RE: Knowing your customer
Green carders, yes. Visiting foreigners who are not working, not neccesarily. Tourists certainly not. How about if James Higginsbottom opens an account in the London branch of Citibank? Does he need a US SSN to do so? (I don't think so). Can he use the account in the US (I suspect he can). Peter > -- > From: R. A. Hettinga[SMTP:[EMAIL PROTECTED]] > > At 10:20 AM -0500 on 12/7/00, Trei, Peter wrote: > > > Are you saying that a visiting foreigner can't open a bank account in > the > > US? > > I'd be quite suprised if this is the case. > > I would be surprised if you didn't need at least a tax ID number, myself. > > I'm not sure, because I don't have one, but I think that people with Green > Cards have to have Social Security Numbers, right? > > Cheers, > RAH >
RE: Knowing your customer
> R. A. Hettinga[SMTP:[EMAIL PROTECTED]] wrote > You're thinking of something else, but you're close enough. For instance, > there are laws in most jurisdictions about requiring a social security > number to open a bank account > Are you saying that a visiting foreigner can't open a bank account in the US? I'd be quite suprised if this is the case. Peter Trei
RE: hi
> Tim May[SMTP:[EMAIL PROTECTED]] wrote: > > At 4:02 PM -0800 12/6/00, IT IS SHOOOSH wrote: > >Daer Reciever... > >i am a stuend in an American University... > >and i am taking a public speaking course... > >i have this week to give a persuasive speech (my final > >speech)...i thought of doing it about persuading my > >audience that seatbelts are not safe as we > >thought...there is a stydu done recently in England > >that showed that... > > > >i dont know,,is it a good topic,,or can u give me more > > > >thank you > >Rasha > > > > Daer Reciever Rasha, > > i am happi you r a stuend. amrika needs good stuends. > baste on yur speling, i think u shuld becum a teecher. > > --tim > Anyone else suspect that the original message (from a throw-away yahoo account) is a troll, and wonder if Tim might have been the author? [Tim, perhaps you're not, but replying so quickly in this manner to the original message (which is a canonical example of the way you satirize uneducated blacks) is suspicious to say the least :-] Peter
RE: iPaq
There's also a Linux port, if you want to kid yourself that you're going to check the OS security yourself. Peter Trei > -- > From: [EMAIL PROTECTED][SMTP:[EMAIL PROTECTED]] > Reply To: [EMAIL PROTECTED] > Sent: Wednesday, December 06, 2000 12:00 PM > To: [EMAIL PROTECTED] > Subject: iPaq > > The device has extension ports that allow PCMCIA and Compact Flash. > These adapters are in the $50 range. There are wireless modems available > but they're fairly pricey : ~$350 for the modem, $50.month for the > service. All in all it looks pretty good. Schematics/specs open, Linux/X > already ported. The specs are reasonable ( unlike Palm ) it's a 206MHz > ARM9, USB, Audio, 320x240x12bit display, 16Mb FLASH, 32Mb DRAM if I > recall correctly. Throw in a 512Mb IBM microdrive, CFS, it's not bad. > Looks like the most secure option to me. Gateway SW over USB ( even for > M$ OS ) shouldn't be too tough. I guess you could trust an M$ machine to > handle already encrypted packets. > >
RE: Net News as Cover Traffic
> Ray Dillinger[SMTP:[EMAIL PROTECTED]] wrote > > I think that what we really need is some kind of NNTP-like system > that distributes encrypted packets instead of cleartext ones. If > you want to baffle traffic analysis, just create a system where > they can't tell the difference between your emails and tons and > tons of news traffic. > [...] You mean like the long standing and active news group alt.anonymous.messages, but different? Peter Trei
RE: CNN.com - U.S. Supreme Court strikes down drug roadblocks - November 28, 2000
> Jim Choate wrote: > On Wed, 29 Nov 2000, sunder wrote: >[Please don't post 64k of html when a URL would do] > > This is such a fucking waste of space and time. Why are you so hard > headed? > > I never learned to say 'baaah' and I feel no obligation to satisfy your > desires or wants. I certainly feel no desire to live my life according to > your ethics. If it really bothers you see a shrink. > > Just another wannbe tyrant. > >The Armadillo Group ,::;::-. James Choate > No, just a reasonable man asking you not to piss where we drink. Jim, you're being a jerk. When I post long texts, I post only the text, even if I have to pull the page source into emacs to do so. If appropriate, I post the URL instead. This is common courtesy. As you say, it's an open list. No one can actually stop you from being a jerk except yourself. However, as your jerk index increases, people gradually pay less and less attention to you. It hurts your reputation, which is the closest thing to gold you possess in an online form such as this. There's a difference between (1) being a sheep, and (2) acting with consideration; a difference which appears to be too subtle for you. Peter Trei Disclaimer: It's just my opinion, OK?
Giving the Devil the Benefit of Law (was: RE: Jim Bell arrested documents online)
I really find AP depressing. I find the arguments that it would only be used against 'those that needed killing' faulty, in that everyone has a different list. There are a lot of folk who would put crypto anarchists on their list (as well as, say, Major League Baseball umpires :-). "Law", and 'legal systems', when they operate correctly, do provide a brake on unpredictable and arbitrary violence. There is no question that they can be, and are, severely misused by the rich and powerful to their own ends. But not all the time, and not in all cases. Reading this thread makes me remember on of my favorite dramatic scenes: >From "A Man for all Seasons" by Robert Bolt. Sir Thomas More, a lawyer. Alice: His wife. Margaret: His daughter. Roper: His son-in-law. They are discussing a man whom they regard as suspicious: Margaret: "Father, the man is bad." More: "There's no law against that." Roper: "There is a law against it. God's law." More: "Then God can arrest him." Roper: "Sophistication upon sophistication!" More: "No. Sheer simplicity. The law, Roper, the law. I know what's legal, but I don't always know what's right. And I'm sticking with what's legal. Roper: "Then you set man's law against God's?" More: "No. Far below. But let me draw your attention to a fact. I am not God. The currents and eddies of right and wrong, which you find such plain sailing, I can't navigate. I'm no voyager. But in the thickets of the law, there I am a forester. I doubt if there's a man alive who could follow me there, thank God." Alice: "While you talk, he is gone." More: "And go he should, if he was the Devil himself, until he broke the law." Roper: "So now you'd give the Devil the benefit of law!" More: "Yes. What would you do? Cut a great road through the law to get to the Devil?" Roper: "I'd cut down every law in England to do that!" More: "Oh? And when the last law was down, and the Devil turned round on you -- where would you hide, Roper, the laws all being flat. This country's planted thick with laws from coast to coast -- man's laws, not God's -- and if you cut them down -- and you're just the man to do it -- do you really think you could stand upright in the winds that would blow then? Yes, I'd give the Devil benefit of the law, for my own safety's sake." --- There are too many Ropers on this list. Peter
RE: Florida Electoral defection threat!
You're correct on the 271, but I'm *sure* you didn't mean to type 'Utah'. Ok, two faithless electors would throw it to the house, and three would make it Gore, as I said on the 8th. Peter > -- > From: Declan McCullagh[SMTP:[EMAIL PROTECTED]] > Sent: Wednesday, November 15, 2000 12:37 PM > To: Trei, Peter > Cc: [EMAIL PROTECTED]; '[EMAIL PROTECTED]' > Subject: Re: Florida Electoral defection threat! > > No, if Bush won Florida but not Utah, he'd have > 246+25=271, not 270 e.v. > > If one elector defected, Bush would win, if two electors defected, > Bush would win (in House), if three electors defected, Gore would win. > > -Declan > > On Wed, Nov 15, 2000 at 11:16:38AM -0500, Trei, Peter wrote: > > Do the numbers: > > > > The electoral college standings are currently: > > > > Bush: 246 > > Gore: 255 > > > > Undecided states: > > Florida 25 > > New Mexico 5 > > Oregon 7 > > > > Total 538 > > > > If Bush gets Florida, but not OR & NM, he gets 270 votes, > > and Gore gets 268. > > > > One Bush elector defecting puts both at 269, a dead heat. > > > > Peter Trei > > > > > > > > >
RE: Florida Electorial defection threat!
