Re: [EMAIL PROTECTED]: [IP] more on U.S. passports to receive RFID implants start
At 01:42 AM 10/30/2005, Roy M. Silvernail wrote: Tyler Durden wrote: One thing to think about with respect to the RFID passports... Um, uh...surely once in a while the RFID tag is going to get corrupted or something...right? I'd bet it ends up happening all the time. In those cases they probably have to fall back upon the traditional passport usage and inspection. They've said they'll fall back on the traditional If we can't read the passport it's invalid and you'll need to replace it before we'll let you leave the country technique, just as they often do with expired passports and sometimes do with just-about-to-expire passports if you're a Suspicious-Acting Person like Dave del Torto. The only question is, what could (believably) damage the RFID? If you want to damage the RFID of a passport you're playing with, microwave ovens should do just fine. I don't know if Rivest's RFID-blocker chips use the same frequency or codespace as the passport RFIDs, but you could also leave one of them in the back of your passport. Now put that chip-cooker in a trash can right by the main entrance to an airport and perform some public service. I'd be surprised if you could put out enough energy to cook the passport RFIDs of people walking by at normal speed without also causing lots of other electrical problems.
Re: Multiple passports?
When I saw the title of this thread, I was assuming it would be about getting Mozambique or Sealand or other passports of convenience or coolness-factor like the Old-School Cypherpunks used to do :-) On 10/30/05, Gregory Hicks [EMAIL PROTECTED] wrote: The only people that I knew that had two passports were those with an Official (red) passport or a Diplomatic (black) passport. If they wanted to go play tourist, they had to also have a tourist (Blue) passport. A few years ago, before heading on an overseas trip, I was unable to locate my current passport. After dealing with a voicemail system adapted from a Kafka novel, and bringing myself, my previous expired passport and other id, a couple official-sized photographs and cash through the secret-handshake elevator into a big waiting room for a long morning, they made me a new passport. (If you need to replace a passport more than a month before your planned travel, you're supposed to use the regular process at the Post Office and maybe pay extra for Express Mail if you're impatient. If you need to replace a passport within 3 days of travel, they've got expedited processes at major passport offices like San Francisco. But if you need to replace your passport two weeks before the trip, there's no way to talk to a human being, just Kafka's voicemailbot, so you have to wait until 3 days before the trip to get an appointment for the emergency expedited process instead of going in when you and they aren't busy :-) They informed me that the lost passport was now invalid and I should turn it in if I find it, because if I were to use it to get back into the country it would be rejected with extreme prejudice, since its number is now on the lost passports list. Of course the next day when I was packing, the passport showed up on the closet floor under the suitcase, and unlike the previous passport which I took in to replace when it was about to expire, it doesn't have holes punched in it and Expired stamped on it. For domestic air travel since the recent military coup, I normally bring a passport as ID, since it's a request from the former United States government asking foreign governments like the current TSA White People to let me pass, and I'd rather carry the technically-invalid one with me instead of the valid one just in case I lose it. I think I've also used it to travel from the EU back to the US, but I'd expect that the La Migra thugs will eventually improve their databases, possibly even before my old one expires, especially because Homeland Security wants to RFIDize us. I was considering losing my current passport before the RFID things get started, but it doesn't look like there's time, so I've got about 5 years to hope that the Republicans get thrown out on their asses in the next election and the Democrats decide that returning to the Constitution will sell better than continuing the Permanent State of Yellowalertness. Given the previous Clinton Administration's behavior, I don't expect the Hillary Clinton Administration to do any better. At 09:27 PM 10/29/2005, Jay Goodman Tamboli wrote: I wasn't able to find a reference to support this on http://state.gov, but I know it's possible to get two passports if you plan to travel to both Israel and a country that refuses to admit people with Israeli stamps in their passports. I don't think the US normally lets you have two passports, or if they do they almost certainly have the same number. But at least during the 1980s, Israel would be happy to give you a separate piece of paper with to carry with your passport that they'd stamp when you entered and left instead of stamping the passport itself. I don't remember if I did that or if I decided not to worry about it because I'd visited the Arab countries before going to Israel and didn't expect to get back any time soon.
Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]
At 05:37 PM 9/27/2005, lists wrote: Tyler Durden wrote: Sorry...I don't understand...why would psuedonymity services be provided within Tor? I find the concept of having both pseudonymous and anonymous traffic through TOR quite interesting. In some cases, you really do wish to just TOR itself does not necessarily have to deal with this. There could be services flowing through TOR that provide this. However, TOR nodes implementing pseudonymous traffic for their own network seems more natural and easier to do. One way to build a psuedo-pseudonymous mechanism to hang off of Tor that would be easy for the Wikipedians to deal with would be to have a server that lets you connect to it using Tor, log in using some authentication protocol or other, then have it generate different outgoing addresses based on your ID. So user #37 gets to initiate connections from 10.0.0.37, user #258 gets to initiate connections from 10.0.1.2, etc. The reason to use Tor mechanisms is to make connection potentially easier by reducing the number of mechanisms a client needs; the reason to use different IP addresses is for Wikipedia's convenience. It's mainly useful in environments where you can use private address space, so if you're running it on a Tor-friendly location as opposed to Wikipedia's rack space, you might want to tunnel it across the Internet through something other mechanism such as GRE/L2TP/IPSEC/etc.
Fwd: Re: MIT talk: Special-Purpose Hardware for Integer Factoring
Eran Tromer of Weizmann Institute gave a talk at MIT on special-purpose factoring machines, and Intrepid Reporter Bob Hettinga summarized to Perry's List. Date: Wed, 14 Sep 2005 21:12:30 -0400 To: cryptography@metzdowd.com From: R.A. Hettinga [EMAIL PROTECTED] Subject: Re: MIT talk: Special-Purpose Hardware for Integer Factoring At 12:29 PM -0400 9/14/05, Steven M. Bellovin wrote: TODAY * TODAY * TODAY * WEDNESDAY, Sept. 14 2005 So, I saw this here at Farquhar Street at 14:55EST, jumped in the shower, thus missing the train 13:20 train at Rozzy Square :-), instead took the bus, and then the T, and got to MIT's New Funny-Looking Building about 16:40 or so, and saw the last few slides, asking the first, and only, question, because the grad-students shot out of there at relativistic velocity, probably so they wouldn't miss their dinner, or something... The upshot, to me, was that 1024-bit RSA keys are, for Nobody Special Anywhere, probably as DED as DES, for certain keys but probably not all without way too much money, but that things start to go sideways for this box somewhere south of 2kbit keysize, and so this is not TEOTWAWKI, key-wise. Unless someone comes up with in algorithmic improvement. Of course. :-). Cheers, RAH Who went, obviously, to poke him about Micromint and hash-collisions, for fun, and who *did* have fun, as a result, in a dead-horse-beating kind of way... -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - --- Forwarded Message Forwarded by Steve Bellovin - Open to the Public DATE:TODAY * TODAY * TODAY * WEDNESDAY, Sept. 14 2005 TIME:4:00 p.m. - 5:30 p.m. PLACE: 32-G575, Stata Center, 32 Vassar Street TITLE: Special-Purpose Hardware for Integer Factoring SPEAKER: Eran Tromer, Weizmann Institute Factoring of large integers is of considerable interest in cryptography and algorithmic number theory. In the quest for factorization of larger integers, the present bottleneck lies in the sieving and matrix steps of the Number Field Sieve algorithm. In a series of works, several special-purpose hardware architectures for these steps were proposed and evaluated. The use of custom hardware, as opposed to the traditional RAM model, offers major benefits (beyond plain reduction of overheads): the possibility of vast fine-grained parallelism, and the chance to identify and exploit technological tradeoffs at the algorithmic level. Taken together, these works have reduced the cost of factoring by many orders of magnitude, making it feasible, for example, to factor 1024-bit integers within one year at the cost of about US$1M (as opposed to the trillions of US$ forecasted previously). This talk will survey these results, emphasizing the underlying general ideas. Joint works with Adi Shamir, Arjen Lenstra, Willi Geiselmann, Rainer Steinwandt, Hubert K?pfer, Jim Tomlinson, Wil Kortsmit, Bruce Dodson, James Hughes and Paul Leyland. --- End of Forwarded Message
Mass. Gov. Romney suggests Wiretapping Mosques, Domestic Spying
Of course, had he suggested wiretapping Catholic churches in Boston because there might be people raising funds for terrorist groups like the IRA, he'd have been run out of town on a rail. Of course this month it's Protestants who are doing the terrorism in Northern Ireland, and the IRA's gone fairly quiet, but in the past it might have been effective. Here in San Francisco nobody'd suggest tapping churches except to find peace groups or immigrant support groups; the bars on Geary street are where the IRA fundraisers go. http://www.boston.com/news/local/articles/2005/09/15/wiretap_mosques_romney_suggests/?page=full WASHINGTON -- Governor Mitt Romney raised the prospect of wiretapping mosques and conducting surveillance of foreign students in Massachusetts, as he issued a broad call yesterday for the federal government to devote far more money and attention to domestic intelligence gathering. In remarks that caused alarm among civil libertarians and advocates for immigrants rights, Romney said in a speech to the Heritage Foundation that the United States needs to radically rethink how it guards itself against terrorism. .. As he ponders a potential run for president in 2008, Romney has positioned himself as a homeland security expert:
Re: [EMAIL PROTECTED]: [IP] Internet phone wiretapping (Psst! The FBI is Having Trouble on the Line, Aug. 15)]
At 01:13 AM 9/8/2005, Eugen Leitl wrote: On Thu, Sep 08, 2005 at 05:31:32AM +0100, Dave Howe wrote: Don't really need one. the Skype concept of supernodes - users that relay conversations for other users - could be used just as simply, and is What hinders Mallory from running most of supernodes? Budget? But Mallory doesn't need to run *most* of the supernodes - hitting just the current targets is good enough, especially if the central sites or client software can be tricked into not using encryption or using compromised keys. Plus of course some sort of assurance that skype's crypto isn't snakeoil :) It is snake oil until proven otherwise. Yup. They say they use AES, and that they use RSA to set up session keys. The main issue is that they don't document their protocols or crypto, and of course the usual failures are bad protocol design, which can break systems that do include strong crypto. The use of RSA for session key setup instead of Diffie-Hellman is a strong sign that they don't really have a clue... If you're in the SF Bay Area, Skype is having a developer get-together in Palo Alto on Thursday 9/22. http://www.skype.com/campaigns/skypenightpaloalto2005
Re: [EMAIL PROTECTED]: Re: Tor on USB]
At 08:53 AM 9/3/2005, Damian Gerow wrote: Though, you can just skip all that, walk in to Starbucks, sit down, and start using your TOR node as your own entry point. No registration, no wait, no nothing: just sit down and go. I just set a node up a few days ago, and was surprised at how simple it was to get TOR up and going. How does TOR feel about NAT and various firewall things? I've been at hotels where I can't even get my ipsec VPN to work.
RE: [EMAIL PROTECTED]: [Politech] Montana Supreme Court justice warns Orwell's 1984 has arrived [priv]]
At 10:39 AM 8/23/2005, Trei, Peter wrote: Tyler Durden writes: Yes, but the old question needs to be asked: How much of this crime would go away if crystal meth were legal? Actually, if we ever managed to kill the culture of prohibition, I suspect that crystal meth would be about as popular is bathtub gin is today. It's terrible stuff. Meth is not fundamentally that different from Sudafed, and the nasty chemical processes of extracting the sugar coating and filler material and moving around a couple of methyl and hydroxy groups and disposing of the bodies of the people you thought were ratting you out to the police and the space alien biker gangs could all be avoided if you could make it legally at a big pharma company. Before the War on Drugs started helping us by making Sudafed hard to get, the generic pills tended to be on sale for about ten cents per 30mg dose. If I'm reading Erowid correctly, and guessing the kinds of quantities a tweaker might use if it were readily available and nearly free, a buck or two a day would cover all the meth you could use, and you could easily make that much at a minimum-wage job in the extra hours you've got that you used to waste sleeping, and you wouldn't have to resort to crime unless it seemed like more fun. Also, you could use somewhat calmer amphetamine relatives instead of meth; can't be *that* much nastier than tobacco, and much of the cost of legal pharmaceutical amphetamines today is the DEA paperwork. Opiates are another drug for which crime would be unnecessary if the stuff were legal. The last time I got codeine for dental work, I think I spent about $5 for 20-30 pills. That's enough for a day of Rush-Limbaugh-quantity abuse, and enough for a couple of days' worth of withdrawal-prevention for an average addict, and stronger opiates are similar in cost; opiate addiction doesn't need to be as expensive as tobacco addiction. By the way, if you've watched the TV medical drama House, the star is an acerbic doctor who's addicted to Vicodin, as an after-effect of leg injury, and it's interesting to see the wall of political correctness cracking a bit.
GPS Jammer Firm nearly ejected from Russian air show.
http://www.themoscowtimes.com/stories/2005/08/22/002.html Monday, August 22, 2005. Issue 3235. Page 1. Irksome Firm Nearly Ejected From Air Show By Lyuba Pronina Staff Writer Ivan Sekretarev / AP Spectators watching the Patrouille de France aerobatic team perform during the MAKS air show at the Zhukovsky airfield outside Moscow on Saturday. ZHUKOVSKY, Moscow Region -- The jamming equipment made by Aviakonversia is so effective against U.S. planes and missiles that it apparently provoked an angry phone call to the Kremlin from U.S. President George W. Bush in the first days of the Iraq war. Russian officials do not seem to have forgotten the scandal and on Friday tried to shut down the company's stand at the Seventh Moscow Aviation and Space Show, MAKS 2005, said Aviakonversia director Oleg Antonov. Perhaps the company's presence was simply too embarrassing, considering that the U.S. Air Force occupied a prominent place on the tarmac, displaying a B-1B bomber, F-15 and F-16 fighters, and two bulbous tanker planes used in mid-air refueling. Three representatives of the Federal Industry Agency and the Federal Service for Technical and Export Control, which oversees the export of defense technology, unsuccessfully attempted to close the stand on the grounds that Aviakonversia had not received clearance from the Defense Ministry to showcase its product, Antonov said. The government representatives, concealing their ID badges, did not allow this reporter to be present during their conversation with Antonov. They demanded we pack up, but we have the right to be here -- we paid the rent for this stall, Antonov said after the meeting. We have made the product using our own money and do not need the approval from the Defense Ministry, a grocery director or a banya director. img The Federal Industry Agency was unavailable for comment over the weekend. Aviakonversia, which makes devices that jam the global positioning systems used in navigation, caused a storm of protest from Washington in the early days of the Iraq war in March 2003. Antonov, who for 24 years worked in the State Research Institute of Aviation Systems developing defense systems for planes, founded Aviakonversia with a dozen staffers in 1992. The company developed jammers that interfere with GPS signals and were apparently used by Iraqi forces during the U.S.-led invasion. The Bush administration charged that Aviakonversia personnel were on the ground instructing Iraqi forces how to use and maintain the equipment, The Washington Post reported at the time. Our GPS jammer puts all U.S. high-precision weapons out of order, Antonov said. They have turned billions of dollars that the U.S. government has spent into dust. Antonov denied that his company delivered any equipment directly to Saddam Hussein but acknowledged it might have reached Iraq via arms dealers. Right before the war, there were a lot of people in Moscow with suitcases full of money shopping for anything that could deter U.S. troops, Antonov said. Aviakonversia now manufactures its gear outside Russia so as not to irritate the authorities, he said, though he declined to specify where. He also refused to identify his clients, saying only that they were foreign governments that acquired the jammers through middlemen. The German peacekeeping contingent in Afghanistan recently sent Aviakonversia a letter thanking it for the jammers, which it deployed to interfere with GPS receivers used by Taliban fighters, Antonov said. After Aviakonversia first displayed its wares at MAKS 1997, the Pentagon acquired a few dozen jammers, Antonov said. Then they went quiet. A hubbub ensued, however, in the first days of hostilities, when U.S. forces had difficulty in honing in on their targets. Bush reportedly picked up the phone to voice concern to President Vladimir Putin that Iraqi forces were using Russian-made night-vision goggles, GPS jammers and anti-tank missiles. Antonov lamented that his company did not reap more praise back home. A representative of state-owned Phazotron-NIIR, the maker of radars for fighter jets, also said Friday that their stand had been rigorously inspected by the export control service. Some weapons systems -- such as the S-400 air defense system -- were not even displayed at MAKS, despite previous advertisements. The main innovation on display at MAKS was the MiG-29OVT with all-axis thrust vector-controlled engines that allow for greater maneuverability at low speeds. Irkut Corp. demonstrated its innovative unmanned aerial vehicles for civilian use, with the Emergency Situations Ministry likely to be its first customer.
