RE: voting
One area we are not addressing in voting security is absentee ballots. The use of absentee ballots is rising in US elections, and is even being advocated as a way for individuals to get a printed ballot in jurisdictions which use electronic-only voting machines. Political parties are encouraging their supporters to vote absentee. I believe that one election in Oregon was recently held entirely with absentee ballots. For classic polling place elections, one strength of an electronic system which prints paper ballots is that there are two separate paths for the counts. The machine can keep its own totals and report them at the end of the election. These totals can then be compared with the totals generated for that precinct by counting the paper ballots. This redundancy seems to me to provide higher security than either system alone. Cheers - Bill - Bill Frantz| There's nothing so clear as a | Periwinkle (408)356-8506 | vague idea you haven't written | 16345 Englewood Ave www.pwpconsult.com | down yet. -- Dean Tribble | Los Gatos, CA 95032
RE: voting
One area we are not addressing in voting security is absentee ballots. The use of absentee ballots is rising in US elections, and is even being advocated as a way for individuals to get a printed ballot in jurisdictions which use electronic-only voting machines. Political parties are encouraging their supporters to vote absentee. I believe that one election in Oregon was recently held entirely with absentee ballots. For classic polling place elections, one strength of an electronic system which prints paper ballots is that there are two separate paths for the counts. The machine can keep its own totals and report them at the end of the election. These totals can then be compared with the totals generated for that precinct by counting the paper ballots. This redundancy seems to me to provide higher security than either system alone. Cheers - Bill - Bill Frantz| There's nothing so clear as a | Periwinkle (408)356-8506 | vague idea you haven't written | 16345 Englewood Ave www.pwpconsult.com | down yet. -- Dean Tribble | Los Gatos, CA 95032
RE: The killer app for encryption
At 12:16 PM -0800 12/18/03, Jim Dixon wrote: Voice telephony requires delays measured in tens of milliseconds. A bit difficult if you also want encryption, anonymity, etc. Voice memo (messaging) systems are a way around this limitation. I don't know of any that exist. (Encrypted to receivers(s), mixed, and signed for strong pseudo-anonymity) Cheers - Bill - Bill Frantz| There's nothing so clear as a | Periwinkle (408)356-8506 | vague idea you haven't written | 16345 Englewood Ave www.pwpconsult.com | down yet. -- Dean Tribble | Los Gatos, CA 95032
Re: Silly Linux Kernel Bug
At 1:09 AM -0800 12/2/03, Eric Cordian wrote: As reported today on Slashdot, in linux kernels prior to 2.4.23, it is possible to map the kernel into user space with brk(), since apparently no one ever bothered to check that the argument passed was in the lower 3 gig of the address space. Rule 1: When you audit code for security, be sure there is a complete check of all input parameters. Make at least one pass through the code where this is the only check you make. As can be seen by multiple problems of this type, it's easy to forget. Cheers - Bill - Bill Frantz| There's nothing so clear as a | Periwinkle (408)356-8506 | vague idea you haven't written | 16345 Englewood Ave www.pwpconsult.com | down yet. -- Dean Tribble | Los Gatos, CA 95032
Re: Silly Linux Kernel Bug
At 1:09 AM -0800 12/2/03, Eric Cordian wrote: As reported today on Slashdot, in linux kernels prior to 2.4.23, it is possible to map the kernel into user space with brk(), since apparently no one ever bothered to check that the argument passed was in the lower 3 gig of the address space. Rule 1: When you audit code for security, be sure there is a complete check of all input parameters. Make at least one pass through the code where this is the only check you make. As can be seen by multiple problems of this type, it's easy to forget. Cheers - Bill - Bill Frantz| There's nothing so clear as a | Periwinkle (408)356-8506 | vague idea you haven't written | 16345 Englewood Ave www.pwpconsult.com | down yet. -- Dean Tribble | Los Gatos, CA 95032
RE: e voting (receipts, votebuying, brinworld)
At 2:30 PM -0800 11/24/03, Major Variola (ret) wrote: At 01:04 PM 11/24/03 -0500, Trei, Peter wrote: Thats not how it works. The idea is that you make your choices on the machine, and when you lock them in, two things happen: They are electronically recorded in the device for the normal count, and also, a paper receipt is printed. The voter checks the receipt to see if it accurately records his choices, and then is required to put it in a ballot box retained at the polling site. If there's a need for a recount, the paper receipts can be checked. I imagine a well designed system might show the paper receipt through a window, but not let it be handled, to prevent serial fraud. Vinny the Votebuyer pays you if you send a picture of your face adjacent to the committed receipt, even if you can't touch it. [more deleted] It depends on what happens to the receipt when you say commit. It could automatically go into the ballot box without delay, so you can't take such a photo. I expect that Vinny is already doing this with video of the touch screen verification screen and the voter pressing OK, but he hasn't make me an offer yet. I expect he gets better value for his money with TV ads, and last minute hit mailers. Cheers - Bill - Bill Frantz| There's nothing so clear as a | Periwinkle (408)356-8506 | vague idea you haven't written | 16345 Englewood Ave www.pwpconsult.com | down yet. -- Dean Tribble | Los Gatos, CA 95032
Re: e voting (receipts, votebuying, brinworld)
At 8:04 PM -0800 11/24/03, Tim May wrote: I expect there may be some good solutions to this issue, but I haven't yet seen them discussed here or on other fora I run across. And since encouraging the democrats has never been a priority for me, I haven't spent much time worrying about how to improve democratic elections. You might check out David Chaum's latest solution at http://www.vreceipt.com/, there are more details in the whitepaper: http://www.vreceipt.com/article.pdf Cheers - Bill - Bill Frantz| There's nothing so clear as a | Periwinkle (408)356-8506 | vague idea you haven't written | 16345 Englewood Ave www.pwpconsult.com | down yet. -- Dean Tribble | Los Gatos, CA 95032
RE: e voting (receipts, votebuying, brinworld)
At 2:30 PM -0800 11/24/03, Major Variola (ret) wrote: At 01:04 PM 11/24/03 -0500, Trei, Peter wrote: Thats not how it works. The idea is that you make your choices on the machine, and when you lock them in, two things happen: They are electronically recorded in the device for the normal count, and also, a paper receipt is printed. The voter checks the receipt to see if it accurately records his choices, and then is required to put it in a ballot box retained at the polling site. If there's a need for a recount, the paper receipts can be checked. I imagine a well designed system might show the paper receipt through a window, but not let it be handled, to prevent serial fraud. Vinny the Votebuyer pays you if you send a picture of your face adjacent to the committed receipt, even if you can't touch it. [more deleted] It depends on what happens to the receipt when you say commit. It could automatically go into the ballot box without delay, so you can't take such a photo. I expect that Vinny is already doing this with video of the touch screen verification screen and the voter pressing OK, but he hasn't make me an offer yet. I expect he gets better value for his money with TV ads, and last minute hit mailers. Cheers - Bill - Bill Frantz| There's nothing so clear as a | Periwinkle (408)356-8506 | vague idea you haven't written | 16345 Englewood Ave www.pwpconsult.com | down yet. -- Dean Tribble | Los Gatos, CA 95032
Re: e voting (receipts, votebuying, brinworld)
At 8:04 PM -0800 11/24/03, Tim May wrote: I expect there may be some good solutions to this issue, but I haven't yet seen them discussed here or on other fora I run across. And since encouraging the democrats has never been a priority for me, I haven't spent much time worrying about how to improve democratic elections. You might check out David Chaum's latest solution at http://www.vreceipt.com/, there are more details in the whitepaper: http://www.vreceipt.com/article.pdf Cheers - Bill - Bill Frantz| There's nothing so clear as a | Periwinkle (408)356-8506 | vague idea you haven't written | 16345 Englewood Ave www.pwpconsult.com | down yet. -- Dean Tribble | Los Gatos, CA 95032
Re: e voting
At 9:19 AM -0800 11/21/03, Tim May wrote: On Nov 21, 2003, at 8:16 AM, Major Variola (ret.) wrote: Secretary of State Kevin Shelley is expected to announce today that as of 2006, all electronic voting machines in California must be able to produce a paper printout that voters can check to make sure their votes are properly recorded. http://www.latimes.com/news/local/la-me-shelley21nov21,1,847438.story? coll=la-headlines-california Without the ability to (untraceably, unlinkably, of course) verify that this vote is in the vote total, and that no votes other than those who actually voted, are in the vote total, this is all meaningless. David Chaum has described a system where each voter gets a piece of paper which includes their vote, encrypted so they can't prove how they voted. The images of these pieces of paper are also posted on a web page, so the voters can look up their encrypted ballots to verify that their votes are being counted. These votes are passed through a number of mixes, which may be run by different organizations before they are completely decrypted and counted. (The mixes prevent a decrypted ballot from being associated with an input, encrypted ballot.) The encryption of the ballots is performed by over-printing the plain-text ballots, so the voter can verify the ballot's correctness before it is encrypted. The mixes are verified by random inspection. This system seems to meet the above requirements. Now, I can think of some ways to cheat with this system, but they are all a lot more likely to be found than cheats with the current systems. The big knock on all-electronic voting machines is that they are a step backwards in independent verification and audit from paper ballots, or even punch cards. (Yes, you can argue about hanging chad, pregnant chad, dimpled chad etc., but at least you have something tangible that represents each ballot.) The saving grace of the old mechanical voting machines is that they are mechanical, and hard to modify for cheating. Most anyone on this list can imagine the program in an electronic voting machine being different from the one that was audited and approved. That's hard to do with a mechanical system. We have seen failures where the mechanical systems lost all the votes made on them however, a failure that seems possible with the electronic systems as well. IMHO, the problem with Chaum's systems is that it is complex. I think that saving a printed paper ballot, along with the electronic totals, gives much the same level of security and assurance, with a system that the average voter can understand. Cheers - Bill - Bill Frantz| There's nothing so clear as a | Periwinkle (408)356-8506 | vague idea you haven't written | 16345 Englewood Ave www.pwpconsult.com | down yet. -- Dean Tribble | Los Gatos, CA 95032
