WxNGIiqUatsbJC8onStoSX2BqYhUV1mgHucDAeZT1VrrFAygOVEGGeghmiA+T3wT 5T2Fwy4oRE9SjoRjMGWGpD+yYX8JUjikpPRSpMTO1XEU548AiScpcBb5tjH0iK7k 035rO/nYnzC/Nhx1CUga2sFWfMec81d4146zCUFFAeoEAkBh22nHTjFGIFiCDGmn q/WGw79+bE3iemOWoMtw4TU0OaZbUnfpiDUEZK+FZfVSwhIKXgpbM7SEseVXQr3m Awmdo2Cw+kg2O5+jzLcx0fe2EyPBs9pQ9wvoZo+ut8/PHurY9EUHBTBZV7tzsz6P 0BV3qBjw5Wq/Zg9s7hzWZjS5lLdJ14H+FDSzvV/OEkLihp7t37RHFuzmWqIB+A== =FJmK -----END PGP SIGNATURE----- From marksteward at gmail.com Wed Sep 30 01:35:36 2015 From: marksteward at gmail.com (Mark Steward) Date: Wed, 30 Sep 2015 09:35:36 +0100 Subject: Snowden on the Twitters In-Reply-To: References: <20150930062542.GA2618@sivokote.iziade.m$> <158BB685-46FD-4D8B-BC80-05723A86C8E4@openmailbox.org> <7C3EC895-FC0B-4FE7-B22C-086ADCFC6AC9@openmailbox.org> Message-ID: Did you open by calling him and his choice of internet delivery platform evil? Mark On 30 Sep 2015 09:33, "Oshwm" wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Nope, he came across as a cunt so fuck 'em. > Someone else can raise it with them. > > > On 30 September 2015 09:25:50 BST, "Cathal (Phone)" < > cathalgarvey at cathalgarvey.me> wrote: > >Since you're in contact with the webadmins already, submit the absolute > >refs as bugs, suggedt making them relative so the onion site loads them > >correctly. > > > >On 30 September 2015 09:15:11 IST, Oshwm wrote: > >>Which is ok but some of the objects loaded by the onion come from > >>freedom.press and not the onion. > >> > >>We have become so used to free or cheap web services that we now allow > >>third parties to view or intercept our traffic as an acceptable > >>business practice. > >> > >>Hosting providers, CDN, Web App Firewalls - all of them can see what > >>you're doing and the bigger ones can collate all that and form a > >better > >>picture of you. > >> > >>Better hope they're all really nice, trustworthy people :D > >> > >>On 30 September 2015 08:45:53 BST, coderman > >wrote: > >>>On 9/30/15, Oshwm wrote: > >>>> ... > >>>> I contacted one of the guys from freedom.press about this and his > >>>response > >>>> was that it was an acceptable risk because they were being DDoS'd. > >>> > >>> > >>>they have an onion: > >>> http://freepress3xxs3hk.onion/ > >>> > >>>use it to avoid CF entirely! > >>> > >>> > >>>best regards, > >> > >>-- > >>Sent from my Android device with K-9 Mail. Please excuse my brevity. > > > >-- > >Sent from my Android device with K-9 Mail. Please excuse my brevity. > > - -- > Sent from my Android device with K-9 Mail. Please excuse my brevity. > -----BEGIN PGP SIGNATURE----- > Version: APG v1.1.1 > > iQI7BAEBCgAlBQJWC53pHhxvc2h3bSA8b3Nod21Ab3Blbm1haWxib3gub3JnPgAK > CRAqeAcYSpG1iDs3EACG4aPov6JPmOwSNYgJ2z9gVSt1mGV1t5sP1lXrprrbq8Yx > j3NMuMMgstYmpjw8u/He9SR5/5rcutswdZ/8R2SbsphQaWlZf1sTZ4Mov0AxKArl > uJudUMrIppzUepuDY/+3JAtV//TwCXBmt8mLu134egTd2wfIjLSwZOtM6NoaKOwK > f2r+BivkNQ/5jzHnmZOYRL43kttBbWbPucyKQb0RyBD9Lii8bLdWTBVZwG8MUtDN > 9dUzrCZ1fZBXgtVIPrBXenuuB1BVbIVZdzKv4gH7bS6LIigXXtjfU08IH8QR8eLm > WxNGIiqUatsbJC8onStoSX2BqYhUV1mgHucDAeZT1VrrFAygOVEGGeghmiA+T3wT > 5T2Fwy4oRE9SjoRjMGWGpD+yYX8JUjikpPRSpMTO1XEU548AiScpcBb5tjH0iK7k > 035rO/nYnzC/Nhx1CUga2sFWfMec81d4146zCUFFAeoEAkBh22nHTjFGIFiCDGmn > q/WGw79+bE3iemOWoMtw4TU0OaZbUnfpiDUEZK+FZfVSwhIKXgpbM7SEseVXQr3m > Awmdo2Cw+kg2O5+jzLcx0fe2EyPBs9pQ9wvoZo+ut8/PHurY9EUHBTBZV7tzsz6P > 0BV3qBjw5Wq/Zg9s7hzWZjS5lLdJ14H+FDSzvV/OEkLihp7t37RHFuzmWqIB+A== > =FJmK > -----END PGP SIGNATURE----- > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3737 bytes Desc: not available URL: From oshwm at openmailbox.org Wed Sep 30 01:41:26 2015 From: oshwm at openmailbox.org (Oshwm) Date: Wed, 30 Sep 2015 09:41:26 +0100 Subject: Snowden on the Twitters In-Reply-To: References: <20150930062542.GA2618@sivokote.iziade.m$> <158BB685-46FD-4D8B-BC80-05723A86C8E4@openmailbox.org> <7C3EC895-FC0B-4FE7-B22C-086ADCFC6AC9@openmailbox.org> Message-ID: <2D75E86E-B42B-4C33-A942-753D3AC03762@openmailbox.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 No, as someone who works as a network engineer and knows how to approach another network engineer i was very respectful and trying to be helpful. Approaching it as a potential oversight and was surprised at the response i got. On 30 September 2015 09:35:36 BST, Mark Steward wrote: >Did you open by calling him and his choice of internet delivery >platform >evil? > >Mark >On 30 Sep 2015 09:33, "Oshwm" wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA512 >> >> Nope, he came across as a cunt so fuck 'em. >> Someone else can raise it with them. >> >> >> On 30 September 2015 09:25:50 BST, "Cathal (Phone)" < >> cathalgarvey at cathalgarvey.me> wrote: >> >Since you're in contact with the webadmins already, submit the >absolute >> >refs as bugs, suggedt making them relative so the onion site loads >them >> >correctly. >> > >> >On 30 September 2015 09:15:11 IST, Oshwm >wrote: >> >>Which is ok but some of the objects loaded by the onion come from >> >>freedom.press and not the onion. >> >> >> >>We have become so used to free or cheap web services that we now >allow >> >>third parties to view or intercept our traffic as an acceptable >> >>business practice. >> >> >> >>Hosting providers, CDN, Web App Firewalls - all of them can see >what >> >>you're doing and the bigger ones can collate all that and form a >> >better >> >>picture of