RE: voting
One area we are not addressing in voting security is absentee ballots. The use of absentee ballots is rising in US elections, and is even being advocated as a way for individuals to get a printed ballot in jurisdictions which use electronic-only voting machines. Political parties are encouraging their supporters to vote absentee. I believe that one election in Oregon was recently held entirely with absentee ballots. For classic polling place elections, one strength of an electronic system which prints paper ballots is that there are two separate paths for the counts. The machine can keep its own totals and report them at the end of the election. These totals can then be compared with the totals generated for that precinct by counting the paper ballots. This redundancy seems to me to provide higher security than either system alone. Cheers - Bill - Bill Frantz| There's nothing so clear as a | Periwinkle (408)356-8506 | vague idea you haven't written | 16345 Englewood Ave www.pwpconsult.com | down yet. -- Dean Tribble | Los Gatos, CA 95032
RE: The killer app for encryption
At 12:16 PM -0800 12/18/03, Jim Dixon wrote: Voice telephony requires delays measured in tens of milliseconds. A bit difficult if you also want encryption, anonymity, etc. Voice memo (messaging) systems are a way around this limitation. I don't know of any that exist. (Encrypted to receivers(s), mixed, and signed for strong pseudo-anonymity) Cheers - Bill - Bill Frantz| There's nothing so clear as a | Periwinkle (408)356-8506 | vague idea you haven't written | 16345 Englewood Ave www.pwpconsult.com | down yet. -- Dean Tribble | Los Gatos, CA 95032
Re: Silly Linux Kernel Bug
At 1:09 AM -0800 12/2/03, Eric Cordian wrote: As reported today on Slashdot, in linux kernels prior to 2.4.23, it is possible to map the kernel into user space with brk(), since apparently no one ever bothered to check that the argument passed was in the lower 3 gig of the address space. Rule 1: When you audit code for security, be sure there is a complete check of all input parameters. Make at least one pass through the code where this is the only check you make. As can be seen by multiple problems of this type, it's easy to forget. Cheers - Bill - Bill Frantz| There's nothing so clear as a | Periwinkle (408)356-8506 | vague idea you haven't written | 16345 Englewood Ave www.pwpconsult.com | down yet. -- Dean Tribble | Los Gatos, CA 95032
RE: e voting (receipts, votebuying, brinworld)
At 2:30 PM -0800 11/24/03, Major Variola (ret) wrote: At 01:04 PM 11/24/03 -0500, Trei, Peter wrote: Thats not how it works. The idea is that you make your choices on the machine, and when you lock them in, two things happen: They are electronically recorded in the device for the normal count, and also, a paper receipt is printed. The voter checks the receipt to see if it accurately records his choices, and then is required to put it in a ballot box retained at the polling site. If there's a need for a recount, the paper receipts can be checked. I imagine a well designed system might show the paper receipt through a window, but not let it be handled, to prevent serial fraud. Vinny the Votebuyer pays you if you send a picture of your face adjacent to the committed receipt, even if you can't touch it. [more deleted] It depends on what happens to the receipt when you say commit. It could automatically go into the ballot box without delay, so you can't take such a photo. I expect that Vinny is already doing this with video of the touch screen verification screen and the voter pressing OK, but he hasn't make me an offer yet. I expect he gets better value for his money with TV ads, and last minute hit mailers. Cheers - Bill - Bill Frantz| There's nothing so clear as a | Periwinkle (408)356-8506 | vague idea you haven't written | 16345 Englewood Ave www.pwpconsult.com | down yet. -- Dean Tribble | Los Gatos, CA 95032
Re: e voting (receipts, votebuying, brinworld)
At 8:04 PM -0800 11/24/03, Tim May wrote: I expect there may be some good solutions to this issue, but I haven't yet seen them discussed here or on other fora I run across. And since encouraging the democrats has never been a priority for me, I haven't spent much time worrying about how to improve democratic elections. You might check out David Chaum's latest solution at http://www.vreceipt.com/, there are more details in the whitepaper: http://www.vreceipt.com/article.pdf Cheers - Bill - Bill Frantz| There's nothing so clear as a | Periwinkle (408)356-8506 | vague idea you haven't written | 16345 Englewood Ave www.pwpconsult.com | down yet. -- Dean Tribble | Los Gatos, CA 95032
Re: e voting
At 9:19 AM -0800 11/21/03, Tim May wrote: On Nov 21, 2003, at 8:16 AM, Major Variola (ret.) wrote: Secretary of State Kevin Shelley is expected to announce today that as of 2006, all electronic voting machines in California must be able to produce a paper printout that voters can check to make sure their votes are properly recorded. http://www.latimes.com/news/local/la-me-shelley21nov21,1,847438.story? coll=la-headlines-california Without the ability to (untraceably, unlinkably, of course) verify that this vote is in the vote total, and that no votes other than those who actually voted, are in the vote total, this is all meaningless. David Chaum has described a system where each voter gets a piece of paper which includes their vote, encrypted so they can't prove how they voted. The images of these pieces of paper are also posted on a web page, so the voters can look up their encrypted ballots to verify