On Mon, Aug 20, 2007 at 08:53:11PM +0300, Oleg Goldshmidt wrote: > I was going to stay out of the discussion, but I think you mean me, > Geoff, right?
Yes. If so, we were not such bad guys - we didn't mine the > contents, nor were we actually interested in the values of any packet > header fields. The purpose of the product was to distinguish between > different types of traffic (e.g., between D?DoS and legitimate > traffic) in real time, and differentiation was all that mattered. True, but that does not mean the technology could not be expanded. Considering that a 300mHz PII was a hot machine in those days, and now you can get a quad processor each 10 times that fast for under $1,000 or a CELL type processor on a video game console, it could really be done a lot better. > We got out starting capital after the bubble had burst and their > bankruptcy was, as far as I can tell, due to other reasons. Ok, I was being polite. :-) > > Certainly not us - the "principals". We are all into other things > now... Over the last 5 years we got quite a few calls (including from > the now recovered VC) saying "there is real need for the technology, > where are you"? - "Elsewhere." Yes, that happens all the time. One of the reasons my company failed was our lawyer told us all to go out and get day jobs instead of selling some stock. Startups are like most relationships, once you split up, you never get back together. :-( I don't know if you applied for patents for the technology, but if you did and due to the lack of funding abandoned the applications, or did not pursue U.S. provisionals, it's public domain. If it stayed a "trade secret", or someone was able to carry on and get patents, then they may still be worth a lot of money to the right buyer. > Now, since Geoff invited me to the discussion on the topic in > question... We all routinely use encryption in many situations: cell > phones, ssh to remote hosts, secure web connections from Amazon to > banks, you name it. So far I have had no run-ins with government > agencies because of that. No, luckily things have lightened up on that. I remember when it was illegal to export DES code from the U.S. Many software companies added it to force a legal way of preventing people selling their programs outside the U.S. To keep it on the FOSS topic, a programmer in Australia wrote a version of it and submitted to DECUS (the DEC user's group). They put it on a contributed software CD, published in the U.S. It could not be legally exported although the code was originally not from the U.S. Many people on this list remember the DECSS code T-shirts and song. :-) > If I understand the article linked to by the OP, the proposed law does > not authorize continuous data mining of everybody's > communications. From the article, it looks to me that if the law is > passed it will be much easier for the police to find out who the > wiretapped suspect was talking to or sent an email (possibly > encrypted) to at a specific time. For that, they want a "reverse map" > of phone numbers (IP addresses, etc.) to names/IDs/addresses that can > be easily queried without a court order. I don't know how well that would fly. Since most ISP's use dynamic addressing, a database is only good for a few minutes at most. It would have to have both data records and a time-stamp. > This is, in principle, worrying. I assume that today if the police > wiretap someone's Internet connection then to see who got the email > sent at 20:47 on 2007/08/20 they will have to go to an ISP who, I > hope, will want to see a court order. I doubt that. I expect that if the police called one of the big ISP's (are there any small ones left?) and said "we tracked an Al-Quieda terrorist to this IP address", the ISP would jump at the chance to help. Even more so if they said it was a Hamas terrorist in the process of preparing an attack. > If anyone of us calls an ISP and > complains about break-in attempts, spam, or whatever from am IP > address the ISP may take action against the owner, but they won't tell > you who it is. With this new law, at least the police won't have to > ask ISP for the info. Is that good or bad? The current system stops random piscene searches (fishing expeditions), but nothing else. I'm sure the person who claimed on this list that the government is monitoring his emails is on some "watch list" already and something beeps when he sends an email in this country, etc. > I don't like it, personally. Besides potential abuse by government > agencies random people can draw attention if anyone, including > criminals, decide to subvert the system. E.g., if you suspect that > your email may be intercepted, encrypt every email and send it to N > different IP addresses. It will only be decrypted by the intended > recipient who has the key, but if the police decide to check who it > was sent to they will be either swamped or start investigating > innocents, depending on N. Or send the email to a permissive mailing > list or newsgroup that won't ban you as quickly as linux-il > moderators. Or get really inventive in some other way. That's an interesting point. You don't even have to go that far, encode (not encrypt) it in a SPAM message. It might eventually get you kicked off of an ISP for SPAM, but no one is going to bother to read it. Hidden messages in plain text goes back thousands of years and no one really is able to crack it 100%. > Come to think of it, I don't know if our AI technology Geoff alluded > to would be of any help to the police differentiating real recipients > from bogus ones... Probably not. But it could make a best guess and follow patterns. It depends upon how many disposable email accounts you want to set up and as they say in the spy novels "legends" (fake personal histories). Let's face it, if I picked a go code of "buy (some number) of (drug name) at (some price) from our supplier in (country name)" no one would take a second notice. The numbers could be times, dates, or addresses, the drug names represent a location, and the country a method. There were lots of messages on the BBC like that during the Second World War, and don't forget the numbers stations on shortwave (transmissions like "message for sierra tango foxtrot, message follows 1 3 7 bravo...". These are almost universally ascribed to the Mossad, which is likely but not for all or even most of them. Besides the fact, I could finance the operation on credit card numbers people would send me thinking the offers were real. :-) > Oh, maybe I should go to the Knesset and offer our AI technology to > support the proposed legislation?... Sounds good to me. If you have not already filed for patents, you probably should :-) Once you announce it publicly, which a meeting with an M.K. would be considered, you have a year to file a patent application or it becomes fair game. Geoff. -- Geoffrey S. Mendelson, Jerusalem, Israel [EMAIL PROTECTED] N3OWJ/4X1GM IL Voice: (07)-7424-1667 U.S. Voice: 1-215-821-1838 Visit my 'blog at http://geoffstechno.livejournal.com/ ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