you. >> >> >> >>Better hope they're all really nice, trustworthy people :D >> >> >> >>On 30 September 2015 08:45:53 BST, coderman >> >wrote: >> >>>On 9/30/15, Oshwm wrote: >> >>>> ... >> >>>> I contacted one of the guys from freedom.press about this and >his >> >>>response >> >>>> was that it was an acceptable risk because they were being >DDoS'd. >> >>> >> >>> >> >>>they have an onion: >> >>> http://freepress3xxs3hk.onion/ >> >>> >> >>>use it to avoid CF entirely! >> >>> >> >>> >> >>>best regards, >> >> >> >>-- >> >>Sent from my Android device with K-9 Mail. Please excuse my >brevity. >> > >> >-- >> >Sent from my Android device with K-9 Mail. Please excuse my brevity. >> >> - -- >> Sent from my Android device with K-9 Mail. Please excuse my brevity. >> -----BEGIN PGP SIGNATURE----- >> Version: APG v1.1.1 >> >> iQI7BAEBCgAlBQJWC53pHhxvc2h3bSA8b3Nod21Ab3Blbm1haWxib3gub3JnPgAK >> CRAqeAcYSpG1iDs3EACG4aPov6JPmOwSNYgJ2z9gVSt1mGV1t5sP1lXrprrbq8Yx >> j3NMuMMgstYmpjw8u/He9SR5/5rcutswdZ/8R2SbsphQaWlZf1sTZ4Mov0AxKArl >> uJudUMrIppzUepuDY/+3JAtV//TwCXBmt8mLu134egTd2wfIjLSwZOtM6NoaKOwK >> f2r+BivkNQ/5jzHnmZOYRL43kttBbWbPucyKQb0RyBD9Lii8bLdWTBVZwG8MUtDN >> 9dUzrCZ1fZBXgtVIPrBXenuuB1BVbIVZdzKv4gH7bS6LIigXXtjfU08IH8QR8eLm >> WxNGIiqUatsbJC8onStoSX2BqYhUV1mgHucDAeZT1VrrFAygOVEGGeghmiA+T3wT >> 5T2Fwy4oRE9SjoRjMGWGpD+yYX8JUjikpPRSpMTO1XEU548AiScpcBb5tjH0iK7k >> 035rO/nYnzC/Nhx1CUga2sFWfMec81d4146zCUFFAeoEAkBh22nHTjFGIFiCDGmn >> q/WGw79+bE3iemOWoMtw4TU0OaZbUnfpiDUEZK+FZfVSwhIKXgpbM7SEseVXQr3m >> Awmdo2Cw+kg2O5+jzLcx0fe2EyPBs9pQ9wvoZo+ut8/PHurY9EUHBTBZV7tzsz6P >> 0BV3qBjw5Wq/Zg9s7hzWZjS5lLdJ14H+FDSzvV/OEkLihp7t37RHFuzmWqIB+A== >> =FJmK >> -----END PGP SIGNATURE----- >> >> - -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -----BEGIN PGP SIGNATURE----- Version: APG v1.1.1 iQI7BAEBCgAlBQJWC6A1Hhxvc2h3bSA8b3Nod21Ab3Blbm1haWxib3gub3JnPgAK CRAqeAcYSpG1iAHxEACP42igd4NlriYssjTX0quDXBTkKtasSw4MiAn3Rf2QERP/ EEn27Cv0vkQjFrY0zIsAi2Q4igMLJ7KtRJ4bWuLHHoUOvvyNeAbkE9FeGaYSW5UL apctIBMuTwmxHCB7Y9BMhbKDpWw4rP3piz/+vAKI5aCs2VcUXd3CE9/pHYPMTRnj yKqVJVl8Z/ooo5T0w5mRQJnDe+SjUKWfSedCUCUHrqm40jyZLsihdJFK83z9xMgE qa73o+/OkWz0DNx3Yag2GYpN4ZbF/pj8D9t0Gbwom+8yOS3VcinbGlOZ2TtMEAbL n3/bv2DPJyGS9JMVf0/3TOwO/aBLGgCHOIIrD3Cvz35EO69yz4JIAsmoUOYCcQ9i TOq5+TYXb/mOrrlndldMTxGWQfrOt9DQYa+BBKJt2/BgfMibnIEnRYFscLQixTSk YFBHJ2f73oOLnuH3Xc1aZ7BV73HluZhPHV0WiRpj6AKx6UyPdOQ3ud0otVZknJTh EmtH85iM2+qBLGzcFDWHS5fmONLurR836LJ8R4ZMJd0T+39qJ3PuEZ2VPQiibBpx OUwDMCajmnPN/oU/tMgrijoR4A6uzmEzx+T1SS/1Xqdgckqrh5WfheS6AMGuxDB9 zpu0m8yJoT6bg3LtYWX9i6MseEreyxOYoA0Mh23+8BTgKXwP/u19aXLitfPkVw== =WHWX -----END PGP SIGNATURE----- From Rayzer at riseup.net Wed Sep 30 09:57:15 2015 From: Rayzer at riseup.net (Razer) Date: Wed, 30 Sep 2015 09:57:15 -0700 Subject: Snowden on the Twitters In-Reply-To: <20150930101534.GC2618@sivokote.iziade.m$> References: <20150930062542.GA2618@sivokote.iziade.m$> <158BB685-46FD-4D8B-BC80-05723A86C8E4@openmailbox.org> <20150930101534.GC2618@sivokote.iziade.m$> Message-ID: <560C146B.6000603@riseup.net> ident.ca in no longer in biz On 09/30/2015 03:15 AM, Georgi Guninski wrote: > On Wed, Sep 30, 2015 at 12:45:53AM -0700, coderman wrote: >> On 9/30/15, Oshwm wrote: >>> ... >>> I contacted one of the guys from freedom.press about this and his response >>> was that it was an acceptable risk because they were being DDoS'd. >> >> they have an onion: >> http://freepress3xxs3hk.onion/ >> > Shouldn't this be httpS://free...? > >> use it to avoid CF entirely! >> >> > How do you know the onion service is not on cloudfare? > > > If someone has twitter (I don't have even anonymous one), consider > trolling Snowden ;) > > And possibly suggest setting account on identi.ca ;) > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: From Rayzer at riseup.net Wed Sep 30 11:20:21 2015 From: Rayzer at riseup.net (Razer) Date: Wed, 30 Sep 2015 11:20:21 -0700 Subject: Snowden on the Twitters In-Reply-To: References: Message-ID: <560C27E5.6080505@riseup.net> On 09/30/2015 12:33 AM, Oshwm wrote: > So, you have to make up your own mind but i block CF IP addresses and > have decided that freedom.press is an evil entity. Ditto. Domain: freedom.press IP Address: 108.162.200.15 ISP: CloudFlare Region: San Francisco (US) http://en.utrace.de/?query=freedom.press I wouldn't trust cloudflare to wipe my balls and they seem to be the ISP for freedomDOTpress On 9/30/15, Oshwm also wrote: > they have an onion: > http://freepress3xxs3hk.onion/ > > use it to avoid CF entirely! I wouldn't trust IT either. If you try logging into Hushmail using Tor the security question overlay is hosted by... Cloudflare (but not the rest of Hushmail). Would you suppose CF HAS a vested interest in stalking Tor for the surveillance state apparatus? My guess would be that's probably one of their pet surveillance projects. I understand that a site like fpress undoubtedly needs dDos prevention services but there has to be some other company providing that sort of service that isn't connected like a Siamese twin at the wrists and ankles to the surveillance state. On 09/30/2015 03:15 AM, Georgi Guninski wrote: > If someone has twitter (I don't have even anonymous one), consider > trolling Snowden As a tweet from my account that I don't consider a troll: > . at ggreenwald @Snowden freedomDOTpress relationship w Cloudflare that > has siamese-twin like connections