RE: [EMAIL PROTECTED]: [IP] more on U.S. passports to receive RFID implants start

[Tyler Durden]

One thing to think about with respect to the RFID passports...

Um, uh...surely once in a while the RFID tag is going to get corrupted or 
something...right? I'd bet it ends up happening all the time. In those cases 
they probably have to fall back upon the traditional passport usage and 
inspection.


The only question is, what could (believably) damage the RFID?

-TD


From: Eugen Leitl [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [EMAIL PROTECTED]: [IP] more on U.S. passports to receive RFID  
implants starting in October 2006 [priv]]

Date: Sat, 29 Oct 2005 20:54:13 +0200

- Forwarded message from David Farber [EMAIL PROTECTED] -

From: David Farber [EMAIL PROTECTED]
Date: Fri, 28 Oct 2005 17:49:06 -0400
To: Ip Ip ip@v2.listbox.com
Subject: [IP] more on U.S. passports to receive RFID implants starting in
October 2006 [priv]
X-Mailer: Apple Mail (2.734)
Reply-To: [EMAIL PROTECTED]



Begin forwarded message:

From: Edward Hasbrouck [EMAIL PROTECTED]
Date: October 28, 2005 11:07:28 AM EDT
To: [EMAIL PROTECTED]
Subject: Re: [IP] more on U.S. passports to receive RFID implants
starting in October 2006 [priv]


From: Lin, Herb [EMAIL PROTECTED]

*Front* cover?  Does that mean that if I hold the passport the wrong
way, the skimmer will have a free ride?


FWIW:

(1) The sample RFID passports that Frank Moss passed around at CFP,
which
looked like http://travel.state.gov/passport/eppt/eppt_2501.html, had
the RFID chip (which was barely detectable by feel) in the *back* cover.
The visible data page was/is, as with current passports, in the *front*
cover.  This is not compliant with the ICAO specifications, which
recommend having the chip in the same page as the visible data, to
make it
more difficult to separate them.  I can only guess that it was hard to
laminate the visible data without damaging the chip, if it was in the
same
page.  But it's interesting in light of the importance supposedly being
placed on compliance with ICAO standards.

(2) Moss had 2 sample RFID passports, 1 with and 1 without the
shielding.
He cliamed it was a layer in the entire outer cover (front and back),
but
it wasn't detectable by feel.

I have more threat scenarios for the latest flavor of RFID passport at:

http://hasbrouck.org/blog/archives/000869.html



Edward Hasbrouck
[EMAIL PROTECTED]
http://hasbrouck.org
+1-415-824-0214




-
You are subscribed as [EMAIL PROTECTED]
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

- End forwarded message -
--
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which 
had a name of signature.asc]

RE: Return of the death of cypherpunks.

[Tyler Durden]

I don't agree.

One thing we do know is that, although Crypto is available and, in special 
contexts, used, it's use in other contexts is almost counterproduct, sending 
up a red flag so that those that Protect Our Freedoms will come sniffing 
around and bring to bear their full arsenal of technologies and, possibly, 
dirty tricks. Merely knowing that you are using stego/crypto in such 
contexts can cause a lot of attention come your way, possibly in actual 
meatspace, which in many cases is almost worse than not using crypto at all


In addition, although strong and unbreakable Crypto exists, one thing a 
stint on Cypherpunks teaches you is that it is only rarely implemented in 
such a way as to actually be unbreakable to a determined attacker, 
particularly if there are not many such cases to examine in such contexts.


The clear moral of this story is that, to increase the odds of truly secure 
communication, etc, Crypto in such contexts must become much more 
ubiquitous, and I still think Cypherpunks has a role to play there and 
indeed has played that role. Such a role is, of course, far more than a mere 
cheerleading role,a fact that merits a continued existence for Cypherpunks 
in some form or another.


-TD






Only when Crypto is used ubiquitousl


From: James A. Donald [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Return of the death of cypherpunks.
Date: Fri, 28 Oct 2005 12:09:36 -0700

--
From:   Eugen Leitl [EMAIL PROTECTED]
 While I don't exactly know why the list died, I
 suspect it was the fact that most list nodes offered a
 feed full of spam, dropped dead quite frequently, and
 also overusing that needs killing thing (okay, it
 was funny for a while).

 The list needs not to stay dead, with some finite
 effort on our part (all of us) we can well resurrect
 it. If there's a real content there's even no need
 from all those forwards, to just fake a heartbeat.

Since cryptography these days is routine and
uncontroversial, there is no longer any strong reason
for the cypherpunks list to continue to exist.

I recently read up on the Kerberos protocol, and
thought, how primitive.  Back in the bad old days, we
did everything wrong, because we did not know any
better.  And of course, https sucks mightily because the
threat model is both inappropriate to the real threats,
and fails to correspond to the users mental model, or to
routine practices on a wide variety of sites, hence
users glibly click through all warning dialogs, most of
which are mere noise anyway.

These problems, however, are no explicitly political,
and tend to be addressed on lists that are not
explicitly political, leaving cypherpunks with little of
substance.

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 AnKV4N6f9DgtOy+KkQ9QsiXcpQm+moX4U09FjLXP
 4zfMeSzzCXNSr737bvqJ6ccbvDSu8fr66LbLEHedb

RE: crypto on sonet is free, Tyler

[Tyler Durden]

Yo Variola! Did you notice the date stamp on that post?

Did you do a stint on Survivor or something?

Or as I said to the short-lived Tom Veil, What, no Starbucks near your 
Unabomber shack?



-TD



From: Major Variola (ret) [EMAIL PROTECTED]
To: [EMAIL PROTECTED] [EMAIL PROTECTED]
Subject: crypto on sonet is free, Tyler
Date: Tue, 25 Oct 2005 19:52:10 -0700

At 03:15 PM 6/8/04 -0400, Tyler Durden wrote:
Well, it's interesting to consider how/if that might be possible. SONET

scrambles the payload prior to transmission..adding an additional
crypto
layer prior to transmission would mean changing the line rate, so
probably a
no-no.

Tyler, one can implement crypto at *arbitrary* line rates though the use

of multiple hardware engines and the right mode of operation.

If you don't use crypto you are broadcasting, as well as accepting
anything
from anyone as authentic.  Its that simple.  Caveat receiver.

---
Impeach or frag.

RE: On special objects, and Judy Miller's treason

[Tyler Durden]

Its unfortunate that some posters had to be reminded that anyone
calling for government-licensed reporters (and religions, as one
author included) deserves to have their carbon recycled, because
of the treason to the BoR.  Tim May used to call government licensed
citizens special objects.  Search for it.


Although I agree in theory, if I were a black man in Alabama in the 1950s 
(for instance), I might certainly be willing to try to declare blacks as 
worthy of special consideration if that would keep me from getting 
lynched. I would not, in general, expect to be held liable by others for the 
reaction of Tyrants, and I'd be willing to allow other lynchables to take 
care of themselves.


Is Miller in this situation? Doubtful, but then again were you -suprised-?

-TD

Re: Judy Miller needing killing

[Tyler Durden]

Cyphrpunk wrote...



The notion that someone who is willing to spend months in jail just to
keep a promise of silence needs killing is beyond bizarre and is
downright evil. This list supports the rights of individuals to tell
the government to go to hell, and that is exactly what Judy Miller
did. She should be a hero around here. It's disgusting to see these
kinds of comments from a no-nothing like Major Variola.



While I agree that Variola has his bizarre moments, much of what he says at 
least merits further investigation. He partially fills a role that May 
filled, before his final descent into madness...


I, for one, welcome his return to posting, and it's not too much effort to 
hit the delete button on a post-by-post basis.


-TD

Color Laser Printer Snitch Codes

[Tyler Durden]

Apparently, it's possible to examine a color printer output and determine 
make, model, and even print time.


http://www.eff.org/Privacy/printers/docucolor/

Soon we'll find out that toothbrushes are able to determine what I ate for 
dinner and are regularly sending the info...


-TD

RE: TEMPEST PC for sale on ebay

[Tyler Durden]

Uh...it's SAIC. I used to work for a subsidiary so I wouldn't touch this POS 
with a ten-foot tempest pole.


-TD



From: [EMAIL PROTECTED] (Peter Gutmann)
To: [EMAIL PROTECTED]
Subject: TEMPEST PC for sale on ebay
Date: Sat, 15 Oct 2005 19:39:02 +1300

http://cgi.ebay.com/SAIC-V2-Military-Portable-Computer-With-Accessories_W0QQitemZ8707782870QQcategoryZ177QQrdZ1QQcmdZViewItem

May possibly run a very cut-down version of Linux, otherwise you'd be stuck
with DOS.

Peter.

RE: [EMAIL PROTECTED]: Handbook for bloggers and cyber-dissidents]

[Tyler Durden]

There's also some very nice advice for nontechnical people about things like 
Mixmaster, checking IP addresses, and how to DO a lot of stuff making use of 
the tools that are out there.


It's a great little book.

Oh yeah...I think Gilmore wrote a section in it.

-TD



From: Eugen Leitl [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [EMAIL PROTECTED]: Handbook for bloggers and  
cyber-dissidents]

Date: Thu, 6 Oct 2005 08:28:06 +0200

- Forwarded message from Thomas Sj?gren [EMAIL PROTECTED]
-

From: Thomas Sj?gren [EMAIL PROTECTED]
Date: Wed, 5 Oct 2005 23:20:14 +0200
To: [EMAIL PROTECTED]
Subject: Handbook for bloggers and cyber-dissidents
User-Agent: Mutt/1.5.9i
Reply-To: [EMAIL PROTECTED]

Reporters Without Borders (Reporters sans fronti?res, RSF) has
released a Handbook for bloggers and cyber-dissidents:
http://www.rsf.org/rubrique.php3?id_rubrique=542

Topics include:
How to blog anonymously
Technical ways to get around censorship
Ensuring your e-mail is truly private
Internet-censor world championship

From the chapter How to blog anonymously:
Step five - Onion Routing through Tor
[...]

Given the complexity of the technology, Sarah is pleasantly surprised to
discover how easy it is to install Tor, an onion routing system. She
downloads an installer which installs Tor on her system, then downloads
and installs Privoxy, a proxy that works with Tor and has the pleasant
side benefit of removing most of the ads from the webpages Sarah views.

After installing the software and restarting her machine, Sarah checks
noreply.org and discovers that she is, in fact, successfully cloaked
by the Tor system - noreply.org thinks shes logging on from Harvard
University. She reloads, and now noreply thinks shes in Germany. From
this she concludes that Tor is changing her identity from request to
request, helping to protect her privacy.

This has some odd consequences. When she uses Google through Tor, it
keeps switching language on her. One search, its in English - another,
Japanese. Then German, Danish and Dutch, all in the course of a few
minutes. Sarah welcomes the opportunity to learn some new languages, but
shes concerned about some other consequences. Sarah likes to contribute
to Wikipedia, but discovers that Wikipedia blocks her attempts to edit
articles when shes using Tor.

Tor also seems to have some of the same problems Sarah was having with
other proxies. Her surfing slows down quite a bit, as compared to
surfing the web without a proxy - she finds that she ends up using Tor
only when shes accessing sensitive content or posting to her blog. And
shes once again tied to her home computer, since she cant install Tor on
a public machine very easily.

Most worrisome, though, she discovers that Tor sometimes stops working.
Evidently, her ISP is starting to block some Tor routers - when Tor
tries to use a blocked router, she can wait for minutes at a time, but
doesnt get the webpage shes requested.
--



- End forwarded message -
--
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which 
had a name of signature.asc]

Re: Just to make your life more paranoid:) Re: Surreptitious Tor Messages?

[Tyler Durden]

Steve Furlong wrote...


The noisy protocol has the added benefit of causing the network cable
to emit lots of radiation, frying the brains of TOR users. The only
defense is a hat made of flexible metal.


More than that, I'd bet they engineered that noise to stimulate the very 
parts of the brain responsible for Wikipedia entries...


-TD

Surreptitious Tor Messages?

[Tyler Durden]

Can anyone suggest a tool for checking to see if my Tor client is performing 
any surreptitious signaling?


Seems to me there's a couple of possibilities for a TLA or someone else to 
monitor Tor users. Tor clients purchased online or whatever could possibly 
signal a monitoring agency for when and possibly where the user is online. 
This would mean that at bootup, some surreptitious packets could be fired 
off.


The problem here is that a clever TLA might be able to hide its POP behind 
the Tor network, so merely checking on IP addresses on outgoing packets 
wouldn't work.


Can anyone recommend a nice little package that can be used to check for 
unusual packets leaving my machine through the tor client?


-TD




From: Eugen Leitl [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [EMAIL PROTECTED]: Re: nym-0.2 released (fwd)]
Date: Mon, 3 Oct 2005 15:57:42 +0200

- Forwarded message from Jason Holt [EMAIL PROTECTED] -

From: Jason Holt [EMAIL PROTECTED]
Date: Sun, 2 Oct 2005 22:23:50 + (UTC)
To: cyphrpunk [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], cryptography@metzdowd.com
Subject: Re: nym-0.2 released (fwd)
Reply-To: [EMAIL PROTECTED]


On Sun, 2 Oct 2005, cyphrpunk wrote:
1. Limting token requests by IP doesn't work in today's internet. Most

Hopeless negativism.  I limit by IP because that's what Wikipedia is 
already

doing.  Sure, hashcash would be easy to add, and I looked into it just last
night.  Of course, as several have observed, hashcash also leads to
whack-a-mole problems, and the abuser doesn't even have to be savvy enough
to change IPs.

Why aren't digital credential systems more widespread? As has been 
suggested

here and elsewhere at great length, it takes too much infrastructure. It's
too easy when writing a security paper to call swaths of CAs into existance
with the stroke of the pen.  To assume that any moment now, people will
start carrying around digital driver's licenses and social security cards
(issued in the researcher's pet format), which they'll be happy to show the
local library in exchange for a digital library card.

That's why I'm so optimistic about nym. A reasonable number of Tor users, a
technically inclined group of people on average, want to access a single
major site. That site isn't selling ICBMs; they mostly want people to have
access anyway. They have an imperfect rationing system based on IPs. The
resource is cheap, the policy is simple, and the user needs to conceal a
single attribute about herself. There's a simple mathematical solution that
yields certificates which are already supported by existing software. That,
my friend, is a problem we can solve.


I suggest a proof of work system a la hashcash. You don't have to use
that directly, just require the token request to be accompanied by a
value whose sha1 hash starts with say 32 bits of zeros (and record
those to avoid reuse).

I like the idea of requiring combinations of scarce resources. It's
definitely on the wishlist for future releases.  Captchas could be
integrated as well.


2. The token reuse detection in signcert.cgi is flawed. Leading zeros
can be added to r which will cause it to miss the saved value in the
database, while still producing the same rbinary value and so allowing
a token to be reused arbitrarily many times.

Thanks for pointing that out! Shouldn't be hard to fix.


3. signer.cgi attempts to test that the value being signed is  2^512.
This test is ineffective because the client is blinding his values. He
can get a signature on, say, the value 2, and you can't stop him.

4. Your token construction, sign(sha1(r)), is weak. sha1(r) is only
160 bits which could allow a smooth-value attack. This involves
getting signatures on all the small primes up to some limit k, then
looking for an r such that sha1(r) factors over those small primes
(i.e. is k-smooth). For k = 2^14 this requires getting less than 2000
signatures on small primes, and then approximately one in 2^40 160-bit
values will be smooth. With a few thousand more signatures the work
value drops even lower.

Oh, I think I see. The k-smooth sha1(r) values then become bonus tokens,
so we use a large enough h() that the result is too hard to factor (or, I
suppose we could make the client present properly PKCS padded preimages).
I'll do some more reading, but I think that makes sense.  Thanks!

-J

- End forwarded message -
--
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which 
had a name of signature.asc]

RE: [EMAIL PROTECTED]: [IP] Italy requires logging of personal info at cybercafes]

[Tyler Durden]

Well, the great thing about the Italians is that you can bet in large parts 
of Italy the law is already routinely ignored. 6 months from now it will be 
forgotten.


-TD



From: Eugen Leitl [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [EMAIL PROTECTED]: [IP] Italy requires logging of personal info  at 
cybercafes]

Date: Tue, 4 Oct 2005 15:20:15 +0200

- Forwarded message from David Farber [EMAIL PROTECTED] -

From: David Farber [EMAIL PROTECTED]
Date: Tue, 4 Oct 2005 08:54:46 -0400
To: Ip Ip ip@v2.listbox.com
Subject: [IP] Italy requires logging of personal info at cybercafes
X-Mailer: Apple Mail (2.734)
Reply-To: [EMAIL PROTECTED]



Begin forwarded message:

From: Brett Glass [EMAIL PROTECTED]
Date: October 4, 2005 2:25:50 AM EDT
To: [EMAIL PROTECTED]
Subject: For IP: Italy requires logging of personal info at cybercafes


Want to check your e-mail in Italy? Bring your passport.
An antiterror law makes Internet cafe managers check their clients'
IDs and track the websites they visit.

By Sofia Celeste | Contributor to The Christian Science Monitor

ROME - Looking out over the cobblestone streets of Rome's Borgo Pio
neighborhood, Maurizio Savoni says he's closing his Internet cafe
because he doesn't want to be a cop anymore.

After Italy passed a new antiterrorism package in July, authorities
ordered managers offering public communications services, like Mr.
Savoni,to make passport photocopies of every customer seeking to use
the Internet, phone, or fax.

This new law creates a heavy atmosphere, says Savoni, his desk
cluttered with passport photocopies. He is visibly irritated, as he
proceeds to halt clients at the door for their ID.

Passed within weeks of the London bombings this summer, the law is
part of the most extensive antiterror package introduced in Italy
since 9/11 and the country's subsequent support of the Iraq war.

Though the legislation also includes measures to heighten
transportation security, permit DNA collection, and facilitate the
detention or deportation of suspects, average Italians are feeling
its effect mainly in Internet cafes.

But while Italy has a healthy protest culture, no major opposition to
the law has emerged.

Before the law was passed, Savoni's clients were anonymous to him.
Now they must be identified by first and last name. He must also
document which computer they use, as well as their log-in and log-out
times.

Like other owners of Internet cafes, Savoni had to obtain a new
public communications business license, and purchase tracking
software that costs up to $1,600.

The software saves a list of all sites visited by clients, and
Internet cafe operators must periodically turn this list into their
local police headquarters.

After 9/11, Madrid, and London, we all have to do our utmost best to
fight terrorism, says a government official who asked not to be named.

Italy claims that its new stance on security led to the arrest of
Hussein Osman, also known as Hamdi Issac - one of the men behind the
failed bombing of the London underground July 21.

Hamdi was well known to our security people and had relatives here
with whom he communicated, in some form, says the government
official in an e-mail interview.

But Silvia Malesa, a young Internet cafe owner in the coastal village
of Olbia, Sardinia, remains unconvinced.

This is a waste of time, says Ms. Malesa in a telephone interview.
Terrorists don't come to Internet cafes.

And now, would-be customers aren't coming either, say Savoni and
Malesa. Since the law was enacted, Savoni has seen an estimated 10
percent drop in business.

So many people who come in here ask 'why?' and then they just
leave, Savoni says.

Most tourists who wander in from the streets, he explains, leave
their passports at home or are discouraged when asked to sign a
security disclaimer.

Savoni says the new law violates his privacy, comparing it to
America's antiterrorism law that allows authorities to monitor
Internet use without notifying the person in question.

It is a control system like America's Patriot Act, he says.

Groups like the American Civil Liberties Union have criticized the
Patriot Act because it permits the government to ask libraries for a
list of books someone has borrowed or the websites they have visited.

Under Italy's new antiterror legislation, only those who are on a
black list for terrorist connections are in danger of having their e-
mails read, according to the government official.

Interior Minister Giuseppe Pisanu has declared Italy will stop at
nothing to fight terror.

I will continue to prioritize action to monitor the length and
breadth of the country, without ever underestimating reasonably
reliable reports of specific threats, said Mr. Pisanu in a Sept. 29
interview with Finmeccanica Magazine. Pisanu has also called for
developing sophisticated technology to combat terror on Italian soil.

There is no doubt that, to achieve maximum efficiency, we need the
support of the best technological 

Re: [EMAIL PROTECTED]: Wikipedia Tor]

[Tyler Durden]

In many segments of the credit card insutry meatspace is also irrelevant. 
Anyone with a FICO greater than about 680 is almost certainly concered with 
maintaining their reputation with the current crop of TRWs of the 
world...collections efforts leverage the potential damage to the reputation, 
and only very gradually (if ever) fall back into actual meatspace threats 
(ie, docking your pay, etc...). And in many cases meatspace threats are 
forgone due to the collections effort (times probability of collection) 
yielding more than what would be recovered.


So for many, it's effectively been psuedonyms for years, though their 
psuedonyms happen to correspond to their true names.


-TD



From: John Kelsey [EMAIL PROTECTED]
To: Roy M. Silvernail [EMAIL PROTECTED],R.A. Hettinga  
[EMAIL PROTECTED]

CC: James A. Donald [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: [EMAIL PROTECTED]: Wikipedia  Tor]
Date: Sat, 1 Oct 2005 10:01:51 -0400 (GMT-04:00)

Damn good point.  Now that I think of it, all the classic examples of
anonymous publication were really pseudonymous.  (Publius, et al)

They have different requirements.  Votes and cash transactions and similar 
things
require no history, no reputation.  They're one-shot actions that should 
not be linkable

to other actions.

Pseudonyms are used everywhere in practice, because even my name is 
effectively
a pseudonym unless you have some reason to try to link it to a meatspace 
human.
This is why it's worth reading a book by Mark Twain, even though that 
wasn't his real
name.  And it would be worth reading those books even if we had no idea who 
had really
written them.  The reuptation and history of the author lets you decide 
whether you want
to read the next of his books.  The same is true of academic papers--you 
don't need to
have met me or even to be able to find me, in order to read my papers and 
develop an
opinion (hopefully a good one) about the quality of my work.  And that 
determines whether

you think the next paper is worth reading.

--John

RE: [EMAIL PROTECTED]: Re: Pseudonymity for tor: nym-0.1 (fwd)]

[Tyler Durden]

Just a thought.

Wikipedia entries from anonymous sources, such as Tor, should have an 
expiration date and revert back, unless a Wiki Admin or other trusted user 
OKs the new entry.


-TD



From: Eugen Leitl [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [EMAIL PROTECTED]: Re: Pseudonymity for tor: nym-0.1 (fwd)]
Date: Fri, 30 Sep 2005 10:34:00 +0200

- Forwarded message from Jason Holt [EMAIL PROTECTED] -

From: Jason Holt [EMAIL PROTECTED]
Date: Thu, 29 Sep 2005 23:32:48 + (UTC)
To: [EMAIL PROTECTED]
Subject: Re: Pseudonymity for tor: nym-0.1 (fwd)
Reply-To: [EMAIL PROTECTED]



-- Forwarded message --
Date: Thu, 29 Sep 2005 23:32:24 + (UTC)
From: Jason Holt [EMAIL PROTECTED]
To: Ian G [EMAIL PROTECTED]
Cc: cryptography@metzdowd.com
Subject: Re: Pseudonymity for tor: nym-0.1 (fwd)


On Thu, 29 Sep 2005, Ian G wrote:
Couple of points of clarification - you mean here
CA as certificate authority?  Normally I've seen
Mint as the term of art for the center in a
blinded token issuing system, and I'm wondering
what the relationship here is ... is this something
in the 1990 paper?