If you go back to the thread I started last week 'A strange election scenario', you'll find that I raised this possibility the day after the election. It would take at least two faithless electors to swing the election to Gore. One would make it a dead heat, and send the decision to Congress. [It's been pointed out that Bush's lead in Florida is less than the margin of error of the various counting methods. For all rational purposes, the election there is a tie. But elections are not a rational process, and must arrive at single anointed winner. A coin flip would be as fair as the various machinations underway.] Peter > -- > From: [EMAIL PROTECTED][SMTP:[EMAIL PROTECTED]] > Reply To: [EMAIL PROTECTED] > Sent: Wednesday, November 15, 2000 4:12 AM > To: [EMAIL PROTECTED] > Subject: Florida Electorial defection threat! > > A Florida Electoral delegate for Dubya, (an unknown > number of electoral votes), is threatening to vote > for Gore. Apparently she is free to do so. > > Her name is approximately Berta Morajelo, sounded > Spanish or Cuban. Reported on MSNBC TV, who's WWW > sucks rotten toads, so I don't visit it anymore. >
Amazon's new user interface.
http://www.amazon.com/exec/obidos/subst/home/all-stores-ballot.html/106-5432 692-8816419 It's worth looking at. Peter
Re: A successful lawsuit means Gore wins!
> Jim Choate[SMTP:[EMAIL PROTECTED]] wrote: > > What happens if by the day the new president is to take his oath there is > still no clear winner? Even if the candidates get together and one is a > gracious loser, the trauma won't be lessened. There will be literaly no > faith in the president. What would Congress need to do in order to pass an > emergency resolution that would allow the current president to stay in > office until the issue is resolved. Could this be a new way to get a third > term? Would the vice-president (who serves when the president can't) then > be the next in line (assume the speaker of the house would be next if > memory serves)? > One of the good results of the current stalemate is that many of us are getting crash courses in constitutional law. This is covered by the Presidential Succession Act of 1947. See http://www.greatsource.com/amgov/almanac/documents/key/1947_psa_1.html There would be appointed an acting president, who would stay in office only until the election was settled. The order of sucession goes; President Clinton Vice President Gore Speaker of the HouseHastert President pro-tem of the Senate Gore Secretary of State Albright Secretary of the Treasury Secretary of Defense Attorney GeneralReno Postmaster General Secretary of the Navy Secretary of the Interior Secretary of Agriculture Secretary of Commerce Secretary of Labor I suspect that the upshot would be that Clinton would stay in office for a while. The other alternative is that the already appointed electors vote, leaving out the unappointed Florida electors. This would throw the race to Gore. Peter Trei
RE: Where is John Young?
> -- > From: Tim May[SMTP:[EMAIL PROTECTED]] > At 8:50 AM -0800 11/9/00, A. Melon wrote: > >Declan; > >Why haven't you found out yet what happened to Jim Bell? Certainly > you > >could ask questions of Portland PD, whatever, or his mom, find out what > >they've done with him. > >This is certainly a newsworthy item. Squelching free speech by > terrorizing > >dissedents is what it's all about. > > And where is John Young? His last post I can find was on 11/2. > Nothing since about the time the Bell raid happened. > > (And his posting statistics were fairly uniform prior to this: a post > or two every day, with very few long gaps.) > > I was only half-joking that maybe Bell's and Young's work on tracing > down those CIA safe houses in Bend, Oregon were getting him in > trouble. > > John, say it ain't so. > > --Tim May > There are new articles, dated today, in the cryptome. There is a gap from Nov 5 thru Nov 9. Maybe he went on vacation. Peter Trei
RE: Reporting weirdness: Hagelin vs. Browne
> -- > From: > [EMAIL PROTECTED][SMTP:[EMAIL PROTECTED]] > Reply To: [EMAIL PROTECTED] > Sent: Thursday, November 09, 2000 3:43 PM > To: [EMAIL PROTECTED] > Subject: Re: Reporting weirdness: Hagelin vs. Browne > > TCMay writes: > > On CNN I watched the election results coming in. They always listed > > four candidates: Bush, Gore, Nader, and Hagelin. The usual format was > > Bush/Gore on the "crawl" at the bottom of the screen and then a > > second page with the crawl having Nader/Hagelin. > > In fact, Browne did better than Buchanan in Florida, and for that > matter Phillips did better than Hagelin. I too noticed CNN's bizarre > focus on Hagelin over the much higher polling Browne and Phillips. > Perhaps Hagelin acquired an aura of respectability at their editorial > desk due to his fight with Buchanan for the Reform nomination. > > Buchanan beat Browne nationwide but Browne won in a number of states, > including Florida. However Browne's vote total ended up being lower > than in 1996. > > Ob > Watching in Massachusetts, I was actually rather impressed at the level which the major media were reporting the minor candidates. Unlike previous years, where it sometimes took days for me to find out how Libertarian candidates did, this year they were reported live along with the others. In Ma, Carla Howell got about 12% in her Senate run, just a little behind the Republican candidate (the rest went to Kennedy). In fact, Libertarian candidates where getting 10-15% of the vote quite consistantly in local races. Peter Trei
RE: Connie Chung fucks up & things are not as they seem.A good example of the tremen
Seeing as the rest of this site is talking about crop circles and UFOs, I think I can ignore this report. Peter Trei [While it's not impossible for UFO-nuts to stumble across something real, their inability to distinguish reality from fantasy indicates a lack of critical faculty. In a world where the flow of claim and counterclaim has an intensity not unlike standing underneath a waterfall, filtering is essential. This claim fails one of my first level filters. PT] > -- > From: Gary Jeffers[SMTP:[EMAIL PROTECTED]] > Reply To: Gary Jeffers > Sent: Sunday, November 05, 2000 1:42 AM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Re: Connie Chung fucks up & things are not as they seem.A > good example of the tremen > > > Declan McCullagh writes: > > > >Source? TV show? Date? Transcript? > > > >-Declan > > >Declan, my source is the net address listed below. At > the top of that page are a "general info" button and a > "contact us" button. Under "general info" they list > [EMAIL PROTECTED] as their email address. They also list > there their snail mail address. > >That's all I know of the source. This looks like a job > for an investgative reporter such as yourself:-) Sorry I > am not more helpful. If you can actually validate from > tv network sources that that sequel occurred, you will have a great big > can > of worms to play with :-) > -Good luck! > > > > > > >On Sat, Nov 04, 2000 at 10:20:10PM -0600, Gary Jeffers wrote: > > > My fellow Cypherpunks, The following is interesting. > > > > > > > > > http://www.albany.net/~rwcecot/iraap/Quinn/phoenix1.htm > > > > > > find string: Connie Chung > > > > > > > > > A good example of the tremendous degree to which the major news media > > > organizations are called to heel is seen in the facts surrounding the > >two > > > year hiatus in the professional career of CBS broadcaster Connie > Chung, > >who > > > had the misfortune to have ended up being paired with Dan Rather > several > > > years ago. >
RE: RISKS: New Jersey shuts down E-ZPass statement site after security breached
EZ-Pass is a perfect example of people choosing convenience over security, and a bad design "creating the tools for tyranny". While the accounting system most certainly keeps records of where you were, and when, so it can do billing, the system is structured in such a way that an intrusive government can place antennas anywhere they want, and clandestinely record all EZ-Pass equipped vehicles passing a given point (even if it is not a toll site). [It just struck me that there may be a novel legal challenge to this; since you have contracted with a transport agency to use EZ-Pass, any non-contractual activation of the system could be legally construed as computer hacking - the snooping antenna has to power up your EZ-pass' chip (that's what those big inductive loop antennas are for), cause it to run a program, and return a result. If the EZ-Pass is rented from the authority I don't know if you'd have standing to sue, though.] Of course, EZ-Pass could have been designed so that the device was anonymous, and prepaid stored value (bought for cash) smartcards used to meter access. It would probably have worked out cheaper as well, since the accounting overhead goes away, and they make intereset on the float of unused cards but such a mechanism would not have suited Big Brother nearly as well. Peter Disclaimer: The above represents my personal views only] > -- > From: Bill Stewart[SMTP:[EMAIL PROTECTED]] > Reply To: Bill Stewart > Sent: Friday, November 03, 2000 10:35 PM > To: [EMAIL PROTECTED] > Subject: RISKS: New Jersey shuts down E-ZPass statement site after > security breached > > the following pleasant article on privacy was on RISKS. > > Date: Tue, 24 Oct 2000 11:19:44 -0400 (EDT) > From: danny burstein <[EMAIL PROTECTED]> > Subject: EZ-Pass discovers risk of sending URLs instead of actual text > > In a story datelined 24-Oct-2000, and headlined: > >New Jersey shuts down E-ZPass statement site after security breached > > The Associated Press reported on a problem with privacy and security on > the New Jersey EZPASS website where people can review their usage. > (EZPass is a radio transponder placed in your motor vehicle which is > "read" at toll booths, enabling you to zip through without having to stop > and hand over cash. Naturally it keeps records of when and where you > were for billing purposes... Which is another RISK all together) > [...]