to the surveillance state, creeps me On 09/30/2015 08:50 AM, Travis Biehn wrote: > What would be solid is if there were a browser module that did several > things: > Eliminated JavaScript dynamic calls (eval, new function(), setTimeout, > setInterval, so on.) > Eliminate 3rd party assets. I believe NoScript does this as an add-on. It can blacklist cloudflare but some useful web services such as WeatherUnderground Weather are badly affected, so fully blocking them limits the utility of the web. Id say if one only allowed CF for services like that and never showed their IP to cloudflare otherwise, it wouldn't give them much useful info about someone.r. My posts tagged cloudflare . There's a certain repetitiveness to the info but this one's a good place to start, with links to the other related posts >> BTW, Yasha Levine hooked me up with the CEO of cloudflare on Twitter one day for a short hostile 'interview' when I questioned Cloudflare's hosting of BB's Project PM. If you can't stomach weasel words I'd avoid reading it. RR -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: From guninski at guninski.com Wed Sep 30 01:26:22 2015 From: guninski at guninski.com (Georgi Guninski) Date: Wed, 30 Sep 2015 11:26:22 +0300 Subject: freedompress is on cloudfare (Was: Snowden on the Twitters) In-Reply-To: <158BB685-46FD-4D8B-BC80-05723A86C8E4@openmailbox.org> References: <20150930062542.GA2618@sivokote.iziade.m$> <158BB685-46FD-4D8B-BC80-05723A86C8E4@openmailbox.org> Message-ID: <20150930082622.GB2618@sivokote.iziade.m$> On Wed, Sep 30, 2015 at 08:33:18AM +0100, Oshwm wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Sorry, didn't sign :P > > Also, > > I contacted one of the guys from freedom.press about this and his response was that it was an acceptable risk because they were being DDoS'd. > > One of the guys on here, razer ray?, linked to a Yasha Levine article linking CF CEO to Project Honeypot and reckoned he was encouraged to start CF by DoD or some other Gov agency. > > I'm not a big fan of Yasha and don't entirely trust what he writes (just an opinion, don't sue :D ) but there were news articles in other websites about some of this stuff. > > So, you have to make up your own mind but i block CF IP addresses and have decided that freedom.press is an evil entity. > I don't know if freedompress are "evil entity", but if they are evil entity, they could have chosen clean provider and cooperate with other evil entities. IMHO the nsa and the like have spoofing/MITM certs trusted by major browsers, so I don't trust TLS/SSL from a browser as used by the majority of user. Might be wrong on both. From tbiehn at gmail.com Wed Sep 30 08:50:41 2015 From: tbiehn at gmail.com (Travis Biehn) Date: Wed, 30 Sep 2015 11:50:41 -0400 Subject: CloudFlare Keyless SSL WAS Re: Snowden on the Twitters Message-ID: An oldie, somewhat OT. I enjoyed CF's bit of engineering here - of course CF is still a point where they are working with injectable plaintext. At least they don't have your private key material. https://blog.cloudflare.com/keyless-ssl-the-nitty-gritty-technical-details/ What would be solid is if there were a browser module that did several things: Eliminated JavaScript dynamic calls (eval, new function(), setTimeout, setInterval, so on.) Eliminate 3rd party assets. Allowed web assets to be signed. Allowed sets of web assets to be versioned (and attested to by 3rd parties.) Dynamic HTML and JS (read, non-static HTML & JS) would not be supported. The combination of signing, versioning and lack of dynamic features paves the way for uninjectable, client-side in browser encryption/decryption. Something AFAIK we cannot do today. Is anyone working on it? -Travis On Wed, Sep 30, 2015 at 11:23 AM, Georgi Guninski wrote: > On Wed, Sep 30, 2015 at 01:26:18AM -0400, grarpamp wrote: > > https://twitter.com/Snowden > > How this scores on twatter: > > 1.03 meeelion followers for about 23 hours on twatter? > (not sure about the error terms). > > -- Twitter | LinkedIn | GitHub | TravisBiehn.com | Google Plus -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2424 bytes Desc: not available URL: From guninski at guninski.com Wed Sep 30 03:15:34 2015 From: guninski at guninski.com (Georgi Guninski) Date: Wed, 30 Sep 2015 13:15:34 +0300 Subject: Snowden on the Twitters In-Reply-To: References: <20150930062542.GA2618@sivokote.iziade.m$> <158BB685-46FD-4D8B-BC80-05723A86C8E4@openmailbox.org> Message-ID: <20150930101534.GC2618@sivokote.iziade.m$> On Wed, Sep 30, 2015 at 12:45:53AM -0700, coderman wrote: > On 9/30/15, Oshwm wrote: > > ... > > I contacted one of the guys from freedom.press about this and his response > > was that it was an acceptable risk because they were being DDoS'd. > > > they have an onion: > http://freepress3xxs3hk.onion/ > Shouldn't this be httpS://free...? > use it to avoid CF entirely! > > How do you know the onion service is not on cloudfare? If someone has twitter (I don't have even anonymous one), consider trolling Snowden ;) And possibly suggest setting account on identi.ca ;) From cyberkiller8 at gmail.com Wed Sep 30 05:43:31 2015 From: cyberkiller8 at gmail.com (=?UTF-8?Q?=c5=81ukasz_'Cyber_Killer'_Korpalski?