Call for Papers hack.lu 2005

[Alexandre Dulaunoy]

== Call for Papers hack.lu 2005 ==

The purpose  of the  hack.lu convention  is to give  an open  and free
playground   where  people   can  discuss   the  implication   of  new
technologies  in the  society. hack.lu  is a  balanced  mix convention
where  technical and  non-technical people  can meet  each  others and
share freely all  kind of information. The convention  will be held in
the Grand-Duchy of Luxembourg in  August or September 2005 (soon to be
defined). The convention is open to everyone.

=== Scope ===

Topics of interest include, but are not limited to :

* Software Engineering
* Honeypots/Honeynets
* Electronic/Digital Privacy
* Wireless Network and Security
* Attacks on Information Systems and/or Digital Information Storage
* Electronic Voting
* Free Software and Security
* Assessment of Computer, Electronic Devices and Information Systems
* Standards for Information Security
* Legal and Social Aspect of Information Security
* Software Engineering and Security

=== Deadlines ===

Abstract submission : 1 March 2005

Full paper submission : 15 May 2005

=== Submission guideline ===

Authors should  submit a  paper in English/French  up to  5.000 words,
using  a  non-proprietary  and  open electronic  format.  The  program
committee will review all papers and  the author of each paper will be
notified of  the result,  by electronic means.  Abstract is up  to 400
words. Submissions must be sent to : hack2005-paper(AT)hack.lu

Submissions should also include the following:

# Presenter,  and geographical  location (country  of origin/passport)
  and contact info. 
# Employer and/or affiliations. 
# Brief biography, list of publications or papers. 
# Any  significant   presentation  and/or  educational
  experience/background. 
# Reason  why  this  material  is  innovative  or  significant  or  an
  important tutorial. 
# Optionally, any samples of prepared material or outlines ready.

The information will be used only  for the sole purpose of the hack.lu
convention including the information on the public website.

If you want to remain anonymous, you have the right to use a nickname.

=== Publication and rights ===

Authors keep the  full rights on their publication/papers  but give an
unrestricted  right  to  redistribute  their papers  for  the  hack.lu
convention.

=== Sponsoring ===

If  you  want  to  support  the  initiative  and  gain  visibility  by
sponsoring,   please   contact   usby   writing   an   e-mail   to
supportus(AT)hack.lu


=== Web site and wiki ===

http://www.hack.lu/

Re: Ready, Aim, ID Check: In Wrong Hands, Gun Won't Fire

[Justin]

On 2005-01-10T15:04:21-0500, Trei, Peter wrote:
> 
> John Kelsey
> 
> > >Ready, Aim, ID Check: In Wrong Hands, Gun Won't Fire
> > > By ANNE EISENBERG
> > 
> > I just wonder what the false negative rates are.  Seem like a 
> 
> A remarkable number of police deaths are 'own gun' 
> incidents, so the police do have a strong motivation 
> to use 'smart guns' if they are reliable.

The NJ law specifically exempts the police from the smart gun
requirement (which for civilians goes into effect in 2007 or 2008).
Regardless, the legislature doesn't need to get involved for law
enforcement to change their weapons policy and require "smart guns."

False positives may also present a problem.  If the only way to get an
acceptable identification rate (99%, for instance) is to create a 50%
false positive rate for unauthorized users, that's reduces utilitarian
benefit by half.

Batteries go dead.  Solder joints break.  Transistors and capacitors go
bad.  Pressure sensors jam.  This is not the kind of technology I want
in something that absolutely, positively has to go boom if I want it to.

For handguns, I'll stick with pure mechanical mechanisms, thanks.
"Smart guns" are a ploy to raise the cost of guns, make them require
more maintenance, annoy owners, and as a result decrease gun ownership.

-- 
"War is the father and king of all, and some he shows as gods, others as men; 
some he makes slaves, others free." -Heraclitus 53

Re: Ready, Aim, ID Check: In Wrong Hands, Gun Won't Fire

[Justin]

On 2005-01-10T15:42:47-0500, Tyler Durden wrote:
> 
> And we'll probably have many years of non-Smart-Gun type accidents...eg, 
> Drunk guy at party put gun to his head and blew his own brains out, 
> assuming it was a smart gun, or, trailer park momma gives gun to toddler 
> assuming its a "safe" smart gun.

Some gun "accidents" are suicides reported as such to avoid
embarrassment to the family.  Similarly, I think a few of the gun
"accidents" involving real "children", which are extremely rare to begin
with, go like this...