Re: Reverse Palladium?
At 11:47 AM 7/12/2005, Tyler Durden wrote: How secure can I make a Java sandbox from the rest of the network I'm on? Can I make it so that my network administrator can't see what I'm typing? In other words, a secure environment that's sitting on an insecure machine. There's the network and there's the computer. If you're on a computer you can't trust, you can't trust it. If you're the sysadmin for the box, and nobody else is, then you're only exposed to eavesdropping on the network. If you can't trust the sysadmins for the computer not to do keystroke logging and CarbonCopy your screen, you've got a much tougher threat model. If you've got a machine you're willing to trust, you can tunnel everything else you do through encrypted tunnels; the network administrator will be able to see where the outside of the outer tunnel is, if that bothers you. There are a number of SSL-based VPN tunnel products on the market, including some that just use the browser's SSL capabilities, some that use a browser with Java app clients, and some that use actual installed client software. Aventail is one vendor, Cisco's another, there are lots more, but I haven't seen any open-source server versions (e.g. Apache plugins), though some servers do at least run on Linux. Some of Aventail's products are made to run on a publicly-accessible machine, e.g. cybercafe model, and give you a virtual desktop that looks like your home system and clean up after themselves when you log off.
Drug-traffickers' Trunk-mounted Evidence-ditching Rocket Fails to Take Off
My brother's summary, spoken by a Wile E. Coyote cartoon figure: 2 KY meth traffickers rigged up their car so if cops closed in a small rocket with their stash would launch itself from the trunk that never works meep meep Fox News Story: http://www.foxnews.com/printer_friendly_story/0,3566,161609,00.html Drug Rocket Fails to Take Off Tuesday, July 05, 2005 Drug dealing really may be rocket science. Two accused methamphetamine traffickers apparently rigged up their car so that if cops closed in, a small rocket carrying their stash would pop up from the trunk and launch itself far from the long arm of the law. For some reason, the rocket never achieved liftoff when Missouri State Highway Patrol (search) officers pulled over Michael Ray Sullivan, 41, and Joseph C. Seidl, 39, both of Kentucky, on June 24 in Kingdom City. The $13,534 in cash in the 1990 Ford Thunderbird was interesting enough, Kansas City U.S. Attorney's Office spokesman Don Ledford told the Columbia (Mo.) Daily Tribune. Far more intriguing was what was in the trunk: three dud pipe bombs and a hobby-style rocket, three to four feet long, all packed with meth worth up to $145,000. Ledford explained that a web of ropes and pulleys lifted the rocket into launch position when the trunk lid was opened. The rocket could then be ignited from inside the car using the dashboard cigarette lighter. Cops are pretty certain the rocket was meant to be an escape pod for the drugs, but Ledford diplomatically declined to speculate. But they did have the meth inside the rocket, he admitted, and it could be launched from inside the car. Thanks to Out There reader Jen J.
Re:The Nazification Of America (Show Me Your Papers - Day 1)
At 05:09 PM 7/5/2005, J.A. Terranson wrote: OSince I am out of state, the letter's return address serves as my proof of address, however, it also (according to several city corpses^H^H^H droids) meand that I need: * One (1) of the following forms of valid photo-ID: * Driver license * Non-Driver Photo-ID Card * Passport *and* one of anything else. Of course, the problem is that these three require the BC... Your postal mail forwards from your old address, doesn't it? And your old driver's license is still valid, though the state you moved to wants to hit you up for a new one of theirs. Alternatively, if you prefer the Two From Column B menu, it should be easy to get a letter from a government agency - just get a traffic ticket (:-) or write them about something bureaucratic, like how to get a driver's license, or a complaint to your State Assemblycritter, and Bob oughta be your uncle.
Plame != Palme :-) Re: Palme revealed by... Karl Rove!
You're mixing up assassinating a president with treason performed for revenge and crude political gain. At 11:56 AM 7/2/2005, J.A. Terranson wrote: 5000 Quatloos that nobody thinks this is (a) impeachment material, or (b) prosecutable since it was done by Rove... It's only impeachable if Bush knew and couldn't justify his lack of response as executive privilege. I'd assume his handlers have a standing agreement of plausible deniability for that sort of thing. As far as prosecutable goes, it'd sure be fun to watch, unless of course there's another runaway bride or dead puppy or somebody burns a flag on July 4th or the comet blows up real good or whatever else it takes to distract the public for 15 minutes.
Re: Private Homes may be taken for public good
At 12:32 PM 6/30/2005, A.Melon wrote: Well, James Dobson (right wing Christian evangelical) is targeting some of these same judges, so I don't think the Democrat Republican division you're pointing to here is all that valid. In other words, some of those same judges are hated by the right. Thomas in particular is hated by the Right, but everyone, left, right, and center hates the majority decision in Kelo. Polls on major news sites indicate 1-3% support for the decision. Well, sure. At least 1-3% of the people in the country work for town governments and/or shopping mall developers who get to benefit from this kind of abuse. It's really strange to have a week where not only does the Supreme Court make a bunch of rabidly evil decisions, but Rehnquist and Thomas are on the correct side of several of them. Hope the old bastard can hang on long enough until either Bush is out of office or at least the Senate gets a few more Democrats, because Bush is unlikely to propose somebody even as principled as these right-wing zealots.
Re: Private Homes may be taken for public good
It's an appalling decision, and as Alif says, it's nothing that hasn't been happening for years already. Sad to see it formalized, though. Bush's favorite judges are radical activists when it comes to interference with most civil rights, especially for non-citizens or people outside US boundaries, or when it comes to letting the Administration get away with whatever it wants, but this case *is* about *property*, so that's as close as they're going to get to an invitation to do the right thing. (There was another case recently where Clarence Thomas voted the right way; I don't remember the issue, but it surprised me.) How do you stop a bulldozer? [various destructive options.] Nah. Paper. Applied before the bulldozer heads to your property. Occasionally you need it in mass quantities. However, there are times you need to stop construction equipment that's doing bad things - ATT at least used to fly small planes over our main cable routes, looking for backhoes that hadn't checked in with the Don't Dig Here Center. They'd drop them a package with some papers about calling the Call Before You Dig people, a couple of bribes (typically a pair of good work gloves and a pack of gum), and a pack of playing cards to give them something to do while waiting around.
Re: Private Homes may be taken for public good
What the hell are all of you smoking? This court has *talked* about restricting inappropriate use of the commerce clause, but when it comes to *doing*, they're 100% behind 100% Federal expansion *through* the Commerce clause. Well, ya' gotta a point there. Actually, I WISH I were smoking something. California's medical marijuana laws allow you to use it for just about any medical condition you can get a doctor to prescribe it for, and there are doctors happy to oblige. This set of mostly really bad decisions by the Supremes is really stressing me out, so I'd better go get something to help me manage the stress :-) Eminent Domain decision looks really bad, though I haven't read it yet. Brad Templeton suggested, though, that the Constitution does still require just compensation, and that the obvious value of the property that's taken is not just the value that the property owner would have taken if he felt like moving out and selling to another homeowner, but the value that the private company would have had to pay to get everybody they're stealing land from to sell out. So it may still be possible to get paid decently by going to court. The Medical Marijuana decision, while appallingly bad, seemed pretty obvious - straight stare decisis from the FDR-era decision that a farmer growing grain on his own land to feed to his own hogs was still engaged in interstate commerce, and therefore subject to FDR's agriculture quasi-nationalization rules. If the Supremes had wanted to overturn that, they could have done so (unlikely), or they could have decided that the case was sufficiently different because it's about medicine and not just commerce (also unlikely), but they didn't. That's a problem with activist lawsuits - you need to have the resources to win, or else you usually end up making the legal situation worse for everybody than if you hadn't done it. At first glance, the cable modem decision looks right, though; haven't had time to read all the fine print yet.
Re: e-gold exchange
At 07:22 AM 5/31/2005, Tyler Durden wrote: OK...what;s the best exchange service for transferring dollars (perhaps via paypal or credit cards) into egold? I haven't found anybody that'll take credit cards or paypal without either major hurdles or extremely high fees - there's too much risk of fraud including reneging on credit card charges. However, I've been very pleased with Goldage.net - they've got several mechanisms for paying them, including walking in to one of half a dozen major US banks and making a deposit to their account, as well as a few varieties of wire transfer. They're a transaction-based service rather than an account-based service, and support a variety of online gold currencies. I don't use e-gold myself - I get so much spam purporting to be from them that it's much simpler to discard all of it, since 99.9% is phishing. But a certain anonymous person with whom I might or might not be be familiar was able to use Goldage's online interface to set up a transaction, hand some dead presidents to a Bank that's in America, and a day or two later the transaction cleared and there was a deposit to an electronic currency company's account, which could allegedly be used to pay a merchant. Fees were pretty low, though for relatively small transactions the minimum fee is the main concern, rather than the percentages that matter more on larger transactions.
NYTimes article on privacy, identity theft
http://nytimes.com/2005/05/18/technology/18data.html?hpex=1116475200en=7f0572052438ec3bei=5094partner=homepage Good NYTimes article on privacy, identity theft, and easy correlation of data in public records. Usual Suspect Professor Avi Rubin at Johns Hopkins has his grad students demonstrating things you can find out. Betty Ostergren's Virginia Watchdog website http://www.opcva.com/watchdog/ reinforces complaints about public records privacy by outing the records of public officials to make her points to them. [NYTimes articles usually require free registration; I'm not sure if there's currently a cypherpunks userID there, but I think some of the strings following the ? in the URL indicate that you don't need registration if you use this URL..] Bill Stewart
Re: Terrorist-controlled cessna nearly attacks washington
Sigh. Terrified Student Pilot isn't the same as Terrorist.
Re: Pi: Less Random Than We Thought
http://cypherpunks.venona.com/date/1993/05/msg00213.html Back in the old days, Tim May would occasionally talk about the Kolmogorov-Chaitin theories about randomness - Kolmogorov complexity gives you a lot of deep explanations about this sort of problem. Alas, I never actually *read* those papers, but there's been a lot of mathematical thought about what randomness means.
Re: Email Certification?
I'm still having trouble understanding your threat model. If you're talking about somebody who can get Hotmail's cooperation, e.g. cops or sysadmins, there's no way you can prevent them from doing anything they want to your incoming mail. If you're worried about crackers guessing your password, then some web-based email systems automatically mark mail as read, some don't, some let you mark it, some let you remark it as unread. (I haven't ever used hotmail, and my cat stopped using it when the Child Online Protection Act required Hotmail to cancel accounts for anybody under 13 years old who didn't have parental permission, so the interface has probably changed since I last saw it.) Are you worried specifically about Hotmail? You're mentioning using gmail to pre-filter your hotmail messages - gmail's going to have similar potential threats, except that it's probably better managed, and if you're going to send the mail to gmail anyway, why not just read it on gmail? In general, if you've sent unencrypted email to an untrusted system, then you've got no way of knowing that it hasn't been read. At 01:09 PM 4/27/2005, Tyler Durden wrote: Oh...this post was connected to my previous one. Sorry...my ideas along these lines are still a little foggy but I'll try to articulate. Basically, let's assume someone with some resources has cracked your email and wants to monitor what you send and receive. let's also assume they don't want you to know it. Let's assume they also are not particularly thrilled about having hotmail know what they're up to (if needs be they can obtain a warrant, etc..., but this is clearly less than desirable compared to more direct techniques). It seems fairly easy to me to (for instance) create a bot that duplicates all of the email and resends it to your hotmail account so that when you log in everything looks fresh and new. (There are probably easier ways to do this via direct hacks of hotmail). Is there some way to make it evident that someone has opened your email? Right now, I can't think of anything you could do aside from suggesting that hotmail (or whoever) offer some kind of encryption service. BUT, it occurs to me that you might be able to have gmail forward your mail to hotmail via some intermediate application you've set up that takes the timestamp and whatever and creates a hash.
Re: AP For Starvation Judge
At 10:35 PM 3/26/2005, Eric Cordian wrote: Justin writes: She is a corpse with a heartbeat. They want her dead, but don't have the guts to just kill her, so they're going to dehydrate her to death instead and pretend it's natural, because she can't feed herself. It's a nasty way to go if you're not in bad health, though it seems to be popular with disabled old people who want to commit suicide in nursing homes and don't have alternatives. I think we have to divide things we do for disabled people into care and heroic medical measures. I consider a feeding tube to fall into the former category. I agree with you there, though for many people that seems to be the crux of the issue.