Re: e voting
At 9:19 AM -0800 11/21/03, Tim May wrote: On Nov 21, 2003, at 8:16 AM, Major Variola (ret.) wrote: Secretary of State Kevin Shelley is expected to announce today that as of 2006, all electronic voting machines in California must be able to produce a paper printout that voters can check to make sure their votes are properly recorded. http://www.latimes.com/news/local/la-me-shelley21nov21,1,847438.story? coll=la-headlines-california Without the ability to (untraceably, unlinkably, of course) verify that this vote is in the vote total, and that no votes other than those who actually voted, are in the vote total, this is all meaningless. David Chaum has described a system where each voter gets a piece of paper which includes their vote, encrypted so they can't prove how they voted. The images of these pieces of paper are also posted on a web page, so the voters can look up their encrypted ballots to verify that their votes are being counted. These votes are passed through a number of mixes, which may be run by different organizations before they are completely decrypted and counted. (The mixes prevent a decrypted ballot from being associated with an input, encrypted ballot.) The encryption of the ballots is performed by over-printing the plain-text ballots, so the voter can verify the ballot's correctness before it is encrypted. The mixes are verified by random inspection. This system seems to meet the above requirements. Now, I can think of some ways to cheat with this system, but they are all a lot more likely to be found than cheats with the current systems. The big knock on all-electronic voting machines is that they are a step backwards in independent verification and audit from paper ballots, or even punch cards. (Yes, you can argue about hanging chad, pregnant chad, dimpled chad etc., but at least you have something tangible that represents each ballot.) The saving grace of the old mechanical voting machines is that they are mechanical, and hard to modify for cheating. Most anyone on this list can imagine the program in an electronic voting machine being different from the one that was audited and approved. That's hard to do with a mechanical system. We have seen failures where the mechanical systems lost all the votes made on them however, a failure that seems possible with the electronic systems as well. IMHO, the problem with Chaum's systems is that it is complex. I think that saving a printed paper ballot, along with the electronic totals, gives much the same level of security and assurance, with a system that the average voter can understand. Cheers - Bill - Bill Frantz| There's nothing so clear as a | Periwinkle (408)356-8506 | vague idea you haven't written | 16345 Englewood Ave www.pwpconsult.com | down yet. -- Dean Tribble | Los Gatos, CA 95032
Re: Freedomphone
At 4:40 PM -0800 11/20/03, Ralf-P. Weinmann wrote: Hmm.. Does this mean the users have to read of SHA-256 hash values to each other after the connection has been established? Oh. Right. It says Readout hash based key authentication on the left hand side of the spec. You probably don't have to read all 256 bits. One way this had been handled (in the Starium (sp?) phone), is to display a number derived from the hash. One person reads the first half of the number, and the other person reads the second half. If both halves verify, there is no man-in-the-middle. The length of the number determines the security, but since it is derived from the Diffie-Hellman exchange, neither side can control its value. Probably 6 digits is enough. ... There should be a means to cache credentials after an initial trust relationship between communicating parties has been established. Cache entries would be a way for someone who obtains the phone to be able to trace your contacts. (So would a in-phone address book.) Automatic authentication also might make it easier to spoof the phone's owner. Cheers - Bill - Bill Frantz| There's nothing so clear as a | Periwinkle (408)356-8506 | vague idea you haven't written | 16345 Englewood Ave www.pwpconsult.com | down yet. -- Dean Tribble | Los Gatos, CA 95032
Palladium/TCPA/NGSCB
Mark Miller pointed out to me that currently much of our protection from viruses comes from people at the anti-virus companies who quickly grab each new virus, reverse engineer it, and send out information about its payload and effects. Any system which hides code from reverse engineering will make this process more difficult. To the extend that Palladium/TCPA/NGSCB hides code, and to the extent it succeeds at this hiding, the more it encourages new and more pervasive viruses. Cheers - Bill - Bill Frantz| There's nothing so clear as a | Periwinkle (408)356-8506 | vague idea you haven't written | 16345 Englewood Ave www.pwpconsult.com | down yet. -- Dean Tribble | Los Gatos, CA 95032
Palladium/TCPA/NGSCB
Mark Miller pointed out to me that currently much of our protection from viruses comes from people at the anti-virus companies who quickly grab each new virus, reverse engineer it, and send out information about its payload and effects. Any system which hides code from reverse engineering will make this process more difficult. To the extend that Palladium/TCPA/NGSCB hides code, and to the extent it succeeds at this hiding, the more it encourages new and more pervasive viruses. Cheers - Bill - Bill Frantz| There's nothing so clear as a | Periwinkle (408)356-8506 | vague idea you haven't written | 16345 Englewood Ave www.pwpconsult.com | down yet. -- Dean Tribble | Los Gatos, CA 95032
Re: GPG Sig test
At 7:31 PM -0700 9/9/03, Mark Renouf wrote: Can someone verify this message? Someone told me that my signatures were coming up invalide for some reason. I just created a new key recently (old one expired months ago). I just uploaded it to keyserver.pgp.net Thanks! -- Mark Renouf [EMAIL PROTECTED] [demime 0.97c removed an attachment of type application/pgp-signature which had a name of signature.asc] For some reason this mail tickled my sense of humor. Try sending the message without MIME. Cheers - Bill - Bill Frantz | A Jobless Recovery is | Periwinkle -- Consulting (408)356-8506 | like a Breadless Sand- | 16345 Englewood Ave. [EMAIL PROTECTED] | wich. -- Steve Schear | Los Gatos, CA 95032, USA
Responding to orders which include a secrecy requirement
The Java Anonymous Proxy (JAP) service, your local library, and you, among others need to develop a response should you be served with an order (court or otherwise) to produce information which includes the requirement that you keep the order secret. There are a large number of responses one could use. Some of them might be: * Cooperate. * Take the service down. * Publicly refuse to cooperate. * Publicly announce that you are being monitored. * Stop saying that the service is not monitored. * Appear to cooperate, but provide false information. * etc. Please keep in mind when reading the following analysis that I am not a lawyer. Cooperation seems to be the safest from a short term legal standpoint. However, to the extent it encourages the police state, it is dangerous in the long term. Taking the service down is an obvious response. It is a difficult response for your public library to implement. In addition, a strict enough secrecy order could require you to keep the service up. Publicly refusing to cooperate is the most honorable response, and will probably end you up in jail for an indefinite term on contempt charges. This is the path of civil disobedience, followed by a number of heros in past encounters with totalitarianism. Publicly announcing that you are being monitored will probably end up with the same contempt charges as a public refusal to cooperate, coupled with the possibility of the dishonorable act of breaking your word (depending on your terms of service). Stopping your notification that the service is not monitored can be forbidden by a strict enough secrecy order. It may be the least legally risky of the options. The fact that you will stop notification should be included in your terms of service. Providing false information is an interesting option, but I think you are legal toast if you are caught doing it. One can get a lot of amusement from considering who to implicate in place of the real anonymous user. Cheers - Bill - Bill Frantz | A Jobless Recovery is | Periwinkle -- Consulting (408)356-8506 | like a Breadless Sand- | 16345 Englewood Ave. [EMAIL PROTECTED] | wich. -- Steve Schear | Los Gatos, CA 95032, USA
Responding to orders which include a secrecy requirement
The Java Anonymous Proxy (JAP) service, your local library, and you, among others need to develop a response should you be served with an order (court or otherwise) to produce information which includes the requirement that you keep the order secret. There are a large number of responses one could use. Some of them might be: * Cooperate. * Take the service down. * Publicly refuse to cooperate. * Publicly announce that you are being monitored. * Stop saying that the service is not monitored. * Appear to cooperate, but provide false information. * etc. Please keep in mind when reading the following analysis that I am not a lawyer. Cooperation seems to be the safest from a short term legal standpoint. However, to the extent it encourages the police state, it is dangerous in the long term. Taking the service down is an obvious response. It is a difficult response for your public library to implement. In addition, a strict enough secrecy order could require you to keep the service up. Publicly refusing to cooperate is the most honorable response, and will probably end you up in jail for an indefinite term on contempt charges. This is the path of civil disobedience, followed by a number of heros in past encounters with totalitarianism. Publicly announcing that you are being monitored will probably end up with the same contempt charges as a public refusal to cooperate, coupled with the possibility of the dishonorable act of breaking your word (depending on your terms of service). Stopping your notification that the service is not monitored can be forbidden by a strict enough secrecy order. It may be the least legally risky of the options. The fact that you will stop notification should be included in your terms of service. Providing false information is an interesting option, but I think you are legal toast if you are caught doing it. One can get a lot of amusement from considering who to implicate in place of the real anonymous user. Cheers - Bill - Bill Frantz | A Jobless Recovery is | Periwinkle -- Consulting (408)356-8506 | like a Breadless Sand- | 16345 Englewood Ave. [EMAIL PROTECTED] | wich. -- Steve Schear | Los Gatos, CA 95032, USA
Re: Pentagon discovers Assasination Politics, deadpools