"Son, why don't you take this gun and pretend to go shoot daddy?  It's
not loaded." Or, "Son, why don't you take the gun, put it to your head,
and pull the trigger?  It's not loaded."

I don't believe the article when it says that smart guns are useless if
stolen.  What do they have, a tamper-proof memory chip storing a 128-bit
reprogramming authorization key that must be input via computer before
allowing a new person to be authorized?  And what's to stop a criminal
from ripping out all the circuitry and the safety it engages?

-- 
"War is the father and king of all, and some he shows as gods, others as men; 
some he makes slaves, others free." -Heraclitus 53

RE: Should Anarchists Take State Money?

[Tyler Durden]

Hey! I just created a small replica of Rodan's "The Thinker" by sculpting it 
out of my poop!

-TD


From: "R.A. Hettinga" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Should Anarchists Take State Money?
Date: Mon, 10 Jan 2005 18:18:15 -0500

Mises Economics Blog
January 10, 2005

Should Anarchists Take State Money?
by Robert Murphy
A discussion on a private email list brought up a familiar topic: When is
it permissible for self-described anarchists (let's restrict ourselves here
to anarcho-capitalists) to take government money? This is a tricky
question, and I have yet to see someone offer a satisfactory list of
necessary and sufficient conditions. Usually when an-caps argue about this,
they end up shooting more and more refined analogies back and forth.
For example, to me it's not enough to say that any money spent in the
private sector is legitimate (vis-a-vis one's anarchism). I personally
would not feel justified in working for a Halliburton. However, what about
the guy who opens a Dunkin Donuts near a police station? Is he accepting
"government money"? Does it matter if he's in a podunk town with a sheriff
and a deputy, versus if he lives in LA and knows for a fact that several of
his customers beat the #$#)($* out of suspects?
A big problem in this area is education: Can anarcho-capitalist economists
take teaching posts at State schools? After all, the State intervenes
heavily in education, which is a perfectly laudable market institution. But
surely there are more teaching posts because of the State than there
otherwise would be. Does the an-cap professor have to estimate whether his
or her post would actually exist in the absence of State intervention, or
is that irrelevant?
Personally, I have decided that I will never work for an official State
school. If I really mean it when I refer (in LRC articles, for example) to
the State as "a gang of killers and thieves," then how can I possibly
associate with such people? Yes yes, there are millions of analogies and
counterarguments, but for me there is a definite line to be drawn at
actually being on the payroll. (I also wouldn't take welfare, for example,
even though in previous years I have put in a lot to the tax system.)
Before closing, I should say that in no way am I taking a holier than thou
stance. For example, I applied for the Stafford (unsubsidized!) loan in
grad school, even though the State technically coerced those lending
institutions into offering me such low rates. And I know a guy who is so
hard core about starving the beast, that he felt like a sellout when he
took a job on the books and had some of his paycheck withheld. (I.e. when
he worked under the table, then at least his money wasn't funding the
State's wars etc.)
But as far as State schools, I think there are a few other things that
people often leave out of the discussion. First, why would I want to throw
my talents into a State school? I would much rather work on the side of the
underdog, and every time I publish a paper or give a talk, I want a private
school to get the credit. (This also applies to whatever influence I have
on students; I don't want to enhance a State school's reputation by
churning out better-than-otherwise students, so long as I could do the same
at a private school.)
A second issue is a bit more subtle: When moderate Americans hear of an-cap
professors berating the existence of the State, while they work for the
State, I think two things happen. (A) They think, "What a hypocrite! These
ivory tower academics need to get in the real world before redesigning
society!" And (B), they think, "Our government is so open and tolerant! It
even employs academics who call for its abolition! I'm so glad I live here
and not under the Taliban."
(Again, this is not meant as a criticism of those who choose to work at
State schools. I'm just explaining my position.)
Posted by Murphy at January 10, 2005 08:08 AM
Comments
You're very lucky that you have private colleges where you live. Many have
no such choice. Then all one can do is firmly bite the hand that feeds.
Posted by: Sudha Shenoy at January 10, 2005 08:40 AM
Ayn Rand had an article that was instructive on this issue. She was asked
whether it was moral for someone to take a government-backed student loan.
She said it was, because the person receiving the loan had no moral duty to
abstain from receiving a benefit the government was giving to others. Rand
distinguished between such benefits and those who choose to work in the
government at jobs that had no function other than to violate individual
rights (I believe she cited the Federal Trade Commission as an example.)
The difference was between using a service that *should* be provided by the
public sector (i.e. the Postal Service) and those that could never exist in
a free market (i.e. monopoly regulators).
 Of course, Rand was only addressing the ethical dilema; whether taking
state money is practical towards ad