Actually, it was just the closest paper at hand for what I was trying to 
do,

which is nymous accounts, just as you say.  So I probably shouldn't have
referred to spending at all.

My thinking is that if all Wikipedia is trying to do is enforce a low
barrier of pseudonymity (where we can shut off access to persons, based on 
a

rough assumption of scarce IPs or email addresses), a trivial blind
signature system should be easy to implement.  No certs, no roles, no CRLs,
just a simple blindly issued token.  And in fact it took me about 4 hours
(while the conversation on or-talk has been going on for several days...)

There are two problems with what I wrote. First, the original system is
intended for cash instead of pseudonymity, and thus leaves the spender a
disincentive to duplicate other serial numbers (since you'd just be accused
of double spending); this is a problem since if an attacker sees you use
your token, he can get the same token signed for himself and besmirch your
nym. And second, it would be a pain to glue my scripts into an existing
authentication system.

Both problems are overcome if, instead of a random token, the client blinds
the hash of an X.509 client cert.  Then the returned signature gives you a
complete client cert you can plug into your web browser (and which web
servers can easily demand).  Of course, you can put anything you want in 
the

cert, since the servers know that my CA only certifies 1 bit of data about
users (namely, that they only get one cert per scarce resource).  But the
public key (and verification mechanisms built in to TLS) keeps abusers from
being able to pretend they're other users, since they won't have the users'
private keys.

rant
The frustrating part about this is the same reason why I'm getting out of
the credential research business.  People have solved this problem before
(although I didn't know of any Free solutions; ADDS and SOX are hard to
google -- are they Free?).  I even came up with at least a proof of concept
in an afternoon. And yet the argument on the list went on and on, /without
even an acknowledgement of my solution/.  Everybody just kept debating the
definitions of anonymity and identity, and accusing each other of anarchy
and tyranny.  We go round and round when we talk about authentication
systems, but never get off the merry-go-round.

Contrast that with Debevec's work at Berkeley; Ph.D in 1996 on virtual
cinematography, then The Matrix comes out in 1999 using his techniques and
revolutionizes action movies.  Sure, graphics is easier because it doesn't
require everyone to agree on an /infrastructure/, but then, neither does 
the
tor/wikipedia problem.  I'm grateful for guys like Roger Dingledine and 
Phil

Zimmerman who actually make a difference with a privacy system, but they
seem to be the exception, rather than the rule.
/rant

So thanks for at least taking notice.

-J

- End forwarded message -
--
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which 
had a name of signature.asc]

Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]

[Tyler Durden]

One way to build a psuedo-pseudonymous mechanism to hang off of Tor
that would be easy for the Wikipedians to deal with
would be to have a server that lets you connect to it using Tor,
log in using some authentication protocol or other,
then have it generate different outgoing addresses based on your ID.
So user #37 gets to initiate connections from 10.0.0.37,
  user #258 gets to initiate connections from 10.0.1.2, etc.


Isn't the IPv4 address space potentially too small in the intermediate run 
for this approach? Sounds like you'd need IPv6...


-TD

RE: [EMAIL PROTECTED]: Re: Hello directly from Jimbo at Wikipedia]

[Tyler Durden]

No, this is important. If this isn't Cypherpunks material these days then 
nothing is.


As for the Wikipedia folks, I can't imagine having a more intelligent batch 
of people disagree. There's is a very practical matter: Reducing the 
hassles, particularly when said hassles in general deteriorate the 
content/bullshit ratio they see.


On the other hand, they seem to clearly get the value of Tor, and have 
practically extended an invitation for a solution that will truly make 
things better while not significantly increasing their hassles.


That the Wikipedia reaction to TorSpam is perhaps regrettable is obvious, 
but given their goals (not particularly Cypherpunkly) it really does make 
sense: No one's paid at Wikipedia and no one's going to do all the work of 
cleaning up the slung feces. In other words, their clipping off one of the 
side-lobes but increasing the remaining signal-to-noise. Just brute force 
logic. Sorry.


But the door is open for solutions and they do seem to understand the 
issues. Not bad, and the long-term solution may be very interesting...


-TD






From: Eugen Leitl [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [EMAIL PROTECTED]: Re: Hello directly from  
Jimbo at Wikipedia]

Date: Thu, 29 Sep 2005 14:02:32 +0200

Sorry for the flood, but this is winding down already.
What I didn't like about this discussion is that all
concerned parties seem to have been shouting into
space past each other, just trying to make a noise
instead of understanding and solving the problem.

- Forwarded message from Steven J. Murdoch
[EMAIL PROTECTED] -

From: Steven J. Murdoch [EMAIL PROTECTED]
Date: Thu, 29 Sep 2005 00:27:51 +0100
To: [EMAIL PROTECTED]
Cc: Jimmy Wales [EMAIL PROTECTED]
Subject: Re: Hello directly from Jimbo at Wikipedia
User-Agent: Mutt/1.4.1i
Reply-To: [EMAIL PROTECTED]

On Tue, Sep 27, 2005 at 05:48:59PM -0400, Jimmy Wales wrote:
 All I'm saying is that Tor could segregate users easily enough into two
 clouds: We sorta trust these ones, more or less, a little bit, but no
 guarantees -- We don't trust these ones, we don't know them.

This would be very difficult to do using the existing Tor design as it
doesn't know anything about users or sessions. It lives at the TCP
layer and all it does is shift packets from one IP address to another,
giving some privacy to both ends. Adding higher layer functionality to
Tor increases the chance that it will do neither job well, so here is
a proposal which I think does what you want, but avoids this problem.

The goal is to increase the cost for a Tor user to commit abuse on
Wikipedia. It doesn't need to be full-proof, but just enough to make
them go elsewhere. Wikipedia could require Tor users to log in before
making edits, and ban accounts if they do something bad. However the
cost of creating new accounts is not very high. The goal of this
proposal is to impose a cost on creating accounts which can be used
though Tor. Non-Tor access works as normal and the cost can be small,
just enough to reduce the incentive of abuse.

Suppose Wikipedia allowed Tor users to only read articles and create
accounts, but not able to change anything. The Tor user then goes to a
different website, call it the puzzle server. Here the Tor user does
some work, perhaps does a hashcash computation[1] or solves a
CAPTCHA[2], then enters the solution along with their new Wikipedia
username. The puzzle server (which may be run by Wikipedia or Tor
volunteers), records the fact that someone has solved a puzzle along
with the username entered. The puzzle server doesn't need the
Wikipedia password as there is no reason for someone to do work for
another person's account.

Now when that Tor user logs into their Wikipedia account to edit
something, the Wikipedia server asks the puzzle server whether this
account has ever solved a puzzle. If it has, the user can make the
edit, if not then the user is told to go to the puzzle server first.
This check can be very simple - just an HTTP request to the
puzzle server specifying the Wikipedia username, which returns yes
vs no, or 200 vs 403. For performance reasons this can be
cached locally. There is no cryptography here, and I don't think it is
needed, but it can be added without much difficulty.

If the Tor user starts committing abuse, his account is cancelled. The
puzzle server doesn't need to be told about this, as Wikipedia will
not let that user make any edits. The reason this approach avoids the
usual problems with proof-of-work schemes[3] is that good Tor users
only have to solve the puzzle once, just after they create the
account. Bad Tor users will need to solve another puzzle every time
they are caught and had their account cancelled.

So my question to Jimbo is: what type of puzzle do you think would be
enough to reduce abuse through Tor to a manageable level? The
difficulty of the puzzle can be tuned over time but what would be
necessary for Wikipedia to try this out?

Hope this helps,
Steven Murdoch.

Re: Wikipedia Tor

[Tyler Durden]

That's trivial: charge Tor-originated users for editing. That 0.0001% (all
three of them) that actually contributes to Wikipedia will be resourceful
enough to create untraceable payment accounts.


..and ensure that all future Tor-originated Wikipedia entries are about 
anonymous payments and transactions...


-TD

RE: [EMAIL PROTECTED]: [Geowanking] Google Earth Exposes the Indian Military]

[Tyler Durden]

Stupid assholes. Despite all the tech work in India going on, their military 
apparently didn't realize that the world changed a long time ago (way before 
Google). And if they can somehow block google, then I can merely purchase 
the photos on the black market from a private satellite.

-TD



From: Eugen Leitl [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [EMAIL PROTECTED]: [Geowanking] Google Earth Exposes the  
Indian Military]

Date: Wed, 28 Sep 2005 13:37:36 +0200

- Forwarded message from Shekhar Krishnan [EMAIL PROTECTED] -

From: Shekhar Krishnan [EMAIL PROTECTED]
Date: Wed, 28 Sep 2005 12:17:23 +0100
To: [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], fsf-friends@mm.gnu.org.in,
[EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED]
Cc:
Subject: [Geowanking] Google Earth Exposes the Indian Military
Organization: CRIT (Collective Research Initiatives Trust)
X-Mailer: Evolution 2.4.0
Reply-To: [EMAIL PROTECTED]

Dear All:

:: apologies for cross-posting ::

This has caused quite an uproar in Mumbai, and the consequences will be
interesting to follow.

To read more about open geo-data and free mapping initiatives in India,
see the Mumbai Free Map ( http://www.crit.org.in/projects/gis |
http://freemap.crit.org.in | http://www.freemap.in ).

Please also visit and sign the open geo-data manifesto hosted by the
Open Knowledge Foundation ( http://okfn.org/geo/manifesto.php ) and
visit Mapping Hacks ( http://www.mappinghacks.com ).


Best,


Shekhar
_

Google Earth exposes IAF bases

CHARLES ASSISI
TIMES NEWS NETWORK[ TUESDAY, SEPTEMBER 27, 2005 12:16:08 AM ]
http://timesofindia.indiatimes.com/articleshow/1243460.cms


MUMBAI: Legally, you aren???t supposed to come within arm???s length of
India???s military bases. Whether it is the naval dockyards in Mumbai or
the air force bases in New Delhi, Bangalore and Hyderabad, they continue
to be strictly out of bounds for unauthorised personnel.

But technology, unerringly, finds ways to subvert the law. A little over
two weeks ago, Google released fresh satellite images of New Delhi,
south Mumbai, Bangalore and Hyderabad as part of its new initiative,
Google Earth (  http://earth.google.com  ). These images, available to
anybody with access to the Net, provide users with images of earth from
space.

Punch New Delhi and the software first zooms in on Rashtrapati Bhavan.
After having taken a look at its lawns, take in a detailed perspective
of Parliament building. Maybe, fly over the Prime Minister???s residence.
And if that doesn???t satiates the voyeur in you, move over to Palam
Airport where IAF planes are based.

The level of detail even reveals the camouflage used to mask hangars.

Pictures of Mumbai reveal with numbing clarity the docks where INS
Viraat is berthed. Users can zoom close enough to take a reasonably good
look at the deck of India???s lone aircraft carrier. Browse around and you
can stroll past piers where warships of all kinds and submarines are
docked.

Pan across to take a long look at what lies beyond the fortified gates
of Navy Nagar where access is normally controlled by gun-wielding
guards. And if that isn???t enough, there are shots of a carrier under
construction, which sources speculate, could be the top secret advanced
technology vessel (ATV).

It???s much the same thing with Bangalore. The air force base at Yelahanka
with the jets and helicopters parked are available for all to view. And
if it???s the HAL factory you???re interested in, zoom right in.

--
__

Shekhar Krishnan
9, Supriya, 2nd Floor
709, Parsee Colony Road no.4
Dadar, Mumbai 400014
India

http://www.crit.org.in/members/shekhar
http://web.mit.edu/~shekhar/www

___
Geowanking mailing list
[EMAIL PROTECTED]
http://lists.burri.to/mailman/listinfo/geowanking

- End forwarded message -
--
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which 
had a name of signature.asc]

Re: [EMAIL PROTECTED]: Re: Hello directly from Jimbo at Wikipedia]

[Tyler Durden]

Oh...-that's- your point:


No, Wikipedia needs to realize that the IP address correlation they enjoy
outside of Tor is a happy accident, and that they should stop treating IP
addressess as user credentials.  If they want credentials, they need to
implement them.


Well, is it reasonable to expect a creature to evolve to an environment that 
doesn't exist yet?


On the other hand, I don't think the number of Tor IP addresses is anywhere 
near its hockeystick yet, and when it comes it will be changing far too fast 
for them to block.


So they will ultimately have to change their model, methinks.

-TD

Re: [EMAIL PROTECTED]: Re: Hello directly from Jimbo at Wikipedia]

[Tyler Durden]

Dont' agree here...



From: Steve Furlong [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [EMAIL PROTECTED]: Re: Hello directly from Jimbo at  
Wikipedia]

Date: Wed, 28 Sep 2005 09:41:34 -0400

On 9/28/05, Roy M. Silvernail [EMAIL PROTECTED] wrote:

A Wikiwhiner wrote

  I have valid although perhaps unpopular
  contributions to make, and not only is my freedom to express myself
  limited, the quality of the material on Wikipedia suffers due to the
  absence of my perspective.

Wow. Nice ego there.


If someone I knew wrote some detailed Wiki entries about Telecom DCC control 
channel protocol throughputs and attacks, he could objectively state that 
there would be very few people in the world up to the task. He might also 
want to maintain anonymity.


Shutting down this source of wiki entries means that the general flow of 
Wikipedia content has been altered slightly, but I would argue 
significantly.


I see no material issue with an individual claiming that the absence of his 
posts to Wiki is significant, even if this is in fact untrue for his 
particular case. The ego is not material to the essential point.


-TD

RE: [EMAIL PROTECTED]: Re: Wikipedia Tor]

[Tyler Durden]

Sorry...I don't understand...why would psuedonymity services be provided 
within Tor?


An external reputation/psuedonymity server would of course reduce a Tor 
users' anonymity to mere psuedonymity, but I don't see how it would do 
anything more, and who cares? If Wikipedia (or anyone) doesn't want to 
interact with the truly anonymous (as opposed to psuedonymous), then ah 
well.


Solution: Wait and do nothing until someone (commericially) provides such 
services.


Am I punchdrunk or stating the obvious?

-TD



From: Eugen Leitl [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [EMAIL PROTECTED]: Re: Wikipedia  Tor]
Date: Tue, 27 Sep 2005 21:57:50 +0200

- Forwarded message from Roger Dingledine [EMAIL PROTECTED] -

From: Roger Dingledine [EMAIL PROTECTED]
Date: Tue, 27 Sep 2005 15:54:38 -0400
To: [EMAIL PROTECTED]
Subject: Re: Wikipedia  Tor
User-Agent: Mutt/1.5.9i
Reply-To: [EMAIL PROTECTED]

On Tue, Sep 27, 2005 at 11:18:31AM -0400, Paul Syverson wrote:
 On Tue, Sep 27, 2005 at 10:27:58AM -0400, Matt Thorne wrote:
  everyone is so worried about it, but has any one ever been 
successfully

been
  able to use tor to effectively spam anyone?

 No. Cf.
 http://tor.eff.org/faq-abuse.html#WhatAboutSpammers

To be fair, this answer is yes. People have used Tor to deface Wikipedia
pages, along with Slashdot pages, certain IRC networks, and so on. I
think that counts as spam at least in a broad sense.

 A potential for cooperation is the proposal below for authenticated
 access to Wikipedia through Tor. I will not speak to any particular
 design here, but if Wikipedia has a notion of clients trusted to post
 to Wikipedia, it should be possible to work with them to have an
 authentication server that controls access to Wikipedia through Tor.

As I understand it, Jimmy is hoping that we will develop and maintain
this notion. We would run both halves of the Tor network, and when they
complain about a user, we would cut that user out of the authenticated
side.

Jimmy and I talked about Tor-and-Wikipedia many months ago, and the
conclusion was that they (mediawiki) would be willing to try a variety of
technological solutions to see if they work (i.e. cut down on vandalism
and aren't too much of a burden to run). My favorite is to simply have
certain address classes where the block expires after 15 minutes or
so. Brandon Wiley proposed a similar idea but where the block timeout is
exponentially longer for repeated abuse, so services that are frequently
blocked will stay blocked longer. This is great. But somebody needs to
actually code it.

Wikipedia already needs this sort of thing because of AOL IPs -- they
have similar characteristics to Tor, in that a single IP produces lots
of behavior, some good some bad. The two differences as I understand
them are that AOL will cancel user accounts if you complain loudly enough
(but there's constant tension here because in plenty of cases AOL decides
not to cancel the account, so Wikipedia has to deal some other way like
temporarily blocking the IP), and that it's not clear enough to the
Wikipedia operators that there *are* good Tor users.

(One might argue that it's hard for Wikipedia to change their perception
and learn about any good Tor uses, firstly because good users will
blend in and nobody will notice, and secondly because they've prevented
them all from editing so there are no data points either way.)

So I've been content to wait and watch things progress. Perhaps we will
find a volunteer who wants to help hack the mediawiki codebase to be more
authentication-friendly (or have more powerful blocking config options).
Perhaps we'll find a volunteer to help build the blind-signature
pseudonymous authenticated identity management infrastructure that Nick
refers to. Perhaps the Wikimedia operators will increasingly get a sense
that Tor has something to offer besides vandalism. (I presume this thread
re-surfaced because Tor users and operators are periodically telling
Wikipedia that they don't like being blocked.) Maybe we will come to
the point eventually that it makes sense to do something different than
blocking the Tor IP addresses from editing Wikipedia. (Which, we should
all remember compared the Gentoo forum situation, is a great step above
blocking them from both reading and writing.)

It could be that we never reach that point. Certain services on the
Internet (like some IRC networks) that are really prone to abuse are
probably doing the right thing by blocking all Tor users (and all AOL
users, and all open proxies, and ...). And we want to keep Tor easy
to block, or we're really going to start getting the other communities
angry at us.

In summary, I'm not too unhappy with the status quo for now. Tor needs
way more basic development / usability work still. In the absence of
actual volunteers-who-code on the side of Tor _or_ Wikipedia to resolve
the problem, I'm going to focus on continuing to make Tor better, so
down the road maybe we'll be able to 

Re: /. [How Chinese Evade Government's Web Controls]

[Tyler Durden]

What the heck are you doing there for three weeks? Buying some golden 
triangle goods?


I hear it's beautiful, however, but it's not like you took a direct 
international flight there...


-TD



From: Peter Thoenen [EMAIL PROTECTED]
To: Eugen Leitl [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: /. [How Chinese Evade Government's Web Controls]
Date: Tue, 27 Sep 2005 11:48:31 -0700 (PDT)

Chinese Web Controls and Tor ... a subject I happen to have close personal
experience with.  Just took a three week vacation to Dali, China and after
hitting the Great Firewall of China (tm), hopped over to the eff site,
downloaded tor and privoxy, and 10 minutes later was up and running 
bypassing
the supposed Great Firewall.  While I was at it, grabbed i2p and punched 
right

through also utilizing the i2p www proxy.

As much as folk want to rail against Tor for allowing malicious users to 
mask

their identity, it really does serve a higher purpose.

As for the WSJ article, EFF or I2P really needs advertise better.  Why pay
local Chinese Internet Cafe owners when you can punch right through for 
free.

Re: [EMAIL PROTECTED]: Wikipedia Tor]

[Tyler Durden]

What's the problem here? The Wikipedia guy sees lots of garbage coming out 
of IP address set {X} so he blocks said address set. Somewhat regrettable 
but no suprise, is it?


On the other hand, doesn't it seem a little -odd- that the Tor network is 
already being used in this way? Granted, even I the great Tyler Durden was 
able to get a Tor client up-and-running, but I find it suspicious that this 
early wave of Tor users also happen to have a high % of vandals...something 
stinks.


A very subtle attack, perhaps? If I were so-and-so, I consider it a real 
coup to stop the kinds of legitimate Wikipedia entries that might be made 
from Tor users. And if this is the case, you can bet that there are other 
obvious targets that have been hammered through Tor.


In other words, someone said, Two can play at this game.

-TD




From: Roy M. Silvernail [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [EMAIL PROTECTED]: Wikipedia  Tor]
Date: Tue, 27 Sep 2005 10:02:09 -0400

Quoting Eugen Leitl [EMAIL PROTECTED]:

 - Forwarded message from Arrakis Tor [EMAIL PROTECTED] -

 This is a conversation with Jimmy Wales regarding how we can get
 Wikipedia to let Tor get through.

 I completely fail to comprehend why Tor server operators consistently
 refuse to take responsibility for their crazed users.

On one hand, this shows a deep misunderstanding of Tor and its purposes. On 
the
other, I remain disappointed in the number of vandals that take advantage 
of

Tor and other anonymizing services. On the gripping hand, perhaps the Wiki
philosophy is flawed.
--
Roy M. Silvernail is [EMAIL PROTECTED], and you're not
It's just this little chromium switch, here. - TFT
SpamAssassin-procmail-/dev/null-bliss
http://www.rant-central.com

Re: Wired on Secrecy Power Sinks Patent Case

[Tyler Durden]

Nah...it wasn't half a million. It was a hell of a lot more, I suspect. Even 
a standard SC or APC connector cost $50 in those days, and from what I 
suspect this would be MUCH much more than that, and probably formed just one 
piece of a larger contract.


The odd thing about this case was that the judge ruled in favor of 
Lucent...the government wasn't even directly involved. Lucent made a ton of 
profit which this poor bastard didn't get dime one from. That's a lot 
different then allowing the government to use your IP.


-TD



From: Steve Schear [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: Wired on Secrecy Power Sinks Patent Case
Date: Sun, 25 Sep 2005 23:55:48 -0700

At 09:14 AM 9/20/2005, Tyler Durden wrote:

Very interesting CPunks reading, for a variety of reasons.

http://www.wired.com/news/technology/0,1282,68894,00.html?tw=wn_tophead_1

Of course, the fact that Lucent has been in shit shape financially must 
have nothing to do with what is effectively a state-sponsored protection 
of intellectual theft and profiting by Lucent (merely keeping the tech 
under wraps would have been possible in a closed-doors session. Remember 
that connectors can easily cost $50 per or more, so these guys were really 
ripped off and Lucent probably made out quite well.)


[Cross posted from another list]

Ian G [EMAIL PROTECTED] wrote:
What I don't understand about that case is that the
precedent already exists.  If a defendent declines
to defend by supplying documents then the judge does
not force them to do so in a civil case, instead the
award goes against them.

What is not clear is why the judge awarded in the
favour of the government.  By not supplying files,
they clearly indicated they were using the patent.
And even that wasn't ever in doubt.  He should have
just awarded summarily for the patent owners and
that would have been that.

And, it was only for a measly half million.  By
saving a half million in patent fees, Lucent and
the USG have reduced their reputation for fair
dealing, had the whole case blow up in their faces
and now we're all poking around looking for how
the patent was used by the _Jimmy Carter_

Re: [EMAIL PROTECTED]: [IP] Request: Check your cell phone to see if it's always transmitting your location [priv]]

[Tyler Durden]

Actually, depending on your App, this would seem to be th very OPPOSITE of a 
moot point.