=) Date: Wed, 30 Sep 2015 14:43:31 +0200 Subject: Snowden on the Twitters In-Reply-To: <20150930101534.GC2618@sivokote.iziade.m$> References: <20150930062542.GA2618@sivokote.iziade.m$> <158BB685-46FD-4D8B-BC80-05723A86C8E4@openmailbox.org> <20150930101534.GC2618@sivokote.iziade.m$> Message-ID: <560BD8F3.9050400@gmail.com> W dniu 30.09.2015 o 12:15, Georgi Guninski pisze: > > And possibly suggest setting account on identi.ca ;) > identi.ca no longer hosts a microblog service, it now hosts a general social webapp called pump.io (which is a federated service, though it doesn't seem too popular). What became of the status.net microblog network (which identi.ca was the largest node before it changed the platform) is now called GNU Social, with many federated instances, and the community there would welcome Snowden with open arms (I saw a discussion about it yesterday). -- Łukasz "Cyber Killer" Korpalski mail: cyberkiller8 at gmail.com xmpp: cyber_killer at jabster.pl site: http://website.cybkil.cu.cc gpgkey: 0x72511999 @ hkp://keys.gnupg.net //When replying to my e-mail, kindly please //write your message below the quoted text. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: From guninski at guninski.com Wed Sep 30 04:53:46 2015 From: guninski at guninski.com (Georgi Guninski) Date: Wed, 30 Sep 2015 14:53:46 +0300 Subject: Snowden on the Twitters In-Reply-To: References: <20150930062542.GA2618@sivokote.iziade.m$> Message-ID: <20150930115346.GD2618@sivokote.iziade.m$> On Wed, Sep 30, 2015 at 08:13:09AM +0100, Oshwm wrote: > It is behind Cloudflare's MiTM service which adds web services names to their existing certs as alternative Names. > > So your SSL/TLS connection is terminated on Cloudflare's web application firewalls and NOT the web servers that you think is terminating it. > lol, did CA based PKI (d)evolved to buying an usable cert, but not having the private key? How do you survive large scale DDOS? AFAICT most service providers will ditch you, since you are hurting their other customers. More ontopic, Snowden has nearly meeelion twatter actor followers and some of them call him "traitor", not sure how he deals with the twatter spam. IIRC (from Snowden's dox) the dear NSA infiltrated some? CC of botnets, so they can use them for any kind of DDOS. From schear.steve at gmail.com Wed Sep 30 09:27:00 2015 From: schear.steve at gmail.com (Steven Schear) Date: Wed, 30 Sep 2015 16:27:00 +0000 Subject: Snowden on the Twitters In-Reply-To: <20150930115346.GD2618@sivokote.iziade.m$> References: <20150930062542.GA2618@sivokote.iziade.m$> <20150930115346.GD2618@sivokote.iziade.m$> Message-ID: Has anyone here looked into http://blog.bittorrent.com/tag/maelstrom/ ? It would seem to offer some DDoS and other protections. On Wed, Sep 30, 2015 at 11:53 AM, Georgi Guninski wrote: > On Wed, Sep 30, 2015 at 08:13:09AM +0100, Oshwm wrote: > > It is behind Cloudflare's MiTM service which adds web services names to > their existing certs as alternative Names. > > > > So your SSL/TLS connection is terminated on Cloudflare's web application > firewalls and NOT the web servers that you think is terminating it. > > > > > lol, did CA based PKI (d)evolved to buying an usable cert, but not > having the private key? > > How do you survive large scale DDOS? > > AFAICT most service providers will ditch you, since you are hurting > their other customers. > > More ontopic, Snowden has nearly meeelion twatter actor followers and > some of them call him "traitor", not sure how he deals with the twatter > spam. > > IIRC (from Snowden's dox) the dear NSA infiltrated some? CC of botnets, > so they can use them for any kind of DDOS. > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1537 bytes Desc: not available URL: From schear.steve at gmail.com Wed Sep 30 09:30:04 2015 From: schear.steve at gmail.com (Steven Schear) Date: Wed, 30 Sep 2015 16:30:04 +0000 Subject: Snowden on the Twitters In-Reply-To: References: <20150930062542.GA2618@sivokote.iziade.m$> <158BB685-46FD-4D8B-BC80-05723A86C8E4@openmailbox.org> <7C3EC895-FC0B-4FE7-B22C-086ADCFC6AC9@openmailbox.org> Message-ID: Ryan Lackey, an early CPunk, worked for CF, in an influential position, last year maybe still does. On Wed, Sep 30, 2015 at 8:31 AM, Oshwm wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Nope, he came across as a cunt so fuck 'em. > Someone else can raise it with them. > > > On 30 September 2015 09:25:50 BST, "Cathal (Phone)" < > cathalgarvey at cathalgarvey.me> wrote: > >Since you're in contact with the webadmins already, submit the absolute > >refs as bugs, suggedt making them relative so the onion site loads them > >correctly. > > > >On 30 September 2015 09:15:11 IST, Oshwm wrote: > >>Which is ok but some of the objects loaded by the onion come from > >>freedom.press and not the onion. > >> > >>We have become so used to free or cheap web services that we now allow > >>third parties to view or intercept our traffic as an acceptable > >>business practice. > >> > >>Hosting providers, CDN, Web App Firewalls - all of them can see what > >>you're doing and the bigger ones can collate all that and form a > >better > >>picture of you. > >> > >>Better hope they're all really nice, trustworthy people :D > >> > >>On 30 September 2015 08:45:53 BST, coderman > >wrote: > >>>On 9/30/15, Oshwm wrote: > >>>> ... > >>>> I contacted one of the guys from freedom.press about this and his > >>>response > >>>> was that it was an acceptable risk because