Re: Steganography and musical scores?
(resent) At 11:44 AM 6/13/03 -0400, Peter Wayner wrote: >At 9:27 AM +0200 6/13/03, Thomas Shaddack wrote: >>See also something about computer-generated music: >>http://brainop.media.mit.edu/online/net-music/net-instrument/Thesis.html >> > > >I'm told someone is trying to encode information by ordering the >musical notes played in a chord with a Midi synthesizer. It's >possible to hide information in the order of a set using a technique >like this: > >http://www.wayner.org/books/discrypt2/sorted.php That's cute --there's no acoustic difference. There are also methods which produce nearly imperceptible differences --you can adjust the millisecond-scale timings, or the dynamics. Since these will vary with each performer's rendition anyway, they're fairly stealthy.
Re: An attack on paypal
At 03:39 PM 6/10/03 -0700, Bill Frantz wrote: >At 5:12 PM -0700 6/8/03, Anne & Lynn Wheeler wrote: >>somebody (else) commented (in the thread) that anybody that currently >>(still) writes code resulting in buffer overflow exploit maybe should be >>thrown in jail. Not a very friendly bug-submission mechanism :-) >IMHO, the problem is that the C language is just too error prone to be used >for most software. In "Thirty Years Later: Lessons from the Multics >Security Evaluation", Paul A. Karger and Roger R. Schell > credit the use of PL/I for >the lack of buffer overruns in Multics. However, in the Unix/Linux/PC/Mac >world, a successor language has not yet appeared. What about Java? Apart from implementation bugs, its secure by design. --- "and then you go to jail" is a bad error-handler for a protocol.
Re: unregistered shell
At 12:29 AM 6/10/03 -0700, Bill Stewart wrote: >At 09:48 AM 06/09/2003 -0700, Major Variola (ret.) wrote: >>the Capitol because it had a gasoline container strapped to its roof. >but this sounds like a case of Darwin catching up with the guy >in a way that only eliminates *him* from the gene pool >rather than taking out innocent bystanders when the >gas can falls off his car roof Depends on how sturdily he attached it. Jeeps (et al) have spots for gas cans in the rear exterior of the car. Driving with a tank of gas in the passenger compartment isn't a good thing. Also RVs typically have a few gallons of propane on an exterior tank. And welding trucks.. But the real point is that ammo has to be registered. Amazing. I found an old, live cartridge in the desert last weekend, tossed it in the car. What if I lived near DC instead of SoCal? --- "Did you really think that we want those laws to be observed? . . . We want them broken. You'd better get it straight that it's not a bunch of boy scouts that you're up against - and then you'll know that this is not the age for beautiful gestures. We're after power and we mean it. . . . . There's no way to rule innocent men. The only power any government has is the power to crack down on criminals. Well, when there aren't enough criminals one makes them. One declares so many things to be a crime that it becomes impossible for men to live without breaking laws. Who wants a nation of law-abiding citizens? What's there in that for anyone? But just pass the kind of laws that can neither be observed nor enforced nor objectively interpreted - and you create a nation of lawbreakers - and then you cash in on the guilt. Now that's the system, . . . that's the game, and once you understand it, you'll be much easier to deal with." From Atlas Shrugged, by Ayn Rand.
[Brinworld] Neighbor's surveillance camera?
Authorities said they were considering the possibility that a second person might have been involved in the abduction, based on video from a neighbor's surveillance camera. http://www.cnn.com/2003/US/West/06/09/california.abduction/index.html
unregistered shell
June 6, 2003 | WASHINGTON -- A man was arrested outside the Capitol Friday for carrying unregistered ammunition in his car, a police spokeswoman said. Capitol Police spokeswoman Jessica Gissubel said police stopped the car as it was traveling on Constitution Avenue on the north side of the Capitol because it had a gasoline container strapped to its roof. The man, who was not identified, voluntarily handed over the ammunition, described as a shotgun shell. It is illegal to carry unregistered ammunition in the District of Columbia. http://www.salon.com/news/wire/2003/06/06/capitol/ They can't find WMD, but they can find a dude with a shell in his truck.