-TD


From: Gregory Hicks [EMAIL PROTECTED]
Reply-To: Gregory Hicks [EMAIL PROTECTED]
To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: [EMAIL PROTECTED]: [IP] Request: Check your cell phone to  see 
if it's always  transmitting your location [priv]]

Date: Thu, 22 Sep 2005 10:11:10 -0700 (PDT)


 From: Tyler Durden [EMAIL PROTECTED]
 To: [EMAIL PROTECTED], [EMAIL PROTECTED]
 Subject: Re: [EMAIL PROTECTED]: [IP] Request: Check your cell phone to 
see if

it's always  transmitting your location [priv]]
 Date: Thu, 22 Sep 2005 12:56:33 -0400

 Are you sure?

No, but the phone now SAYS that location info is OFF except to E911...

Whether or not it actually IS turned off is a moot point.  How to check?

Regards,
Gregory Hicks

 -TD


 From: R.A. Hettinga [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Subject: Re: [EMAIL PROTECTED]: [IP] Request: Check your cell phone to  
see

 if   it's always transmitting your location [priv]]
 Date: Thu, 22 Sep 2005 10:05:31 -0400
 
 At 2:59 PM +0200 9/22/05, Eugen Leitl wrote:
  For my Treo phone, I found the location option under Phone
  Preferences in
  the Options menu of the main phone screen.
 
 Bada-bing!
 
 Fixed *that*.
 
 Cheers,
 RAH

---

I am perfectly capable of learning from my mistakes.  I will surely
learn a great deal today.

A democracy is a sheep and two wolves deciding on what to have for
lunch.  Freedom is a well armed sheep contesting the results of the
decision. - Benjamin Franklin

The best we can hope for concerning the people at large is that they
be properly armed. --Alexander Hamilton

Re: [EMAIL PROTECTED]: [IP] Request: Check your cell phone to see if it's always transmitting your location [priv]]

[Tyler Durden]

Are you sure?
-TD



From: R.A. Hettinga [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [EMAIL PROTECTED]: [IP] Request: Check your cell phone to  see  
if   it's always transmitting your location [priv]]

Date: Thu, 22 Sep 2005 10:05:31 -0400

At 2:59 PM +0200 9/22/05, Eugen Leitl wrote:
For my Treo phone, I found the location option under Phone
Preferences in
the Options menu of the main phone screen.

Bada-bing!

Fixed *that*.

Cheers,
RAH

--
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Wired on Secrecy Power Sinks Patent Case

[Tyler Durden]

Very interesting CPunks reading, for a variety of reasons.

http://www.wired.com/news/technology/0,1282,68894,00.html?tw=wn_tophead_1

Of course, the fact that Lucent has been in shit shape financially must have 
nothing to do with what is effectively a state-sponsored protection of 
intellectual theft and profiting by Lucent (merely keeping the tech under 
wraps would have been possible in a closed-doors session. Remember that 
connectors can easily cost $50 per or more, so these guys were really ripped 
off and Lucent probably made out quite well.)


Aside from this the links are worth pursuing vz Variola Suitcase type 
discussions.


I suspect that a thorough civilian analysis could reveal a lot about NSA's 
undersea operation. One thing I can see about this connector is that it does 
not require any visual orientation in order to mate the Bragg-angled fiber 
interfaces inside...other connectors either mismate if you're not careful, 
or require rotating the ferrule in order to get the notch to line up. 
(Low-loss fiber connectors are Bragg-angled in order to prevent 
reflections.) These might not be viable options at deep depths, indicating 
that some of their operation must be done extra-vehicular (though by humans 
or robots I can't yet tell.)


Their carrying on about HOW they select traffic is, I suspect, true: They 
must have some kind of control and switching network in some areas in order 
to select out some traffic, and I believe I've seen parts of this...the 
bandwidth is just too large to develop a complete 1:1 copy of everything, 
when we're talking middle-of-the-ocean-type applications. (And as I've also 
stated many times, I'd bet NSA has a HUGE risk analysis department to 
support the decisons about which traffic to grab.)


-TD

Re: Wired on Secrecy Power Sinks Patent Case

[Tyler Durden]

So if the state hasn't classified my data (and I kinda doubt they will), 
then it should be up for grabs by anyone suckin' down the dole?


-TD



From: Justin [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: Wired on Secrecy Power Sinks Patent Case
Date: Tue, 20 Sep 2005 18:54:23 +

On 2005-09-20T12:14:13-0400, Tyler Durden wrote:
 Very interesting CPunks reading, for a variety of reasons.

 
http://www.wired.com/news/technology/0,1282,68894,00.html?tw=wn_tophead_1


I'm sick of this mosaic theory being used to justify preventing access
to unclassified information.

--
War is the father of all and king of all, and some he shows as gods,
others as men; some he makes slaves, others free.  -Heraclitus DK-53

Tor Webhosting?

[Tyler Durden]

A few more Tor questions..

Are there yet commercial Tor web hosters? How much would this cost vs 
hosting one's own node? Since I assume the website actually resides on a 
single node, there is the slight problem of the node owner knowing, at 
least, that he had been paid to host X sites, on such-and-such dates...not 
optimal of course but not everyone in the world is going to want to run a 
Tor node just to put a site up (like me).


Also, there -is- a one-to-one mapping between Tor nodes and Tor-hosted 
sites, no? It's not like a site is cryptographically split into 
quasi-redundant pieces, placed on random servers, and then assembled on the 
fly when there's a request, right? Can Tor support such a thing in the 
future? (eg, Website file A is split into N partially redudant pieces and 
sent to N servers...the website can still be retrieved from any M pieces, 
where N=M.)


-TD

RE: The ghost of Tim May

[Tyler Durden]

I do suspect he still monitors Cypherpunks, however...many of my efforts to 
troll him out in the past have been successful, most particularly when I 
suggested that as a CP team building excersize we lay siege to his 
compound! (He uses an anonymizer once in a while to post.)

-TD



From: Trei, Peter [EMAIL PROTECTED]
To: Tyler Durden [EMAIL PROTECTED]
Subject: RE: The ghost of Tim May
Date: Fri, 9 Sep 2005 09:17:47 -0400

Tyler Durden wrote:
 Ulex Europae wrote...

 Okay, I've been in a hole in the ground for a few years.
 What happened
 to Tim May?

 May's ghost haunts and trolls lesser boards (and as an upper
 bound I admit
 CP ain't super-hot these days), where he is banished for all
 eternity, and
 where he is viewed as merely an old, crazy kook.

 I don't miss his racism and love of mass murder, but I sure miss his
 brilliant, destabilising ideas.

 -TD

Check misc.survivalism, scruz.general, ba.mountain-folk,
and (recently) neworleans.general.

I'm also dissapointed by the content of his posts; there
is little beyond the racism left.

Peter Trei

RE: [EMAIL PROTECTED]: [IP] Radio jamming in New Orleans during rescue operations]

[Tyler Durden]

What?
A pirate radio station in the Carribean is jamming broadcasts in New 
Orleans? I find that hard to believe.

-TD



From: Eugen Leitl [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [EMAIL PROTECTED]: [IP] Radio jamming in New Orleans during  rescue 
operations]

Date: Fri, 9 Sep 2005 17:39:32 +0200

- Forwarded message from David Farber [EMAIL PROTECTED] -

From: David Farber [EMAIL PROTECTED]
Date: Fri, 9 Sep 2005 08:25:43 -0400
To: Ip Ip ip@v2.listbox.com
Subject: [IP] Radio jamming in New Orleans during rescue operations
X-Mailer: Apple Mail (2.734)
Reply-To: [EMAIL PROTECTED]



Begin forwarded message:

From: Glenn S. Tenney CISSP CISM [EMAIL PROTECTED]
Date: September 8, 2005 3:24:45 PM EDT
To: [EMAIL PROTECTED]
Subject: Radio jamming in New Orleans during rescue operations


I saw this... For IP if you like:

http://www.waynemadsenreport.com/

September 2, 2005 -- Who is jamming communications in New Orleans? Ham
radio operators are reporting that communications in and around New
Orleans are being jammed. In addition, perplexed ham radio operators
who were enlisted by the Federal government in 911 are not being used
for hurricane Katrina Federal relief efforts. There is some
misinformation circulating on the web that the jamming is the result of
solar flares. Ham radio operators report that the flares are not the
source of the communications jamming.  If anyone at the National
Security Agency is aware of the source of the jamming, from direction
finding or satellite intelligence, please discretely contact me at
[EMAIL PROTECTED] (from a private or temporary email account).
In this case, the Bush administration cannot hide behind national
security and it is the duty of every patriotic American to report such
criminal activity to the press. Even though the information on the
jamming may be considered classified -- it is in the public interest to
disclose it. Also, the Federal Aviation Administration (FAA) is
reporting that no aircraft over New Orleans have been fired on over New
Orleans or anywhere else in the area. Are the reports of shots being
fired at aircraft an attempt by the Bush administration to purposely
delay the arrival of relief to the city's homeless and dying poor? The
neocons have turned New Orleans into Baghdad on the Mississipppi

New Orleans: Who is jamming communications and why?

UPDATE: We can now report that the jamming of New Orleans'
communications is emanating from a pirate radio station in the
Caribbean. The noise is continuous and it is jamming frequencies,
including emergency high frequency (HF) radios, in the New Orleans
area. The radio frequency jammers were heard last night, stopped for a
while, and are active again today. The Pentagon must locate the
positions of these transmitters and order the Air Force to bomb them
immediately.

However, we now have a new unconfirmed report that the culprit may be
the Pentagon itself. The emitter is an IF (Intermediate Frequency)
jammer that is operating south southwest of New Orleans on board a U.S.
Navy ship, according to an anonymous source. The jamming is
cross-spectrum and interfering with superheterodyne receiver
components, including the emergency radios being used in New Orleans
relief efforts. The jammed frequencies are:

72.0MHZ   (high end of Channel 4 WWL TV New Orleans)
45.0MHZ(fixed mobile)
10.245MHZ  (fixed mobile)
10.240 Mhz   (fixed mobile)
11.340 Mhz  (aeronautical mobile)
233 MHZ  (fixed mobile)
455 IF  (jammer)

A former DoD source says the U.S. Army uses a portable jammer, known
as WORLOCK, in Iraq and this jammer may be similar to the one that is
jamming the emergency frequencies.

UPDATE Sep. 3 -- A Vancouver, British Columbia Urban Search  Rescue
Team deployed to New Orleans reported that their satellite phones were
not working and they had to obtain other satellite phones to keep in
touch with their headquarters and other emergency agencies in British
Columbia.

There is a report on a ham radio web site that jamming is adversely
affecting the New Orleans emergency net on 14.265 Mhz.

If a U.S. Navy ship is, in fact, jamming New Orleans communications,
the crew must immediately shut down the jammer and take action against
the Commanding Officer.

***

We have just learned from a journalist in Mobile that yesterday,
Sprint blocked all cell phone calls from the Gulf Coast region to
points north and west. Calls were permitted between Alabama,
Mississippi, and Florida but no calls could be made to Washington, New
York, or Los Angeles

September 5, 2005 ...
Meanwhile, the communications jamming in the New Orleans area
continues. It is now being reported by  truck drivers on
Interstate-10 as affecting the Citizens' Band (CB) frequencies.



-
You are subscribed as [EMAIL PROTECTED]
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

- End forwarded 

RE: [EMAIL PROTECTED]: [IP] Internet phone wiretapping (Psst! The FBI is Having Trouble on the Line, Aug. 15)]

[Tyler Durden]

Like I said:

We need a WiFi VoIP over Tor app pronto! Let 'em CALEA -that-. Only then 
will the ghost of Tim May rest in piece.


Then again, the FBI probably loves hanging out in Starbucks anyway...

-TD



From: Eugen Leitl [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [EMAIL PROTECTED]: [IP] Internet phone wiretapping (Psst! The  FBI 
is Having Trouble on the Line, Aug. 15)]

Date: Wed, 7 Sep 2005 15:58:08 +0200

- Forwarded message from David Farber [EMAIL PROTECTED] -

From: David Farber [EMAIL PROTECTED]
Date: Wed, 7 Sep 2005 09:48:13 -0400
To: Ip Ip ip@v2.listbox.com
Subject: [IP] Internet phone wiretapping (Psst! The FBI is Having Trouble 
on

the Line, Aug. 15)
X-Mailer: Apple Mail (2.734)
Reply-To: [EMAIL PROTECTED]



Begin forwarded message:

From: Seth David Schoen [EMAIL PROTECTED]
Date: September 5, 2005 6:10:02 PM EDT
To: David Farber [EMAIL PROTECTED]
Cc: Donna Wentworth [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: [E-PRV] Internet phone wiretapping (Psst! The FBI is
Having Trouble on the Line, Aug. 15)


David Farber writes:


Can I get a copy for IP


The original article is at

http://www.time.com/time/archive/preview/0,10987,1090908,00.html
(subscription required)

Here's the letter we sent:

Your account of FBI efforts to embed wiretapping into the design of
new Internet communication technologies (Psst! The FBI is Having
Trouble on the Line, Notebook, August 15) is in error.

You claim that police can't tap into [Internet] conversations or
identify the location of callers, even with court orders.

That is false. Internet service providers and VoIP companies have
consistently responded to such orders and turned over information
in their possession. There is no evidence that law enforcement is
having any trouble obtaining compliance.

But more disturbingly, you omit entirely any reference to the
grave threat these FBI initiatives pose to the personal privacy
and security of innocent Americans. The technologies currently
used to create wiretap-friendly computer networks make the people
on those networks more pregnable to attackers who want to steal
their data or personal information. And at a time when many of our
most fundamental consititutional rights are being stripped away in
the name of fighting terrorism, you implicitly endorse opening yet
another channel for potential government abuse.

The legislative history of the Communications Assistance for Law
Enforcement Act (CALEA) shows that Congress recognized the danger
of giving law enforcement this kind of surveillance power in the
face of increasingly powerful and personally revealing
technologies
(H.R. Rep. No. 103-827, 1994 U.S.C.C.A.N. 3489, 3493 [1994] [House
Report]). The law explicitly exempts so-called information
services;
law enforcement repeatedly assured civil libertarians that the
Internet would be excluded. Yet the FBI and FCC have now betrayed
that promise and stepped beyond the law, demanding that Internet
software be redesigned to facilitate eavesdropping. In the coming
months, we expect the federal courts to rein in these dangerously
expansive legal intepretations.

--
Seth Schoen
Staff Technologist[EMAIL PROTECTED]
Electronic Frontier Foundationhttp://www.eff.org/
454 Shotwell Street, San Francisco, CA  94110 1 415 436 9333 x107



-
You are subscribed as [EMAIL PROTECTED]
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

- End forwarded message -
--
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which 
had a name of signature.asc]

Re: Tor VoIP, etc...

[Tyler Durden]

SQ wrote...


A Houston (TX, USA) public library? Could be next to impossible, as well
as excellent cause for revocation of your library card


Oh no! Loss of the Houston library card! My passport to knowledge!!!


criminal prosecution if caught.


Well, the idea would be not to get caught. I'm thinking basically of just 
adding one of those $40 Tor nubbins at the end of a USB cable and then 
tucking the nubbin under the carpet with a sign saying, DO NOT TOUCH. If 
it lasts a month then it might be money well spent, particularly if Al Qaeda 
successfully nukes DC.



Needless to say, I haven't tried. The
best you could do from Houston libraries would be a proxy accessed via
HTTPS. At one time you could telnet, but that has long since passed.


Damn. They blocked Telnet? They might as well just block TCP/IP. Do they do 
this by blocking the likely ports or by merely de-balling the protocol stack 
somehow? I assume Tor is smart enough to try various open ports


-TD

Re: Tor VoIP, etc...

[Tyler Durden]

Shawn Quinn wrote...


For the people that only route stuff like HTTP traffic through your Tor
node, it will be a benefit. If I'm IRCing and get routed through your
node, that's a different story (but it's no different than the bad old
days of IIP where people dropped off by the dozens when someone shut
down their computer). A Mixmaster remailer where the mail was transacted
at public Internet access points would be much more useful. It would
actually be funny if someone did this and named the node starbuck.


So: How hard would it be to surreptitiously install a Tor node into a 
computer at a public library?


-TD

Re: Perhaps the real reason why Chavez is being targeted?

[Tyler Durden]

While the US certainly has been interfering with Chavez
and generally trying to mess around in Venezuela for a while,
most of what's happening here is just that
Chavez is running off at the mouth for domestic political reasons.
(Pat Robertson was partly doing that also and partly just babbling.)


The leftist Z-mag had an interesting article about Chavez last month. 
Although most of Z-mag's articles are fairly silly leftwing ranting, you 
defiintely have a few in-the-trenches-type articles that show up every now 
and then. The article on Chavez is most interesting and strongly suggests 
that what Chavez is actually doing is trying to drive up the price Venezuela 
gets per barrel. Apparently, he's been successful, and most major oil 
companies (with the notable exception of Exxon) have recently signed very 
favorable contracts with his government. Also of interest is the 
proliferation of Chinese and other oil companies edging in next to the big 
US  UK oil firms that have traditionally dominated such deals.



The business about shipping oil to Jamaica is interesting;
he'd previously been talking about selling cheap gasoline
to poor US communities, which was high-grade political bullshit
that he had no mechanism for implementing, and quite amusing.


Maybe not quite bullshit after all...the major barrier to doing this (ie, 
shipping low cost oil to some contries and communities) was that the oil was 
in a form that required processing before it could be used (when I get home 
I'll try to look up the specifics). Only a few companies could do this and 
he now has such companies signed (one is Chinese, I think).



But fundamentally the US government's problem is that he's a leftist
who hangs out with Castro and has oil and likes to do
land reform and nationalize oil companies,
which is not the kind of thing that right-wing industrialists like.


Well, that's always the catch. Mao and (to a much lesser extent) Castro were 
effective guerilla warriors, but Mao had to die of old age in order for 
China to start developing itself (Cuba speaks for itself). Chavez seems to 
be spending a lot of the oil wealth on lots of social services which, though 
perhaps noble, is not sustainable. If Chavez were bright enough to use this 
$$$ to kick-start a modern economy his rhetoric would then prove to be much 
more than hot air.


In short, I'm not convinced Chavez is an idiot. From this vantage point I'd 
argue it's way too early to tell.


-TD

RE: [EMAIL PROTECTED]: Re: Tor on USB]

[Tyler Durden]

Fascinating little gizmo.

Got a question...sorry I'm just too f'in busy to keep up with this side, 
but...


How long will it take the Greater Tor Network to notice the existence of 
this little node?


In other words, if I go into a Starbucks with this thing, can my laptop or 
whatever start acting like a temporary Tor node?


That's a very fascinating concept: A temporary, transient Tor network. Any 
node on this network could cease to exist by the time someone tried to jam 
large portions of it. Or at least, their attacks would have to be a hell of 
a lot more flexible.


-TD



From: Eugen Leitl [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [EMAIL PROTECTED]: Re: Tor on USB]
Date: Tue, 30 Aug 2005 16:42:27 +0200

- Forwarded message from Paul Syverson [EMAIL PROTECTED] 
-


From: Paul Syverson [EMAIL PROTECTED]
Date: Tue, 30 Aug 2005 10:22:22 -0400
To: [EMAIL PROTECTED]
Cc: Paul Syverson [EMAIL PROTECTED]
Subject: Re: Tor on USB
User-Agent: Mutt/1.4.1i
Reply-To: [EMAIL PROTECTED]

You might also see the following commercial distribution that
bundles Tor, a tiny linux, and related software on a USB stick

http://www.virtualprivacymachine.com/products.html

Looks cool and got favorable reviews, but I haven't used or examined
it first hand. This is a pointer, not an endorsement.

-Paul


On Tue, Aug 30, 2005 at 12:47:32AM -0500, Arrakis Tor wrote:
 Interesting implementation. You could use it at a public terminal, a
 friend's computer, or for plausible deniability on your own computer.

 On 8/29/05, Shatadal [EMAIL PROTECTED] wrote:
  Arrakis Tor wrote:
   Can firefox be installed to run standalone whatsoever?
  
  
 
  Yep. Check out http://johnhaller.com/jh/mozilla/portable_firefox/ and
  http://portablefirefox.mozdev.org/
 

- End forwarded message -
--
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which 
had a name of signature.asc]

RE: [EMAIL PROTECTED]: [Politech] Montana Supreme Court justice warns Orwell's 1984 has arrived [priv]]

[Tyler Durden]

Supposedly, the tobacco companies have had commercial marijuana products 
ready forever (I've even seen photos, but I always suspected they were 
doctored up stoner's dreams).
The idea that the pharmaceutical companies would start actively researching 
new designer drugs is fascinating and scary...wait, scratch that scary, 
because it can't be scarier than drug-related crime in the US.


The New York Times Magazine had a fascinating story years back on the US's 
marijuana industry. it's apparently the #2 export crop and US pot technology 
is in some cases extremely, uh, high. They described growers with strings of 
apartments in various US states connected with sesnors to the internet. If 
any of the apartments showed signs of entry, the grower would never return. 
(Each apartment supposedly had low levels of crops to fly under certain 
state laws if they were ever caught.) No doubt some of those growers are 
good customers of RSA products!


-TD



From: Trei, Peter [EMAIL PROTECTED]
To: Tyler Durden [EMAIL PROTECTED], cypherpunks@minder.net,   
 [EMAIL PROTECTED]
Subject: RE: [EMAIL PROTECTED]: [Politech] Montana Supreme Court justice 
warns Orwell's 1984 has arrived [priv]]

Date: Tue, 23 Aug 2005 13:39:17 -0400

Tyler Durden writes:

 Yes, but the old question needs to be asked: How much of this
 crime would go away if crystal meth were legal?

Actually, if we ever managed to kill the culture of prohibition,
I suspect that crystal meth would be about as popular is bathtub
gin is today. It's terrible stuff.

I'd expect the big pharmas to start 'recreational drug' wings,
which would bring real research power to the problem of finding
highs which are fun, safe, affordable, and with minimal physical
addiction.

I need a new drug...

Peter Trei

Re: [EMAIL PROTECTED]: [Politech] Montana Supreme Court justice warns Orwell's 1984 has arrived [priv]]

[Tyler Durden]

Coderman wrote...


the state of oregon just passed a law (yet to be put into effect) that
requires a prescription from a doctor for all sudafed (pseudo
ephedrine) purchases.  the problem isn't drug addicts killing
themselves with corrosive fluids, as this would be a problem that
solves itself in short order, but rather that meth heads are idiotic
crime machines.  i've had numerous friends and acquaintances affected
by this (vehicles stolen or broken into, property damaged and/or
stolen, tweakers robbing at knife point, etc, etc) and it's getting
ridiculous*.


Yes, but the old question needs to be asked: How much of this crime would go 
away if crystal meth were legal? There's little doubt that the vast majority 
of drug-related crime stems not from some crazed crime spree but from issues 
relating to supply and demand. Legalizing drug XYZ no doubt drops the cost.