RE: Nader
[much snippage] > -- > From: James A, Donald[SMTP:[EMAIL PROTECTED]] > > The book "the millionaire next door" does provides plausible evidence that > > in their origins, millionaires are close to being a cross section of > America. > > The Forbes 400, listing the 400 most wealthy Americans, is on the newstands right now. While I don't have it at hand right now, the self-made men significantly outnumber those who inherited all or part of their wealth. The cut-off point this year is $725M. The list can be browsed at http://www.forbes.com/400richest/ , but doesn't include the self made vs inherited data (which is in the dead tree edition). Peter
RE: [press release[
> -- > [EMAIL PROTECTED][SMTP:[EMAIL PROTECTED]] > And now a question for you Americans on the list: > > The CIA is Langley; the NSA HQ is in Fort Meade, Maryland -- what > agency has headquarters in Reston, Va? > > Thanks. > > David Akin > USGS NIMA (US Geological Survey, National Imagery and Mapping Agency) is the only one I know of that is actually in Reston. There are others in the region, such as NRO (actually in Chantilly). Peter Trei PS: Don't use the toad.com address.
RE: California bars free speech of those cutting deals on votes
> Bill Stewart[SMTP:[EMAIL PROTECTED]] > > At 09:48 AM 11/1/00 -0500, Trei, Peter wrote: > >All indications are that Carla Howell, the Libertarian challenger for > >Kennedy's Senate seat, will handily out-poll the Republicans this year. > > I really like Carla - hope she does well. You'll probably also have > a lot of Greens and liberal Democrats voting for Nader, which would be > good except they're partly doing it for the campaign finance porkbarrel. > > Massachusetts looks like the kind of state that has > more pot smokers than registered Republicans. > Somebody ought to be able to use that > > Bill > Somebody is. Prop 8 would allow drug offenders (including low level dealers) to opt for treatment over prison, and would require all fines, seized funds, and profits from the sale of stolen^H^H^H^H^H^Hforfeited property in drug cases to be used to finance treatment. I think one other state has a similar proposition this year, and another (New Mexico?) has had a similar law in place for a while, to great success. Needless to say, the police chiefs and DAs are worried that their profits will be eroded, and oppose it. Since the national and state wide candidates' races are non-issues in MA, most of the campaigning I've seen has been for and against the various ballot measures. For details, see: http://www.state.ma.us/sec/ele/elebq00/bq008.htm Peter Trei
RE: California bars free speech of those cutting deals on votes
> -- > From: Ken Brown[SMTP:[EMAIL PROTECTED]] > > The voters will be able to suss it out without a website. > [...] > The same has, I suspect, been true of 3rd parties in the USA. You can't > judge their strength by their vote because many of their votes because > they are nearly always a vote *against* whoever seems most likely to get > in. And because genuine supporters, knowing their preferred candidate > won't get in, may pragmatically vote for the contender they consider > least damaging. As Tim pointed out the other day. We're not doing this > for fun. If there is a chance of getting someone in who will do less > real damage, vote for them. In the absence of revolution, amelioration > at least ameliorates. [...] > Ken > I'd like to voice my agreement on this. Here in Massachusetts, the state is considered such a Democrat stronghold that we've seen almost zero campaigning by either major party (while this is usually considered a godsend, I'm starting to feel ignored :-). At the local level, Senator Ted Kennedy's seat is up for re-election, but Ted has such a lock on it that he isn't bothering to campaign. The state's Republicans have managed to self-destruct (their initial candidate withdrew, and Jack Robinson, the replacement who popped up at the last minute, has proved utterly without merit - the state party no longer supports him, and he's out of money). All indications are that Carla Howell, the Libertarian challenger for Kennedy's Senate seat, will handily out-poll the Republicans this year. As a result, my vote is immaterial to either major party, and I can happily vote my conscience without any fear that I'm helping throw the election to either Gush or Bore - both of whom I find utterly odious for intersecting sets of reasons. (Just in case you were wondering, I'm voting Libertarian). Peter Trei
RE: Re: Visit a hacked site, loose your computers.
Read the article. Of course the time is well known, and the logs are stamped. You are naive, though, if you beleive that will stop an LEA from trashing the lives of innocents... ...and of course they'll get away with it. Peter [Now, I'm not excusing the FBI's jackboot tactics in this case, but I will point out that Mr. Salomon poked at 'unusual' ports, and zone transfered yankee.com during his investigation. An IDS might well trigger an attack alert under those conditions. The government's theft of his property after all this was explained, is of course inexcusable.] > -- > From: [EMAIL PROTECTED][SMTP:[EMAIL PROTECTED]] > Reply To: [EMAIL PROTECTED] > Sent: Tuesday, October 31, 2000 3:19 PM > To: [EMAIL PROTECTED] > Subject: CDR: Re: Visit a hacked site, loose your computers. > > Wouldn't the time of the hack be pretty well known and wouldn't the RPI > firewall logs be timestamped or am I naive? > > Is knowledge being used as evidence of guilt? > > Mike > > >Andres Salomon, a fairly clued in RPI student, heard on > > IRC that the Yankees website had been hacked. He > > checked it out, noted some well-known Red Hat > > security holes, and came to the conclusion that > > there had been a DNS redirect attack. Total time: > > 5 minutes. > > > > The next day, the FBI raided his dorm room and > > seized his computers (along with a copy of ORA's > > DNS & BIND). > > > > Peter Trei > > >
Visit a hacked site, loose your computers.
It'll probably be slashdotted by the time you get to it, but see: http://devrandom.net/~dilinger/ Andres Salomon, a fairly clued in RPI student, heard on IRC that the Yankees website had been hacked. He checked it out, noted some well-known Red Hat security holes, and came to the conclusion that there had been a DNS redirect attack. Total time: 5 minutes. The next day, the FBI raided his dorm room and seized his computers (along with a copy of ORA's DNS & BIND). He described them as 'nice' -after all, they left him his CD-Rs of mp3, divx & pr0n. Peter Trei
RE: digital angel (tracking device)
> Sampo A Syreeni[SMTP:[EMAIL PROTECTED]] wrote > On Sun, 29 Oct 2000, Eric Murray wrote: > > >>The unit can be turned off by the wearer, thereby making the monitoring > >>voluntary. It will not intrude on personal privacy except in > applications > >>applied to the tracking of criminals. > > > >Heh. > > > >>Digital Angel[tm] measures bodily parameters. It does not interact with > >>the body chemically or biologically. Designed to be completely harmless, > >>Digital Angel will not interfere with bodily functions in any way... > > > >at least in this version. > > And pulling the last two together, we have Digital Angel/IE (Instant > Execution), for those really Bad Seeds. The plus model will zap the > offender if brought near Digital Angel/FC (For Children). > > Sampo Syreeni <[EMAIL PROTECTED]>, aka decoy, student/math/Helsinki university > Go check out Harlan Ellison's short story "Repent Harlequin! cried the Tick Tock Man". This is really life imitating art. Peter Trei
RE: why should it be trusted?