You bought it, Who controls it? [TR Article]
article by Edward Tenner, Technology review, June 2003 p61-64 Also an article on "deceipt detector" p67-69 about using IR reflectivity of your frontal lobes to detect deceipt. Sort of a polygraph on steroids. (sorry, only cites, not URLs this time)
Re: SIGINT planes vs. radioisotope mapping
t 10:23 AM 6/6/03 -0700, Tim May wrote: >I certainly never implied in any way that a simple G-M tube would be >useful for this. Implicit in my radioistope mapping comment was that a >gamma ray spectrometer would be used. > >And note that this is just what can be easily bought on the open >market...N.E.S.T. (Nuclear Emergency Search Team) and similar LEO >people almost certainly have more miniaturized detector setups. Indeed, there is a group of GeigerCounterEnthusiasts on Yahoo whose members have/make this kind of thing. You use scintillation plastic & photomultiplier tubes; you can get these on eBay. Sometimes they mount their detectors in cars and find that some sections of roads are hotter than background, or a hot railroad car. >For this I used a pair of large sodium >iodide crystals which also show up on eBay >mode that resulted in a pair of gammas sent out in opposite directions. Also the principle behind PET scans. Mr. positron meets Ms. electron, and bang, two little Gammas carry the momentum away... GM tubes use avalanche to amplify; the scintillators, NaI, semiconductor junctions measure analogue energy, so you get an energy spectrum. Add a few comparators and a logic gate and you get a channel. .. Pierre Curie didn't die from radiation poisoning, he was hit by a horse drawn cart
1st amend applies to video games
A federal appeals court panel has struck down a law that restricted children's access to violent video games, giving the software the same free-speech protection as that for works of art. A panel of the 8th Circuit Court of Appeals ruled Tuesday that a St. Louis County, Mo., ordinance that bans the rentals or sales of graphically violent video games to minors violates free-speech rights. In doing so, the panel reversed a ruling by the U.S. District Court for the Eastern District of Missouri and ordered the lower court to craft an injunction that would prohibit the ordinance from taking effect. In Tuesday's ruling, the panel decided that if the paintings of Jackson Pollock, the music of Arnold Schoenberg and the Jabberwocky verse of Lewis Carroll are protected by the First Amendment, then video games should be, too. http://news.com.com/2100-1043_3-1012882.html?tag=lh
Re: SIGINT planes vs. radioisotope mapping
At 05:28 PM 6/3/03 -0700, Tim May wrote: > Possibly for construction >of baseline maps of existing radioisotopes in university labs, >hospitals, and private facilities. Then deviations from baseline maps >could be identified and inspected in more detail with ground-based vans >and black bag ops. Good call. I wonder if folks getting PET scans will have to kick back longer in the waiting areas lest they be snatched by delta teams... hopefully the .mils can distinguish Tc99 et al from other 'topes.. similarly with mobile industrial inspection rigs --except that they have the good stuff a RD gadget-maker would want. Maybe GPS + IFF beacons will be added to those. --- SAFETY RULES FOR US STRATEGIC BOMBERS 5.1. Don't use nuclear weapons to troubleshoot faults. http://cryptome.org/afi91-111.htm
Typical PGP user mistakes
I recall reading at least one study of learning PGP and its UI. I have had the chance to observe half a dozen (albeit, smarter than normal) others' (mostly engineers) learning curves. All are using PGP 7.03 and Eudora 3.05. We are not using public key servers. Mistakes include: * neglecting to encrypt to an intended recipient's key * encrypting to self (only) * not encrypting to self, requiring a recipient to send it back to you * accidentally multiply encrypting a message (ie, you encrypt the encrypted ASCII) Problems also include not being able to rename the email address associated with a key, leading to some recipients being recognized and encrypted to, others not. Also errors if there are spaces added to the PGP ASCII block. Yes, there are checkbox-features and PGP Groups and sufficient GUI feedback such that these mistakes are "not the tool's fault". And I/we appreciate these features and overall excellent design. Yet there are also people who enjoy studying UI design, cognition, learning, etc. and perhaps these anecdotal observations would be useful. After all, Enigma was broken by exploiting the man-machine interface. No one new to any tool should be using it for life-critical apps before competent. The above mistakes more self-inflicted denial of service problems than tool weaknesses. In fact, one group member accidentally sent email to a random user in the sender's ISP (because of the sender's Eudora-alias not matching the alias he typed in the To: field). This didn't matter because the content was encrypted. You often put locks on things (cars, homes, throwaway email accounts) to protect against benign, accidental intrusions, even if the lock is easily defeated/circumvented. We just happened to be using a strong lock, endorsed by the Red Brigade :-) --- Pierre Curie didn't die from radiation poisoning, he was hit by a horse drawn cart