that their votes are being counted. These votes are passed through a number of mixes, which may be run by different organizations before they are completely decrypted and counted. (The mixes prevent a decrypted ballot from being associated with an input, encrypted ballot.) The encryption of the ballots is performed by over-printing the plain-text ballots, so the voter can verify the ballot's correctness before it is encrypted. The mixes are verified by random inspection. This system seems to meet the above requirements. Now, I can think of some ways to cheat with this system, but they are all a lot more likely to be found than cheats with the current systems. The big knock on all-electronic voting machines is that they are a step backwards in independent verification and audit from paper ballots, or even punch cards. (Yes, you can argue about hanging chad, pregnant chad, dimpled chad etc., but at least you have something tangible that represents each ballot.) The saving grace of the old mechanical voting machines is that they are mechanical, and hard to modify for cheating. Most anyone on this list can imagine the program in an electronic voting machine being different from the one that was audited and approved. That's hard to do with a mechanical system. We have seen failures where the mechanical systems lost all the votes made on them however, a failure that seems possible with the electronic systems as well. IMHO, the problem with Chaum's systems is that it is complex. I think that saving a printed paper ballot, along with the electronic totals, gives much the same level of security and assurance, with a system that the average voter can understand. Cheers - Bill - Bill Frantz| There's nothing so clear as a | Periwinkle (408)356-8506 | vague idea you haven't written | 16345 Englewood Ave www.pwpconsult.com | down yet. -- Dean Tribble | Los Gatos, CA 95032
Palladium/TCPA/NGSCB
Mark Miller pointed out to me that currently much of our protection from viruses comes from people at the anti-virus companies who quickly grab each new virus, reverse engineer it, and send out information about its payload and effects. Any system which hides code from reverse engineering will make this process more difficult. To the extend that Palladium/TCPA/NGSCB hides code, and to the extent it succeeds at this hiding, the more it encourages new and more pervasive viruses. Cheers - Bill - Bill Frantz| There's nothing so clear as a | Periwinkle (408)356-8506 | vague idea you haven't written | 16345 Englewood Ave www.pwpconsult.com | down yet. -- Dean Tribble | Los Gatos, CA 95032
Responding to orders which include a secrecy requirement
The Java Anonymous Proxy (JAP) service, your local library, and you, among others need to develop a response should you be served with an order (court or otherwise) to produce information which includes the requirement that you keep the order secret. There are a large number of responses one could use. Some of them might be: * Cooperate. * Take the service down. * Publicly refuse to cooperate. * Publicly announce that you are being monitored. * Stop saying that the service is not monitored. * Appear to cooperate, but provide false information. * etc. Please keep in mind when reading the following analysis that I am not a lawyer. Cooperation seems to be the safest from a short term legal standpoint. However, to the extent it encourages the police state, it is dangerous in the long term. Taking the service down is an obvious response. It is a difficult response for your public library to implement. In addition, a strict enough secrecy order could require you to keep the service up. Publicly refusing to cooperate is the most honorable response, and will probably end you up in jail for an indefinite term on contempt charges. This is the path of civil disobedience, followed by a number of heros in past encounters with totalitarianism. Publicly announcing that you are being monitored will probably end up with the same contempt charges as a public refusal to cooperate, coupled with the possibility of the dishonorable act of breaking your word (depending on your terms of service). Stopping your notification that the service is not monitored can be forbidden by a strict enough secrecy order. It may be the least legally risky of the options. The fact that you will stop notification should be included in your terms of service. Providing false information is an interesting option, but I think you are legal toast if you are caught doing it. One can get a lot of amusement from considering who to implicate in place of the real anonymous user. Cheers - Bill - Bill Frantz | A Jobless Recovery is | Periwinkle -- Consulting (408)356-8506 | like a Breadless Sand- | 16345 Englewood Ave. [EMAIL PROTECTED] | wich. -- Steve Schear | Los Gatos, CA 95032, USA
Re: Trials for those undermining the war effort
At 8:02 PM -0800 4/2/03, Kevin S. Van Horn wrote: In other words, you can't formulate a cogent argument against this point. Ever heard of the Ten Commandments? Most of these deal with treating others well. My reading says that five commandments deal with people's relationship with god and five deal with people's relationship with each other. ... my own religious upbringing taught me to view it as a deeply shameful thing to lie, steal, strike a woman, etc. You simply couldn't do these things and still feel good about yourself. This kind of endogenous aversion to antisocial behavior is sorely lacking in post-Christian America. I somehow was brought up the same way, but without a significant religious component. Perhaps these are the ways every tribe teaches it's members to relate to one another. c.f. TRUST: Human Nature and the Reconstitution of Social Order by Francis Fukuyama for the way family replaces tribe in some societies. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Logging of Web Usage
