RE: [EMAIL PROTECTED]: [IP] more on U.S. passports to receive RFID implants start
One thing to think about with respect to the RFID passports... Um, uh...surely once in a while the RFID tag is going to get corrupted or something...right? I'd bet it ends up happening all the time. In those cases they probably have to fall back upon the traditional passport usage and inspection. The only question is, what could (believably) damage the RFID? -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: [IP] more on U.S. passports to receive RFID implants starting in October 2006 [priv]] Date: Sat, 29 Oct 2005 20:54:13 +0200 - Forwarded message from David Farber [EMAIL PROTECTED] - From: David Farber [EMAIL PROTECTED] Date: Fri, 28 Oct 2005 17:49:06 -0400 To: Ip Ip ip@v2.listbox.com Subject: [IP] more on U.S. passports to receive RFID implants starting in October 2006 [priv] X-Mailer: Apple Mail (2.734) Reply-To: [EMAIL PROTECTED] Begin forwarded message: From: Edward Hasbrouck [EMAIL PROTECTED] Date: October 28, 2005 11:07:28 AM EDT To: [EMAIL PROTECTED] Subject: Re: [IP] more on U.S. passports to receive RFID implants starting in October 2006 [priv] From: Lin, Herb [EMAIL PROTECTED] *Front* cover? Does that mean that if I hold the passport the wrong way, the skimmer will have a free ride? FWIW: (1) The sample RFID passports that Frank Moss passed around at CFP, which looked like http://travel.state.gov/passport/eppt/eppt_2501.html, had the RFID chip (which was barely detectable by feel) in the *back* cover. The visible data page was/is, as with current passports, in the *front* cover. This is not compliant with the ICAO specifications, which recommend having the chip in the same page as the visible data, to make it more difficult to separate them. I can only guess that it was hard to laminate the visible data without damaging the chip, if it was in the same page. But it's interesting in light of the importance supposedly being placed on compliance with ICAO standards. (2) Moss had 2 sample RFID passports, 1 with and 1 without the shielding. He cliamed it was a layer in the entire outer cover (front and back), but it wasn't detectable by feel. I have more threat scenarios for the latest flavor of RFID passport at: http://hasbrouck.org/blog/archives/000869.html Edward Hasbrouck [EMAIL PROTECTED] http://hasbrouck.org +1-415-824-0214 - You are subscribed as [EMAIL PROTECTED] To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
RE: Return of the death of cypherpunks.
I don't agree. One thing we do know is that, although Crypto is available and, in special contexts, used, it's use in other contexts is almost counterproduct, sending up a red flag so that those that Protect Our Freedoms will come sniffing around and bring to bear their full arsenal of technologies and, possibly, dirty tricks. Merely knowing that you are using stego/crypto in such contexts can cause a lot of attention come your way, possibly in actual meatspace, which in many cases is almost worse than not using crypto at all In addition, although strong and unbreakable Crypto exists, one thing a stint on Cypherpunks teaches you is that it is only rarely implemented in such a way as to actually be unbreakable to a determined attacker, particularly if there are not many such cases to examine in such contexts. The clear moral of this story is that, to increase the odds of truly secure communication, etc, Crypto in such contexts must become much more ubiquitous, and I still think Cypherpunks has a role to play there and indeed has played that role. Such a role is, of course, far more than a mere cheerleading role,a fact that merits a continued existence for Cypherpunks in some form or another. -TD Only when Crypto is used ubiquitousl From: James A. Donald [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Return of the death of cypherpunks. Date: Fri, 28 Oct 2005 12:09:36 -0700 -- From: Eugen Leitl [EMAIL PROTECTED] While I don't exactly know why the list died, I suspect it was the fact that most list nodes offered a feed full of spam, dropped dead quite frequently, and also overusing that needs killing thing (okay, it was funny for a while). The list needs not to stay dead, with some finite effort on our part (all of us) we can well resurrect it. If there's a real content there's even no need from all those forwards, to just fake a heartbeat. Since cryptography these days is routine and uncontroversial, there is no longer any strong reason for the cypherpunks list to continue to exist. I recently read up on the Kerberos protocol, and thought, how primitive. Back in the bad old days, we did everything wrong, because we did not know any better. And of course, https sucks mightily because the threat model is both inappropriate to the real threats, and fails to correspond to the users mental model, or to routine practices on a wide variety of sites, hence users glibly click through all warning dialogs, most of which are mere noise anyway. These problems, however, are no explicitly political, and tend to be addressed on lists that are not explicitly political, leaving cypherpunks with little of substance. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG AnKV4N6f9DgtOy+KkQ9QsiXcpQm+moX4U09FjLXP 4zfMeSzzCXNSr737bvqJ6ccbvDSu8fr66LbLEHedb
RE: crypto on sonet is free, Tyler
Yo Variola! Did you notice the date stamp on that post? Did you do a stint on Survivor or something? Or as I said to the short-lived Tom Veil, What, no Starbucks near your Unabomber shack? -TD From: Major Variola (ret) [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: crypto on sonet is free, Tyler Date: Tue, 25 Oct 2005 19:52:10 -0700 At 03:15 PM 6/8/04 -0400, Tyler Durden wrote: Well, it's interesting to consider how/if that might be possible. SONET scrambles the payload prior to transmission..adding an additional crypto layer prior to transmission would mean changing the line rate, so probably a no-no. Tyler, one can implement crypto at *arbitrary* line rates though the use of multiple hardware engines and the right mode of operation. If you don't use crypto you are broadcasting, as well as accepting anything from anyone as authentic. Its that simple. Caveat receiver. --- Impeach or frag.
RE: On special objects, and Judy Miller's treason
Its unfortunate that some posters had to be reminded that anyone calling for government-licensed reporters (and religions, as one author included) deserves to have their carbon recycled, because of the treason to the BoR. Tim May used to call government licensed citizens special objects. Search for it. Although I agree in theory, if I were a black man in Alabama in the 1950s (for instance), I might certainly be willing to try to declare blacks as worthy of special consideration if that would keep me from getting lynched. I would not, in general, expect to be held liable by others for the reaction of Tyrants, and I'd be willing to allow other lynchables to take care of themselves. Is Miller in this situation? Doubtful, but then again were you -suprised-? -TD
Re: Judy Miller needing killing
Cyphrpunk wrote... The notion that someone who is willing to spend months in jail just to keep a promise of silence needs killing is beyond bizarre and is downright evil. This list supports the rights of individuals to tell the government to go to hell, and that is exactly what Judy Miller did. She should be a hero around here. It's disgusting to see these kinds of comments from a no-nothing like Major Variola. While I agree that Variola has his bizarre moments, much of what he says at least merits further investigation. He partially fills a role that May filled, before his final descent into madness... I, for one, welcome his return to posting, and it's not too much effort to hit the delete button on a post-by-post basis. -TD
Color Laser Printer Snitch Codes
Apparently, it's possible to examine a color printer output and determine make, model, and even print time. http://www.eff.org/Privacy/printers/docucolor/ Soon we'll find out that toothbrushes are able to determine what I ate for dinner and are regularly sending the info... -TD
RE: TEMPEST PC for sale on ebay
Uh...it's SAIC. I used to work for a subsidiary so I wouldn't touch this POS with a ten-foot tempest pole. -TD From: [EMAIL PROTECTED] (Peter Gutmann) To: [EMAIL PROTECTED] Subject: TEMPEST PC for sale on ebay Date: Sat, 15 Oct 2005 19:39:02 +1300 http://cgi.ebay.com/SAIC-V2-Military-Portable-Computer-With-Accessories_W0QQitemZ8707782870QQcategoryZ177QQrdZ1QQcmdZViewItem May possibly run a very cut-down version of Linux, otherwise you'd be stuck with DOS. Peter.
RE: [EMAIL PROTECTED]: Handbook for bloggers and cyber-dissidents]
There's also some very nice advice for nontechnical people about things like Mixmaster, checking IP addresses, and how to DO a lot of stuff making use of the tools that are out there. It's a great little book. Oh yeah...I think Gilmore wrote a section in it. -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: Handbook for bloggers and cyber-dissidents] Date: Thu, 6 Oct 2005 08:28:06 +0200 - Forwarded message from Thomas Sj?gren [EMAIL PROTECTED] - From: Thomas Sj?gren [EMAIL PROTECTED] Date: Wed, 5 Oct 2005 23:20:14 +0200 To: [EMAIL PROTECTED] Subject: Handbook for bloggers and cyber-dissidents User-Agent: Mutt/1.5.9i Reply-To: [EMAIL PROTECTED] Reporters Without Borders (Reporters sans fronti?res, RSF) has released a Handbook for bloggers and cyber-dissidents: http://www.rsf.org/rubrique.php3?id_rubrique=542 Topics include: How to blog anonymously Technical ways to get around censorship Ensuring your e-mail is truly private Internet-censor world championship From the chapter How to blog anonymously: Step five - Onion Routing through Tor [...] Given the complexity of the technology, Sarah is pleasantly surprised to discover how easy it is to install Tor, an onion routing system. She downloads an installer which installs Tor on her system, then downloads and installs Privoxy, a proxy that works with Tor and has the pleasant side benefit of removing most of the ads from the webpages Sarah views. After installing the software and restarting her machine, Sarah checks noreply.org and discovers that she is, in fact, successfully cloaked by the Tor system - noreply.org thinks shes logging on from Harvard University. She reloads, and now noreply thinks shes in Germany. From this she concludes that Tor is changing her identity from request to request, helping to protect her privacy. This has some odd consequences. When she uses Google through Tor, it keeps switching language on her. One search, its in English - another, Japanese. Then German, Danish and Dutch, all in the course of a few minutes. Sarah welcomes the opportunity to learn some new languages, but shes concerned about some other consequences. Sarah likes to contribute to Wikipedia, but discovers that Wikipedia blocks her attempts to edit articles when shes using Tor. Tor also seems to have some of the same problems Sarah was having with other proxies. Her surfing slows down quite a bit, as compared to surfing the web without a proxy - she finds that she ends up using Tor only when shes accessing sensitive content or posting to her blog. And shes once again tied to her home computer, since she cant install Tor on a public machine very easily. Most worrisome, though, she discovers that Tor sometimes stops working. Evidently, her ISP is starting to block some Tor routers - when Tor tries to use a blocked router, she can wait for minutes at a time, but doesnt get the webpage shes requested. -- - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Just to make your life more paranoid:) Re: Surreptitious Tor Messages?
Steve Furlong wrote... The noisy protocol has the added benefit of causing the network cable to emit lots of radiation, frying the brains of TOR users. The only defense is a hat made of flexible metal. More than that, I'd bet they engineered that noise to stimulate the very parts of the brain responsible for Wikipedia entries... -TD
Surreptitious Tor Messages?
Can anyone suggest a tool for checking to see if my Tor client is performing any surreptitious signaling? Seems to me there's a couple of possibilities for a TLA or someone else to monitor Tor users. Tor clients purchased online or whatever could possibly signal a monitoring agency for when and possibly where the user is online. This would mean that at bootup, some surreptitious packets could be fired off. The problem here is that a clever TLA might be able to hide its POP behind the Tor network, so merely checking on IP addresses on outgoing packets wouldn't work. Can anyone recommend a nice little package that can be used to check for unusual packets leaving my machine through the tor client? -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: Re: nym-0.2 released (fwd)] Date: Mon, 3 Oct 2005 15:57:42 +0200 - Forwarded message from Jason Holt [EMAIL PROTECTED] - From: Jason Holt [EMAIL PROTECTED] Date: Sun, 2 Oct 2005 22:23:50 + (UTC) To: cyphrpunk [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], cryptography@metzdowd.com Subject: Re: nym-0.2 released (fwd) Reply-To: [EMAIL PROTECTED] On Sun, 2 Oct 2005, cyphrpunk wrote: 1. Limting token requests by IP doesn't work in today's internet. Most Hopeless negativism. I limit by IP because that's what Wikipedia is already doing. Sure, hashcash would be easy to add, and I looked into it just last night. Of course, as several have observed, hashcash also leads to whack-a-mole problems, and the abuser doesn't even have to be savvy enough to change IPs. Why aren't digital credential systems more widespread? As has been suggested here and elsewhere at great length, it takes too much infrastructure. It's too easy when writing a security paper to call swaths of CAs into existance with the stroke of the pen. To assume that any moment now, people will start carrying around digital driver's licenses and social security cards (issued in the researcher's pet format), which they'll be happy to show the local library in exchange for a digital library card. That's why I'm so optimistic about nym. A reasonable number of Tor users, a technically inclined group of people on average, want to access a single major site. That site isn't selling ICBMs; they mostly want people to have access anyway. They have an imperfect rationing system based on IPs. The resource is cheap, the policy is simple, and the user needs to conceal a single attribute about herself. There's a simple mathematical solution that yields certificates which are already supported by existing software. That, my friend, is a problem we can solve. I suggest a proof of work system a la hashcash. You don't have to use that directly, just require the token request to be accompanied by a value whose sha1 hash starts with say 32 bits of zeros (and record those to avoid reuse). I like the idea of requiring combinations of scarce resources. It's definitely on the wishlist for future releases. Captchas could be integrated as well. 2. The token reuse detection in signcert.cgi is flawed. Leading zeros can be added to r which will cause it to miss the saved value in the database, while still producing the same rbinary value and so allowing a token to be reused arbitrarily many times. Thanks for pointing that out! Shouldn't be hard to fix. 3. signer.cgi attempts to test that the value being signed is 2^512. This test is ineffective because the client is blinding his values. He can get a signature on, say, the value 2, and you can't stop him. 4. Your token construction, sign(sha1(r)), is weak. sha1(r) is only 160 bits which could allow a smooth-value attack. This involves getting signatures on all the small primes up to some limit k, then looking for an r such that sha1(r) factors over those small primes (i.e. is k-smooth). For k = 2^14 this requires getting less than 2000 signatures on small primes, and then approximately one in 2^40 160-bit values will be smooth. With a few thousand more signatures the work value drops even lower. Oh, I think I see. The k-smooth sha1(r) values then become bonus tokens, so we use a large enough h() that the result is too hard to factor (or, I suppose we could make the client present properly PKCS padded preimages). I'll do some more reading, but I think that makes sense. Thanks! -J - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
RE: [EMAIL PROTECTED]: [IP] Italy requires logging of personal info at cybercafes]
Well, the great thing about the Italians is that you can bet in large parts of Italy the law is already routinely ignored. 6 months from now it will be forgotten. -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: [IP] Italy requires logging of personal info at cybercafes] Date: Tue, 4 Oct 2005 15:20:15 +0200 - Forwarded message from David Farber [EMAIL PROTECTED] - From: David Farber [EMAIL PROTECTED] Date: Tue, 4 Oct 2005 08:54:46 -0400 To: Ip Ip ip@v2.listbox.com Subject: [IP] Italy requires logging of personal info at cybercafes X-Mailer: Apple Mail (2.734) Reply-To: [EMAIL PROTECTED] Begin forwarded message: From: Brett Glass [EMAIL PROTECTED] Date: October 4, 2005 2:25:50 AM EDT To: [EMAIL PROTECTED] Subject: For IP: Italy requires logging of personal info at cybercafes Want to check your e-mail in Italy? Bring your passport. An antiterror law makes Internet cafe managers check their clients' IDs and track the websites they visit. By Sofia Celeste | Contributor to The Christian Science Monitor ROME - Looking out over the cobblestone streets of Rome's Borgo Pio neighborhood, Maurizio Savoni says he's closing his Internet cafe because he doesn't want to be a cop anymore. After Italy passed a new antiterrorism package in July, authorities ordered managers offering public communications services, like Mr. Savoni,to make passport photocopies of every customer seeking to use the Internet, phone, or fax. This new law creates a heavy atmosphere, says Savoni, his desk cluttered with passport photocopies. He is visibly irritated, as he proceeds to halt clients at the door for their ID. Passed within weeks of the London bombings this summer, the law is part of the most extensive antiterror package introduced in Italy since 9/11 and the country's subsequent support of the Iraq war. Though the legislation also includes measures to heighten transportation security, permit DNA collection, and facilitate the detention or deportation of suspects, average Italians are feeling its effect mainly in Internet cafes. But while Italy has a healthy protest culture, no major opposition to the law has emerged. Before the law was passed, Savoni's clients were anonymous to him. Now they must be identified by first and last name. He must also document which computer they use, as well as their log-in and log-out times. Like other owners of Internet cafes, Savoni had to obtain a new public communications business license, and purchase tracking software that costs up to $1,600. The software saves a list of all sites visited by clients, and Internet cafe operators must periodically turn this list into their local police headquarters. After 9/11, Madrid, and London, we all have to do our utmost best to fight terrorism, says a government official who asked not to be named. Italy claims that its new stance on security led to the arrest of Hussein Osman, also known as Hamdi Issac - one of the men behind the failed bombing of the London underground July 21. Hamdi was well known to our security people and had relatives here with whom he communicated, in some form, says the government official in an e-mail interview. But Silvia Malesa, a young Internet cafe owner in the coastal village of Olbia, Sardinia, remains unconvinced. This is a waste of time, says Ms. Malesa in a telephone interview. Terrorists don't come to Internet cafes. And now, would-be customers aren't coming either, say Savoni and Malesa. Since the law was enacted, Savoni has seen an estimated 10 percent drop in business. So many people who come in here ask 'why?' and then they just leave, Savoni says. Most tourists who wander in from the streets, he explains, leave their passports at home or are discouraged when asked to sign a security disclaimer. Savoni says the new law violates his privacy, comparing it to America's antiterrorism law that allows authorities to monitor Internet use without notifying the person in question. It is a control system like America's Patriot Act, he says. Groups like the American Civil Liberties Union have criticized the Patriot Act because it permits the government to ask libraries for a list of books someone has borrowed or the websites they have visited. Under Italy's new antiterror legislation, only those who are on a black list for terrorist connections are in danger of having their e- mails read, according to the government official. Interior Minister Giuseppe Pisanu has declared Italy will stop at nothing to fight terror. I will continue to prioritize action to monitor the length and breadth of the country, without ever underestimating reasonably reliable reports of specific threats, said Mr. Pisanu in a Sept. 29 interview with Finmeccanica Magazine. Pisanu has also called for developing sophisticated technology to combat terror on Italian soil. There is no doubt that, to achieve maximum efficiency, we need the support of the best technological
Re: [EMAIL PROTECTED]: Wikipedia Tor]
In many segments of the credit card insutry meatspace is also irrelevant. Anyone with a FICO greater than about 680 is almost certainly concered with maintaining their reputation with the current crop of TRWs of the world...collections efforts leverage the potential damage to the reputation, and only very gradually (if ever) fall back into actual meatspace threats (ie, docking your pay, etc...). And in many cases meatspace threats are forgone due to the collections effort (times probability of collection) yielding more than what would be recovered. So for many, it's effectively been psuedonyms for years, though their psuedonyms happen to correspond to their true names. -TD From: John Kelsey [EMAIL PROTECTED] To: Roy M. Silvernail [EMAIL PROTECTED],R.A. Hettinga [EMAIL PROTECTED] CC: James A. Donald [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED]: Wikipedia Tor] Date: Sat, 1 Oct 2005 10:01:51 -0400 (GMT-04:00) Damn good point. Now that I think of it, all the classic examples of anonymous publication were really pseudonymous. (Publius, et al) They have different requirements. Votes and cash transactions and similar things require no history, no reputation. They're one-shot actions that should not be linkable to other actions. Pseudonyms are used everywhere in practice, because even my name is effectively a pseudonym unless you have some reason to try to link it to a meatspace human. This is why it's worth reading a book by Mark Twain, even though that wasn't his real name. And it would be worth reading those books even if we had no idea who had really written them. The reuptation and history of the author lets you decide whether you want to read the next of his books. The same is true of academic papers--you don't need to have met me or even to be able to find me, in order to read my papers and develop an opinion (hopefully a good one) about the quality of my work. And that determines whether you think the next paper is worth reading. --John