Then again, if we legalized a lot of drugs then what would all those 
corrections officers do for a living? Become airport security experts no 
doubt.


-TD

RE: [EMAIL PROTECTED]: [Politech] Montana Supreme Court justice warns Orwell's 1984 has arrived [priv]]

[Tyler Durden]

Holy Fuck we need some smarter people in this society.

OK, you threw away your trash. I see no inherent reason why someone else 
can't grab it. But INFORMATION about you isn't trash. Then again, you do 
throw away the photons that exit through your windows, so I guess cops 
should be able to stare at you through binoculars all the time and haul you 
in based on the photons you've thrown away.


Oh, and to take it further, police should have immediate, un-warranted 
access to the trashcan on your computer, at all times. Indeed, there 
should be a registry that constantly monitors what you're throwing away, 
because it's just (digital) trash, right?


As for crystal meth, I know I'm preaching to the choir here, but if I want 
to pour something from my chemistry set down my throat that shouldn't be 
anybody's business. The fact that it doesn't accidentally kill me and indeed 
gives me a buzz shouldn't be the sole provence of the pharmaceutical 
companies. After that, if you want to make laws about selling the stuff well 
that's a different matter.


-TD



From: Eugen Leitl [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [EMAIL PROTECTED]: [Politech] Montana Supreme Court justice  warns 
Orwell's 1984 has arrived [priv]]

Date: Fri, 19 Aug 2005 21:55:41 +0200

- Forwarded message from Declan McCullagh [EMAIL PROTECTED] -

From: Declan McCullagh [EMAIL PROTECTED]
Date: Fri, 05 Aug 2005 12:20:34 -0700
To: [EMAIL PROTECTED]
Subject: [Politech] Montana Supreme Court justice warns Orwell's 1984 has
arrived [priv]
User-Agent: Mozilla Thunderbird 1.0.2 (Macintosh/20050317)



http://news.com.com/2061-10796_3-5820618.html

Montana Supreme Court justice warns Orwell's 1984 has arrived
August 5, 2005 12:13 PM PDT

Believe it or not, it's perfectly legal for police to rummage through
your garbage for incriminating stuff on you -- even if they don't have a
warrant or court approval.

The Supreme Court of Montana ruled last month that police could conduct
a warrantless trash dive into the trash cans in the alley behind the
home of a man named Darrell Pelvit. The cops discovered pseudoephedrine
boxes -- a solvent with uses including the manufacture of
methamphetamine -- and Pelvit eventually ended up in prison.

Pelvit's attorney argued that his client had a reasonable expectation of
privacy in his trash, but the court rejected the argument and said the
trash was, well, meant to be thrown away.

What's remarkable is the concurring opinion of Montana Supreme Court
Justice James C. Nelson, who reluctantly went along with his colleagues
but warned that George Orwell's 1984 had arrived. We reproduce his
concurring opinion in full:

-Declan

--

Justice James C. Nelson concurs.

I have signed our Opinion because we have correctly applied existing
legal theory and constitutional jurisprudence to resolve this case on
its facts.

I feel the pain of conflict, however. I fear that, eventually, we are
all going to become collateral damage in the war on drugs, or terrorism,
or whatever war is in vogue at the moment. I retain an abiding concern
that our Declaration of Rights not be killed by friendly fire. And, in
this day and age, the courts are the last, if not only, bulwark to
prevent that from happening.

In truth, though, we area throw-away society. My garbage can contains
the remains of what I eat and drink. It may contain discarded credit
card receipts along with yesterday's newspaper and junk mail. It might
hold some personal letters, bills, receipts, vouchers, medical records,
photographs and stuff that is imprinted with the multitude of assigned
numbers that allow me access to the global economy and vice versa.

My garbage can contains my DNA.

As our Opinion states, what we voluntarily throw away, what we
discard--i.e., what we abandon--is fair game for roving animals,
scavengers, busybodies, crooks and for those seeking evidence of
criminal enterprise.

Yet, as I expect with most people, when I take the day's trash (neatly
packaged in opaque plastic bags) to the garbage can each night, I give
little consideration to what I am throwing away and less thought, still,
to what might become of my refuse. I don't necessarily envision that
someone or something is going to paw through it looking for a morsel of
food, a discarded treasure, a stealable part of my identity or a piece
of evidence. But, I've seen that happen enough times to
understand--though not graciously accept--that there is nothing sacred
in whatever privacy interest I think I have retained in my trash once it
leaves my control--the Fourth Amendment and Article II, Sections 10 and
11, notwithstanding.

Like it or not, I live in a society that accepts virtual strip searches
at airports; surveillance cameras; discount cards that record my
buying habits; bar codes; cookies and spywear on my computer; on-line
access to satellite technology that can image my back yard; and
microchip radio frequency identification devices already implanted 

Re: Gubmint Tests Passport RFID...

[Tyler Durden]

Actually, isn't that technically Spanish harlem?


Nope.


 Look for me: 6'1, 220 lbs and
 looking EXACTLY like someone would look after 7 years of GoJu 
training...I'm

 the guy even the locals won't fuck with.

I know many of those locals, and 7 years of GoJu aint gonna do shit for a
1200fps projectile.


Apparently you don't. You don't fuck with others they won't fuck with you, 
because someone you don't know could always be packin.


Actually, that corner would make a pretty nice kill zone as it's next to a 
big park with lots of bushes and few witnesses. Think about it, 
motherfucker.




 -Tyler Durden

Remember, L-IIIa is your friend. :-)


And SG IIIb yours.

-TD






--
Yours,

J.A. Terranson
[EMAIL PROTECTED]
0xBD4A95BF


I like the idea of belief in drug-prohibition as a religion in that it is
a strongly held belief based on grossly insufficient evidence and
bolstered by faith born of intuitions flowing from the very beliefs they
are intended to support.

don zweig, M.D.

Re: Gubmint Tests Passport RFID...

[Tyler Durden]

Sorry. Got you mixed up with the other dude.

You seem willing to back up any slams with facts  quotes, so all respect is 
given. A good fight strengthens us, a sniper smells of MwGs.


Sorry again.

-TD



From: J.A. Terranson [EMAIL PROTECTED]
To: Tyler Durden [EMAIL PROTECTED]
CC: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: Gubmint Tests Passport RFID...
Date: Thu, 18 Aug 2005 23:51:10 -0500 (CDT)

On Wed, 17 Aug 2005, Tyler Durden wrote:

 Gee whiz I'm scared. Look, since you're angling for some stats, come on 
over

 to New York. I'll meet you on the corner of 135th Street and St Nicholas
 Avenue (we call that neighborhood Harlem).

Actually, isn't that technically Spanish harlem?


 Look for me: 6'1, 220 lbs and
 looking EXACTLY like someone would look after 7 years of GoJu 
training...I'm

 the guy even the locals won't fuck with.

I know many of those locals, and 7 years of GoJu aint gonna do shit for a
1200fps projectile.

 -Tyler Durden

Remember, L-IIIa is your friend. :-)

--
Yours,

J.A. Terranson
[EMAIL PROTECTED]
0xBD4A95BF


I like the idea of belief in drug-prohibition as a religion in that it is
a strongly held belief based on grossly insufficient evidence and
bolstered by faith born of intuitions flowing from the very beliefs they
are intended to support.

don zweig, M.D.

Re: no visas for Chinese cryptologists

[Tyler Durden]

Hey...this looks interesting. I'd like to see the email chain before this.

While living in China I learned that whatever Jong Nan Hai most vociferously 
denies will almost certainly be true, so even Chinese Government propaganda 
is very interesting.


-TD



From: Dave Howe [EMAIL PROTECTED]
To: Email List: Cypherpunks [EMAIL PROTECTED]
Subject: Re: no visas for Chinese cryptologists
Date: Thu, 18 Aug 2005 17:33:01 +0100

Hasan Diwan wrote:
if the US wants to maintain  its fantasy, it will need a Ministry of Truth 
to

do so. Cheers, Hasan Diwan [EMAIL PROTECTED]
And the airing of government-issued news bulletins without attributation 
(or

indeed, anything from Fox News) doesn't convince you there already is one?

Re: Gubmint Tests Passport RFID...

[Tyler Durden]

Gee whiz I'm scared. Look, since you're angling for some stats, come on over 
to New York. I'll meet you on the corner of 135th Street and St Nicholas 
Avenue (we call that neighborhood Harlem). Look for me: 6'1, 220 lbs and 
looking EXACTLY like someone would look after 7 years of GoJu training...I'm 
the guy even the locals won't fuck with.


-Tyler Durden



From: Steve Thompson [EMAIL PROTECTED]
To: Tyler Durden [EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
Subject: Re: Gubmint Tests Passport RFID...
Date: Sat, 13 Aug 2005 15:20:54 -0400 (EDT)

--- Tyler Durden [EMAIL PROTECTED] wrote:

 Whaddya know. Thompson said something that didn't make me want to beat
 him to death...

Too bad for you that I cannot say the same about what you write.

  I have a different threat model.

 I've reached more or less the same conclusion. Or at least, incompetence
 may
 not be deliberate per se, but the byproduct of a system that needs to
 appear
 to care but is otherwise silently incented not to. Checking bags in the
 NYC
 transit system is the ultimate example of this: Completely, absolutely
 pointless in the face of a determined foe. (Meanwhile, of course,
 there's
 all sorts of state shennanegins that are possible through such an
 arrangement.)

No fucking shit.  Thanks for pointing this out to me.

 The obvious question is how much 9/11/01 is an example of this. For me,
 the
 conspiracy theories just don't quite add up (close though) but a
 moderately
 sharpened Occam's razor leads one to believe that some 'deliberate'
 holes
 were left open, which bin Laden, et al exploited. (I actually still
 believe
 that Bush didn't expect that level of damage, however.)

I don't know Bush, personally, and so I feel that it would be improper to
suggest that his unspoken cost-benefit analysis resulted in a particular
set of actions.

 As for the integrity of the money supply, I must succumb to temptation
 and
 question whether the Stalinst model of a demand economy (servicing an
 endless war on terror) hasn't been looked at by folks such as Wolfowitz,
 Cheney and so on.

Suckkumb all you want.


Regards,

Steve







__
Find your next car at http://autos.yahoo.ca

Gubmint Tests Passport RFID...

[Tyler Durden]

http://www.wired.com/news/privacy/0,1848,68451,00.html?tw=wn_tophead_2

And since one's passport essentially boils down to a chip, why not implant 
it under the skin?


As for the encryption issue, can someone explain to me why it even matters? 
It would seem to me that any on-demand access to one's chip-stored info is 
only as secure as the encryption codes, which would have to be stored and 
which will eventually become public, no matter how much the government 
says, Trust us...the access codes are secure.


Seems to me, the only way to secure the RFID encrypted info would be if the 
owner (uh, I mean the citizen unit) releases said info via a personal 
encryption code, known only to the user and not by ex-welfare Gate goons. 
But I seriously doubt that that is what the government is thinking about. 
(ie, they want to be able to read your RFID wihtout you having to perform 
any additional actions to release the information.)


The only way I see it making a difference is perhaps in the physical 
layer...encryption + shielding is probably a lot more secure than encryption 
without shielding, given an ID phisher wandering around an airport with a 
special purpose briefcase.


-TD

Re: Gubmint Tests Passport RFID...

[Tyler Durden]

Whaddya know. Thompson said something that didn't make me want to beat him 
to death...



I have a different threat model.  I suggest that incompetence is _often_
deliberate and, at least to those who orchestrate such things, is designed
to leave or provide cracks in arbitrary systesm that will be expoited.
This may be defensible in cases where someone wants to encourage child
molesters to expose their operations to sophisticated intelligence and
surveillance activities, but is harder to defend when such policies affect
the integrity of the money supply, or the transportation infrastructure,
or 


I've reached more or less the same conclusion. Or at least, incompetence may 
not be deliberate per se, but the byproduct of a system that needs to appear 
to care but is otherwise silently incented not to. Checking bags in the NYC 
transit system is the ultimate example of this: Completely, absolutely 
pointless in the face of a determined foe. (Meanwhile, of course, there's 
all sorts of state shennanegins that are possible through such an 
arrangement.)


The obvious question is how much 9/11/01 is an example of this. For me, the 
conspiracy theories just don't quite add up (close though) but a moderately 
sharpened Occam's razor leads one to believe that some 'deliberate' holes 
were left open, which bin Laden, et al exploited. (I actually still believe 
that Bush didn't expect that level of damage, however.)


As for the integrity of the money supply, I must succumb to temptation and 
question whether the Stalinst model of a demand economy (servicing an 
endless war on terror) hasn't been looked at by folks such as Wolfowitz, 
Cheney and so on.


-TD

RE: [fc-announce] CFP FC'06: Financial Cryptography and Data Security

[Tyler Durden]

Your telling me there's someone in Telcordia these days that does something 
interesting in the cryptograhy field? Or is that his personal hobby...


-TD


From: R.A. Hettinga [EMAIL PROTECTED]
To: cryptography@metzdowd.com, [EMAIL PROTECTED]
Subject: [fc-announce] CFP FC'06: Financial Cryptography and Data  Security
Date: Tue, 2 Aug 2005 21:23:28 -0400

--- begin forwarded text


 To: [EMAIL PROTECTED]
 From: Avi Rubin [EMAIL PROTECTED]
 Subject: [fc-announce] CFP FC'06: Financial Cryptography and Data 
Security

 Sender: [EMAIL PROTECTED]
 Date: Tue, 2 Aug 2005 13:58:29 -0400

 x-flowed
 Call for Papers

  FC'06: Financial Cryptography and Data Security
   http://fc06.ifca.ai/

  Tenth International Conference
   February 27 to March 2, 2006
   Anguilla, British West Indies

  Submissions Due Date: October 17, 2005

 Program Chairs: Giovanni Di Crescenzo (Telcordia)
  Avi Rubin (Johns Hopkins University)

 General Chair: Patrick McDaniel (Penn State University)

 Local Arrangements Chair: Rafael Hirschfeld (Unipay Technologies)

 At its 10th year edition, Financial Cryptography and Data Security
 (FC'06) is a well established and major international forum for
 research, advanced development, education, exploration, and debate
 regarding security in the context of finance and commerce. We will
 continue last year's augmentation of the conference title and expansion
 of our scope to cover all aspects of securing transactions and systems.
 These aspects include a range of technical areas such as: cryptography,
 payment systems, secure transaction architectures, software systems and
 tools, user and operator interfaces, fraud prevention, secure IT
 infrastructure, and analysis methodologies. Our focus will also
 encompass financial, legal, business and policy aspects. Material both
 on theoretical (fundamental) aspects of securing systems, on secure
 applications and real-world deployments will be considered.

 The conference goal is to bring together top cryptographers,
 data-security specialists, and scientists with economists, bankers,
 implementers, and policy makers. Intimate and colorful by tradition,
 the FC'06 program will feature invited talks, academic presentations,
 technical demonstrations, and panel discussions. In addition, we will
 celebrate this 10th year edition with a number of initiatives, such as:
 especially focused session, technical and historical state-of-the-art
 panels, and one session of surveys.

 This conference is organized annually by the International Financial
 Cryptography Association (IFCA).

 Original papers, surveys and presentations on all aspects of financial
 and commerce security are invited. Submissions must have a visible
 bearing on financial and commerce security issues, but can be
 interdisciplinary in nature and need not be exclusively concerned with
 cryptography or security. Possible topics for submission to the various
 sessions include, but are not limited to:

 Anonymity and Privacy   Microfinance and
 AuctionsMicropayments
 Audit and Auditability  Monitoring, Management and
 Authentication and  Operations
 Identification, including   Reputation Systems
 Biometrics  RFID-Based and Contactless
 Certification and   Payment Systems
 Authorization   Risk Assessment and
 Commercial CryptographicManagement
 ApplicationsSecure Banking and Financial
 Commercial Transactions and Web Services
 Contracts   Securing Emerging
 Digital Cash and PaymentComputational Paradigms
 Systems Security and Risk
 Digital Incentive and   Perceptions and Judgments
 Loyalty Systems Security Economics
 Digital Rights Management   Smart Cards and Secure
 Financial Regulation andTokens
 Reporting   Trust Management
 Fraud Detection Trustability and
 Game Theoretic Approaches toTrustworthiness
 SecurityUnderground-Market Economics
 Identity Theft, Physhing andUsability and Acceptance of
 Social Engineering  Security Systems
 Infrastructure Design   User and Operator Interfaces
 Legal and Regulatory Issues Voting system security

   Submission Instructions

 Submission Categories

 FC'06 is inviting submissions in four categories: (1) research papers,
 (2) systems and applications presentations, (3) panel sessions, (4)
 surveys. For all accepted submissions, at least one author must attend
 the conference and present the work.

 Research Papers

 Research papers should describe novel scientific contributions to the
 field, and they will be subject to rigorous peer review. Papers can be
 a maximum of 15 

RE: Prosecutors: CIA agents left trail

[Tyler Durden]

Reverse Rendition?

Here's where Liberals can take a stand...let's round up some of these 
fuckers and stuff 'em in a shipping container on a Chinese barge to Italy.


I've done a quick google search and I've only found a couple of the names. 
Is the complete list available?


-TD


From: Eugen Leitl [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Prosecutors: CIA agents left trail
Date: Wed, 3 Aug 2005 15:22:04 +0200

http://www.cnn.com/2005/WORLD/europe/07/28/cia.phonetrail.ap/index.html

Prosecutors: CIA agents left trail
Cellphone calls blew their cover

Thursday, July 28, 2005; Posted: 8:05 p.m. EDT (00:05 GMT)

ROME, Italy (AP) -- It wasn't their lavish spending in luxury hotels, their
use of credit cards or even frequent-flier miles that drew attention. 
Instead

it was a trail of casual cellphone use that tripped up the 19 purported CIA
operatives wanted by Italian authorities in the alleged kidnapping of a
radical Muslim cleric.

Italian prosecutors who have obtained arrest warrants for the 19 -- none of
whom are believed to be in Italy -- presented evidence that the suspects 
used

at least 40 Italian cell phones, some in their own names.

Experts say that either they were bumbling spies, or they acted with 
impunity

because Italian officials had been informed of their plan -- a claim the
government of Premier Silvio Berlusconi has publicly denied on several
occasions. (Full story)

If these were really CIA agents they've made a disaster, said Andrea 
Nativi,

research director for the Rome-based Military Center for Strategic Studies.
They strained relations between Italy and the U.S. and between the CIA and
Italian intelligence agencies.

Italian judges issued a first batch of warrants last month for 13 Americans
accused of abducting Osama Moustafa Hassan Nasr, known as Abu Omar, on a 
Milan

street on February 17, 2003.

Another court this week issued another six warrants for a group the
prosecution claims planned the abduction. (Full story)
Vulnerable cellphones

The Egyptian cleric was flown from Aviano, a joint U.S.-Italian air base 
north

of Venice, to Ramstein Air Base in Germany and then to Egypt, where he was
reportedly tortured. The operation purportedly was part of the CIA's
extraordinary rendition program, in which terror suspects are transferred 
to

third countries without court approval.

In his request for the latest warrants, prosecutor Armando Spataro wrote 
that
an analysis of mobile phone traffic showed that most of them were present 
on

the route that Abu Omar habitually took from his home to a Milan mosque,
including in the days before the kidnapping.

A track of their cell phones also showed them on those streets nearly 100
times during the month before Abu Omar's disappearance, the prosecutor 
said.
He concluded that the six were part of a single group of Americans who 
came

to Milan to carry out the operation.

Why they would use their cell phones so openly has baffled experts,
particularly since prosecutors are certain that not all the names of the 19
suspects are aliases.

One has been identified by prosecutors as the former CIA station chief in
Milan, Robert Seldon Lady, who owns a retirement home in wine country in 
Asti,
near Turin. Though police didn't find Lady there when they raided the 
house,

they did discover a list of hotels where U.S. government employees received
discounts, including hotels where prosecutors contend the suspects stayed.

Another person on the list has the same name as a man who now works at the
U.S. Embassy in Tanzania.

Unless the power or the wireless antenna is turned off, a mobile phone 
remains
in constant contact with the nearest cell towers even when it's not being 
used
for a call. Information processed by the cells can be used to precisely 
locate

or track the movements of a phone user.

Nativi, the military expert, called the use of regular cell phone accounts 
a

huge weakness in the operation.

It would have been more difficult to track anonymous prepaid cards, 
satellite

phones or radios, he said.

The wireless system used in Italy and most of the rest of Europe relies on 
a

stamp-sized smart card that is inserted in the back of every handset. This
removable SIM card stores an individual's phone number and other account
data.

A unique numerical identifier is assigned to every phone and every SIM, 
said
Bruno Errico, director of consulting for Openwave Global Services, a 
company
that provides tracking applications and other software to wireless 
companies

worldwide.

Wireless companies are obliged by law to keep records of the unique data 
that

each phone exchanges with the cell network as well as the numbers to which
calls are placed, he said.

Since a phone is served by several cells at any given time, investigators 
can

easily triangulate the location of a device, Errico said. In an urban area,
where the network of cells is dense and overlapping, such tracking can have 
a

margin of error of just a few yards.

Re: [Clips] Finger points to British intelligence as al-Qaeda websites are wiped out

[Tyler Durden]

Actually, I did know that 300Mb/sec isn't super-huge for Denial of Service 
attacks at least, but this is an obscure Tor node. Someone attacking it at 
this stage in the game has a real agenda (perhaps they want to see if 
certain websites get disrupted? Does Tor work that way for short-ish periods 
of time?)


At 4Gb/s into the router, I'd guess that router is hooked up to 2 GbEs 
mapped over a pair of OC-48s (Sounds a lot like the architecture Cisco has 
sold certain GbE-centered Datapipe providers.) Your attacker might actually 
be interested in pre-stressing the infrastructure in front of that router.


Just a guess, but I'm stupid after all.

-TD


From: Eugen Leitl [EMAIL PROTECTED]
To: Dan McDonald [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED]
Subject: Re: [Clips] Finger points to British intelligence as al-Qaeda  
websites are wiped out

Date: Tue, 2 Aug 2005 10:15:49 +0200

On Mon, Aug 01, 2005 at 05:12:38PM -0400, Dan McDonald wrote:

 I'm surprised that the target node has that much INBOUND bandwidth, 
quite

 frankly.

The node itself has only a Fast Ethernet port, but there's
some 4 GBit available outside of the router.

I'm genuinely glad the node has been taken offline as soon
as the traffic started coming in in buckets, and I didn't
have to foot the entire bill (the whole incident only
cost me 20-30 GByte overall as far as I can tell).

--
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which 
had a name of signature.asc]

RE: [Clips] Finger points to British intelligence as al-Qaeda websites are wiped out

[Tyler Durden]

Gee, that's great. A global organization that has taken the task of 
worldwide censorship into its sweaty little hands.


Did the google cache'd versions of these sites dissappear too?

Tor networks, anyone?