At 6:16 PM -0800 4/2/03, Seth David Schoen wrote: Bill Frantz writes: The http://cryptome.org/usage-logs.htm URL says: Low resolution data in most cases is intended to be sufficient for marketing analyses. It may take the form of IP addresses that have been subjected to a one way hash, to refer URLs that exclude information other than the high level domain, or temporary cookies. Note that since IPv4 addresses are 32 bits, anyone willing to dedicate a computer for a few hours can reverse a one way hash by exhaustive search. Truncating IPs seems a much more privacy friendly approach. This problem would be less acute with IPv6 addresses. I'm skeptical that it will even take a few hours; on a 1.5 GHz desktop machine, using openssl speed, I see about a million hash operations per second. (It depends slightly on which hash you choose.) This is without compiling OpenSSL with processor-specific optimizations. Ah yes, I haven't updated my timings for the new machines that are faster than my 550Mhz. :-) The only other item is importance is that the exhaustive search time isn't the time to reverse one IP, but the time to reverse all the IPs that have been recorded. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Foreign adventures and economic imperialism
At 11:54 AM -0800 4/3/03, Tim May wrote: If my neighbor wishes to contribute to the Ruwandans or the Iraqi Liberation Front, he is welcome to. Operation Iraqi Liberation has a better acronym. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Logging of Web Usage
At 2:58 PM -0800 4/2/03, John Young wrote: Ben, Would you care to comment for publication on web logging described in these two files: http://cryptome.org/no-logs.htm http://cryptome.org/usage-logs.htm Cryptome invites comments from others who know the capabilities of servers to log or not, and other means for protecting user privacy by users themselves rather than by reliance upon privacy policies of site operators and government regulation. This relates to the data retention debate and current initiatives of law enforcement to subpoena, surveil, steal and manipulate log data. Thanks, John The http://cryptome.org/usage-logs.htm URL says: Low resolution data in most cases is intended to be sufficient for marketing analyses. It may take the form of IP addresses that have been subjected to a one way hash, to refer URLs that exclude information other than the high level domain, or temporary cookies. Note that since IPv4 addresses are 32 bits, anyone willing to dedicate a computer for a few hours can reverse a one way hash by exhaustive search. Truncating IPs seems a much more privacy friendly approach. This problem would be less acute with IPv6 addresses. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Missile -launchers in iraq
At 4:05 PM -0800 3/31/03, Neil Johnson wrote: - They don't want the US to be able to justify the invasion, See we told you they had WMD, we had to go in. If I were Iraq, I would make sure that any WoMD that survived the inspections were destroyed and all traces removed as part of an after-the-hot-war strategy. (I also wonder when some our other good friends, like North Korea will decide that the US is committed enough to Iraq to try throwing their weight around.) Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Trials for those undermining the war effort?
At 5:44 AM -0800 3/31/03, Harmon Seaver wrote: On Mon, Mar 31, 2003 at 10:15:46AM +0100, Steve Mynott wrote: 3. Wicca is a modern invention. Hardly. WEIK- [2]. In words connectid with magic and religious notions (in Germanic and Latin). 1. Germanic suffixed form *WIH-L- in Old English WIGLE, divination, sorcery, akin to the Germanic source of Old French GUILE, cunning trickery: GUILE. 2. Germanic expressive form *WIKK- in: a. Old English WICCA, wizard, and WICCE, witch: WITCH; b. Old English WICCIAN, to cast a spell: BEWITCH. My ODE defines Wicche as an obsolete word meaning witch. Now, one can argue whether the modern concept of Wicca has any relation to the old northern European religions, but the word seems be based on fairly old roots. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: [gulfwar-2] Al-Jazeera Calls... - strategy proposal (fwd)
At 5:12 PM -0800 3/27/03, Greg Broiles wrote: Are they going to do it? Seems unlikely to me - ultimately they're not motivated by a desire to bring the truth to the world (or we wouldn't trust them), they're motivated by a desire to make money, probably by licensing their content to satellite operators, cable TV operators, or by selling ad space/time to commercial sponsors. Freenet distribution doesn't help them make money licensing content, and it's difficult to sell ads if you don't have good data about viewership and their demographics, given the attenuated relationship between media ads and subsequent purchases. I beg to differ with you here. If the content is signed, then the signed content can include the ads. That binding will create an incentive to keep the ad and the content together. Getting an idea of the readership might be possible with the older file sharing networks by finding which machines have the files. In the end, of course, Al-Jazeera will have to decide whether bypassing censorship while under attack, with the expected increase in readership, and loss of detailed readership information is worth it. It would certainly give the file sharing networks an A1, ACLU approvable, reason for existence. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: U.S. Drops 'E-Bomb' On Iraqi TV