RE: [EMAIL PROTECTED]: Re: Pseudonymity for tor: nym-0.1 (fwd)]
Just a thought. Wikipedia entries from anonymous sources, such as Tor, should have an expiration date and revert back, unless a Wiki Admin or other trusted user OKs the new entry. -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: Re: Pseudonymity for tor: nym-0.1 (fwd)] Date: Fri, 30 Sep 2005 10:34:00 +0200 - Forwarded message from Jason Holt [EMAIL PROTECTED] - From: Jason Holt [EMAIL PROTECTED] Date: Thu, 29 Sep 2005 23:32:48 + (UTC) To: [EMAIL PROTECTED] Subject: Re: Pseudonymity for tor: nym-0.1 (fwd) Reply-To: [EMAIL PROTECTED] -- Forwarded message -- Date: Thu, 29 Sep 2005 23:32:24 + (UTC) From: Jason Holt [EMAIL PROTECTED] To: Ian G [EMAIL PROTECTED] Cc: cryptography@metzdowd.com Subject: Re: Pseudonymity for tor: nym-0.1 (fwd) On Thu, 29 Sep 2005, Ian G wrote: Couple of points of clarification - you mean here CA as certificate authority? Normally I've seen Mint as the term of art for the center in a blinded token issuing system, and I'm wondering what the relationship here is ... is this something in the 1990 paper? Actually, it was just the closest paper at hand for what I was trying to do, which is nymous accounts, just as you say. So I probably shouldn't have referred to spending at all. My thinking is that if all Wikipedia is trying to do is enforce a low barrier of pseudonymity (where we can shut off access to persons, based on a rough assumption of scarce IPs or email addresses), a trivial blind signature system should be easy to implement. No certs, no roles, no CRLs, just a simple blindly issued token. And in fact it took me about 4 hours (while the conversation on or-talk has been going on for several days...) There are two problems with what I wrote. First, the original system is intended for cash instead of pseudonymity, and thus leaves the spender a disincentive to duplicate other serial numbers (since you'd just be accused of double spending); this is a problem since if an attacker sees you use your token, he can get the same token signed for himself and besmirch your nym. And second, it would be a pain to glue my scripts into an existing authentication system. Both problems are overcome if, instead of a random token, the client blinds the hash of an X.509 client cert. Then the returned signature gives you a complete client cert you can plug into your web browser (and which web servers can easily demand). Of course, you can put anything you want in the cert, since the servers know that my CA only certifies 1 bit of data about users (namely, that they only get one cert per scarce resource). But the public key (and verification mechanisms built in to TLS) keeps abusers from being able to pretend they're other users, since they won't have the users' private keys. rant The frustrating part about this is the same reason why I'm getting out of the credential research business. People have solved this problem before (although I didn't know of any Free solutions; ADDS and SOX are hard to google -- are they Free?). I even came up with at least a proof of concept in an afternoon. And yet the argument on the list went on and on, /without even an acknowledgement of my solution/. Everybody just kept debating the definitions of anonymity and identity, and accusing each other of anarchy and tyranny. We go round and round when we talk about authentication systems, but never get off the merry-go-round. Contrast that with Debevec's work at Berkeley; Ph.D in 1996 on virtual cinematography, then The Matrix comes out in 1999 using his techniques and revolutionizes action movies. Sure, graphics is easier because it doesn't require everyone to agree on an /infrastructure/, but then, neither does the tor/wikipedia problem. I'm grateful for guys like Roger Dingledine and Phil Zimmerman who actually make a difference with a privacy system, but they seem to be the exception, rather than the rule. /rant So thanks for at least taking notice. -J - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]
One way to build a psuedo-pseudonymous mechanism to hang off of Tor that would be easy for the Wikipedians to deal with would be to have a server that lets you connect to it using Tor, log in using some authentication protocol or other, then have it generate different outgoing addresses based on your ID. So user #37 gets to initiate connections from 10.0.0.37, user #258 gets to initiate connections from 10.0.1.2, etc. Isn't the IPv4 address space potentially too small in the intermediate run for this approach? Sounds like you'd need IPv6... -TD
RE: [EMAIL PROTECTED]: Re: Hello directly from Jimbo at Wikipedia]
No, this is important. If this isn't Cypherpunks material these days then nothing is. As for the Wikipedia folks, I can't imagine having a more intelligent batch of people disagree. There's is a very practical matter: Reducing the hassles, particularly when said hassles in general deteriorate the content/bullshit ratio they see. On the other hand, they seem to clearly get the value of Tor, and have practically extended an invitation for a solution that will truly make things better while not significantly increasing their hassles. That the Wikipedia reaction to TorSpam is perhaps regrettable is obvious, but given their goals (not particularly Cypherpunkly) it really does make sense: No one's paid at Wikipedia and no one's going to do all the work of cleaning up the slung feces. In other words, their clipping off one of the side-lobes but increasing the remaining signal-to-noise. Just brute force logic. Sorry. But the door is open for solutions and they do seem to understand the issues. Not bad, and the long-term solution may be very interesting... -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: Re: Hello directly from Jimbo at Wikipedia] Date: Thu, 29 Sep 2005 14:02:32 +0200 Sorry for the flood, but this is winding down already. What I didn't like about this discussion is that all concerned parties seem to have been shouting into space past each other, just trying to make a noise instead of understanding and solving the problem. - Forwarded message from Steven J. Murdoch [EMAIL PROTECTED] - From: Steven J. Murdoch [EMAIL PROTECTED] Date: Thu, 29 Sep 2005 00:27:51 +0100 To: [EMAIL PROTECTED] Cc: Jimmy Wales [EMAIL PROTECTED] Subject: Re: Hello directly from Jimbo at Wikipedia User-Agent: Mutt/1.4.1i Reply-To: [EMAIL PROTECTED] On Tue, Sep 27, 2005 at 05:48:59PM -0400, Jimmy Wales wrote: All I'm saying is that Tor could segregate users easily enough into two clouds: We sorta trust these ones, more or less, a little bit, but no guarantees -- We don't trust these ones, we don't know them. This would be very difficult to do using the existing Tor design as it doesn't know anything about users or sessions. It lives at the TCP layer and all it does is shift packets from one IP address to another, giving some privacy to both ends. Adding higher layer functionality to Tor increases the chance that it will do neither job well, so here is a proposal which I think does what you want, but avoids this problem. The goal is to increase the cost for a Tor user to commit abuse on Wikipedia. It doesn't need to be full-proof, but just enough to make them go elsewhere. Wikipedia could require Tor users to log in before making edits, and ban accounts if they do something bad. However the cost of creating new accounts is not very high. The goal of this proposal is to impose a cost on creating accounts which can be used though Tor. Non-Tor access works as normal and the cost can be small, just enough to reduce the incentive of abuse. Suppose Wikipedia allowed Tor users to only read articles and create accounts, but not able to change anything. The Tor user then goes to a different website, call it the puzzle server. Here the Tor user does some work, perhaps does a hashcash computation[1] or solves a CAPTCHA[2], then enters the solution along with their new Wikipedia username. The puzzle server (which may be run by Wikipedia or Tor volunteers), records the fact that someone has solved a puzzle along with the username entered. The puzzle server doesn't need the Wikipedia password as there is no reason for someone to do work for another person's account. Now when that Tor user logs into their Wikipedia account to edit something, the Wikipedia server asks the puzzle server whether this account has ever solved a puzzle. If it has, the user can make the edit, if not then the user is told to go to the puzzle server first. This check can be very simple - just an HTTP request to the puzzle server specifying the Wikipedia username, which returns yes vs no, or 200 vs 403. For performance reasons this can be cached locally. There is no cryptography here, and I don't think it is needed, but it can be added without much difficulty. If the Tor user starts committing abuse, his account is cancelled. The puzzle server doesn't need to be told about this, as Wikipedia will not let that user make any edits. The reason this approach avoids the usual problems with proof-of-work schemes[3] is that good Tor users only have to solve the puzzle once, just after they create the account. Bad Tor users will need to solve another puzzle every time they are caught and had their account cancelled. So my question to Jimbo is: what type of puzzle do you think would be enough to reduce abuse through Tor to a manageable level? The difficulty of the puzzle can be tuned over time but what would be necessary for Wikipedia to try this out? Hope this helps, Steven Murdoch.
Re: Wikipedia Tor
That's trivial: charge Tor-originated users for editing. That 0.0001% (all three of them) that actually contributes to Wikipedia will be resourceful enough to create untraceable payment accounts. ..and ensure that all future Tor-originated Wikipedia entries are about anonymous payments and transactions... -TD
RE: [EMAIL PROTECTED]: [Geowanking] Google Earth Exposes the Indian Military]
Stupid assholes. Despite all the tech work in India going on, their military apparently didn't realize that the world changed a long time ago (way before Google). And if they can somehow block google, then I can merely purchase the photos on the black market from a private satellite. -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: [Geowanking] Google Earth Exposes the Indian Military] Date: Wed, 28 Sep 2005 13:37:36 +0200 - Forwarded message from Shekhar Krishnan [EMAIL PROTECTED] - From: Shekhar Krishnan [EMAIL PROTECTED] Date: Wed, 28 Sep 2005 12:17:23 +0100 To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], fsf-friends@mm.gnu.org.in, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Cc: Subject: [Geowanking] Google Earth Exposes the Indian Military Organization: CRIT (Collective Research Initiatives Trust) X-Mailer: Evolution 2.4.0 Reply-To: [EMAIL PROTECTED] Dear All: :: apologies for cross-posting :: This has caused quite an uproar in Mumbai, and the consequences will be interesting to follow. To read more about open geo-data and free mapping initiatives in India, see the Mumbai Free Map ( http://www.crit.org.in/projects/gis | http://freemap.crit.org.in | http://www.freemap.in ). Please also visit and sign the open geo-data manifesto hosted by the Open Knowledge Foundation ( http://okfn.org/geo/manifesto.php ) and visit Mapping Hacks ( http://www.mappinghacks.com ). Best, Shekhar _ Google Earth exposes IAF bases CHARLES ASSISI TIMES NEWS NETWORK[ TUESDAY, SEPTEMBER 27, 2005 12:16:08 AM ] http://timesofindia.indiatimes.com/articleshow/1243460.cms MUMBAI: Legally, you aren???t supposed to come within arm???s length of India???s military bases. Whether it is the naval dockyards in Mumbai or the air force bases in New Delhi, Bangalore and Hyderabad, they continue to be strictly out of bounds for unauthorised personnel. But technology, unerringly, finds ways to subvert the law. A little over two weeks ago, Google released fresh satellite images of New Delhi, south Mumbai, Bangalore and Hyderabad as part of its new initiative, Google Earth ( http://earth.google.com ). These images, available to anybody with access to the Net, provide users with images of earth from space. Punch New Delhi and the software first zooms in on Rashtrapati Bhavan. After having taken a look at its lawns, take in a detailed perspective of Parliament building. Maybe, fly over the Prime Minister???s residence. And if that doesn???t satiates the voyeur in you, move over to Palam Airport where IAF planes are based. The level of detail even reveals the camouflage used to mask hangars. Pictures of Mumbai reveal with numbing clarity the docks where INS Viraat is berthed. Users can zoom close enough to take a reasonably good look at the deck of India???s lone aircraft carrier. Browse around and you can stroll past piers where warships of all kinds and submarines are docked. Pan across to take a long look at what lies beyond the fortified gates of Navy Nagar where access is normally controlled by gun-wielding guards. And if that isn???t enough, there are shots of a carrier under construction, which sources speculate, could be the top secret advanced technology vessel (ATV). It???s much the same thing with Bangalore. The air force base at Yelahanka with the jets and helicopters parked are available for all to view. And if it???s the HAL factory you???re interested in, zoom right in. -- __ Shekhar Krishnan 9, Supriya, 2nd Floor 709, Parsee Colony Road no.4 Dadar, Mumbai 400014 India http://www.crit.org.in/members/shekhar http://web.mit.edu/~shekhar/www ___ Geowanking mailing list [EMAIL PROTECTED] http://lists.burri.to/mailman/listinfo/geowanking - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: [EMAIL PROTECTED]: Re: Hello directly from Jimbo at Wikipedia]
Oh...-that's- your point: No, Wikipedia needs to realize that the IP address correlation they enjoy outside of Tor is a happy accident, and that they should stop treating IP addressess as user credentials. If they want credentials, they need to implement them. Well, is it reasonable to expect a creature to evolve to an environment that doesn't exist yet? On the other hand, I don't think the number of Tor IP addresses is anywhere near its hockeystick yet, and when it comes it will be changing far too fast for them to block. So they will ultimately have to change their model, methinks. -TD
Re: [EMAIL PROTECTED]: Re: Hello directly from Jimbo at Wikipedia]
Dont' agree here... From: Steve Furlong [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED]: Re: Hello directly from Jimbo at Wikipedia] Date: Wed, 28 Sep 2005 09:41:34 -0400 On 9/28/05, Roy M. Silvernail [EMAIL PROTECTED] wrote: A Wikiwhiner wrote I have valid although perhaps unpopular contributions to make, and not only is my freedom to express myself limited, the quality of the material on Wikipedia suffers due to the absence of my perspective. Wow. Nice ego there. If someone I knew wrote some detailed Wiki entries about Telecom DCC control channel protocol throughputs and attacks, he could objectively state that there would be very few people in the world up to the task. He might also want to maintain anonymity. Shutting down this source of wiki entries means that the general flow of Wikipedia content has been altered slightly, but I would argue significantly. I see no material issue with an individual claiming that the absence of his posts to Wiki is significant, even if this is in fact untrue for his particular case. The ego is not material to the essential point. -TD
RE: [EMAIL PROTECTED]: Re: Wikipedia Tor]
Sorry...I don't understand...why would psuedonymity services be provided within Tor? An external reputation/psuedonymity server would of course reduce a Tor users' anonymity to mere psuedonymity, but I don't see how it would do anything more, and who cares? If Wikipedia (or anyone) doesn't want to interact with the truly anonymous (as opposed to psuedonymous), then ah well. Solution: Wait and do nothing until someone (commericially) provides such services. Am I punchdrunk or stating the obvious? -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: Re: Wikipedia Tor] Date: Tue, 27 Sep 2005 21:57:50 +0200 - Forwarded message from Roger Dingledine [EMAIL PROTECTED] - From: Roger Dingledine [EMAIL PROTECTED] Date: Tue, 27 Sep 2005 15:54:38 -0400 To: [EMAIL PROTECTED] Subject: Re: Wikipedia Tor User-Agent: Mutt/1.5.9i Reply-To: [EMAIL PROTECTED] On Tue, Sep 27, 2005 at 11:18:31AM -0400, Paul Syverson wrote: On Tue, Sep 27, 2005 at 10:27:58AM -0400, Matt Thorne wrote: everyone is so worried about it, but has any one ever been successfully been able to use tor to effectively spam anyone? No. Cf. http://tor.eff.org/faq-abuse.html#WhatAboutSpammers To be fair, this answer is yes. People have used Tor to deface Wikipedia pages, along with Slashdot pages, certain IRC networks, and so on. I think that counts as spam at least in a broad sense. A potential for cooperation is the proposal below for authenticated access to Wikipedia through Tor. I will not speak to any particular design here, but if Wikipedia has a notion of clients trusted to post to Wikipedia, it should be possible to work with them to have an authentication server that controls access to Wikipedia through Tor. As I understand it, Jimmy is hoping that we will develop and maintain this notion. We would run both halves of the Tor network, and when they complain about a user, we would cut that user out of the authenticated side. Jimmy and I talked about Tor-and-Wikipedia many months ago, and the conclusion was that they (mediawiki) would be willing to try a variety of technological solutions to see if they work (i.e. cut down on vandalism and aren't too much of a burden to run). My favorite is to simply have certain address classes where the block expires after 15 minutes or so. Brandon Wiley proposed a similar idea but where the block timeout is exponentially longer for repeated abuse, so services that are frequently blocked will stay blocked longer. This is great. But somebody needs to actually code it. Wikipedia already needs this sort of thing because of AOL IPs -- they have similar characteristics to Tor, in that a single IP produces lots of behavior, some good some bad. The two differences as I understand them are that AOL will cancel user accounts if you complain loudly enough (but there's constant tension here because in plenty of cases AOL decides not to cancel the account, so Wikipedia has to deal some other way like temporarily blocking the IP), and that it's not clear enough to the Wikipedia operators that there *are* good Tor users. (One might argue that it's hard for Wikipedia to change their perception and learn about any good Tor uses, firstly because good users will blend in and nobody will notice, and secondly because they've prevented them all from editing so there are no data points either way.) So I've been content to wait and watch things progress. Perhaps we will find a volunteer who wants to help hack the mediawiki codebase to be more authentication-friendly (or have more powerful blocking config options). Perhaps we'll find a volunteer to help build the blind-signature pseudonymous authenticated identity management infrastructure that Nick refers to. Perhaps the Wikimedia operators will increasingly get a sense that Tor has something to offer besides vandalism. (I presume this thread re-surfaced because Tor users and operators are periodically telling Wikipedia that they don't like being blocked.) Maybe we will come to the point eventually that it makes sense to do something different than blocking the Tor IP addresses from editing Wikipedia. (Which, we should all remember compared the Gentoo forum situation, is a great step above blocking them from both reading and writing.) It could be that we never reach that point. Certain services on the Internet (like some IRC networks) that are really prone to abuse are probably doing the right thing by blocking all Tor users (and all AOL users, and all open proxies, and ...). And we want to keep Tor easy to block, or we're really going to start getting the other communities angry at us. In summary, I'm not too unhappy with the status quo for now. Tor needs way more basic development / usability work still. In the absence of actual volunteers-who-code on the side of Tor _or_ Wikipedia to resolve the problem, I'm going to focus on continuing to make Tor better, so down the road maybe we'll be able to
Re: /. [How Chinese Evade Government's Web Controls]
What the heck are you doing there for three weeks? Buying some golden triangle goods? I hear it's beautiful, however, but it's not like you took a direct international flight there... -TD From: Peter Thoenen [EMAIL PROTECTED] To: Eugen Leitl [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: /. [How Chinese Evade Government's Web Controls] Date: Tue, 27 Sep 2005 11:48:31 -0700 (PDT) Chinese Web Controls and Tor ... a subject I happen to have close personal experience with. Just took a three week vacation to Dali, China and after hitting the Great Firewall of China (tm), hopped over to the eff site, downloaded tor and privoxy, and 10 minutes later was up and running bypassing the supposed Great Firewall. While I was at it, grabbed i2p and punched right through also utilizing the i2p www proxy. As much as folk want to rail against Tor for allowing malicious users to mask their identity, it really does serve a higher purpose. As for the WSJ article, EFF or I2P really needs advertise better. Why pay local Chinese Internet Cafe owners when you can punch right through for free.