At 10:20 AM -0700 7/29/03, Major Variola (ret.) quoted: He said they would recommend that the Pentagon not spend any funds already in place for the program and said they would pull the plug on it during House-Senate budget conference committee negotiations later on this year. Note that properly run, this Ideas Futures market would be a money maker, not a cost center. For only a modest percentage of the winnings, it could be self sustaining. Perhaps someone with a profit motive will pick up the idea. If they don't want the label of Assasination Politics, they can forbid bets on individual deaths, and still have nearly the full field, including wars, revolutions, nonstandard attacks, and elections available for play. (c.f. the way eBay and Yahoo limit themselves.) Cheers - Bill - Bill Frantz | A Jobless Recovery is | Periwinkle -- Consulting (408)356-8506 | like a Breadless Sand- | 16345 Englewood Ave. [EMAIL PROTECTED] | wich. -- Steve Schear | Los Gatos, CA 95032, USA
Re: R.I.P. (was: Re: A 'Funky A.T.M.' Lets You Pay for Purchases Made Online)
On Friday 25 July 2003 11:40, Steve Schear wrote: ... Now that many are un- or under-employed there still doesn't seem to be any activity by those active on this list in this critical infrastructure area. In some sense, we have enough code. Code exists that can be deployed. It may have to go thru the same evolutionary stages the P2P software is going thru (Napster to Kazza to ???) as security problems become serious, but it is deployed now. What we don't have is: * Patent licenses * Easy to use code * Users Techies can work on the ease of use issue, but patent licenses take time and/or money, and users take marketing and sales. Cheers - Bill - Bill Frantz | A Jobless Recovery is | Periwinkle -- Consulting (408)356-8506 | like a Breadless Sand- | 16345 Englewood Ave. [EMAIL PROTECTED] | wich. -- Steve Schear | Los Gatos, CA 95032, USA
Re: Security for Mafiosos and Freedom Fighters
At 8:49 AM -0700 7/16/03, Tim May wrote: (By the way, the USB flashdrive (a 256 MB FlashHopper) I have on my keychain--my physical keychain!--is probably waterproof. The USB port has a little plastic cover which slides on snugly. Until I eventually misplace it, I am using it. I expect the thing is showerproof, though I don't intend to test it. Water resistance can be tested nondestructively with things like Fluorinert, of course. Also, surfers and kayakers often have O-ring sealed gizmos they wear under their wet suits, coming in different sizes. It would be trivial to find one to hold either a USB flashdrive or a Compact Flash card.) Ever since I heard that manufacturers were cleaning assembled boards with soap and water I have wondered just how much you need to protect electronic circuits from water. You obviously don't want to allow them to stay damp so they corrode, but immersion for a time (up to weeks) followed by a fresh water rinse and drying might not be so bad. Do any hardware experts have an opinion? Cheers - Bill - Bill Frantz | A Jobless Recovery is | Periwinkle -- Consulting (408)356-8506 | like a Breadless Sand- | 16345 Englewood Ave. [EMAIL PROTECTED] | wich. -- Steve Schear | Los Gatos, CA 95032, USA
Re: An attack on paypal
At 11:01 AM -0700 6/11/03, Major Variola (ret) wrote: At 03:39 PM 6/10/03 -0700, Bill Frantz wrote: IMHO, the problem is that the C language is just too error prone to be used for most software. In Thirty Years Later: Lessons from the Multics Security Evaluation, Paul A. Karger and Roger R. Schell www.acsac.org/2002/papers/classic-multics.pdf credit the use of PL/I for the lack of buffer overruns in Multics. However, in the Unix/Linux/PC/Mac world, a successor language has not yet appeared. What about Java? Apart from implementation bugs, its secure by design. Java is certainly an improvement for buffer overruns. (The last estimate I heard was that 1/3 of the penetrations were due to buffer overruns.) Java is still semi-intrepreted, so it is probably too slow for some applications. However Java is being used for server-side scripting with web servers, where the safety of the language is a definite advantage. Of course, when you cover one hole, people move on to others. Server-side Java is succeptable to SQL injection attacks for example. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: An attack on paypal
At 5:12 PM -0700 6/8/03, Anne Lynn Wheeler wrote: somebody (else) commented (in the thread) that anybody that currently (still) writes code resulting in buffer overflow exploit maybe should be thrown in jail. A nice essay, partially on the need to include technological protections against human error, included the above paragraph. IMHO, the problem is that the C language is just too error prone to be used for most software. In Thirty Years Later: Lessons from the Multics Security Evaluation, Paul A. Karger and Roger R. Schell www.acsac.org/2002/papers/classic-multics.pdf credit the use of PL/I for the lack of buffer overruns in Multics. However, in the Unix/Linux/PC/Mac world, a successor language has not yet appeared. YMMV - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: SIGINT planes vs. radioisotope mapping
At 8:52 PM -0700 6/5/03, Randy wrote: And if any of the copper is carrying digital data, square waves are hugely rich in harmonics well up into the MHz bands, and would therefore tend to radiate better from any above-ground wires between poles, possibly even roadside pedestals. Note that the copper in your Cat 5 Ethernet cable is treated as a transmission line. It is correctly terminated at both ends, so there is very little RF radiation. If there were a lot of RF, it would interfere with things like TV, cell phones etc. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Trials for those undermining the war effort
At 8:02 PM -0800 4/2/03, Kevin S. Van Horn wrote: In other words, you can't formulate a cogent argument against this point. Ever heard of the Ten Commandments? Most of these deal with treating others well. My reading says that five commandments deal with people's relationship with god and five deal with people's relationship with each other. ... my own religious upbringing taught me to view it as a deeply shameful thing to lie, steal, strike a woman, etc. You simply couldn't do these things and still feel good about yourself. This kind of endogenous aversion to antisocial behavior is sorely lacking in post-Christian America. I somehow was brought up the same way, but without a significant religious component. Perhaps these are the ways every tribe teaches it's members to relate to one another. c.f. TRUST: Human Nature and the Reconstitution of Social Order by Francis Fukuyama for the way family replaces tribe in some societies. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Logging of Web Usage
At 6:16 PM -0800 4/2/03, Seth David Schoen wrote: Bill Frantz writes: The http://cryptome.org/usage-logs.htm URL says: Low resolution data in most cases is intended to be sufficient for marketing analyses. It may take the form of IP addresses that have been subjected to a one way hash, to refer URLs that exclude information other than the high level domain, or temporary cookies. Note that since IPv4 addresses are 32 bits, anyone willing to dedicate a computer for a few hours can reverse a one way hash by exhaustive search. Truncating IPs seems a much more privacy friendly approach. This problem would be less acute with IPv6 addresses. I'm skeptical that it will even take a few hours; on a 1.5 GHz desktop machine, using openssl speed, I see about a million hash operations per second. (It depends slightly on which hash you choose.) This is without compiling OpenSSL with processor-specific optimizations. Ah yes, I haven't updated my timings for the new machines that are faster than my 550Mhz. :-) The only other item is importance is that the exhaustive search time isn't the time to reverse one IP, but the time to reverse all the IPs that have been recorded. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Foreign adventures and economic imperialism
At 11:54 AM -0800 4/3/03, Tim May wrote: If my neighbor wishes to contribute to the Ruwandans or the Iraqi Liberation Front, he is welcome to. Operation Iraqi Liberation has a better acronym. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Logging of Web Usage
At 2:58 PM -0800 4/2/03, John Young wrote: Ben, Would you care to comment for publication on web logging described in these two files: http://cryptome.org/no-logs.htm http://cryptome.org/usage-logs.htm Cryptome invites comments from others who know the capabilities of servers to log or not, and other means for protecting user privacy by users themselves rather than by reliance upon privacy policies of site operators and government regulation. This relates to the data retention debate and current initiatives of law enforcement to subpoena, surveil, steal and manipulate log data. Thanks, John The http://cryptome.org/usage-logs.htm URL says: Low resolution data in most cases is intended to be sufficient for marketing analyses. It may take the form of IP addresses that have been subjected to a one way hash, to refer URLs that exclude information other than the high level domain, or temporary cookies. Note that since IPv4 addresses are 32 bits, anyone willing to dedicate a computer for a few hours can reverse a one way hash by exhaustive search. Truncating IPs seems a much more privacy friendly approach. This problem would be less acute with IPv6 addresses. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Missile -launchers in iraq
At 4:05 PM -0800 3/31/03, Neil Johnson wrote: - They don't want the US to be able to justify the invasion, See we told you they had WMD, we had to go in. If I were Iraq, I would make sure that any WoMD that survived the inspections were destroyed and all traces removed as part of an after-the-hot-war strategy. (I also wonder when some our other good friends, like North Korea will decide that the US is committed enough to Iraq to try throwing their weight around.) Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Missile -launchers in iraq
At 4:05 PM -0800 3/31/03, Neil Johnson wrote: - They don't want the US to be able to justify the invasion, See we told you they had WMD, we had to go in. If I were Iraq, I would make sure that any WoMD that survived the inspections were destroyed and all traces removed as part of an after-the-hot-war strategy. (I also wonder when some our other good friends, like North Korea will decide that the US is committed enough to Iraq to try throwing their weight around.) Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Trials for those undermining the war effort?
At 5:44 AM -0800 3/31/03, Harmon Seaver wrote: On Mon, Mar 31, 2003 at 10:15:46AM +0100, Steve Mynott wrote: 3. Wicca is a modern invention. Hardly. WEIK- [2]. In words connectid with magic and religious notions (in Germanic and Latin). 1. Germanic suffixed form *WIH-L- in Old English WIGLE, divination, sorcery, akin to the Germanic source of Old French GUILE, cunning trickery: GUILE. 2. Germanic expressive form *WIKK- in: a. Old English WICCA, wizard, and WICCE, witch: WITCH; b. Old English WICCIAN, to cast a spell: BEWITCH. My ODE defines Wicche as an obsolete word meaning witch. Now, one can argue whether the modern concept of Wicca has any relation to the old northern European religions, but the word seems be based on fairly old roots. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Trials for those undermining the war effort?