At 6:59 AM -0800 3/27/03, Gabriel Rocha wrote: On Thu, Mar 27, at 06:33AM, Mike Rosing wrote: [EMAIL PROTECTED]:~$ host www.aljazeera.net www.aljazeera.net has address 216.34.94.186 This is from the US, fyi. It also works (and even resolves to the same thing :) from other hosts outside the US) I get some really interesting answers. (I do so like looking at myself): % dig @64.105.172.26 www.aljazeera.net ; DiG 8.3 @64.105.172.26 www.aljazeera.net ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 4 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4 ;; QUERY SECTION: ;; www.aljazeera.net, type = A, class = IN ;; ANSWER SECTION: www.aljazeera.net. 2M IN A 127.0.0.1 ;; AUTHORITY SECTION: aljazeera.net. 2M IN NSns1.mydomain.com. aljazeera.net. 2M IN NSns2.mydomain.com. aljazeera.net. 2M IN NSns3.mydomain.com. aljazeera.net. 2M IN NSns4.mydomain.com. ;; ADDITIONAL SECTION: ns1.mydomain.com. 30M IN A64.94.117.195 ns2.mydomain.com. 30M IN A216.52.121.228 ns3.mydomain.com. 30M IN A66.150.161.130 ns4.mydomain.com. 30M IN A63.251.83.74 ;; Total query time: 212 msec ;; FROM: G4.local. to SERVER: 64.105.172.26 64.105.172.26 ;; WHEN: Thu Mar 27 14:53:35 2003 ;; MSG SIZE sent: 35 rcvd: 199 - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Things are looking better all the time
At 7:05 PM -0800 3/24/03, Declan McCullagh wrote: Or perhaps we'll see someone take a GPS-controlled small plane, which can carry 1,000 lbs, and turn it into a flying bomb or delivery system for something quite noxious. These planes can be rented by the hour at hundreds of small to medium sized airports around the U.S. Though I don't know if the autopilot is configurable enough to let an attacker program it to head to a certain altitude at a certain location and then bail out via parachute. The simplest autopilots just keep the wings level. Almost equally common are ones that can follow a radio location signal (VHF Onmi-Range (VOR) usually). Altitude hold is less common, as are autopilots that can follow an Instrument Landing System (ILS) in both azimuth and elevation. In theory, one could set up an attack where the plane follows a VOR to the target. If the payload is chemical or biological, dispersing it at altitude might be what is wanted. Otherwise additional equipment will be needed to crash the plane into the ground. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: What shall we do with a bad government...
At 7:28 PM -0800 3/20/03, Tim May wrote: Shrubya doesn't care, as he just raises taxes. (Or he squawks and whines as Congress raises taxes, same difference.) Tim - I don't think the cowboy (aka Shrubya) knows enough economics to realize that, in the long term, income and expenditure must be in some kind of rough balance. He's always been able to lean on daddy's money. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Libertarian Party expresses concern over war -- but does not
At 7:52 PM -0800 3/20/03, Tim May wrote:But the imperial power goes after the skinny kid it knows it can beat up, not the greater threats in the region (and in the world). Grenada, Panama, Iraq, Afghanistan, and Iraq again. But not North Korea, not China, not Saudi Arabia, not Russia, not Pakistan, and not Germany or France. One view of the war in Iraq is that it is to assure an oil supply so we can take on Saudi Arabia, home of three quarters of the 911 hijackers. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Journalists, Diplomats, Others Urged to Evacuate City
At 2:59 PM -0800 3/19/03, Tim May wrote: The greater threat is that access to one's home is impaired, or a car breakdown occurs, which is why carrying a bag in a vehicle makes so much sense: a shovel for digging out, a few blankets or a sleeping bag, water, a flashlight, flares and other road emergency supplies, maybe a GPS, a transistor radio, spare batteries, simple food rations, a few tools, and some small assortment of extra junk like duct tape, fishing line, wire, etc. And the gun I mentioned. If you go to any of the National Parks with a bear problem (e.g. Sequoia/Kings Canyon and Yosemite in California), be very careful what kind of food you carry. Bears have a very good sense of smell, can recognize food packages, and have been known to tear the doors off cars to get to food. More annoyingly, they will check out anything that smells, including hand lotion and toothpaste. I don't think that canned food smells enough to cause a problem, but it must be kept out of sight. (The rangers may disagree with me here. If any of these kinds of things are in sight, you will get a notice on your car (if you are lucky), or a ticket. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
RE: Unauthorized Journalists to be shot at
At 7:12 AM -0800 3/14/03, Trei, Peter wrote: If the US military does Really Bad Things to Iraqi civilians with any frequency, I have little doubt we'll hear about it in time. There are journalists 'embedded' in many units. In the credit where credit's due department, this change in press relations is one of the better things to come out of the G. W. Bush administration. Compared with the way the press was handled during Gulf War I, this approach is much more likely to bring incidents such as Mai Lai to the light of day. (It also should produce a much better version of, War, the Latest Reality Show, coming to a TV network near you.) Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Claim: Quietness of computers will win out over TEMPEST surveillance