Re: Ready, Aim, ID Check: In Wrong Hands, Gun Won't Fire

[Justin]

On 2005-01-11T10:07:22-0500, Trei, Peter wrote:
> Justin wrote:
> > 
> > I don't believe the article when it says that smart guns are useless
> > if stolen.  What do they have, a tamper-proof memory chip storing a
> > 128-bit reprogramming authorization key that must be input via
> > computer before allowing a new person to be authorized?  And what's
> > to stop a criminal from ripping out all the circuitry and the safety
> > it engages?
> 
> The 'stolen gun' problems most of the so-called 'smart gun' proposals
> are trying to address are the situation when a cop's own gun is taken
> from him and immediately used against him, or a kid finding one in a
> drawer. A determined and resourceful person can, given time, defeat
> them all.

from the article:
"Guns taken from a home during a robbery would be rendered useless, too."


The South African Smart gun...
> http://www.wmsa.net/other/thumb_gun.htm

Totally useless.  Failure modes and various other complaints:

-cannot connect to cellular network
-cannot receive GPS signal
-out of batteries
-laser diode craps out
-fingerprint scanner takes more than 0 time to use.
-ammunition is more expensive
-"window" in ammunition can be dirty or fogged, causing failure
-any sort of case failure will probably destroy the electronics
-will never be as small as subcompact firearms
-if smartcard is stolen, gun won't fire (other "smart guns" use rings)
-all the electronic tracing capability requires gun/ammo registration

I'd almost rather have a taser.

What assurance do I have that the circuitry won't malfunction and fire
when I don't want it to?  What if a HERF gun can not only render the gun
useless, but make it fire as well?

-- 
"War is the father and king of all, and some he shows as gods, others as men; 
some he makes slaves, others free." -Heraclitus 53

Re: Google Exposes Web Surveillance Cams

[Anton Raath]

Riad S. Wahby <[EMAIL PROTECTED]> wrote:

> I love how all of the coverage leaves out the actual search strings, as
> if it's hard to discover what they are at this point.

A fairly comprehensive list of search strings per camera/manufacturer
can be found here:

http://www.i-hacked.com/Computer-Components/Software-Internet/Finding-Online-Webcams!.html

A!
-- 
==
anton l. raath   http://raath.org/
==
Do not go gentle into that good night,
Old age should burn and rave at close of day;
Rage, rage against the dying of the light.
  -- Dylan Thomas
==

RE: Ready, Aim, ID Check: In Wrong Hands, Gun Won't Fire

[Trei, Peter]

Justin wrote:
>
> On 2005-01-10T15:04:21-0500, Trei, Peter wrote:
> > 
> > John Kelsey
> > 
> > > >Ready, Aim, ID Check: In Wrong Hands, Gun Won't Fire
> > > > By ANNE EISENBERG
> > > 
> > > I just wonder what the false negative rates are.  Seem like a 
> > 
> > A remarkable number of police deaths are 'own gun' 
> > incidents, so the police do have a strong motivation 
> > to use 'smart guns' if they are reliable.
> 
> The NJ law specifically exempts the police from the smart gun
> requirement (which for civilians goes into effect in 2007 or 2008).
> Regardless, the legislature doesn't need to get involved for law
> enforcement to change their weapons policy and require "smart guns."

Cynically, I'm not the slightest bit suprised that the police
are exempted: 'safety for the government, not for the people'.

> False positives may also present a problem.  If the only way to get an
> acceptable identification rate (99%, for instance) is to create a 50%
> false positive rate for unauthorized users, that's reduces utilitarian
> benefit by half.

A 1% false negative rate is too high. A 50% false positive rate is
*much* too high.
 
> "Smart guns" are a ploy to raise the cost of guns, make them require
> more maintenance, annoy owners, and as a result decrease gun 
> ownership.

If it's combined with a rule to ban the transfer and/or
ownership of 'dumb' (ie, reliable) guns, then it's also
a backdoor gun confiscation policy.

I'm afraid that they may get away with it. Here in MA, the
only handguns which can legally be bought new are those on a
fairly short list compiled by the State Attorney General which
meet his arbitrary 'safety standards'. If I wanted, say, a
Pardini (a very expensive special purpose .22short target 
pistol) I'm SOL. In fact, it's almost impossible for MA
residents to participate in some of the shooting sports
competitively, due to the AG's list.