Re: [EMAIL PROTECTED]: Wikipedia Tor]
What's the problem here? The Wikipedia guy sees lots of garbage coming out of IP address set {X} so he blocks said address set. Somewhat regrettable but no suprise, is it? On the other hand, doesn't it seem a little -odd- that the Tor network is already being used in this way? Granted, even I the great Tyler Durden was able to get a Tor client up-and-running, but I find it suspicious that this early wave of Tor users also happen to have a high % of vandals...something stinks. A very subtle attack, perhaps? If I were so-and-so, I consider it a real coup to stop the kinds of legitimate Wikipedia entries that might be made from Tor users. And if this is the case, you can bet that there are other obvious targets that have been hammered through Tor. In other words, someone said, Two can play at this game. -TD From: Roy M. Silvernail [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED]: Wikipedia Tor] Date: Tue, 27 Sep 2005 10:02:09 -0400 Quoting Eugen Leitl [EMAIL PROTECTED]: - Forwarded message from Arrakis Tor [EMAIL PROTECTED] - This is a conversation with Jimmy Wales regarding how we can get Wikipedia to let Tor get through. I completely fail to comprehend why Tor server operators consistently refuse to take responsibility for their crazed users. On one hand, this shows a deep misunderstanding of Tor and its purposes. On the other, I remain disappointed in the number of vandals that take advantage of Tor and other anonymizing services. On the gripping hand, perhaps the Wiki philosophy is flawed. -- Roy M. Silvernail is [EMAIL PROTECTED], and you're not It's just this little chromium switch, here. - TFT SpamAssassin-procmail-/dev/null-bliss http://www.rant-central.com
Re: Wired on Secrecy Power Sinks Patent Case
Nah...it wasn't half a million. It was a hell of a lot more, I suspect. Even a standard SC or APC connector cost $50 in those days, and from what I suspect this would be MUCH much more than that, and probably formed just one piece of a larger contract. The odd thing about this case was that the judge ruled in favor of Lucent...the government wasn't even directly involved. Lucent made a ton of profit which this poor bastard didn't get dime one from. That's a lot different then allowing the government to use your IP. -TD From: Steve Schear [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Wired on Secrecy Power Sinks Patent Case Date: Sun, 25 Sep 2005 23:55:48 -0700 At 09:14 AM 9/20/2005, Tyler Durden wrote: Very interesting CPunks reading, for a variety of reasons. http://www.wired.com/news/technology/0,1282,68894,00.html?tw=wn_tophead_1 Of course, the fact that Lucent has been in shit shape financially must have nothing to do with what is effectively a state-sponsored protection of intellectual theft and profiting by Lucent (merely keeping the tech under wraps would have been possible in a closed-doors session. Remember that connectors can easily cost $50 per or more, so these guys were really ripped off and Lucent probably made out quite well.) [Cross posted from another list] Ian G [EMAIL PROTECTED] wrote: What I don't understand about that case is that the precedent already exists. If a defendent declines to defend by supplying documents then the judge does not force them to do so in a civil case, instead the award goes against them. What is not clear is why the judge awarded in the favour of the government. By not supplying files, they clearly indicated they were using the patent. And even that wasn't ever in doubt. He should have just awarded summarily for the patent owners and that would have been that. And, it was only for a measly half million. By saving a half million in patent fees, Lucent and the USG have reduced their reputation for fair dealing, had the whole case blow up in their faces and now we're all poking around looking for how the patent was used by the _Jimmy Carter_
Re: [EMAIL PROTECTED]: [IP] Request: Check your cell phone to see if it's always transmitting your location [priv]]
Actually, depending on your App, this would seem to be th very OPPOSITE of a moot point. -TD From: Gregory Hicks [EMAIL PROTECTED] Reply-To: Gregory Hicks [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED]: [IP] Request: Check your cell phone to see if it's always transmitting your location [priv]] Date: Thu, 22 Sep 2005 10:11:10 -0700 (PDT) From: Tyler Durden [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED]: [IP] Request: Check your cell phone to see if it's always transmitting your location [priv]] Date: Thu, 22 Sep 2005 12:56:33 -0400 Are you sure? No, but the phone now SAYS that location info is OFF except to E911... Whether or not it actually IS turned off is a moot point. How to check? Regards, Gregory Hicks -TD From: R.A. Hettinga [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED]: [IP] Request: Check your cell phone to see if it's always transmitting your location [priv]] Date: Thu, 22 Sep 2005 10:05:31 -0400 At 2:59 PM +0200 9/22/05, Eugen Leitl wrote: For my Treo phone, I found the location option under Phone Preferences in the Options menu of the main phone screen. Bada-bing! Fixed *that*. Cheers, RAH --- I am perfectly capable of learning from my mistakes. I will surely learn a great deal today. A democracy is a sheep and two wolves deciding on what to have for lunch. Freedom is a well armed sheep contesting the results of the decision. - Benjamin Franklin The best we can hope for concerning the people at large is that they be properly armed. --Alexander Hamilton
Re: [EMAIL PROTECTED]: [IP] Request: Check your cell phone to see if it's always transmitting your location [priv]]
Are you sure? -TD From: R.A. Hettinga [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED]: [IP] Request: Check your cell phone to see if it's always transmitting your location [priv]] Date: Thu, 22 Sep 2005 10:05:31 -0400 At 2:59 PM +0200 9/22/05, Eugen Leitl wrote: For my Treo phone, I found the location option under Phone Preferences in the Options menu of the main phone screen. Bada-bing! Fixed *that*. Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Wired on Secrecy Power Sinks Patent Case
Very interesting CPunks reading, for a variety of reasons. http://www.wired.com/news/technology/0,1282,68894,00.html?tw=wn_tophead_1 Of course, the fact that Lucent has been in shit shape financially must have nothing to do with what is effectively a state-sponsored protection of intellectual theft and profiting by Lucent (merely keeping the tech under wraps would have been possible in a closed-doors session. Remember that connectors can easily cost $50 per or more, so these guys were really ripped off and Lucent probably made out quite well.) Aside from this the links are worth pursuing vz Variola Suitcase type discussions. I suspect that a thorough civilian analysis could reveal a lot about NSA's undersea operation. One thing I can see about this connector is that it does not require any visual orientation in order to mate the Bragg-angled fiber interfaces inside...other connectors either mismate if you're not careful, or require rotating the ferrule in order to get the notch to line up. (Low-loss fiber connectors are Bragg-angled in order to prevent reflections.) These might not be viable options at deep depths, indicating that some of their operation must be done extra-vehicular (though by humans or robots I can't yet tell.) Their carrying on about HOW they select traffic is, I suspect, true: They must have some kind of control and switching network in some areas in order to select out some traffic, and I believe I've seen parts of this...the bandwidth is just too large to develop a complete 1:1 copy of everything, when we're talking middle-of-the-ocean-type applications. (And as I've also stated many times, I'd bet NSA has a HUGE risk analysis department to support the decisons about which traffic to grab.) -TD
Re: Wired on Secrecy Power Sinks Patent Case
So if the state hasn't classified my data (and I kinda doubt they will), then it should be up for grabs by anyone suckin' down the dole? -TD From: Justin [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Wired on Secrecy Power Sinks Patent Case Date: Tue, 20 Sep 2005 18:54:23 + On 2005-09-20T12:14:13-0400, Tyler Durden wrote: Very interesting CPunks reading, for a variety of reasons. http://www.wired.com/news/technology/0,1282,68894,00.html?tw=wn_tophead_1 I'm sick of this mosaic theory being used to justify preventing access to unclassified information. -- War is the father of all and king of all, and some he shows as gods, others as men; some he makes slaves, others free. -Heraclitus DK-53
Tor Webhosting?
A few more Tor questions.. Are there yet commercial Tor web hosters? How much would this cost vs hosting one's own node? Since I assume the website actually resides on a single node, there is the slight problem of the node owner knowing, at least, that he had been paid to host X sites, on such-and-such dates...not optimal of course but not everyone in the world is going to want to run a Tor node just to put a site up (like me). Also, there -is- a one-to-one mapping between Tor nodes and Tor-hosted sites, no? It's not like a site is cryptographically split into quasi-redundant pieces, placed on random servers, and then assembled on the fly when there's a request, right? Can Tor support such a thing in the future? (eg, Website file A is split into N partially redudant pieces and sent to N servers...the website can still be retrieved from any M pieces, where N=M.) -TD
RE: The ghost of Tim May
I do suspect he still monitors Cypherpunks, however...many of my efforts to troll him out in the past have been successful, most particularly when I suggested that as a CP team building excersize we lay siege to his compound! (He uses an anonymizer once in a while to post.) -TD From: Trei, Peter [EMAIL PROTECTED] To: Tyler Durden [EMAIL PROTECTED] Subject: RE: The ghost of Tim May Date: Fri, 9 Sep 2005 09:17:47 -0400 Tyler Durden wrote: Ulex Europae wrote... Okay, I've been in a hole in the ground for a few years. What happened to Tim May? May's ghost haunts and trolls lesser boards (and as an upper bound I admit CP ain't super-hot these days), where he is banished for all eternity, and where he is viewed as merely an old, crazy kook. I don't miss his racism and love of mass murder, but I sure miss his brilliant, destabilising ideas. -TD Check misc.survivalism, scruz.general, ba.mountain-folk, and (recently) neworleans.general. I'm also dissapointed by the content of his posts; there is little beyond the racism left. Peter Trei
RE: [EMAIL PROTECTED]: [IP] Radio jamming in New Orleans during rescue operations]
What? A pirate radio station in the Carribean is jamming broadcasts in New Orleans? I find that hard to believe. -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: [IP] Radio jamming in New Orleans during rescue operations] Date: Fri, 9 Sep 2005 17:39:32 +0200 - Forwarded message from David Farber [EMAIL PROTECTED] - From: David Farber [EMAIL PROTECTED] Date: Fri, 9 Sep 2005 08:25:43 -0400 To: Ip Ip ip@v2.listbox.com Subject: [IP] Radio jamming in New Orleans during rescue operations X-Mailer: Apple Mail (2.734) Reply-To: [EMAIL PROTECTED] Begin forwarded message: From: Glenn S. Tenney CISSP CISM [EMAIL PROTECTED] Date: September 8, 2005 3:24:45 PM EDT To: [EMAIL PROTECTED] Subject: Radio jamming in New Orleans during rescue operations I saw this... For IP if you like: http://www.waynemadsenreport.com/ September 2, 2005 -- Who is jamming communications in New Orleans? Ham radio operators are reporting that communications in and around New Orleans are being jammed. In addition, perplexed ham radio operators who were enlisted by the Federal government in 911 are not being used for hurricane Katrina Federal relief efforts. There is some misinformation circulating on the web that the jamming is the result of solar flares. Ham radio operators report that the flares are not the source of the communications jamming. If anyone at the National Security Agency is aware of the source of the jamming, from direction finding or satellite intelligence, please discretely contact me at [EMAIL PROTECTED] (from a private or temporary email account). In this case, the Bush administration cannot hide behind national security and it is the duty of every patriotic American to report such criminal activity to the press. Even though the information on the jamming may be considered classified -- it is in the public interest to disclose it. Also, the Federal Aviation Administration (FAA) is reporting that no aircraft over New Orleans have been fired on over New Orleans or anywhere else in the area. Are the reports of shots being fired at aircraft an attempt by the Bush administration to purposely delay the arrival of relief to the city's homeless and dying poor? The neocons have turned New Orleans into Baghdad on the Mississipppi New Orleans: Who is jamming communications and why? UPDATE: We can now report that the jamming of New Orleans' communications is emanating from a pirate radio station in the Caribbean. The noise is continuous and it is jamming frequencies, including emergency high frequency (HF) radios, in the New Orleans area. The radio frequency jammers were heard last night, stopped for a while, and are active again today. The Pentagon must locate the positions of these transmitters and order the Air Force to bomb them immediately. However, we now have a new unconfirmed report that the culprit may be the Pentagon itself. The emitter is an IF (Intermediate Frequency) jammer that is operating south southwest of New Orleans on board a U.S. Navy ship, according to an anonymous source. The jamming is cross-spectrum and interfering with superheterodyne receiver components, including the emergency radios being used in New Orleans relief efforts. The jammed frequencies are: 72.0MHZ (high end of Channel 4 WWL TV New Orleans) 45.0MHZ(fixed mobile) 10.245MHZ (fixed mobile) 10.240 Mhz (fixed mobile) 11.340 Mhz (aeronautical mobile) 233 MHZ (fixed mobile) 455 IF (jammer) A former DoD source says the U.S. Army uses a portable jammer, known as WORLOCK, in Iraq and this jammer may be similar to the one that is jamming the emergency frequencies. UPDATE Sep. 3 -- A Vancouver, British Columbia Urban Search Rescue Team deployed to New Orleans reported that their satellite phones were not working and they had to obtain other satellite phones to keep in touch with their headquarters and other emergency agencies in British Columbia. There is a report on a ham radio web site that jamming is adversely affecting the New Orleans emergency net on 14.265 Mhz. If a U.S. Navy ship is, in fact, jamming New Orleans communications, the crew must immediately shut down the jammer and take action against the Commanding Officer. *** We have just learned from a journalist in Mobile that yesterday, Sprint blocked all cell phone calls from the Gulf Coast region to points north and west. Calls were permitted between Alabama, Mississippi, and Florida but no calls could be made to Washington, New York, or Los Angeles September 5, 2005 ... Meanwhile, the communications jamming in the New Orleans area continues. It is now being reported by truck drivers on Interstate-10 as affecting the Citizens' Band (CB) frequencies. - You are subscribed as [EMAIL PROTECTED] To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ - End forwarded
RE: [EMAIL PROTECTED]: [IP] Internet phone wiretapping (Psst! The FBI is Having Trouble on the Line, Aug. 15)]
Like I said: We need a WiFi VoIP over Tor app pronto! Let 'em CALEA -that-. Only then will the ghost of Tim May rest in piece. Then again, the FBI probably loves hanging out in Starbucks anyway... -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: [IP] Internet phone wiretapping (Psst! The FBI is Having Trouble on the Line, Aug. 15)] Date: Wed, 7 Sep 2005 15:58:08 +0200 - Forwarded message from David Farber [EMAIL PROTECTED] - From: David Farber [EMAIL PROTECTED] Date: Wed, 7 Sep 2005 09:48:13 -0400 To: Ip Ip ip@v2.listbox.com Subject: [IP] Internet phone wiretapping (Psst! The FBI is Having Trouble on the Line, Aug. 15) X-Mailer: Apple Mail (2.734) Reply-To: [EMAIL PROTECTED] Begin forwarded message: From: Seth David Schoen [EMAIL PROTECTED] Date: September 5, 2005 6:10:02 PM EDT To: David Farber [EMAIL PROTECTED] Cc: Donna Wentworth [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [E-PRV] Internet phone wiretapping (Psst! The FBI is Having Trouble on the Line, Aug. 15) David Farber writes: Can I get a copy for IP The original article is at http://www.time.com/time/archive/preview/0,10987,1090908,00.html (subscription required) Here's the letter we sent: Your account of FBI efforts to embed wiretapping into the design of new Internet communication technologies (Psst! The FBI is Having Trouble on the Line, Notebook, August 15) is in error. You claim that police can't tap into [Internet] conversations or identify the location of callers, even with court orders. That is false. Internet service providers and VoIP companies have consistently responded to such orders and turned over information in their possession. There is no evidence that law enforcement is having any trouble obtaining compliance. But more disturbingly, you omit entirely any reference to the grave threat these FBI initiatives pose to the personal privacy and security of innocent Americans. The technologies currently used to create wiretap-friendly computer networks make the people on those networks more pregnable to attackers who want to steal their data or personal information. And at a time when many of our most fundamental consititutional rights are being stripped away in the name of fighting terrorism, you implicitly endorse opening yet another channel for potential government abuse. The legislative history of the Communications Assistance for Law Enforcement Act (CALEA) shows that Congress recognized the danger of giving law enforcement this kind of surveillance power in the face of increasingly powerful and personally revealing technologies (H.R. Rep. No. 103-827, 1994 U.S.C.C.A.N. 3489, 3493 [1994] [House Report]). The law explicitly exempts so-called information services; law enforcement repeatedly assured civil libertarians that the Internet would be excluded. Yet the FBI and FCC have now betrayed that promise and stepped beyond the law, demanding that Internet software be redesigned to facilitate eavesdropping. In the coming months, we expect the federal courts to rein in these dangerously expansive legal intepretations. -- Seth Schoen Staff Technologist[EMAIL PROTECTED] Electronic Frontier Foundationhttp://www.eff.org/ 454 Shotwell Street, San Francisco, CA 94110 1 415 436 9333 x107 - You are subscribed as [EMAIL PROTECTED] To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Tor VoIP, etc...
SQ wrote... A Houston (TX, USA) public library? Could be next to impossible, as well as excellent cause for revocation of your library card Oh no! Loss of the Houston library card! My passport to knowledge!!! criminal prosecution if caught. Well, the idea would be not to get caught. I'm thinking basically of just adding one of those $40 Tor nubbins at the end of a USB cable and then tucking the nubbin under the carpet with a sign saying, DO NOT TOUCH. If it lasts a month then it might be money well spent, particularly if Al Qaeda successfully nukes DC. Needless to say, I haven't tried. The best you could do from Houston libraries would be a proxy accessed via HTTPS. At one time you could telnet, but that has long since passed. Damn. They blocked Telnet? They might as well just block TCP/IP. Do they do this by blocking the likely ports or by merely de-balling the protocol stack somehow? I assume Tor is smart enough to try various open ports -TD
Re: Tor VoIP, etc...
Shawn Quinn wrote... For the people that only route stuff like HTTP traffic through your Tor node, it will be a benefit. If I'm IRCing and get routed through your node, that's a different story (but it's no different than the bad old days of IIP where people dropped off by the dozens when someone shut down their computer). A Mixmaster remailer where the mail was transacted at public Internet access points would be much more useful. It would actually be funny if someone did this and named the node starbuck. So: How hard would it be to surreptitiously install a Tor node into a computer at a public library? -TD
Re: Perhaps the real reason why Chavez is being targeted?
While the US certainly has been interfering with Chavez and generally trying to mess around in Venezuela for a while, most of what's happening here is just that Chavez is running off at the mouth for domestic political reasons. (Pat Robertson was partly doing that also and partly just babbling.) The leftist Z-mag had an interesting article about Chavez last month. Although most of Z-mag's articles are fairly silly leftwing ranting, you defiintely have a few in-the-trenches-type articles that show up every now and then. The article on Chavez is most interesting and strongly suggests that what Chavez is actually doing is trying to drive up the price Venezuela gets per barrel. Apparently, he's been successful, and most major oil companies (with the notable exception of Exxon) have recently signed very favorable contracts with his government. Also of interest is the proliferation of Chinese and other oil companies edging in next to the big US UK oil firms that have traditionally dominated such deals. The business about shipping oil to Jamaica is interesting; he'd previously been talking about selling cheap gasoline to poor US communities, which was high-grade political bullshit that he had no mechanism for implementing, and quite amusing. Maybe not quite bullshit after all...the major barrier to doing this (ie, shipping low cost oil to some contries and communities) was that the oil was in a form that required processing before it could be used (when I get home I'll try to look up the specifics). Only a few companies could do this and he now has such companies signed (one is Chinese, I think). But fundamentally the US government's problem is that he's a leftist who hangs out with Castro and has oil and likes to do land reform and nationalize oil companies, which is not the kind of thing that right-wing industrialists like. Well, that's always the catch. Mao and (to a much lesser extent) Castro were effective guerilla warriors, but Mao had to die of old age in order for China to start developing itself (Cuba speaks for itself). Chavez seems to be spending a lot of the oil wealth on lots of social services which, though perhaps noble, is not sustainable. If Chavez were bright enough to use this $$$ to kick-start a modern economy his rhetoric would then prove to be much more than hot air. In short, I'm not convinced Chavez is an idiot. From this vantage point I'd argue it's way too early to tell. -TD
RE: [EMAIL PROTECTED]: Re: Tor on USB]
Fascinating little gizmo. Got a question...sorry I'm just too f'in busy to keep up with this side, but... How long will it take the Greater Tor Network to notice the existence of this little node? In other words, if I go into a Starbucks with this thing, can my laptop or whatever start acting like a temporary Tor node? That's a very fascinating concept: A temporary, transient Tor network. Any node on this network could cease to exist by the time someone tried to jam large portions of it. Or at least, their attacks would have to be a hell of a lot more flexible. -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: Re: Tor on USB] Date: Tue, 30 Aug 2005 16:42:27 +0200 - Forwarded message from Paul Syverson [EMAIL PROTECTED] - From: Paul Syverson [EMAIL PROTECTED] Date: Tue, 30 Aug 2005 10:22:22 -0400 To: [EMAIL PROTECTED] Cc: Paul Syverson [EMAIL PROTECTED] Subject: Re: Tor on USB User-Agent: Mutt/1.4.1i Reply-To: [EMAIL PROTECTED] You might also see the following commercial distribution that bundles Tor, a tiny linux, and related software on a USB stick http://www.virtualprivacymachine.com/products.html Looks cool and got favorable reviews, but I haven't used or examined it first hand. This is a pointer, not an endorsement. -Paul On Tue, Aug 30, 2005 at 12:47:32AM -0500, Arrakis Tor wrote: Interesting implementation. You could use it at a public terminal, a friend's computer, or for plausible deniability on your own computer. On 8/29/05, Shatadal [EMAIL PROTECTED] wrote: Arrakis Tor wrote: Can firefox be installed to run standalone whatsoever? Yep. Check out http://johnhaller.com/jh/mozilla/portable_firefox/ and http://portablefirefox.mozdev.org/ - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
RE: [EMAIL PROTECTED]: [Politech] Montana Supreme Court justice warns Orwell's 1984 has arrived [priv]]
Supposedly, the tobacco companies have had commercial marijuana products ready forever (I've even seen photos, but I always suspected they were doctored up stoner's dreams). The idea that the pharmaceutical companies would start actively researching new designer drugs is fascinating and scary...wait, scratch that scary, because it can't be scarier than drug-related crime in the US. The New York Times Magazine had a fascinating story years back on the US's marijuana industry. it's apparently the #2 export crop and US pot technology is in some cases extremely, uh, high. They described growers with strings of apartments in various US states connected with sesnors to the internet. If any of the apartments showed signs of entry, the grower would never return. (Each apartment supposedly had low levels of crops to fly under certain state laws if they were ever caught.) No doubt some of those growers are good customers of RSA products! -TD From: Trei, Peter [EMAIL PROTECTED] To: Tyler Durden [EMAIL PROTECTED], cypherpunks@minder.net, [EMAIL PROTECTED] Subject: RE: [EMAIL PROTECTED]: [Politech] Montana Supreme Court justice warns Orwell's 1984 has arrived [priv]] Date: Tue, 23 Aug 2005 13:39:17 -0400 Tyler Durden writes: Yes, but the old question needs to be asked: How much of this crime would go away if crystal meth were legal? Actually, if we ever managed to kill the culture of prohibition, I suspect that crystal meth would be about as popular is bathtub gin is today. It's terrible stuff. I'd expect the big pharmas to start 'recreational drug' wings, which would bring real research power to the problem of finding highs which are fun, safe, affordable, and with minimal physical addiction. I need a new drug... Peter Trei
Re: [EMAIL PROTECTED]: [Politech] Montana Supreme Court justice warns Orwell's 1984 has arrived [priv]]
Coderman wrote... the state of oregon just passed a law (yet to be put into effect) that requires a prescription from a doctor for all sudafed (pseudo ephedrine) purchases. the problem isn't drug addicts killing themselves with corrosive fluids, as this would be a problem that solves itself in short order, but rather that meth heads are idiotic crime machines. i've had numerous friends and acquaintances affected by this (vehicles stolen or broken into, property damaged and/or stolen, tweakers robbing at knife point, etc, etc) and it's getting ridiculous*. Yes, but the old question needs to be asked: How much of this crime would go away if crystal meth were legal? There's little doubt that the vast majority of drug-related crime stems not from some crazed crime spree but from issues relating to supply and demand. Legalizing drug XYZ no doubt drops the cost. Then again, if we legalized a lot of drugs then what would all those corrections officers do for a living? Become airport security experts no doubt. -TD
RE: [EMAIL PROTECTED]: [Politech] Montana Supreme Court justice warns Orwell's 1984 has arrived [priv]]
Holy Fuck we need some smarter people in this society. OK, you threw away your trash. I see no inherent reason why someone else can't grab it. But INFORMATION about you isn't trash. Then again, you do throw away the photons that exit through your windows, so I guess cops should be able to stare at you through binoculars all the time and haul you in based on the photons you've thrown away. Oh, and to take it further, police should have immediate, un-warranted access to the trashcan on your computer, at all times. Indeed, there should be a registry that constantly monitors what you're throwing away, because it's just (digital) trash, right? As for crystal meth, I know I'm preaching to the choir here, but if I want to pour something from my chemistry set down my throat that shouldn't be anybody's business. The fact that it doesn't accidentally kill me and indeed gives me a buzz shouldn't be the sole provence of the pharmaceutical companies. After that, if you want to make laws about selling the stuff well that's a different matter. -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: [Politech] Montana Supreme Court justice warns Orwell's 1984 has arrived [priv]] Date: Fri, 19 Aug 2005 21:55:41 +0200 - Forwarded message from Declan McCullagh [EMAIL PROTECTED] - From: Declan McCullagh [EMAIL PROTECTED] Date: Fri, 05 Aug 2005 12:20:34 -0700 To: [EMAIL PROTECTED] Subject: [Politech] Montana Supreme Court justice warns Orwell's 1984 has arrived [priv] User-Agent: Mozilla Thunderbird 1.0.2 (Macintosh/20050317) http://news.com.com/2061-10796_3-5820618.html Montana Supreme Court justice warns Orwell's 1984 has arrived August 5, 2005 12:13 PM PDT Believe it or not, it's perfectly legal for police to rummage through your garbage for incriminating stuff on you -- even if they don't have a warrant or court approval. The Supreme Court of Montana ruled last month that police could conduct a warrantless trash dive into the trash cans in the alley behind the home of a man named Darrell Pelvit. The cops discovered pseudoephedrine boxes -- a solvent with uses including the manufacture of methamphetamine -- and Pelvit eventually ended up in prison. Pelvit's attorney argued that his client had a reasonable expectation of privacy in his trash, but the court rejected the argument and said the trash was, well, meant to be thrown away. What's remarkable is the concurring opinion of Montana Supreme Court Justice James C. Nelson, who reluctantly went along with his colleagues but warned that George Orwell's 1984 had arrived. We reproduce his concurring opinion in full: -Declan -- Justice James C. Nelson concurs. I have signed our Opinion because we have correctly applied existing legal theory and constitutional jurisprudence to resolve this case on its facts. I feel the pain of conflict, however. I fear that, eventually, we are all going to become collateral damage in the war on drugs, or terrorism, or whatever war is in vogue at the moment. I retain an abiding concern that our Declaration of Rights not be killed by friendly fire. And, in this day and age, the courts are the last, if not only, bulwark to prevent that from happening. In truth, though, we area throw-away society. My garbage can contains the remains of what I eat and drink. It may contain discarded credit card receipts along with yesterday's newspaper and junk mail. It might hold some personal letters, bills, receipts, vouchers, medical records, photographs and stuff that is imprinted with the multitude of assigned numbers that allow me access to the global economy and vice versa. My garbage can contains my DNA. As our Opinion states, what we voluntarily throw away, what we discard--i.e., what we abandon--is fair game for roving animals, scavengers, busybodies, crooks and for those seeking evidence of criminal enterprise. Yet, as I expect with most people, when I take the day's trash (neatly packaged in opaque plastic bags) to the garbage can each night, I give little consideration to what I am throwing away and less thought, still, to what might become of my refuse. I don't necessarily envision that someone or something is going to paw through it looking for a morsel of food, a discarded treasure, a stealable part of my identity or a piece of evidence. But, I've seen that happen enough times to understand--though not graciously accept--that there is nothing sacred in whatever privacy interest I think I have retained in my trash once it leaves my control--the Fourth Amendment and Article II, Sections 10 and 11, notwithstanding. Like it or not, I live in a society that accepts virtual strip searches at airports; surveillance cameras; discount cards that record my buying habits; bar codes; cookies and spywear on my computer; on-line access to satellite technology that can image my back yard; and microchip radio frequency identification devices already implanted
Re: Gubmint Tests Passport RFID...