At 5:44 AM -0800 3/31/03, Harmon Seaver wrote: On Mon, Mar 31, 2003 at 10:15:46AM +0100, Steve Mynott wrote: 3. Wicca is a modern invention. Hardly. WEIK- [2]. In words connectid with magic and religious notions (in Germanic and Latin). 1. Germanic suffixed form *WIH-L- in Old English WIGLE, divination, sorcery, akin to the Germanic source of Old French GUILE, cunning trickery: GUILE. 2. Germanic expressive form *WIKK- in: a. Old English WICCA, wizard, and WICCE, witch: WITCH; b. Old English WICCIAN, to cast a spell: BEWITCH. My ODE defines Wicche as an obsolete word meaning witch. Now, one can argue whether the modern concept of Wicca has any relation to the old northern European religions, but the word seems be based on fairly old roots. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: U.S. Drops 'E-Bomb' On Iraqi TV
At 6:59 AM -0800 3/27/03, Gabriel Rocha wrote: On Thu, Mar 27, at 06:33AM, Mike Rosing wrote: [EMAIL PROTECTED]:~$ host www.aljazeera.net www.aljazeera.net has address 216.34.94.186 This is from the US, fyi. It also works (and even resolves to the same thing :) from other hosts outside the US) I get some really interesting answers. (I do so like looking at myself): % dig @64.105.172.26 www.aljazeera.net ; DiG 8.3 @64.105.172.26 www.aljazeera.net ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 4 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4 ;; QUERY SECTION: ;; www.aljazeera.net, type = A, class = IN ;; ANSWER SECTION: www.aljazeera.net. 2M IN A 127.0.0.1 ;; AUTHORITY SECTION: aljazeera.net. 2M IN NSns1.mydomain.com. aljazeera.net. 2M IN NSns2.mydomain.com. aljazeera.net. 2M IN NSns3.mydomain.com. aljazeera.net. 2M IN NSns4.mydomain.com. ;; ADDITIONAL SECTION: ns1.mydomain.com. 30M IN A64.94.117.195 ns2.mydomain.com. 30M IN A216.52.121.228 ns3.mydomain.com. 30M IN A66.150.161.130 ns4.mydomain.com. 30M IN A63.251.83.74 ;; Total query time: 212 msec ;; FROM: G4.local. to SERVER: 64.105.172.26 64.105.172.26 ;; WHEN: Thu Mar 27 14:53:35 2003 ;; MSG SIZE sent: 35 rcvd: 199 - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: [gulfwar-2] Al-Jazeera Calls... - strategy proposal (fwd)
At 5:12 PM -0800 3/27/03, Greg Broiles wrote: Are they going to do it? Seems unlikely to me - ultimately they're not motivated by a desire to bring the truth to the world (or we wouldn't trust them), they're motivated by a desire to make money, probably by licensing their content to satellite operators, cable TV operators, or by selling ad space/time to commercial sponsors. Freenet distribution doesn't help them make money licensing content, and it's difficult to sell ads if you don't have good data about viewership and their demographics, given the attenuated relationship between media ads and subsequent purchases. I beg to differ with you here. If the content is signed, then the signed content can include the ads. That binding will create an incentive to keep the ad and the content together. Getting an idea of the readership might be possible with the older file sharing networks by finding which machines have the files. In the end, of course, Al-Jazeera will have to decide whether bypassing censorship while under attack, with the expected increase in readership, and loss of detailed readership information is worth it. It would certainly give the file sharing networks an A1, ACLU approvable, reason for existence. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: U.S. Drops 'E-Bomb' On Iraqi TV
At 6:59 AM -0800 3/27/03, Gabriel Rocha wrote: On Thu, Mar 27, at 06:33AM, Mike Rosing wrote: [EMAIL PROTECTED]:~$ host www.aljazeera.net www.aljazeera.net has address 216.34.94.186 This is from the US, fyi. It also works (and even resolves to the same thing :) from other hosts outside the US) I get some really interesting answers. (I do so like looking at myself): % dig @64.105.172.26 www.aljazeera.net ; DiG 8.3 @64.105.172.26 www.aljazeera.net ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 4 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4 ;; QUERY SECTION: ;; www.aljazeera.net, type = A, class = IN ;; ANSWER SECTION: www.aljazeera.net. 2M IN A 127.0.0.1 ;; AUTHORITY SECTION: aljazeera.net. 2M IN NSns1.mydomain.com. aljazeera.net. 2M IN NSns2.mydomain.com. aljazeera.net. 2M IN NSns3.mydomain.com. aljazeera.net. 2M IN NSns4.mydomain.com. ;; ADDITIONAL SECTION: ns1.mydomain.com. 30M IN A64.94.117.195 ns2.mydomain.com. 30M IN A216.52.121.228 ns3.mydomain.com. 30M IN A66.150.161.130 ns4.mydomain.com. 30M IN A63.251.83.74 ;; Total query time: 212 msec ;; FROM: G4.local. to SERVER: 64.105.172.26 64.105.172.26 ;; WHEN: Thu Mar 27 14:53:35 2003 ;; MSG SIZE sent: 35 rcvd: 199 - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Things are looking better all the time
At 7:05 PM -0800 3/24/03, Declan McCullagh wrote: Or perhaps we'll see someone take a GPS-controlled small plane, which can carry 1,000 lbs, and turn it into a flying bomb or delivery system for something quite noxious. These planes can be rented by the hour at hundreds of small to medium sized airports around the U.S. Though I don't know if the autopilot is configurable enough to let an attacker program it to head to a certain altitude at a certain location and then bail out via parachute. The simplest autopilots just keep the wings level. Almost equally common are ones that can follow a radio location signal (VHF Onmi-Range (VOR) usually). Altitude hold is less common, as are autopilots that can follow an Instrument Landing System (ILS) in both azimuth and elevation. In theory, one could set up an attack where the plane follows a VOR to the target. If the payload is chemical or biological, dispersing it at altitude might be what is wanted. Otherwise additional equipment will be needed to crash the plane into the ground. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Things are looking better all the time
At 7:05 PM -0800 3/24/03, Declan McCullagh wrote: Or perhaps we'll see someone take a GPS-controlled small plane, which can carry 1,000 lbs, and turn it into a flying bomb or delivery system for something quite noxious. These planes can be rented by the hour at hundreds of small to medium sized airports around the U.S. Though I don't know if the autopilot is configurable enough to let an attacker program it to head to a certain altitude at a certain location and then bail out via parachute. The simplest autopilots just keep the wings level. Almost equally common are ones that can follow a radio location signal (VHF Onmi-Range (VOR) usually). Altitude hold is less common, as are autopilots that can follow an Instrument Landing System (ILS) in both azimuth and elevation. In theory, one could set up an attack where the plane follows a VOR to the target. If the payload is chemical or biological, dispersing it at altitude might be what is wanted. Otherwise additional equipment will be needed to crash the plane into the ground. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: What shall we do with a bad government...
At 7:28 PM -0800 3/20/03, Tim May wrote: Shrubya doesn't care, as he just raises taxes. (Or he squawks and whines as Congress raises taxes, same difference.) Tim - I don't think the cowboy (aka Shrubya) knows enough economics to realize that, in the long term, income and expenditure must be in some kind of rough balance. He's always been able to lean on daddy's money. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Libertarian Party expresses concern over war -- but does not
At 7:52 PM -0800 3/20/03, Tim May wrote:But the imperial power goes after the skinny kid it knows it can beat up, not the greater threats in the region (and in the world). Grenada, Panama, Iraq, Afghanistan, and Iraq again. But not North Korea, not China, not Saudi Arabia, not Russia, not Pakistan, and not Germany or France. One view of the war in Iraq is that it is to assure an oil supply so we can take on Saudi Arabia, home of three quarters of the 911 hijackers. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Journalists, Diplomats, Others Urged to Evacuate City
At 2:59 PM -0800 3/19/03, Tim May wrote: The greater threat is that access to one's home is impaired, or a car breakdown occurs, which is why carrying a bag in a vehicle makes so much sense: a shovel for digging out, a few blankets or a sleeping bag, water, a flashlight, flares and other road emergency supplies, maybe a GPS, a transistor radio, spare batteries, simple food rations, a few tools, and some small assortment of extra junk like duct tape, fishing line, wire, etc. And the gun I mentioned. If you go to any of the National Parks with a bear problem (e.g. Sequoia/Kings Canyon and Yosemite in California), be very careful what kind of food you carry. Bears have a very good sense of smell, can recognize food packages, and have been known to tear the doors off cars to get to food. More annoyingly, they will check out anything that smells, including hand lotion and toothpaste. I don't think that canned food smells enough to cause a problem, but it must be kept out of sight. (The rangers may disagree with me here. If any of these kinds of things are in sight, you will get a notice on your car (if you are lucky), or a ticket. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Journalists, Diplomats, Others Urged to Evacuate City
At 2:59 PM -0800 3/19/03, Tim May wrote: The greater threat is that access to one's home is impaired, or a car breakdown occurs, which is why carrying a bag in a vehicle makes so much sense: a shovel for digging out, a few blankets or a sleeping bag, water, a flashlight, flares and other road emergency supplies, maybe a GPS, a transistor radio, spare batteries, simple food rations, a few tools, and some small assortment of extra junk like duct tape, fishing line, wire, etc. And the gun I mentioned. If you go to any of the National Parks with a bear problem (e.g. Sequoia/Kings Canyon and Yosemite in California), be very careful what kind of food you carry. Bears have a very good sense of smell, can recognize food packages, and have been known to tear the doors off cars to get to food. More annoyingly, they will check out anything that smells, including hand lotion and toothpaste. I don't think that canned food smells enough to cause a problem, but it must be kept out of sight. (The rangers may disagree with me here. If any of these kinds of things are in sight, you will get a notice on your car (if you are lucky), or a ticket. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
RE: Unauthorized Journalists to be shot at
At 7:12 AM -0800 3/14/03, Trei, Peter wrote: If the US military does Really Bad Things to Iraqi civilians with any frequency, I have little doubt we'll hear about it in time. There are journalists 'embedded' in many units. In the credit where credit's due department, this change in press relations is one of the better things to come out of the G. W. Bush administration. Compared with the way the press was handled during Gulf War I, this approach is much more likely to bring incidents such as Mai Lai to the light of day. (It also should produce a much better version of, War, the Latest Reality Show, coming to a TV network near you.) Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Brinwear at Benetton.