Handheld Licence Plate Scanner/OCR/Lookup
More news dispatches from Brinworld http://www.chieftain.com/business/1109862027/1 http://www.thenewspaper.com/news/01/196.asp Bootfinder, made by G2 Systems in Alexandria VA, is a combination of a handheld digital camera, OCR software for locating and reading license plates, and a database lookup system that shows the user whatever information it has about that license plate. The software runs on a laptop; the article doesn't say if it has an online live data feed or just runs on stored data. The two governments currently using it, New Haven Conn and Arlington County VA, are using it to find car tax and parking ticket delinquents, so it's something that doesn't need a live data feed, but that would be easy to patch on - the hard technology's in reading the number, not in using it. It was originally developed for tracing stolen cars, but the developer found that to be a hard sell with cash-strapped police departments, while parking enforcement is a revenue-generating activity so anything that lets those departments rake in money faster is an easy sell. One city saw their car tax payment compliance go from 80% to 95% because it was easy to catch many non-payers and to scare other people into paying before they get caught. The camera can scan 1000 license plates per minute - the article doesn't say how fast the cars can be going, but the cities that use it have parking officials driving down the street scanning parked cars' plates, which are easier to aim at than moving cars. Even so, that suggests that more widespread privacy-invading applications should be easy to develop - David Brin's Transparent Society prediction of cameras and computing being cheap enough to become ubiquitous becomes more realistic every year.
Anguilla on $1000 a day - NYTimes
The NYT updates us on a favorite cryptographers' hideout http://travel2.nytimes.com/2005/02/27/travel/27high.html February 27, 2005 HIGH LOW High: Anguilla on $1000 a Day By JULIET MACUR N hour after arriving on Anguilla in early January, I was soaking in the hot tub at an exclusive resort, sunglasses on, eyes closed, sun warming my pasty Northeastern face. Ah, Anguilla, a quiet island that has recently become the next St. Barts, a hedonistic hideaway and magnet for members of the boldface set. At the northeast corner of this narrow isle, Jennifer Aniston and Brad Pitt spent New Year's in a villa on Captain's Bay. On its southwestern coast, Jay-Z and Beyoncé had cuddled on the sands of Shoal Bay West. Down the beach from my resort, Uma Thurman had kicked back at a local bar. Just as I began to imagine that I, too, was a star on an escape-the-paparazzi trip, reality interrupted. A foreign object crashed into my hot tub and sent water slapping against my face. A small boy and his father were throwing a ball wildly. The father's next toss bounced off the boy's head and against a woman's forehead. The father laughed. The woman smiled. I growled and thought, This doesn't happen to Jennifer Aniston. I left in a huff because I had no time for distractions. This was serious business: I had to figure out how to get by on $1,000 a day. Related Feature Low: Anguilla on $250 a Day Though Anguilla is a relatively undeveloped island where goats might outnumber residents, $1,000 a day at a chic resort amounts to roughing it. At the Cap Juluca resort, the cheapest room in high season cost $936 a night, including the 20 percent tax. Malliouhana Hotel offered a garden view room on the first floor for $744. If my best friend, Rose, and I were to eat, drink and even think of going to the spa on my $1,000-a-day budget, the only high-end resort I could afford was the CuisinArt Resort and Spa, which sits near the island's southwestern end on Rendezvous Bay's beach, one and a half miles of flour-soft sand, blindingly white. The turquoise ocean water was as clear as Evian, and you could see fish near the sea floor. The cheapest rate, $550 plus $110 tax - but including Continental breakfast - would allow us to pretend we belonged at this beautiful place. The resort's grounds were simple and elegant. Eggplant-colored bougainvillea climbed the whitewashed stucco buildings that looked as if they had been plucked from a Greek cliff. In a nearby garden were trees heavy with guavas, fig bananas and star apples. As we looked from the lobby onto a series of rectangular pools cascading to the beach, a receptionist said we had been upgraded from the main house to a suite in one of the 10 three-story villas clustered along the shore. We hope you don't mind, she said, unaware that I was a journalist. No, we didn't, and certainly not after seeing the room. The upgrade, to a junior suite that would have cost $120 more a night, allowed us to hear waves from our patio. Our suite was a cheery, not fancy, single room, but at 920 square feet was nearly as big as my Manhattan apartment. A navy couch broke up the space into sleeping and lounging areas. Two double beds with wicker headboards faced the porch and a walkway to the beach. Paintings of Greek fishing villages and bright bedspreads splashed color against the white walls and tile floors. A brochure called the bathroom your own private sanctum, large enough for an oval tub for a honeymooning couple's bubble bath. But nothing was that private, considering one wall was made of warped glass. While on the outside walkway one day, I gasped when I saw a fuzzy version of Rose heading for the shower. At the resort's free reception on our first night (with food and drink), the manager, Rabin Ortiz, told us, Do not make plans for your weekend. We quickly learned why. There are no plans to make because, on Anguilla, there is basically nothing to do. And that's the point. At CuisinArt, stay away from the main pool (where ball-tossing children congregate). Instead, sit on the beach and take delivery of homemade lemon sorbet from waiters whose goal is to fill you with fruity rum drinks. After sundown, submit to spa treatments like the Anguillan coconut pineapple scrub, which smells good enough to eat, and the hydroponic cucumber and aloe wrap, using ingredients grown on the premises. It was the perfect place for us: upscale, but not one bit snooty. Night life is minimal. (At 10:30 on Saturday night, only one couple was at our resort's bar, where a trio sang Endless Love.) Sea kayaks, sailboats, catamarans and tennis courts were available and mostly unused. For casino or dance club action, it's a half-hour ferry ride to St. Martin. Still, after too many games of boccie and gin rummy - or perhaps not enough gin and rum - we searched for some fun. Down the beach was Dune Preserve, a delightfully mellow bar inside a wooden shack owned by the local reggae legend Bankie Banx. A CuisinArt
Re: Desire safety on Net? (n) code has the solution
At 09:43 AM 2/10/2005, R.A. Hettinga wrote: I'm starting get the hang of this. I mean, fertilizer...crypto, crypto...fertilizer: They're both *munitions*, right? Right? Well, sometimes they're both munitions, but sometimes they're both bullshit. I have no reason to assume they're not producing a quality product, but it's certainly a field where independent verification is necessary.
Re: US slaps on the wardriver-busting paint
At 10:00 AM 1/16/2005, Major Variola (ret) wrote: At 09:35 AM 1/14/05 -0500, R.A. Hettinga wrote: It only remains for us to say that DefendAir costs a cool $69 per gallon (US gallon, presumably). How much is the TV tax in the UK? How long to pay off the costs of paint to hide one's IF oscillator from the White Vans? You weren't reading the how it works description carefully. It works by blocking RF, so if you put enough paint on to block outgoing RF from your IF oscillator, you'll also block incoming RF headed for your tuner, unless your TV set does a good job of isolating the IF from the antenna. Similarly, if it's doing a good enough job of blocking RF to keep 802.11 WLANs from getting out, it's also keeping cell phone signals from getting in. RF is surprisingly leaky stuff. Back when I ran a TEMPEST-shielded room, we'd find easily-measurable leaks if the copper-wool filler in the joints wasn't packed tightly, or if we stuck a paper clip in one of the fiber-waveguide holes. We were measuring at 450 MHz, which was a really high frequency for the mid 1980s when computers ran at 10 MHz, and our room was about 120 dB tight when everything was working. Looks like the tax is UKP 116, so if the paint is only sold in whole gallons, and the white vans come around monthly to test, it could pay off in 3-4 months if it worked, except that it probably won't work. Bill Stewart [EMAIL PROTECTED]
Re: Searching with Images instead of Words
Expecting a front view of an image to match with a side view of the same image is impossible. They are both disjoint sets of information. If all the images are frontal images, we can match them with a hight probability, otherwise I doubt this technology has a future. I think it definitely has a future. I'm a bit skeptical about whether it's a _near_ future, though It sounds especially possible for specific classes of pictures, such as outdoor locations in major cities. Bill Stewart [EMAIL PROTECTED]
Re: [IP] No expectation of privacy in public? In a pig's eye! (fwd from dave@farber.net)
At 12:30 PM 1/12/2005, Roy M. Silvernail wrote: Just out of curiosity, if the man doesn't need a warrent to place a surveilance device, shouldn't it be within your rights to tamper with, disable or remove such a device if you discover one? Do you mean that if you discover an unsolicited gift of consumer electronics attached to your car, do you have the right to play with it just as you would if it came in the mail? I would certainly expect so... On the other hand, if it appears to be a lost item, you could be a good public citizen and take it to the police to see if anybody claims it... GPS tracker is an ambiguous description, though. GPS devices detect where they are, but what next? A device could record where it was, for later collection, or it could transmit its position to a listener. Tampering with existing recordings might have legal implications, but putting a transmitter-based system in your nearest garbage can or accidentally leaving it in a taxi or mailing it to Medellin all seem like reasonable activities. Bill Stewart [EMAIL PROTECTED]
Re: Police Worried About New Vest-Penetrating Gun
At 01:54 PM 1/14/2005, R.A. Hettinga wrote: http://www.wnbc.com/print/4075959/detail.html NEW YORK -- There is a nationwide alert to members of law enforcement regarding a new kind of handgun which can render a bulletproof vest useless, as first reported by NewsChannel 4's Scott Weinberger. ... The weapon is light, easily concealable and can fire 20 rounds in seconds without reloading. A couple of questions to the gunpunks out there... I've heard that rifles easily penetrate bullet-proof vests, and that vests are really only useful against average-to-small handguns and against shotguns. Is this accurate? Any idea how much you can saw off a rifle and still have it penetrate typical cop vests? (And I assume the 20 rounds in seconds is just a scary way to say it has a big magazine and you have to pull the trigger 20 times.) Also, the police expressed worry that criminals might hear about these guns and then the cops would be in big trouble. Sounds silly to me - while some criminals might buy a cop-killer handgun for bragging rights, random criminals presumably only buy weapons useful for the scenarios they imagine being in, which is Saturday Night Specials for most applications, or whatever currently fashionable Mac10/Uzi/etc. for druglord armies that expect to be shooting at each other, or rifles for distance work and dual-use pickup-truck decoration. Do many criminals expect to initiate shootouts with vest-wearing cops in scenarios where a rifle isn't practical? Do most cops wear bullet-proof vests regularly other than in holdup/hostage SWAT situations, where the criminal might have rifles anyway, and where a regular pistol is just fine for shooting hostages? Or is this mainly a problem for the cases when cops want to stage military-style pre-dawn assaults on people's houses, where they expect that the targets usually only have pistols handy near the bed and don't have time for rifles? Seems like scare-mongering to me, not a practical concern. Bill Stewart [EMAIL PROTECTED]
Re: Ridge Wants Fingerprints in Passports
He's smearing his sticky fingerprints all over everything else, and now he wants them in our passports? Oughtta learn to keep his hands to himself. Bill Stewart [EMAIL PROTECTED]
Adware for Windows Media Player spreading by P2P
http://www.theregister.com/2004/12/31/p2p_adware_threat/ According to an article in The Register, Overpeer is spreading adware-infected Windows Media Audio and Windows Media Video files via P2P. PC World Magazine did some research, ran Etherpeek, and found that the adware was going to Overpeer, which is owned by Loudeye, who strongly defend the practice, saying music pirates deserve what they get. Of course, what the article isn't mentioning is that this means that the WMA and WMV file formats have features that can be used with the Windows Media Player to support adware, so a good chunk of the blame belongs back in Redmond. (Remind me again why closed-source DRMware is a good idea?) Now, it wouldn't bother me if the Windows Media Player's silly trippy visuals that you get when playing audio that doesn't have a video track were replaced by some advertising video, as long as it's all self-contained and doesn't phone home to tell advertisers what I'm listening to. But this one seems to be pretty chatty. Bill Stewart [EMAIL PROTECTED]
RE: Ready, Aim, ID Check: In Wrong Hands, Gun Won't Fire
At 12:04 PM 1/10/2005, Trei, Peter wrote: For a gun to work, it is just as important that it fires when it should, as that it does not fire when it shouldn't. A safety system which delays firing by even half a second, or which introduces a significant false rejection rate (and 1% is way over the line), is a positive hazard. I'd rather not have to rely on a gun that's acting like typical Artificial Intelligence software - Out of Virtual Memory - Garbage-Collecting - Back in a minute - Tea? You mean Leaves, boiled in water? That's a tough one! - Low on Entropy - please wave the gun around and pull the trigger a few times Police have enough problems with situations where guns are too slow, such as a guy with a knife ten feet away, and ostensibly smart guns that aren't reliable are really bad. And slowly-responding guns just encourage cops to pull them out early and start shooting early just in case, which is the kind of thing most gun-grabbing liberals want to avoid. Bill Stewart [EMAIL PROTECTED]
The Reader of Gentlemen's Mail, by David Kahn
My wife was channel-surfing and ran across David Kahn talking about his recent book The Reader of Gentlemen's Mail: Herbert O. Yardley and the Birth of American Codebreaking. ISBN 0300098464 , Yale University Press, March 2004 Amazon's page has a couple of good detailed reviews http://www.amazon.com/exec/obidos/ASIN/0300098464/qid=1105254301/sr=2-1/ref=pd_ka_b_2_1/102-1630364-0272149 Bill Stewart [EMAIL PROTECTED]
RE: Police seek missing trucker, nickels
At 01:36 PM 1/9/2005, Tyler Durden wrote: OK...most of the time I understanding the relevance of the emanations from RAH, but this one I don't get. What's the relevance? Choate nostalgia? Micropayments, of course :-)
RE: Banks Test ID Device for Online Security
R.A. Hettinga wrote: Okay. So AOL and Banks are *selling* RSA keys??? Could someone explain this to me? At 12:24 PM 1/4/2005, Trei, Peter wrote: The slashdot article title is really, really misleading. In both cases, this is SecurID. Yup. It's the little keychain frob that gives you a string of numbers, updated every 30 seconds or so, which stays roughly in sync with a server, so you can use them as one-time passwords instead of storing a password that's good for a long term. So if the phisher cons you into handing over your information, they've got to rip you off in nearly-real-time with a MITM game instead of getting a password they can reuse, sell, etc. That's still a serious risk for a bank, since the scammer can use it to log in to the web site and then do a bunch of transactions quickly; it's less vulnerable if the bank insists on a new SecurID hit for every dangerous transaction, but that's too annoying for most customers. Bill Stewart [EMAIL PROTECTED]
Dept Homeland Security Research Conference in Boston, April 27-28