Actually, isn't that technically Spanish harlem? Nope. Look for me: 6'1, 220 lbs and looking EXACTLY like someone would look after 7 years of GoJu training...I'm the guy even the locals won't fuck with. I know many of those locals, and 7 years of GoJu aint gonna do shit for a 1200fps projectile. Apparently you don't. You don't fuck with others they won't fuck with you, because someone you don't know could always be packin. Actually, that corner would make a pretty nice kill zone as it's next to a big park with lots of bushes and few witnesses. Think about it, motherfucker. -Tyler Durden Remember, L-IIIa is your friend. :-) And SG IIIb yours. -TD -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF I like the idea of belief in drug-prohibition as a religion in that it is a strongly held belief based on grossly insufficient evidence and bolstered by faith born of intuitions flowing from the very beliefs they are intended to support. don zweig, M.D.
Re: Gubmint Tests Passport RFID...
Sorry. Got you mixed up with the other dude. You seem willing to back up any slams with facts quotes, so all respect is given. A good fight strengthens us, a sniper smells of MwGs. Sorry again. -TD From: J.A. Terranson [EMAIL PROTECTED] To: Tyler Durden [EMAIL PROTECTED] CC: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Gubmint Tests Passport RFID... Date: Thu, 18 Aug 2005 23:51:10 -0500 (CDT) On Wed, 17 Aug 2005, Tyler Durden wrote: Gee whiz I'm scared. Look, since you're angling for some stats, come on over to New York. I'll meet you on the corner of 135th Street and St Nicholas Avenue (we call that neighborhood Harlem). Actually, isn't that technically Spanish harlem? Look for me: 6'1, 220 lbs and looking EXACTLY like someone would look after 7 years of GoJu training...I'm the guy even the locals won't fuck with. I know many of those locals, and 7 years of GoJu aint gonna do shit for a 1200fps projectile. -Tyler Durden Remember, L-IIIa is your friend. :-) -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF I like the idea of belief in drug-prohibition as a religion in that it is a strongly held belief based on grossly insufficient evidence and bolstered by faith born of intuitions flowing from the very beliefs they are intended to support. don zweig, M.D.
Re: no visas for Chinese cryptologists
Hey...this looks interesting. I'd like to see the email chain before this. While living in China I learned that whatever Jong Nan Hai most vociferously denies will almost certainly be true, so even Chinese Government propaganda is very interesting. -TD From: Dave Howe [EMAIL PROTECTED] To: Email List: Cypherpunks [EMAIL PROTECTED] Subject: Re: no visas for Chinese cryptologists Date: Thu, 18 Aug 2005 17:33:01 +0100 Hasan Diwan wrote: if the US wants to maintain its fantasy, it will need a Ministry of Truth to do so. Cheers, Hasan Diwan [EMAIL PROTECTED] And the airing of government-issued news bulletins without attributation (or indeed, anything from Fox News) doesn't convince you there already is one?
Re: Gubmint Tests Passport RFID...
Gee whiz I'm scared. Look, since you're angling for some stats, come on over to New York. I'll meet you on the corner of 135th Street and St Nicholas Avenue (we call that neighborhood Harlem). Look for me: 6'1, 220 lbs and looking EXACTLY like someone would look after 7 years of GoJu training...I'm the guy even the locals won't fuck with. -Tyler Durden From: Steve Thompson [EMAIL PROTECTED] To: Tyler Durden [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Re: Gubmint Tests Passport RFID... Date: Sat, 13 Aug 2005 15:20:54 -0400 (EDT) --- Tyler Durden [EMAIL PROTECTED] wrote: Whaddya know. Thompson said something that didn't make me want to beat him to death... Too bad for you that I cannot say the same about what you write. I have a different threat model. I've reached more or less the same conclusion. Or at least, incompetence may not be deliberate per se, but the byproduct of a system that needs to appear to care but is otherwise silently incented not to. Checking bags in the NYC transit system is the ultimate example of this: Completely, absolutely pointless in the face of a determined foe. (Meanwhile, of course, there's all sorts of state shennanegins that are possible through such an arrangement.) No fucking shit. Thanks for pointing this out to me. The obvious question is how much 9/11/01 is an example of this. For me, the conspiracy theories just don't quite add up (close though) but a moderately sharpened Occam's razor leads one to believe that some 'deliberate' holes were left open, which bin Laden, et al exploited. (I actually still believe that Bush didn't expect that level of damage, however.) I don't know Bush, personally, and so I feel that it would be improper to suggest that his unspoken cost-benefit analysis resulted in a particular set of actions. As for the integrity of the money supply, I must succumb to temptation and question whether the Stalinst model of a demand economy (servicing an endless war on terror) hasn't been looked at by folks such as Wolfowitz, Cheney and so on. Suckkumb all you want. Regards, Steve __ Find your next car at http://autos.yahoo.ca
Gubmint Tests Passport RFID...
http://www.wired.com/news/privacy/0,1848,68451,00.html?tw=wn_tophead_2 And since one's passport essentially boils down to a chip, why not implant it under the skin? As for the encryption issue, can someone explain to me why it even matters? It would seem to me that any on-demand access to one's chip-stored info is only as secure as the encryption codes, which would have to be stored and which will eventually become public, no matter how much the government says, Trust us...the access codes are secure. Seems to me, the only way to secure the RFID encrypted info would be if the owner (uh, I mean the citizen unit) releases said info via a personal encryption code, known only to the user and not by ex-welfare Gate goons. But I seriously doubt that that is what the government is thinking about. (ie, they want to be able to read your RFID wihtout you having to perform any additional actions to release the information.) The only way I see it making a difference is perhaps in the physical layer...encryption + shielding is probably a lot more secure than encryption without shielding, given an ID phisher wandering around an airport with a special purpose briefcase. -TD
Re: Gubmint Tests Passport RFID...
Whaddya know. Thompson said something that didn't make me want to beat him to death... I have a different threat model. I suggest that incompetence is _often_ deliberate and, at least to those who orchestrate such things, is designed to leave or provide cracks in arbitrary systesm that will be expoited. This may be defensible in cases where someone wants to encourage child molesters to expose their operations to sophisticated intelligence and surveillance activities, but is harder to defend when such policies affect the integrity of the money supply, or the transportation infrastructure, or I've reached more or less the same conclusion. Or at least, incompetence may not be deliberate per se, but the byproduct of a system that needs to appear to care but is otherwise silently incented not to. Checking bags in the NYC transit system is the ultimate example of this: Completely, absolutely pointless in the face of a determined foe. (Meanwhile, of course, there's all sorts of state shennanegins that are possible through such an arrangement.) The obvious question is how much 9/11/01 is an example of this. For me, the conspiracy theories just don't quite add up (close though) but a moderately sharpened Occam's razor leads one to believe that some 'deliberate' holes were left open, which bin Laden, et al exploited. (I actually still believe that Bush didn't expect that level of damage, however.) As for the integrity of the money supply, I must succumb to temptation and question whether the Stalinst model of a demand economy (servicing an endless war on terror) hasn't been looked at by folks such as Wolfowitz, Cheney and so on. -TD
RE: [fc-announce] CFP FC'06: Financial Cryptography and Data Security
Your telling me there's someone in Telcordia these days that does something interesting in the cryptograhy field? Or is that his personal hobby... -TD From: R.A. Hettinga [EMAIL PROTECTED] To: cryptography@metzdowd.com, [EMAIL PROTECTED] Subject: [fc-announce] CFP FC'06: Financial Cryptography and Data Security Date: Tue, 2 Aug 2005 21:23:28 -0400 --- begin forwarded text To: [EMAIL PROTECTED] From: Avi Rubin [EMAIL PROTECTED] Subject: [fc-announce] CFP FC'06: Financial Cryptography and Data Security Sender: [EMAIL PROTECTED] Date: Tue, 2 Aug 2005 13:58:29 -0400 x-flowed Call for Papers FC'06: Financial Cryptography and Data Security http://fc06.ifca.ai/ Tenth International Conference February 27 to March 2, 2006 Anguilla, British West Indies Submissions Due Date: October 17, 2005 Program Chairs: Giovanni Di Crescenzo (Telcordia) Avi Rubin (Johns Hopkins University) General Chair: Patrick McDaniel (Penn State University) Local Arrangements Chair: Rafael Hirschfeld (Unipay Technologies) At its 10th year edition, Financial Cryptography and Data Security (FC'06) is a well established and major international forum for research, advanced development, education, exploration, and debate regarding security in the context of finance and commerce. We will continue last year's augmentation of the conference title and expansion of our scope to cover all aspects of securing transactions and systems. These aspects include a range of technical areas such as: cryptography, payment systems, secure transaction architectures, software systems and tools, user and operator interfaces, fraud prevention, secure IT infrastructure, and analysis methodologies. Our focus will also encompass financial, legal, business and policy aspects. Material both on theoretical (fundamental) aspects of securing systems, on secure applications and real-world deployments will be considered. The conference goal is to bring together top cryptographers, data-security specialists, and scientists with economists, bankers, implementers, and policy makers. Intimate and colorful by tradition, the FC'06 program will feature invited talks, academic presentations, technical demonstrations, and panel discussions. In addition, we will celebrate this 10th year edition with a number of initiatives, such as: especially focused session, technical and historical state-of-the-art panels, and one session of surveys. This conference is organized annually by the International Financial Cryptography Association (IFCA). Original papers, surveys and presentations on all aspects of financial and commerce security are invited. Submissions must have a visible bearing on financial and commerce security issues, but can be interdisciplinary in nature and need not be exclusively concerned with cryptography or security. Possible topics for submission to the various sessions include, but are not limited to: Anonymity and Privacy Microfinance and AuctionsMicropayments Audit and Auditability Monitoring, Management and Authentication and Operations Identification, including Reputation Systems Biometrics RFID-Based and Contactless Certification and Payment Systems Authorization Risk Assessment and Commercial CryptographicManagement ApplicationsSecure Banking and Financial Commercial Transactions and Web Services Contracts Securing Emerging Digital Cash and PaymentComputational Paradigms Systems Security and Risk Digital Incentive and Perceptions and Judgments Loyalty Systems Security Economics Digital Rights Management Smart Cards and Secure Financial Regulation andTokens Reporting Trust Management Fraud Detection Trustability and Game Theoretic Approaches toTrustworthiness SecurityUnderground-Market Economics Identity Theft, Physhing andUsability and Acceptance of Social Engineering Security Systems Infrastructure Design User and Operator Interfaces Legal and Regulatory Issues Voting system security Submission Instructions Submission Categories FC'06 is inviting submissions in four categories: (1) research papers, (2) systems and applications presentations, (3) panel sessions, (4) surveys. For all accepted submissions, at least one author must attend the conference and present the work. Research Papers Research papers should describe novel scientific contributions to the field, and they will be subject to rigorous peer review. Papers can be a maximum of 15
RE: Prosecutors: CIA agents left trail
Reverse Rendition? Here's where Liberals can take a stand...let's round up some of these fuckers and stuff 'em in a shipping container on a Chinese barge to Italy. I've done a quick google search and I've only found a couple of the names. Is the complete list available? -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Prosecutors: CIA agents left trail Date: Wed, 3 Aug 2005 15:22:04 +0200 http://www.cnn.com/2005/WORLD/europe/07/28/cia.phonetrail.ap/index.html Prosecutors: CIA agents left trail Cellphone calls blew their cover Thursday, July 28, 2005; Posted: 8:05 p.m. EDT (00:05 GMT) ROME, Italy (AP) -- It wasn't their lavish spending in luxury hotels, their use of credit cards or even frequent-flier miles that drew attention. Instead it was a trail of casual cellphone use that tripped up the 19 purported CIA operatives wanted by Italian authorities in the alleged kidnapping of a radical Muslim cleric. Italian prosecutors who have obtained arrest warrants for the 19 -- none of whom are believed to be in Italy -- presented evidence that the suspects used at least 40 Italian cell phones, some in their own names. Experts say that either they were bumbling spies, or they acted with impunity because Italian officials had been informed of their plan -- a claim the government of Premier Silvio Berlusconi has publicly denied on several occasions. (Full story) If these were really CIA agents they've made a disaster, said Andrea Nativi, research director for the Rome-based Military Center for Strategic Studies. They strained relations between Italy and the U.S. and between the CIA and Italian intelligence agencies. Italian judges issued a first batch of warrants last month for 13 Americans accused of abducting Osama Moustafa Hassan Nasr, known as Abu Omar, on a Milan street on February 17, 2003. Another court this week issued another six warrants for a group the prosecution claims planned the abduction. (Full story) Vulnerable cellphones The Egyptian cleric was flown from Aviano, a joint U.S.-Italian air base north of Venice, to Ramstein Air Base in Germany and then to Egypt, where he was reportedly tortured. The operation purportedly was part of the CIA's extraordinary rendition program, in which terror suspects are transferred to third countries without court approval. In his request for the latest warrants, prosecutor Armando Spataro wrote that an analysis of mobile phone traffic showed that most of them were present on the route that Abu Omar habitually took from his home to a Milan mosque, including in the days before the kidnapping. A track of their cell phones also showed them on those streets nearly 100 times during the month before Abu Omar's disappearance, the prosecutor said. He concluded that the six were part of a single group of Americans who came to Milan to carry out the operation. Why they would use their cell phones so openly has baffled experts, particularly since prosecutors are certain that not all the names of the 19 suspects are aliases. One has been identified by prosecutors as the former CIA station chief in Milan, Robert Seldon Lady, who owns a retirement home in wine country in Asti, near Turin. Though police didn't find Lady there when they raided the house, they did discover a list of hotels where U.S. government employees received discounts, including hotels where prosecutors contend the suspects stayed. Another person on the list has the same name as a man who now works at the U.S. Embassy in Tanzania. Unless the power or the wireless antenna is turned off, a mobile phone remains in constant contact with the nearest cell towers even when it's not being used for a call. Information processed by the cells can be used to precisely locate or track the movements of a phone user. Nativi, the military expert, called the use of regular cell phone accounts a huge weakness in the operation. It would have been more difficult to track anonymous prepaid cards, satellite phones or radios, he said. The wireless system used in Italy and most of the rest of Europe relies on a stamp-sized smart card that is inserted in the back of every handset. This removable SIM card stores an individual's phone number and other account data. A unique numerical identifier is assigned to every phone and every SIM, said Bruno Errico, director of consulting for Openwave Global Services, a company that provides tracking applications and other software to wireless companies worldwide. Wireless companies are obliged by law to keep records of the unique data that each phone exchanges with the cell network as well as the numbers to which calls are placed, he said. Since a phone is served by several cells at any given time, investigators can easily triangulate the location of a device, Errico said. In an urban area, where the network of cells is dense and overlapping, such tracking can have a margin of error of just a few yards.