-TD


From: R.A. Hettinga [EMAIL PROTECTED]
To: cryptography@metzdowd.com, [EMAIL PROTECTED]
Subject: [Clips] Finger points to British intelligence as al-Qaeda   
websites are wiped out

Date: Sat, 30 Jul 2005 23:02:53 -0400

--- begin forwarded text


 Delivered-To: [EMAIL PROTECTED]
 Date: Sat, 30 Jul 2005 23:01:38 -0400
 To: Philodox Clips List [EMAIL PROTECTED]
 From: R.A. Hettinga [EMAIL PROTECTED]
 Subject: [Clips] Finger points to British intelligence as al-Qaeda 
websites

  are wiped out
 Reply-To: [EMAIL PROTECTED]
 Sender: [EMAIL PROTECTED]

 http://www.timesonline.co.uk/printFriendly/0,,1-523-1715166-523,00.html

 The Times of London

 July 31, 2005

 Finger points to British intelligence as al-Qaeda websites are wiped out
 Over the past fortnight Israeli intelligence agents have noticed 
something
 distinctly odd happening on the internet. One by one, Al-Qaeda's 
affiliated
 websites have vanished until only a handful remain, write Uzi Mahnaimi 
and

 Alex Pell.

 Someone has cut the line of communication between the spiritual leaders 
of
 international terrorism and their supporters. Since 9/11 the websites 
have

 been the main links to disseminate propaganda and information.

 The Israelis detect the hand of British intelligence, determined to 
torpedo

 the websites after the London attacks of July 7.

 The web has become the new battleground of terrorism, permitting a 
freedom

 of communication denied to such organisations as the IRA a couple of
 decades ago.

 One global jihad site terminated recently was an inflammatory Pakistani
 site, www.mojihedun.com, in which a section entitled How to Strike a
 European City gave full technical instructions. Tens of similar sites, 
some

 offering detailed information on how to build and use biological weapons,
 have also been shut down. However, Islamic sites believed to be 
moderate,

 remain.

 One belongs to the London-based Syrian cleric Abu Basir al-Tartusi, whose
 www.abubaseer.bizland.com remained operative after he condemned the 
London

 bombings.

 However, the scales remain weighted in favour of global jihad, the first
 virtual terror organisation. For all the vaunted spying advances such as
 tracking mobile phones and isolating key phrases in telephone
 conversations, experts believe current technologies actually play into 
the

 hands of those who would harm us.

 Modern technology puts most of the advantages in the hands of the
 terrorists. That is the bottom line, says Professor Michael Clarke, of
 King's College London, who is director of the International Policy
 Institute.

 Government-sponsored monitoring systems, such as Echelon, can track vast
 amounts of data but have so far proved of minimal benefit in preventing, 
or
 even warning, of attacks. And such systems are vulnerable to 
manipulation:

 low-ranking volunteers in terrorist organisations can create background
 chatter that ties up resources and maintains a threshold of anxiety. 
There

 are many tricks of the trade that give terrorists secure digital
 communication and leave no trace on the host computer.

 Ironically, the most readily available sources of accurate online
 information on bomb-making are the websites of the radical American
 militia. I have not seen any Al-Qaeda manuals that look like genuine
 terrorist training, claims Clarke.

 However, the sobering message of many security experts is that the
 terrorists are unlikely ever to lose a war waged with technology.

 --
 -
 R. A. Hettinga mailto: [EMAIL PROTECTED]
 The Internet Bearer Underwriting Corporation http://www.ibuc.com/
 44 Farquhar Street, Boston, MA 02131 USA
 ... however it may deserve respect for its usefulness and antiquity,
 [predicting the end of the world] has not been found agreeable to
 experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
 ___
 Clips mailing list
 [EMAIL PROTECTED]
 http://www.philodox.com/mailman/listinfo/clips

--- end forwarded text


--
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
When the hares made speeches in the assembly and demanded that all should
have equality, the lions replied, Where are your claws and teeth?  --
attributed to Antisthenes in Aristotle, 'Politics', 3.7.2

Re: [Clips] Finger points to British intelligence as al-Qaeda websites are wiped out

[Tyler Durden]

What?!! 300MB/s for a Tor node? OK, I'm a telecom guy and not a data guy but 
that sounds suspiciously like someone loaded up an OC-3's worth of traffic 
and then slammed your node. Ain't no hacker gonna do that. Any indication 
the ostensible originating IP addresses are faked?


-TD




From: Eugen Leitl [EMAIL PROTECTED]
To: Tyler Durden [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: [Clips] Finger points to British intelligence as al-Qaeda  
websites are  wiped out

Date: Mon, 1 Aug 2005 17:15:17 +0200

On Mon, Aug 01, 2005 at 10:54:26AM -0400, Tyler Durden wrote:

 Tor networks, anyone?

Caveat when running Tor on a production machine, I got DDoS'd
recently with some ~300 MBit/s. (Yes, my exit policy didn't
contain IRC).

--
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which 
had a name of signature.asc]

Re: Well, they got what they want...

[Tyler Durden]

That's an old pattern to character assassins: I've attacked you publically 
but I really don't want to have defend what I've said or reply to 
suggestions about my own motivation.


Great. Fuck you too. Hope the new Stazi grab you while you bitch and 
complain and do nothing.


-TD


From: Steve Thompson [EMAIL PROTECTED]
To: Tyler Durden [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: Well, they got what they want...
Date: Sat, 30 Jul 2005 16:32:57 -0400 (EDT)


--- Tyler Durden [EMAIL PROTECTED] wrote:

 Well, apparently you haven't been getting any of my posts to the
 Al-Qaeda
 node, otherwise the context would be clear.

I'm not even going to bother with you anymore.  Your motivation is quite
clear enough, and any further bad-faith back-and-forth on your part would
be superfluous to the task of proving that you won't be serious when you
reply to my messages.


Regards,

Steve



__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

Re: Well, they got what they want...

[Tyler Durden]

Well, apparently you haven't been getting any of my posts to the Al-Qaeda 
node, otherwise the context would be clear.


As for...


 Local authorities, however, can take these differences as meaningful and
 act
 upon them.

Yes they can.  But should they?



From their perspective? Of course. Increased civilian fear=increased job 
security. That's the whole name of this game here, and probably a big 
(though arguably unconscious) motivation for the Iraq war. Peace is bad 
business for the military industrial complex.



Clue: JBT = Jack-booted thug.  Within the cypherpunks list membership,
this is usually an identifier referring to people working for the
so-called law-enforcement arm of a government -- particulaly one of the
federal-level agencies whose personnel believe themselves to be entitled
to dictate terms of existence to mere mortals.


Huh? I've been on the list since 2001 and this may be the first I've seen 
this acronym. meanwhile, I'm the guy who initiated the Stash Burn thread 
amongst a myriad of enabling ideas, whereas the only stuff I've seen come 
through with your name on it is second hand, Hettinga-esque reporting 
(though Hettinga's has auto-edited himself to the point of being fairly 
interesting of late). So I can only wonder as to your motivation here, Mr 
JBT.



I think you would better serve yourself if you were employed doing
something productive as opposed to being occupied doing something that
merely seems productive.


This is where I suspect that you're on the Rock. A thought is not coherent 
merely because you can express it in grammatically correct sentences.


-TD

RE: [Clips] Russia's Biggest Spammer Brutally Murdered in Apartment

[Tyler Durden]

Any indication he was bludgeoned with a can of spam?

-TD





From: R.A. Hettinga [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [Clips] Russia's Biggest Spammer Brutally Murdered in Apartment
Date: Mon, 25 Jul 2005 23:09:11 -0400

--- begin forwarded text


 Delivered-To: [EMAIL PROTECTED]
 Date: Mon, 25 Jul 2005 23:08:30 -0400
 To: Philodox Clips List [EMAIL PROTECTED]
 From: R.A. Hettinga [EMAIL PROTECTED]
 Subject: [Clips] Russia's Biggest Spammer Brutally Murdered in Apartment
 Reply-To: [EMAIL PROTECTED]
 Sender: [EMAIL PROTECTED]

 http://mosnews.com/news/2005/07/25/spammerdead.shtml


  - NEWS - MOSNEWS.COM

 Russia's Biggest Spammer Brutally Murdered in Apartment
 Created: 25.07.2005 13:14 MSK (GMT +3), Updated: 14:24 MSK, 16 hours 33
 minutes ago
 MosNews


 Vardan Kushnir, notorious for sending spam to each and every citizen of
 Russia who appeared to have an e-mail, was found dead in his Moscow
 apartment on Sunday, Interfax reported Monday. He died after suffering
 repeated blows to the head.

 Kushnir, 35, headed the English learning centers the Center for American
 English, the New York English Centre and the Centre for Spoken English, 
all
 known to have aggressive Internet advertising policies in which millions 
of

 e-mails were sent every day.

 In the past angry Internet users have targeted the American English 
centre
 by publishing the Center's telephone numbers anywhere on the Web to 
provoke
 telephone calls. The Center's telephone was advertised as a contact 
number

 for cheap sex services, or bargain real estate sales.

 Another attack involved hundreds of people making phone calls to the
 American English Center and sending it numerous e-mails back, but Vardan
 Kushnir remained sure of his right to spam, saying it was what e-mails 
were

 for.

 Under Russian law, spamming is not considered illegal, although lawmakers
 are working on legal projects that could protect Russian Internet users
 like they do in Europe and the U.S.

 --
 -
 R. A. Hettinga mailto: [EMAIL PROTECTED]
 The Internet Bearer Underwriting Corporation http://www.ibuc.com/
 44 Farquhar Street, Boston, MA 02131 USA
 ... however it may deserve respect for its usefulness and antiquity,
 [predicting the end of the world] has not been found agreeable to
 experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
 ___
 Clips mailing list
 [EMAIL PROTECTED]
 http://www.philodox.com/mailman/listinfo/clips

--- end forwarded text


--
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: Well, they got what they want...

[Tyler Durden]

This premise, however, depends somewhat on the observation that the
so-called left and right-wing divisions of the political spectrum are
largely illusory.  The most strident critics of diametric political
opposites in the press and elsewhere would disagree, but their very
occupations are rather dependent upon the perception that the evident
differences in ideology are more than superficial.  But as far as I'm
concerned, there is no meaningful difference in most cases.


Yeah...the reason you know to say that is because I just made that point. 
Local authorities, however, can take these differences as meaningful and act 
upon them.



 Is this paranoid?

Yes, but in the wrong way.  Which makes you either an idiot or a JBT
troll.  Possibly both.


What the fuck are you talking about? I don't have a clue.


Uh-huh.  Y'know the police planted a stupid story in the local media here
(toronto) not too long ago.  They said that some wack-job had been
deterred from going on a psychotic rampage with his evil guns because he
met a friendly dog in a park, and that the dog made him re-assess his
homocidal/suicidal ideation.  I imgaine the people who thought that one up
should cut down on their intake of hallucinogens and laughing gas.


Well, maybe up in Canada. Such a story would be seen as very meaningful here 
in most of the States, proof that we're responding correctly. In other 
words, as stupid as Canadians can be, Americans are often far stupider. And 
more belligerent, too, which is why we're in this mess.


-TD

Re: Well, they got what they want...

[Tyler Durden]

John Kelsey wrote...


I think the reality is a bit different.  The random searches
won't keep someone who's planning an attack from trying to
carry it out, but it may delay their attack, if they made
plans based on the old security setup, not the new one.  It
may also convince them to shift the attack to a new target.

--John



Well, I think even this is rather optimistic.
This morning I took the LIRR into Penn Station, where random searches were 
being performed (I didn't actually see one). The silly damn thing is that 
the searches are done -there-, in Penn Station, rather than at the outlying 
stations. Is that a b-o-m-b, sir? Sure is...KABOOM. And down comes 
Madison Square Garden and a major transportation hub.


And for this silly shit we sacrificed our civil rights?

Re: Well, they got what they want...

[Tyler Durden]

From: Steve Thompson [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: Well, they got what they want...
Date: Sat, 23 Jul 2005 16:01:30 -0400 (EDT)

--- Tyler Durden [EMAIL PROTECTED] wrote:

 ...I'm sure most are aware that random searches has begun here in NYC,
 at subway stations and in the LIRR. Contraband (drugs, etc...) can get
 the owner arrested. The next step, of course, will be to start grabbing
 anyone carrying terrorist propaganda, such as the Qu'ran, leaflets,
 or even the New York Times.

You fucking 'tard; nobody is going to be arrested for carrying a copy of
the NYT.


Well, if you're saying what I think you're saying, I'm still not so sure. 
Lies of the Times indeed...the Times Liberal compared to NYPost, 
etc...is like Kodos compared to Kang.


BUT, -local- authorities just might declare it Liberal Propaganda. Or 
worse, ANY litereature (left, right) will be suspect.


Is this paranoid? A year or two I would have thought so. But things have 
gotten so out of wack that anything goes. Cellphones, of course, are the 
latest scary devices, and here in NYC the towers for them are down in key 
infrastructural places. I could easily see that being expanded into the Wall 
Street/downtown area, where we already have multiple barricades and machine 
gun armed cops.


Saw a local security expert on the news, and he stated the obvious: Random 
searches and whatnot are going to do zero for someone determined, but 
might deter someone who was thinking about blowing up the A train. In 
other words, everyone here in NYC knows that we've given up a lot for the 
sake of the appearence of security, but no one seems to give a damn.

Well, they got what they want...

[Tyler Durden]

..I'm sure most are aware that random searches has begun here in NYC, at 
subway stations and in the LIRR. Contraband (drugs, etc...) can get the 
owner arrested.
The next step, of course, will be to start grabbing anyone carrying 
terrorist propaganda, such as the Qu'ran, leaflets, or even the New York 
Times.


The sad thing is that it is still absurdly easy to get whatever you want 
into the subways. For one, not every station has any kind of significant 
police presence (funny, but the Chambers street station this morning had 
multiple possible places where someone could enter with a backpack, despite 
the fact that it opens directly inside Ground Zero and the path Trains to 
New Jersey). But even if there were police everywhere, there are still many 
places between stations where someone determined could enter.


OK, OK...so the police are deterrents against a few lone crazy copycats, who 
don't have enough sense to enter away from police line-of-site. But it sure 
seems damned silly to be giving up constitutional protection for the sake of 
an image of protection.

RE: Paintball Terrorist Sentenced

[Tyler Durden]

Quit inciting me to bake US troops into pies. I didn't want to do it, but 
you made such a convincing argument that I just had to. it's all your fault: 
You FORCED me to bake Corp Anderson and Lieutenant Sanders into pies. (Well, 
I actually didn't bake them in pies but baked some GI Joe action figures 
into pies, but that's the same thing after all: It's the thought that 
counts.)


-TD





From: Eric Cordian [EMAIL PROTECTED]
To: cypherpunks@minder.net
Subject: Paintball Terrorist Sentenced
Date: Wed, 13 Jul 2005 09:16:55 -0700 (PDT)

I'd just like to say that the American troops who carried out Bush's
illegal war in Iraq, which killled 100,000 Iraqi civilians, are war
criminals, and I'd like to encourage all of AmeriKKKa's victims to capture
them and bake them in pies, after forcing them to bark like dogs and poop
themselves.

Now, is that worth life in prison?  Only in a police state.  In a real
democracy whose citizens are free, it's protected political speech.  Too
bad AmeriKKKa isn't one of those.

Fuck Bush.

This, by the way, in case you can't read through the inflammatory bullshit
in the wireservice story, was the case of some individuals who were deemed
to have engaged in a conspiracy to wage war against the US, because in
addition to being Islamic, and denouncing Bush's war, they played
paintball.

http://www.newsday.com/news/nationworld/nation/wire/sns-ap-terror-paintball-sentence,0,4274092.story

-

ALEXANDRIA, Va. -- A prominent U.S.-based Islamic scholar who exhorted his
followers after the Sept. 11 attacks to join the Taliban and fight U.S.
troops was sentenced Wednesday to life in prison.

Ali al-Timimi of Fairfax was convicted in April of soliciting others to
levy war against the United States, inducing others to aid the Taliban,
and inducing others to use firearms in violation of federal law.

The cleric addressed the court for 10 minutes before his sentencing. I
will not admit guilt nor seek the court's mercy. I do this simply because
I am innocent, al-Timimi said.

The cleric addressed the court for 10 minutes before his sentencing. I
will not admit guilt nor seek the court's mercy. I do this simply because
I am innocent, al-Timimi said.

Prosecutors said the defendant, a native U.S. citizen who has an
international following in some Muslim circles, wielded enormous influence
among a group of young Muslim men in northern Virginia who played
paintball games in 2000 and 2001. Authorities said they were a Virginia
jihad network training for holy war around the globe.

...

--
Eric Michael Cordian 0+
O:.T:.O:. Mathematical Munitions Division
Do What Thou Wilt Shall Be The Whole Of The Law

Reverse Palladium?

[Tyler Durden]

How secure can I make a Java sandbox from the rest of the network I'm on? 
Can I make it so that my network administrator can't see what I'm typing? In 
other words, a secure environment that's sitting on an insecure machine.


And of course, there's a short term 'solution' (which will work until they 
catch on) and then a long-term solution (which they can't very easily stop 
even when they know such a thing exists).


Oh, and it helps to remember that a network admin AIN'T an engineer: If 
Microsoft or someone hasn't built an app for it, then they can't do anything 
about it.


-TD

RE: Interesting article

[Tyler Durden]

That is interesting. One wonders if in certain circles of Russia people are 
much more careful with their data and encrypting it. Who knows? A country 
like that might evolve some fairly rigorous privacy procedures. Here in the 
US it's, Our data is safe because people will go to jail if they hack it 
and sell it.


-TD


From: Gabriel Rocha [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Interesting article
Date: Fri, 8 Jul 2005 12:22:27 -0400

Don't know how many of you saw this...

http://www.globetechnology.com/servlet/story/RTGAM.20050705.gtrussia05/BNStory/Technology/

In the stolen-data trade, Moscow is the Wild East

By GRAEME SMITH

Tuesday, July 5, 2005 Updated at 8:40 AM EDT

From Tuesday's Globe and Mail


MOSCOW b The most expensive wares in Moscow's software markets, the
items that some Russians are calling a threat to their personal safety,
aren't on public display.

It takes less than 15 minutes to find them, however, at the teeming
Gorbushka market, a jumble of kiosks selling DVDs, CD-ROMs and an array
of gadgetry in an old factory west of downtown.

One question -- Where can we buy databases of private information? --
and the young man selling rip-off copies of Hollywood movies leaps to
his feet. He leads the customers to another vendor, who wears a bull's
head on his belt buckle. This second man listens to the request, opens
his cellphone, and punches a speed-dial number.

Moments later, a third vendor appears. He is jovial and blunt about his
trade.

Advertisements


What do you need? he says. We have everything.

In Moscow these days, among people who deal in stolen information, the
category of everything is surprisingly broad.

This Gorbushka vendor offers a hard drive with cash transfer records
from Russia's central bank for $1,500 (Canadian).

The information was reportedly stolen by hackers earlier this year and
purchased by companies looking for details about their competitors.

Such information, the vendor admits, is fairly specialized. A more
popular item is tax records, including home addresses and declared
incomes. The vendor asks $215.

Russians routinely lie about their earnings to avoid taxes; nonetheless,
an increasing number of criminals are relying on pirated tax information
to help them choose wealthy targets.

When gunmen broke into the gated home of Mikhail Pogosyan, head of
Russian aerospace giant Sukhoi, in a brazen robbery last week, the
businessman immediately blamed the proliferation of his personal details
on the black market.

Before, robberies of such people happened very seldom, just by chance,
says a Sukhoi spokesman, Alexei Poveschenko. Criminals preferred not to
deal with VIPs, but now it's different. On every corner you can buy a
database with all kinds of information: income, telephones, cars,
residence registration.

The trade shows no signs of slowing. It's part of a broader problem for
Russia as the country lobbies for membership in the World Trade
Organization by next year, because the international body wants Russia
to crack down on its pirated movies, music and software.

Local authorities have swept through markets such as Gorbushka and
seized thousands of bootleg discs, but within hours the black markets
resume business.

At the Gorbushka kiosk, sales are so brisk that the vendor excuses
himself to help other customers while the foreigner considers his
options: $43 for a mobile phone company's list of subscribers? Or $100
for a database of vehicles registered in the Moscow region?

The vehicle database proves irresistible. It appears to contain names,
birthdays, passport numbers, addresses, telephone numbers, descriptions
of vehicles, and vehicle identification (VIN) numbers for every driver
in Moscow.

A check of The Globe and Mail's information shows that at least one part
of the database is accurate. It's impossible to confirm the millions of
other entries, although a few famous names stand out.

An entry under the name Mikhail Khodorkovsky, with the same patronymic
middle name and birthday as the oil tycoon, suggests that Russia's
formerly richest man enjoyed zooming around on a grey 1999 Yamaha TW 125
motorcycle, or a 2000 light-blue BMW F650, before he was thrown in jail.

Under the name Yuri Luzhkov, with details that seem identical to those
of Moscow's powerful mayor, the list of vehicles includes a black 1997
Harley Davidson motorcycle and a green Gaz 69, a military jeep built in
the 1960s.

The Gorbushka vendor seems pleased with his sale, but puzzled. As his
customers walk away, he says: So tell me: Are you an American spy?

He gets a question in reply: What? You'd sell your homeland so
cheaply?

The vendor laughs, and returns to his work.

Posion Pill for ED?

[Tyler Durden]

Hey...can some clever Cypherpunk think of a nice poison pill for ED? 
Theoretically, something like that is possible, but my only ideas aren't so 
hot. For instance, and elderly couple could sow some form of radioactive 
substance into their grounds, in quantities that would take longer than 
their life expectancy to kill them.


Of course, a cleanup might be possible, but that would theoretically wack 
out the cost structures.


There might be other less drastic measures that can be taken, however, such 
as finding a way to boost up the property costs so that the developers lose 
interest or perhaps even creating a very hard-to-find landlord that is 
collecting vast sums (on paper) for the rent of the property.


These are crummy ideas, so relax. But I suspect something is possible.

-TD

Re: Private Homes may be taken for public good

[Tyler Durden]

Well, James Dobson (right wing Christian evangelical) is targeting some of 
these same judges, so I don't think the Democrat  Republican division 
you're pointing to here is all that valid. In other words, some of those 
same judges are hated by the right.


-TD


From: James A. Donald [EMAIL PROTECTED]
To: [EMAIL PROTECTED], Bill Stewart [EMAIL PROTECTED]
Subject: Re: Private Homes may be taken for public good
Date: Tue, 28 Jun 2005 13:09:31 -0700

--
 Bush's favorite judges are radical activists when it
 comes to interference with most civil rights

For the most part, it was conservative judges, judes
hated by the democrats with insane extravagance, that
voted for against this decision.

Bush's favorite judge is probably Thomas, who voted
against this decision.


--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 OATUYUUD6X16QdQnFd2ZgGItmw0TrkkNoR5SYYAZ
 4HZTgkPgkgTwPSGrDGUeYo6QjGZU5psCanKPMN479

Live Free or Die

[Tyler Durden]

Ya' knew that had to happen!