> -- > From: Ken Brown[SMTP:[EMAIL PROTECTED]] > Reply To: [EMAIL PROTECTED] > Sent: Wednesday, October 25, 2000 11:21 AM > To: Trei, Peter > Cc: Cypherpunks; 'Nathan Saper' > Subject: Re: why should it be trusted? > > "Trei, Peter" wrote: > > > Nathan, have you ever actually looked at socialized medicine? It's > > fine for some things, but not for others. Illnessess which can be > > cured and which curing will return a person to productive labour > > get treated - after a while. Illnessess which strike late in life and/or > > require expensive treatment get much shorter shrift. > > This isn't really true. The NHS tends to be quite good at big stuff, > serious interventions. The UK is also quite good for fixing small 1-off > problems (the poor wait in line, the less poor just pay same as anywhere > else). What it isn't so good at is chronic but not life-threatening > problems. In other words, just the ones "which curing will return a > person to productive labour". Of course these are also the exact same > health problems that private health insurance is worst at. > I've read various stories (mostly in New Scientist and The Economist) about people being refused expensive chemotherapy by the NHS. > > Why do you > > think Austin Power's teeth were a running joke?[...] > > Dentistry in the UK is almost entirely private & sometimes used as an > example of why publicly provided healthcare is supposed to be better! > Except for the poorest, we pay for it out of our own pockets (as adults > anyway, there is a certain amount of public provision for children). > Same applies to opticians & so on. > I stand corrected. The fact remains that bad teeth are part of the American stereotype of Britons. > There are a lot of problems (particularly local ones in London because > nationally set budgets don't reflect the cost of provision here - the > district I'm in has over 20% shortfall in the number of nurses on the > staff because they aren't paid enough), but on the whole I think you'll > find few Brits who would give up the idea of the NHS. After all we live > longer than you do, on average (assuming you are USAn), are slightly > poorer to start with & spend a *lot* less on healthcare per head, public > & private combined. In fact you spend almost as much on "socialised" > medicine as we do, far less cost-effectively. > ... and you have a continuous brain drain of doctors to the greener fields of the US. > Ken > Peter Trei
RE: why should it be trusted?
> -- > Nathan Saper[SMTP:[EMAIL PROTECTED]] wrote: > On Mon, Oct 23, 2000 at 08:37:42PM -0700, James A.. Donald wrote: > > You cannot provide cheap insurance by punishing insurers, any more than > you > > can provide cheap housing by punishing landlords. It has been tried. A > > > law compelling insurance companies to insure the unhealthy will merely > > raise costs for the healthy, resulting in more people going uninsured. > > > > If you want to guarantee insurance for the unhealthy without ill effects > > > the TAXPAYER has to pay, and I suspect that if this proposition was put > to > > the public, enthusiasm would be considerably less. Indeed the Clintons > did > > put something very like that proposition to the public, and there was > > little enthusiasm. > > > > Having socialized healthcare would be ideal. However, I think that > the political atmosphere in this country pretty much removes that > possibility. > [...] Nathan, have you ever actually looked at socialized medicine? It's fine for some things, but not for others. Illnessess which can be cured and which curing will return a person to productive labour get treated - after a while. Illnessess which strike late in life and/or require expensive treatment get much shorter shrift. Britain's NHS record on cancer treatment is a national disgrace. Why do you think Austin Power's teeth were a running joke? The state of British (ie, socialized NHS) dentistry lags *far* behind the US, especially in the area of orthodontics. Canadians like their socialized system, but any Canadian who gets sick knows that (for a price) they can get faster, better treatment in the US. There are more MRI machines in single US cities than in all of Canada, and the waiting lists up there can outlast an Albertan winter. The sad truth is that cost of the best medical care has exceeded the ability of the average person to afford it. (When I say 'average' I mean the arithmetic mean of incomes, so robbing the rich to treat the poor still won't get everyone the best possible care). Regardless of how we choose to finance it, there will remain many people whose lives could have been improved by treatments which were not performed due to reasons of cost. Once you recognize that medical care *must* be rationed, the question is how, and by who. The majority of the subscribers to this list are anarcho-capitalists and/or libertarians, and abhor any taking by force. Your socialist outlook is very much a minority viewpoint, and I don't think you're going to change anyones mind. The solution to this problem is not to propose different ways to slice up the too-small pie - it's to expand the pie. The greater the wealth, the more people who can afford good care. People who are responsible for their own welfare (and enslaved to the welfare of others) have the best chance of acheiving wealth. Peter Trei
Re: FBI: We Need Cyber Ethics Education
Funny, reading the Subject line of this, I immediately assumed that the FBI was belatedly admitting that it: the *FBI* needed some 'cyber ethics education'. This is On another note, my Microsoft Exchange (spit) mail client chopped off the 'FBI:' prefix on the subject line of the reply - Any alphanumeric (unspaced) string terminated with ': " gets dropped. Sigh. [Yes, I know the article is a spoof] Peter Trei > -- > From: Tim May[SMTP:[EMAIL PROTECTED]] > Reply To: Tim May > Sent: Monday, October 09, 2000 7:11 PM > To: [EMAIL PROTECTED] > Subject: FBI: We Need Cyber Ethics Education > > > > > Monday October 9 4:45 PM ET > > FBI: We Need Cyber Ethics Education > > > By DIANE HOPHEAD, Routers Press Agency > > WASHINGTON (AP) - FBI: We Need Cyber Ethics Education. > > Thou shalt snoop on other children. > > Thou shalt not hide cybercrimes by using encryption. > > FBI agents are spreading a new gospel to parents and teachers, hoping > they'll better educate youths that privacy in cyberspace can be > economically costly and just as criminal as refusing to narc out > fellow students. > > The Justice Department (news - web sites) and the Information > Technology Association of America, a trade group, has launched the > Cybercitizen Partnership to encourage educators and parents to talk > to children in ways that equate privacy and encryption with > old-fashioned wrongdoing. > > The nascent effort includes a series of seminars around the country > for teachers, classroom materials and guides and a Web site to help > parents talk to children. The FBI is distributing copies of > "MyPersonalCarnivore" to allow children to set up their own > Carnivore-enabled local sites. > > ``In a democracy in general, we can't have the police everywhere,'' > said Michael Vacuous, director of the FBI's National Infrastructure > Protection Center, which guards against computer attacks by > terrorists, foreign agents and teen hackers. > > ``One of the most important ways of reducing crime is trying to teach > ethics and morality to our kids. That same principle needs to apply > to the cyber world,'' he said. > > "We are willing to drop the antitrust action against Microsoft if and > when they meet the legitimate needs of law enforcement," he added. > Asked if he was referring to the proposed "WindowsMe (and Big > Brother)," he added that he could not comment on sensitive programs. >
RE: Musings on AES and DES
> -- > From: Vin McLellan[SMTP:[EMAIL PROTECTED]] > Reply To: Vin McLellan > Sent: Monday, October 09, 2000 3:22 AM > To: Ray Dillinger; [EMAIL PROTECTED] > Subject: Re: Musings on AES and DES > > Ray Dillinger <[EMAIL PROTECTED]> wrote: > > > > >[As the DES,] Dataseal/Demon/Lucifer was pretty good. It may not > >have been the *most* secure algorithm of its time, but neither was it a > >transparent and useless "cipher" with obvious flaws other than the > 56-bit > >keyspace. However, the important part of building up trust (or lack > >thereof) in the cipher came after it was chosen as the DES. > > I suggest that you give insufficient weight to the importance of > the NSA imprimatur on the DES. > > The DES became the standard we know today -- for years, > universally accepted in US commerce, banking, and trade -- largely because > > the US National Security Agency (NSA) issued, upon the designation of the > DES by NIST, a statement that the NSA's cryptanalysts knew of no attack on > > the DES algorithm more effective than a brute force search of all possible > 56-bit keys. [...] > DES was pretty much what they said it was (even down to that > tweak > in the S-boxes to block differential analysis, which the academic crypto > researchers didn't discover for many years.) The NSA was/is really very > good at what they did, and -- particularly in the US computer industry > (which until 1960 had been pretty much guided by NSA R&D contracts) -- > their cryptanalytic expertise was wholly unchallenged. > > If you read the ostensible charter of the NSA, its duties include assisting in the securing of US civilian communications. While I expect this mainly means making sure that Boris & Natasha aren't tapping US internal comm links without permission, it can also be interpreted to make sure we aren't using snakeoil ciphers. Making DES not suck seems well within the NSA charter. In 1986, when the second recertification came up, I remember considerable consternation over the key-length reduction to 56 bits, and the unexplained tweaking of the S-boxes. There was serious discussion at the time that one or both of these changes were done to introduce backdoors. You'd probably have to find a usenet archive from the period to confirm this. I seem to recall reading somewhere that the extra (8?) bits in the original were shown not to add to the security of the cipher. Clearly 56 was too short - Diffie & Hellman published a paper to that effect in 1977. In the end, we now know that the tweaking prevented differential cryptanalysis, but not linear cryptanalysis. DCA had apparently been discovered internally at IBM (and presumably at NSA). LCA was not then known within IBM (whether it was known inside NSA is an interesting question :-) I would not be suprised if 30 or 50 years down the road, we find out that NSA did its level best to ensure that the AES selection process picked the best candidate. Equally, I would not be suprised to find that they already have some black cryptanalytic technique which can defeat it. On the balance I favor the former: the NSA is as aware as the rest of us of the huge cost (both financial and security) of embedding a broken cipher in the infrastructure of the nation. Peter Trei
Crypto events 22-24 Sept in Bay Area?