Re: [Clips] Finger points to British intelligence as al-Qaeda websites are wiped out
Actually, I did know that 300Mb/sec isn't super-huge for Denial of Service attacks at least, but this is an obscure Tor node. Someone attacking it at this stage in the game has a real agenda (perhaps they want to see if certain websites get disrupted? Does Tor work that way for short-ish periods of time?) At 4Gb/s into the router, I'd guess that router is hooked up to 2 GbEs mapped over a pair of OC-48s (Sounds a lot like the architecture Cisco has sold certain GbE-centered Datapipe providers.) Your attacker might actually be interested in pre-stressing the infrastructure in front of that router. Just a guess, but I'm stupid after all. -TD From: Eugen Leitl [EMAIL PROTECTED] To: Dan McDonald [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [Clips] Finger points to British intelligence as al-Qaeda websites are wiped out Date: Tue, 2 Aug 2005 10:15:49 +0200 On Mon, Aug 01, 2005 at 05:12:38PM -0400, Dan McDonald wrote: I'm surprised that the target node has that much INBOUND bandwidth, quite frankly. The node itself has only a Fast Ethernet port, but there's some 4 GBit available outside of the router. I'm genuinely glad the node has been taken offline as soon as the traffic started coming in in buckets, and I didn't have to foot the entire bill (the whole incident only cost me 20-30 GByte overall as far as I can tell). -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
RE: [Clips] Finger points to British intelligence as al-Qaeda websites are wiped out
Gee, that's great. A global organization that has taken the task of worldwide censorship into its sweaty little hands. Did the google cache'd versions of these sites dissappear too? Tor networks, anyone? -TD From: R.A. Hettinga [EMAIL PROTECTED] To: cryptography@metzdowd.com, [EMAIL PROTECTED] Subject: [Clips] Finger points to British intelligence as al-Qaeda websites are wiped out Date: Sat, 30 Jul 2005 23:02:53 -0400 --- begin forwarded text Delivered-To: [EMAIL PROTECTED] Date: Sat, 30 Jul 2005 23:01:38 -0400 To: Philodox Clips List [EMAIL PROTECTED] From: R.A. Hettinga [EMAIL PROTECTED] Subject: [Clips] Finger points to British intelligence as al-Qaeda websites are wiped out Reply-To: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] http://www.timesonline.co.uk/printFriendly/0,,1-523-1715166-523,00.html The Times of London July 31, 2005 Finger points to British intelligence as al-Qaeda websites are wiped out Over the past fortnight Israeli intelligence agents have noticed something distinctly odd happening on the internet. One by one, Al-Qaeda's affiliated websites have vanished until only a handful remain, write Uzi Mahnaimi and Alex Pell. Someone has cut the line of communication between the spiritual leaders of international terrorism and their supporters. Since 9/11 the websites have been the main links to disseminate propaganda and information. The Israelis detect the hand of British intelligence, determined to torpedo the websites after the London attacks of July 7. The web has become the new battleground of terrorism, permitting a freedom of communication denied to such organisations as the IRA a couple of decades ago. One global jihad site terminated recently was an inflammatory Pakistani site, www.mojihedun.com, in which a section entitled How to Strike a European City gave full technical instructions. Tens of similar sites, some offering detailed information on how to build and use biological weapons, have also been shut down. However, Islamic sites believed to be moderate, remain. One belongs to the London-based Syrian cleric Abu Basir al-Tartusi, whose www.abubaseer.bizland.com remained operative after he condemned the London bombings. However, the scales remain weighted in favour of global jihad, the first virtual terror organisation. For all the vaunted spying advances such as tracking mobile phones and isolating key phrases in telephone conversations, experts believe current technologies actually play into the hands of those who would harm us. Modern technology puts most of the advantages in the hands of the terrorists. That is the bottom line, says Professor Michael Clarke, of King's College London, who is director of the International Policy Institute. Government-sponsored monitoring systems, such as Echelon, can track vast amounts of data but have so far proved of minimal benefit in preventing, or even warning, of attacks. And such systems are vulnerable to manipulation: low-ranking volunteers in terrorist organisations can create background chatter that ties up resources and maintains a threshold of anxiety. There are many tricks of the trade that give terrorists secure digital communication and leave no trace on the host computer. Ironically, the most readily available sources of accurate online information on bomb-making are the websites of the radical American militia. I have not seen any Al-Qaeda manuals that look like genuine terrorist training, claims Clarke. However, the sobering message of many security experts is that the terrorists are unlikely ever to lose a war waged with technology. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' ___ Clips mailing list [EMAIL PROTECTED] http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA When the hares made speeches in the assembly and demanded that all should have equality, the lions replied, Where are your claws and teeth? -- attributed to Antisthenes in Aristotle, 'Politics', 3.7.2
Re: [Clips] Finger points to British intelligence as al-Qaeda websites are wiped out
What?!! 300MB/s for a Tor node? OK, I'm a telecom guy and not a data guy but that sounds suspiciously like someone loaded up an OC-3's worth of traffic and then slammed your node. Ain't no hacker gonna do that. Any indication the ostensible originating IP addresses are faked? -TD From: Eugen Leitl [EMAIL PROTECTED] To: Tyler Durden [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [Clips] Finger points to British intelligence as al-Qaeda websites are wiped out Date: Mon, 1 Aug 2005 17:15:17 +0200 On Mon, Aug 01, 2005 at 10:54:26AM -0400, Tyler Durden wrote: Tor networks, anyone? Caveat when running Tor on a production machine, I got DDoS'd recently with some ~300 MBit/s. (Yes, my exit policy didn't contain IRC). -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Well, they got what they want...
That's an old pattern to character assassins: I've attacked you publically but I really don't want to have defend what I've said or reply to suggestions about my own motivation. Great. Fuck you too. Hope the new Stazi grab you while you bitch and complain and do nothing. -TD From: Steve Thompson [EMAIL PROTECTED] To: Tyler Durden [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Well, they got what they want... Date: Sat, 30 Jul 2005 16:32:57 -0400 (EDT) --- Tyler Durden [EMAIL PROTECTED] wrote: Well, apparently you haven't been getting any of my posts to the Al-Qaeda node, otherwise the context would be clear. I'm not even going to bother with you anymore. Your motivation is quite clear enough, and any further bad-faith back-and-forth on your part would be superfluous to the task of proving that you won't be serious when you reply to my messages. Regards, Steve __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: Well, they got what they want...
Well, apparently you haven't been getting any of my posts to the Al-Qaeda node, otherwise the context would be clear. As for... Local authorities, however, can take these differences as meaningful and act upon them. Yes they can. But should they? From their perspective? Of course. Increased civilian fear=increased job security. That's the whole name of this game here, and probably a big (though arguably unconscious) motivation for the Iraq war. Peace is bad business for the military industrial complex. Clue: JBT = Jack-booted thug. Within the cypherpunks list membership, this is usually an identifier referring to people working for the so-called law-enforcement arm of a government -- particulaly one of the federal-level agencies whose personnel believe themselves to be entitled to dictate terms of existence to mere mortals. Huh? I've been on the list since 2001 and this may be the first I've seen this acronym. meanwhile, I'm the guy who initiated the Stash Burn thread amongst a myriad of enabling ideas, whereas the only stuff I've seen come through with your name on it is second hand, Hettinga-esque reporting (though Hettinga's has auto-edited himself to the point of being fairly interesting of late). So I can only wonder as to your motivation here, Mr JBT. I think you would better serve yourself if you were employed doing something productive as opposed to being occupied doing something that merely seems productive. This is where I suspect that you're on the Rock. A thought is not coherent merely because you can express it in grammatically correct sentences. -TD
RE: [Clips] Russia's Biggest Spammer Brutally Murdered in Apartment
Any indication he was bludgeoned with a can of spam? -TD From: R.A. Hettinga [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Clips] Russia's Biggest Spammer Brutally Murdered in Apartment Date: Mon, 25 Jul 2005 23:09:11 -0400 --- begin forwarded text Delivered-To: [EMAIL PROTECTED] Date: Mon, 25 Jul 2005 23:08:30 -0400 To: Philodox Clips List [EMAIL PROTECTED] From: R.A. Hettinga [EMAIL PROTECTED] Subject: [Clips] Russia's Biggest Spammer Brutally Murdered in Apartment Reply-To: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] http://mosnews.com/news/2005/07/25/spammerdead.shtml - NEWS - MOSNEWS.COM Russia's Biggest Spammer Brutally Murdered in Apartment Created: 25.07.2005 13:14 MSK (GMT +3), Updated: 14:24 MSK, 16 hours 33 minutes ago MosNews Vardan Kushnir, notorious for sending spam to each and every citizen of Russia who appeared to have an e-mail, was found dead in his Moscow apartment on Sunday, Interfax reported Monday. He died after suffering repeated blows to the head. Kushnir, 35, headed the English learning centers the Center for American English, the New York English Centre and the Centre for Spoken English, all known to have aggressive Internet advertising policies in which millions of e-mails were sent every day. In the past angry Internet users have targeted the American English centre by publishing the Center's telephone numbers anywhere on the Web to provoke telephone calls. The Center's telephone was advertised as a contact number for cheap sex services, or bargain real estate sales. Another attack involved hundreds of people making phone calls to the American English Center and sending it numerous e-mails back, but Vardan Kushnir remained sure of his right to spam, saying it was what e-mails were for. Under Russian law, spamming is not considered illegal, although lawmakers are working on legal projects that could protect Russian Internet users like they do in Europe and the U.S. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' ___ Clips mailing list [EMAIL PROTECTED] http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: Well, they got what they want...
This premise, however, depends somewhat on the observation that the so-called left and right-wing divisions of the political spectrum are largely illusory. The most strident critics of diametric political opposites in the press and elsewhere would disagree, but their very occupations are rather dependent upon the perception that the evident differences in ideology are more than superficial. But as far as I'm concerned, there is no meaningful difference in most cases. Yeah...the reason you know to say that is because I just made that point. Local authorities, however, can take these differences as meaningful and act upon them. Is this paranoid? Yes, but in the wrong way. Which makes you either an idiot or a JBT troll. Possibly both. What the fuck are you talking about? I don't have a clue. Uh-huh. Y'know the police planted a stupid story in the local media here (toronto) not too long ago. They said that some wack-job had been deterred from going on a psychotic rampage with his evil guns because he met a friendly dog in a park, and that the dog made him re-assess his homocidal/suicidal ideation. I imgaine the people who thought that one up should cut down on their intake of hallucinogens and laughing gas. Well, maybe up in Canada. Such a story would be seen as very meaningful here in most of the States, proof that we're responding correctly. In other words, as stupid as Canadians can be, Americans are often far stupider. And more belligerent, too, which is why we're in this mess. -TD
Re: Well, they got what they want...
John Kelsey wrote... I think the reality is a bit different. The random searches won't keep someone who's planning an attack from trying to carry it out, but it may delay their attack, if they made plans based on the old security setup, not the new one. It may also convince them to shift the attack to a new target. --John Well, I think even this is rather optimistic. This morning I took the LIRR into Penn Station, where random searches were being performed (I didn't actually see one). The silly damn thing is that the searches are done -there-, in Penn Station, rather than at the outlying stations. Is that a b-o-m-b, sir? Sure is...KABOOM. And down comes Madison Square Garden and a major transportation hub. And for this silly shit we sacrificed our civil rights?
Re: Well, they got what they want...
From: Steve Thompson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Well, they got what they want... Date: Sat, 23 Jul 2005 16:01:30 -0400 (EDT) --- Tyler Durden [EMAIL PROTECTED] wrote: ...I'm sure most are aware that random searches has begun here in NYC, at subway stations and in the LIRR. Contraband (drugs, etc...) can get the owner arrested. The next step, of course, will be to start grabbing anyone carrying terrorist propaganda, such as the Qu'ran, leaflets, or even the New York Times. You fucking 'tard; nobody is going to be arrested for carrying a copy of the NYT. Well, if you're saying what I think you're saying, I'm still not so sure. Lies of the Times indeed...the Times Liberal compared to NYPost, etc...is like Kodos compared to Kang. BUT, -local- authorities just might declare it Liberal Propaganda. Or worse, ANY litereature (left, right) will be suspect. Is this paranoid? A year or two I would have thought so. But things have gotten so out of wack that anything goes. Cellphones, of course, are the latest scary devices, and here in NYC the towers for them are down in key infrastructural places. I could easily see that being expanded into the Wall Street/downtown area, where we already have multiple barricades and machine gun armed cops. Saw a local security expert on the news, and he stated the obvious: Random searches and whatnot are going to do zero for someone determined, but might deter someone who was thinking about blowing up the A train. In other words, everyone here in NYC knows that we've given up a lot for the sake of the appearence of security, but no one seems to give a damn.
Well, they got what they want...
..I'm sure most are aware that random searches has begun here in NYC, at subway stations and in the LIRR. Contraband (drugs, etc...) can get the owner arrested. The next step, of course, will be to start grabbing anyone carrying terrorist propaganda, such as the Qu'ran, leaflets, or even the New York Times. The sad thing is that it is still absurdly easy to get whatever you want into the subways. For one, not every station has any kind of significant police presence (funny, but the Chambers street station this morning had multiple possible places where someone could enter with a backpack, despite the fact that it opens directly inside Ground Zero and the path Trains to New Jersey). But even if there were police everywhere, there are still many places between stations where someone determined could enter. OK, OK...so the police are deterrents against a few lone crazy copycats, who don't have enough sense to enter away from police line-of-site. But it sure seems damned silly to be giving up constitutional protection for the sake of an image of protection.
RE: Paintball Terrorist Sentenced
Quit inciting me to bake US troops into pies. I didn't want to do it, but you made such a convincing argument that I just had to. it's all your fault: You FORCED me to bake Corp Anderson and Lieutenant Sanders into pies. (Well, I actually didn't bake them in pies but baked some GI Joe action figures into pies, but that's the same thing after all: It's the thought that counts.) -TD From: Eric Cordian [EMAIL PROTECTED] To: cypherpunks@minder.net Subject: Paintball Terrorist Sentenced Date: Wed, 13 Jul 2005 09:16:55 -0700 (PDT) I'd just like to say that the American troops who carried out Bush's illegal war in Iraq, which killled 100,000 Iraqi civilians, are war criminals, and I'd like to encourage all of AmeriKKKa's victims to capture them and bake them in pies, after forcing them to bark like dogs and poop themselves. Now, is that worth life in prison? Only in a police state. In a real democracy whose citizens are free, it's protected political speech. Too bad AmeriKKKa isn't one of those. Fuck Bush. This, by the way, in case you can't read through the inflammatory bullshit in the wireservice story, was the case of some individuals who were deemed to have engaged in a conspiracy to wage war against the US, because in addition to being Islamic, and denouncing Bush's war, they played paintball. http://www.newsday.com/news/nationworld/nation/wire/sns-ap-terror-paintball-sentence,0,4274092.story - ALEXANDRIA, Va. -- A prominent U.S.-based Islamic scholar who exhorted his followers after the Sept. 11 attacks to join the Taliban and fight U.S. troops was sentenced Wednesday to life in prison. Ali al-Timimi of Fairfax was convicted in April of soliciting others to levy war against the United States, inducing others to aid the Taliban, and inducing others to use firearms in violation of federal law. The cleric addressed the court for 10 minutes before his sentencing. I will not admit guilt nor seek the court's mercy. I do this simply because I am innocent, al-Timimi said. The cleric addressed the court for 10 minutes before his sentencing. I will not admit guilt nor seek the court's mercy. I do this simply because I am innocent, al-Timimi said. Prosecutors said the defendant, a native U.S. citizen who has an international following in some Muslim circles, wielded enormous influence among a group of young Muslim men in northern Virginia who played paintball games in 2000 and 2001. Authorities said they were a Virginia jihad network training for holy war around the globe. ... -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division Do What Thou Wilt Shall Be The Whole Of The Law
Reverse Palladium?
How secure can I make a Java sandbox from the rest of the network I'm on? Can I make it so that my network administrator can't see what I'm typing? In other words, a secure environment that's sitting on an insecure machine. And of course, there's a short term 'solution' (which will work until they catch on) and then a long-term solution (which they can't very easily stop even when they know such a thing exists). Oh, and it helps to remember that a network admin AIN'T an engineer: If Microsoft or someone hasn't built an app for it, then they can't do anything about it. -TD
RE: Interesting article
That is interesting. One wonders if in certain circles of Russia people are much more careful with their data and encrypting it. Who knows? A country like that might evolve some fairly rigorous privacy procedures. Here in the US it's, Our data is safe because people will go to jail if they hack it and sell it. -TD From: Gabriel Rocha [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Interesting article Date: Fri, 8 Jul 2005 12:22:27 -0400 Don't know how many of you saw this... http://www.globetechnology.com/servlet/story/RTGAM.20050705.gtrussia05/BNStory/Technology/ In the stolen-data trade, Moscow is the Wild East By GRAEME SMITH Tuesday, July 5, 2005 Updated at 8:40 AM EDT From Tuesday's Globe and Mail MOSCOW b The most expensive wares in Moscow's software markets, the items that some Russians are calling a threat to their personal safety, aren't on public display. It takes less than 15 minutes to find them, however, at the teeming Gorbushka market, a jumble of kiosks selling DVDs, CD-ROMs and an array of gadgetry in an old factory west of downtown. One question -- Where can we buy databases of private information? -- and the young man selling rip-off copies of Hollywood movies leaps to his feet. He leads the customers to another vendor, who wears a bull's head on his belt buckle. This second man listens to the request, opens his cellphone, and punches a speed-dial number. Moments later, a third vendor appears. He is jovial and blunt about his trade. Advertisements What do you need? he says. We have everything. In Moscow these days, among people who deal in stolen information, the category of everything is surprisingly broad. This Gorbushka vendor offers a hard drive with cash transfer records from Russia's central bank for $1,500 (Canadian). The information was reportedly stolen by hackers earlier this year and purchased by companies looking for details about their competitors. Such information, the vendor admits, is fairly specialized. A more popular item is tax records, including home addresses and declared incomes. The vendor asks $215. Russians routinely lie about their earnings to avoid taxes; nonetheless, an increasing number of criminals are relying on pirated tax information to help them choose wealthy targets. When gunmen broke into the gated home of Mikhail Pogosyan, head of Russian aerospace giant Sukhoi, in a brazen robbery last week, the businessman immediately blamed the proliferation of his personal details on the black market. Before, robberies of such people happened very seldom, just by chance, says a Sukhoi spokesman, Alexei Poveschenko. Criminals preferred not to deal with VIPs, but now it's different. On every corner you can buy a database with all kinds of information: income, telephones, cars, residence registration. The trade shows no signs of slowing. It's part of a broader problem for Russia as the country lobbies for membership in the World Trade Organization by next year, because the international body wants Russia to crack down on its pirated movies, music and software. Local authorities have swept through markets such as Gorbushka and seized thousands of bootleg discs, but within hours the black markets resume business. At the Gorbushka kiosk, sales are so brisk that the vendor excuses himself to help other customers while the foreigner considers his options: $43 for a mobile phone company's list of subscribers? Or $100 for a database of vehicles registered in the Moscow region? The vehicle database proves irresistible. It appears to contain names, birthdays, passport numbers, addresses, telephone numbers, descriptions of vehicles, and vehicle identification (VIN) numbers for every driver in Moscow. A check of The Globe and Mail's information shows that at least one part of the database is accurate. It's impossible to confirm the millions of other entries, although a few famous names stand out. An entry under the name Mikhail Khodorkovsky, with the same patronymic middle name and birthday as the oil tycoon, suggests that Russia's formerly richest man enjoyed zooming around on a grey 1999 Yamaha TW 125 motorcycle, or a 2000 light-blue BMW F650, before he was thrown in jail. Under the name Yuri Luzhkov, with details that seem identical to those of Moscow's powerful mayor, the list of vehicles includes a black 1997 Harley Davidson motorcycle and a green Gaz 69, a military jeep built in the 1960s. The Gorbushka vendor seems pleased with his sale, but puzzled. As his customers walk away, he says: So tell me: Are you an American spy? He gets a question in reply: What? You'd sell your homeland so cheaply? The vendor laughs, and returns to his work.
Posion Pill for ED?