Funny but, reading it, it seems like it would be fairly easy to convince the 
Town board of 5 people that this is a good idea, and from an economic 
standpoint it just might be!. In much of New Hampshire any revenue at all 
from something like this is going to benefit the local township: The barrier 
to entry is very low.


Funny to think that Souter has Live Free or Die on his license plates.

-TD





From: baudmax [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: Private Homes may be taken for public good
Date: Tue, 28 Jun 2005 21:23:19 -0400

The proposed taking through eminent domain, of S.C. Justice David Souter's 
home, for the more profitable use as a 'Lost Liberty Hotel' and 'Just 
Deserts Cafe'...


http://www.freestarmedia.com/hotellostliberty2.html




---
Secrecy is the cornerstone of all tyranny.  Not force, but secrecy... 
censorship.  When any government, or any church, for that matter, 
undertakes to say to its subjects, This you may not read, this you must 
not see, this you are forbidden to know, the end result is tyranny and 
oppression, no matter how holy the motives.  Mightily little force is 
needed to control a man who has been hoodwinked; Contrariwise, no amount of 
force can control a free man, a man whose mind is free.  No, not the rack, 
not fission bombs, not anything.  You cannot conquer a free man; The most 
you can do is kill him.


-Robert A. Heinlein, Revolt in 2100

---
Smash The State! mailing list home
http://groups.yahoo.com/group/smashthestate
---

Re: Private Homes may be taken for public good

[Tyler Durden]

What the hell are all of you smoking?  This court has *talked* about
restricting inappropriate use of the commerce clause, but when it comes to
*doing*, they're 100% behind 100% Federal expansion *through* the Commerce
clause.

Doesn't anyboy actually LOOK at whats going on anymore, or are we all
fixated on what these slimballs *say*?


Well, ya' gotta a point there. Actually, I WISH I were smoking something.

But saying is at some point important. At least, prior to this a number of 
individual landholders might have been able to work together (ie, amass 
legal funds) to prevent the bulldozement of their properties by The Donald 
or whoever else's mouth has been watering recently. Now it just comes down 
to who can buy more guns: the poor or rich guys  their hired hands (ie, 
local government).


Also, it will probably end up being a kind of turning point. Now, knowing 
what the SC has decided, there are lots of plans going to drawing boards 
that have nice big fat red X's over low-income dwellings...Don't worry 
about the new Brooklyn stadium, we'll just set off the ED roach bomb and 
clear 'em all out of there.


-TD

Private Homes may be taken for public good

[Tyler Durden]

Holy crap. Some shitty little township can now bulldoze your house because 
someone wants to convert the space into a Waffle House.


http://www.msnbc.msn.com/id/8331097/

Where's Tim May when you need him? Where's the RAGE?

How do you take out a bulldozer? (Remember, bulldozer operators can easily 
be replaced.)


-TD

Re: Private Homes may be taken for public good

[Tyler Durden]

Yeah, but this steps crosses a line, I think. Before, your home could be 
taken for a public project. Now, the supreme court has ruled that your home 
can be taken for a public project that consists entirely of private 
development, in the name of the public good, which is supposed to equal 
higher tax revenues.


What this equates to is, whoever had more money than you can take away your 
home. Previously, it was just the occasional men-with-guns that could do 
this, but now they effectively have proxies everywhere.


-TD


From: A.Melon [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: Private Homes may be taken for public good
Date: Thu, 23 Jun 2005 10:36:27 -0700 (PDT)

 How do you take out a bulldozer? (Remember, bulldozer operators can
 easily be replaced.)
thermite through the engine block, frag bomb in the engine compartment,
torch any remaining hoses, slice the tires, puncture the brake lines.
you don't need someone to tell you this. takings clause abuse has been
going on for a long time.

RE: [jrandom@i2p.net: [i2p] weekly status notes [jun 21]]

[Tyler Durden]

Any idea how much it would cost? How much time is involved? (My constraint 
is the latter and not so much the former.)


-TD


From: Eugen Leitl [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [EMAIL PROTECTED]: [i2p] weekly status notes [jun 21]]
Date: Tue, 21 Jun 2005 23:28:21 +0200

Speaking of which, are *you* running a Tor node? You should.

- Forwarded message from jrandom [EMAIL PROTECTED] -

From: jrandom [EMAIL PROTECTED]
Date: Tue, 21 Jun 2005 09:22:28 -0700
To: [EMAIL PROTECTED]
Subject: [i2p] weekly status notes [jun 21]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi y'all, time to start back up our weekly status notes

* Index
1) Dev[eloper] status
2) Dev[elopment] status
3) Unit test bounty
4) Service outage
5) ???

* 1) Dev[eloper] status

After 4 cities in 4 countries, I'm finally getting settled and
churning through code again.  Last week I got the last of the
pieces to a laptop together, I'm no longer couch hopping, and
while I don't have net access at home, there are plenty of net
cafes around, so access is reliable (just infrequent and
expensive).

That last point means that I won't be hanging out on irc as much
as before, at least until the fall (I've got a sublet through
August or so and will be looking for a place where I can get 24/7 net
access).  That doesn't, however, mean that I won't be doing as
much - I'll just be working largely on my own test network, pushing
out builds for live net testing (and, er, oh yeah, releases).  It
does mean though that we may want to move some discussions that used
to go on free form in #i2p onto the list [1] and/or the forum [2] (I
do still read the #i2p backlog though).  I haven't found a
reasonable place where I can go to for our development meetings yet,
so I won't be there this week, but perhaps by next week I'll have
found one.

Anyway, enough about me.

[1] http://dev.i2p.net/pipermail/i2p/
[2] http://forum.i2p.net/

* 2) Dev[elopment] status

While I've been moving, there have been two main fronts that I've
been working on - documentation and the SSU transport (the later
only since I got the laptop).  The docs are still in progress, with
a big ol' scary overview one as well as a series of smaller
implementation docs (covering things like source layout, component
interaction, etc).

SSU progress is going well - the new ACK bitfields are in place, the
communication is dealing with (simulated) loss effectively, rates
are appropriate for the various conditions, and I've cleared some of
the uglier bugs I had run into previously.  I am continuing to test
these changes though, and once its appropriate we'll plot out a
series of live net tests for which we'll need some volunteers to
help out with.  More news on that front when its available.

* 3) Unit test bounty

I'm glad to announce that Comwiz has come forward with a series of
patches to claim the first phase of the unit test bounty [3]!  We are
still working through some minor details of the patches, but I've
received the updates and generated both the junit and clover reports
as necessary.  I expect we'll have the patches in CVS shortly, at
which point we'll put out Comwiz's testing docs.

As clover is a commercial product (free for OSS developers [4]),
only those who have installed clover and received their clover
license will be able to generate the clover reports.  In any case,
we'll be publishing the clover reports on the web periodically, so
those who don't have clover installed can still see how well our
test suite is doing.

[3] http://www.i2p.net/bounties_unittest
[4] http://www.cenqua.com/clover/

* 4) Service outage

As many have probably noticed, (at least) one of the outproxies is
offline (squid.i2p), as is www.i2p, dev.i2p, cvs.i2p, and my blog.
These are not unrelated events - the machine hosting them is hosed.
I'm working on getting it back up though, at which point those five
services will be back in operation.  Just an FYI.

* 5) ???

As there isn't a dev meeting on irc this week, if anyone else has
anything to bring up, please feel free to post up to the list or the
forum.  I've been following the discussions on the list, the forum,
and in #i2p while I've been away, and have been glad to be able to
sit back and let other people answer most of the questions.

I do appreciate the patience people have had with the slow down in
releases as well, and realize that in some projects that would be
cause for alarm.  I2P is not, however, one of those projects - I've
been working on it fulltime for more than two years now and will not
stop until the needs that have been driving it are met.  I am not
wed to particular technologies for technologies sake, but merely
follow what seems to be the best path from here to where we need to
be, and as far as I can tell, we are still following the best path
available.  This summer, fall, and winter look to be a very exciting
time in the anonymity field.

=jr
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)

RE: [dave@farber.net: [IP] Cell Phones Now Playing Role of Wallet]

[Tyler Durden]

Sounds great. Citigroup couldn't be bothered to encrypt millions of their 
customer's detailed data prior to shipping them out via UPS, so I'm SURE 
they won't screw this up.


-TD


From: Eugen Leitl [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [EMAIL PROTECTED]: [IP] Cell Phones Now Playing Role of Wallet]
Date: Sat, 18 Jun 2005 23:26:21 +0200

- Forwarded message from David Farber [EMAIL PROTECTED] -

From: David Farber [EMAIL PROTECTED]
Date: Sat, 18 Jun 2005 03:42:30 -0400
To: Ip ip ip@v2.listbox.com
Subject: [IP] Cell Phones Now Playing Role of Wallet
X-Mailer: Apple Mail (2.730)
Reply-To: [EMAIL PROTECTED]



Begin forwarded message:

From: Monty Solomon [EMAIL PROTECTED]
Date: June 18, 2005 12:11:34 AM EDT
To: undisclosed-recipient:;
Subject: Cell Phones Now Playing Role of Wallet



  Cell Phones Now Playing Role of Wallet
  - Jun 17, 2005 11:10 PM (AP Online)

By BRUCE MEYERSON AP Business Writer


NEW YORK (AP) -- Already a device of multiple disguises, from camera
to music player and mini-TV, the cell phone's next trick may be the
disappearing wallet.


After all, since more than a quarter of the people on the planet
already carry around cell phones, and hundreds of millions are
joining them every year, why should they bring along credit and debit
cards when a mobile device can make payments just as well?


At the simplest level, all that's needed is to embed phones with a
short-range radio chip to beam credit card information to a terminal
at a store register. It's not unlike the wireless system used to pay
tolls on many highways or the SpeedPass keychain wand used to buy gas
at Exxon Mobile Corp. pumps.


This is already a reality in Japan, where NTT DoCoMo Inc. says 3
million cell phone subscribers use its Mobile Wallet service to buy
things at 20,000 stores and vending machines.


Similar services may be on the way in the United States and Europe.
MasterCard International Inc. has been testing phone-based versions
of its PayPass contactless payment technology since 2003, and may
conduct a significant market trial next year.


But there also are more ambitious visions brewing that contemplate
the cell phone as a new focal point for managing your personal
finances. The phone would supplant not only credit and debit cards,
but wallets, checkbooks, Web sites, computer programs like Quicken,
and online bill payment services such as PayPal or CheckFree.


While the mightiest players in Western banking have yet to embrace
that notion, and some are dubious of the appeal, the concept has
drawn interest in other regions and may get a tryout here soon.

...

  - http://finance.lycos.com/home/news/story.asp?story=49940191




-
You are subscribed as [EMAIL PROTECTED]
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

- End forwarded message -
--
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which 
had a name of signature.asc]

Re: /. [Intel Adds DRM to New Chips]

[Tyler Durden]

Eugen Leitl wrote...


Online activation of software is already quite widespread, so it seems
customers are willing to accept restriction to ownership and use.


Well, that's an interesting phenomenon. In industrialized nations where the 
price of software is fairly low compared to the wages, people seem somewhat 
willing to pay. At least, we don't see ticket sales for big movies going 
down at all. So it could be that people will eventually voluntarily release 
control, as long as the consequences (ie, prices) aren't too high. On the 
other hand, the whole P2P phenomenon is not happening simply because people 
don't want to pay. Stupid industry execs will probably continue churning out 
the same stupid shit they always did and P2Pers will find some way around 
their protection if needs be.

RE: /. [Intel Adds DRM to New Chips]

[Tyler Durden]

Eugen Leitl wrote...


   from the get-you-where-you-live dept.
   Badluck writes Microsoft and the entertainment industry's holy grail
   of controlling copyright through the motherboard has moved a step
   closer with Intel Corp. now embedding [1]digital rights management
   within in its latest dual-core processor Pentium D and accompanying
   945 chipset. Officially launched worldwide on the May 26, the new
   offerings come [2]DRM -enabled and will, at least in theory, allow
   copyright holders to prevent unauthorized copying and distribution of
   copyrighted materials from the motherboard rather than through the
   operating system as is currently the case... [3]The Inquirer has the
   story as well.


(Continued)
Contrary to expectations, however, sales of the chip have been suprisingly 
low, with zero interest shown by major PC manufacturers. One major PC 
industry executive, who wished to remain anonymous sated: There are 100s of 
millions of people trading files every day throughout the globe. I'm going 
to start using this chip and give up that market because...?


OK, Gov officials will eventually start trying to introduce laws mandating 
such technologies be used, but by then it's going to come down to a battle 
of lobbies: The Entertainment industry vs Telecom+PCs++Software. Which can 
pump dollars into Senatorial hands faster?


-TD

e-gold exchange

[Tyler Durden]

OK...what;s the best exchange service for transferring dollars (perhaps via 
paypal or credit cards) into egold?


-TD

RE: /. [CIA's Info Ops Team Hosts 3-Day Cyber Wargame]

[Tyler Durden]

Other versions of the press release are fairly amusing, and can be 
paraphrased as follows:


Imagining a world where most nations are allied against the United States, 
the CIA is currently...



-TD





From: Eugen Leitl [EMAIL PROTECTED]
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: /. [CIA's Info Ops Team Hosts 3-Day Cyber Wargame]
Date: Thu, 26 May 2005 13:18:28 +0200

Link: http://slashdot.org/article.pl?sid=05/05/26/044209
Posted by: samzenpus, on 2005-05-26 06:03:00

   from the do-you-want-to-play-a-game dept.
   ScentCone writes The CIA has booked some conference rooms and is
   [1]working through a simulated 'digital Pearl Harbor' to see how
   government and industry handle a monster net attack from an imaginary
   future foe composed of anti-American and anti-globalization hackers.
   Having been accused of lacking imagination about potential terror
   attacks, they're using the exercise to better shape the government's
   roles in a variety of attack scenarios. The networking industry, it
   seems, is expected to always play a big part in detecting and
   thwarting such threats, as 9/11-scale economic disruption is a likely
   bad-guy objective.

References

   1. http://apnews.myway.com/article/20050525/D8AAFUIO2.html

- End forwarded message -
--
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which 
had a name of signature.asc]

Anonymous Site Registration

[Tyler Durden]

OK, what's the best way to put up a website anonymously?

Let's assume that it has nothing to do with national security...the Feds 
aren't interested.


BUT, let's assume that the existence and/or content of the website would 
probably direct a decent amount of law-suits.


Presumably there's no way to hide the ISP from the world, but one should 
hopefully be able to hide oneself and make legal action basically useless.


Egold + fake address for registering agency seems a little problematic.

And there's the question of updating the site...

-TD

RE: [Dissidents Seeking Anonymous Web Solutions?]

[Tyler Durden]

Variola wrote...


Three minutes. This is it - ground zero.
Would you like to say a few words to mark
the occasion?
Narrator: ...i... ann... iinn... ff...
nnyin...
Narrator: [Voice over] With a gun barrel
between your
teeth, you speak only in vowels.
[Tyler removes the gun from the Narrator's
mouth]
Narrator: I can't think of anything.
Narrator: [Voice over] For a second I
totally forgot about
Tyler's whole controlled demolition thing
and I wonder
how clean that gun is.


What the hell is this? How'd you get this transcript? Are you working for 
the Feds?!!!


Well, I'm ready...Gitmo me if you can, but I'm taking somma you fuckers with 
me!!!

Re: Lions and tigers and iraqi minutemen

[Tyler Durden]

Wow! 16 Saudis! A veritable tidal wave.

-TD




From: James A. Donald [EMAIL PROTECTED]
To: [EMAIL PROTECTED] [EMAIL PROTECTED]
Subject: Re: Lions and tigers and iraqi minutemen
Date: Wed, 25 May 2005 09:03:17 -0700

--
James A. Donald:
  While it doubtless would have been better to behead
  the Saudi monarchy rather than the Iraqi
  dictatorship, nonetheless American troops seem to be
  finding an ample supply of Saudis in Iraq.

Major Variola (ret)
 In what imaginary universe?

In the universe where Saudi arabia is concerned about
the number of Saudis held in Iraq.
http://www.gulf-news.com/Articles/Region2.asp?ArticleID=127086

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 lHwkZ3mj6O+XGR8qR2CrktYKElaLqBN+o8xE7dZJ
 4sW5xvskkwfx3HMCFhjQD3j0EuXuLI9X9TOx2bUH7

RE: Len Adleman (of R,S, and A): Universities need a little Limbaugh

[Tyler Durden]

Now that was an enjoyable and even marginally relevant piece of RAHspam.

From: R.A. Hettinga [EMAIL PROTECTED]
To: cryptography@metzdowd.com, [EMAIL PROTECTED]
Subject: Len Adleman (of R,S, and A): Universities need a little  Limbaugh
Date: Tue, 17 May 2005 14:39:56 -0400
A little  humor this morning...
He's right, but it's still funny.
Expect Dr. Adleman to be asked to turn in his Liberal Secret Decoder Ring
forthwith...
Cheers,
RAH
---
http://www.dailynews.com/cda/article/print/0,1674,200%257E20951%257E2872499,00.html

Los Angeles Daily News
Universities need a little Limbaugh
By Leonard M. Adleman
Saturday, May 14, 2005 - Pomp and circumstance. Black-robed students
receiving diplomas as proud parents look on. Distinguished members of
society receiving honorary degrees and offering sage advice to ''America's
future.''
 It is commencement time again at the nation's universities.
 This year I nominated Rush Limbaugh for an honorary doctorate at the
University of Southern California, where I am a professor. Why Limbaugh _ a
man with whom I disagree at least as much as I agree? Here are some of the
reasons I gave in my letter of nomination:
 ''Rush Limbaugh has engendered epochal changes in politics and the media.
He has accomplished this in the noblest of ways, through speech and the
power of his ideas. Mr. Limbaugh began his career as a radio talk-show host
in Sacramento in 1984. He espoused ideas that were conservative and in
clear opposition to the dominant ideas of the time. Perhaps because of the
persuasiveness of Mr. Limbaugh's ideas or because they resonated with the
unspoken beliefs of a number of Americans, his audience grew. Today, he has
the largest audience of any talk show host (said to be in excess of 20
million people per week) and his ideas reverberate throughout our society.
 ''Mr. Limbaugh is a three-time recipient of the National Association of
Broadcasters' Marconi Radio Award for Syndicated Radio Personality of the
Year. In 1993, he was inducted into the National Association of
Broadcasters' Broadcasting Hall of Fame.
 ''In 1994, an American electorate, transformed by ideas that Mr. Limbaugh
championed, gave control of Congress to the Republicans for the first time
in 40 years. That year, Republican congressmen held a ceremony for Mr.
Limbaugh and declared him an 'honorary member of Congress.' The recent
re-election of President Bush suggests that this transformation continues.
One of Mr. Limbaugh's major themes through the years has been liberal bias
in the 'mainstream' media. His focus on this theme has made him the target
of incessant condemnation. Nonetheless, he has persevered and it now
appears that his view is prevailing. As the recent debacle at CBS shows,
the media is in the process of major change. Ideally, the American people
will profit from a reconstituted media that will act more perfectly as a
marketplace for ideas.''
 But there is a bigger reason why I support giving him an honorary degree:
Because I value intellectual diversity.
 Regrettably, the university declined to offer Limbaugh a degree. As best 
I
can determine, no university has honored him in this way. On the other
hand, such presumably liberal media luminaries as Dan Rather, Chris
Matthews, Judy Woodruff, Bill Moyers, Terry Gross, Paul Krugman and Peter
Arnett have received many honorary degrees from the nation's universities.

 Now before you label me as a right-wing ideologue, let me present my
credentials as a centrist. Limbaugh has well-known positions on the
following issues: abortion, capital punishment, affirmative action, prayer
in school, gun control, the Iraq war. I disagree with him on half of these.
 But intellectual diversity has all but vanished from America's campuses.
We are failing in our duty to provide our students with a broad spectrum of
ideas from which to choose. Honoring Limbaugh, or someone like him, would
help to make the academy more intellectually diverse.
 The great liberal ideas that swept through our universities when I was a
student at Berkeley in the 1960s have long ago been digested and largely
embraced in academia. Liberalism has triumphed. But a troubling legacy of
that triumph is a nation whose professorate is almost entirely liberal.
 In the 29 years I have been a professor, I do not recall encountering a
single colleague who expressed conservative ideas. The left-wing
accusations of Ward Churchill (Honorary Doctor of Humane Letters, Alfred
University, 1992) are not the problem _ the problem is the scarcity of
professors who are inclined to rebut them. It is time for the nation's
universities to address this disturbing situation.
 So I hereby extend my nomination of Limbaugh to all universities. It 
would
be a refreshing demonstration of renewed commitment to intellectual
diversity if next spring we hear Dr. Limbaugh's words as our graduates ''go
forth.''

Professor Leonard M. Adleman is the Henry Salvatori Professor of Computer
Science at the University of Southern 

RE: Terrorist-controlled cessna nearly attacks washington

[Tyler Durden]

Relax, dude. It was a joke.
The point was that in the US there's hardly anyone (TLAs included) that 
would not have snickered at the original joke, given the brood that was 
holed up in Union Station.

-TD


From: Anonymous [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: RE: Terrorist-controlled cessna nearly attacks washington
Date: 12 May 2005 20:13:14 -
You wrote:
 new terrorist target: Union Station


 You used a remailer for THAT?!!
So what if he did?
There's no requirement that people say insignificant stuff under their real
name or real alias.

RE: Terrorist-controlled cessna nearly attacks washington

[Tyler Durden]

new terrorist target: Union Station

You used a remailer for THAT?!!
-TD

Re: [rationalchatter] Interesting Trial - IRS trial - July 11th (fwd)

[Tyler Durden]

Yeah...it's pretty fuckin' pointless. Tantamount to proving a guy pointing a 
gun at you is actually pointing a gun at you, TO the guy pointing the gun at 
you.

-TD
From: Gil Hamilton [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [rationalchatter] Interesting Trial - IRS trial - July 11th   
(fwd)
Date: Tue, 10 May 2005 12:40:17 +

-- Forwarded message --
Date: Mon, 9 May 2005 17:45:35 -0700 (PDT)
From: marc guttman [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: [rationalchatter] Interesting Trial - IRS trial - July 11th
This is an interesting trial.  Men with guns.
Tessa and Larken Rose may be sent to jail.
Watch 3 min. - video - http://www.861.info/tessa.html
Trial starts July 11th.  There is a petition to encourage that it be 
videotaped.
While anyone can empathize with their desire not to pay taxes and
many of us can even disagree with the moral justification for taxes,
these people are idiots.  Their entire case boils down to quibbles
over arguably poorly worded regulations.  And even if you take their
argument at face value, if you go read the sections of the Code of
Federal Regulations they cite, they're just plain wrong: they're willfully
misreading the plain language of the regulations.  (Okay, plain
language is probably not the right phrase to apply to any part of
the CFR, but...)
They're definitely going down; probably to jail, but at the least they'll
be subject to massive fines, property seizures, etc.
Nothing to see here, folks; move along.
GH
_
Express yourself instantly with MSN Messenger! Download today - it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

Re: [Politech] Passport RFID tracking: a between-the-lines read [priv] (fwd from declan@well.com)

[Tyler Durden]

I dunno...I don't see a ton of Leitl stuff on the al-qaeda node. That which 
does come through seems fairly relevant. I'm thinking Choate and RAH are 
tsk-ing his failed attempt at pure stream-of-consciousness posting.