they were being DDoS'd. > >>> > >>> > >>>they have an onion: > >>> http://freepress3xxs3hk.onion/ > >>> > >>>use it to avoid CF entirely! > >>> > >>> > >>>best regards, > >> > >>-- > >>Sent from my Android device with K-9 Mail. Please excuse my brevity. > > > >-- > >Sent from my Android device with K-9 Mail. Please excuse my brevity. > > - -- > Sent from my Android device with K-9 Mail. Please excuse my brevity. > -----BEGIN PGP SIGNATURE----- > Version: APG v1.1.1 > > iQI7BAEBCgAlBQJWC53pHhxvc2h3bSA8b3Nod21Ab3Blbm1haWxib3gub3JnPgAK > CRAqeAcYSpG1iDs3EACG4aPov6JPmOwSNYgJ2z9gVSt1mGV1t5sP1lXrprrbq8Yx > j3NMuMMgstYmpjw8u/He9SR5/5rcutswdZ/8R2SbsphQaWlZf1sTZ4Mov0AxKArl > uJudUMrIppzUepuDY/+3JAtV//TwCXBmt8mLu134egTd2wfIjLSwZOtM6NoaKOwK > f2r+BivkNQ/5jzHnmZOYRL43kttBbWbPucyKQb0RyBD9Lii8bLdWTBVZwG8MUtDN > 9dUzrCZ1fZBXgtVIPrBXenuuB1BVbIVZdzKv4gH7bS6LIigXXtjfU08IH8QR8eLm > WxNGIiqUatsbJC8onStoSX2BqYhUV1mgHucDAeZT1VrrFAygOVEGGeghmiA+T3wT > 5T2Fwy4oRE9SjoRjMGWGpD+yYX8JUjikpPRSpMTO1XEU548AiScpcBb5tjH0iK7k > 035rO/nYnzC/Nhx1CUga2sFWfMec81d4146zCUFFAeoEAkBh22nHTjFGIFiCDGmn > q/WGw79+bE3iemOWoMtw4TU0OaZbUnfpiDUEZK+FZfVSwhIKXgpbM7SEseVXQr3m > Awmdo2Cw+kg2O5+jzLcx0fe2EyPBs9pQ9wvoZo+ut8/PHurY9EUHBTBZV7tzsz6P > 0BV3qBjw5Wq/Zg9s7hzWZjS5lLdJ14H+FDSzvV/OEkLihp7t37RHFuzmWqIB+A== > =FJmK > -----END PGP SIGNATURE----- > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3896 bytes Desc: not available URL: From tbiehn at gmail.com Wed Sep 30 14:45:06 2015 From: tbiehn at gmail.com (Travis Biehn) Date: Wed, 30 Sep 2015 17:45:06 -0400 Subject: CloudFlare Keyless SSL WAS Re: Snowden on the Twitters In-Reply-To: <1443646338.695158.397968585.3B6987FA@webmail.messagingengine.com> References: <1443646338.695158.397968585.3B6987FA@webmail.messagingengine.com> Message-ID: So, one of the difficulties w/ web-apps is that the 'code' is dynamic. You cannot implement a secure system if your attacker can change the code at any point in time. As is the threat model with backends, which attest to their 'trust me' security (a la lavabit, hushmail and so on) - so is the problem with client side code. If you build a web-app which does in-browser encryption and never sends the encryption key to the backend your attacker can simply modify the static JS source, DOM inject and XSS their way to your sweet sweet encrypted keys. Even if you audit your code at one point in time, you aren't certain it doesn't change with every request to the server. SO The first hurdle here is allowing users to reason about 'versions of web-app client assets' - if any part of the 'web-app client' relies on dynamic / non static JS, the application cannot effectively be 'versioned' (unless those sub-components are similarly versionable). A subset of HTML and JS is defined (safe javascript language subsets are a fail) AND the JS VM is modified to 'lock in' its object defns after loading. So, then you can take the set of client side assets (html, js, images so on) hash each, add some version metadata and sign it. Version 1. Now, users with the browser mod / plugin can then see version 1 of the site. I can go out and post to CPunks statements like, Version 1 of el8notes never sends your plaintext password to the server and all of your communiques are encrypted before being sent to the server, and have them hold true both now and in the future. If you trust version 1 of el8notes, or you trust my assessments of el8mailer you can then tell your sweet plugin: Version 1 of el8notes, signature whatever is a-ok in my book. Of course, this might not even require the participation of content producers. Such a plugin could, in theory, create its own versioning for web assets & distribute those observations to a P2P network. -Travis On Wed, Sep 30, 2015 at 4:52 PM, Alfie John wrote: > On Thu, Oct 1, 2015, at 01:50 AM, Travis Biehn wrote: > > What would be solid is if there were a browser module that did several > > things: Eliminated JavaScript dynamic calls (eval, new function(), > > setTimeout, setInterval, so on.) Eliminate 3rd party assets. Allowed > > web assets to be signed. Allowed sets of web assets to be versioned > > (and attested to by 3rd parties.) > > > > The combination of signing, versioning and lack of dynamic features > > paves the way for uninjectable, client-side in browser > > encryption/decryption. Something AFAIK we cannot do today. Is anyone > > working on it? > > So Nginx has a built-in module "ngx_http_gzip_module" which does the > following (if "Accept-Encoding: gzip" was part of the request headers) : > > - Sees request for "foo.html" > - Checks if "foo.html.gz" exists > - If so, serves that in place of the "foo.html" > - If not, gzips "foo.html" on the fly > > What would be nice is an Nginx module which did the same type of thing, > but for hashing the body: > > - Sees request for "foo.html" > - Checks if "foo.html.sha256" exists > - If so, serves "foo.html" along with "Content-Hash: " header, > taken from contents of "foo.html.sha256" > - If not, serves "foo.html" along with "Content-Hash: " > header, but calculated on the fly > > This would be a cheap and easy way to get some form of content hashing. > > Thoughts? > > Alfie > > -- > Alfie John > alfiej at fastmail.fm > -- Twitter | LinkedIn | GitHub | TravisBiehn.com | Google Plus -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4913 bytes