Hey...can some clever Cypherpunk think of a nice poison pill for ED? Theoretically, something like that is possible, but my only ideas aren't so hot. For instance, and elderly couple could sow some form of radioactive substance into their grounds, in quantities that would take longer than their life expectancy to kill them. Of course, a cleanup might be possible, but that would theoretically wack out the cost structures. There might be other less drastic measures that can be taken, however, such as finding a way to boost up the property costs so that the developers lose interest or perhaps even creating a very hard-to-find landlord that is collecting vast sums (on paper) for the rent of the property. These are crummy ideas, so relax. But I suspect something is possible. -TD
Re: Private Homes may be taken for public good
Well, James Dobson (right wing Christian evangelical) is targeting some of these same judges, so I don't think the Democrat Republican division you're pointing to here is all that valid. In other words, some of those same judges are hated by the right. -TD From: James A. Donald [EMAIL PROTECTED] To: [EMAIL PROTECTED], Bill Stewart [EMAIL PROTECTED] Subject: Re: Private Homes may be taken for public good Date: Tue, 28 Jun 2005 13:09:31 -0700 -- Bush's favorite judges are radical activists when it comes to interference with most civil rights For the most part, it was conservative judges, judes hated by the democrats with insane extravagance, that voted for against this decision. Bush's favorite judge is probably Thomas, who voted against this decision. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG OATUYUUD6X16QdQnFd2ZgGItmw0TrkkNoR5SYYAZ 4HZTgkPgkgTwPSGrDGUeYo6QjGZU5psCanKPMN479
Live Free or Die
Ya' knew that had to happen! Funny but, reading it, it seems like it would be fairly easy to convince the Town board of 5 people that this is a good idea, and from an economic standpoint it just might be!. In much of New Hampshire any revenue at all from something like this is going to benefit the local township: The barrier to entry is very low. Funny to think that Souter has Live Free or Die on his license plates. -TD From: baudmax [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Private Homes may be taken for public good Date: Tue, 28 Jun 2005 21:23:19 -0400 The proposed taking through eminent domain, of S.C. Justice David Souter's home, for the more profitable use as a 'Lost Liberty Hotel' and 'Just Deserts Cafe'... http://www.freestarmedia.com/hotellostliberty2.html --- Secrecy is the cornerstone of all tyranny. Not force, but secrecy... censorship. When any government, or any church, for that matter, undertakes to say to its subjects, This you may not read, this you must not see, this you are forbidden to know, the end result is tyranny and oppression, no matter how holy the motives. Mightily little force is needed to control a man who has been hoodwinked; Contrariwise, no amount of force can control a free man, a man whose mind is free. No, not the rack, not fission bombs, not anything. You cannot conquer a free man; The most you can do is kill him. -Robert A. Heinlein, Revolt in 2100 --- Smash The State! mailing list home http://groups.yahoo.com/group/smashthestate ---
Re: Private Homes may be taken for public good
What the hell are all of you smoking? This court has *talked* about restricting inappropriate use of the commerce clause, but when it comes to *doing*, they're 100% behind 100% Federal expansion *through* the Commerce clause. Doesn't anyboy actually LOOK at whats going on anymore, or are we all fixated on what these slimballs *say*? Well, ya' gotta a point there. Actually, I WISH I were smoking something. But saying is at some point important. At least, prior to this a number of individual landholders might have been able to work together (ie, amass legal funds) to prevent the bulldozement of their properties by The Donald or whoever else's mouth has been watering recently. Now it just comes down to who can buy more guns: the poor or rich guys their hired hands (ie, local government). Also, it will probably end up being a kind of turning point. Now, knowing what the SC has decided, there are lots of plans going to drawing boards that have nice big fat red X's over low-income dwellings...Don't worry about the new Brooklyn stadium, we'll just set off the ED roach bomb and clear 'em all out of there. -TD
Private Homes may be taken for public good
Holy crap. Some shitty little township can now bulldoze your house because someone wants to convert the space into a Waffle House. http://www.msnbc.msn.com/id/8331097/ Where's Tim May when you need him? Where's the RAGE? How do you take out a bulldozer? (Remember, bulldozer operators can easily be replaced.) -TD
Re: Private Homes may be taken for public good
Yeah, but this steps crosses a line, I think. Before, your home could be taken for a public project. Now, the supreme court has ruled that your home can be taken for a public project that consists entirely of private development, in the name of the public good, which is supposed to equal higher tax revenues. What this equates to is, whoever had more money than you can take away your home. Previously, it was just the occasional men-with-guns that could do this, but now they effectively have proxies everywhere. -TD From: A.Melon [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Private Homes may be taken for public good Date: Thu, 23 Jun 2005 10:36:27 -0700 (PDT) How do you take out a bulldozer? (Remember, bulldozer operators can easily be replaced.) thermite through the engine block, frag bomb in the engine compartment, torch any remaining hoses, slice the tires, puncture the brake lines. you don't need someone to tell you this. takings clause abuse has been going on for a long time.
RE: [jrandom@i2p.net: [i2p] weekly status notes [jun 21]]
Any idea how much it would cost? How much time is involved? (My constraint is the latter and not so much the former.) -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: [i2p] weekly status notes [jun 21]] Date: Tue, 21 Jun 2005 23:28:21 +0200 Speaking of which, are *you* running a Tor node? You should. - Forwarded message from jrandom [EMAIL PROTECTED] - From: jrandom [EMAIL PROTECTED] Date: Tue, 21 Jun 2005 09:22:28 -0700 To: [EMAIL PROTECTED] Subject: [i2p] weekly status notes [jun 21] -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi y'all, time to start back up our weekly status notes * Index 1) Dev[eloper] status 2) Dev[elopment] status 3) Unit test bounty 4) Service outage 5) ??? * 1) Dev[eloper] status After 4 cities in 4 countries, I'm finally getting settled and churning through code again. Last week I got the last of the pieces to a laptop together, I'm no longer couch hopping, and while I don't have net access at home, there are plenty of net cafes around, so access is reliable (just infrequent and expensive). That last point means that I won't be hanging out on irc as much as before, at least until the fall (I've got a sublet through August or so and will be looking for a place where I can get 24/7 net access). That doesn't, however, mean that I won't be doing as much - I'll just be working largely on my own test network, pushing out builds for live net testing (and, er, oh yeah, releases). It does mean though that we may want to move some discussions that used to go on free form in #i2p onto the list [1] and/or the forum [2] (I do still read the #i2p backlog though). I haven't found a reasonable place where I can go to for our development meetings yet, so I won't be there this week, but perhaps by next week I'll have found one. Anyway, enough about me. [1] http://dev.i2p.net/pipermail/i2p/ [2] http://forum.i2p.net/ * 2) Dev[elopment] status While I've been moving, there have been two main fronts that I've been working on - documentation and the SSU transport (the later only since I got the laptop). The docs are still in progress, with a big ol' scary overview one as well as a series of smaller implementation docs (covering things like source layout, component interaction, etc). SSU progress is going well - the new ACK bitfields are in place, the communication is dealing with (simulated) loss effectively, rates are appropriate for the various conditions, and I've cleared some of the uglier bugs I had run into previously. I am continuing to test these changes though, and once its appropriate we'll plot out a series of live net tests for which we'll need some volunteers to help out with. More news on that front when its available. * 3) Unit test bounty I'm glad to announce that Comwiz has come forward with a series of patches to claim the first phase of the unit test bounty [3]! We are still working through some minor details of the patches, but I've received the updates and generated both the junit and clover reports as necessary. I expect we'll have the patches in CVS shortly, at which point we'll put out Comwiz's testing docs. As clover is a commercial product (free for OSS developers [4]), only those who have installed clover and received their clover license will be able to generate the clover reports. In any case, we'll be publishing the clover reports on the web periodically, so those who don't have clover installed can still see how well our test suite is doing. [3] http://www.i2p.net/bounties_unittest [4] http://www.cenqua.com/clover/ * 4) Service outage As many have probably noticed, (at least) one of the outproxies is offline (squid.i2p), as is www.i2p, dev.i2p, cvs.i2p, and my blog. These are not unrelated events - the machine hosting them is hosed. I'm working on getting it back up though, at which point those five services will be back in operation. Just an FYI. * 5) ??? As there isn't a dev meeting on irc this week, if anyone else has anything to bring up, please feel free to post up to the list or the forum. I've been following the discussions on the list, the forum, and in #i2p while I've been away, and have been glad to be able to sit back and let other people answer most of the questions. I do appreciate the patience people have had with the slow down in releases as well, and realize that in some projects that would be cause for alarm. I2P is not, however, one of those projects - I've been working on it fulltime for more than two years now and will not stop until the needs that have been driving it are met. I am not wed to particular technologies for technologies sake, but merely follow what seems to be the best path from here to where we need to be, and as far as I can tell, we are still following the best path available. This summer, fall, and winter look to be a very exciting time in the anonymity field. =jr -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux)
RE: [dave@farber.net: [IP] Cell Phones Now Playing Role of Wallet]
Sounds great. Citigroup couldn't be bothered to encrypt millions of their customer's detailed data prior to shipping them out via UPS, so I'm SURE they won't screw this up. -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: [IP] Cell Phones Now Playing Role of Wallet] Date: Sat, 18 Jun 2005 23:26:21 +0200 - Forwarded message from David Farber [EMAIL PROTECTED] - From: David Farber [EMAIL PROTECTED] Date: Sat, 18 Jun 2005 03:42:30 -0400 To: Ip ip ip@v2.listbox.com Subject: [IP] Cell Phones Now Playing Role of Wallet X-Mailer: Apple Mail (2.730) Reply-To: [EMAIL PROTECTED] Begin forwarded message: From: Monty Solomon [EMAIL PROTECTED] Date: June 18, 2005 12:11:34 AM EDT To: undisclosed-recipient:; Subject: Cell Phones Now Playing Role of Wallet Cell Phones Now Playing Role of Wallet - Jun 17, 2005 11:10 PM (AP Online) By BRUCE MEYERSON AP Business Writer NEW YORK (AP) -- Already a device of multiple disguises, from camera to music player and mini-TV, the cell phone's next trick may be the disappearing wallet. After all, since more than a quarter of the people on the planet already carry around cell phones, and hundreds of millions are joining them every year, why should they bring along credit and debit cards when a mobile device can make payments just as well? At the simplest level, all that's needed is to embed phones with a short-range radio chip to beam credit card information to a terminal at a store register. It's not unlike the wireless system used to pay tolls on many highways or the SpeedPass keychain wand used to buy gas at Exxon Mobile Corp. pumps. This is already a reality in Japan, where NTT DoCoMo Inc. says 3 million cell phone subscribers use its Mobile Wallet service to buy things at 20,000 stores and vending machines. Similar services may be on the way in the United States and Europe. MasterCard International Inc. has been testing phone-based versions of its PayPass contactless payment technology since 2003, and may conduct a significant market trial next year. But there also are more ambitious visions brewing that contemplate the cell phone as a new focal point for managing your personal finances. The phone would supplant not only credit and debit cards, but wallets, checkbooks, Web sites, computer programs like Quicken, and online bill payment services such as PayPal or CheckFree. While the mightiest players in Western banking have yet to embrace that notion, and some are dubious of the appeal, the concept has drawn interest in other regions and may get a tryout here soon. ... - http://finance.lycos.com/home/news/story.asp?story=49940191 - You are subscribed as [EMAIL PROTECTED] To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: /. [Intel Adds DRM to New Chips]
Eugen Leitl wrote... Online activation of software is already quite widespread, so it seems customers are willing to accept restriction to ownership and use. Well, that's an interesting phenomenon. In industrialized nations where the price of software is fairly low compared to the wages, people seem somewhat willing to pay. At least, we don't see ticket sales for big movies going down at all. So it could be that people will eventually voluntarily release control, as long as the consequences (ie, prices) aren't too high. On the other hand, the whole P2P phenomenon is not happening simply because people don't want to pay. Stupid industry execs will probably continue churning out the same stupid shit they always did and P2Pers will find some way around their protection if needs be.
RE: /. [Intel Adds DRM to New Chips]
Eugen Leitl wrote... from the get-you-where-you-live dept. Badluck writes Microsoft and the entertainment industry's holy grail of controlling copyright through the motherboard has moved a step closer with Intel Corp. now embedding [1]digital rights management within in its latest dual-core processor Pentium D and accompanying 945 chipset. Officially launched worldwide on the May 26, the new offerings come [2]DRM -enabled and will, at least in theory, allow copyright holders to prevent unauthorized copying and distribution of copyrighted materials from the motherboard rather than through the operating system as is currently the case... [3]The Inquirer has the story as well. (Continued) Contrary to expectations, however, sales of the chip have been suprisingly low, with zero interest shown by major PC manufacturers. One major PC industry executive, who wished to remain anonymous sated: There are 100s of millions of people trading files every day throughout the globe. I'm going to start using this chip and give up that market because...? OK, Gov officials will eventually start trying to introduce laws mandating such technologies be used, but by then it's going to come down to a battle of lobbies: The Entertainment industry vs Telecom+PCs++Software. Which can pump dollars into Senatorial hands faster? -TD
e-gold exchange
OK...what;s the best exchange service for transferring dollars (perhaps via paypal or credit cards) into egold? -TD
RE: /. [CIA's Info Ops Team Hosts 3-Day Cyber Wargame]
Other versions of the press release are fairly amusing, and can be paraphrased as follows: Imagining a world where most nations are allied against the United States, the CIA is currently... -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: /. [CIA's Info Ops Team Hosts 3-Day Cyber Wargame] Date: Thu, 26 May 2005 13:18:28 +0200 Link: http://slashdot.org/article.pl?sid=05/05/26/044209 Posted by: samzenpus, on 2005-05-26 06:03:00 from the do-you-want-to-play-a-game dept. ScentCone writes The CIA has booked some conference rooms and is [1]working through a simulated 'digital Pearl Harbor' to see how government and industry handle a monster net attack from an imaginary future foe composed of anti-American and anti-globalization hackers. Having been accused of lacking imagination about potential terror attacks, they're using the exercise to better shape the government's roles in a variety of attack scenarios. The networking industry, it seems, is expected to always play a big part in detecting and thwarting such threats, as 9/11-scale economic disruption is a likely bad-guy objective. References 1. http://apnews.myway.com/article/20050525/D8AAFUIO2.html - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Anonymous Site Registration
OK, what's the best way to put up a website anonymously? Let's assume that it has nothing to do with national security...the Feds aren't interested. BUT, let's assume that the existence and/or content of the website would probably direct a decent amount of law-suits. Presumably there's no way to hide the ISP from the world, but one should hopefully be able to hide oneself and make legal action basically useless. Egold + fake address for registering agency seems a little problematic. And there's the question of updating the site... -TD
RE: [Dissidents Seeking Anonymous Web Solutions?]
Variola wrote... Three minutes. This is it - ground zero. Would you like to say a few words to mark the occasion? Narrator: ...i... ann... iinn... ff... nnyin... Narrator: [Voice over] With a gun barrel between your teeth, you speak only in vowels. [Tyler removes the gun from the Narrator's mouth] Narrator: I can't think of anything. Narrator: [Voice over] For a second I totally forgot about Tyler's whole controlled demolition thing and I wonder how clean that gun is. What the hell is this? How'd you get this transcript? Are you working for the Feds?!!! Well, I'm ready...Gitmo me if you can, but I'm taking somma you fuckers with me!!!
Re: Lions and tigers and iraqi minutemen
Wow! 16 Saudis! A veritable tidal wave. -TD From: James A. Donald [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: Re: Lions and tigers and iraqi minutemen Date: Wed, 25 May 2005 09:03:17 -0700 -- James A. Donald: While it doubtless would have been better to behead the Saudi monarchy rather than the Iraqi dictatorship, nonetheless American troops seem to be finding an ample supply of Saudis in Iraq. Major Variola (ret) In what imaginary universe? In the universe where Saudi arabia is concerned about the number of Saudis held in Iraq. http://www.gulf-news.com/Articles/Region2.asp?ArticleID=127086 --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG lHwkZ3mj6O+XGR8qR2CrktYKElaLqBN+o8xE7dZJ 4sW5xvskkwfx3HMCFhjQD3j0EuXuLI9X9TOx2bUH7
RE: Len Adleman (of R,S, and A): Universities need a little Limbaugh
Now that was an enjoyable and even marginally relevant piece of RAHspam. From: R.A. Hettinga [EMAIL PROTECTED] To: cryptography@metzdowd.com, [EMAIL PROTECTED] Subject: Len Adleman (of R,S, and A): Universities need a little Limbaugh Date: Tue, 17 May 2005 14:39:56 -0400 A little humor this morning... He's right, but it's still funny. Expect Dr. Adleman to be asked to turn in his Liberal Secret Decoder Ring forthwith... Cheers, RAH --- http://www.dailynews.com/cda/article/print/0,1674,200%257E20951%257E2872499,00.html Los Angeles Daily News Universities need a little Limbaugh By Leonard M. Adleman Saturday, May 14, 2005 - Pomp and circumstance. Black-robed students receiving diplomas as proud parents look on. Distinguished members of society receiving honorary degrees and offering sage advice to ''America's future.'' It is commencement time again at the nation's universities. This year I nominated Rush Limbaugh for an honorary doctorate at the University of Southern California, where I am a professor. Why Limbaugh _ a man with whom I disagree at least as much as I agree? Here are some of the reasons I gave in my letter of nomination: ''Rush Limbaugh has engendered epochal changes in politics and the media. He has accomplished this in the noblest of ways, through speech and the power of his ideas. Mr. Limbaugh began his career as a radio talk-show host in Sacramento in 1984. He espoused ideas that were conservative and in clear opposition to the dominant ideas of the time. Perhaps because of the persuasiveness of Mr. Limbaugh's ideas or because they resonated with the unspoken beliefs of a number of Americans, his audience grew. Today, he has the largest audience of any talk show host (said to be in excess of 20 million people per week) and his ideas reverberate throughout our society. ''Mr. Limbaugh is a three-time recipient of the National Association of Broadcasters' Marconi Radio Award for Syndicated Radio Personality of the Year. In 1993, he was inducted into the National Association of Broadcasters' Broadcasting Hall of Fame. ''In 1994, an American electorate, transformed by ideas that Mr. Limbaugh championed, gave control of Congress to the Republicans for the first time in 40 years. That year, Republican congressmen held a ceremony for Mr. Limbaugh and declared him an 'honorary member of Congress.' The recent re-election of President Bush suggests that this transformation continues. One of Mr. Limbaugh's major themes through the years has been liberal bias in the 'mainstream' media. His focus on this theme has made him the target of incessant condemnation. Nonetheless, he has persevered and it now appears that his view is prevailing. As the recent debacle at CBS shows, the media is in the process of major change. Ideally, the American people will profit from a reconstituted media that will act more perfectly as a marketplace for ideas.'' But there is a bigger reason why I support giving him an honorary degree: Because I value intellectual diversity. Regrettably, the university declined to offer Limbaugh a degree. As best I can determine, no university has honored him in this way. On the other hand, such presumably liberal media luminaries as Dan Rather, Chris Matthews, Judy Woodruff, Bill Moyers, Terry Gross, Paul Krugman and Peter Arnett have received many honorary degrees from the nation's universities. Now before you label me as a right-wing ideologue, let me present my credentials as a centrist. Limbaugh has well-known positions on the following issues: abortion, capital punishment, affirmative action, prayer in school, gun control, the Iraq war. I disagree with him on half of these. But intellectual diversity has all but vanished from America's campuses. We are failing in our duty to provide our students with a broad spectrum of ideas from which to choose. Honoring Limbaugh, or someone like him, would help to make the academy more intellectually diverse. The great liberal ideas that swept through our universities when I was a student at Berkeley in the 1960s have long ago been digested and largely embraced in academia. Liberalism has triumphed. But a troubling legacy of that triumph is a nation whose professorate is almost entirely liberal. In the 29 years I have been a professor, I do not recall encountering a single colleague who expressed conservative ideas. The left-wing accusations of Ward Churchill (Honorary Doctor of Humane Letters, Alfred University, 1992) are not the problem _ the problem is the scarcity of professors who are inclined to rebut them. It is time for the nation's universities to address this disturbing situation. So I hereby extend my nomination of Limbaugh to all universities. It would be a refreshing demonstration of renewed commitment to intellectual diversity if next spring we hear Dr. Limbaugh's words as our graduates ''go forth.'' Professor Leonard M. Adleman is the Henry Salvatori Professor of Computer Science at the University of Southern
RE: Terrorist-controlled cessna nearly attacks washington
Relax, dude. It was a joke. The point was that in the US there's hardly anyone (TLAs included) that would not have snickered at the original joke, given the brood that was holed up in Union Station. -TD From: Anonymous [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: RE: Terrorist-controlled cessna nearly attacks washington Date: 12 May 2005 20:13:14 - You wrote: new terrorist target: Union Station You used a remailer for THAT?!! So what if he did? There's no requirement that people say insignificant stuff under their real name or real alias.