At 3:34 PM -0800 3/12/03, Tim May wrote: Truly sensitive communications may be best done on laptops, even laptops in metal mesh bags. (Either with one's head poked into the bag, or a bag big enough to enclose the user and laptop, etc.) You probably want to use a fiber optics cable for the link to the outside of the bag. Assuming that it is entirely non-conductive (fiber + the covering), it will not tend to act as an antenna for the RF from your laptop. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Fw: Drunk driver detector that radios police
At 10:52 PM -0800 3/6/03, [EMAIL PROTECTED] wrote: A tiny fuel cell that detects the alcoholic breath of a drink-driver and calls the police has been developed by a team of engineers at Texas Christian University. A pump draws air in from the passenger cabin, a platinum catalyst converts any alcohol to acetic acid, which then produces a current proportional to the concentration of alcohol in the air. A chip analyses the data, and if it is too high, turns on a wireless transmitter that calls the police. So much for the sober designated driver with a load of drunk passengers. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
.sig
At 1:08 PM -0800 3/4/03, Tim May quoted: If I'm going to reach out to the the Democrats then I need a third hand.There's no way I'm letting go of my wallet or my gun while they're around. --attribution uncertain, possibly Gunner, on Usenet Would the converse read? If I'm going to reach out to the Republicans then I need a third hand. There's no way I'm letting go of my wallet or my freedom while they're around. It seems to me that right now, my wallet is at risk due to the rise in federal debt, whether by depleting my savings through inflation, or by higher future taxes to pay the debt. The attack on freedom, lead by the Republicans, has been commented on so frequently here I don't need to add more. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: interesting (fwd)
At 7:43 PM -0800 3/1/03, Tim May quoted: A human being should be able to change a diaper - yes, plan an invasion - does another group of 4th grader's club house count?, butcher a hog - yes, conn a ship - small ones, design a building - small ones, write a sonnet - no, balance accounts - yes, build a wall - yes, set a bone - my training stops when the bone gets to the hospital, comfort the dying - I've done too much of that recently, take orders - yes, give orders - yes, cooperate - yes, act alone - yes, solve equations - at least some of them, analyze a new problem - many of them, pitch manure - yes, program a computer - yes, cook a tasty meal - yes, fight efficiently - more or less depending, die gallantly - I'm in no hurry to make a demonstration. Specialization is for insects. --Robert A. Heinlein I guess I have to work on the sonnets. (The networking version would be easier.) Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Trivial OTP generation method? (makernd.c)
At 6:11 PM -0800 2/28/03, Thomas Shaddack wrote: Yes. The intention of the check in this version was to prevent operator blunders like feeding the program from a switched-off signal source. Better statistical check would be a good thing, though; however, my math-fu isn't good enough yet to come up with something simple. FIPS-140 is your friend. They did the math. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: To Steve Schear, re Rome, Architects, Shuttles, Congress
At 8:32 PM -0800 2/20/03, Major Variola (ret) wrote: [Aside] I recently learned that back before you needed a license to drive (ca 1930) you would manually adjust the spark timing (!!) according to your engine speed. After handcranking the engine to start. Yes, and you got a broken arm if you didn't retard the spark before you cranked the car. (Hand crank of course) And these days you're supposed to recycle your oil instead of using it to patch the cracks in driveways, so that's another job to pay somebody else to do. Well you can drop off your oil and various places will take it, free. Yes. Our curb side recycling will pick it up. Free too. That's the way to avoid the toxic waste fee at the local oil changers. (I find it takes less time to do it in my driveway too.) And, I still am willing to work on my brake systems. Replacing pads on a disk brake unit is a lot easier than replacing drums. I'm even dumb enough to have replaced bearings in a couple of my transmissions. And had one lock into high gear because I put the parts back on the main shaft in the wrong order. Set a new personal record for removal, disassembly, reassambly, and installation of a transmission after I slipped the clutch to get the car home too. Always get the service manual when you get the car. Just like, always get the source to your security dependent code. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: The burn-off of Tom Veil