I've been stupid (no suprise to those who know me :-). Last week I booked a ticket out to SFO assuming the RSA party would be on Saturday the 23rd. As we now know, it's actually on the 21st. Unfortunately, I booked through priceline.com, and their policy is "no refunds, no transfers, no modifications" (yes, they're up front about this - I can't claim it was buried in the fine print). I'm debating whether to 1. Blow off the whole thing, and write off the ticket as an (fairly expensive) lesson. I'd go to the Harvard Club event anyway. 2. Come out Friday, even though I miss the party. 3. Use 20k of FFM on USAir to get to the party 2 hours late, and stay till Monday. (I've booked this, but that, at least, is cancellable.) I'm resistant to a long trip (family/job obligations at home), but if there's a bunch of interesting crypto related events aside from the party on Thursday, I may come out anyway. Any suggestions? Peter Trei
RE: Voluntary Mandatory Taxes
Tim wrote > At 10:35 AM -0700 9/12/00, Marshall Clow wrote: > > Refinery: 17.2 [ I'm guessing this includes raw > >oil costs ] > > Retailer:4.2 > > VAT:12.64 > > Duty: 50.89 > > > > Total 84.9 [ this is the price at the pump ] > > > >that's 74.8% tax, folks. > > Which is of course what the original article was saying. > > A nit, but "74.8% tax" may be misleading to some. It suggests a tax > rate of "only" about 10 times the normal sales tax (normal in the > States, for ordinary goods). In fact, the 75% is of course 75% of the > final price. Or, roughly a 400% tax on the original commodity. > > For example, imagine a Jaguar XK8 costing $60K plus $240K in taxes. > 75% in taxes would suggest 60K plus 45K. The oil situation is 400% in > taxes. > A nit on a nit: This is ~300% tax, not ~400%. Consider: 10 pounds worth (to the refiner/dealer) of petrol yeilds s the British government about 30 pounds of taxes. ie, 300% of the cost of the item. It's still mind-boggling that a nominally free people will put up with this kind of organized theft. Peter > Welcome to statism. > > > --Tim May >
[Apologies] RE: RSA Security releases ... cpunk
I don't know why the post is appearing multiple times, and I'm as annoyed about it as you are. Peter Trei
RSA Security releases RSA algoritm into public domain two weeks early. [cpunk]
Wednesday September 6, 8:03 am Eastern Time Press Release SOURCE: RSA Security Inc. RSA Security Releases RSA Encryption Algorithm into Public Domain 'c = m(e) mod n' Made Available Two Weeks Early BEDFORD, Mass., Sept. 6 /PRNewswire/ -- RSA® Security Inc. (Nasdaq: RSAS - news) today announced it has released the RSA public key encryption algorithm into the public domain, allowing anyone to create products that incorporate their own implementation of the algorithm. This means that RSA Security has waived its rights to enforce the patent for any development activities that include the RSA algorithm occurring after September 6, 2000. Represented by the equation "c = m(e) mod n," the RSA algorithm is widely considered the standard for encryption and the core technology that secures the vast majority of the e-business conducted on the Internet. The U.S. patent for the RSA algorithm (#4,405,829, "Cryptographic Communications System And Method") was issued to the Massachusetts Institute of Technology (MIT) on September 20, 1983, licensed exclusively to RSA Security and expires on September 20, 2000. "So much misinformation has been spread recently regarding the expiration of the RSA algorithm patent that we wanted to create an opportunity to state the facts," said Art Coviello, chief executive officer of RSA Security. "RSA Security's commercialization of the RSA patent helped create an entire industry of highly secure, interoperable products that are the foundation of the worldwide online economy. Releasing the RSA algorithm into the public domain now is a symbolic next step in the evolution of this market, as we believe it will cement the position of RSA encryption as the standard in all categories of wired and wireless applications and devices. RSA Security intends to continue to offer the world's premier implementation of the RSA algorithm and all other relevant encryption technologies in our RSA BSAFE® software solutions and we remain confident in our leadership in the encryption market." For nearly two decades, more than 800 companies spanning a range of global industries have turned to RSA Security as a trusted, strategic partner that can provide the proven, time-tested encryption implementations and resources designed to speed time to market. These companies, including nearly 200 so far in 2000, rely on RSA BSAFE® security software for its encryption implementation and value-added services for a broad range of B2B, B2C and wireless applications. During the past 17 years, RSA Security has incorporated the concepts represented by the RSA algorithm into its RSA BSAFE cryptographic software. The company has made continuous enhancements to the way the algorithm has been implemented, including a number of performance improvements and optimizations, not reflected in the original patent, for a wide range of software applications, operating systems and chip designs. RSA Security also is an industry leader in developing standards on the robust application of encryption technologies for solving real-world problems. These core standards, known as the Public Key Cryptography Standards (PKCS), form the underpinnings of today's most widely used communication methods. In recent years, encryption technology has taken on an entirely new level of importance in the world of business and consumer technology, and RSA Security continues to be a leader in the industry. Once the province of a small group of technologists and mathematicians, new developments have raised the profile of encryption among a broad range of audiences. Moving forward, electronic signature legislation, export regulation and the pending selection of the Advanced Encryption Standard (AES) all will contribute significantly to encryption playing a key role in the further expansion of e-commerce initiatives for B2B, B2C and extended enterprise applications. For more information regarding the RSA algorithm and a free RSA algorithm t-shirt, visit www.rsasecurity.com/total-solution. About RSA Security Inc. RSA Security Inc., The Most Trusted Name in e-Security(TM), helps organizations build secure, trusted foundations for e-business through its RSA SecurID® two-factor authentication, RSA BSAFE encryption and RSA Keon® public key management systems. With more than a half billion RSA BSAFE-enabled applications in use worldwide, more than seven million RSA SecurID users and almost 20 years of industry experience, RSA Security has the proven leadership and innovative technology to address the changing security needs of e-business and bring trust to the new, online economy. RSA Security can be reached at www.rsasecurity.com. NOTE: This press release contains forward-looking statements relating to the role of the RSA algorithm encryption and the expansion of e-commerce. Such statements involve a number of risks and uncertainties. Among the important factors that could cause actual results to differ materially from those indicated by such forward-looking
Thoughts on the Friedman patent [cpunk]
As was reported earlier, William Friedman was just issued a patent for a Enigma-style rotary encryption device: http://www.patents.ibm.com/details?&pn=US06097812__&s_all=1 It's worth noting that it took over 67 years for this to move from 'patent pending' to 'patent issued'. Claim 1 seems to claim to cover *all* rotary, enigma-style mechanisms: 1. In a cryptograph, a keyboard comprising character elements in operative electrical connection with corresponding signaling elements; means comprising a set of juxtaposed, rotatable commutators for varying the connections between the keyboard elements and said signaling elements; a cipher-key transmitter; and means coordinated with the transmitter to effect permutative, stepwise displacements of the commutators. What are the consequences? Can Friedman's estate now sue Crypto AG for infringing devices sold in the US? Can Lucent (the heir of Bell Labs) be made to pony up royalities for each installation of a system including crypt()? Can the estate get back-royalties for every device the US government built using these principles? While this may seem far-fetched to sane people, idle American lawyers hands are the Devil's playground. Peter Trei