Desc: not available URL: From cathalgarvey at cathalgarvey.me Wed Sep 30 09:49:43 2015 From: cathalgarvey at cathalgarvey.me (Cathal (Phone)) Date: Wed, 30 Sep 2015 17:49:43 +0100 Subject: Snowden on the Twitters In-Reply-To: References: <20150930062542.GA2618@sivokote.iziade.m$> <20150930115346.GD2618@sivokote.iziade.m$> Message-ID: Bittorrent's stuff is always closed and obscure. Don't trust. Ages back I live-tweeted (topical!) my explorations into BTSync back when they were claiming 256 bit AES. Suffice toto say.. no. They were using AES256 with a 20-something-byte key..base32 encoded. I don't even. They'll happily advertise security while not even grasping that entropy doesn't increase with encoding overheads. On 30 September 2015 17:27:00 IST, Steven Schear wrote: >Has anyone here looked into http://blog.bittorrent.com/tag/maelstrom/ ? >It would seem to offer some DDoS and other protections. > >On Wed, Sep 30, 2015 at 11:53 AM, Georgi Guninski > >wrote: > >> On Wed, Sep 30, 2015 at 08:13:09AM +0100, Oshwm wrote: >> > It is behind Cloudflare's MiTM service which adds web services >names to >> their existing certs as alternative Names. >> > >> > So your SSL/TLS connection is terminated on Cloudflare's web >application >> firewalls and NOT the web servers that you think is terminating it. >> > >> >> >> lol, did CA based PKI (d)evolved to buying an usable cert, but not >> having the private key? >> >> How do you survive large scale DDOS? >> >> AFAICT most service providers will ditch you, since you are hurting >> their other customers. >> >> More ontopic, Snowden has nearly meeelion twatter actor followers and >> some of them call him "traitor", not sure how he deals with the >twatter >> spam. >> >> IIRC (from Snowden's dox) the dear NSA infiltrated some? CC of >botnets, >> so they can use them for any kind of DDOS. >> >> >> -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2406 bytes Desc: not available URL: From guninski at guninski.com Wed Sep 30 08:23:54 2015 From: guninski at guninski.com (Georgi Guninski) Date: Wed, 30 Sep 2015 18:23:54 +0300 Subject: Snowden on the Twitters In-Reply-To: References: Message-ID: <20150930152353.GE2618@sivokote.iziade.m$> On Wed, Sep 30, 2015 at 01:26:18AM -0400, grarpamp wrote: > https://twitter.com/Snowden How this scores on twatter: 1.03 meeelion followers for about 23 hours on twatter? (not sure about the error terms). From juan.g71 at gmail.com Wed Sep 30 14:36:43 2015 From: juan.g71 at gmail.com (Juan) Date: Wed, 30 Sep 2015 18:36:43 -0300 Subject: Snowden on the Twitters In-Reply-To: <158BB685-46FD-4D8B-BC80-05723A86C8E4@openmailbox.org> References: <20150930062542.GA2618@sivokote.iziade.m$> <158BB685-46FD-4D8B-BC80-05723A86C8E4@openmailbox.org> Message-ID: <560c54b4.ea17370a.aa6df.688b@mx.google.com> On Wed, 30 Sep 2015 08:33:18 +0100 Oshwm wrote: > I'm not a big fan of Yasha and don't entirely trust what he writes > (just an opinion, don't sue :D ) He seems to be a 'liberal' that is a left wing american fascist. But his stuff on the pentagon-funded tor mafia is spot on. > but there were news articles in > other websites about some of this stuff. > > So, you have to make up your own mind but i block CF IP addresses > and have decided that freedom.press is an evil entity. > > Cheers, > Oshwm. From oshwm at openmailbox.org Wed Sep 30 12:38:14 2015 From: oshwm at openmailbox.org (oshwm) Date: Wed, 30 Sep 2015 20:38:14 +0100 Subject: Snowden on the Twitters In-Reply-To: <20150930115346.GD2618@sivokote.iziade.m$> References: <20150930062542.GA2618@sivokote.iziade.m$> <20150930115346.GD2618@sivokote.iziade.m$> Message-ID: <560C3A26.4010709@openmailbox.org> On 30/09/15 12:53, Georgi Guninski wrote: > On Wed, Sep 30, 2015 at 08:13:09AM +0100, Oshwm wrote: >> It is behind Cloudflare's MiTM service which adds web services names to their existing certs as alternative Names. >> >> So your SSL/TLS connection is terminated on Cloudflare's web application firewalls and NOT the web servers that you think is terminating it. >> > > lol, did CA based PKI (d)evolved to buying an usable cert, but not > having the private key? Not sure if I'm missing something here but CF's CEO confirmed what I had tested on Twitter. The Web Service owners have to give CF their private keys. So they are complicit in giving away your "secure" communications to CF (and whoever they are buddies with, whether it be Advertisers or NSA et al). But they do not tell the end users that they are using a service such as CF which if they did would at least give the end users a chance to make their own mind up. > How do you survive large scale DDOS? This is an issue that needs to be looked at but using WAF's is not a solution to DDoS, it's a malware solution so in fact they only need to ensure your traffic passes through CF without decrypting it to gain DDoS protection - that is a routing issue. > AFAICT most service providers will ditch you, since you are hurting > their other customers. There is a big problem with the centralisation with the internet in this way but it is also very difficult and costly to for a website to handle large volumes of traffic in an independent DC. But responding to DDoS by using services such as CF is playing into the hands of the likes of the NSA who may well be behind a number of the attacks in order to promote