At 8:03 AM -0800 3/14/03, Steve Schear wrote: Wonder what happens when one of the tags is placed in a microwave oven. Its likely to do some instant damage without harming many tagged articles, if they aren't left in long. I would think that the RFID manufactures would WANT to design their tags for such easy destruction to placate consumer privacy fears. Some doctors recommend microwaving clothing to inhibit diseases that can live in the clothing and re-infect the wearer. I don't know what will happen to dry-clean only stuff. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
RE: Unauthorized Journalists to be shot at
At 7:12 AM -0800 3/14/03, Trei, Peter wrote: If the US military does Really Bad Things to Iraqi civilians with any frequency, I have little doubt we'll hear about it in time. There are journalists 'embedded' in many units. In the credit where credit's due department, this change in press relations is one of the better things to come out of the G. W. Bush administration. Compared with the way the press was handled during Gulf War I, this approach is much more likely to bring incidents such as Mai Lai to the light of day. (It also should produce a much better version of, War, the Latest Reality Show, coming to a TV network near you.) Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Claim: Quietness of computers will win out over TEMPEST surveillance
At 3:34 PM -0800 3/12/03, Tim May wrote: Truly sensitive communications may be best done on laptops, even laptops in metal mesh bags. (Either with one's head poked into the bag, or a bag big enough to enclose the user and laptop, etc.) You probably want to use a fiber optics cable for the link to the outside of the bag. Assuming that it is entirely non-conductive (fiber + the covering), it will not tend to act as an antenna for the RF from your laptop. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Claim: Quietness of computers will win out over TEMPEST surveillance
At 3:34 PM -0800 3/12/03, Tim May wrote: Truly sensitive communications may be best done on laptops, even laptops in metal mesh bags. (Either with one's head poked into the bag, or a bag big enough to enclose the user and laptop, etc.) You probably want to use a fiber optics cable for the link to the outside of the bag. Assuming that it is entirely non-conductive (fiber + the covering), it will not tend to act as an antenna for the RF from your laptop. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Fw: Drunk driver detector that radios police
At 10:52 PM -0800 3/6/03, [EMAIL PROTECTED] wrote: A tiny fuel cell that detects the alcoholic breath of a drink-driver and calls the police has been developed by a team of engineers at Texas Christian University. A pump draws air in from the passenger cabin, a platinum catalyst converts any alcohol to acetic acid, which then produces a current proportional to the concentration of alcohol in the air. A chip analyses the data, and if it is too high, turns on a wireless transmitter that calls the police. So much for the sober designated driver with a load of drunk passengers. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Fw: Drunk driver detector that radios police
At 10:52 PM -0800 3/6/03, [EMAIL PROTECTED] wrote: A tiny fuel cell that detects the alcoholic breath of a drink-driver and calls the police has been developed by a team of engineers at Texas Christian University. A pump draws air in from the passenger cabin, a platinum catalyst converts any alcohol to acetic acid, which then produces a current proportional to the concentration of alcohol in the air. A chip analyses the data, and if it is too high, turns on a wireless transmitter that calls the police. So much for the sober designated driver with a load of drunk passengers. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
.sig
At 1:08 PM -0800 3/4/03, Tim May quoted: If I'm going to reach out to the the Democrats then I need a third hand.There's no way I'm letting go of my wallet or my gun while they're around. --attribution uncertain, possibly Gunner, on Usenet Would the converse read? If I'm going to reach out to the Republicans then I need a third hand. There's no way I'm letting go of my wallet or my freedom while they're around. It seems to me that right now, my wallet is at risk due to the rise in federal debt, whether by depleting my savings through inflation, or by higher future taxes to pay the debt. The attack on freedom, lead by the Republicans, has been commented on so frequently here I don't need to add more. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
.sig
At 1:08 PM -0800 3/4/03, Tim May quoted: If I'm going to reach out to the the Democrats then I need a third hand.There's no way I'm letting go of my wallet or my gun while they're around. --attribution uncertain, possibly Gunner, on Usenet Would the converse read? If I'm going to reach out to the Republicans then I need a third hand. There's no way I'm letting go of my wallet or my freedom while they're around. It seems to me that right now, my wallet is at risk due to the rise in federal debt, whether by depleting my savings through inflation, or by higher future taxes to pay the debt. The attack on freedom, lead by the Republicans, has been commented on so frequently here I don't need to add more. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: interesting (fwd)
At 7:43 PM -0800 3/1/03, Tim May quoted: A human being should be able to change a diaper - yes, plan an invasion - does another group of 4th grader's club house count?, butcher a hog - yes, conn a ship - small ones, design a building - small ones, write a sonnet - no, balance accounts - yes, build a wall - yes, set a bone - my training stops when the bone gets to the hospital, comfort the dying - I've done too much of that recently, take orders - yes, give orders - yes, cooperate - yes, act alone - yes, solve equations - at least some of them, analyze a new problem - many of them, pitch manure - yes, program a computer - yes, cook a tasty meal - yes, fight efficiently - more or less depending, die gallantly - I'm in no hurry to make a demonstration. Specialization is for insects. --Robert A. Heinlein I guess I have to work on the sonnets. (The networking version would be easier.) Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: interesting (fwd)
At 7:43 PM -0800 3/1/03, Tim May quoted: A human being should be able to change a diaper - yes, plan an invasion - does another group of 4th grader's club house count?, butcher a hog - yes, conn a ship - small ones, design a building - small ones, write a sonnet - no, balance accounts - yes, build a wall - yes, set a bone - my training stops when the bone gets to the hospital, comfort the dying - I've done too much of that recently, take orders - yes, give orders - yes, cooperate - yes, act alone - yes, solve equations - at least some of them, analyze a new problem - many of them, pitch manure - yes, program a computer - yes, cook a tasty meal - yes, fight efficiently - more or less depending, die gallantly - I'm in no hurry to make a demonstration. Specialization is for insects. --Robert A. Heinlein I guess I have to work on the sonnets. (The networking version would be easier.) Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Trivial OTP generation method? (makernd.c)
At 6:11 PM -0800 2/28/03, Thomas Shaddack wrote: Yes. The intention of the check in this version was to prevent operator blunders like feeding the program from a switched-off signal source. Better statistical check would be a good thing, though; however, my math-fu isn't good enough yet to come up with something simple. FIPS-140 is your friend. They did the math. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Trivial OTP generation method? (makernd.c)
At 6:11 PM -0800 2/28/03, Thomas Shaddack wrote: Yes. The intention of the check in this version was to prevent operator blunders like feeding the program from a switched-off signal source. Better statistical check would be a good thing, though; however, my math-fu isn't good enough yet to come up with something simple. FIPS-140 is your friend. They did the math. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: The burn-off of twenty million useless
At 4:55 PM -0800 2/21/03, Bill Stewart wrote: Exactly how Spanish Surname was officially defined is obscure; Aztec-surnamed or Inca-surnamed or Maya-surnamed people generally seem to pass. Mexico and South Texas also had a lot of German immigrants in the 1800s, so there are German-Mexicans with names like Jose Mueller, and I don't know if they pass, or if they're insufficiently part of La Raza. My mother-in-law and father-in-law, recently married, were living in Texas while he finished his training as a B17 navigator. They decided to visit Mexico, and when they were about to return to the US, decided to buy a souvenir. My father-in-law approached a man selling sombreros, and attempted to bargain. Since he spoke no Spanish, and the seller spoke no English, negotiations failed. My father-in-law turned to his wife and said, in Yiddish, He doesn't understand me, lets go. The seller responded in fluent Yiddish, and my father-in-law bought his sombrero. The seller was a Jew who had managed to escape Europe and the Nazis. He had come to Mexico because it was close to the United States, and he really wanted to end up in the US. He ended up selling sombreros just south of the border. I wonder if his children qualify for the is a Hispanic points? Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: The burn-off of Tom Veil
At 11:04 AM -0800 2/21/03, John Kelsey wrote: Social programs in general work this way. It was a goodie being handed out once, but now, it looks to the people involved like a necessity, and they'll fight hard to keep it. This is just as true of social security and farm subsidies as of welfare. Listen to a Republican-voting farmer justify farm subsidies some time. You ought to have to *pay* for that kind of entertainment. (Oh, wait, I *am* paying for it.) In fact, smarter and better educated people will tend to be a lot more effective at fighting for their benefits than less intelligent, poorly educated people. So welfare reform, for all its weirdness, seems to be working much better than the attempts to reform farm subsidies, say. And even with Republicans in control of everything, I'll bet we don't see any major cuts to NEA, say. And now that my mortgage is almost paid off, I can start railing against the mortgage interest deduction. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: To Steve Schear, re Rome, Architects, Shuttles, Congress
At 8:32 PM -0800 2/20/03, Major Variola (ret) wrote: [Aside] I recently learned that back before you needed a license to drive (ca 1930) you would manually adjust the spark timing (!!) according to your engine speed. After handcranking the engine to start. Yes, and you got a broken arm if you didn't retard the spark before you cranked the car. (Hand crank of course) And these days you're supposed to recycle your oil instead of using it to patch the cracks in driveways, so that's another job to pay somebody else to do. Well you can drop off your oil and various places will take it, free. Yes. Our curb side recycling will pick it up. Free too. That's the way to avoid the toxic waste fee at the local oil changers. (I find it takes less time to do it in my driveway too.) And, I still am willing to work on my brake systems. Replacing pads on a disk brake unit is a lot easier than replacing drums. I'm even dumb enough to have replaced bearings in a couple of my transmissions. And had one lock into high gear because I put the parts back on the main shaft in the wrong order. Set a new personal record for removal, disassembly, reassambly, and installation of a transmission after I slipped the clutch to get the car home too. Always get the service manual when you get the car. Just like, always get the source to your security dependent code. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: The burn-off of Tom Veil
At 11:04 AM -0800 2/21/03, John Kelsey wrote: Social programs in general work this way. It was a goodie being handed out once, but now, it looks to the people involved like a necessity, and they'll fight hard to keep it. This is just as true of social security and farm subsidies as of welfare. Listen to a Republican-voting farmer justify farm subsidies some time. You ought to have to *pay* for that kind of entertainment. (Oh, wait, I *am* paying for it.) In fact, smarter and better educated people will tend to be a lot more effective at fighting for their benefits than less intelligent, poorly educated people. So welfare reform, for all its weirdness, seems to be working much better than the attempts to reform farm subsidies, say. And even with Republicans in control of everything, I'll bet we don't see any major cuts to NEA, say. And now that my mortgage is almost paid off, I can start railing against the mortgage interest deduction. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Supressed? speech by Sen. Robert Byrd -- Reckless Administration May Reap Disastrous Consequences