Re: Nullsoft's WASTE communication system
At 01:09 PM 5/30/03 -0400, John Brothers wrote: > >> Any license that you may >> believe you acquired with the Software is void, revoked and terminated. > >Can you void and/or revoke the GPL? Who cares? There is *no* obligation that you check back with Nullsoft to re-read their terms. They can whine about licenses all they want, but no downloader has any need to check back, or change their behavior. E.g., Realmedia may have pulled an early Free version their .ram generator, but its out there. I think people have not quite gotten their hands around the speed at which information can be disseminated online. -Monica Lewinsky, LATimes 9 may 01
Re: "PGP Encryption Proves Powerful"
At 11:18 AM 6/1/03 -0400, Ian Grigg wrote: >There is a reason that the AK47 is the weapon of >choice: it is an extraordinarily simple weapon. >Training is probably about half the requirements >of say the M16. That makes a difference, much >more so than, say, the increased accuracy of the >M16! Got evidence? The benefits of the AK involve the *weapon's* robustness, not its user interface. Also, a 7.62 beats a 5+change mm any day. >Phsycologically, it makes us unhappy to realise >that the 911 attackers were actually quite simple, >so we don't. We build up Osama bin Laden to be >a mastermind, a sort of James Bond-qualified evil >guy who constructs plans of insidious cunning. OBL is at least 2 standard deviations smarter than Bush, and probably one more than Rummy too. Thinking otherwise is buying into the "madman" propoganda. >All this is a long winded way of saying your >average terrorist is much more like your grandma >when it comes to tech. Highly competant in the >kitchen, but can't send an email to save herself. Except that post sat-phone, the Base has plenty of motivation to train well in opsec. Or catch a tomahawk. You working for Fox News these days? Or just wishful thinking?
Re: Maybe It's Snake Oil All the Way Down
At 08:32 PM 5/31/03 -0400, Scott Guthery wrote: >Hello, Rich ... > >When I drill down on the many pontifications made by computer >security and cryptography experts all I find is given wisdom. Maybe >the reason that folks roll their own is because as far as they can see >that's what everyone does. Roll your own then whip out your dick and >start swinging around just like the experts. Are you trying to confirm that either the WASTE folks are homosexual, or puerile, as one might guess from the names of some of their projects? (Not that either impugns their code.) On the other hand, both AES and 3DES are US gov't approved. Which is sufficient reason to use Blowfish. Some of the other critiques of WASTE methods are substantial, however, in particular the SSL recommendations are useful tidbits to remember.
IQ, g, flying
At 02:30 PM 5/30/03 -0700, Tim May wrote: >The second irony is that just today I took my first flying lesson, in a >Diamond Katana composite/carbon single-prop plane. I took off from the >Watsonville Airport, which is, I assume, the home airport of Adelman. Just FYI, if you read up on G (general intelligence factor), you will learn that the *only* cause of death that increases with G is dying in airplanes. (This is evidence that G is real, and general, and intelligence is adaptive.) You might also enjoy http://www.av8n.com/ which I once stumbled upon because Denker now does crypto.
Re: Brinworld: Streisand sues amateur coastal photographer at californiacoastline.org
At 10:00 PM 5/30/03 -0400, Tyler Durden wrote: >You think that's bad? > >I know someone who was offerred $1,000 a night to play lead trumpet for >Streisand. When he heard that a major requirement was that he was not to >"lock eyes onto Streisand" (ie, look at her), he declined the offer. Who cares? That's a private transaction. Neurosis is not criminal. You can hire Streisand to sing on the condition that she keeps her nose up your ass, so long as its a mutually consensual transaction. But you can't use the threat of violence (ie law) to coerce photogs publishing what anyone can see. *That* is the point.
Re: 8-bit modular exponentiation code?