and TIMs), Surveillance/Detection (Low Volatility/Chemical Warfare Agents) · Biological Countermeasures including: Agricultural Security, Surveillance (Situational Awareness) · Radiological/Nuclear Countermeasures including: Passive and Active Detection · Explosives Detection including: Bulk and Trace Detection and Nanosensors · Methods to Disarm/Defeat Conventional Explosives · Critical Infrastructure Protection and Cyber Security including: Addressing Insider Threat, Large Scale Situational Awareness · Post-Event Recovery and Restoration from events involving the use of chemical and biological agents and nuclear and radioactive materials (e.g., improvised nuclear devices and radiological dispersion devices). Information and Important Dates Abstracts should be submitted in MS Word and limited to a maximum of 250 words. On the same page, the author(s) title, name, address, phone, fax, email and organization affiliation must be submitted. In addition, a maximum of 100-word biography of the presenting author is required on a separate page. Electronic versions of abstracts and papers should be submitted via the conference website. Detailed instructions about the electronic submission process will be published on the website. All electronic submissions will be acknowledged via email. Abstract deadline:February 7, 2005 Speaker Notification: March 1, 2005 Final Paper Deadline: At the Conference For more information on the First Annual National Homeland Security RD Conference, please refer to website: www.homelandsecurityresearchconference.org Call for Sponsors and Exhibitors We are seeking conference cosponsors and exhibitors from public and private sector organizations. For more information on sponsorship opportunities, please email: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] . For more information on exhibit opportunities, please email [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] . Call for Preliminary Registration If you are interested in attending this conference, please email us at [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] . To make sure you receive our notices, please configure your spam filter to accept this email address. Conference Organizer DHS ST - The Department of Homeland Securitys Science and Technology Directorate is the primary research and development arm of the Department. It provides Federal, state, and local officials with the technology and capabilities to protect the homeland. You are subscribed as [EMAIL PROTECTED] To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ Bill Stewart [EMAIL PROTECTED]
Re: punkly current events
At 02:29 PM 12/11/2004, James A. Donald wrote: If Afghanistan was subject to US jurisdiction, it would not have a bumper opium crop. If Saudi Arabia was subject to US jurisdiction, they would not be funding terrorism. [...] The reason that taliban caught in Afghanistan, and people with the wrong accent caught in Afghanistan, tend to wind up in Guantanamo Bay is not because Afghan warlords are taking orders from US overlords, it is because Afghan warlords are fighting a holy war against the same people who are our enemies. But the Taliban were the US warlords' *friends*. After all, that's why the US paid them $43m for doing such a great job in their holy war against opium farmers. Bill Stewart [EMAIL PROTECTED]
Re: Mixmaster is dead, long live wardriving
At 10:08 AM 12/11/2004, J.A. Terranson wrote: On Sat, 11 Dec 2004, Justin wrote: Not necessarily. Mixmaster is trivial to use with Mutt. 1. Compile Mixmaster . You just made my case for me. Joe Sixpack will not wtf you are talking about. Hell, half the RedHat users won't know either (where's the RPM?). Joe Sixpack got lost at Compile. It's still easier to use than the early versions of FreeS/WAN (First do a clean compile of your kernel...) On the other hand, if you're using Mutt, you're already more complex than Joe Sixpack is likely to use. Also, rather than a virus installer, it'd be interesting if there were an anonymizer package built for Apache. Widespread anonymous web browsing would mean that simple web-based remailers would be easily usable. Bill Stewart [EMAIL PROTECTED]
Gary Webb dies - reported on CIA Cocaine Connections
http://www.mercurynews.com/mld/mercurynews/news/local/states/california/peninsula/10399522.htm http://www.sacbee.com/state_wire/story/11745531p-12630606c.html (AP Storty) Gary Webb, 49, former Mercury News reporter, author INVESTIGATIVE JOURNALIST WROTE CONTROVERSIAL SERIES By Jessica Portner Mercury News Gary Webb, a former Mercury News investigative reporter, author and legislative staffer who ignited a firestorm with his controversial stories, died Friday in an apparent suicide in his suburban Sacramento home. He was 49. The Sacramento County coroner's office said that when A Better Moving Company arrived at Mr. Webb's Carmichael home at about 8:20 a.m. Friday, a worker discovered a note posted to the front door which read: ``Please do not enter. Call 911 and ask for an ambulance.'' Mr. Webb, an award-winning journalist, was found dead of a gunshot wound to the head, Sacramento County Deputy Coroner Bill Guillot said Saturday. Mr. Webb's friends and colleagues described him as a devoted father and a funny, dogged reporter who was passionate about investigative journalism. As a staff writer for the Mercury News from 1989 to 1997, he exposed freeway retrofitting problems in the 1989 Loma Prieta earthquake and wrote stories about the Department of Motor Vehicles' computer software fiascos. Mr. Webb was perhaps best known for sparking a national controversy with a 1996 story that contended supporters of a CIA-backed guerrilla army in Nicaragua helped trigger America's crack-cocaine epidemic in the 1980s. The ``Dark Alliance'' series in the Mercury News came under fire by other news organizations, and the paper's own investigation concluded the series did not meet its standards. Mr. Webb resigned a year and a half after the series appeared in the paper. He then published his book, ``Dark Alliance: The CIA, the Contras and the Crack Cocaine Explosion.'' In the past few years, Mr. Webb worked in the California Assembly Speaker's Office of Member Services and for the Joint Legislative Audit Committee. The committee investigated charges that Oracle received a no-bid contract from Gov. Gray Davis. After being laid off from his legislative post last year, Mr. Webb was hired by the Sacramento News and Review, a weekly publication. Tom Dresslar, a spokesman for state Attorney General Bill Lockyer who has known Mr. Webb for more than a decade, was distraught Saturday when he heard that his friend may have taken his own life. ``He had a fierce commitment to justice, truth and cared a lot about people who are forgotten and society tries to shove into the dark corners,'' Dresslar said. ``It's a big loss for me personally and a great loss for the journalism community.'' Services for Mr. Webb are pending. Bill Stewart [EMAIL PROTECTED]
Re: Blinky Rides Again: RCMP suspect al-Qaida messages
For instance, a seemingly innocent digital photo of a dog could be doctored to contain a picture of an explosive device or hidden wording. Of course, the _real_ message wasn't hidden in subtle stego bits - it was whether the picture was Bush's dog, Cheney's dog, or Blair's dog. It recommends investigators consult the RCMP's technological crime program for assistance, including comprehensive forensic examinations of seized digital media. The more serious problem is what this means for computer evidence search and seizure procedures - the US has some official rules about copy the disk and return the computer that came out of the Steve Jackson case, not that they're always followed; I don't know if the Canadians are more or less polite about returning computers, but this kind of thing increases the chances of harassment of various ethnic and political organizations We're keeping your computer as evidence of potential crimes, but we haven't actually charged you with a crime yet and won't do so unless we can find the hidden stego evidence. Bill Stewart [EMAIL PROTECTED]
Re: Word Of the Subgenius...
At 08:25 AM 12/8/2004, Steve Furlong wrote: I know what you mean, but (a) I didn't write what I meant, and (b) I don't think a true anarchy would be the proper environment for your anarcho-capitalism. My complaints about Tim's anarchistic writings were about his desire to watch DC detonate, or to watch a rampage against useless eaters of one type or another, or the like. If you think those are anarchist ideas, you've missed the main ideas about anarchy and anarcho-capitalism and such. Anarchism isn't about getting rid of the _current_ people in charge, it's about getting rid of _having_ people be in charge. On a cypherpunks-history track, Tim or Eric once proposed that the way to deal with slander in an uncensorable anonymous communication environment was to make sure that there was _always_ a wide current of anonymous slander against you going on, so you can dismiss any _real_ slander by saying it's just more of the same crap that some anonymous people always say about you, and that there may even be a market for it. (And Tim didn't even pay me to say that he's Detweiler's father...) Bill Stewart [EMAIL PROTECTED]
Re: Bugs in the belfry
At 07:49 AM 12/8/2004, R.A. Hettinga wrote: So was Nietzsche suffering, as many have argued, from incipient paresis when he wrote Twilight of the Idols, et al? If so, then (the argument goes) these late books, brilliant as they may appear to be, can't be taken as seriously as his earlier, saner writing. Or did the philosopher go mad from some other cause all of a sudden, in the space of a single day, as others prefer to believe? If you're a literary-crit type, interested in the evolution of Nietzsche's thought, that's an interesting kind of question, and you can go looking for evidence in the changes in ideas and expression between his earlier and later books. However, if you're trying to examine the question of whether his books should be taken seriously as philosophy, as opposed to whether they're Significant Art, then that doesn't really matter; the question is whether the ideas as written are any good or are crackpot lunacy, which is independent of whether the author was a crackpot. I suppose if you're trying to evaluate whether they're a good philosophy for actual living, you can look at the effects of Nietzsche's ideas on his life, but that's a much broader study, and the direct lesson here is that unsafe sex isn't a good idea.. Disclaimer - most of what I've read of Nietzsche was when we had to translate some of it in high school German class. It's very frustrating to be reading something that appears to say that the destruction of the human race would be a good thing and have to figure out if that's because you got a verb tense wrong or because it's Nietzsche. Bill Stewart [EMAIL PROTECTED]
Re: Michael Riconosciuto, PROMIS
On Sun, 5 Dec 2004, Steve Thompson wrote: Does anyone here have a good idea of what the PROMIS code actuall does; what its characteristics and capabilities are in terms of its function as an aid to intellegence analysts, logistics technicians, or consultants? At 07:16 PM 12/5/2004, J.A. Terranson wrote: We had a PROMIS system on our 370 something (168?) back in '81 - ran under SPF/TSO [MVS] IIRC? I always assumed the two were loosely related - I believe it was an early and crude relational DB implementation. But who the hell really knows? There are several different issues related to PROMIS 0 - What size tinfoil hat do you need? (It's probably still worth being paranoid about Echelon, but PROMIS is old hat...) 1 - Feds or somebody basically pirated their copy of the software, back when most mainframe software was expensive, and drove the company into bankruptcy rather than pay up, and they spent a lot of effort covering up their ripoff, possibly including the murder of a journalist. 2 - What are the basic capabilities of the software? I think Alif's got it about right, and remember that back in the early 80s, Codd Date had written some really cool theory about how relational databases could and should work, but most computers didn't have the horsepower for them and the early implementations were mostly either crude or bloated. Also, mainframe software tended to be very customized, particularly if it had to interconnect with other mainframe software like somebody else's non-relational database with a different schema. 3 - What sets of data were the various spooks, feds, and staties _keeping_ in their databases, and how much of it did they share with each other or get from various other sources? If you worked with databases back in the early 80s, remember that a gigabyte of disk used to be pretty big, rather than wristwatch-sized, and a megabyte of RAM was big and cost non-trivial amounts of money, and magnetic tapes held less than 200MB and took tens of minutes to read, and big database projects typically required departments of dozens or hundreds of workers to spend months of budgeting and planning to design schemas and processes that could take months to run, instead of being ad-hoc queries any random employee can run on their desktop over lunchtime if they feel like it, and might be able to run on their pocket computer when riding home on the subway. My department's ~1983 VAX had a 1 MIPS CPU, a gig of removable disk, 4MB RAM, and two tape drives, and cost about $400K. It wasn't big iron - that was typically an order of magnitude bigger. These days, $400 will get you a 3000 MIPS CPU, a gig of RAM, and 100-200GB disk, and database software is free. It's about a million times more cost-effective, depending on whether you care more about CPU, disk, or RAM, and there's an Internet hanging out the back side that will let you use Google's farm of ~100K computers for free.
Kerik, Homeland Security Czar - Scathing article from The Register
The Register has a really friendly article about Kerik, Giuliani's buddy who's proposed for Homeland Security Czar. (El Reg is primarily an online technology newswire, but they do comment on other issues, especially if they have technical aspects - they especially rag on the UK's Home Secretary Blunkett's National ID Card proposals.) http://www.theregister.com/2004/12/06/kerik_homeland_security_secretary/ High-school drop-out to become Homeland Security Czar By Thomas C Greene Published Monday 6th December 2004 11:07 GMT President George W. Bush has nominated former New York City Police Commissioner Bernard Kerik to replace Tom Ridge as Homeland Security Secretary, marking a significant departure from his tendency to choose educated, Patrician types for his Cabinet. Kerik, a high-school drop-out abandoned at age four by his prostitute mother in the gritty town of Patterson, New Jersey, served as an Army MP in South Korea, and later worked in private international security rackets, most interestingly in Saudi Arabia. He joined the New York City Police Department in 1985. He followed that with a stint as Warden of the Passaic County Jail in New Jersey, and became the Training Officer and Commander of the Special Weapons and Operations Units. In 1998 he was named New York Corrections Commissioner, and established an ironclad, head-cracking discipline in the City's notorious detention facilities. A favorite of former New York Mayor Rudolph Giuliani, Kerik had the honor of seeing the Manhattan Detention Complex, known to locals as the Tombs, re-named the Bernard B. Kerik Complex by then-mayor Giuliani. Kerik left a minor cloud of corruption behind, with allegations that one of his lieutenants used correctional staff to work illegally in Republican campaigns. In 2000, Giuliani named Kerik Police Commissioner, to assist him in a vast anti-crime crackdown, where the chief tactic was for police to pounce aggressively on even the most chickenshit offences, such as spitting on the sidewalk. Upon his retirement from City politics, Giuliani decided to cash in on post-9/11 security hysteria by founding his own security outfit, Giuliani Partners LLC. Kerik has served as senior vice president at Giuliani Partners, and CEO of Giuliani-Kerik LLC, a vendor of law-enforcement performance systems. Meanwhile, Giuliani has founded several spin-offs, such as Giuliani Capital Advisors LLC, and the Rudolph W. Giuliani Advanced Security Centers (ASC), a cyber-security outfit formed in connection with Ernst Young. Recently, Kerik shipped out to Iraq to train the local policemen who are routinely blown to pieces by insurgents and terrorists. There, he enjoyed the snappy titles of Interim Minister of the Interior, and Senior Policy Advisor to the US Presidential Envoy to Iraq's Coalition Provisional Authority. Kerik lasted only four months, and the Iraqi police are still as incompetent, weak, and corrupt as when he arrived in country. Kerik began making his transition from local to national politics by campaigning for President Bush's re-election, alongside his political patron and business partner, Rudy Giuliani. Kerik has been a devoted booster of the so-called Patriot Act, having given several speeches in its support while campaigning for Bush. In anticipation of his rise to national office, Kerik recently sold his $5.8m in shares of Taser International, makers of absolutely safe police stun guns that are now routinely used against old women and children. He is expected to be confirmed by the Senate without difficulty. ®
Re: Fallujah: Marine Eye-Witness Report
At 10:02 PM 11/23/2004, James A. Donald wrote: And the problem with a civil war in Iraq is? Well, once you get past the invalid and dishonest parts of Bush's 57 reasons We Need to Invade Iraq Right Now (WMDs, Al-Qaeda, Tried to kill Bush's Daddy, etc.) you're pretty much left with Saddam tried to kill Bush's Daddy and Replacing the EEEVil dictator Saddam with a Democracy to protect the Iraqi people. Pulling off the latter requires that you leave them with something better than a civil war, though it's not clear that what they're getting right now _is_ better than a civil war.