the CF "solution". > More ontopic, Snowden has nearly meeelion twatter actor followers and > some of them call him "traitor", not sure how he deals with the twatter > spam. > > IIRC (from Snowden's dox) the dear NSA infiltrated some? CC of botnets, > so they can use them for any kind of DDOS. > > Snowden is a moderate extremist, he doesn't want transparent government and private individuals, he just wants a discussion on where to draw the line with surveillance, his leaks are purely to further this aim. Assange and the people who have worked with him on leaks are more the kind of people we need. From oshwm at openmailbox.org Wed Sep 30 12:45:32 2015 From: oshwm at openmailbox.org (oshwm) Date: Wed, 30 Sep 2015 20:45:32 +0100 Subject: Snowden on the Twitters In-Reply-To: References: <20150930062542.GA2618@sivokote.iziade.m$> <158BB685-46FD-4D8B-BC80-05723A86C8E4@openmailbox.org> <7C3EC895-FC0B-4FE7-B22C-086ADCFC6AC9@openmailbox.org> Message-ID: <560C3BDC.2040804@openmailbox.org> On 30/09/15 10:39, coderman wrote: > On 9/30/15, Oshwm wrote: >> Which is ok but some of the objects loaded by the onion come from >> freedom.press and not the onion. > two images, and piwik.js for analytics - none necessary, and this a problem? Yeh, it's a big problem, those three objects link your use of the onion with your use of freedom.press and any other website you might use that is hosted via CF. At the very least, for any organisation who wants to be associated with privacy or freedom movements then this is negligence. > > sure, they should fix it. but far from evidence of complicity or negligence... > > i have emailed them about the resources linked from the hidden > service, but again, i don't fault them if they don't address it soon. > it's NBD, honestly! If they maintain their aloofness and satisfaction with not giving a fuck about their end users then I don't expect them to change them - worst case scenario they are supposed to be there, hopefully not. > > best regards, From s at ctrlc.hu Wed Sep 30 13:02:13 2015 From: s at ctrlc.hu (stef) Date: Wed, 30 Sep 2015 22:02:13 +0200 Subject: freedom.press, also the firstlook/intercept... Message-ID: <20150930200213.GE13534@ctrlc.hu> and they host all the juicy bits on documents on documentcloud, requiring anyone interested to expose themselves. it is not possible to download the dumps anonymously in a simple zip file, you really have to use goddamn javascript. this is totally unacceptable. when approached on this, you get very irritated answers, if at all. to say "this stinks" is an understatement. it's a goddamn trap. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt From lithospheressk3 at rotemshani.com Wed Sep 30 18:54:15 2015 From: lithospheressk3 at rotemshani.com (=?koi8-r?B?IuzV3tvFxSDLwXPJzs8gTGl2ZSI=?=) Date: Wed, 30 Sep 2015 22:54:15 -0300 Subject: =?koi8-r?B?Iu/Ezs/S1cvJxSDCwc7EydTZIiDJINDSxcvSwdPO2cUg5OX39fvr6SDL?= =?koi8-r?B?0tXQ2MUgzsEgzsHbxc0g08HK1MUg?= Message-ID: <000d01d0fbec$138b6320$6400a8c0@lithospheressk3> Лучшие игровые автоматы, реальные девушки крупье в онлайн в казино, с самым высоким контролем честности MD5! Наш сайт http://www.играйивыигрывай.рф From list at sysfu.com Wed Sep 30 23:03:57 2015 From: list at sysfu.com (Seth) Date: Wed, 30 Sep 2015 23:03:57 -0700 Subject: Snowden on the Twitters In-Reply-To: <2D75E86E-B42B-4C33-A942-753D3AC03762@openmailbox.org> References: <20150930062542.GA2618@sivokote.iziade.m$> <158BB685-46FD-4D8B-BC80-05723A86C8E4@openmailbox.org> <7C3EC895-FC0B-4FE7-B22C-086ADCFC6AC9@openmailbox.org> <2D75E86E-B42B-4C33-A942-753D3AC03762@openmailbox.org> Message-ID: On Wed, 30 Sep 2015 01:41:26 -0700, Oshwm wrote: > No, as someone who works as a network engineer and knows how to approach > another network engineer i was very respectful and trying to be helpful. > Approaching it as a potential oversight and was surprised at the > response i got. That's pretty much par for the course in my experience. Raising security issues web/network/sysadmins or worse yet developers, (always in a non confrontational way, to start), the dismissive responses and outright butt-hurt you typically get is beyond comprehension. This is the reason I cackle with glee every-time a company/individual/product/service gets their 'cyber' ass handed to them, it's the only fucking way people seem to learn these lessons; the hard way. From rysiek at hackerspace.pl Wed Sep 30 14:22:58 2015 From: rysiek at hackerspace.pl (rysiek) Date: Wed, 30 Sep 2015 23:22:58 +0200 Subject: Snowden on the Twitters In-Reply-To: <2D75E86E-B42B-4C33-A942-753D3AC03762@openmailbox.org> References: <2D75E86E-B42B-4C33-A942-753D3AC03762@openmailbox.org> Message-ID: <2216887.gf8MQjvuep@lapuntu> Dnia środa, 30 września 2015 09:41:26 Oshwm pisze: > No, as someone who works as a network engineer and knows how to approach > another network engineer i was very respectful and trying to be helpful. > Approaching it as a potential oversight and was surprised at the response i > got. Do a public write-up, then. Blogpost, preferably (please, not Failbork). -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Wed Sep 30 14:23:43 2015 From: rysiek at hackerspace.pl (rysiek) Date: Wed, 30 Sep 2015 23:23:43 +0200 Subject: Snowden on the Twitters In-Reply-To: <560C3BDC.2040804@openmailbox.org> References: <560C3BDC.2040804@openmailbox.org> Message-ID: <1583916.DVCrUd9meI@lapuntu> Dnia środa, 30 września 2015 20:45:32 oshwm pisze: > On 30/09/15 10:39, coderman wrote: > > On 9/30/15, Oshwm wrote: > >> Which is ok but some of the objects loaded by the onion come from > >> freedom.press and not the onion. > > > > two images, and piwik.js for analytics - none necessary, and this a > > problem? > Yeh, it's a big problem, those three objects link your use of the onion > with your use of freedom.press and any other website you might use that > is hosted via CF. > At the very least, for any organisation who wants to be associated with > privacy or freedom movements then this is negligence. +1 -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From alfiej at fastmail.fm Wed Sep 30 13:52:18 2015 From: alfiej at fastmail.fm (Alfie John) Date: Thu, 01 Oct 2015 06:52:18 +1000 Subject: CloudFlare Keyless SSL WAS Re: Snowden on the Twitters In-Reply-To: References: Message-ID: <1443646338.695158.397968585.3B6987FA@webmail.messagingengine.com> On Thu, Oct 1, 2015, at 01:50 AM, Travis Biehn wrote: > What would be solid is if there were a browser module that did several > things: Eliminated JavaScript dynamic calls (eval, new function(), > setTimeout, setInterval, so on.) Eliminate 3rd party assets. Allowed > web assets to be signed. Allowed sets of web assets to be versioned > (and attested to by 3rd parties.) > > The combination of signing, versioning and lack of dynamic features > paves the way for uninjectable, client-side in browser > encryption/decryption. Something AFAIK we cannot do today. Is anyone > working on it? So Nginx has a built-in module "ngx_http_gzip_module" which does the following (if "Accept-Encoding: gzip" was part of the request headers) : - Sees request for "foo.html" - Checks if "foo.html.gz" exists - If so, serves that in place of the "foo.html" - If not, gzips "foo.html" on the fly What would be nice is an Nginx module which did the same type of thing, but for hashing the body: - Sees request for "foo.html" - Checks if "foo.html.sha256" exists - If so, serves "foo.html" along with "Content-Hash: " header, taken from contents of "foo.html.sha256" - If not, serves "foo.html" along with "Content-Hash: " header, but calculated on the fly This would be a cheap and easy way to get some form of content hashing. Thoughts? Alfie -- Alfie John alfiej at fastmail.fm From oshwm at openmailbox.org Wed Sep 30 23:45:26 2015 From: oshwm at openmailbox.org (oshwm) Date: Thu, 01 Oct 2015 07:45:26 +0100 Subject: Snowden on the Twitters In-Reply-To: <20151001053452.GA2752@sivokote.iziade.m$> References: <20150930062542.GA2618@sivokote.iziade.m$> <20150930115346.GD2618@sivokote.iziade.m$> <560C3A26.4010709@openmailbox.org> <20151001053452.GA2752@sivokote.iziade.m$> Message-ID: <560CD686.8010501@openmailbox.org> Yeh, that opinion came after an exchange with Greenwald on Twitter about releasing the entire cache but unfortunately that Twitter account is gone now due to Twitter's hatred of Tor so I can't fish it out. But if you read through quotes from Snowden himself you see that he leaked the information to cause a debate about how we should be governed, not because he thinks the Government should be transparent. A quote from his Wikipedia page (yeh I know no-one trusts Wikipedia but sometimes it's handy):- "For me, in terms of personal satisfaction, the mission's already accomplished. I already won. As soon as the journalists were able to work, everything that I had been trying to do was validated. Because, remember, I didn't want to change society. I wanted to give society a chance to determine if it should change itself. All I wanted was for the public to be able to have a say in how they are governed." On 01/10/15 06:34, Georgi Guninski wrote: > On Wed, Sep 30, 2015 at 08:38:14PM +0100, oshwm wrote: >> Snowden is a moderate extremist, he doesn't want transparent government >> and private individuals, he just wants a discussion on where to draw the >> line with surveillance, his leaks are purely to further this aim. >> Assange and the people who have worked with him on leaks are more the >> kind of people we need. > You well might be right that CF are evil. FP should have written on > their privacy page they don't have the SSL private key. > > The claim about Snowden is quite strong, what is a reference for this? > > From guninski at guninski.com Wed Sep 30 22:34:52 2015 From: guninski at guninski.com (Georgi Guninski) Date: Thu, 1 Oct 2015 08:34:52 +0300 Subject: Snowden on the Twitters In-Reply-To: <560C3A26.4010709@openmailbox.org> References: <20150930062542.GA2618@sivokote.iziade.m$> <20150930115346.GD2618@sivokote.iziade.m$> <560C3A26.4010709@openmailbox.org> Message-ID: <20151001053452.GA2752@sivokote.iziade.m$> On Wed, Sep 30, 2015 at 08:38:14PM +0100, oshwm wrote: > > Snowden is a moderate extremist, he doesn't want transparent government > and private individuals, he just wants a discussion on where to draw the > line with surveillance, his leaks are purely to further this aim. > Assange and the people who have worked with him on leaks are more the > kind of people we need. You well might be right that CF are evil. FP should have written on their privacy page they don't have the SSL private key. The claim about Snowden is quite strong, what is a reference for this?