At 10:34 AM 5/30/03 -0700, Bill Frantz wrote: > >I think your best bet for an 8 bit CPU will be an assembly language >routine. Likely so. For those interested, I found this article, which does in fact use enhanced (it has a multiplier) Z80 assembly, included in the article: http://www.ddj.com/documents/s=1030/ddj9309e/9309e.htm The Z80180 and Big-number Arithmetic Squeezing 512-bit operations out of 8-bit microcontrollers Burton S. Kaliski, Jr. For instance, in one recent project, our challenge was to implement 512-bit RSA private-key operations in less than 10 seconds on Zilog's 8-bit Z80180 microcontroller running at 10 million cycles/second. . The folks at cyphercalc.com have a cyphermath8 library, albeit commercial. See http://cyphercalc.com/math/features.htm They give this performance data for the Rabbit CPU (see http://cyphercalc.com/math/performance.htm) 780 milliseconds for a modular exponentiation with a 128-bit base, 40-bit exponent, and 128-bit odd modulus. Exponent ones density: 50%. Target: Rabbit Semiconductor RCM2020, running at 18.4Mhz. Compiled under Dynamic C, version 6.03, with assembly optimizations in effect. [no affiliation] . Smartcard vendors tend to include a modexp co-processor.
Re: 8-bit modular exponentiation code?
At 07:30 AM 5/24/03 +0100, Adam Back wrote: >Colin Plumb's crypto library bnlib supports multiple word size I >believe. >On Fri, May 23, 2003 at 11:36:58AM -0700, Major Variola (ret.) wrote: >> Anyone know of any open-source modexp code for 8-bit cpus? Thank you for your response, however (for the record) that code requires at least a 16bit CPU. From bnlib.doc (an amusing read, BTW): It is written in C, and should compile on any platform with an ANSI C compiler and 16 and 32-bit unsigned data types "Small" is defined as less than 65536, the minimum 16-bit word size supported by the library.
Re: Apple's "Rendezvous" bites "Itunes"
At 08:48 PM 5/29/03 -0400, Declan McCullagh wrote: >On Thu, May 29, 2003 at 12:23:25PM -0500, Jamie Lawrence wrote: >> If you bought a 'product' from a closed system and didn't take self >> help measures, why are you surprised when that closed system changes? >> >> Really, there's no story here. > >But then again when you have millions of people affected, that's generally >a solid news story, in my experience. > >-Declan > Geezum Declan, what *did* you take at Playa del Fuego that zeroed your sense of sarcasm? I know, I know, lots and lots of snapshots. Never mind.
Re: U.S. Drops 'E-Bomb' On Iraqi TV
At 04:56 PM 4/6/03 -0700, Bill Stewart wrote: >>A lot of these struck me as desparate attempts by the bomb designers to >>find *something* useful to do with the damned things besides pray that >>they sit in their silos, rusting, and are never, never used. > >Yes, that's about right... > I think that is grossly unfair. They all-of-a-sudden had a several-order-of-magnitude change in the cost of explosions, and as applied scientists, looked for beneficial applications. Fact is, if the sheeple weren't so ignorant/afraid, peaceful, clean uses of nukes could benefit, e.g., excavating canals at a fraction of the cost/time of conventional work. This is economics & physics, with politics smothering the whole affair. --- "Of what use is a new borne babe?" -Faraday
Re: Idea: Snort/Tripwire for RF spectrum?
At 03:53 AM 4/6/03 +0200, Thomas Shaddack wrote: >Messing around TSCM.com, musing over detection of bugs. Getting an >immediate idea I'd like to get peer-reviewed. > >There is a problem with bug sweeps in some countries. The legal TCSM >providers can be legally required to not inform the client about a >police-authorized bug, and/or legally forbidden to tamper with it. So a >customer-operated solution should exist. > >GNU-Radio project seems to me to be flexible enough to be suitable as a >bug detector. Insufficient B/W. Look up "WinRadio".
Maryland legislators decide to fuck the constitution
"I realize that this bill basically says you can tap someone's phone for jaywalking, and normally I would say, 'No way,' " said Del. Dana Lee Dembrow (D-Montgomery). "But after what happened on September 11th, I say screw 'em." http://www.washingtonpost.com/wp-dyn/articles/A12099-2002Mar24.html Just in case you didn't know how a totalitarian police-state coup grows, more excerpts: Given the potential for mass casualties, said Del. Robert A. Zirkin (D-Baltimore County), the occasional intrusion into lives "seems worth the risk." "I know it's hard to swallow," Zirkin said. "But I think we need to take a couple steps in that direction right now." Reminds me of when a sociologist was interviewing a southern farmer: Why do you think the murder rate is higher in the south? I guess more southerners need killin'.
re: USPTO needs killing
The current _Tech Review_ has an article about Tropicana (a div. of PepsiCo) patenting a recipe for mixing OJ from earlier-ripening fruits. The patent office is not supposed to grant patents for *recipes*, and an association of tree-growers is suing the USPTO.