At 1:04 PM -0800 2/14/03, Trei, Peter wrote: This comes from another mailing list. I've confirmed that it's not been reported on by the NYT, the Washington Post, or the Boston Globe. http://www.commondreams.org/views03/0212-07.htm FWIW - This speech was reprinted as an op-ed piece in today's San Francisco Chronicle. Of course you don't have to pay attention to the opinions of people in San Francisco... Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: To Steve Schear, re Rome, Architects, Shuttles, Congress
At 8:32 PM -0800 2/20/03, Major Variola (ret) wrote: [Aside] I recently learned that back before you needed a license to drive (ca 1930) you would manually adjust the spark timing (!!) according to your engine speed. After handcranking the engine to start. Yes, and you got a broken arm if you didn't retard the spark before you cranked the car. (Hand crank of course) And these days you're supposed to recycle your oil instead of using it to patch the cracks in driveways, so that's another job to pay somebody else to do. Well you can drop off your oil and various places will take it, free. Yes. Our curb side recycling will pick it up. Free too. That's the way to avoid the toxic waste fee at the local oil changers. (I find it takes less time to do it in my driveway too.) And, I still am willing to work on my brake systems. Replacing pads on a disk brake unit is a lot easier than replacing drums. I'm even dumb enough to have replaced bearings in a couple of my transmissions. And had one lock into high gear because I put the parts back on the main shaft in the wrong order. Set a new personal record for removal, disassembly, reassambly, and installation of a transmission after I slipped the clutch to get the car home too. Always get the service manual when you get the car. Just like, always get the source to your security dependent code. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Supressed? speech by Sen. Robert Byrd -- Reckless Administration May Reap Disastrous Consequences
At 1:04 PM -0800 2/14/03, Trei, Peter wrote: This comes from another mailing list. I've confirmed that it's not been reported on by the NYT, the Washington Post, or the Boston Globe. http://www.commondreams.org/views03/0212-07.htm FWIW - This speech was reprinted as an op-ed piece in today's San Francisco Chronicle. Of course you don't have to pay attention to the opinions of people in San Francisco... Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: The burn-off of twenty million useless eaters and minorities
At 5:53 PM -0800 2/17/03, Tyler Durden wrote: Any kid coming to school with a knife or gun gets thrown out, period. Gee, when I was in high school, I was on the high school rifle team. I still have the varsity letter with the crossed rifles on it. Our ammo was paid for by the US military, who wanted recruits who could shoot. I brought my gun to school at the beginning of the season, and took it home at the end. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
RE: Hacking the Bush War Machine
At 1:21 PM -0800 2/13/03, Blanc wrote: (and how long are people supposed to stay taped up in their room, they haven't said, either. And where would the bad gas go - over to somebody else's neighborhood?) I guess beans are officially off the American diet. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
RE: Hacking the Bush War Machine
At 1:21 PM -0800 2/13/03, Blanc wrote: (and how long are people supposed to stay taped up in their room, they haven't said, either. And where would the bad gas go - over to somebody else's neighborhood?) I guess beans are officially off the American diet. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA
Re: Something conspicuously missing from the media survival lists
At 10:44 AM -0800 2/11/03, Tim May wrote: But in postmodern America mentioning guns is simply NOT DONE. Not even on the Fox Network, a more rightward network than the others. (Being right no longer means mentioning guns, as Ashcroft and Cheney and the like would prefer that guns be in the hands of der polizei. There's a reason Hitler confiscated guns held privately by Germans.) I thought Ashcroft was on record as stating that the second amendment confered an individual right to own arms. Are his actions are not in accord with his words? Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the Ameican | 16345 Englewood Ave. [EMAIL PROTECTED] | way. | Los Gatos, CA 95032, USA
Re: Something conspicuously missing from the media survival lists
At 10:44 AM -0800 2/11/03, Tim May wrote: But in postmodern America mentioning guns is simply NOT DONE. Not even on the Fox Network, a more rightward network than the others. (Being right no longer means mentioning guns, as Ashcroft and Cheney and the like would prefer that guns be in the hands of der polizei. There's a reason Hitler confiscated guns held privately by Germans.) I thought Ashcroft was on record as stating that the second amendment confered an individual right to own arms. Are his actions are not in accord with his words? Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the Ameican | 16345 Englewood Ave. [EMAIL PROTECTED] | way. | Los Gatos, CA 95032, USA
Re: Forced Oaths to Pieces of Cloth
At 6:55 AM -0800 2/9/03, Sunder wrote: And also freedom of religion. Forcing someone to say Under God for example. Back in the dark ages (the 1950s, and don't anyone get nostalgic for them), when the phrase under god was added to the pledge, I was a student in school. From what they had taught me, I knew then that this addition violated the establishment of religion clause. The solution I devised was to simply remain silent when this phrase was said. Unfortunately having started to question the relation between the pledge and the ideals of the country, I started to wonder why I was pledging to the flag, instead of the country. So over the years, I have a somewhat edited version (removed parts in brackets): I pledge allegiance to [the flag of] the United States of America [and to the republic for which it stands], one nation [under god], indivisible, with liberty and justice for all. Except for the fact that one should not trust pledges that are made under coercion, I am reasonably comfortable with this edited version. It expresses the ideal nation that I wish the United States would become. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the Ameican | 16345 Englewood Ave. [EMAIL PROTECTED] | way. | Los Gatos, CA 95032, USA
Re: Forced Oaths to Pieces of Cloth
At 6:55 AM -0800 2/9/03, Sunder wrote: And also freedom of religion. Forcing someone to say Under God for example. Back in the dark ages (the 1950s, and don't anyone get nostalgic for them), when the phrase under god was added to the pledge, I was a student in school. From what they had taught me, I knew then that this addition violated the establishment of religion clause. The solution I devised was to simply remain silent when this phrase was said. Unfortunately having started to question the relation between the pledge and the ideals of the country, I started to wonder why I was pledging to the flag, instead of the country. So over the years, I have a somewhat edited version (removed parts in brackets): I pledge allegiance to [the flag of] the United States of America [and to the republic for which it stands], one nation [under god], indivisible, with liberty and justice for all. Except for the fact that one should not trust pledges that are made under coercion, I am reasonably comfortable with this edited version. It expresses the ideal nation that I wish the United States would become. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the Ameican | 16345 Englewood Ave. [EMAIL PROTECTED] | way. | Los Gatos, CA 95032, USA
Re: Two Finalists Are Selected for the Void at Ground Zero
At 12:50 AM -0800 2/6/03, John Young wrote: Vinoly's and Schwartz's design for a symbolic aircraft stabbed into both towers is gutsily disrespectful of towering architecture as a flag waver begging for assault. I kind of like the idea of 5 towers arranged in a semicircle. The middle tower would be the tallest with the two on either side getting shorter the further they are from the center. The bulge of the semicircle would point ESE, basically toward Afghanistan and Saudi Arabia. The whole idea seems to me to sum up a common New York attitude. :-) Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the Ameican | 16345 Englewood Ave. [EMAIL PROTECTED] | way. | Los Gatos, CA 95032, USA
Re: The Statism Meme
At 2:39 PM -0800 2/4/03, André Esteves wrote: in Northern Italy they live close to Switzerland... What more can be said... A car, a suitcase and a weekend in Geneva with a numbered account. I'd go to St. Moritz. It's closer, has better skiing, and the Swiss banks have discovered branch banking. :-) - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the Ameican | 16345 Englewood Ave. [EMAIL PROTECTED] | way. | Los Gatos, CA 95032, USA
Re: Say goodbye to the ISS
At 8:27 PM -0800 2/2/03, Steve Schear wrote: As some friends in the U.S. space program had privately predicted, and the New York Times is today reporting, unless the problem with the Shuttle can be quickly identified and convincingly rectified to worried legislators, the International Space Station may have to be moth balled and the NASA manned space program put on hold. http://www.nytimes.com/2003/02/02/science/02cnd-stati.html I heard someone today suggesting that it was time to replace the shuttle. After all, it's 25 year old technology. I kind of expect a program to be proposed with all the usual reasons why it is good for the country. - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the Ameican | 16345 Englewood Ave. [EMAIL PROTECTED] | way. | Los Gatos, CA 95032, USA
Re: Real Facts and Good Facts
At 12:26 PM -0800 2/2/03, Eric Cordian quoted: In another teletext moment on CNN, the shuttle was described as traveling at Mock 18. We mach (sic) their idiocy. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the Ameican | 16345 Englewood Ave. [EMAIL PROTECTED] | way. | Los Gatos, CA 95032, USA
Re: Touching shuttle debris may cause bad spirits to invade your body!
At 10:19 AM -0800 2/2/03, Tim May wrote: Last laugh: CNN is carrying (10:06 a.m. PST) an information slug at the bottom of a Wolf Blitzer interview: Columbia was traveling 18 times faster than the speed of light. Yes, speed of light. Please mister spaceman, won't you please take me along for a ride. - J. McGuinn - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the Ameican | 16345 Englewood Ave. [EMAIL PROTECTED] | way. | Los Gatos, CA 95032, USA
Re: Real Facts and Good Facts
At 12:26 PM -0800 2/2/03, Eric Cordian quoted: In another teletext moment on CNN, the shuttle was described as traveling at Mock 18. We mach (sic) their idiocy. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the Ameican | 16345 Englewood Ave. [EMAIL PROTECTED] | way. | Los Gatos, CA 95032, USA
Re: Say goodbye to the ISS
At 8:27 PM -0800 2/2/03, Steve Schear wrote: As some friends in the U.S. space program had privately predicted, and the New York Times is today reporting, unless the problem with the Shuttle can be quickly identified and convincingly rectified to worried legislators, the International Space Station may have to be moth balled and the NASA manned space program put on hold. http://www.nytimes.com/2003/02/02/science/02cnd-stati.html I heard someone today suggesting that it was time to replace the shuttle. After all, it's 25 year old technology. I kind of expect a program to be proposed with all the usual reasons why it is good for the country. - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the Ameican | 16345 Englewood Ave. [EMAIL PROTECTED] | way. | Los Gatos, CA 95032, USA
Re: Touching shuttle debris may cause bad spirits to invade your body!
At 10:19 AM -0800 2/2/03, Tim May wrote: Last laugh: CNN is carrying (10:06 a.m. PST) an information slug at the bottom of a Wolf Blitzer interview: Columbia was traveling 18 times faster than the speed of light. Yes, speed of light. Please mister spaceman, won't you please take me along for a ride. - J. McGuinn - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the Ameican | 16345 Englewood Ave. [EMAIL PROTECTED] | way. | Los Gatos, CA 95032, USA
Re: Who feigned Roger Rabbit?