RE: Terrorist-controlled cessna nearly attacks washington
new terrorist target: Union Station You used a remailer for THAT?!! -TD
Re: [rationalchatter] Interesting Trial - IRS trial - July 11th (fwd)
Yeah...it's pretty fuckin' pointless. Tantamount to proving a guy pointing a gun at you is actually pointing a gun at you, TO the guy pointing the gun at you. -TD From: Gil Hamilton [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [rationalchatter] Interesting Trial - IRS trial - July 11th (fwd) Date: Tue, 10 May 2005 12:40:17 + -- Forwarded message -- Date: Mon, 9 May 2005 17:45:35 -0700 (PDT) From: marc guttman [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: [rationalchatter] Interesting Trial - IRS trial - July 11th This is an interesting trial. Men with guns. Tessa and Larken Rose may be sent to jail. Watch 3 min. - video - http://www.861.info/tessa.html Trial starts July 11th. There is a petition to encourage that it be videotaped. While anyone can empathize with their desire not to pay taxes and many of us can even disagree with the moral justification for taxes, these people are idiots. Their entire case boils down to quibbles over arguably poorly worded regulations. And even if you take their argument at face value, if you go read the sections of the Code of Federal Regulations they cite, they're just plain wrong: they're willfully misreading the plain language of the regulations. (Okay, plain language is probably not the right phrase to apply to any part of the CFR, but...) They're definitely going down; probably to jail, but at the least they'll be subject to massive fines, property seizures, etc. Nothing to see here, folks; move along. GH _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Re: [Politech] Passport RFID tracking: a between-the-lines read [priv] (fwd from declan@well.com)
I dunno...I don't see a ton of Leitl stuff on the al-qaeda node. That which does come through seems fairly relevant. I'm thinking Choate and RAH are tsk-ing his failed attempt at pure stream-of-consciousness posting. -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [Politech] Passport RFID tracking: a between-the-lines read [priv] (fwd from declan@well.com) Date: Tue, 10 May 2005 00:01:33 +0200 On Mon, May 09, 2005 at 12:13:18PM -0700, cypherpunk wrote: And of course there is Eugen* Leitl, who mindlessly forwards far and wide everything that enters his mailbox. I don't know whether we Consider me bitten by Choate. It's totally incurable. should be annoyed or relieved that he fails to exercise the slightest editorial effort by adding his own thoughts, if he has any, to the material he passes around. I don't need the list. Goddamn heise has more cypherpunk content than the list. Tim May's tired trolls have more cypherpunk content than the list. I'm trying to keep it going by keeping a steady trickle of relevant info but I'm honestly wondering if it's worth the effort. If you think I'm going to add editing effort, thus cutting some 10 minutes out of my already busy day you're out of your fucking mind. If you want high quality content, post it yourself. -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
RE: [rationalchatter] Interesting Trial - IRS trial - July 11th (fwd)
Man, that chic's a little dizzy. Good sweater meat, though. -TD From: J.A. Terranson [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: [rationalchatter] Interesting Trial - IRS trial - July 11th (fwd) Date: Mon, 9 May 2005 19:46:34 -0500 (CDT) -- Forwarded message -- Date: Mon, 9 May 2005 17:45:35 -0700 (PDT) From: marc guttman [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: [rationalchatter] Interesting Trial - IRS trial - July 11th This is an interesting trial. Men with guns. Tessa and Larken Rose may be sent to jail. Watch 3 min. - video - http://www.861.info/tessa.html Trial starts July 11th. There is a petition to encourage that it be videotaped. - Yahoo! Mail Stay connected, organized, and protected. Take the tour
Re: Pi: Less Random Than We Thought
Yes, but only provided the universe lasts long enough for those digits to be computed! -TD From: John Kelsey [EMAIL PROTECTED] To: Sarad AV [EMAIL PROTECTED], [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Re: Pi: Less Random Than We Thought Date: Fri, 6 May 2005 09:42:09 -0400 (GMT-04:00) From: Sarad AV [EMAIL PROTECTED] Sent: May 5, 2005 8:43 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Pi: Less Random Than We Thought Well, if it were generated by a random process, we'd expect to see every n-bit substring in there somewhere, sooner or later, since the sequence never ends or repeats. Thus, the wonderful joke/idea about selling advertising space in the binary expansion of pi. Not only will your message last forever, but it will be seen by any advanced civilization that develops math and computers, even ones in other galaxies. --John
Re: Pi: Less Random Than We Thought
Cypherpunk: While I respect your forthrightness you are unfortunately wrong. Read the chapters on Randon Mumber generation from Numerical Recipes in C and you get just a small glimpse of how sticky the issue is, particularly when it comes to computers (which are innately non-random, by the way). As a very simple example, imagine that after 10 billion digits we found that the average value was actually 5.1. This would make it, in your book, not random at all, but I suspect that for almost many uses it would be random enough. And then, imagine that the cumulative average of the digits of pi oscillated around 5 (to one part in a zillion) with a period of 100 Billion...is this random enough for you? Let us remember, of course, that the digits of pi are not random whatsoever: they are the digits of pi! Random is in the eye of the beholder. I was hoping Cordian would grumpily reply...he's a number theorist or something. -TD From: Sarad AV [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Re: Pi: Less Random Than We Thought Date: Thu, 5 May 2005 05:43:35 -0700 (PDT) hi, If you remember D.E Knuth's book on Semi-Numerical Algorithms he shows some annoying subsequences of pi in it which are far from random. Sarad. --- cypherpunk [EMAIL PROTECTED] wrote: This doesn't really make sense. Either the digits are random or they are not. You can't be a little bit random. Well, you can be, but the point is that you either pass the test or you don't. If pi's digits fail a test of randomness in a statistically significant way, that is big news. If they pass it, then there is no meaningful way to compare them with another RNG that also passes. It's just a statistical quirk due to random variation as to which will do better than another on any given test. The bottom line is still that either an RNG passes the tests acceptably or it does not. From what they say (or don't say), pi does pass. It doesn't make sense to say that other RNGs do better. CP Yahoo! Mail Stay connected, organized, and protected. Take the tour: http://tour.mail.yahoo.com/mailtour.html
RE: [Politech] Customs-proofing your laptop: Staying safe at border searches [priv] (fwd from declan@well.com)
I checked out those links...hilarious! Check this out (remember, this gal is running for Senator of Alabama!): On the way to the hotel my cab driver, having heard the conversation with the Border Guard, expressed an interest in learning more about my work. So I filled him in as much as I could in the few minutes we had left. When we arrived at the hotel I had expected to meet my ride who had the cab fare, pay the cabbie and embark on my weekend adventure. She hadn't even brought cab fare, and was expecting another pot head to show up with it!!! However, my ride got a little lost and hadnt made it to our designated meeting point yet. I called the cell number I was given but got voicemail. I didnt have my credit card on me so I couldnt pay the cabbie. He decides that he will wait with me for a little bit and we continue our conversation about pot and drug policy. She went to a foriegn country without cab fare or a credit card! And now the guy with the money (another pot-smoker) is late, and she's suprised!!! I'm starting to wonder if this is a hoax. It IS funny, though. -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Politech] Customs-proofing your laptop: Staying safe at border searches [priv] (fwd from declan@well.com) Date: Wed, 4 May 2005 10:58:22 +0200 - Forwarded message from Declan McCullagh declan@well.com - From: Declan McCullagh declan@well.com Date: Tue, 03 May 2005 22:42:03 -0700 To: politech@politechbot.com Subject: [Politech] Customs-proofing your laptop: Staying safe at border searches [priv] User-Agent: Mozilla Thunderbird 1.0 (Macintosh/20041206) Detecting whether the Feds or any government adversary has placed spyware on your computer when examining it at a border checkpoint is not entirely trivial. It is, however, important for your privacy and peace of mind -- especially because computer and PDA searches will likely become more popular in time. Here are some basic suggestions: http://www.politechbot.com/2005/04/21/update-on-alabama/ A more advanced one would be to perform a checksum of all the files on the hard drive before-and-after through something like this: % for i in `find / -print`; do md5 $i /tmp/new; done ; diff /tmp/new /tmp/old The problem is that even your diff utility could be modified so you'd need to use a known-good copy from archival media. Can anyone recommend a checksum'ing utility for Windows and OS X? It would be nicer than a command-line interface. Note, by the way, that Rep. Bono's anti-spyware bill exempts police: http://thomas.loc.gov/cgi-bin/bdquery/z?d109:h.r.00029: -Declan --- Declan, In response to the Alabama activist who was hassled at the border returning from Canada, here is some insight. However, I ask that you PLEASE WITHHOLD MY NAME; I know some people who do computer forensics for FBI and I would not want them to know it was me writing this Thanks. Feel free to use any of the below in the blog or in the listserv. + + + + + + + + + + + + + + + + + + + + + + + + Loretta's experience w/ US Customs is chilling. The fifteen minutes her notebook computer was out of view and in government custody is plenty of time for an agent to image the drive. Imaging, as you know, is the end-to-end bit-level copying of the drive. When properly done, imaging bypasses all OS controls, such as file permissions in Linux, BSD, and OS/X, and user ownership in Windows. A drive image affords an analyst plenty of time to examine the drive contents without the owner's awareness. The image can be mounted onto a device where other programs can reconstruct or reinterpret file systems structures of NTFS, ext, FAT, and so on. An analyst mounting an image as root or Administrator can see anything. Do not assume a BIOS password will protect you. The drive can be physically removed from a laptop in under a minute. If the file data is encrypted, a forensic analyst will need to use a password cracker to decode the data. This will slow them down, and in all but the most pressing cases, will prompt them to move on. However, a careless individual may leave their PGP (or similar) key on their drive in a text file or in slack or deleted space, giving the agent something to work with. Though encryption is a pain for the user to deal with, this is probably the best level of protection. Encryption raises your reasonable level of expectation of privacy. Legal issues raised by this incident potentially include illegal search and seizure. Even US Customs still needs a search warrant for your computer, and the warrant must state specifically what they are looking for. They cannot fish. If an image was taken of Loretta Nall's drive, there will be a chain of custody document for this supposed evidence. Her lawyer can advise as to how to file a motion for it. There might also be an incident report, which would describe the actions of the agents. None of the information stolen from Loretta's drive can be used directly in a court
RE: Stash Burn?
Hum. Well, maybe. I guess a dual use argument wouldn't fly. Wait...that furnace should be able to reheat burgers also. -TD From: R.W. (Bob) Erickson [EMAIL PROTECTED] To: 'Tyler Durden' [EMAIL PROTECTED],[EMAIL PROTECTED] Subject: RE: Stash Burn? Date: Mon, 2 May 2005 12:34:15 -0400 Congratulations, you just turned your vehicle into drug paraphenalia What? You claim it is Not for drugs? Tell this to the judge. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tyler Durden Sent: May 2, 2005 10:14 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Stash Burn? yes, this reminded me of another brilliant idea. Why don't some cars have a little tiny furnace for stash destruction? If you've got an on-board stash and some Alabama hillbilly with a badge pulls you over, you just hit the button and have you're little stashed incinerated. Who cares if the badge knows you USED TO have something on board? Too late now if any trace of evidence is gone. What's wrong with this idea? -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Secure erasing Info (fwd from [EMAIL PROTECTED]) Date: Sat, 30 Apr 2005 19:49:56 +0200 - Forwarded message from Richard Glaser [EMAIL PROTECTED] - From: Richard Glaser [EMAIL PROTECTED] Date: Wed, 27 Apr 2005 12:17:43 -0600 To: [EMAIL PROTECTED] Subject: Secure erasing Info Reply-To: Mac OS X enterprise deployment project [EMAIL PROTECTED] FYI: Rendering Drives Completely Unreadable Can be Difficult --- The National Association for Information Destruction has said it cannot endorse the use of wiping applications alone for ensuring that data have been effectively removed from hard drives. NAID executive director Bob Johnson said the only way to ensure that the data will be unreadable is to physically destroy the drives, and even that has to be done in certain ways to ensure its efficacy. Most major PC makers offer a drive destruction service for $20 or $30. Some hardware engineers say they understand why the drives have been created in a way that makes it hard to completely erase the data: customers demanded it because they were afraid of losing information they had stored on their drives. http://news.com.com/2102-1029_3-5676995.html?tag=st.util.print [Editor's Note (Pescatore): Cool, I want a National Association for Information Destruction tee shirt. How hard could it be to have an interlock feature - you can really, really clear the drive if you open the case, hold this button down while you delete? (Ranum): Peter Guttman, from New Zealand, did a terrific talk in 1997 at USENIX in which he showed electromicrographs of hard disk surfaces that had been wiped - you could still clearly see the 1s and 0s where the heads failed to line up perfectly on the track during the write/erase sequence. He also pointed out that you can tell more recently written data from less recently written data by the field strength in the area, which would actually make it much easier to tell what had been wiped versus what was persistent long-term store. The paper, minus the cool photos may be found at: http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html Hard disks, I've found, make satisfying small arms targets.] Here is Mac OS X software called SPX that uses the Guttman method of securely deleting data off a hard disk. If you want to donate old HD's this might be the best method for protecting your data that was on the HD other than physically destroying the HD's. http://rixstep.com/4/0/spx/ -- Thanks: Richard Glaser University of Utah - Student Computing Labs [EMAIL PROTECTED] 801-585-8016 _ Subscription Options and Archives http://listserv.cuny.edu/archives/macenterprise.html - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
RE: zombied ypherpunks (Re: Email Certification?)
Eh...for email you may have a point, but I'm not 100% convinced. In other words, say they want to monitor your email account. Do you really believe they are going to tap all major nodes and then filter all the traffic just to get your email? This is that whole, The TLAs are infinitely powerful so you might as well do nothing philosophy. And even though I might be willing to concede that they get all that traffic, one hand doesn't always talk to the other. there may be smaller branches on fishing trips accessing your email if they want. if one were able to monitor the email account for access, you'll at least force your TLA phisher into going through proper internal channels. He might actually get a no, depending on the cost vs risk. Look...they aren't some super-Orwellian hyperorganized hive-mind. They're a big, fat bureaucracy full of big, fat bureaucrats. That's why they don't get real jobs! Look...a little tiny yap yap dog can often scare off a bigger dog or animal by making it clear that any interaction's going to suck. This isn't because the big dog couldn't ultimately kill the little dog, but because the big dog will realize it's just not worth it. -TD From: Morlock Elloi [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: zombied ypherpunks (Re: Email Certification?) Date: Thu, 28 Apr 2005 12:17:53 -0700 (PDT) I'm still having trouble understanding your threat model. Just assume braindeath and it becomes obvious. No tla with any dignity left would bother e-mail providers or try to get your password. All it need to do is fill gforms and get access to tapped traffic at major nodes (say, 20 in US is sufficient?). Think packet reassembly - filter down - store everything forever - google on demand. Concerned about e-mail privacy? There is this obscure software called 'PGP', check it out. Too complicated? That's the good thing about evolution, not everyone makes it. end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: Email Certification?
No, the threat model was outlined in a previous post. Consider some agency that has lots of resources and technologies, but also doesn't particularly want local authorities or (for instance) hotmail to know what they are doing. In general, this is going to make their operation much less intrusive, lower cost (ie, due to not having to physically send people) as well as avoiding a lot of legal hassles due to paper trails. So I guess what I'm looking for is way to be quite certain that someone (aside from Hotmail admin) is opening, reading, and closing my email 'unobtrusively'. Of course, once such an effort is detected, said agency may decide to follow a more intrusive investigative path, but this has practical consequences. My home alarm system is probably a better example. If NSA, for instance, is going to bother entering your house and setting up whatever, I'd bet they'd LOVE to not bother with the local security/alarm company, because then there's a paper trail, people who might be a friend of the surveilled, and other 'local' issues. They're definitely going to use their fancy gadgets, etc..., to bypass the alarm system while making the alarm company everything's going just fine, or perhaps a battery has expired. In this case there'd be nothing to subpeona. Therefore, if you suspect you're being surveilled, even if you can't secure anything you want might want to secure, you can at least force them to commit legally actionable acts, or else force them to give up their 'phishing' expeditions. -TD From: Bill Stewart [EMAIL PROTECTED] To: Tyler Durden [EMAIL PROTECTED] CC: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Email Certification? Date: Wed, 27 Apr 2005 16:04:54 -0700 I'm still having trouble understanding your threat model. If you're talking about somebody who can get Hotmail's cooperation, e.g. cops or sysadmins, there's no way you can prevent them from doing anything they want to your incoming mail. If you're worried about crackers guessing your password, then some web-based email systems automatically mark mail as read, some don't, some let you mark it, some let you remark it as unread. (I haven't ever used hotmail, and my cat stopped using it when the Child Online Protection Act required Hotmail to cancel accounts for anybody under 13 years old who didn't have parental permission, so the interface has probably changed since I last saw it.) Are you worried specifically about Hotmail? You're mentioning using gmail to pre-filter your hotmail messages - gmail's going to have similar potential threats, except that it's probably better managed, and if you're going to send the mail to gmail anyway, why not just read it on gmail? In general, if you've sent unencrypted email to an untrusted system, then you've got no way of knowing that it hasn't been read. At 01:09 PM 4/27/2005, Tyler Durden wrote: Oh...this post was connected to my previous one. Sorry...my ideas along these lines are still a little foggy but I'll try to articulate. Basically, let's assume someone with some resources has cracked your email and wants to monitor what you send and receive. let's also assume they don't want you to know it. Let's assume they also are not particularly thrilled about having hotmail know what they're up to (if needs be they can obtain a warrant, etc..., but this is clearly less than desirable compared to more direct techniques). It seems fairly easy to me to (for instance) create a bot that duplicates all of the email and resends it to your hotmail account so that when you log in everything looks fresh and new. (There are probably easier ways to do this via direct hacks of hotmail). Is there some way to make it evident that someone has opened your email? Right now, I can't think of anything you could do aside from suggesting that hotmail (or whoever) offer some kind of encryption service. BUT, it occurs to me that you might be able to have gmail forward your mail to hotmail via some intermediate application you've set up that takes the timestamp and whatever and creates a hash.
Re: WebMoney
Are you continuing those dots correctly? I assumed they were leading to the words Russian mob, which has become quite the powerful force in Brooklyn these days. -TD From: Shawn K. Quinn [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: WebMoney Date: Thu, 21 Apr 2005 09:15:06 -0500 On Wed, 2005-04-20 at 19:40 -0700, James A. Donald wrote: The fact that webmoney takes security so seriously suggests to me that they are honest - but, of course, the fact that they are russian suggests . This isn't the middle of the Cold War anymore. I don't think they are that dishonest, especially after some of the crap the US government has pulled in the last few years. -- Shawn K. Quinn [EMAIL PROTECTED]
What's Packed in Variola's Suitcase?
Interesting. Gives a lower limit to certain storage questions. Guess it's no suprise IBM's SAN product handled things here, it's been field-tested after all. -TD GENEVA -- IBM and CERN, the European Organization for Nuclear Research, today announced that IBM's storage virtualization software has achieved breakthrough performance results in an internal data challenge at CERN. The data challenge was part of a test currently going on at CERN to simulate the computing needs of the Large Hadron Collider (LHC) Computing Grid, the largest scientific computing grid in the world. The LHC is expected to produce massive amounts of data, 15 million gigabytes per year, once it is operational in 2007. The recent results represent a major milestone for CERN, who is testing cutting-edge data management solutions in the context of the CERN openlab, an industrial partnership. Using IBM TotalStorage SAN File System storage virtualization software, the internal tests shattered performance records during a data challenge test by CERN by reading and writing data to disk at rates in excess of 1GB/second for a total I/O of over 1 petabyte (1 million gigabytes) in a 13-day period. This result shows that IBM's pioneering virtualization solution has the ability to manage the anticipated needs of what will be the most data-intensive experiment in the world. First tests of the integration of SAN File System with CERN's storage management system for the LHC experiments have already obtained excellent results. CERN has a long-standing collaborative relationship with IBM, and we are delighted that IBM is pushing the frontiers of data management in the context of CERN openlab, said Wolfgang von Rüden, Information Technology Department Leader at CERN and Head of the CERN openlab. What we learned from these data challenges will surely influence our technological choices in the coming years, as we continue to deploy the global LHC Computing Grid.
Re: WiFi Launcher?
From: Damian Gerow [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: WiFi Launcher? Date: Fri, 25 Mar 2005 12:50:04 -0500 Thus spake Tyler Durden ([EMAIL PROTECTED]) [25/03/05 10:30]: : Has anyone heard of a utility that can search for a WiFi hotspot while : driving and then launch an email? I noticed you did a little editing! Sigh. Few can stand in the light for very long, save the various beautiful women that clamor to spread my DNA... Someone once said, Cypherpunks write code. Yes but I'd amend this to say, Cypherpunks in the process of becoming economically successful probably don't have time to write code but others can sure feel free to try... : Sounds possible to me. the only problem might be the need for : authentication, etc...in some hotspots, but given enough hotspots surely : there are some that don't need it... I imagine that, depending on where you're driving, you wouldn't need to bother with hotspot authentication: you're bound to stumble onto an open WiFi network at *some* point in your journey. Exactly. And also, no harm in trying several times, the Johnny Appleseed approach... Given that there already exists utilities that detect WiFi networks and map them with GPS units, I don't think it would take much to, at that point, run, say, 'postfix start postqueue -f'. Or perhaps mixmaster/mixminion might be more appropriate. It sounds not only possible, but plausible. And I'd be surprised if someone didn't already have this working somewhere. These days one has to act very quickly in order to create something original. The question is, will a TLA do it first and post it, along with a TINY little ID tag? -TD
Re: WiFi Launcher?
Well, as pointed out previously it may not be necessary to authenticate. If you believe you'll be passing through a high WiFi density area, and that chances are decent at least one or two of the hotspots do not require authentication, then have the app toss off a bunch of the emails and try again at the next spot. The emails should make it through somewhere (particularly in places like NYC, were there must be a dozen or more public hotspots within a block or two of where I work). Of course, if authentication happens to be achieved, then I guess have the app delete those emails it got through. Which leads to the possibility of perhaps attempting both strategies simultaneously, but on different frequency bands. -TD From: Bill Stewart [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: WiFi Launcher? Date: Fri, 25 Mar 2005 14:21:09 -0800 Thus spake Tyler Durden ([EMAIL PROTECTED]) [25/03/05 10:30]: : Has anyone heard of a utility that can search for a WiFi hotspot while : driving and then launch an email? It's a harder problem than you'd expect - Wifi doesn't have a long range, so you have to detect the hotspot, decide if you can handle or evade its authentication, do that, and then send your message before you've driven out of range. If you're in range for 100 meters at a 18kph city crawl (or bike) that's about 5 meters/sec so you've got 20 seconds, and it can work. If you're driving 90kph and catch 10 meters of the edge of a range, you've got 0.4 seconds to do the job, which is pretty dodgy - lots of mail servers take a few seconds to really sync up, especially if you've got to do a DNS lookup or two. Directional Antennas are unlikely to be useful - if you've got them aimed right, you might win, but you're much more likely to miss entirely or have only a few meters that you're in range.