-TD
From: Eugen Leitl [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [Politech] Passport RFID tracking: a between-the-lines read  
[priv] (fwd from declan@well.com)
Date: Tue, 10 May 2005 00:01:33 +0200

On Mon, May 09, 2005 at 12:13:18PM -0700, cypherpunk wrote:
 And of course there is Eugen* Leitl, who mindlessly forwards far and
 wide everything that enters his mailbox. I don't know whether we
Consider me bitten by Choate. It's totally incurable.
 should be annoyed or relieved that he fails to exercise the slightest
 editorial effort by adding his own thoughts, if he has any, to the
 material he passes around.
I don't need the list. Goddamn heise has more cypherpunk content than the
list. Tim May's tired trolls have more cypherpunk content than the list.
I'm trying to keep it going by keeping a steady trickle of relevant info 
but
I'm honestly wondering if it's worth the effort.

If you think I'm going to add editing effort, thus cutting some 10 minutes 
out
of
my already busy day you're out of your fucking mind.

If you want high quality content, post it yourself.
--
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07078, 11.61144http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net
[demime 1.01d removed an attachment of type application/pgp-signature which 
had a name of signature.asc]

RE: [rationalchatter] Interesting Trial - IRS trial - July 11th (fwd)

[Tyler Durden]

Man, that chic's a little dizzy. Good sweater meat, though.
-TD

From: J.A. Terranson [EMAIL PROTECTED]
To: [EMAIL PROTECTED] [EMAIL PROTECTED]
Subject: [rationalchatter] Interesting Trial - IRS trial - July 11th  (fwd)
Date: Mon, 9 May 2005 19:46:34 -0500 (CDT)
-- Forwarded message --
Date: Mon, 9 May 2005 17:45:35 -0700 (PDT)
From: marc guttman [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: [rationalchatter] Interesting Trial - IRS trial - July 11th
This is an interesting trial.  Men with guns.
Tessa and Larken Rose may be sent to jail.
Watch 3 min. - video - http://www.861.info/tessa.html
Trial starts July 11th.  There is a petition to encourage that it be 
videotaped.


-
Yahoo! Mail
 Stay connected, organized, and protected. Take the tour

Re: Pi: Less Random Than We Thought

[Tyler Durden]

Yes, but only provided the universe lasts long enough for those digits to be 
computed!
-TD

From: John Kelsey [EMAIL PROTECTED]
To: Sarad AV [EMAIL PROTECTED], [EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
Subject: Re: Pi: Less Random Than We Thought
Date: Fri, 6 May 2005 09:42:09 -0400 (GMT-04:00)
From: Sarad AV [EMAIL PROTECTED]
Sent: May 5, 2005 8:43 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: Pi: Less Random Than We Thought
Well, if it were generated by a random process, we'd expect to see every
n-bit substring in there somewhere, sooner or later, since the sequence
never ends or repeats.  Thus, the wonderful joke/idea about selling
advertising space in the binary expansion of pi.  Not only will your 
message
last forever, but it will be seen by any advanced civilization that 
develops math
and computers, even ones in other galaxies.

--John

Re: Pi: Less Random Than We Thought

[Tyler Durden]

Cypherpunk:
While I respect your forthrightness you are unfortunately wrong. Read the 
chapters on Randon Mumber generation from Numerical Recipes in C and you 
get just a small glimpse of how sticky the issue is, particularly when it 
comes to computers (which are innately non-random, by the way).

As a very simple example, imagine that after 10 billion digits we found that 
the average value was actually 5.1. This would make it, in your 
book, not random at all, but I suspect that for almost many uses it would be 
random enough.

And then, imagine that the cumulative average of the digits of pi oscillated 
around 5 (to one part in a zillion) with a period of 100 Billion...is this 
random enough for you?

Let us remember, of course, that the digits of pi are not random 
whatsoever: they are the digits of pi! Random is in the eye of the 
beholder.

I was hoping Cordian would grumpily reply...he's a number theorist or 
something.

-TD


From: Sarad AV [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
Subject: Re: Pi: Less Random Than We Thought
Date: Thu, 5 May 2005 05:43:35 -0700 (PDT)
hi,
If you remember D.E Knuth's book on Semi-Numerical
Algorithms he shows some annoying subsequences of pi
in it which are far from random.
Sarad.
--- cypherpunk [EMAIL PROTECTED] wrote:
 This doesn't really make sense. Either the digits
 are random or they
 are not. You can't be a little bit random. Well, you
 can be, but the
 point is that you either pass the test or you don't.

 If pi's digits fail a test of randomness in a
 statistically
 significant way, that is big news. If they pass it,
 then there is no
 meaningful way to compare them with another RNG that
 also passes. It's
 just a statistical quirk due to random variation as
 to which will do
 better than another on any given test.

 The bottom line is still that either an RNG passes
 the tests
 acceptably or it does not. From what they say (or
 don't say), pi does
 pass. It doesn't make sense to say that other RNGs
 do better.

 CP



Yahoo! Mail
Stay connected, organized, and protected. Take the tour:
http://tour.mail.yahoo.com/mailtour.html

RE: [Politech] Customs-proofing your laptop: Staying safe at border searches [priv] (fwd from declan@well.com)

[Tyler Durden]

I checked out those links...hilarious! Check this out (remember, this gal is 
running for Senator of Alabama!):

On the way to the hotel my cab driver, having heard the conversation
with the Border Guard, expressed an interest in learning more about my
work. So I filled him in as much as I could in the few minutes we had
left. When we arrived at the hotel I had expected to meet my ride who
had the cab fare, pay the cabbie and embark on my weekend adventure.
She hadn't even brought cab fare, and was expecting another pot head to show 
up with it!!!

However, my ride got a little lost and hadn’t made it to our designated
meeting point yet. I called the cell number I was given but got voicemail.
I didn’t have my credit card on me so I couldn’t pay the cabbie.
He decides that he will wait with me for a little bit and we continue
our conversation about pot and drug policy.
She went to a foriegn country without cab fare or a credit card! And now the 
guy with the money (another pot-smoker) is late, and she's suprised!!!

I'm starting to wonder if this is a hoax.
It IS funny, though.
-TD



From: Eugen Leitl [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [Politech] Customs-proofing your laptop: Staying safe at border  
searches [priv] (fwd from declan@well.com)
Date: Wed, 4 May 2005 10:58:22 +0200

- Forwarded message from Declan McCullagh declan@well.com -
From: Declan McCullagh declan@well.com
Date: Tue, 03 May 2005 22:42:03 -0700
To: politech@politechbot.com
Subject: [Politech] Customs-proofing your laptop: Staying safe at border
searches [priv]
User-Agent: Mozilla Thunderbird 1.0 (Macintosh/20041206)
Detecting whether the Feds or any government adversary has placed
spyware on your computer when examining it at a border checkpoint is
not entirely trivial. It is, however, important for your privacy and
peace of mind -- especially because computer and PDA searches will
likely become more popular in time.
Here are some basic suggestions:
http://www.politechbot.com/2005/04/21/update-on-alabama/
A more advanced one would be to perform a checksum of all the files on
the hard drive before-and-after through something like this:
% for i in `find / -print`; do md5 $i  /tmp/new; done ; diff /tmp/new
/tmp/old
The problem is that even your diff utility could be modified so you'd
need to use a known-good copy from archival media.
Can anyone recommend a checksum'ing utility for Windows and OS X? It
would be nicer than a command-line interface.
Note, by the way, that Rep. Bono's anti-spyware bill exempts police:
http://thomas.loc.gov/cgi-bin/bdquery/z?d109:h.r.00029:
-Declan
---
Declan,
In response to the Alabama activist who was hassled at the border returning
from Canada, here is some insight.  However, I ask that you PLEASE WITHHOLD
MY NAME; I know some people who do computer forensics for FBI and I would
not want them to know it was me writing this  Thanks.
Feel free to use any of the below in the blog or in the listserv.
+ + + + + + + + + + + + + + + + + + + + + + + +
Loretta's experience w/ US Customs is chilling.  The fifteen minutes her
notebook computer was out of view and in government custody is plenty of
time for an agent to image the drive.  Imaging, as you know, is the
end-to-end bit-level copying of the drive.  When properly done, imaging
bypasses all OS controls, such as file permissions in Linux, BSD, and OS/X,
and user ownership in Windows.
A drive image affords an analyst plenty of time to examine the drive
contents without the owner's awareness.  The image can be mounted onto a
device where other programs can reconstruct or reinterpret file systems
structures of NTFS, ext, FAT, and so on.  An analyst mounting an image as
root or Administrator can see anything.
Do not assume a BIOS password will protect you.  The drive can be
physically removed from a laptop in under a minute.
If the file data is encrypted, a forensic analyst will need to use a
password cracker to decode the data.  This will slow them down, and in all
but the most pressing cases, will prompt them to move on.  However, a
careless individual may leave their PGP (or similar) key on their drive in
a text file or in slack or deleted space, giving the agent something to
work with.
Though encryption is a pain for the user to deal with, this is probably the
best level of protection.  Encryption raises your reasonable level of
expectation of privacy.
Legal issues raised by this incident potentially include illegal search and
seizure.  Even US Customs still needs a search warrant for your computer,
and the warrant must state specifically what they are looking for.  They
cannot fish.
If an image was taken of Loretta Nall's drive, there will be a chain of
custody document for this supposed evidence.  Her lawyer can advise as to
how to file a motion for it.  There might also be an incident report, which
would describe the actions of the agents.
None of the information stolen from Loretta's drive can be used directly in
a court 

RE: Stash Burn?

[Tyler Durden]

Hum. Well, maybe. I guess a dual use argument wouldn't fly.
Wait...that furnace should be able to reheat burgers also.
-TD

From: R.W. (Bob) Erickson [EMAIL PROTECTED]
To: 'Tyler Durden' [EMAIL PROTECTED],[EMAIL PROTECTED]
Subject: RE: Stash Burn?
Date: Mon, 2 May 2005 12:34:15 -0400
Congratulations, you just turned your vehicle into drug paraphenalia
What? You claim it is Not for drugs? Tell this to the judge.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Tyler Durden
Sent: May 2, 2005 10:14 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Stash Burn?
yes, this reminded me of another brilliant idea.
Why don't some cars have a little tiny furnace for stash destruction?
If you've got an on-board stash and some Alabama hillbilly with a badge
pulls you over, you just hit the button and have you're little stashed
incinerated. Who cares if the badge knows you USED TO have something on
board? Too late now if any trace of evidence is gone.
What's wrong with this idea?
-TD
From: Eugen Leitl [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Secure erasing Info (fwd from [EMAIL PROTECTED])
Date: Sat, 30 Apr 2005 19:49:56 +0200

- Forwarded message from Richard Glaser [EMAIL PROTECTED] -

From: Richard Glaser [EMAIL PROTECTED]
Date: Wed, 27 Apr 2005 12:17:43 -0600
To: [EMAIL PROTECTED]
Subject: Secure erasing Info
Reply-To: Mac OS X enterprise deployment project
[EMAIL PROTECTED]

FYI:

Rendering Drives Completely Unreadable Can be Difficult
---

The National Association for Information Destruction has said it cannot
endorse the use of wiping applications alone for ensuring that data have
been effectively removed from hard drives.  NAID executive director Bob
Johnson said the only way to ensure that the data will be unreadable is
to physically destroy the drives, and even that has to be done in
certain ways to ensure its efficacy.  Most major PC makers offer a drive
destruction service for $20 or $30.  Some hardware engineers say they
understand why the drives have been created in a way that makes it hard
to completely erase the data: customers demanded it because they were
afraid of losing information they had stored on their drives.
http://news.com.com/2102-1029_3-5676995.html?tag=st.util.print
[Editor's Note (Pescatore): Cool, I want a National Association for
Information Destruction tee shirt. How hard could it be to have an
interlock feature - you can really, really clear the drive if you open
the case, hold this button down while you delete?

(Ranum): Peter Guttman, from New Zealand, did a terrific talk in 1997
at USENIX in which he showed electromicrographs of hard disk surfaces
that had been wiped - you could still clearly see the 1s and 0s where
the heads failed to line up perfectly on the track during the
write/erase sequence. He also pointed out that you can tell more
recently written data from less recently written data by the field
strength in the area, which would actually make it much easier to tell
what had been wiped versus what was persistent long-term store. The
paper, minus the cool photos may be found at:
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
Hard disks, I've found, make satisfying small arms targets.]

Here is Mac OS X software called SPX that uses the Guttman method
of securely deleting data off a hard disk. If you want to donate old
HD's this might be the best method for protecting your data that was
on the HD other than physically destroying the HD's.

http://rixstep.com/4/0/spx/
--

Thanks:

Richard Glaser
University of Utah - Student Computing Labs
[EMAIL PROTECTED]
801-585-8016

_
Subscription Options and Archives
http://listserv.cuny.edu/archives/macenterprise.html

- End forwarded message -
--
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07078, 11.61144http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature 
which

had a name of signature.asc]

RE: zombied ypherpunks (Re: Email Certification?)

[Tyler Durden]

Eh...for email you may have a point, but I'm not 100% convinced. In other 
words, say they want to monitor your email account. Do you really believe 
they are going to tap all major nodes and then filter all the traffic just 
to get your email? This is that whole, The TLAs are infinitely powerful so 
you might as well do nothing philosophy. And even though I might be willing 
to concede that they get all that traffic, one hand doesn't always talk to 
the other. there may be smaller branches on fishing trips accessing your 
email if they want. if one were able to monitor the email account for 
access, you'll at least force your TLA phisher into going through proper 
internal channels. He might actually get a no, depending on the cost vs 
risk.

Look...they aren't some super-Orwellian hyperorganized hive-mind. They're 
a big, fat bureaucracy full of big, fat bureaucrats. That's why they don't 
get real jobs!

Look...a little tiny yap yap dog can often scare off a bigger dog or animal 
by making it clear that any interaction's going to suck. This isn't because 
the big dog couldn't ultimately kill the little dog, but because the big dog 
will realize it's just not worth it.

-TD
From: Morlock Elloi [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: zombied ypherpunks (Re: Email Certification?)
Date: Thu, 28 Apr 2005 12:17:53 -0700 (PDT)
 I'm still having trouble understanding your threat model.
Just assume braindeath and it becomes obvious.
No tla with any dignity left would bother e-mail providers or try to get 
your
password. All it need to do is fill gforms and get access to tapped traffic 
at
major nodes (say, 20 in US is sufficient?). Think packet reassembly - 
filter
down - store everything forever - google on demand.

Concerned about e-mail privacy? There is this obscure software called 
'PGP',
check it out. Too complicated? That's the good thing about evolution, not
everyone makes it.


end
(of original message)
Y-a*h*o-o (yes, they scan for this) spam follows:
__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

Re: Email Certification?

[Tyler Durden]

No, the threat model was outlined in a previous post. Consider some agency 
that has lots of resources and technologies, but also doesn't particularly 
want local authorities or (for instance) hotmail to know what they are 
doing. In general, this is going to make their operation much less 
intrusive, lower cost (ie, due to not having to physically send people) as 
well as avoiding a lot of legal hassles due to paper trails.

So I guess what I'm looking for is  way to be quite certain that someone 
(aside from Hotmail admin) is opening, reading, and closing my email 
'unobtrusively'.

Of course, once such an effort is detected, said agency may decide to follow 
a more intrusive investigative path, but this has practical consequences.

My home alarm system is probably a better example. If NSA, for instance, is 
going to bother entering your house and setting up whatever, I'd bet they'd 
LOVE to not bother with the local security/alarm company, because then 
there's a paper trail, people who might be a friend of the surveilled, and 
other 'local' issues. They're definitely going to use their fancy gadgets, 
etc..., to bypass the alarm system while making the alarm company 
everything's going just fine, or perhaps a battery has expired. In this case 
there'd be nothing to subpeona.

Therefore, if you suspect you're being surveilled, even if you can't secure 
anything you want might want to secure, you can at least force them to 
commit legally actionable acts, or else force them to give up their 
'phishing' expeditions.

-TD
From: Bill Stewart [EMAIL PROTECTED]
To: Tyler Durden [EMAIL PROTECTED]
CC: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: Email Certification?
Date: Wed, 27 Apr 2005 16:04:54 -0700
I'm still having trouble understanding your threat model.
If you're talking about somebody who can get Hotmail's cooperation,  e.g. 
cops or sysadmins,
there's no way you can prevent them from doing anything they want to your 
incoming mail.
If you're worried about crackers guessing your password,
then some web-based email systems automatically mark mail as read,
some don't, some let you mark it, some let you remark it as unread.
(I haven't ever used hotmail, and my cat stopped using it when the
Child Online Protection Act required Hotmail to cancel accounts
for anybody under 13 years old who didn't have parental permission,
so the interface has probably changed since I last saw it.)

Are you worried specifically about Hotmail?
You're mentioning using gmail to pre-filter your hotmail messages -
gmail's going to have similar potential threats,
except that it's probably better managed,
and if you're going to send the mail to gmail anyway,
why not just read it on gmail?
In general, if you've sent unencrypted email to an untrusted system,
then you've got no way of knowing that it hasn't been read.
At 01:09 PM 4/27/2005, Tyler Durden wrote:
Oh...this post was connected to my previous one.
Sorry...my ideas along these lines are still a little foggy but I'll try 
to articulate.

Basically, let's assume someone with some resources has cracked your email 
and wants to monitor what you send and receive. let's also assume they 
don't want you to know it. Let's assume they also are not particularly 
thrilled about having hotmail know what they're up to (if needs be they 
can obtain a warrant, etc..., but this is clearly less than desirable 
compared to more direct techniques). It seems fairly easy to me to (for 
instance) create a bot that duplicates all of the email and resends it to 
your hotmail account so that when you log in everything looks fresh and 
new. (There are probably easier ways to do this via direct hacks of 
hotmail).

Is there some way to make it evident that someone has opened your email?
Right now, I can't think of anything you could do aside from suggesting 
that hotmail (or whoever) offer some kind of encryption service.

BUT, it occurs to me that you might be able to have gmail forward your 
mail to hotmail via some intermediate application you've set up that takes 
the timestamp and whatever and creates a hash.

Re: WebMoney

[Tyler Durden]

Are you continuing those dots correctly? I assumed they were leading to the 
words Russian mob, which has become quite the powerful force in Brooklyn 
these days.

-TD
From: Shawn K. Quinn [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: WebMoney
Date: Thu, 21 Apr 2005 09:15:06 -0500
On Wed, 2005-04-20 at 19:40 -0700, James A. Donald wrote:
 The fact that webmoney takes security so seriously suggests to me
 that they are honest - but, of course, the fact that they are russian
 suggests .
This isn't the middle of the Cold War anymore. I don't think they are
that dishonest, especially after some of the crap the US government has
pulled in the last few years.
--
Shawn K. Quinn [EMAIL PROTECTED]

What's Packed in Variola's Suitcase?

[Tyler Durden]

Interesting. Gives a lower limit to certain storage questions. Guess it's no 
suprise IBM's SAN product handled things here, it's been field-tested after 
all.

-TD
GENEVA -- IBM and CERN, the European Organization for Nuclear Research, 
today announced that IBM's storage virtualization software has achieved 
breakthrough performance results in an internal data challenge at CERN.

The data challenge was part of a test currently going on at CERN to simulate 
the computing needs of the Large Hadron Collider (LHC) Computing Grid, the 
largest scientific computing grid in the world. The LHC is expected to 
produce massive amounts of data, 15 million gigabytes per year, once it is 
operational in 2007. The recent results represent a major milestone for 
CERN, who is testing cutting-edge data management solutions in the context 
of the CERN openlab, an industrial partnership.

Using IBM TotalStorage SAN File System storage virtualization software, the 
internal tests shattered performance records during a data challenge test by 
CERN by reading and writing data to disk at rates in excess of 1GB/second 
for a total I/O of over 1 petabyte (1 million gigabytes) in a 13-day period. 
This result shows that IBM's pioneering virtualization solution has the 
ability to manage the anticipated needs of what will be the most 
data-intensive experiment in the world. First tests of the integration of 
SAN File System with CERN's storage management system for the LHC 
experiments have already obtained excellent results.

CERN has a long-standing collaborative relationship with IBM, and we are 
delighted that IBM is pushing the frontiers of data management in the 
context of CERN openlab, said Wolfgang von Rüden, Information Technology 
Department Leader at CERN and Head of the CERN openlab. What we learned 
from these data challenges will surely influence our technological choices 
in the coming years, as we continue to deploy the global LHC Computing 
Grid.

Re: WiFi Launcher?

[Tyler Durden]

From: Damian Gerow [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: WiFi Launcher?
Date: Fri, 25 Mar 2005 12:50:04 -0500
Thus spake Tyler Durden ([EMAIL PROTECTED]) [25/03/05 10:30]:
: Has anyone heard of a utility that can search for a WiFi hotspot while
: driving and then launch an email?
I noticed you did a little editing! Sigh. Few can stand in the light for 
very long, save the various beautiful women that clamor to spread my DNA...

Someone once said, Cypherpunks write code.
Yes but I'd amend this to say, Cypherpunks in the process of becoming 
economically successful probably don't have time to write code but others 
can sure feel free to try...

: Sounds possible to me. the only problem might be the need for
: authentication, etc...in some hotspots, but given enough hotspots surely
: there are some that don't need it...
I imagine that, depending on where you're driving, you wouldn't need to
bother with hotspot authentication: you're bound to stumble onto an open
WiFi network at *some* point in your journey.
Exactly. And also, no harm in trying several times, the Johnny Appleseed 
approach...


Given that there already exists utilities that detect WiFi networks and map
them with GPS units, I don't think it would take much to, at that point,
run, say, 'postfix start  postqueue -f'.  Or perhaps mixmaster/mixminion
might be more appropriate.
It sounds not only possible, but plausible.  And I'd be surprised if 
someone
didn't already have this working somewhere.
These days one has to act very quickly in order to create something 
original. The question is, will a TLA do it first and post it, along with a 
TINY little ID tag?

-TD

Re: WiFi Launcher?

[Tyler Durden]

Well, as pointed out previously it may not be necessary to authenticate. If 
you believe you'll be passing through a high WiFi density area, and that 
chances are decent at least one or two of the hotspots do not require 
authentication, then have the app toss off a bunch of the emails and try 
again at the next spot. The emails should make it through somewhere 
(particularly in places like NYC, were there must be a dozen or more public 
hotspots within a block or two of where I work).

Of course, if authentication happens to be achieved, then I guess have the 
app delete those emails it got through.

Which leads to the possibility of perhaps attempting both strategies 
simultaneously, but on different frequency bands.