RE: MojoNation [cpunk]
> Subject: MojoNation file sharing system plans to beat Napster, > Gnutella > > http://www.wired.com/news/technology/0,1282,37892,00.html > > Get Your Music Mojo Working > by Declan McCullagh ([EMAIL PROTECTED]) > > 5:45 p.m. Jul. 29, 2000 PDT > LAS VEGAS -- A new file-sharing system could best rivals > like Napster and Gnutella through more anonymous and > efficient transfers. > > The service has an innovative feature that rewards users > for uploading and distributing files: payment in a form of > digital currency called "Mojo." > [...] > The libertarian-leaning cypherpunks -- only about seven > so far -- who work at Autonomous Zone are pinning their > hopes on creating an emergent network of electronic > buyers, sellers, and service providers, all exchanging > tokens that might represent as little as one-thousandth of > a cent. > [...] > By pinning even an infinestimal value on all transactions, > the company plans to discourage piggish folks who > download more than they contribute in return. > > To earn Mojo tokens, users can sell their extra bandwidth > or disk space and act as servers, or create their own > service that others want to pay for. A successful system > would also likely include money exchangers who buy and > sell Mojo tokens in exchange for dollars. > Doesn't this create a private currency? Many US banks used to issue their own currency, but around the turn of the 19-20th century [it feels weird to have to disambiguate 'turn of the century'] the Fedz slapped a 10% tax on any transaction which didn't use USG issued scrip. I could see them attempting to apply that tax to this, and many other e-scrip operations. [...] Peter Trei
RE: John Young, Freedom Fighter Extraordinaire
> -- > From: Patrick Henry[SMTP:[EMAIL PROTECTED]] > > John Young wrote: > > > Therefore I shall publish the names of the two Special Agents > > who spoke with me at: > > > > http://cryptome.org/fbi-psia.htm > > Holy shit! > > I think we all owe John a tremendous gratitude. There are plenty of us > (yours > truly included) who talk the talk but don't walk the walk. John has > placed > himself in harm's way in the battle for our freedom. > > I hereby bestow upon you, John Young, the Patrick Henry Liberty Award. It > includes an anonymous $100 contribution to your legal defense fund. Way > to go > John! > > --PH > Me too. [Normally, I detest 'me too' posts, but John needs to know that a lot of people back him up on this decision.] Peter Trei
RE: Encrypted nanotech designs CPUNK
> -- > From: lcs Mixmaster Remailer[SMTP:[EMAIL PROTECTED]] > Reply To: lcs Mixmaster Remailer > Sent: Friday, June 16, 2000 5:20 AM > To: [EMAIL PROTECTED] > Subject: Encrypted nanotech designs > > The Foresight Institute is an organization promoting planning for the > impact of future technologies, particularly nanotech. They have a new > set of design guidelines to prevent potential nanotech catastrophes at > http://www.foresight.org/guidelines/current.html. > > One of the points involves encryption: > > > 1. Any self-replicating device which has sufficient onboard > > information to describe its own manufacture should encrypt it such > > that any replication error will randomize its blueprint. > > Anyone have any idea what this means? How would crypto be used here? > I think the goal here does not involve enemy action - it's to prevent a 'gray goo' disaster scenario, in which a self-replicating nanobot replicates until the entire mass of the planet is turned into nanos. By inserting cryptographicly strong error resistance into the device, any 'mutation' renders the resulting bot sterile. This prevents evolution which might result in a inadvertant 'gray goo' situation. Peter Trei [Adding CPUNK to the Subject line of all legitimate posts helps prevent spam.]
RE: pseudonymous remailers CPUNK
> -- > From: Bill Stewart[SMTP:[EMAIL PROTECTED]] > Reply To: Bill Stewart > Sent: Thursday, June 15, 2000 4:35 AM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Re: pseudonymous remailers > [...] > I ran a remailer about 5 years ago; I've commented on the issue in the > distant past, but no longer have copies of it. > Remailers generally have two uses: > - sending private mail to individuals, which needs to be encrypted in and > out > to prevent eavesdropping (so forgery isn't really an issue), and > - sending broadcast messages such as Usenet groups and mailing lists, > where the output needs to be unencrypted, and forgery is possible. > [...] > The classic abuses to do with it are posting flamebait to Usenet > or posting test messages to alt.test which get autoreplied to by thousands > of machines. I closed the remailer I ran when somebody posted > forged hate mail to the net - the headers weren't forged, but the > target's name and email address were in the message body. > My ISP asked me to close it unless I could find a way to prevent > similar abuses, and there weren't a lot of good options at the time. > > Most remailer operators who are concerned about preventing abuse > are also concerned about preventing complaints that get them shut down, > so they're motivated to deal with the problem. A relatively common > approach is to add mail headers clearly indicating (to anybody who > reads mail headers) that the message came from a remailer, > may be forged, and where to find more policy information. > [...] > Thanks! > I don't run a remailer, so I'm not speaking from experience, but If a remailer restricted itself to sending out messages which were still encrypted after decrypting with the remailers' key, I would think you'd remove nearly all spam (since no spammer is going to encrypt thousands of messages with the public keys of each of his recipients), and give the operator a layer of protection from liability ('No, you Imamness, I did not and could not know that an infidel was using my remailer to send quotes from "The Satanic Verses'") This would make it more difficult to send plaintext messages to usenet, though messages which decrypted in the remailer to plaintext targeted for known gateways and mailing lists could be let through. Peter [If everyone put CPUNK at the end of their subject line, you could filter all other messages as probable spam]
RE: [FLAME] Choate's web page spams of this list!
He's listening: Here's his latest post, including the entirety of the body text: >From: Jim Choate <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: CDR: Lessig: A Letter to Bill >The Industry Standard >June 12, 2000 >pp. 51 [ 12 line .sig deleted - Jim, is that *really* needed? --- Of course, it would help if he included a URL: http://www.thestandard.com/article/display/0,1151,15645,00.html Peter Trei
RE: Posting Cookies for Cypherpunks
You don't need to get that complicated. Just pick a keyword (eg, CPUNK), and require it's presence in the subject line. This method has been used to great effect in usenet newsgroups, even if the keyword does not change for years. Spambot software simply doesn't handle per-address rules beyond including the username in the message. I've proposed this before - any bets as to how long before Jim C or Tim tells us to start our own list? Peter > -- > From: Eric Cordian[SMTP:[EMAIL PROTECTED]] > > If we implement some sort of posting cookie, it should be bakable by any > user wishing to post, and work with every conceivable variety of OS and > mailer. > > One scheme which comes to mind is to allow people to mail their posts > to "N+cypherpunks@*" where N is the number of non-whitespace characters > in the subject of the post, exclusive of Subject: and Re:. > > People subscribing could then elect to receive only those posts where > N matched, or to receive all posts. While the N+cypherpunks addresses > would of course end up on spam lists, statistically, the spam would get > cut by a factor of around 20 for people who chose to filter. > > This would have the following features. > > 1. It would be very simple to implement. > > 2. It would be end-user filtering, which people would be able to elect. > > 3 It doesn't require any complicated software on the list processing > end, and no software at all on the user end. > > 4. People who don't want to mess with it will never know it's there. > > This is just one way to do it. I'm sure people will think up better > variations. > > -- > Eric Michael Cordian 0+ > O:.T:.O:. Mathematical Munitions Division > "Do What Thou Wilt Shall Be The Whole Of The Law" >
Metallica drummer discusses Napster.