Latest Tasteful Video Game
Slsahdot reports that MSNBC reports http://msnbc.msn.com/id/6549265/ that there's a new video game JFK Reloaded http://www.jfkreloaded.com/start/ that lets you explore the Kennedy assassination from Lee Harvey Oswald's perspective. Neither the article nor the website indicates whether you can also take shots from the Grassy Knoll or other locations, or whether you get +3 Magic Bullets as opposed to regular bullets. The authors claim that they're trying to let people see that the Lone Gunman theory is plausible by letting them try it out. Ted Kennedy's staff put out a highly negative statement, but didn't call for censorship. Bill Stewart [EMAIL PROTECTED]
Re: Gettin' Our Scots-Irish Up
At 07:29 PM 11/15/2004, R.A. Hettinga wrote: The National Review November 15, 2004, 8:24 a.m. Gettin' Our Scots-Irish Up Country music reflects America's spirit. The music that I associate with National Review is distinctly not country-western - it's Bach's Second Brandenburg Concerto, used as the theme music for Bill Buckley's program Firing Line. They may be putting on country-boy airs, but they're still elitists... Bill Stewart [EMAIL PROTECTED]
Ashcroft resigns, America is Safer, at least for the moment
With Ashcroft going, America's a bit safer, unless of course his successor is just as bad. One of the candidates for Ashcroft's successor is Bush's White House legal counsel Alberto Gonzales, who's been responsible for several memos suggesting that POWs from Afghanistan aren't protected by the Geneva Conventions and that torturing captives may be ok. So we may not be safer once he's in place. Another candidate is Larry Thompson, former deputy attorney general, who's currently the general counsel for Pepsico. He's black, which is for some reason still politically interesting, but he's also indicated that he likes working at Pepsico. NYT's latest rumors favor Gonzales. http://www.nytimes.com/aponline/national/AP-Bush-Cabinet.html?oref=login (Requires free login - use some fake email address if you don't have one.)
Re: Love It or Leave It
Bob continues to forward entertaining and occasionally insightful articles to the list. From the bluesy side of the fence, Moby wrote: can someone remind me why secession is not an option at this point? Meanwhile, on the Commie-colored side of the fence, Mike Thompson of HUMAN EVENTS ONLINE took several weeks to write a modest proposal to kick the states that didn't get with the program out of the union. Those of us who remember the Vietnam-era redneck taunt about America: Love It or Leave It also remember that if anybody *did* leave, the right wing got immensely offended by it and wanted to hunt them traitors down like dawgs. Then of course there was that unpleasantness of the War Between the States, aka the War of Northern Aggression, in which the Red States left because they didn't like the liberal northerners and their activist judges and politicians disrupting the core of their traditional values, and the Blue States insisted that Nationalism was more important than the right to secede and attacked them. So no, it probably won't fly... Unfortunately, I have to agree with the critics of Kerry who said that he was aloof and out of touch with Middle America; his campaign clearly didn't recognize that Bush had succeeded at telling them that Kerry didn't share their values, and Kerry didn't realize it and demonstrate otherwise, nor did he do an adequate job of talking about Democratic values in a way that would draw them in. And the Republicans and the Democrat establishment had pretty much gotten together to take out Howard Dean, who was building an actual political party inside the hollowed-out shell of the current party. Bill Stewart [EMAIL PROTECTED]
Re: the new Keyser Sose (was Re: Do androids dream of electric camels?)
Not sure if the old Keyser Sose was limping or not, but he came out last week to give George Bush's campaign a helpful Booga booga booga to remind the sheeple that he's still there. Bush's speech had bragged that Osama could run, but he can't hide, and Kerry neglected the chance to remind the public that Osama ran, and he's hidden real well, and that Bush has been too busy with the war on Saddam to bother catching him.
Re: So Who Won?
At 10:54 PM 11/2/2004, Eric Cordian wrote: So who won the US election? The turd sandwich, or the giant douche? Cthulhu appears to be way ahead.
Re: Osama's makeover
At 08:23 PM 10/30/2004, Major Variola (ret) wrote: And did you see the wire up his back and the earpiece? Or maybe its hard to get good tailors in Pakistan. Nah - he's allowed to use a Teleprompter, unlike Bush and Kerry at the debate-o-mercials. And unlike Bush, he can actually read. Bill Stewart [EMAIL PROTECTED]
RE: Geodesic neoconservative empire
On Fri, 29 Oct 2004, James A. Donald wrote:
This presupposes the US intends to rule Afghanistan and Iraq,
which is manifestly false.
Since this chain started by ragging on RAH about it being a
_geodesic_ neo-{Khan, con-men} empire, you're both correct -
there isn't a conflict between ruling them by proxy
and not ruling them directly, assuming that the Commander-in-Chief
can get Our Puppet Iraqis to take over ruling their country for us
as was supposed to magically happen when we knocked off
our previous puppet. It didn't help that the Iraqis have
con-men of their own like Ahmad Chalabi telling our con-man
how easy it would be (which is what they wanted to hear)
and we've not only had to get a new puppet, we've had to
do an awful lot more work that we were supposed to.
At 07:24 PM 10/29/2004, J.A. Terranson wrote:
Agreed. Our interest in not in Afghanistan/Iraq per se.
Our interest is in ruling the *planet*,
rather than any individual pissant player.
I've never been clear how much the neo-con gang
(Wolfowitz, Leo Strauss, et al.) desire to
give America a cohesive sense of national purpose
through empire was because they cared about actually
controlling the rest of the world and
how much was because they cared about ruling America.
Bill Stewart [EMAIL PROTECTED]
Re: 2000 curies of Ci
At 09:19 PM 10/28/2004, Major Variola (ret) wrote: Perhaps you meant Cs-137. Halliburton loses mCi of Am-241 etc monthly. MilliCuries? That's a bit surprising, though losing microCuries of it would be more likely. An average home smoke detector has 1-5 microcuries, and industrial detectors go up to 15, according to one or two articles on the web which may be outdated. So you're saying they lose hundreds to thousands of smoke detectors a month? Bill Stewart [EMAIL PROTECTED]
Re: Donald's Job Description
At 06:52 PM 10/27/2004, R.A. Hettinga wrote: .. ... Kerry ... In the meantime, Bill, I um, feel your pain. He's *my* senator. And the *liberal* one, too. Hey, we've got DiFi here, who's unfortunately been more effective at getting things she wants. But it's Barbara Boxer who's up for election this round. Bill Stewart [EMAIL PROTECTED]
Re: the simian unelected is blocking the world
At 07:41 PM 10/27/2004, R.A. Hettinga wrote: At 9:33 PM -0500 10/27/04, J.A. Terranson wrote: You graduated after all that beer??? Beer *and* philosophy. I must be a genius, or something. a href=that Monty Python drunken philosophers song... :-).
Re: Russia tied to Iraq's missing arms
At 08:09 PM 10/27/2004, R.A. Hettinga wrote: I'll see you one fizzled October surprise, and raise you... The Bush Administration succeeded in delaying it until late enough in October not to ruin the election, and in the Commie-Colored states it's probably mostly playing as that Eeeevi Saddam had lots of Ammo, aren't we glad that Fearless Leader took him out! THE WASHINGTON TIMES There's the Liberal Media at work :-) reliable information The Bush Administration keeps using phrases like reliable information and credible sources. I don't think it means what _they_ think it means. on the arms-dispersal program from two European intelligence services that have detailed knowledge of the Russian-Iraqi weapons collaboration. Russians collaborating with Iraqis? I thought the Iraqis were supposed to be on the side of Moslem Terrorists, like the Chechens. I guess propaganda has no more reason to be self-consistent than Middle Eastern political behaviour, though. Most of Saddam's most powerful arms were systematically separated from other arms like mortars, bombs and rockets, and sent to Syria and Lebanon, and possibly to Iran, he said. Saddam giving weapons to the Iranians? Fat chance. Syria's not real likely either, though less improbable, and Lebanon's mostly under Syrian control but has enough people there who are anti-Israel that it's possible. Bill Stewart [EMAIL PROTECTED]
Re: Donald's Job Description
At 05:11 PM 10/27/2004, Dave Howe wrote: Tyler Durden wrote: I'm sure there are several Cypherpunks who would be very quick to describe Kerry as needs killing. but presumably, lower down the list than shrub and his current advisors? Oh, definitely much lower(even if he wins :-). And if he loses, he ought to take Nader's place as the spoiled the election guy, or at least Dukakis's. They say we've got the best politicians money can buy, but we sure should be able to buy better politicians than him. Kerry was one of the worst runnable Democrats they could find. Edwards was worse, and at the time I thought Gephardt was worse, though Kerry's chickened out enough that he might not win, which would be worse than Gephardt winning. Kerry's a content-free stuffed shirt who no longer has the guts that he had during his anti-war days, which is a big problem in a campaign about emotions and values and Fearmongering, and Edwards is all pretty face with no apparent soul either. He's thoroughly failed to propose anything positive or concrete (saying Help is on the way just doesn't cut it, especially if you don't have anything to offer except not being Bush) and he's let his I'm a war hero stance get in the way of bashing Bush's incompetence in the war and bashing Bush's fundamental dishonesty. He's let Karl Rove dominate the emotional campaign, and failed to take the high road aggressively but tried to fight back against Rove on Rove's territory, which is futile. The only time he really got anywhere emotionally was during the parts of the debates where he would talk about how Bush's father did x/y/z and Bush Jr. wasn't up to it, which left Bush squirming at his podium, and he failed to catch on to the fact that Bush-o-nomics is the same Voodoo Economics that Bush Sr. criticized when he was running against Reagan. Howard Dean would have been fun, but he was enough of a threat to the establishment that they had to stop him (especially the Democratic establishment, because he was rebuilding an actual political party with some grass roots in it as opposed to the current pure astroturf.) And MoveOn seems to have mostly disappeared.
Re: Airport insanity
At 02:20 AM 10/21/2004, James A. Donald wrote: Doubtless there are some innocents in Gautenamo - but the usual reason they are there is for being foreigners in Afghanistan in the middle of a war with no adequate explanation. At 09:21 AM 10/22/2004, James A. Donald wrote: J.A. Terranson No. We are under attack by those DEFENDING THEMSELVES. All of the terrorists came from countries that were beneficiaries of an immense amount of US help. James - Many, perhaps most, of the POWs at Gitmo weren't foreigners, they were Afghans. Many of the POWs at Gitmo probably were Al-Qaeda or other organized paramilitary groups. But many of them were described by the US propagandists as Taliban fighters - the military arm of the local central government who were legitimate to the extent that any group of warlords who are the current king of the hill are legitimate, and not too many months before the invasion, the US government was giving those same Taliban $43million because they were so helpful in our War on Drugs. And sure, they're a nasty bunch, but so are many of the anti-communist military juntas the US supported over the years. It wasn't like the US didn't know the Taliban were tolerating anti-American terrorist groups at the time - Clinton's Pentagon had bombed some of the camps in ~97 as well as the Sudan medical factory in response to bin Laden's bombing of the US embassies in Africa. Also, perhaps you don't realize this, but many countries with central governments do allow foreigners to stay there, whether as immigrants, tourists, guestworkers, businessmen, students, or attendees of terrorist training camps like the School of the Americas or the Osama bin Laden gang. Countries without effective central governments are usually more flexible about such things, and cultures that are tribally organized with colonialist-drawn boundaries are also less likely to be picky about it, though they may be more picky about whose tribal land you're in. Bill Stewart [EMAIL PROTECTED]
Dr. Hunter S. Thompson on the Election
A lot of columnists are trying to look fair and balanced in their election coverage, expressing their biases opinions while claiming to be reasonable; I'm most recently mad at Safire for this. So it's nice to be able to recommend a column by someone who's making no pretense of balance, the good Doctor himself: http://www.rollingstone.com/politics/story/_/id/6562575?rnd=1098436549411has-player=trueversion=6.0.12.1040 Bill Stewart [EMAIL PROTECTED]
Re: Printers betray document secrets
At 05:23 PM 10/18/2004, R.A. Hettinga wrote: http://news.bbc.co.uk/2/low/technology/3753886.stm It turns out that their techniques aren't all that useful. Changing laser printer cartridges changes the results. You might find that two documents were printed by the same printer, but it doesn't give you the options for tracking it down that manual typewriters did. And the differences don't identify a specific printer in a way that can be tracked, e.g. identifying a serial number that could be looked up from warranty records. It's not clear that they work at all with inkjet printers, and changing ink cartridges is even more common than changing laser printer cartridges. If you're sloppy, you've probably got a bunch of partly-used cartridges around, so even if you want to print out a bunch of ransom notes or whatever, you don't even have to go to Kinko's to get them to be different. If printer makers want to build in watermarking to make everything they print traceable, the way many of them check for documents that look like money and don't print them, they could hide patterns that survive cartridge changes (would you notice a few inverted pixels on a 600x600dpi printout?) But even then, inkjet printers are dirt cheap; when they're on sale, they're essentially a free enclosure in a box of overpriced printer cartridges, so even of the printer wants to rat out the user and it's not easy to change the serial number PROM, you can just replace the printer. Bill Stewart [EMAIL PROTECTED]
Re: Give peace a chance? NAH...
At 11:25 AM 10/19/2004, Dave Howe wrote: TBH the UK *did* have a major terrorist threat for decades - because we were dicking around in *their* country :) Do you mean the terrorists who raised their funding in bars in Boston and San Francisco? They haven't been doing much active terror lately, though they still try to raise funds in the bars on Geary Street. The Bush Administration says that they'll go bomb any country that harbors anti-US terrorists, but if the UK felt the same way and bombed Boston I bet they'd be a bit upset. (Bombing San Francisco wouldn't bother the Bush League as much.)
Re: Airport insanity
At 12:18 PM 10/18/2004, James A. Donald wrote: http://washingtontimes.com/national/20041018-124854-2279r.htm : : Despite gaining their freedom by signing pledges to : : renounce violence, at least seven former prisoners : : of the United States at Guantanamo Bay, Cuba, have : : returned to terrorism, at times with deadly : : consequences. : : : : At least two are believed to have died in fighting : : in Afghanistan, and a third was recaptured during a : : raid of a suspected training camp in Afghanistan, : : Lt. Cmdr. Flex Plexico, a Pentagon spokesman, said : : last week. Others are at large. : : Additional former detainees have expressed a desire : : to rejoin the fight, be it against U.N. peacekeepers : : in Afghanistan, Americans in Iraq or Russian : : soldiers in Chechnya. None of those things sound like terrorism to me, just basic military violence, though certainly the American and Russian militaries aren't the only ones engaging in terrorist activities in South Asia and some of these ~146 people may be among them. But most of the Warlord-vs-Warlord fighting in Afghanistan isn't terrorism, and most of the Iraqi Resistance isn't either, and I'd have expected that a staunch anti-communist like James wouldn't mind people shooting at Russian soldiers even though they're no longer Soviets. At 11:38 AM 10/18/2004, James A. Donald wrote: Tyler Durden Let's just state the obvious: September 11th occurred not because we had a few crazy Muslim fundamentalists out there that decided they hate our freedoms. The struck us because we've been fuckin' over a large swath of the Muslim (not only Arab) world for 100 years or so And the reason they are murdering Iraqi Christians, Filipinos, Ambionese and Timorese is? While the ones murdering Iraqi Christians may be doing it out of religious hatred as well as the perception that the Americans are running a Christian crusade against the Muslim world, the Indonesian invasions of their neighbors such as East Timor are just good old nationalist expansion - the US has been funding the Indonesian military for ~40 years because they're our Anti-Communist buddies, and who cares about their human rights records. You didn't expect that behaviour to stop just because there were no longer any Commies around, did you?