At 11:04 AM -0800 2/21/03, John Kelsey wrote: Social programs in general work this way. It was a goodie being handed out once, but now, it looks to the people involved like a necessity, and they'll fight hard to keep it. This is just as true of social security and farm subsidies as of welfare. Listen to a Republican-voting farmer justify farm subsidies some time. You ought to have to *pay* for that kind of entertainment. (Oh, wait, I *am* paying for it.) In fact, smarter and better educated people will tend to be a lot more effective at fighting for their benefits than less intelligent, poorly educated people. So welfare reform, for all its weirdness, seems to be working much better than the attempts to reform farm subsidies, say. And even with Republicans in control of everything, I'll bet we don't see any major cuts to NEA, say. And now that my mortgage is almost paid off, I can start railing against the mortgage interest deduction. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Supressed? speech by Sen. Robert Byrd -- Reckless Administration May Reap Disastrous Consequences
At 1:04 PM -0800 2/14/03, Trei, Peter wrote: This comes from another mailing list. I've confirmed that it's not been reported on by the NYT, the Washington Post, or the Boston Globe. http://www.commondreams.org/views03/0212-07.htm FWIW - This speech was reprinted as an op-ed piece in today's San Francisco Chronicle. Of course you don't have to pay attention to the opinions of people in San Francisco... Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
RE: Hacking the Bush War Machine
At 1:21 PM -0800 2/13/03, Blanc wrote: (and how long are people supposed to stay taped up in their room, they haven't said, either. And where would the bad gas go - over to somebody else's neighborhood?) I guess beans are officially off the American diet. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Something conspicuously missing from the media survival lists
At 10:44 AM -0800 2/11/03, Tim May wrote: But in postmodern America mentioning guns is simply NOT DONE. Not even on the Fox Network, a more rightward network than the others. (Being right no longer means mentioning guns, as Ashcroft and Cheney and the like would prefer that guns be in the hands of der polizei. There's a reason Hitler confiscated guns held privately by Germans.) I thought Ashcroft was on record as stating that the second amendment confered an individual right to own arms. Are his actions are not in accord with his words? Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the Ameican | 16345 Englewood Ave. [EMAIL PROTECTED] | way. | Los Gatos, CA 95032, USA
Re: Forced Oaths to Pieces of Cloth
At 6:55 AM -0800 2/9/03, Sunder wrote: And also freedom of religion. Forcing someone to say Under God for example. Back in the dark ages (the 1950s, and don't anyone get nostalgic for them), when the phrase under god was added to the pledge, I was a student in school. From what they had taught me, I knew then that this addition violated the establishment of religion clause. The solution I devised was to simply remain silent when this phrase was said. Unfortunately having started to question the relation between the pledge and the ideals of the country, I started to wonder why I was pledging to the flag, instead of the country. So over the years, I have a somewhat edited version (removed parts in brackets): I pledge allegiance to [the flag of] the United States of America [and to the republic for which it stands], one nation [under god], indivisible, with liberty and justice for all. Except for the fact that one should not trust pledges that are made under coercion, I am reasonably comfortable with this edited version. It expresses the ideal nation that I wish the United States would become. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the Ameican | 16345 Englewood Ave. [EMAIL PROTECTED] | way. | Los Gatos, CA 95032, USA
Re: The Statism Meme
At 2:39 PM -0800 2/4/03, André Esteves wrote: in Northern Italy they live close to Switzerland... What more can be said... A car, a suitcase and a weekend in Geneva with a numbered account. I'd go to St. Moritz. It's closer, has better skiing, and the Swiss banks have discovered branch banking. :-) - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the Ameican | 16345 Englewood Ave. [EMAIL PROTECTED] | way. | Los Gatos, CA 95032, USA
Re: Say goodbye to the ISS
At 8:27 PM -0800 2/2/03, Steve Schear wrote: As some friends in the U.S. space program had privately predicted, and the New York Times is today reporting, unless the problem with the Shuttle can be quickly identified and convincingly rectified to worried legislators, the International Space Station may have to be moth balled and the NASA manned space program put on hold. http://www.nytimes.com/2003/02/02/science/02cnd-stati.html I heard someone today suggesting that it was time to replace the shuttle. After all, it's 25 year old technology. I kind of expect a program to be proposed with all the usual reasons why it is good for the country. - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the Ameican | 16345 Englewood Ave. [EMAIL PROTECTED] | way. | Los Gatos, CA 95032, USA
Re: Real Facts and Good Facts
At 12:26 PM -0800 2/2/03, Eric Cordian quoted: In another teletext moment on CNN, the shuttle was described as traveling at Mock 18. We mach (sic) their idiocy. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the Ameican | 16345 Englewood Ave. [EMAIL PROTECTED] | way. | Los Gatos, CA 95032, USA
Re: Touching shuttle debris may cause bad spirits to invade your body!
At 10:19 AM -0800 2/2/03, Tim May wrote: Last laugh: CNN is carrying (10:06 a.m. PST) an information slug at the bottom of a Wolf Blitzer interview: Columbia was traveling 18 times faster than the speed of light. Yes, speed of light. Please mister spaceman, won't you please take me along for a ride. - J. McGuinn - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the Ameican | 16345 Englewood Ave. [EMAIL PROTECTED] | way. | Los Gatos, CA 95032, USA
Re: Who feigned Roger Rabbit?