At 12:04 AM -0800 1/30/03, Tim May wrote: Sometime I take a bus when my car needs to be repaired. From my house to Santa Cruz, a total of 13 miles, it takes a minimum of 80 minutes by bus. For a working person, ... as soon as they can raise the money, they buy cars. Then that 80-minute each way trip drops to 20 minutes. And they can go when they wish, not when the bus schedule permits. I have had one case where taking the train was a big win over driving. I was consulting in San Francisco, about 60 miles from my home. I found that if I rode the train, I could work as I rode, and turn my travel time into billable hours. I also avoided the ruinous parking charges in downtown. Given those facts, I would have taken the train even if the ticket price hadn't been subsidized. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the Ameican | 16345 Englewood Ave. [EMAIL PROTECTED] | way. | Los Gatos, CA 95032, USA
Re: the news from bush's speech...H-power
At 2:24 PM -0800 1/29/03, Eugen Leitl wrote: Feds are sure inefficient, but the random dispersal of funds does tend to hit the far shots now and then. The private sector tends to ruthlessly optimize on the short run (because the long shot doesn't pay if you go broke before you can reap the possible benefits). Back a few years ago, probably back during the great gas crisis (i.e. OPEC) years, there were a lot of small companies working on solar power. As far as I know, they were all bought up by oil companies. Of course, only a paranoid would think that they were bought to suppress a competing technology. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the Ameican | 16345 Englewood Ave. [EMAIL PROTECTED] | way. | Los Gatos, CA 95032, USA
Re: the news from bush's speech...H-power
At 3:43 PM -0800 1/29/03, Tim May wrote: On Wednesday, January 29, 2003, at 03:18 PM, Bill Frantz wrote: Back a few years ago, probably back during the great gas crisis (i.e. OPEC) years, there were a lot of small companies working on solar power. As far as I know, they were all bought up by oil companies. Of course, only a paranoid would think that they were bought to suppress a competing technology. ... The issues are complex, but have zero to do with leftie fantasies about oil companies suppressing technologies. I agree, as I said above. At most the purchase of these companies may have slowed research by not providing as much funding. More likely it speeded research by providing a sponsor with a longer term view than the public capitol markets. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the Ameican | 16345 Englewood Ave. [EMAIL PROTECTED] | way. | Los Gatos, CA 95032, USA
Re: the news from bush's speech...H-power
At 3:43 PM -0800 1/29/03, Tim May wrote: On Wednesday, January 29, 2003, at 03:18 PM, Bill Frantz wrote: Back a few years ago, probably back during the great gas crisis (i.e. OPEC) years, there were a lot of small companies working on solar power. As far as I know, they were all bought up by oil companies. Of course, only a paranoid would think that they were bought to suppress a competing technology. ... The issues are complex, but have zero to do with leftie fantasies about oil companies suppressing technologies. I agree, as I said above. At most the purchase of these companies may have slowed research by not providing as much funding. More likely it speeded research by providing a sponsor with a longer term view than the public capitol markets. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the Ameican | 16345 Englewood Ave. [EMAIL PROTECTED] | way. | Los Gatos, CA 95032, USA
Re: the news from bush's speech...H-power
At 2:24 PM -0800 1/29/03, Eugen Leitl wrote: Feds are sure inefficient, but the random dispersal of funds does tend to hit the far shots now and then. The private sector tends to ruthlessly optimize on the short run (because the long shot doesn't pay if you go broke before you can reap the possible benefits). Back a few years ago, probably back during the great gas crisis (i.e. OPEC) years, there were a lot of small companies working on solar power. As far as I know, they were all bought up by oil companies. Of course, only a paranoid would think that they were bought to suppress a competing technology. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the Ameican | 16345 Englewood Ave. [EMAIL PROTECTED] | way. | Los Gatos, CA 95032, USA
RE: Deniable Thumbdrive? (and taking signal detection seriously)
At 10:11 AM -0800 1/24/03, Major Variola (ret) wrote: You do, of course, have to trust the hardware/OS you use it with. If you don't know the socket, keep your dongle in your pants Given the well documented advantages of poetry over prose in ease of recall, this adage should be, If you don't know the socket, keep your dongle in your pocket. (Think codpieces.) Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the Ameican | 16345 Englewood Ave. [EMAIL PROTECTED] | way. | Los Gatos, CA 95032, USA
RE: Supremes and thieves.
At 2:50 PM -0800 1/21/03, Jack Lloyd wrote: On Tue, 21 Jan 2003, Trei, Peter wrote: The song is sung by Jimmy Stewart, on camera, so a new soundtrack would be tough. Given that they can make dead actors dance in commercials, I can't imagine it would be terribly difficult to do it. Though I know next to nothing about video editing in general, so maybe not. But after making this dead actor sing a different song, it would a new work, and the copyright clock would be reset. Now if someone wants to do the work on an open-source-like basis... Cheers - Bill - Bill Frantz | Sacred cows make the | Periwinkle -- Consulting (408)356-8506 | tastiest hamburgers. | 16345 Englewood Ave. [EMAIL PROTECTED] | - David Wagner | Los Gatos, CA 95032, USA
RE: Supremes and thieves.
At 2:50 PM -0800 1/21/03, Jack Lloyd wrote: On Tue, 21 Jan 2003, Trei, Peter wrote: The song is sung by Jimmy Stewart, on camera, so a new soundtrack would be tough. Given that they can make dead actors dance in commercials, I can't imagine it would be terribly difficult to do it. Though I know next to nothing about video editing in general, so maybe not. But after making this dead actor sing a different song, it would a new work, and the copyright clock would be reset. Now if someone wants to do the work on an open-source-like basis... Cheers - Bill - Bill Frantz | Sacred cows make the | Periwinkle -- Consulting (408)356-8506 | tastiest hamburgers. | 16345 Englewood Ave. [EMAIL PROTECTED] | - David Wagner | Los Gatos, CA 95032, USA
Re: The Plague
At 8:35 PM -0800 1/17/03, Neil Johnson wrote: Few people realize that one of the reasons we live so long today is because of the lowly toliet. This is the source of the observation, Governments are like toilets. They're necessary for public health, but you shouldn't worship them. YMMV - Bill - Bill Frantz | Sacred cows make the | Periwinkle -- Consulting (408)356-8506 | tastiest hamburgers. | 16345 Englewood Ave. [EMAIL PROTECTED] | - David Wagner | Los Gatos, CA 95032, USA
Re: The Plague
At 8:35 PM -0800 1/17/03, Neil Johnson wrote: Few people realize that one of the reasons we live so long today is because of the lowly toliet. This is the source of the observation, Governments are like toilets. They're necessary for public health, but you shouldn't worship them. YMMV - Bill - Bill Frantz | Sacred cows make the | Periwinkle -- Consulting (408)356-8506 | tastiest hamburgers. | 16345 Englewood Ave. [EMAIL PROTECTED] | - David Wagner | Los Gatos, CA 95032, USA
Re: If this be terrorism make the most of it!
At 10:24 AM -0800 12/7/02, Tim May wrote: On Saturday, December 7, 2002, at 09:31 AM, Steve Schear wrote: http://www.wired.com/news/wireless/0,1382,56742,00.htmlhttp:// www.wired.com/news/wireless/0,1382,56742,00.html Feds Label Wi-Fi a Terrorist Tool By Paul Boutin SANTA CLARA, California -- Attention, Wi-Fi users: The Department of Homeland Security sees wireless networking technology as a terrorist threat. Ah, the irony is too rich! Consider one comment from this WiFi conference: -- Homeland Security is putting people in place who will be in a position to say, 'If you're going to get broken into ... we're going to start regulating,' said Cable and Wireless security architect Shannon Myers in a panel dubbed Homeland Security vs. Wi-Fi. I suspect that there is more exposure to DDoS attacks from Outlook than from WiFi. When is the DoHS going to declare Outlook a terrorist threat? Cheers - Bill - Bill Frantz | Sacred cows make the | Periwinkle -- Consulting (408)356-8506 | tastiest hamburgers. | 16345 Englewood Ave. [EMAIL PROTECTED] | - David Wagner | Los Gatos, CA 95032, USA
Re: How to eliminate someone, using bits + witchhunt
At 3:24 PM -0800 11/22/02, Major Variola (ret) quoted: ... a search of his laptop found pornographic photos of children that appeared to have been e-mailed to others. I can see the latest variant on Klez already... Cheers - Bill - Bill Frantz | The principal effect of| Periwinkle -- Consulting (408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave. [EMAIL PROTECTED] | fair use. | Los Gatos, CA 95032, USA
Re: Retry: Yet another attempt to defraud egold!
At 10:42 AM -0800 11/15/02, Sunder wrote: What's disturbing about this is that we are on someone's list as e-gold customers or something, and this is very likely the same spoofer that had earlier set up e-golb.com and attempted the same kind of spoof. FWIW, I got one of the e-gold letters. I don't have an e-gold account. Cheers - Bill - Bill Frantz | The principal effect of| Periwinkle -- Consulting (408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave. [EMAIL PROTECTED] | fair use. | Los Gatos, CA 95032, USA
Re: Retry: Yet another attempt to defraud egold!
At 10:42 AM -0800 11/15/02, Sunder wrote: What's disturbing about this is that we are on someone's list as e-gold customers or something, and this is very likely the same spoofer that had earlier set up e-golb.com and attempted the same kind of spoof. FWIW, I got one of the e-gold letters. I don't have an e-gold account. Cheers - Bill - Bill Frantz | The principal effect of| Periwinkle -- Consulting (408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave. [EMAIL PROTECTED] | fair use. | Los Gatos, CA 95032, USA
Re: eJazeera?