Golden Triangle Drug Traffic Arbitrage?
Hey...had an interesting idea I've been discussing. Actually, no way it's crypto but it's certainly markets/anarchy, so read on if you wish. I'm thinking that that Drug Trafficking in the Golden Triangle might actually be a form of arbitrage. Let me explain... China pegs it's currency to US currency. With the dropping dollar, this means that there's going to be a larger and larger gap between 'reality' (as measured in the true cost of goods in a free market) and the pegged rate. On Cypherpunks do I need to explain the idea that this difference will inevitably give rise to a big black market to exploit that difference? (I had a hard time explaining this to some younger Wall Street folks here.) An interesting though I had last night was that the Drug trade in the Golden Triangle (Burma, China, Thailand, etc...) might exist for precisely this reason...in other words, as a form of arbitrage of sorts between the actual local cost of goods and services and manpower and exchange rates of the US dollar. Heroin is an ideal medium for arbitrage, as it's price is almost a pure function of supply and demand (as opposed to cost of material). It can fluctuate with the currency markets and as a result forms a sort of 'common denominator' for translating local wealth back into international, 'real' wealth. In other words, the drug trade is a direct result of government intervention in the currency markets. Of course, if May were here (may his soul roast in the hell of lesser lists) he'd say this was 'obvious'... Is it? -TD -TD
RE: What Will We Do With Innocent People's DNA?
The simplest solution is to systematically spread one's DNA everywhere, thus making 'discovery' of it meaningless. Yes, this is what I've been endeavoring to do, but my potential partners don't seem to understand the urgency. -TD
Re: Golden Triangle Drug Traffic Arbitrage?
Hey...I never said May was an idiot. In fact, quite the opposite. His issues with race and violence, I feel, don't emanate from stupidity by any means, but are rather codifications of some kind of issues into his thinking. Get him away from human matters and on the technical level he was normally very sharp. However, All commodities that exist outside of government regulation have prices that are functions of supply and demand. Heroin is no different than any other commodity in that regard. The notion that heroin has no cost of material is especially absurd. Do you think they can just conjure it up out of thin air? Nonsense. Heroin, like any other commodity, has significant costs to create, and those are what controls its supply. OK, I'm punting here, and I'm not an economist. BUT, my assumption is that the costs of production of heroin is far below it's actual street value. Indeed, this is why many 3rd world economies produce such drugs. If the yuan is actually cheaper than it should be because of being pegged to the dollar, there's a much easier way to take advantage of the arbitrage opportunity: simply buy goods in China and sell them in America. Yes, that's precisely what the drug trade does. And guess what, thousands of Chinese export companies do just that, making money off the economic downhill slide that China has erected spanning the Pacific. This effectively forces Chinese workers to be paid less than they are worth, decreasing their savings and acting as an economic stimulus for China as a whole. Well, of course. What I'm driving at, however, is that a pegged yuan (or any currency) will have inevitable and unintended local consequences. For instance, let's say a Chinese consumer wants to purchase US goods in China. Obviously, such goods will be extremely expensive. However, with a pegged rate, the price for such goods will no longer reflect the true differential in the price of (for instance) labor in the US and China. In other words, goods are more expensive then they have to be, due to an artificial barrier created by the pegged dollar:Yuan rate, and exporting legitimate goods becomes a very expensive way to buy those goods. More than this, the value of a local yuan (or what have you) is not what it could be if you (as an individual, not a nation) had direct access to foregin capital at a rate that truly reflects the differential in costs, efficiency, etc... So what do you do? You export blackmarket goods for prices that reflect some sort of reality. In addition, it probably allows local producers of other non-black-market items (some of which may not be exportable) to have access to foreign capital at the true going value, via various economic relationships with drug creators, etc Come to think of it arbitrage is not the best term. Of course, the actual growers and even exporters of heroin are completely unaware that their livelihoods are the result of macroeconomic conditions. Just a thought, could be wrong, but I see nothing in the response above to indicate I'm extremely off base. It's nominally Cypherpunk in that it poses the question of whether central control is actually responsible for the some aspects of the drug trade. -TD
Re: on FPGAs vs ASICs
FPGAs probably make more sense for routers, because you want the ability to change the firmware more often, and a router has a bunch of other parts as well, and realistically, cypher-cracking is not an economically viable activity for most people, so the cost-benefit tradeoffs are a bit twisted. The router world seems to use a good mixture. At a startup we were purchasing nice off-the-shelf MPLS ASICs, which did MPLS route setup and forwarding (and some enforcement) while the 'software'/control plane (eg, OSPF, RSVP-TE, etc...) was largely in FPGAs of our own brew. At that time (ca, 2000/2001) some vendors were starting to push net processors, which were somewhere in between, and at the time just weren't quite fast enough for ASIC-busting applications and not quite flexible enough for FPGA-ish applications. Now, however, I'd bet net processors are very effective for metro-edge applications. What I suspect is that there's already some crypto net processors out there, though they may be classified, or the commercial equivalent (ie, I assume there are 'classified' catalogs from companies like General Dynamics that normal clients never see). They can periodically upgrade the code when they discover that some new form of stego (for instance) has become in-vogue at Al Qaeda. These won't be Variola Suitcase-type applications, though, but perhaps for special situations where they know the few locations in Cobble Hill Brooklyn they want to monitor and decrypt. -TD
Re: SHA1 broken?
Ah. You meant as a principal in general. Of course the prevailing wisdom is to go from FPGAs to ASICs when you have heavy tasks. In Telecom equipment, however, there's a few issues that basically 'require' FPGAs. First, the standards change quite a bit, depending on which area you're in. For instance, RPR didn't really get settled until very recently. Second, your customers may ask for more or different kinds of functionality, so you may have a new release of firmware to address that. Putting the framing and/or PM on an FPGA while keeping the guts (eg, packet processing) on the main ASIC/processor allows you to swap out the trivial without a major heart transplant. In addition, there's probably the far more important issue of design cycle times. ASICs will take (at the very minimum) 18 months to create, and if you make a mistake early on and don't catch, you have to start all over again. For some fields that's just unacceptable. Then again, if you're looking for sheer, brute performance and design cycle times are not a limiting factor, ASICs are often the way to go. Even in a Variola Suitcase, however, I'd bet some of the trivial functions are off-loaded to an FPGA, though, for reasons above. -TD From: Riad S. Wahby [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: SHA1 broken? Date: Tue, 8 Mar 2005 13:26:48 -0600 Tyler Durden [EMAIL PROTECTED] wrote: Well, maybe I misunderstand your statement here, but in Telecom most heavy iron has plenty of FPGAs, and as far as I understand it, they more or less have to. Have to in what sense? If they're constantly reconfiguring the FPGAs (new software revs, or some sort of evolutionary learning process--- the latter not likely in telecom, of course), sure, they have to be on reprogrammable structures. If, on the other hand, you're building a custom hash cracking machine, you don't need to reconfigure your gates. You could design your parallelized SHA1 cracking machine and dump it onto a bunch of FPGAs, but if you really have unlimited resources you take the plunge into ASICs, at which point you can tighten your timing substantially. -- Riad S. Wahby [EMAIL PROTECTED]
Re: SHA1 broken?
Well, what would you call a network processor? An FPGA or a CPU? I think of it as somewhere in between, given credence to the FPGA statement below. -TD From: Major Variola (ret) [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: Re: SHA1 broken? Date: Sat, 05 Mar 2005 06:51:24 -0800 At 09:23 PM 2/19/05 +, Dave Howe wrote: I am unaware of any massive improvement (certainly to the scale of the comparable improvement in CPUs) in FPGAs, and the ones I looked at a a few days ago while researching this question seemed to have pretty FPGAs scale with tech the same as CPUs, however CPUs contain a lot more design info (complexity). But FPGAs since '98 have gotten denser (Moore's observation), pioneering Cu wiring, smaller features, etc.
RE: I.R.S. Accuses Man of Hiding $450 Million
But later, questioned by reporters, Mr. Everson noted that the I.R.S. law enforcement staff has been cut by at least a quarter in recent years. Mr. Wainstein, the United States attorney, said one of his prosecutors had spent a year developing the case. Anyone gigling? Notice that the amount he cheated the government out of could have easily payed the salaries of a bunch more IRS agents. This guy should receive an Official Cypherpunk award. Or does he not deserve one 'cause he got caught? -TD From: R.A. Hettinga [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: I.R.S. Accuses Man of Hiding $450 Million Date: Tue, 1 Mar 2005 13:00:43 -0500 http://www.nytimes.com/2005/03/01/business/01tax.html?th=pagewanted=printposition= The New York Times March 1, 2005 I.R.S. Accuses Man of Hiding $450 Million By DAVID CAY JOHNSTON ASHINGTON, Feb. 28 - A prominent telecommunications entrepreneur who once tried to mount a rescue of a Russian space station has been arrested and charged with evading taxes by hiding at least $450 million of income through offshore corporations. According to a 12-count indictment released on Monday that federal prosecutors called the largest criminal case of individual tax evasion, the entrepreneur, Walter Anderson, 51, did not pay over $210 million in federal and local income taxes he owed for the years 1995 through 1999 alone. Mr. Anderson ran the table when it came to violating the tax laws, Mark W. Everson, the Internal Revenue Service commissioner, told a news conference Monday. Because of his dishonest dealings, Mr. Anderson's lavish lifestyle was subsidized by honest, hard-working Americans. In 1998 Mr. Anderson, who lives in Washington, reported a total income of $67,939 and paid a tax of just $494. Mr. Everson said Mr. Anderson actually made at least $126 million that year that he never reported. From 1987 through 1993, officials said, Mr. Anderson failed to file a tax return. Mr. Anderson is the chief executive of Orbital Recovery, a company trying to extend the life of telecommunications satellites. He was arrested Saturday at Dulles Airport outside Washington as he stepped off a plane from London, according to Kenneth L. Wainstein, the United States attorney for the District of Columbia. In court on Monday, Mr. Anderson pleaded not guilty to the charges. His lawyer, John Moustakas, told Magistrate Judge Alan Kay that the government's case was based on innuendo and rumor. If convicted, Mr. Anderson faces as much as 24 years in prison. Judge Kay ordered Mr. Anderson held without bail until a bond hearing on Thursday. Susan Menzer, a prosecutor in the case, called Mr. Anderson a flight risk who can't be trusted. He hasn't been listening to judges for years, she added. Since a search warrant was executed in 2002, Mr. Anderson has moved artwork and cash to Switzerland to defeat both tax collectors and creditors who have civil court orders, the Justice Department said in court papers. Mr. Moustakas did not return a phone call seeking comment. Mr. Anderson has long attracted a certain level of public attention, especially when he tried to arrange a rescue of the Mir space station five years ago. He frequently flew in a private jet and made deals involving millions of dollars. At conferences on space travel he often spoke of his hatred of government. But he came under scrutiny, law enforcement officials suggested, only because of a tip from a disgruntled business associate. Mr. Anderson, according to the indictment, formed an offshore corporation, Gold and Appeal Transfer, in the British Virgin Islands in 1992 to hide his profits from deals involving a telecommunications company he started in the 1980's. Over the next three years, the indictment charged, Mr. Anderson set up a network of offshore corporations, including one in Panama under the alias Mark Roth, that were used to hide his ownership of three telecommunications companies and allow him to earn hundreds of millions of dollars without paying taxes. While Mr. Anderson at times insisted publicly that he was worth no more than $4 million, he serves as a senior business adviser to Constellation Services International, a fledgling satellite rescue company that disclosed his ownership of several companies, including Gold and Appeal. Its Web site said Gold and Appeal was worth at least $100 million and described Mr. Anderson as selling the Esprit Telecom Group in 1998 for $900 million. In extensive filings with the I.R.S. and the Securities and Exchange Commission, the indictment charged, Mr. Anderson claimed that he was merely an employee of Gold and Appeal, the offshore bank that the indictment says was central to his tax-evasion effort. The I.R.S. holds all Americans, even the very wealthy, to the same standard, Mr. Everson said. This indictment sends a strong signal that we will not tolerate abuse of the tax laws. But later, questioned by reporters, Mr. Everson noted that the I.R.S. law enforcement staff has been cut by
Re: [IP] Books -- The New Hows and Whys of Global Eavesdropping (fwd from dave@farber.net)
Keefe says of Cryptome: The site is a good litmus test for your attachment to freedom of speech. He is not happy about excessiveness of any kind. Attachment to freedom of speech? 'NK'. -TD
RE: Anguilla on $1000 a day - NYTimes
Wanna cut to the chase here? I don't think Jennifer Anuston is a cryptographer, and I got bored hacking my way through this reporter commiserating at being at a high-end clip joint. -TD From: Bill Stewart [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Anguilla on $1000 a day - NYTimes Date: Sat, 26 Feb 2005 19:19:55 -0800 (PST) The NYT updates us on a favorite cryptographers' hideout http://travel2.nytimes.com/2005/02/27/travel/27high.html February 27, 2005 HIGH LOW High: Anguilla on $1000 a Day By JULIET MACUR N hour after arriving on Anguilla in early January, I was soaking in the hot tub at an exclusive resort, sunglasses on, eyes closed, sun warming my pasty Northeastern face. Ah, Anguilla, a quiet island that has recently become the next St. Barts, a hedonistic hideaway and magnet for members of the boldface set. At the northeast corner of this narrow isle, Jennifer Aniston and Brad Pitt spent New Year's in a villa on Captain's Bay. On its southwestern coast, Jay-Z and Beyonci had cuddled on the sands of Shoal Bay West. Down the beach from my resort, Uma Thurman had kicked back at a local bar. Just as I began to imagine that I, too, was a star on an escape-the-paparazzi trip, reality interrupted. A foreign object crashed into my hot tub and sent water slapping against my face. A small boy and his father were throwing a ball wildly. The father's next toss bounced off the boy's head and against a woman's forehead. The father laughed. The woman smiled. I growled and thought, This doesn't happen to Jennifer Aniston. I left in a huff because I had no time for distractions. This was serious business: I had to figure out how to get by on $1,000 a day. Related Feature Low: Anguilla on $250 a Day Though Anguilla is a relatively undeveloped island where goats might outnumber residents, $1,000 a day at a chic resort amounts to roughing it. At the Cap Juluca resort, the cheapest room in high season cost $936 a night, including the 20 percent tax. Malliouhana Hotel offered a garden view room on the first floor for $744. If my best friend, Rose, and I were to eat, drink and even think of going to the spa on my $1,000-a-day budget, the only high-end resort I could afford was the CuisinArt Resort and Spa, which sits near the island's southwestern end on Rendezvous Bay's beach, one and a half miles of flour-soft sand, blindingly white. The turquoise ocean water was as clear as Evian, and you could see fish near the sea floor. The cheapest rate, $550 plus $110 tax - but including Continental breakfast - would allow us to pretend we belonged at this beautiful place. The resort's grounds were simple and elegant. Eggplant-colored bougainvillea climbed the whitewashed stucco buildings that looked as if they had been plucked from a Greek cliff. In a nearby garden were trees heavy with guavas, fig bananas and star apples. As we looked from the lobby onto a series of rectangular pools cascading to the beach, a receptionist said we had been upgraded from the main house to a suite in one of the 10 three-story villas clustered along the shore. We hope you don't mind, she said, unaware that I was a journalist. No, we didn't, and certainly not after seeing the room. The upgrade, to a junior suite that would have cost $120 more a night, allowed us to hear waves from our patio. Our suite was a cheery, not fancy, single room, but at 920 square feet was nearly as big as my Manhattan apartment. A navy couch broke up the space into sleeping and lounging areas. Two double beds with wicker headboards faced the porch and a walkway to the beach. Paintings of Greek fishing villages and bright bedspreads splashed color against the white walls and tile floors. A brochure called the bathroom your own private sanctum, large enough for an oval tub for a honeymooning couple's bubble bath. But nothing was that private, considering one wall was made of warped glass. While on the outside walkway one day, I gasped when I saw a fuzzy version of Rose heading for the shower. At the resort's free reception on our first night (with food and drink), the manager, Rabin Ortiz, told us, Do not make plans for your weekend. We quickly learned why. There are no plans to make because, on Anguilla, there is basically nothing to do. And that's the point. At CuisinArt, stay away from the main pool (where ball-tossing children congregate). Instead, sit on the beach and take delivery of homemade lemon sorbet from waiters whose goal is to fill you with fruity rum drinks. After sundown, submit to spa treatments like the Anguillan coconut pineapple scrub, which smells good enough to eat, and the hydroponic cucumber and aloe wrap, using ingredients grown on the premises. It was the perfect place for us: upscale, but not one bit snooty. Night life is minimal. (At 10:30 on Saturday night, only one couple was at our resort's bar, where a trio sang Endless Love.) Sea kayaks, sailboats, catamarans and tennis courts were available and mostly unused. For casino or dance
John Gilmore and Open Source
Are they just basically saying we just can't travel without identity papers? If that's true, then I'd rather see us go through a real debate that says we want to introduce required identity papers in our society rather than trying to legislate it through the back door through regulations that say there's not any other way to get around, Actually, that's a very interesting comment. In a way, it harkens to the open source movement: The secrecy of these laws is precisely what weakens security, as folks a little more active-minded than bureaucrats will get a chance to think about the problem. And of course, if just one terrorist gets a hold of those secret laws, 30 minutes after that all of them will have a copy while the rest of us (trying NOT to get blown up) will be at a distinct disadvantage. But then again, maybe that's no coincidence...government seems to have a knack for finding reasons for itself to exist... -TD From: R.A. Hettinga [EMAIL PROTECTED] To: [EMAIL PROTECTED], cryptography@metzdowd.com, osint@yahoogroups.com Subject: Grounded: Millionaire John Gilmore stays close to home while making a point about privacy Date: Mon, 28 Feb 2005 00:48:06 -0500 http://www.postgazette.com/pg/pp/05058/462446.stm Pittsburgh Post-Gazette Grounded: Millionaire John Gilmore stays close to home while making a point about privacy He's unable to travel because he refuses to present a government-approved ID Sunday, February 27, 2005 By Dennis Roddy, Pittsburgh Post-Gazette SAN FRANCISCO -- John Gilmore's splendid isolation began July 4, 2002, when, with defiance aforethought, he strolled to the Southwest Airlines counter at Oakland Airport and presented his ticket. Dennis Roddy, Post-Gazette John Gilmore, beside a graffiti-covered wall, has his morning coffee at a shop that's one block from his San Francisco home. The Bradford native doesn't drive and has other travel restrictions, thanks to his challenge of a law that the government won't allow him to see. The gate agent asked for his ID. Gilmore asked her why. It is the law, she said. Gilmore asked to see the law. Nobody could produce a copy. To date, nobody has. The regulation that mandates ID at airports is Sensitive Security Information. The law, as it turns out, is unavailable for inspection. What started out as a weekend trip to Washington became a crawl through the courts in search of an answer to Gilmore's question: Why? In post 9/11 America, asking Why? when someone from an airline asks for identification can start some interesting arguments. Gilmore, who learned to argue on the debate team in his hometown of Bradford, McKean County, has started an argument that, should it reach its intended target, the U.S. Supreme Court, would turn the rules of national security on end, reach deep into the tug-of-war between private rights and public safety, and play havoc with the Department of Homeland Security. At the heart of Gilmore's stubbornness is the worry about the thin line between safety and tyranny. Are they just basically saying we just can't travel without identity papers? If that's true, then I'd rather see us go through a real debate that says we want to introduce required identity papers in our society rather than trying to legislate it through the back door through regulations that say there's not any other way to get around, Gilmore said. Basically what they want is a show of obedience. Dennis Roddy, Post-Gazette There's no place like home for John Gilmore, who can't travel very far from his San Francisco residence. The Bradford native refuses to give his identification for flying. Click photo for larger image. As happens to the disobedient, Gilmore is grounded. He is rich -- he estimates his net worth at $30 million -- and cannot fly inside the United States. Nor can he ride Amtrak, rent a room at most major hotels, or easily clear security in the courthouses where his case, Gilmore v. Ashcroft, is to be heard. In a time when more and more people and places demand some form of government-issued identification, John Gilmore offers only his 49-year-old face: a study in stringy hair, high forehead, wire-rimmed glasses, Ho Chi Minh beard and the contrariness for which the dot.com culture is renowned. I think of myself as being under regional arrest, he said. Even with $30 million in the bank, regional arrest can be hard. He takes the bus to and from events at which he is applauded by less well-heeled computer techies who flew in from around the country after showing a boarding pass and one form of government-issued photo ID and arrived in rental cars that required a valid driver's license and one major credit card. He was employee No. 5 at Sun Microsystems, which made Unix, the free software of the Web, the world standard. He japed the government by cracking its premier security code. He campaigned to keep the software that runs the Internet free of charge. After he left Sun, Gilmore started his own firm, sold it for more