Re: Airport insanity
Damian Gerow I've had more than one comment about my ID photos that amount to basically: You look like you've just left a terrorist training camp. As Erma Bombeck wrote, by the time you look like your passport photo, it's time to come home from vacation. An extra couple of red-eye flights don't help, either. At 11:27 AM 10/16/2004, James A. Donald wrote: If you really look like the shoe bomber, then you should have to drive, or use public transport. James misspoke here - the only public air transport I'm aware of in the US is run by the military, and or if he meant that people who look like shaggy-haired Brits with real leather shoes should be banned from privately-run transportation systems like airplanes and Greyhound, that pretty much leaves Amtrack as the only long-distance transport option for civilians, since city and county busses normally don't go very far. At 11:27 AM 10/16/2004, James A. Donald wrote: Provided the number of people you throw off planes is rather small, I don't see the problem. Depends a lot on how high up the planes are when you throw them off... There's the concept of due process of law that the Bush administration isn't very familiar with that determines when you're Constitutionally permitted to deprive people of their liberties. At 11:38 AM 10/18/2004, Thomas Shaddack wrote: Personally, as a relatively frequent flyer, I worry much more about things like cutting corners of fuselage and engine maintenance and quality of fuel (and, perhaps even more, the quality of onboard coffee) than about bombers on board. Unfortunately, cutting the quality of the onboard coffee means that you're more likely to look like a shoe-bomber by the time the plane arrives. Bill Stewart [EMAIL PROTECTED]
Fwd: Libertarian and Green Party Presidential Candidates Arrested!
Date: Sat, 9 Oct 2004 18:08:55 -0700 (PDT) Subject: Libertarian and Green Party Presidential Candidates Arrested! From: (another list) While trying to enter the Bi-Partisan Press Conference tonight to serve legal papers to the CPD: http://badnarik.org/supporters/blog/2004/10/08/michael-badnarik-arrested/ 8:38PM CT The first report from St. Louis is in - and presidential candidates Michael Badnarik (Libertarian) and David Cobb (Green Party) were just arrested. Badnarik was carrying an Order to Show Cause, which he intended to serve the Commission on Presidential Debates (CPD). Earlier today, Libertarians attempted to serve these same papers at the Washington, D.C. headquarters of the CPD - but were stopped from approaching the CPD office by security guards. Fred Collins reported to me from the ground that Badnarik and Cobb are in great physical condition and great spirit. As soon as more details are available, they will be posted here immediately. 8:51PM CT I just spoke with Jon Airheart on his cellular telephone. He reports that while he could see no handcuffs, both Badnarik and Cobb had their hands behind their backs, as if they were handcuffed. Airheart also confirms that Badnarik did have the papers to serve the CPD in his jacket pocket. 9:09PM CT The first AP report just hit Google News: Just as the debate began, two third-party presidential candidates purposely crossed a police barricade and were arrested. Green Party presidential candidate David Cobb and Libertarian Party candidate Michael Badnarik were protesting their exclusion from the debate And a whole lot more on the blog page... Mark Bill Stewart [EMAIL PROTECTED]
Re: RFID Driver's licenses for VA
On Thu, 7 Oct 2004, Sunder wrote: So the cops and RFID h4x0rZ can know your true name from a distance. and since RFID tags, are what, $0.05 each, the terrorists and ID counterfitters will be able to make fake ones too... Whee! At 04:35 PM 10/7/2004, Thomas Shaddack wrote: A defense is a metal board in a wallet, close to the RFID chip's antenna. It is readable when the licence is taken out of the wallet. When inside, the antenna is quite effectively shielded. Tinfoil Wallets, anybody? :-) Actually, does anybody know if metallized mylar would do a good job of blocking RFID readers, or if that carbon-fiber insulating cloth that's useful for RF-shielded rooms would work well enough? Also sounds like a good reason to carry a Rivest RFID blocker in your wallet. Bill Stewart [EMAIL PROTECTED]
RE: QC Hype Watch: Quantum cryptography gets practical
At 05:12 PM 9/30/2004, Tyler Durden wrote: What's a quantum repeater in this context? It's also known as a wiretap insertion point... As for Hype Watch, I tend to agree, but I also believe that Gelfond (who I spoke to last year) actually does have a 'viable' system. Commerically viable is another thing entirely, however. Practical implies that there's a crossover point between cost and benefit and that implementation is on the benefit side. Implementation may now be possible, and the costs may be lower than their previous infinite value, but the main benefits I see are public relations hype to impress the rubes and protect against zero-day exploits against Diffie-Hellman or Cisco IOS. But you could protect against the Cisco exploits just as easily with a conventional-key encryption hardware box, and you wouldn't need contiguous fiber.
Nightclub you'll want to skip - RFID microchipping the guests [BBC article]
Here's a nightclub you'll want to skip, unless you feel like hacking RFIDs... (Nothing up my sleeve but this Rivest RFID Blocker!) ** Barcelona clubbers get chipped ** Some clubbers in Barcelona have opted to have a microchip implanted which lets them pay for drinks. http://news.bbc.co.uk/go/em/fr/-/2/hi/technology/3697940.stm BBC Science producer Simon Morton goes clubbing in Barcelona with a microchip implanted in his arm to pay for drinks. Imagine having a glass capsule measuring 1.3mm by 1mm, about the size of a large grain of rice injected under your skin. Implanting microchips that emit a Radio Frequency Identification (RFID) into animals has been common practice in many countries around the world, with some looking to make it a legal requirement for domestic pet owners. The idea of having my very own microchip implanted in my body appealed. I have always been an early adopter, so why not. Last week I headed for the bright lights of the Catalan city of Barcelona to enter the exclusive VIP Baja Beach Club. The night club offers its VIP clients the opportunity to have a syringe-injected microchip implanted in their upper arms that not only gives them special access to VIP lounges, but also acts as a debit account from which they can pay for drinks. This sort of thing is handy for a beach club where bikinis and board shorts are the uniform and carrying a wallet or purse is really not practical. Thumping heart I met the owner of the club, Conrad Chase, who had come up with the idea when trying to develop the ultimate in membership cards and was the first person implanted with the capsule, made by VeriChip Corporation. With a waiver in his hand Conrad asked me to sign my life away, confirming that if I wanted the chip removed it was my responsibility. Four aspiring VIP members sat quietly sipping their beverages as the nurse Laia began preparing the surgical materials. Like a scene from a sci-fi movie, latex gloves and syringes were laid out on the table as the DJ played loud dance tunes that made my heart thump, or was it just fear? Questions were going through my mind. Would it hurt? What are the risks? What if I want to get it out? I ordered another drink. Comfortably numb Laia started by disinfecting my upper arm and then administered a local anaesthetic to numb the area where the chip would be implanted. With the large needle in her hand, she tested the zone which made me flinch and led to another dose of the anaesthetic. With a numb arm, Laia held up the rather large needle containing the microchip and inserted it beneath the layer of skin and fat on my arm. She pressed the injector and it was in - my very own 10 digit number safely located in my body. The chip is made of glass and is inert so there is no risk of it reacting with my body. It sits dormant under the skin sending out a very low range radio frequency so it will not set off airport security systems. The chip responds to a signal when a scanner is held near it and supplies its own unique ID number. The number can then be linked to a database that is linked to other data, at the Baja beach club it make charges to a customers account. If I want to leave the club then I can have it surgically removed - a pretty simple procedure similar to having it put in. Now, the question of did it hurt. Having the chip inserted was a breeze, no real pain to report of. The real pain was the sore head the following day after a night on an open bar tab. You can hear more about Simon's experiences on the BBC World Service programme Go Digital Story from BBC NEWS: http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/3697940.stm Published: 2004/09/29 08:17:45 GMT © BBC MMIV
Re: Foreign Travelers Face Fingerprints and Jet Lag
At 07:22 AM 10/3/2004, Steve Furlong wrote: On Sun, 2004-10-03 at 05:18, Peter Gutmann wrote: The US now has the dubious distinction of being more obnoxious to get through the borders than the former East Germany (actually even without this measure, the checks had become at least as obnoxious as the East German ones). I wonder whether the next step will be building a wall... There's already a wall / fence built to keep Mexicans out. Reign in the overheated rhetoric. The East German state built their wall to keep the East Germans from leaving, while the US policies are meant to keep out a demonstrated threat. They're primarily intended to create a climate of fear and dependence and reassure the American public that the government's in charge. Bill Stewart [EMAIL PROTECTED]
More Convenient Use of Electronic Gold Payments
I've used E-Gold in the past, and found that the hardest part of the process is buying the stuff to put in your account - setting up an account and paying people with it are both easy, but to buy the gold, you need to find some way to give somebody some other kind of money so they'll give you electronic gold. If you want $1 worth, or want to transfer physical gold, it's not hard, but if you just want small quantities it was annoying. Jim Davidson's article talked about E-Gold and other currencies, and almost all of them operate under a model in which the gold service transfers gold credits between accounts, but buying the gold credits with other types of money is handled by third-party retailers, and almost none of the retailers will accept credit cards or Paypal without long delays, though they'll happily accept other gold currencies. There's now a much more convenient way to buy online gold - goldage.net. To pay them cash, you do an online form, then go to a bank they use, and fill out a deposit slip with their account number from the form, and hand the bank your cash, and then do another form to say you did it. They use banks in USA, Japan, Malaysia, Philippines, Singapore and South Africa. Their US banks include Bank of America, Wells Fargo, and three or four others. You don't need to set up an account with them - they mostly do transactional business, though their fees are a bit lower if you're a large frequent customer. The gold currency payment isn't instant - it can take a couple of days for Goldage to see that the deposit was made. They seem to be a small operation, so they're very responsive to email. A couple of months ago, I wanted to pay for some services using an online gold currency, and the merchant accepts E-gold, Pecunix, and several other gold currencies. I didn't want to use E-Gold itself, because there are too many spammers phishing for people's e-gold account information the way they do for credit cards, and I didn't want to have to miss any _real_ email from them mixed in with the spam. Pecunix was one of the gold currencies that my merchant's online payment system Goldcart accepted, and they were easy to use. So I did the online form at Goldage, deposited the cash at the bank, checked Pecunix a couple of days later, and paid the merchant. I think the total fees were about $6-7 between the different service providers, mostly the $5 minimum fee at Goldage, and I may have a buck or two of round-off-error money sitting in Pecunix, but the percentage costs would be lower if I were using it more frequently rather than a one-shot transaction. It worked very well, and was much simpler than a few years ago.
Re: John Abizaid needs termination
Variaola allegedly wrote: Saw general Abizaid on the news. He was so obviously either experiencing pharmaceutically-induced nystagmus or reading from a teleprompter it wasn't funny. Methinks he's a robot, or taking too many go-pills. Lets hear 2K dead by the elections. We'll settle for less if they're in DC. Isn't he the guy who keeps sending emails about his corrupt Nigerian uncle's poor widow who needs to smuggle $18B in unspent funds out of Iraq and wants your bank account number so you can help? (OK, no. http://www.johnabizaid.com/ has his bio and pointers that look like they're supposed to be his writings, except there are broken html links to apaam.org, the Association of Patriotic Arab Americans in the Military or something.) He's apparently campaigning for the position of military governor of Iraq. At least he does speak Arabic.
Re: Mystification of Identity: You Say Yusuf, I Say Youssouf...
At 06:03 PM 9/25/2004, R. A. Hettinga wrote: Gilmore, et al., are right, as always. If you've been all-but cavity-searched -- okay, virtually cavity-searched, given the state of modern X-Ray airport passenger scanning technology -- and you don't have a weapon, exactly *how* is knowing *who* you are going to affect your ability to hijack an airplane? Of course it doesn't. However, if there are known potential hijackers who travel under their True Names or Known Aliases, and if there's a list of them that can be checked against, knowing the name you're using can validate whether you might be one of them, and preventing you from flying means you can't carry out your Clever New Hijacking Plan, such as converting that small guitar into a set of six piano-wire garrotes or mixing that liquid oxygen shoe sole with rum to form an explosive, and it prevents you from using previously undetected explosives in your luggage or whatever. There are several reasons you might divert a plane in this environment - - to spank the airline for not being careful enough about checking the list, independent of any hijacking risk. - to cover the ass of the person who put the wrong spelling on the list, even though the US Enemies Airline Blacklist supposedly has the passport numbers of Official US Enemies and therefore should have been able to get the spelling from Yousouff's UK passport. - to prevent a potential hijacker from hijacking the plane during the descent phase of the flight, in case they're planning to crash it into Washington instead of London, or to reduce the time that the plane is in the air, in case there's a timed-release bomb in the luggage. (Ideally you'd like to prevent them and their luggage from getting on at all, but it was too late for that, and if there's a pressure-triggered luggage bomb you've already lost.) - to maintain the pretense that the people on the list are potential hijackers or airplane suicide bombers, as opposed to people who might sing politically inconvenient music or give talks that encourage other potential US Enemies or give the money to hire other people to do the dangerous bits. - to be extremely conservatively overcautious because you've discovered that you mistakenly let someone on the plane and the version of the Enemies List that you have access to doesn't indicate which people are actively dangerous passengers of the potential hijacker/bomber type, as opposed to political Enemies who you could arrange to harass at Customs after they've arrived, and you don't have the time to find out why they're there before landing (hey, it took Teddy Kennedy three tries), so you throw the Better Safe Than Sorry dice and decide you can spin the PR Fearmongering if you're oversensitive. I'd guess that the working-level decision was the latter conservative knee-jerk, though the decision-makers preferred to think of it as the third case. Conservatism is easier when _you're_ not going to have to pay for the extra airplane costs or deal with the other passengers who miss their airline connections because you stuck them in Bangor, which are somebody else's problem. The entertaining questions are when they figured out that he was the well-known Cat Stevens and not just the generic-Moslem-sounding Mr. Islam, and whether there are pre-defined policies about landing them in Bangor when they ostensibly had enough advance notice to land them in Newfoundland or Labrador instead, which aren't US territory.