Peter Trei

Adware for Windows Media Player spreading by P2P

[Bill Stewart]

http://www.theregister.com/2004/12/31/p2p_adware_threat/
According to an article in The Register, Overpeer is spreading
adware-infected Windows Media Audio and Windows Media Video files via P2P.
PC World Magazine did some research, ran Etherpeek, and found that
the adware was going to Overpeer, which is owned by Loudeye,
who strongly defend the practice, saying music pirates deserve what they get.
Of course, what the article isn't mentioning is that
this means that the WMA and WMV file formats have features
that can be used with the Windows Media Player to support adware,
so a good chunk of the blame belongs back in Redmond.
(Remind me again why closed-source DRMware is a good idea?)
Now, it wouldn't bother me if the Windows Media Player's
silly trippy visuals that you get when playing audio
that doesn't have a video track were replaced by
some advertising video, as long as it's all self-contained
and doesn't phone home to tell advertisers what I'm listening to.
But this one seems to be pretty chatty.


Bill Stewart  [EMAIL PROTECTED] 

RE: Ready, Aim, ID Check: In Wrong Hands, Gun Won't Fire

[Trei, Peter]

Justin wrote: 
> On 2005-01-11T10:07:22-0500, Trei, Peter wrote:
>> Justin wrote:
>>> 
>>> I don't believe the article when it says that smart guns 
>>> are useless if stolen.  What do they have, a tamper-proof 
>>> memory chip storing a 128-bit reprogramming authorization 
>>> key that must be input via computer before allowing a new 
>>> person to be authorized? And what's to stop a criminal from 
>>> ripping out all the circuitry and the safety it engages?
>> 
>> The 'stolen gun' problems most of the so-called 'smart gun' 
>> proposals are trying to address are the situation when a 
>> cop's own gun is taken from him and immediately used against 
>> him, or a kid finding one in a drawer. A determined and 
>> resourceful person can, given time, defeat them all.
> 
> from the article:
> "Guns taken from a home during a robbery would be rendered 
> useless, too."

That statement, in the OA, is not a quote - it's either
something the author dreamed up, or (in context) BS fed
her by a NJ cop

So, we've established that a NYT journalist, writing on
a subject she probably knows nothing about, will regurgitate
any naively plausible bullshit she's fed. What else is new?

My statement that there are a significant number of cops
killed by their own guns, and a small but tragic number
of people killed accidentally playing with improperly stored
guns they find, remains true. These 'smart guns' could 
reduce that problem, but making them mandatory is a 
threat to freedom.

>>> The South African Smart gun...
>> http://www.wmsa.net/other/thumb_gun.htm
 
> Totally useless.  Failure modes and various other complaints:
 
I laughed when I saw this (my first thought was "How
could anyone practice enough to maintain proficiency?")
I was later appalled when I found a colleague using 
it as an example in a presentation on biometrics.

I also strongly expect that Mr. van Zyl does not
have a functioning device - this is vaporware of
some kind.

Peter Trei

RE: Ready, Aim, ID Check: In Wrong Hands, Gun Won't Fire

[Trei, Peter]

Justin wrote:
> 
> I don't believe the article when it says that smart guns are 
> useless if
> stolen.  What do they have, a tamper-proof memory chip 
> storing a 128-bit
> reprogramming authorization key that must be input via computer before
> allowing a new person to be authorized?  And what's to stop a criminal
> from ripping out all the circuitry and the safety it engages?

The 'stolen gun' problems most of the so-called 'smart gun' proposals
are trying to address are the situation when a cop's own gun is
taken from him and immediately used against him, or a kid finding
one in a drawer. A determined and resourceful person can, given
time, defeat them all. After all, a 'determined and resourceful
person can build a gun from scratch with a small machine shop,
and many do (its not automatically illegal).

I link below to an absolutely bizarre proposal - apparently real
and claimed to be existing in prototype - by an South African 
inventor to make an unstealable gun. Amongst other weirdness, 
it fires the specially manufactured cartridges by firing a 
laser into the glass-backed primer. As a result removing 
the electronics would make it unusable. You'd have to 
hack it instead.

http://www.wmsa.net/other/thumb_gun.htm

This is a typical example of what I meant when I said that
'smart gun' proposals all come from people with zero 
knowledge of how guns are used.

I strongly suspect that the gun in the picture is
a non-working prop.

Peter Trei