At 12:44 PM -0800 11/10/02, Tyler Durden wrote: The methods can be various, but the easiest one was (I think) described by Tim May. Bob and Alice are pre-known to each other. Bob holds a camera, Alice has a Wi-Fi enabled laptop operational in her knapsack. After Bob takes the photos/video, he transfers the images to ALice, who walks off and moves the data to a secure and public site. FWIW - I saw a TV transmitter kit in Fry's for $28. It takes input from Camcorders and broadcasts it on channel 3 or 4. (It is low power so it comes under FCC part 15 regulations.) If you give one of these to the camera holder, and one or more others have receivers/recorders, you have a simple, cheap, off the shelf system. Cheers - Bill - Bill Frantz | The principal effect of| Periwinkle -- Consulting (408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave. [EMAIL PROTECTED] | fair use. | Los Gatos, CA 95032, USA
Re: Did you *really* zeroize that key?
At 8:40 PM -0800 11/7/02, Peter Gutmann wrote: It's worth reading the full thread on vuln-dev, which starts at http://online.securityfocus.com/archive/82/297827/2002-10-29/2002-11-04/0. This discusses lots of fool-the-compiler tricks, along with rebuttals on why they could fail. In that discussion, Dan Kaminsky wrote: You also need to ignore that bizarre corner case where the same memory address is mapped to multiple *physical* addresses -- such a memory architecture could simply alter one of the addresses and tag the rest as tainted without in fact clearing them. But I don't think anyone actually does this -- I'm at least significantly more sure of that than I am of the precise semantics of volatile vis-a-vis dead code elimination. Yours Truly, Dan Kaminsky DoxPara Research http://www.doxpara.com There is a common example of this corner case where the memory is paged. The page containing the key is swapped out, then it is read back in and the key is overwritten, and then the page is deallocated. Many OSs will not zero the disk copy of the key. Crypto coders have discussed many kludges to ensure that keys are not swapped out, but they are all quite system specific. Since the problem we were trying to solve is different environments producing different results, I don't feel we are any closer to safe, portable code. Cheers - Bill - Bill Frantz | The principal effect of| Periwinkle -- Consulting (408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave. [EMAIL PROTECTED] | fair use. | Los Gatos, CA 95032, USA
Re: Did you *really* zeroize that key?
At 10:50 AM -0800 11/7/02, Matt Blaze wrote: At 03:55 PM 11/7/02 +0100, Steven M. Bellovin wrote: Regardless of whether one uses volatile or a pragma, the basic point remains: cryptographic application writers have to be aware of what a clever compiler can do, so that they know to take countermeasures. Wouldn't a crypto coder be using paranoid-programming skills, like *checking* that the memory is actually zeroed? (Ie, read it back..) I suppose that caching could still deceive you though?' And, of course, the very act of putting in the check could cause a compiler to not optimize out the zeroize code. (Writing a proper test program for such behavior is very difficult). Like most programming language discussions, it's hard to tell whether the arguments support writing critical code languages that abstract at a higher level or a lower level. Back in the early days of compiler benchmarks, one fancy compiler noticed that the result of a lengthy calculation wasn't being used, and dutifully removed the calculations. That calculation was, of course, the kernel of the benchmark. The solution was to print the result. You would probably be safer filling the area with the output of the rand() function, and then calculating the sum of the words in the area. If you can pass the sum to an externally compiled function even better. (Of course this procedure doesn't leave the area zero.) Cheers - Bill - Bill Frantz | The principal effect of| Periwinkle -- Consulting (408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave. [EMAIL PROTECTED] | fair use. | Los Gatos, CA 95032, USA
Re: Katy, bar the door
At 12:35 PM -0800 11/1/02, John Kelsey wrote: At 09:32 PM 10/31/02 -0800, Tim May wrote: ... If the attackers/hijackers cannot get into the cockpit and gain control of the plane, then the most they can do with disabling/lethal/nerve gases is to cause the plane to essentially crash randomly...which kills a few hundred people, but probably not many more. Which is yet another reason why securing the cockpit door very, very well is the single most important, and cheapest, solution. Hmmm. I agree, but if the attackers chose the right time (while the plane's on autopilot) to release the gas or whatever, they might have an hour or two to get through the cockpit door, with no resistance at all from the now-dead passengers or crew. I expect that in most cases, ATC would be concerned about no contact for an hour. In the modern age, that might be enough to scramble a fighter to go up and take a look. (A number of years ago, there was a case where a pilot, presumably asleep, flew right past Los Angles, over the Pacific ocean, and crashed. ATC was very concerned, but couldn't do anything to wake the pilot.) Cheers - Bill - Bill Frantz | The principal effect of| Periwinkle -- Consulting (408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave. [EMAIL PROTECTED] | fair use. | Los Gatos, CA 95032, USA
Re: Katy, bar the door
At 12:35 PM -0800 11/1/02, John Kelsey wrote: At 09:32 PM 10/31/02 -0800, Tim May wrote: ... If the attackers/hijackers cannot get into the cockpit and gain control of the plane, then the most they can do with disabling/lethal/nerve gases is to cause the plane to essentially crash randomly...which kills a few hundred people, but probably not many more. Which is yet another reason why securing the cockpit door very, very well is the single most important, and cheapest, solution. Hmmm. I agree, but if the attackers chose the right time (while the plane's on autopilot) to release the gas or whatever, they might have an hour or two to get through the cockpit door, with no resistance at all from the now-dead passengers or crew. I expect that in most cases, ATC would be concerned about no contact for an hour. In the modern age, that might be enough to scramble a fighter to go up and take a look. (A number of years ago, there was a case where a pilot, presumably asleep, flew right past Los Angles, over the Pacific ocean, and crashed. ATC was very concerned, but couldn't do anything to wake the pilot.) Cheers - Bill - Bill Frantz | The principal effect of| Periwinkle -- Consulting (408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave. [EMAIL PROTECTED] | fair use. | Los Gatos, CA 95032, USA
Re: Confiscation of Anti-War Video
At 4:13 PM -0800 10/29/02, John Kelsey wrote: At 12:01 PM 10/28/02 -0800, Tim May wrote: ... By the way, there are perfectly good fixes to the current hysteria about things carried on board planes... I think the best fix is to accept that a determined suicidal attacker will probably manage to bring down the plane, but make sure that's the worst he can do. That removes the externality problem. The current algorithm for this is some combination of pilots being told not to go along with hijackers' demands, and maybe some chance of getting a military jet in place to shoot the hijacked plane down, if it is taken over by the hijackers. Another fix that is being used is passengers who will act to keep the plane from being used as a weapon. If the hijackers have to kill people with small sharp objects that they can smuggle on board, instead of mass killing devices like machine guns, then a large number of passengers can overcome a small number of hijackers. (Remember, your seat cushion makes a good shield.) If the cockpit door keeps the hijackers out, then there is a good chance that there will be survivors. Cheers - Bill - Bill Frantz | The principal effect of| Periwinkle -- Consulting (408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave. [EMAIL PROTECTED] | fair use. | Los Gatos, CA 95032, USA
Re: Confiscation of Anti-War Video
At 1:52 PM -0800 10/31/02, Steve Schear wrote: At 11:37 AM 10/31/2002 -0800, you wrote: Another fix that is being used is passengers who will act to keep the plane from being used as a weapon. If the hijackers have to kill people with small sharp objects that they can smuggle on board, instead of mass killing devices like machine guns, then a large number of passengers can overcome a small number of hijackers. This assumption may not be a good one. Considering the level of current security checks, it should be trivial to smuggle some sort of anesthetic or poisonous gas generator aboard. No need for sharp objects. AFAIK, the air supply aboard current U.S. fleets is shared between passengers and cockpit. IIRC, the regs call for pilots to either wear oxygen masks, or have quick to put on masks readily at hand. Cheers - Bill - Bill Frantz | The principal effect of| Periwinkle -- Consulting (408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave. [EMAIL PROTECTED] | fair use. | Los Gatos, CA 95032, USA
Re: Confiscation of Anti-War Video
At 1:52 PM -0800 10/31/02, Steve Schear wrote: At 11:37 AM 10/31/2002 -0800, you wrote: Another fix that is being used is passengers who will act to keep the plane from being used as a weapon. If the hijackers have to kill people with small sharp objects that they can smuggle on board, instead of mass killing devices like machine guns, then a large number of passengers can overcome a small number of hijackers. This assumption may not be a good one. Considering the level of current security checks, it should be trivial to smuggle some sort of anesthetic or poisonous gas generator aboard. No need for sharp objects. AFAIK, the air supply aboard current U.S. fleets is shared between passengers and cockpit. IIRC, the regs call for pilots to either wear oxygen masks, or have quick to put on masks readily at hand. Cheers - Bill - Bill Frantz | The principal effect of| Periwinkle -- Consulting (408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave. [EMAIL PROTECTED] | fair use. | Los Gatos, CA 95032, USA
Auditing Source Code for Backdoors
I have been asked to audit some source code to see if the programmer inserted a backdoor. (The code processes input from general users, and has access to the bits that control the privilege levels of those users, so backdoors are quite possible.) The question I have is what obscure techniques should I be on the lookout for. Besides the obvious /* Begin backdoor code */ of course. :-) The code is in ANSI C. Cheers - Bill - Bill Frantz | The principal effect of| Periwinkle -- Consulting (408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave. [EMAIL PROTECTED] | fair use. | Los Gatos, CA 95032, USA
Re: One time pads
At 7:52 AM -0700 10/16/02, David Howe wrote: OTP is the best choice for something that must be secret for all time, no matter what the expense. anything that secure for 20,000 years will be sufficient for, go for PKI instead :) OTP is also good when: (1) You can solve the key distribution problem. (2) You need a system with a minimum of technology (e.g. no computers) (3) You need high security. The Solvet spies are a case in point. The only incriminating evidence they had with them was the pad itself. Given the small size of their messages, (they didn't throw Microsoft word files around), their pads could also be physically small. The necessary calculations could be performed with pencil and paper, and the incriminating intermediate results burned. And the system, used correctly, provided high security. Of course, when they started using it as a Two Time Pad, the NSA was able to decode messages as shown by the Verona intercepts. Cheers - Bill - Bill Frantz | The principal effect of| Periwinkle -- Consulting (408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave. [EMAIL PROTECTED] | fair use. | Los Gatos, CA 95032, USA