Not entirely on topic, but over on slashdot, Lars Ulrich, the drummer for Metallica, gives an long, detailed, online interview about the whole Napster affair, based on questions sent in by slashdot readers. http://slashdot.org/interviews/00/05/26/1251220.shtml It's interesting to see the point of view of an IP creator, pretty clearly unfiltered by lawyers. He comes off as intelligent and thougtful, but not at all net-savvy. He scores points as to what's *good* about recording companies, and his right to control how his creative output gets used. He clearly does not get or is unaware of, the 'cypherpunk' take on this - that the Internet has changed the ground rules, and it may no more be possible for him to control the future use of his product than he could command the flght of wild geese. He still thinks that gnutella, freenet, et al, are companies on which the same types of pressure can be brought to bear as was brought against Napster. Personally, I'd like the world to be arranged so that the creative are remunerated for their work, and producers can raise hundreds of millions of dollars to make an ass-kicking ship-disaster movie (even if a timewasting romance subplot has to be included :-). I'm just not sure if and/or how this can be done in the future. Peter Trei
RE: NSA on AES2
> -- > From: Anonymous[SMTP:[EMAIL PROTECTED]] > > >look no further than DES. Whit Diffie (see his forward to 'Cracking > >DES') was speculating about bruting DES from *before* the day it > >was published in 1975. Read Weiner's 1993 paper on building > > Last year I heard Diffie say (at PECSENC meeting) that > > "Exportable means breakable" > > AES is exportable, I assume. > You assume wrong. The limit on general export is still at 56 bits, which we know to be inadequate. Unlimited strength is exportable for certain purposes, all of which seem to involve B2B or B2C rather than C2C or C usage (ie, one of the parties is easily tracked down if the authorities decide they're being naughty). That's for commercial products. There's a complex and byzantine set of regs concerning open source projects and source code, which I'm glad to say the courts are slowly agreeing to be unconstitutional. AES candidates are required to work with a variety of keylengths: specifically 128, 192, and 256 bits (they are allowed to work with longer or shorter keys as well). Any commercial product which used AES with keys longer than 56 bits is not exportable for general encryption uses - eg a crypto library, or a unescrowed disk encryptor. > Do you agree with Diffie ? > In general terms, yes. Peter Trei (usual disclaimer)
RE: Options for list filtering [0005]
One alternative to changing the email address is to have a nonce which must appear in the post for it to be forwarded to end users. Change it once a month or so. Make it either a random string of digits, or a string unlikely to occur in a post by accident. The point here is not to prevent individual posts, but rather to stop mass machine-generated spam. The mass mailers, while having some flexibility (for example, providing a bogus From: header which changes with each message), don't have rulesets capable of arbitrary per-recipient customization beyond the "Dear Cypherpunks:" level. If we implemented a rule that said that valid posts must contain the year and month in the Subject line (eg '[0005]' as this post does) we'd get rid of 99 98/100s % of the spam. If a server receives a message which does not contain the string, toss it and return a message explaining the policy. Users sending anonymously won't recieve it, but are generally clueful enough to figure out the policy. (After all, they read the list somehow). There are a number of Usenet newsgroups where the spam level has risen to such a level that a similar policy has been instituted: the newsgroup's initials appears in the subject lines of 'real' posts. I have never seen spam which spoofed this mechanism, even though the nonce is static over a span of years. This a bit like putting the 'Club' antitheft device on a car. It won't stop a really *determined* bad guy, but will thwart the vast majority of them. It's also easy to implement at the CDR nodes. Peter Trei > -- > From: Tim May[SMTP:[EMAIL PROTECTED]] > Reply To: Tim May > Sent: Friday, May 05, 2000 2:23 PM > To: [EMAIL PROTECTED] > Subject: Options for list filtering > > > (I'm not worried about being called a communists or a pedophile for > commenting on this issue. Nor am I worried about being called a > communist _by_ a pedophile. Or vice versa.) > > > At 12:29 PM -0500 5/5/00, Declan McCullagh wrote: > >Eric is correct that the list was created that way, and operated > >that way, for historic reasons. But now it seems like the costs may > >exceed the benefits. I suggest losing the old email addresses > >(toad.com, cyberpass.net, ssz.com) and having those messages routed > >to a web site or info dump that can be publicly perused. > > > >The "new" or "active" cypherpunks list would consist of the same > >subscriber list and have the same distributed setup; it would simply > >have different email "entry points." So to send mail, you'd need to > >know to send to [EMAIL PROTECTED] That at least might > >reduce spam. > > > > I support periodic name changes. This is one reason people sometimes > change their usernames and/or ISPs: they've gotten on too many spam > lists. Or their phone numbers. Or in extreme cases, their countries. > A fresh start is sometimes needed. > > This has happened to the Cypherpunks list. Not only are list > harvesters finding the various Cypherpunks list names (algebra, toad, > cyberpass, ssz, etc.), but the "union of all posts" strategy of the > CDR ensures spam to any of the addresses reaches us all. Harvesters > have literally had years to find various Cypherpunks list addresses. > > The repugnance toward content filtering, except when voluntarily > arranged for, is laudable. We saw in years past that nominally benign > "moderation" can easily degenerate into partisan filtering of > opposing views. UNDER NO CIRCUMSTANCES should the root CDR nodes > filter messages by body text content. > > However, there's nothing that says the Cypherpunks list has to have a > persistent address, with a time constant of years. A name change > every quarter or so, with existing subscribers carried over to the > new name, would help with advertising spam. > > What about people who discover the Cypherpunks list from some old > "Wired" article which gives the subscription info? This is usually > going to be the "[EMAIL PROTECTED]" old address, and the majordomo > variants. Those who use that address can be bounced a message telling > them the latest list addresses. (This is some work by someone...I'm > not volunteering John or Hugh or anyone else to do this. However, at > some point the use of the ancient toad.com address was supposed to go > away anyway...right now it's adding a lot of noise to our system. > Perhaps it is time for the other CDR nodes to pull the plug on > accepting posts sent to the toad.com address.) > > A second possibility is to do what many lists do: only allow posts by > subscribers. > > What about remailers and other anonymous posts? The addresses of all > known CP/Mixmaster/Freedom services could be added to the list of > allowed posts. This means a devious spammer could still get through, > but so much the better (at least he's using good technology!). > > This would screen out Hotmail, My-Deja, and similar "weak tech" > pseudo-anonmyizers, but this is also so much t
RE: RSA fasion trends.
> -- > From: Tim May[SMTP:[EMAIL PROTECTED]] > Reply To: Tim May > Sent: Monday, April 17, 2000 1:23 PM > To: [EMAIL PROTECTED] > Subject: Re: RSA fasion trends. > > At 3:00 AM +1000 4/18/00, Julian Assange wrote: > > > TRENDS - ENCRYPTION > Byline: SUELETTE DREYFUS > > > So what is hot in cryptowear? Look for ephemeral keys, template-less > biometrics, sheer digital watermarks lined with a crinoline of crypto > >and au natural molecular computing. > > > >Sitting in a trendy Brunswick Street cafe, Duane revealed his > >predictions after jetting into Melbourne recently from RSA's > >headquarters in the Milan of the IT world, Massachusetts. > >... > >Some of these, such as template-less biometrics, are so new they are > >little more than a theoretical sparkle in designers' imaginations, but > >they are moving fast. Others, such as digital watermarking, will be > >retro by the time they become widespread. They've existed for some time, > >but Duane predicts they may take off in a much larger way in future. > >... > >Next season could also see a return to nature, with molecular computing > >used as a way to break cryptographic keys. The natural look is back in > >vogue among the large-lobed in other ways as well, with Duane openly > >sporting long hair in a pony tail. ``The only time I purposely tuck it > >in is when I'm riding my Harley,'' he said. > > > I nominate this article as the most pretentious--or should I say > "precious"?--mixing of metaphors seen in a major piece of reporting > this year. > > This latest Dreyfus affair is tedious beyond words. No doubt she (or > he) will be an honored guest and probably a speaker at the next CFP. > > --Tim May > -- > -:-:-:-:-:-:-: > Timothy C. May | Crypto Anarchy: encryption, digital money, > ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero > W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, > "Cyphernomicon" | black markets, collapse of governments. >
RE: Bill Joy suggests limits to freedom and research.