At 12:04 AM -0800 1/30/03, Tim May wrote: Sometime I take a bus when my car needs to be repaired. From my house to Santa Cruz, a total of 13 miles, it takes a minimum of 80 minutes by bus. For a working person, ... as soon as they can raise the money, they buy cars. Then that 80-minute each way trip drops to 20 minutes. And they can go when they wish, not when the bus schedule permits. I have had one case where taking the train was a big win over driving. I was consulting in San Francisco, about 60 miles from my home. I found that if I rode the train, I could work as I rode, and turn my travel time into billable hours. I also avoided the ruinous parking charges in downtown. Given those facts, I would have taken the train even if the ticket price hadn't been subsidized. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the Ameican | 16345 Englewood Ave. [EMAIL PROTECTED] | way. | Los Gatos, CA 95032, USA
Re: the news from bush's speech...H-power
At 3:43 PM -0800 1/29/03, Tim May wrote: On Wednesday, January 29, 2003, at 03:18 PM, Bill Frantz wrote: Back a few years ago, probably back during the great gas crisis (i.e. OPEC) years, there were a lot of small companies working on solar power. As far as I know, they were all bought up by oil companies. Of course, only a paranoid would think that they were bought to suppress a competing technology. ... The issues are complex, but have zero to do with leftie fantasies about oil companies suppressing technologies. I agree, as I said above. At most the purchase of these companies may have slowed research by not providing as much funding. More likely it speeded research by providing a sponsor with a longer term view than the public capitol markets. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the Ameican | 16345 Englewood Ave. [EMAIL PROTECTED] | way. | Los Gatos, CA 95032, USA
Re: the news from bush's speech...H-power
At 2:24 PM -0800 1/29/03, Eugen Leitl wrote: Feds are sure inefficient, but the random dispersal of funds does tend to hit the far shots now and then. The private sector tends to ruthlessly optimize on the short run (because the long shot doesn't pay if you go broke before you can reap the possible benefits). Back a few years ago, probably back during the great gas crisis (i.e. OPEC) years, there were a lot of small companies working on solar power. As far as I know, they were all bought up by oil companies. Of course, only a paranoid would think that they were bought to suppress a competing technology. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the Ameican | 16345 Englewood Ave. [EMAIL PROTECTED] | way. | Los Gatos, CA 95032, USA
RE: Deniable Thumbdrive? (and taking signal detection seriously)
At 10:11 AM -0800 1/24/03, Major Variola (ret) wrote: You do, of course, have to trust the hardware/OS you use it with. If you don't know the socket, keep your dongle in your pants Given the well documented advantages of poetry over prose in ease of recall, this adage should be, If you don't know the socket, keep your dongle in your pocket. (Think codpieces.) Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the Ameican | 16345 Englewood Ave. [EMAIL PROTECTED] | way. | Los Gatos, CA 95032, USA
RE: Supremes and thieves.
At 2:50 PM -0800 1/21/03, Jack Lloyd wrote: On Tue, 21 Jan 2003, Trei, Peter wrote: The song is sung by Jimmy Stewart, on camera, so a new soundtrack would be tough. Given that they can make dead actors dance in commercials, I can't imagine it would be terribly difficult to do it. Though I know next to nothing about video editing in general, so maybe not. But after making this dead actor sing a different song, it would a new work, and the copyright clock would be reset. Now if someone wants to do the work on an open-source-like basis... Cheers - Bill - Bill Frantz | Sacred cows make the | Periwinkle -- Consulting (408)356-8506 | tastiest hamburgers. | 16345 Englewood Ave. [EMAIL PROTECTED] | - David Wagner | Los Gatos, CA 95032, USA
Re: The Plague
At 8:35 PM -0800 1/17/03, Neil Johnson wrote: Few people realize that one of the reasons we live so long today is because of the lowly toliet. This is the source of the observation, Governments are like toilets. They're necessary for public health, but you shouldn't worship them. YMMV - Bill - Bill Frantz | Sacred cows make the | Periwinkle -- Consulting (408)356-8506 | tastiest hamburgers. | 16345 Englewood Ave. [EMAIL PROTECTED] | - David Wagner | Los Gatos, CA 95032, USA
Re: Retry: Yet another attempt to defraud egold!
At 10:42 AM -0800 11/15/02, Sunder wrote: What's disturbing about this is that we are on someone's list as e-gold customers or something, and this is very likely the same spoofer that had earlier set up e-golb.com and attempted the same kind of spoof. FWIW, I got one of the e-gold letters. I don't have an e-gold account. Cheers - Bill - Bill Frantz | The principal effect of| Periwinkle -- Consulting (408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave. [EMAIL PROTECTED] | fair use. | Los Gatos, CA 95032, USA
Re: eJazeera?
At 12:44 PM -0800 11/10/02, Tyler Durden wrote: The methods can be various, but the easiest one was (I think) described by Tim May. Bob and Alice are pre-known to each other. Bob holds a camera, Alice has a Wi-Fi enabled laptop operational in her knapsack. After Bob takes the photos/video, he transfers the images to ALice, who walks off and moves the data to a secure and public site. FWIW - I saw a TV transmitter kit in Fry's for $28. It takes input from Camcorders and broadcasts it on channel 3 or 4. (It is low power so it comes under FCC part 15 regulations.) If you give one of these to the camera holder, and one or more others have receivers/recorders, you have a simple, cheap, off the shelf system. Cheers - Bill - Bill Frantz | The principal effect of| Periwinkle -- Consulting (408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave. [EMAIL PROTECTED] | fair use. | Los Gatos, CA 95032, USA
Re: Did you *really* zeroize that key?