RE: I'm no "agent." Sez the cretin agent.
At 08:33 PM 3/22/02 -0600, Aimee Farr wrote: >Tim wrote: >> Don't hire a single lawyer. As soon as even a single lawyer is hired, >> you're lost. Because it means you're thinking in terms of using the >> legal system, of striking business deals with those whose products you >> napster, and with working within the system. >> >> Not hiring a single lawyer, not even _consulting_ with a lawyer, means >> you are fully aware of how much you are relying on the laws of >> mathematics rather than the laws of men. > >"I find your lack of faith disturbing." -- Darth Vader "Read the source, Luke" >What happens if you break the laws of mathematics? Jah gets *really* pissed. >Or, does couching a >choice of law between the "laws of men," and "the laws of mathematics" smack >of some fallacy? Been fellating a lot of legislative numerical illiterates recently, have we Aimee? >Not hiring a single lawyer, not even _consulting_ (emphasis his) a lawyer, >more truly means you are a complete moron and disdain even calculated risk. No, it means you're observant and have discounted the lawhores. >If you break the law by a significant act in that direction, you set your >own hook for co-option, especially in espionage. What if you do no wrong, but the RIAA/MPAA brings heavy artillery upon you? Naah, can't happen here, Suzy Creamcheese. >Most of the information you need is open >source, Dream on >or can be gained by acumen with low-risk. Add in the traitor element >and the "go to jail" consideration, and it looks like a no-go to me. We have some questions about the optimal voltage/flow rate used when electro-spraying CO2 & nutrient deprived anthrax cultures...
Global Crossing = Western Union = Collaborators
Ex-SecDef Cohen is a member of the board of Global Crossing. A Global Crossing exec is a member of Bush's National Security Telecom thang. This was reported on a State-Licensed "news" channel. But the implications weren't: you don't need Echelon if you have tentacles into the fibernet... even if it pulls a chapter 11.. Collaborators need collaborator treatment... --- (Bamford fans will get the Western Union ref...)
Re: design considerations for distributed storage networks
At 03:43 PM 3/22/02 -0800, Tim May wrote: >On Friday, March 22, 2002, at 01:55 PM, Morlock Elloi wrote: > >>> Suggestions for more criteria welcome. >> >> Motivation. >> >> I cannot find a non-computer paradigm that relates to sharing in-house >> private >> resources with unknown others. This maybe the the principal conceptual >> obstacle. Outside irrelevantly low-numbered activist circles, masses >> just do >> not want to share without very obvious and immediate gratification. Why do folks rip CDs they have licensed? Because they want to access them at work. Or to share them with friends. As a side effect, you have these MP3s which you can trivially share with the world. If you estimate your risk at being caught as approaching nil, and the effort required to share also approaches nil, it happens. >I gave Phil the example of someone soliciting something like "Optimum >implant doses for CMOS process sought. Will pay $500." Optimum doses are around 125 micrograms. Costs much less than $500. >To make the point graphically to Phil, I devised "Black Net" as the >place where epi implant information is bought and sold, where someone >offers $100K for the Stealth bomber blueprints, where all sorts of >secrets are solicited and offered. Left under a bridge in a park in D.C... >Any person, any organization, any company which gets into the napstering >business will face the guns of the lawyers, the Feds, international >bodies (when it suits them), and so on. Whether that company is Mojo or >BitTorrent or whatever, the criminal and civil suits will be aimed at >whomever can be identified as a nexus. >* Forego ego and develop and release a product _untraceably). Many in, or formerly in, the software biz have realized that: 1. Microsoft can buy you out (at least you make some one-time money), or duplicate you 2. Open source folks can duplicate you *for free* and now you add, 3. Lawyers/congresscum will harass you. Alas, poor programmers... >But find other ways to make money or stroke your ego. The familiar saw >about two people being able to keep a secret...if one of them is dead. And "real friends help you move bodies"... Cheers, (and we agree with you, if its not obvious)
Re: time-delayed release of information
At 04:23 PM 3/23/02 +1100, Julian Assange wrote: >If the sats were moving away from earth at significant >speed due to VEEGA like alignment windows, it might be a long time before >these sats could ever be destroyed. High power laser beams are hard to outrun.