-TD
From: Bill Stewart [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: WiFi Launcher?
Date: Fri, 25 Mar 2005 14:21:09 -0800
Thus spake Tyler Durden ([EMAIL PROTECTED]) [25/03/05 10:30]:
: Has anyone heard of a utility that can search for a WiFi hotspot while
: driving and then launch an email?
It's a harder problem than you'd expect -
Wifi doesn't have a long range, so you have to detect the hotspot,
decide if you can handle or evade its authentication, do that,
and then send your message before you've driven out of range.
If you're in range for 100 meters at a 18kph city crawl (or bike)
that's about 5 meters/sec so you've got 20 seconds, and it can work.
If you're driving 90kph and catch 10 meters of the edge of a range,
you've got 0.4 seconds to do the job, which is pretty dodgy -
lots of mail servers take a few seconds to really sync up,
especially if you've got to do a DNS lookup or two.
Directional Antennas are unlikely to be useful -
if you've got them aimed right, you might win,
but you're much more likely to miss entirely
or have only a few meters that you're in range.

Golden Triangle Drug Traffic Arbitrage?

[Tyler Durden]

Hey...had an interesting idea I've been discussing.
Actually, no way it's crypto but it's certainly markets/anarchy, so read on 
if you wish.

I'm thinking that that Drug Trafficking in the Golden Triangle might 
actually be a form of arbitrage.

Let me explain...
China pegs it's currency to US currency. With the dropping dollar, this 
means that there's going to be a larger and larger gap between 'reality' (as 
measured in the true cost of goods in a free market) and the pegged rate.

On Cypherpunks do I need to explain the idea that this difference will 
inevitably give rise to a big black market to exploit that difference? (I 
had a hard time explaining this to some younger Wall Street folks here.)

An interesting though I had last night was that the Drug trade in the Golden 
Triangle (Burma, China, Thailand, etc...) might exist for precisely this 
reason...in other words, as a form of arbitrage of sorts between the actual 
local cost of goods and services and manpower and exchange rates of the US 
dollar. Heroin is an ideal medium for arbitrage, as it's price is almost a 
pure function of supply and demand (as opposed to cost of material). It can 
fluctuate with the currency markets and as a result forms  a sort of 'common 
denominator' for translating local wealth back into international, 'real' 
wealth.

In other words, the drug trade is a direct result of government intervention 
in the currency markets.

Of course, if May were here (may his soul roast in the hell of lesser lists) 
he'd say this was 'obvious'...

Is it?
-TD
-TD

RE: What Will We Do With Innocent People's DNA?

[Tyler Durden]

The simplest solution is to systematically spread one's DNA everywhere, 
thus
making 'discovery' of it meaningless.

Yes, this is what I've been endeavoring to do, but my potential partners 
don't seem to understand the urgency.

-TD

Re: Golden Triangle Drug Traffic Arbitrage?

[Tyler Durden]

Hey...I never said May was an idiot. In fact, quite the opposite. His issues 
with race and violence, I feel, don't emanate from stupidity by any means, 
but are rather codifications of some kind of issues into his thinking. Get 
him away from human matters and on the technical level he was normally 
very sharp.

However,
All commodities that exist outside of government regulation have prices
that are functions of supply and demand.  Heroin is no different than
any other commodity in that regard.  The notion that heroin has no cost
of material is especially absurd.  Do you think they can just conjure
it up out of thin air?  Nonsense.  Heroin, like any other commodity,
has significant costs to create, and those are what controls its supply.
OK, I'm punting here, and I'm not an economist. BUT, my assumption is that 
the costs of production of heroin is far below it's actual street value. 
Indeed, this is why many 3rd world economies produce such drugs.


If the yuan is actually cheaper than it should be because of being
pegged to the dollar, there's a much easier way to take advantage of the
arbitrage opportunity: simply buy goods in China and sell them in America.
Yes, that's precisely what the drug trade does.
And guess what, thousands of Chinese export companies do just that,
making money off the economic downhill slide that China has erected
spanning the Pacific.  This effectively forces Chinese workers to be
paid less than they are worth, decreasing their savings and acting as
an economic stimulus for China as a whole.
Well, of course. What I'm driving at, however, is that a pegged yuan (or any 
currency) will have inevitable and unintended local consequences.

For instance, let's say a Chinese consumer wants to purchase US goods in 
China. Obviously, such goods will be extremely expensive. However, with a 
pegged rate, the price for such goods will no longer reflect the true 
differential in the price of (for instance) labor in the US and China. In 
other words, goods are more expensive then they have to be, due to an 
artificial barrier created by the pegged dollar:Yuan rate, and exporting 
legitimate goods becomes a very expensive way to buy those goods. More than 
this, the value of a local yuan (or what have you) is not what it could be 
if you (as an individual, not a nation) had direct access to foregin capital 
at a rate that truly reflects the differential in costs, efficiency, etc...

So what do you do? You export blackmarket goods for prices that reflect some 
sort of reality. In addition, it probably allows local producers of other 
non-black-market items (some of which may not be exportable) to have access 
to foreign capital at the true going value, via various economic 
relationships with drug creators, etc

Come to  think of it arbitrage is not the best term.
Of course, the actual growers and even exporters of heroin are completely 
unaware that their livelihoods are the result of macroeconomic conditions.

Just a thought, could be wrong, but I see nothing in the response above to 
indicate I'm extremely off base. It's nominally Cypherpunk in that it 
poses the question of whether central control is actually responsible for 
the some aspects of the drug trade.

-TD

Re: on FPGAs vs ASICs

[Tyler Durden]

FPGAs probably make more sense for routers,
because you want the ability to change the firmware more often,
and a router has a bunch of other parts as well,
and realistically, cypher-cracking is not an
economically viable activity for most people,
so the cost-benefit tradeoffs are a bit twisted.
The router world seems to use a good mixture. At a startup we were 
purchasing nice off-the-shelf MPLS ASICs, which did MPLS route setup and 
forwarding (and some enforcement) while the 'software'/control plane (eg, 
OSPF, RSVP-TE, etc...) was largely in FPGAs of our own brew.

At that time (ca, 2000/2001) some vendors were starting to push net 
processors, which were somewhere in between, and at the time just weren't 
quite fast enough for ASIC-busting applications and not quite flexible 
enough for FPGA-ish applications. Now, however, I'd bet net processors are 
very effective for metro-edge applications.

What I suspect is that there's already some crypto net processors out there, 
though they may be classified, or the commercial equivalent (ie, I assume 
there are 'classified' catalogs from companies like General Dynamics that 
normal clients never see). They can periodically upgrade the code when they 
discover that some new form of stego (for instance) has become in-vogue at 
Al Qaeda.

These won't be Variola Suitcase-type applications, though, but perhaps for 
special situations where they know the few locations in Cobble Hill Brooklyn 
they want to monitor and decrypt.

-TD

Re: SHA1 broken?

[Tyler Durden]

Ah. You meant as a principal in general. Of course the prevailing wisdom is 
to go from FPGAs to ASICs when you have heavy tasks.

In Telecom equipment, however, there's a few issues that basically 'require' 
FPGAs.

First, the standards change quite a bit, depending on which area you're in. 
For instance, RPR didn't really get settled until very recently. Second, 
your customers may ask for more or different kinds of functionality, so 
you may have a new release of firmware to address that. Putting the framing 
and/or PM on an FPGA while keeping the guts (eg, packet processing) on the 
main ASIC/processor allows you to swap out the trivial without a major heart 
transplant.

In addition, there's probably the far more important issue of design cycle 
times. ASICs will take (at the very minimum) 18 months to create, and if you 
make a mistake early on and don't catch, you have to start all over again. 
For some fields that's just unacceptable.

Then again, if you're looking for sheer, brute performance and design cycle 
times are not a limiting factor, ASICs are often the way to go. Even in a 
Variola Suitcase, however, I'd bet some of the trivial functions are 
off-loaded to an FPGA, though, for reasons above.

-TD
From: Riad S. Wahby [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: SHA1 broken?
Date: Tue, 8 Mar 2005 13:26:48 -0600
Tyler Durden [EMAIL PROTECTED] wrote:
 Well, maybe I misunderstand your statement here, but in Telecom most 
heavy
 iron has plenty of FPGAs, and as far as I understand it, they more or 
less
 have to.

Have to in what sense?  If they're constantly reconfiguring the FPGAs
(new software revs, or some sort of evolutionary learning process---
the latter not likely in telecom, of course), sure, they have  to be on
reprogrammable structures.
If, on the other hand, you're building a custom hash cracking machine,
you don't need to reconfigure your gates. You could design your
parallelized SHA1 cracking machine and dump it onto a bunch of FPGAs,
but if you really have unlimited resources you take the plunge into
ASICs, at which point you can tighten your timing substantially.
--
Riad S. Wahby
[EMAIL PROTECTED]

Re: SHA1 broken?

[Tyler Durden]

Well, what would you call a network processor? An FPGA or a CPU? I think of 
it as somewhere in between, given credence to the FPGA statement below.

-TD
From: Major Variola (ret) [EMAIL PROTECTED]
To: [EMAIL PROTECTED] [EMAIL PROTECTED]
Subject: Re: SHA1 broken?
Date: Sat, 05 Mar 2005 06:51:24 -0800
At 09:23 PM 2/19/05 +, Dave Howe wrote:
   I am unaware of any massive improvement (certainly to the scale of
the comparable improvement in CPUs) in FPGAs, and the ones I looked at
a
a few days ago while researching this question seemed to have pretty
FPGAs scale with tech the same as CPUs, however CPUs contain a lot
more design info (complexity).  But FPGAs since '98 have gotten
denser (Moore's observation), pioneering Cu wiring, smaller features,
etc.

RE: I.R.S. Accuses Man of Hiding $450 Million

[Tyler Durden]

But later, questioned by reporters, Mr. Everson noted that the I.R.S. law
enforcement staff has been cut by at least a quarter in recent years. Mr.
Wainstein, the United States attorney, said one of his prosecutors had
spent a year developing the case.
Anyone gigling? Notice that the amount he cheated the government out of 
could have easily payed the salaries of a bunch more IRS agents.

This guy should receive an Official Cypherpunk award. Or does he not deserve 
one 'cause he got caught?

-TD

From: R.A. Hettinga [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: I.R.S. Accuses Man of Hiding $450 Million
Date: Tue, 1 Mar 2005 13:00:43 -0500
http://www.nytimes.com/2005/03/01/business/01tax.html?th=pagewanted=printposition=
The New York Times
March 1, 2005
I.R.S. Accuses Man of Hiding $450 Million
 By DAVID CAY JOHNSTON
ASHINGTON, Feb. 28 - A prominent telecommunications entrepreneur who once
tried to mount a rescue of a Russian space station has been arrested and
charged with evading taxes by hiding at least $450 million of income
through offshore corporations.
According to a 12-count indictment released on Monday that federal
prosecutors called the largest criminal case of individual tax evasion, the
entrepreneur, Walter Anderson, 51, did not pay over $210 million in federal
and local income taxes he owed for the years 1995 through 1999 alone.
Mr. Anderson ran the table when it came to violating the tax laws, Mark
W. Everson, the Internal Revenue Service commissioner, told a news
conference Monday. Because of his dishonest dealings, Mr. Anderson's
lavish lifestyle was subsidized by honest, hard-working Americans.
In 1998 Mr. Anderson, who lives in Washington, reported a total income of
$67,939 and paid a tax of just $494. Mr. Everson said Mr. Anderson actually
made at least $126 million that year that he never reported. From 1987
through 1993, officials said, Mr. Anderson failed to file a tax return.
Mr. Anderson is the chief executive of Orbital Recovery, a company trying
to extend the life of telecommunications satellites. He was arrested
Saturday at Dulles Airport outside Washington as he stepped off a plane
from London, according to Kenneth L. Wainstein, the United States attorney
for the District of Columbia.
In court on Monday, Mr. Anderson pleaded not guilty to the charges. His
lawyer, John Moustakas, told Magistrate Judge Alan Kay that the
government's case was based on innuendo and rumor.
 If convicted, Mr. Anderson faces as much as 24 years in prison.
Judge Kay ordered Mr. Anderson held without bail until a bond hearing on
Thursday. Susan Menzer, a prosecutor in the case, called Mr. Anderson a
flight risk who can't be trusted.
He hasn't been listening to judges for years, she added.
 Since a search warrant was executed in 2002, Mr. Anderson has moved
artwork and cash to Switzerland to defeat both tax collectors and creditors
who have civil court orders, the Justice Department said in court papers.
Mr. Moustakas did not return a phone call seeking comment.
Mr. Anderson has long attracted a certain level of public attention,
especially when he tried to arrange a rescue of the Mir space station five
years ago. He frequently flew in a private jet and made deals involving
millions of dollars. At conferences on space travel he often spoke of his
hatred of government.
But he came under scrutiny, law enforcement officials suggested, only
because of a tip from a disgruntled business associate.
 Mr. Anderson, according to the indictment, formed an offshore 
corporation,
Gold and Appeal Transfer, in the British Virgin Islands in 1992 to hide his
profits from deals involving a telecommunications company he started in the
1980's.

Over the next three years, the indictment charged, Mr. Anderson set up a
network of offshore corporations, including one in Panama under the alias
Mark Roth, that were used to hide his ownership of three telecommunications
companies and allow him to earn hundreds of millions of dollars without
paying taxes.
 While Mr. Anderson at times insisted publicly that he was worth no more
than $4 million, he serves as a senior business adviser to Constellation
Services International, a fledgling satellite rescue company that disclosed
his ownership of several companies, including Gold and Appeal. Its Web site
said Gold and Appeal was worth at least $100 million and described Mr.
Anderson as selling the Esprit Telecom Group in 1998 for $900 million.
 In extensive filings with the I.R.S. and the Securities and Exchange
Commission, the indictment charged, Mr. Anderson claimed that he was merely
an employee of Gold and Appeal, the offshore bank that the indictment says
was central to his tax-evasion effort.
 The I.R.S. holds all Americans, even the very wealthy, to the same
standard, Mr. Everson said. This indictment sends a strong signal that we
will not tolerate abuse of the tax laws.
But later, questioned by reporters, Mr. Everson noted that the I.R.S. law
enforcement staff has been cut by 

Re: [IP] Books -- The New Hows and Whys of Global Eavesdropping (fwd from dave@farber.net)

[Tyler Durden]

Keefe says of Cryptome: The site is a good litmus test
for your attachment to freedom of speech. He is not happy about 
excessiveness of any kind.
Attachment to freedom of speech?
'NK'.
-TD

RE: Anguilla on $1000 a day - NYTimes

[Tyler Durden]

Wanna cut to the chase here? I don't think Jennifer Anuston is a 
cryptographer, and I got bored hacking my way through this reporter 
commiserating at being at a high-end clip joint.
-TD

From: Bill Stewart [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Anguilla on $1000 a day - NYTimes
Date: Sat, 26 Feb 2005 19:19:55 -0800 (PST)
The NYT updates us on a favorite cryptographers' hideout
http://travel2.nytimes.com/2005/02/27/travel/27high.html
February 27, 2005
HIGH LOW
High: Anguilla on $1000 a Day
By JULIET MACUR
N hour after arriving on Anguilla in early January, I was soaking in the
hot tub at an exclusive resort, sunglasses on, eyes closed, sun warming my
pasty Northeastern face.
Ah, Anguilla, a quiet island that has recently become the next St.
Barts, a hedonistic hideaway and magnet for members of the boldface set.
At the northeast corner of this narrow isle, Jennifer Aniston and Brad
Pitt spent New Year's in a villa on Captain's Bay. On its southwestern
coast, Jay-Z and Beyonci had cuddled on the sands of Shoal Bay West. Down
the beach from my resort, Uma Thurman had kicked back at a local bar.
Just as I began to imagine that I, too, was a star on an
escape-the-paparazzi trip, reality interrupted. A foreign object crashed
into my hot tub and sent water slapping against my face. A small boy and
his father were throwing a ball wildly.
The father's next toss bounced off the boy's head and against a woman's
forehead. The father laughed. The woman smiled. I growled and thought,
This doesn't happen to Jennifer Aniston.
I left in a huff because I had no time for distractions. This was serious
business: I had to figure out how to get by on $1,000 a day.
Related Feature
Low: Anguilla on $250 a Day
Though Anguilla is a relatively undeveloped island where goats might
outnumber residents, $1,000 a day at a chic resort amounts to roughing it.
At the Cap Juluca resort, the cheapest room in high season cost $936 a
night, including the 20 percent tax. Malliouhana Hotel offered a garden
view room on the first floor for $744.
If my best friend, Rose, and I were to eat, drink and even think of going
to the spa on my $1,000-a-day budget, the only high-end resort I could
afford was the CuisinArt Resort and Spa, which sits near the island's
southwestern end on Rendezvous Bay's beach, one and a half miles of
flour-soft sand, blindingly white.
The turquoise ocean water was as clear as Evian, and you could see fish
near the sea floor. The cheapest rate, $550 plus $110 tax - but including
Continental breakfast - would allow us to pretend we belonged at this
beautiful place.
The resort's grounds were simple and elegant. Eggplant-colored
bougainvillea climbed the whitewashed stucco buildings that looked as if
they had been plucked from a Greek cliff. In a nearby garden were trees
heavy with guavas, fig bananas and star apples.
As we looked from the lobby onto a series of rectangular pools cascading
to the beach, a receptionist said we had been upgraded from the main house
to a suite in one of the 10 three-story villas clustered along the shore.
We hope you don't mind, she said, unaware that I was a journalist.
No, we didn't, and certainly not after seeing the room. The upgrade, to a
junior suite that would have cost $120 more a night, allowed us to hear
waves from our patio.
Our suite was a cheery, not fancy, single room, but at 920 square feet
was nearly as big as my Manhattan apartment. A navy couch broke up the
space into sleeping and lounging areas. Two double beds with wicker
headboards faced the porch and a walkway to the beach. Paintings of Greek
fishing villages and bright bedspreads splashed color against the white
walls and tile floors.
A brochure called the bathroom your own private sanctum, large enough
for an oval tub for a honeymooning couple's bubble bath. But nothing was
that private, considering one wall was made of warped glass. While on the
outside walkway one day, I gasped when I saw a fuzzy version of Rose
heading for the shower.
At the resort's free reception on our first night (with food and drink),
the manager, Rabin Ortiz, told us, Do not make plans for your weekend.
We quickly learned why. There are no plans to make because, on Anguilla,
there is basically nothing to do. And that's the point.
At CuisinArt, stay away from the main pool (where ball-tossing children
congregate). Instead, sit on the beach and take delivery of homemade lemon
sorbet from waiters whose goal is to fill you with fruity rum drinks.
After sundown, submit to spa treatments like the Anguillan coconut
pineapple scrub, which smells good enough to eat, and the hydroponic
cucumber and aloe wrap, using ingredients grown on the premises.
It was the perfect place for us: upscale, but not one bit snooty.
Night life is minimal. (At 10:30 on Saturday night, only one couple was at
our resort's bar, where a trio sang Endless Love.) Sea kayaks,
sailboats, catamarans and tennis courts were available and mostly unused.
For casino or dance 

John Gilmore and Open Source

[Tyler Durden]

Are they just basically saying we just can't travel without identity
papers? If that's true, then I'd rather see us go through a real debate
that says we want to introduce required identity papers in our society
rather than trying to legislate it through the back door through
regulations that say there's not any other way to get around,
Actually, that's a very interesting comment. In a way, it harkens to the 
open source movement: The secrecy of these laws is precisely what weakens 
security, as folks a little more active-minded than bureaucrats will get a 
chance to think about the problem.

And of course, if just one terrorist gets a hold of those secret laws, 30 
minutes after that all of them will have a copy while the rest of us (trying 
NOT to get blown up) will be at a distinct disadvantage. But then again, 
maybe that's no coincidence...government seems to have a knack for finding 
reasons for itself to exist...

-TD

From: R.A. Hettinga [EMAIL PROTECTED]
To: [EMAIL PROTECTED], cryptography@metzdowd.com, 
osint@yahoogroups.com
Subject: Grounded: Millionaire John Gilmore stays close to home while   
making a point about privacy
Date: Mon, 28 Feb 2005 00:48:06 -0500

http://www.postgazette.com/pg/pp/05058/462446.stm
Pittsburgh Post-Gazette
Grounded: Millionaire John Gilmore stays close to home while making a point
about privacy
He's unable to travel because he refuses to present a government-approved 
ID

Sunday, February 27, 2005
 By Dennis Roddy, Pittsburgh Post-Gazette
 SAN FRANCISCO -- John Gilmore's splendid isolation began July 4, 2002,
when, with defiance aforethought, he strolled to the Southwest Airlines
counter at Oakland Airport and presented his ticket. Dennis Roddy,
Post-Gazette
John Gilmore, beside a graffiti-covered wall, has his morning coffee at a
shop that's one block from his San Francisco home. The Bradford native
doesn't drive and has other travel restrictions, thanks to his challenge of
a law that the government won't allow him to see.
 The gate agent asked for his ID.
 Gilmore asked her why.
 It is the law, she said.
 Gilmore asked to see the law.
 Nobody could produce a copy. To date, nobody has. The regulation that
mandates ID at airports is Sensitive Security Information. The law, as it
turns out, is unavailable for inspection.
 What started out as a weekend trip to Washington became a crawl through
the courts in search of an answer to Gilmore's question: Why?
 In post 9/11 America, asking Why? when someone from an airline asks for
identification can start some interesting arguments. Gilmore, who learned
to argue on the debate team in his hometown of Bradford, McKean County, has
started an argument that, should it reach its intended target, the U.S.
Supreme Court, would turn the rules of national security on end, reach deep
into the tug-of-war between private rights and public safety, and play
havoc with the Department of Homeland Security.
 At the heart of Gilmore's stubbornness is the worry about the thin line
between safety and tyranny.
 Are they just basically saying we just can't travel without identity
papers? If that's true, then I'd rather see us go through a real debate
that says we want to introduce required identity papers in our society
rather than trying to legislate it through the back door through
regulations that say there's not any other way to get around, Gilmore
said. Basically what they want is a show of obedience.
Dennis Roddy, Post-Gazette
There's no place like home for John Gilmore, who can't travel very far from
his San Francisco residence. The Bradford native refuses to give his
identification for flying.
Click photo for larger image.
 As happens to the disobedient, Gilmore is grounded. He is rich -- he
estimates his net worth at $30 million -- and cannot fly inside the United
States. Nor can he ride Amtrak, rent a room at most major hotels, or easily
clear security in the courthouses where his case, Gilmore v. Ashcroft, is
to be heard. In a time when more and more people and places demand some
form of government-issued identification, John Gilmore offers only his
49-year-old face: a study in stringy hair, high forehead, wire-rimmed
glasses, Ho Chi Minh beard and the contrariness for which the dot.com
culture is renowned.
 I think of myself as being under regional arrest, he said. Even with 
$30
million in the bank, regional arrest can be hard. He takes the bus to and
from events at which he is applauded by less well-heeled computer techies
who flew in from around the country after showing a boarding pass and one
form of government-issued photo ID and arrived in rental cars that required
a valid driver's license and one major credit card.

 He was employee No. 5 at Sun Microsystems, which made Unix, the free
software of the Web, the world standard. He japed the government by
cracking its premier security code. He campaigned to keep the software that
runs the Internet free of charge. After he left Sun, Gilmore started his
own firm, sold it for more