Re: potential new IETF WG on anonymous IPSec
At 04:05 PM 9/16/2004, Joe Touch wrote: FWIW, the other system we were referring to - TCP-MD5 - works at the TCP layer. It rejects packets within TCP, before any further TCP processing, that don't match the MD5 hash. It isn't BGP authentication. Oh - I'd misunderstood. Yes, that sounds much harder to forge, so it's actually useful for DOS reduction. At 03:27 AM 9/17/2004, Ian Grigg wrote: I wouldn't think that the encryption need be opportunistic; in the BGP backbone world, as you noted, peers are known a-priori, and should have certs that could be signed by well-known, trusted CAs. Let's see if I can make these assumptions clearer, because I still perceive that CAs have no place in BGP, and you seem to be assuming that they do. ... When we come to BGP, it seems that BGP routing parties have a very high level of trust between them. And this trust is likely to exceed by orders of magnitude any trust that a third party could generate. Hence, adding certs signed by this TTP (well known CA or not) is unlikely to add anything, and will thus likely add costs for no benefit. If anyone tried to impose a TTP for this purpose, I'd suspect the BGP admins would ignore it. Another way of thinking about it is to ask who would the two BGP operators trust more than each other? There are two reasons to use the CA. One is if the parties don't know each other (not a problem here), but the other is so the VPN receiver has some external validation on the data it receives, making MITM attacks harder. For applications like BGP, you don't care if the CA is Dun Bradstreet or if it's just Alice's own CA, because it's really functioning as a shared secret but the commodity VPN hardware wants an X.509 cert for MITM protection. Bill Stewart [EMAIL PROTECTED]
Re: potential new IETF WG on anonymous IPSec
At 02:17 PM 9/16/2004, Joe Touch wrote: Ian Grigg wrote: On the backbone, between BGP peers, one would have thought that there are relatively few attackers, as the staff are highly trusted and the wires are hard to access - hence no active attacks going on and only some passive eavesdropping attacks. Also, anyone setting up BGP routing knows the other party, so there is a prior relationship. My understanding of the attacks this past spring is that: a) they were indeed on the backbone BGP peers b) that those peers had avoided setting up preshared keys or getting mutually-authenticatable certificates because of the configuration overhead (small on a per-pair basis, but may be large in aggregate) The interesting attacks were a sequence-number guessing attack using forged TCP RST packets, which tell the TCP session to tear down, therefore dropping the BGP connection (typically between two ISPs). The attackers didn't need to be trusted backbone routers - they could be randoms anywhere on the Internet. BGP authentication doesn't actually help this problem, because the attack simply kills the connection at a TCP layer rather than lying to the BGP application. A simple way to avoid most of this problem is to filter packets at the edges so that customer connections can't send IP (or ICMP, while you're at it) packets to the core addresses on the routers that do the BGP signalling. (It's not a complete solution, because both ends of the connection need to so that, or need to do spoof-proofing so nobody can forge packets from those addresses, or both.) Customers can still send packets to the ISP edge routers supporting their own connections, but killing your own internet connection is much less entertaining than killing somebody else's, and if the customer is managing their own router, their users probably have an easier time killing that end of the connection than convincing the ISP's end to drop the connection. (One downside to this approach is that customers can't simply ping routers to get information about paths, latencies, capacities, etc., but that's not necessarily a bad thing. Also, you can set things up so they can traceroute to the far end of a connection and still get traceroute responses from the intermediate routers.) While inspired by this issue, there may be other solutions (e.g., IMO IPsec) which are more appropriate for BGP peers. ... I wouldn't think that the encryption need be opportunistic; in the BGP backbone world, as you noted, peers are known a-priori, and should have certs that could be signed by well-known, trusted CAs. I agree with Joe. You can fix most of the problems using ACLs, but IPSEC does have some appeal to it. You don't even need CAs - pre-shared secrets are perfectly adequate, but if you want to use a CA-based IPSEC implementation for convenience, you can agree on what CA to use when you're agreeing on other parameters. Bill Stewart [EMAIL PROTECTED]
Re: Spam Spotlight on Reputation
- BEGIN PGP SIGNED MESSAGE - At 05:33 AM 9/13/2004, Ben Laurie wrote: Bill Stewart wrote: I find it more annoying that there are spammers putting PGP headers in their messages, knowing that most people who use PGP assume PGP-signed mail is from somebody genuine and whitelist it. Surely you should check that: a) The signature works b) Is someone in your list of good keys before whitelisting? My terminology was a bit sloppy, but until recently, you could use the presence of PGP format indicators as a whitelist entry, or at least a SpamAssassin good weight - spammers didn't use the stuff, and the worst would be quasi-spam like Yet Another Invitation to some crypto-industry marketroid's seminar. It might be a rant from Detweiler or some other cypherpunk that you bozofilter, but at least that was a job for your email program to sort out, not your first-tier spamfilter. Besides, with most email clients, you can't check the PGP information without opening the email (more obviously true for PGP encrypted mail than signed mail), so the email filters just go for basic syntax. Bill Stewart [EMAIL PROTECTED] -END PGP SIGNED MESSAGE- LKJEDGFDAFKLHFDSAFDSLAFHLKDFHLKJDHFHLDSKFHLKDHFLKDHFKLFDSFLDSFHDX DASHFLDSFHDSFKLFDSLKFLKDJSFKLSDHFLKJHDFLKJFJKDSHFDLKJHFDLKSHFLDSK BADSIGNATUREBADSIGNATUREBADSIGNATURENODOUGHNUTBADSIGNATUREBADSIGN -END PGP SIGNATURE-
Re: Forest Fire responsible for a 2.5mi *mushroom cloud*?
The news says that North Korea's government says they were blowing the top off a mountain as part of hydroelectric construction. They don't quote any unnamed officials saying Whoops...
Re: Nanometer Bamboo Carbon TEMPEST Protection
At 10:10 AM 9/14/04 -0700, John Young wrote: From: dumbshit [EMAIL PROTECTED] Subject: effectively prevent computer radiation especially computer radiation, which does much harm to human body. At 08:42 AM 9/14/2004, Major Variola (ret) wrote: How do you say scam for the clueless in Mandarin? Hey, you cultural imperialist! Western domination of the Tinfoil Hat market has got to stop! Traditional Chinese materials can be equally effective and aesthetically superior. Bill Stewart [EMAIL PROTECTED]
Re: Forest Fire responsible for a 2.5mi *mushroom cloud*?
That of course brings us full circle: how many fuels can produce a blast which results in a 2+ mile mushroom? That's a *lot* of explosive force. Blast sets off the forest fire, fire makes the smoke. Not a problem. Go visit Northern California in late summer firestorm season (though we don't need fertilizer plants to start fires; smaller accidents or stupid people can do the job just fine.) At 03:07 PM 9/12/2004, J.A. Terranson wrote: http://www.muenster.org/uiw/fach/chemie/material/gif/oppau.jpg Wow! I had no idea ammonium nitrate (ANFO for all intents and purposes, yes?) could produce that kind of result! How much was there? No FO, just AN all by itself. NH4NO3 turns into N2 + 2H2O + O, and the leftover O finds something productive to do, like combine with another O into O2, or burn some nearby carbon, and it's hot enough the H2O is gaseous also. If you've got FO, it'll happily combine with the spare O, producing lots of heat and speeding up the reaction. The first earthquake-like event I experienced was when a chemical plant across the river from where I lived blew up; I think it was a fertilizer plant of some sort. (I was in Delaware; the plant was in New Jersey, and it was ~1968.) Fertilizer plants blow up real good; about the only thing better are ammunition depots and maybe explosives plants, and usually those are built to contain the explosion better. (By the way, most people think of the Parthenon as an ancient ruin; it was actually in very good shape, roof and all, until ~1850, when the Greeks were using it as an ammunition depot during one of their wars with the Turks and the Turks blew it up.) Bill Stewart [EMAIL PROTECTED]
Re: Forest Fire responsible for a 2.5mi *mushroom cloud*?
At 11:45 AM 9/12/2004, Major Variola (ret) wrote: Time will tell, and it certainly could have been a nuke (they have the SNMs), but if you do it, you talk about it, much like the Indi/Pakis did. And you can't hide a surface burst, or even a large belowground test --and an underground test that vents to the atmosphere doesn't make such a big cloud. When the Israeli / South African nuke test was done, they didn't talk about it, they pretended it hadn't happened, and the US government, at least publicly, has continued to pretend that we don't know that Israel has weapons of Mass Destruction.
Re: BrinCity 2.0: Mayor outlines elaborate camera network for city
-BEGIN TYPE III ANONYMOUS MESSAGE- So, since this is titled BrinCity, it surely means that the image streams will be available from a web site and that we the people get cameras in the emergency response center and the mayor's office? -END TYPE III ANONYMOUS MESSAGE- No, this is from the what happens if the public *isn't* leading the video-camera revolution sections of Brin's books...
Re: potential new IETF WG on anonymous IPSec
At 12:57 PM 9/9/2004, Hal Finney wrote: http://www.postel.org/anonsec To clarify, this is not really anonymous in the usual sense. Rather it is a proposal to an extension to IPsec to allow for unauthenticated connections. Presently IPsec relies on either pre-shared secrets or a trusted third party CA to authenticate the connection. The new proposal would let connections go forward using a straight Diffie-Hellman type exchange without authentication. It also proposes less authentication of IP message packets, covering smaller subsets, as an option. I read the draft, and I don't see how it offers any improvement over draft-ietf-ipsec-internet-key-00.txt or Gilmore's proposal touse open secret as a not-very-secret pre-shared secret that anybody who wants to can accept. It does introduce some lower-horsepower alternatives for authenticating less than the entire packet, and suggests using AH which I thought was getting rather deprecated these days, but another way to reduce horsepower needs is to use AES instead of 3DES. Also, the author's document discusses protecting BGP to prevent some of the recent denial-of-service attacks, and asks for confirmation about the assertion in a message on the IPSEC mailing list suggesting E.g., it is not feasible for BGP routers to be configured with the appropriate certificate authorities of hundreds of thousands of peers. Routers typically use BGP to peer with a small number of partners, though some big ISP gateway routers might peer with a few hundred. (A typical enterprise router would have 2-3 peers if it does BGP.) If a router wants to learn full internet routes from its peers, it might learn 1-200,000, but that's not the number of direct connections that it has - it's information it learns using those connections. And the peers don't have to be configured rapidly without external assistance - you typically set up the peering link when you're setting up the connection between an ISP and a customer or a pair of ISPs, and if you want to use a CA mechanism to certify X.509 certs, you can set up that information at the same time. Bill Stewart [EMAIL PROTECTED]
Savvis dropping major spammers (cypherpunk sighting.)
http://news.bbc.co.uk/2/hi/technology/3634572.stm John Young and John Gilmore aren't the only cypherpunks in the news lately. J. Alif Terranson was in a BBC article about getting the company to agree to drop the hundred or so major spammers who've been using their network. Some of them are former CW customers, some are new, and they've been estimated to be about $2M/month business for Savvis, so this is a non-trivial step for Savvis. On the other hand, Savvis risked getting its whole network blacklisted by the major spam anti-spam groups if it didn't do something. We'll see if they follow through.
Re: Spam Spotlight on Reputation
At 03:15 PM 9/6/2004, Hadmut Danisch wrote: On Mon, Sep 06, 2004 at 11:52:03AM -0600, R. A. Hettinga wrote: E-mail security company MX Logic Inc. will report this week that 10 percent of all spam includes such SPF records, I have mentioned this problem more than a year ago in context of my RMX draft (SPF, CallerID and SenderID are based on RMX). Interestingly, nobody really cared about this major security problem. All RMX-derivatives block forged messages (more or less). But what happens if the attacker doesn't forge? That's a hard problem. And a problem known from the very beginning of the sender verification discussion. It's not a hard problem, just a different problem. Whitelisting your friends and aggressively filtering strangers is an obvious technique for reducing false positives without increasing false negatives, but it fails if spammers can forge identities of your friends. RMX-derivatives help this problem, and they help the joe-job problem. If a spammer wants to claim that they're the genuine spammers-are-us.biz, well, let them. I find it more annoying that there are spammers putting PGP headers in their messages, knowing that most people who use PGP assume PGP-signed mail is from somebody genuine and whitelist it. Bill Stewart [EMAIL PROTECTED]
Re: Vote for nobody
I think the US state of Nevada has None of the above as an option, though I'm not sure the implementation of it. The Libertarian Party in the US always has NOTA as a candidate in internal elections, and sometimes NOTA wins and the job goes unfilled until either there's a new election with new candidates or some executive committee appoints somebody. At 09:57 AM 9/6/2004, Justin wrote: If someone would vote for none of the above rather than write in his/her ideal candidate, that someone is a lazy oaf. Everyone who writes in a candidate is voting none of the above. NOTA's a bit different - there may be a large plurality of voters who don't like the major candidates, even if they don't agree on who else they want. In a election where you're voting for a party, like most parliamentary governments use, voting NOTA is telling the parties to run different candidates, so for instance you might want the Labour Party to win but you don't like Tony Blair so you vote NOTA in his home district. In candidate-based elections, you're telling the individual candidates that you don't like them. Bill Stewart [EMAIL PROTECTED]
Re: Remailers an unsolvable paradox?