At 8:40 PM -0800 11/7/02, Peter Gutmann wrote: It's worth reading the full thread on vuln-dev, which starts at http://online.securityfocus.com/archive/82/297827/2002-10-29/2002-11-04/0. This discusses lots of fool-the-compiler tricks, along with rebuttals on why they could fail. In that discussion, Dan Kaminsky wrote: You also need to ignore that bizarre corner case where the same memory address is mapped to multiple *physical* addresses -- such a memory architecture could simply alter one of the addresses and tag the rest as tainted without in fact clearing them. But I don't think anyone actually does this -- I'm at least significantly more sure of that than I am of the precise semantics of volatile vis-a-vis dead code elimination. Yours Truly, Dan Kaminsky DoxPara Research http://www.doxpara.com There is a common example of this corner case where the memory is paged. The page containing the key is swapped out, then it is read back in and the key is overwritten, and then the page is deallocated. Many OSs will not zero the disk copy of the key. Crypto coders have discussed many kludges to ensure that keys are not swapped out, but they are all quite system specific. Since the problem we were trying to solve is different environments producing different results, I don't feel we are any closer to safe, portable code. Cheers - Bill - Bill Frantz | The principal effect of| Periwinkle -- Consulting (408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave. [EMAIL PROTECTED] | fair use. | Los Gatos, CA 95032, USA
Re: Katy, bar the door
At 12:35 PM -0800 11/1/02, John Kelsey wrote: At 09:32 PM 10/31/02 -0800, Tim May wrote: ... If the attackers/hijackers cannot get into the cockpit and gain control of the plane, then the most they can do with disabling/lethal/nerve gases is to cause the plane to essentially crash randomly...which kills a few hundred people, but probably not many more. Which is yet another reason why securing the cockpit door very, very well is the single most important, and cheapest, solution. Hmmm. I agree, but if the attackers chose the right time (while the plane's on autopilot) to release the gas or whatever, they might have an hour or two to get through the cockpit door, with no resistance at all from the now-dead passengers or crew. I expect that in most cases, ATC would be concerned about no contact for an hour. In the modern age, that might be enough to scramble a fighter to go up and take a look. (A number of years ago, there was a case where a pilot, presumably asleep, flew right past Los Angles, over the Pacific ocean, and crashed. ATC was very concerned, but couldn't do anything to wake the pilot.) Cheers - Bill - Bill Frantz | The principal effect of| Periwinkle -- Consulting (408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave. [EMAIL PROTECTED] | fair use. | Los Gatos, CA 95032, USA
Re: Confiscation of Anti-War Video
At 1:52 PM -0800 10/31/02, Steve Schear wrote: At 11:37 AM 10/31/2002 -0800, you wrote: Another fix that is being used is passengers who will act to keep the plane from being used as a weapon. If the hijackers have to kill people with small sharp objects that they can smuggle on board, instead of mass killing devices like machine guns, then a large number of passengers can overcome a small number of hijackers. This assumption may not be a good one. Considering the level of current security checks, it should be trivial to smuggle some sort of anesthetic or poisonous gas generator aboard. No need for sharp objects. AFAIK, the air supply aboard current U.S. fleets is shared between passengers and cockpit. IIRC, the regs call for pilots to either wear oxygen masks, or have quick to put on masks readily at hand. Cheers - Bill - Bill Frantz | The principal effect of| Periwinkle -- Consulting (408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave. [EMAIL PROTECTED] | fair use. | Los Gatos, CA 95032, USA
Re: One time pads
At 7:52 AM -0700 10/16/02, David Howe wrote: OTP is the best choice for something that must be secret for all time, no matter what the expense. anything that secure for 20,000 years will be sufficient for, go for PKI instead :) OTP is also good when: (1) You can solve the key distribution problem. (2) You need a system with a minimum of technology (e.g. no computers) (3) You need high security. The Solvet spies are a case in point. The only incriminating evidence they had with them was the pad itself. Given the small size of their messages, (they didn't throw Microsoft word files around), their pads could also be physically small. The necessary calculations could be performed with pencil and paper, and the incriminating intermediate results burned. And the system, used correctly, provided high security. Of course, when they started using it as a Two Time Pad, the NSA was able to decode messages as shown by the Verona intercepts. Cheers - Bill - Bill Frantz | The principal effect of| Periwinkle -- Consulting (408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave. [EMAIL PROTECTED] | fair use. | Los Gatos, CA 95032, USA