I've been very pleased at the responses to the posting that started this thread. Clearly these are topics people have been thinking about for some time. But saying that "we've been over this before" or "Bill knows computers, but doesn't understand *this* field as well as *I* do") doesn't help to much to still my worries. Can anyone provide pointers to convincing counter arguements? We don't have to much time to provide safeguards against some of these problems, either. What's the betting that some military lab is, at *this* moment, creating a bug (if they have not already done so) with the lethality of Ebola and the ease of transmission of flu? Or how about a racially targetted disease (too much/not enough melanin and you're dead)? Moore's Law applies to other fields of research too. What can be done only in a highly funded lab today will be a high-school project in ten years. I still maintain that this article will be used by statists and authoritarians to justify their control. Peter
RE: X.BlaBla in PGP??? BWAHAHAHAHAHA!!!!
-Original Message- From: Phillip Hallam-Baker [mailto:[EMAIL PROTECTED]] [...] > And actually, UK libel law extends to any material published in the > UK, so it would be possible to bring an action in the UK against > a cypherpunks poster. Not that I would employ such an unfair law. > Indeed folk can read my recent letter in the Guardian on the topic > www.guardian.co.uk. Folk can also discover the judge's published > opinion on the chap who sued me if they grovell round the site. [...] > Phill One interesting factor is the differing standards for 'libel' between the US and UK. (Note: IANAL). In the US, truth is an absolute defense against libel. In the UK, as well as many other countries, it is not: it is perfectly possible to be found guilty of libel, and punished, for publishing TRUE information about someone which besmirches their reputation. I'm also curious as to what constitutes 'published in the UK'. A mailing list hosted outside the UK would not, IMHO, constitute 'publication in the UK', regardless if some of the recipients were reading it there, any more than, say, a US printed magazine becomes 'published in the UK' if some of it's subscribers are in that country. Ditto for a web site hosted outside of the country (though the UK has cracked down on Brits running overseas porn web sites from Britain). Peter
RE: Vin McLellan & Charles Mudd On Denial of Service Attacks
As some will recall, about 3 years ago, I started a thread entitled "'Cypherpunks' considered harmful" suggesting we needed to find a new title for the mailing list. Tim objected quite vehemently, as I recall. I think I proposed 'crypto-enthusiasts' or something like that. "The Secret Admirers", the name of a generally parallel group in Neal Stephenson's "Cryptonomicon" is even more apt, with it's overloaded shades of meaning. Peter Trei (a subscriber to the cypherpunks mailing list, an admirer of secrecy, but not a 'cypherpunk'). -Original Message- From: Tim May [mailto:[EMAIL PROTECTED]] Sent: Saturday, March 04, 2000 12:49 PM To: [EMAIL PROTECTED] Subject: Re: Vin McLellan & Charles Mudd On Denial of Service Attacks At 8:48 AM -0800 3/4/00, Steve Mynott wrote: >I would have thought the very name "cypherpunks" suggests list >sympathies lie more on the "hacker" side then on those of >self-professed security experts. > >On Fri, Mar 03, 2000 at 07:30:24PM -0500, Phillip Hallam-Baker wrote: > >> When cypherpunks was founded, most of the readers on the list were actively >> involved in computer security. I strongly suspect that most readers of the >> list today are hacker 'wannabees', certainly this was the case when I >> stopped reading the list on a regular basis two years ago (although much of >> the material posted by the people I used to follow on the list is >> crossposted or forwarded to me so in effect what I do read probably closely >> resembles the original.) More to the point, Phillip Hallam-Baker is simply _wrong_ in his asssertions above, about the founding period of the list. As to the throwaway line about "most readers of the list today are hacker 'wannabees,'" this tells us all we need to know. --Tim May -:-:-:-:-:-:-: Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon" | black markets, collapse of governments.
[OT] MSN ends Usenet support.
I hope MSN users can still access news servers outside of MSN. Peter - http://news.cnet.com/news/0-1005-200-159.html MSN drops newsgroup support By Jim Hu Staff Writer, CNET News.com February 23, 2000, 4:00 a.m. PT Microsoft's MSN Internet site is dumping support for newsgroup discussions, the latest sign that the pioneering online chat format is being bypassed by the commercial Web. An MSN representative said the site is replacing newsgroup discussions, which are currently hosted on the open-ended Usenet network, with other options available on the site. She said the move was sparked by convenience. "We are removing newsgroups from MSN servers because we now have a better communication vehicle provided by MSN Web Communities-- including chat, message boards, email and Web pages," the representative wrote in an email. While newsgroups will no longer be supported on MSN.com, they will still be available at the company's corporate Web site, Microsoft.com. [...] "Newsgroups are unruly and message boards are easier to convert into a business," said Anya Sacharow, an analyst at Jupiter Communications. [...] "One of the charms of Usenet is that it's so completely decentralized," said David Ritz, a Usenet advocate. "(Microsoft's) operation is into control. This cannot be accomplished in Usenet." [...]
Intel proposes HW-encrypted displays.
http://www.eetimes.com/story/OEG2217S0039 http://slashdot.org/articles/00/02/18/0853243.shtml Intel is proposing a technique to encrypt data flowing between a PC and its display. The technology is called High-bandwidth Digital Copy Protection (HDCP). It appears to be another approach by which copyright holders could distribute movies, music, and other IP to consumers, while preventing the user from making a digital copy of the material. It uses 56 bit keys, and apparently operates in silicon at 5 Gb/s. Manufacturers will be assigned vendor keys for the system, as in the DVD CSS system. I can't tell whether the system will have an open, peer-reviewed specification for the crypto (though I somehow doubt it). Please follow the links above for more info. Peter Trei [EMAIL PROTECTED]
RE: FCF's Dean Lauds Congressional Privacy Caucus
I'm sure that a lot of people are going to respond, but since when has that ever stopped me? :-) Peter > -- > From: Lizard[SMTP:[EMAIL PROTECTED]] > > Can anyone tell me, precisely, why it is so very scary to imagine that > somewhere in a corporate database is a notation that you like to buy Coca > Cola? Corporations don't scare me -- they want me to be alive, free, and > earning money so that I can buy their products. Corpses and prisoners make > lousy consumers. > > I'm just curious as to the source of this fear of corporate 'spying', at > least as regards public habits like what you buy. If they were tracking > union membership or the like, I'd be more scared -- that's information > that > they could use to wreck your life. But who gives a smeg if they know what > soda you drink or your favorite brand of shampoo? The WORST that will > happen is you'll end up on some mailing lists. The best? You'll get a > coupon and save 50 cents. > > Can anyone who finds the concept of corporate databases keeping them awake > nights explain to me precisely WHY this bothers them? Obviously, it IS a > major concern for a lot of people -- but, as with genetic engineering or > nuclear power, I cannot understand the CAUSE of the fear. I need to know. > > Consider, Mr(?). "Lizard": Why exactly are you posting under what appears to be a nym? Could it be that there are people or organizations who you do not want to know your taste in mailing lists? If you're an employee of PepsiCo, you might very well want to conceal your personal preference for Coke. This is really an issue that relates to the value of privacy and anonymity in general. Your question is closely related to the old "If you have nothing to hide, why would you object to being watched?" The thing is, you, I, and many people engage in activities which, while we think they are OK, we'd rather not have to justify at every turn. For example: many people rent adult videos: how would you feel if your taste in movies was exposed on a webpage for your colleagues at work, your mom, and your girlfriend to see? You can imagine all sorts of bad scenarios if your every action was recorded and subject to public scrutiny. "Your Honor: My husband's a drunk: These supermarket loyalty card records show that he drinks 2 sixpacks of beer a week! I want a divorce, the house, the cars, and half his income. (this actually happened in San Francisco a while back). "I'm sorry Miss ... your purchase records from RiteAid show that though single, you purchase condoms every month. Our firm does not hire fornicators." "John, we're firing you for non-performance; your outstanding record up to this point must have been an error. Oh, by the way: we all hope you stay healthy: our self-insurance office has just reported that you've started purchasing anti-viral drugs for HIV." I myself have been surprised at job interviews when some of my leisure time activities have been raised by the interviewer (purely out of curiosity - not as a hiring issue. At least, so far) Peter Trei [EMAIL PROTECTED]