There are several different types of problem messages, and some are easier to avoid than others. - Spam - Harassing messages sent to remailer users - Harassing messages sent to mundanes to annoy the mundane - Harassing messages sent to mundanes to get the remailer in trouble - Harassing messages sent to third-parties (e.g. sending Bob slander about Alice.) - Forged messages - Usenet flamebait Two of the things I never built back when I was running a remailer could have helped this problem - Encrypted-sending only. Sure, you want to only accept encrypted messages to preserve privacy, but if you require outgoing messages to be encrypted, you not only protect privacy, you eliminate most of the spam, except for spam that's sent to people with easily-located public keys. Sadly, that's a small set of people, but it's also tougher for harvester programs, and it's a set of people less likely to buy from spammers. This also significantly reduces harassment potential. Most crypto users are more likely to understand remailers, or at least to read the this is a remailer headers. It's possible for harassers to work around this, if you're verifying encryption just by syntax, but it's a good start: - BEGIN PGP ENCRYPTED STUFF Alice - your mother was a hamster and your father smells of elderberries. And your hovercraft is full of eels. Bob - END PGP ENCRYPTED STUFF --- - Recipient permission for outbound remailers - have the remailer ask for permission before sending somebody mail, and optionally store addresses (or hashes of addresses) of people who want to accept remailed messages in the future (obviously including other remailers in that list.) So instead of sending the message directly, you send Subject: You've received an anonymous message #1234567 You've received an anonymous message at (foo-remailer) It may be from someone you know, or may be a forgery or spam (explain remailers blah blah blah) If you'd like to pick up the message, reply to this message. If you don't want it, just ignore this message. If you'd like us to never bother you again, reply with Subject: BLOCK If you'd like to automatically receive all remailer messages in the future, reply with Subject: SUBSCRIBE (and/or provide web URL interfaces for these functions.) Even if the remailed mail is spam or harassment, it starts out with getting permission from the recipient and building a positive relationship and some understanding of what's going on. It also means that if somebody who doesn't care about remailers gets spam or harassing mail, they don't have to get it more than once. Bill Stewart [EMAIL PROTECTED]
Re: The cages on the Hudson, AKA Little Guantanamo (fwd)
On Wed, 1 Sep 2004, Sunder wrote: except these cops don't (yet?) have tanks Actually, in New York, they do. At least they *did* when I lived there, all the way up to 1985. They had exactly one tank (used to mow down the Middletown NJ has one also (about an hour from the city by car, YMMV by tank.) Back in the revolutionary days of the 60s and 70s, the police chief, who was actually named Joe McCarthy and tried to live up to the name, was concerned that the Puerto Ricans in the ethnic neighborhoods along the shore might get uppity and take over the naval base, which everybody knew had Nuke-u-lur Weapons even though they'd never admit it, and the naval base might not be able to defend itself against a mob, so he convinced the town council that they needed to buy a tank. I haven't seen it, but one of my friends said that when he last saw it, it hadn't been moved in a while and had sunk about a foot into the mud. (When I'd first heard they had a tank, I'd assumed it was really some amphibious military vehicle they used for hauling cars out of the swamps or something, but no, it's a regular tank.) Bill
Re: The cages on the Hudson, AKA Little Guantanamo (fwd)
At 07:46 PM 9/1/2004, you wrote: This ain't the nice little suburb you do your contract programming in... this is New York City. We only obey the law because we know there's a thin line between order and chaos in this town. Hey, those cops aren't here to create disorder, they're here to preserve disorder
Re: T. Kennedy == Terrorist says TSA
At 06:54 AM 8/20/2004, Sunder wrote: http://www.sfgate.com/cgi-bin/article.cgi?file=/c/a/2004/08/20/MNGQ28BM1O1.DTL Washington -- Sen. Edward Ted Kennedy said Thursday that he was stopped and questioned at airports on the East Coast five times in March because his name appeared on the government's secret no-fly list. Also Congressman John Lewis gets caught by this, though he can usually fly if he buys his tickets as John R. Lewis. Unlike Kennedy, he tried going though channels to get off the lists, rather than starting with Ashcroft and working his way down. There's also a Dr. John Lewis who gets this kind of abuse, and registering as Dr or John W. Lewis doesn't seem to help him.
Re: Another John Young Sighting
At 11:50 PM 8/19/2004, Eric Cordian wrote: Was that our John Young on the Daily Show, talking about being visited by FBI agents, with the title Anarchist under his name? Yup. Reruns of the Daily Show are usually on at 7pm the following day, though check your local cable schedule.
Gilmore vs. Ashcroft goes to 9th Ckt. Court of Appeals
From Bill Scannell : --- On the 16th of August 2004, the 9th Circuit Court of Appeals begins work on the Gilmore vs. Ashcroft case. At stake is nothing less than the right of Americans to travel freely in their own country -- and the exposure of 'secret law' for what it is: an abomination. The man who is fighting the good fight is named John Gilmore. John made his fortune as a programmer and entrepreneur in the software industry. Whereas most people in his position would have moved to a tropical island and lived a life of luxury, John chose to use his wealth to protect and defend the US Constitution. On the 4th of July 2002, John Gilmore, American citizen, decided to take a trip from one part of the United States of America to another. At the airport, he was told he had to produce his ID if he wanted to travel. He asked to see the law demanding he show his 'papers' and was told after a time that the law was secret and no, he wouldn't be allowed to read it. He hasn't flown in has own country since. http://www.gilmorevsashcroft.com Can you put this out on wide-scan...it's important. Thanks, Bill ··· --- ··· ··· --- ··· They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. - Benjamin Franklin Bill Stewart [EMAIL PROTECTED]
Re: Cryptome on ABC Evening News?
At 03:32 PM 8/12/2004, R. A. Hettinga wrote: There's a teaser for tonight's 6:30 news about a website that publishes pipeline maps and the names and addresses of government employees. The horror. Speaking unofficially for the telecom industry, we're really happy to have the site there showing pictures of cable landings, antennas, etc. I've seen them used in internal training about submarine cables and I think we've probably used them in talks to customers as well. Separately, of course, we have bureaucrats who don't want to publish the addresses of telecom POPs, ignoring the fact that you can't buy physically diverse access to a location if you don't know where it is, and also ignoring the fact that 90% of a certain large 3-1/2-letter-acronym long distance carrier's POPs are in the same buildings as the local telcos so everybody knows where they are anyway, even though everybody's forgotten the derivation of VH coordinates... Bill Stewart [EMAIL PROTECTED]
Re: maybe he would cash himself in? (Re: A Billion for Bin Laden)
At 11:55 AM 8/12/2004, Dave Howe wrote: of course someone *really* cynical might think they already had him, but needed to spring a billion towards shrub's reelection campaign S that's not supposed to happen until October... Adam Back wrote: Maybe Bin Laden would turn himself in in return for a billion $ for his cause (through a middle-man of course). That's actually more credible, though I'm skeptical that anybody would trust the Bush Administration with that much money - if you're not an established government or well-known warlord, don't you become an immediate target of US suspicion? But Bin Laden could get to turn himself in alive, and if he gets killed as a martyr to the cause, lots more people get to hate Bush.
Re: stealth tempest wallpaper
What's interesting about the wallpaper is the ability to block some frequency bands while passing others. There's been good shielding wallpaper available for ~15 years, but that's for blocking everything including cellphones and pagers. At 12:20 PM 8/9/2004, Sunder wrote: http://www.newscientist.com/news/print.jsp?id=ns6240 or http://www.newscientist.com/news/news.jsp?id=ns6240lpos=home3 Stealth wallpaper keeps company secrets safe 10:00 08 August 04 Special Report from New Scientist Print Edition. Subscribe and get 4 free issues. A type of wallpaper that prevents Wi-Fi signals escaping from a building without blocking mobile phone signals has been developed by a British defence contractor. The technology is designed to stop outsiders gaining access to a secure network by using Wi-Fi networks casually set up by workers at the office.
Iowa Deploys Cell-Phone GPS location-tracking for 911
Iowa's deploying cell-phone location-trackers for 911, and for whatever other purposes the cellphones support. http://www.wqad.com/global/story.asp?shttp://www.WQAD.com/Global/story.asp?s=2150225 Des Moines, IA New technology will allow better response to 911 cell callers 08/09/04 10:35 AM DES MOINES, IOWA (AP) -- Cell phone users in Iowa are getting a 911 upgrade. The state is among the first in the nation to use the new technology that will help dispatchers pinpoint the emergency caller. Iowa 911 Program Manager John Benson says it's already being tested in Des Moines, and the end of the year, about half of the state's 125 dispatch centers will have the upgrade. About half of Iowa's 911 calls are placed by cell phones. That's about 50,000 a month. Current technology allows dispatchers to locate a cell phone 911 caller by the nearest cell tower, often miles away. The new global-positioning technology provides the latitude and longitude of the caller, which can be electronically displayed on a map. Copyright 2004, Associated Press. All Rights Reserved. This material cannot be published, broadcast, rewritten, or distributed. (looks like Fair Use to me...)
Re: [Politech] A close look at John Kerry's *real* tech agenda [ip]
At 08:35 AM 8/2/2004, Declan wrote: http://news.com.com/2010-1028-5291476.html John Kerry is not our friend on this issue. If you've read Alexander Cockburn's article on Kerry's Vietnam record, he's not good on peace issues either. On the other hand, he's not Bush. While he and Edwards both like PATRIOT, he's not as aggressive about it as Bush, and while he did murder people in Vietnam, he was doing it retail-level, while Bush does it wholesale. It's definitely a lesser-of-two-evils game, and it's more like Cthulhu vs. Hastur rather than Cthulhu vs. Bambi or even Godzilla. Fortunately, here in California, Bush looks like he's way behind, so it's safe to vote Libertarian (or Green, or Naderite, or other parties), but nationwide it's Go, Hastur! Hastur! Hastur! aaarghff... Meanwhile, Tom Ridge has raised the National Fearmongering Level from wolf wolf wolf to wolf wolf wolf wolf for NYC, DC, and NJ.
Re: Terror Threat Level Is Raised For Key U.S. Financial Buildings
At 12:00 PM 8/1/2004, R. A. Hettinga wrote: http://online.wsj.com/article_print/0,,SB109136672993879685,00.html Terror Threat Level Is Raised For Key U.S. Financial Buildings Associated Press August 1, 2004 2:46 p.m. NEW YORK -- The federal government warned today of possible terrorist attacks against iconic financial institutions in New York City, Washington and Newark, N.J., saying a confluence of intelligence over the weekend pointed to a car or truck bomb. In related news, Homeland Security reported that there have been sightings of a Big Scary Wolf near the edges of Your Village. These aren't the usual Wolf reports - there's serious chatter among shepherd sources and we've interrogated a bunch of sheep lately who've confirmed that the Wolf is out there and identified a bunch of different parts of the village where the wolf may strike next. I'm getting really tired of the irresponsibility of the American press reporting this stuff uncritically.
[Meetingpunks] SF Bay Area Cypherpunks August 2004 Physical Meeting Announcement
Rick Moen suggested we have a Cypherpunks meeting in August, so: SF Bay Area Cypherpunks August 2004 Physical Meeting Announcement General Info: DATE: Saturday 14 August 2004 TIME: 12:00 - 5:00 PM (Pacific Time) PLACE: Stanford University Campus - Tressider Union courtyard Agenda: Our agenda is a widely-held secret. (This will be our first meeting since April 2003, so the agenda is somewhat up for grabs. Among upcoming events to note is the 7th annual Information Security Conference, aka ISC04, Sept. 27-29 at Xerox PARC, http://isc04.uncc.edu/ . Also of note: Our friendly Federalistas seem to be imposing unprecedented visa restrictions on visiting foreign cryptographers. Is it time for all international cryptography conferences to move off-shore? See: http://www.schneier.com/crypto-gram-0407.html#3 ) As usual, this is an Open Meeting on US Soil, and the public is invited. Location Info: The meeting location will be familiar to those who've been to our outdoor meetings before, but for those who haven't been, it's on the Stanford University campus, at the tables outside Tressider Union, at the end of Santa Theresa, just west of Dinkelspiel Auditorium. We meet at the tables on the west side of the building, inside the horseshoe U formed by Tresidder. Ask anyone on campus where Tressider is and they'll help you find it. Food and beverages are available at the cafe inside Tresidder. Location Maps: Stanford Campus (overview; Tressider is dead-center). http://campus-map.stanford.edu/campus_map/bldg.jsp?cx=344cy=471zoomto=50zoomfrom=30bldgID=02-300 Tressider Union (zoomed detail view). http://campus-map.stanford.edu/campus_map/results.jsp?bldg=Tresidder Printable Stanford Map (407k). http://www.stanford.edu/home/visitors/campus_map.pdf [ This announcement sent to the following mailing lists: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Mailing list complaints or address corrections to [EMAIL PROTECTED] ] Bill Stewart [EMAIL PROTECTED] ___ Meetingpunks mailing list [EMAIL PROTECTED] http://lists.cryptorights.org/mailman/listinfo/meetingpunks Bill Stewart [EMAIL PROTECTED]
Re: Email tapping by ISPs, forwarder addresses, and crypto proxies
At 04:44 PM 7/24/2004, J.A. Terranson wrote: [1] the original phone phreaks were blind, This is a ridiculous statement, and even worse, leaks information about your nym: [young enough to have not been there]. You are thinking of Joe Whistler Joe Egressia (sp?), and the kid form New York whose names escape me at the moment. These two do not even com close to the original phone phreaks were blind. More like at least two of the original batch of phreaks were blind. Cap'n Crunch may have bad teeth, but his eyes were fine the last time I saw him.
Re: Terror in the Skies, Again?
At 03:52 AM 7/26/2004, ken wrote: Assuming its true (*) the one security breach is the action of the cabin crew member who tried to reassure this woman by going on about air marshalls. That security breach should certainly get them sacked, and probably interrogated by the men in cheap suits. Or does she assume that apparently nervous middle-aged middle-class white women can't be bombers? The flight attendant didn't identify which six people were air marshals, and since the normal number of them ranges from zero to two per flight, she was almost certainly just lying to calm down the troublesome passenger (who definitely had no class, middle or otherwise.) One of the entertaining followup items from this event was that, yes, the group of ~14 Syrian musicians were really just musicians on tour, but in fact their visas had expired about 3 weeks earlier, though the TSA thugs who interrogated them after they arrived didn't notice it. I was surprised they were musicians - I'd expected them to have been a soccer team, and I've been on enough airplanes with sports teams on them that their behavior sounds totally typical. And Middle Easterners flying out of Detroit? What a surprise! (Detroit's one of the main places that Arab immigrants move.) Anne Jacobsen, prejudiced white columnist, wrote What I experienced during that flight has caused me to question whether the United States of America can realistically uphold the civil liberties of every individual, even non-citizens, and protect its citizens from terrorist threats. And she's obviously in favor of protection, whether or not it takes a police state to do it.
Re: Secure telephones
At 11:45 AM 7/17/2004, Thomas Shaddack wrote: Pondering construction of a secure telephone. (Or at least a cellphone in general. The user interfaces and features available on virtually all the mass-market phones suck, to put it very very mildly, not even mentioning If you're trying to build a usable cellphone, you've got much more stringent design criteria than a deskphone. You've got packaging requirements that force you into serious industrial design if you want something pocket-sized with good battery life, plus you've got to implement all the cellular interface features. If you're willing to build a backpack-phone, that's a lot simpler, because you can use a laptop with a [pick-your-favorite-cellular-data-standard] card and either a wired headset or a Bluetooth frob for a BT headset. An intermediate design, which other people have done, is an 802.11 phone - take your favorite high-end multimedia PDA and an 802.11 card and write whatever UI you want. Again, you can either do a wire to your pocket or Bluetooth, or do what some of the early Compaq Ipaq phones did and just hold the thing up to your cheek. I'm not aware of any cellular data cards in PDA-usable format (unless you've got a PDA big enough for PCMCIA), but you could take a GSM etc. phone with a wired interface to a PDA. The fun UI to implement is an all-audio one, with speech recognition for commands. There's a lot of market space out there for that. Bluetooth headsets aren't necessarily a great match for it, because you're getting a low bit-rate signal from a cheap microphone, as opposed to 11kHz 16-bit audio sampling.
