RE: Critique of CyberInsecurity report
Wow, the problem is solved, right? Wrong. With the number of systems on the net growing rapidly, any realistic extrapolation leaves the number of Windows systems as being even larger than today. Hence we face at least as much exposure as at present, which the evidence has shown is more than enough to cause tremendous economic damage. You miss out on the fact that, if Windows has, say, 90% of the machines (disregarding differences between desktop/server/whatever), the damage would, with your metric, be three times as large as the cost you point at, which would affect a third of the machines (with numbers higher than today, but still less that what they would be with 90% of machines running MS). And in fact, it is worse, because any flaws in the Mac or Linux OSs will now be just as dangerous as for Windows! What we will face is a situation where the *weakest* of the widely used OS's will determine the risk factor for the system as a whole. Yes, you are right: when you don't put all your eggs in the same basket, you have *more* risk to get crushed eggs. But, in return, you have less risk of losing *all* your eggs. The point is to contain worst case cost, at the expense of having more likely minimum cost. chosen Windows because it is popular, has good development tools, and in the early days was easier to write for (remember that up until a few years ago, the Mac lacked preemptive multitasking, and Linux wasn't even a blip on the radar). Windows 2000 was only a few years ago too. Windows NT 3 and 4 were not desktopo OSes, used only on servers. And I worked in a company that had the misfortune of running an NT 3 server. Preemptive multitasking does not imply stability, as this experience showed, though I won't claim our experience was typical. There was BeOS too, which could have been widely available save for MS having the computer makers' ear (firmly grasped in an iron fist). But you still have a fair point on this point, and I agree at varying degrees with the rest of your points, except where you come back to: The result is that we will have a system where, as pointed out above, not one but several architectures are each widespread enough to bring the net to its knees when an exploit is discovered. This network will only be as strong as its weakest link. Diversity, in this context, is a risk factor, not a risk mediator. For serial systems, not parallel ones. Encryption is a serial one. Redundancy using different systems is not: you need to destroy all branches to bring the system down (though I do not deny that you can bring the quality of service down by bringing a node down, depending on the degree of redundancy). Of course, the above holds for a more or less homogeneous distribution of the different (here) OSes. Otherwise, you have a connected graph of monocultures, and the first argument applies. -- Vincent Penquerc'h
RE: Critique of CyberInsecurity report
Wow, the problem is solved, right? Wrong. With the number of systems on the net growing rapidly, any realistic extrapolation leaves the number of Windows systems as being even larger than today. Hence we face at least as much exposure as at present, which the evidence has shown is more than enough to cause tremendous economic damage. You miss out on the fact that, if Windows has, say, 90% of the machines (disregarding differences between desktop/server/whatever), the damage would, with your metric, be three times as large as the cost you point at, which would affect a third of the machines (with numbers higher than today, but still less that what they would be with 90% of machines running MS). And in fact, it is worse, because any flaws in the Mac or Linux OSs will now be just as dangerous as for Windows! What we will face is a situation where the *weakest* of the widely used OS's will determine the risk factor for the system as a whole. Yes, you are right: when you don't put all your eggs in the same basket, you have *more* risk to get crushed eggs. But, in return, you have less risk of losing *all* your eggs. The point is to contain worst case cost, at the expense of having more likely minimum cost. chosen Windows because it is popular, has good development tools, and in the early days was easier to write for (remember that up until a few years ago, the Mac lacked preemptive multitasking, and Linux wasn't even a blip on the radar). Windows 2000 was only a few years ago too. Windows NT 3 and 4 were not desktopo OSes, used only on servers. And I worked in a company that had the misfortune of running an NT 3 server. Preemptive multitasking does not imply stability, as this experience showed, though I won't claim our experience was typical. There was BeOS too, which could have been widely available save for MS having the computer makers' ear (firmly grasped in an iron fist). But you still have a fair point on this point, and I agree at varying degrees with the rest of your points, except where you come back to: The result is that we will have a system where, as pointed out above, not one but several architectures are each widespread enough to bring the net to its knees when an exploit is discovered. This network will only be as strong as its weakest link. Diversity, in this context, is a risk factor, not a risk mediator. For serial systems, not parallel ones. Encryption is a serial one. Redundancy using different systems is not: you need to destroy all branches to bring the system down (though I do not deny that you can bring the quality of service down by bringing a node down, depending on the degree of redundancy). Of course, the above holds for a more or less homogeneous distribution of the different (here) OSes. Otherwise, you have a connected graph of monocultures, and the first argument applies. -- Vincent Penquerc'h
RE: National Emergency?
So how much of the Constitution gets shredded by Bush's declaration of a national emergency right after 9/11, and how long can he maintain that. I mean, I realize the the Constitution/bill of rights is pretty much gone anyway, but ... http://www4.law.cornell.edu/uscode/50/1622.html -- Vincent Penquerc'h
RE: JAP back doored
CAMsg::printMsg(LOG_INFO,Loading Crime Detection Data\n); CAMsg::printMsg(LOG_CRIT,Crime detected - ID: %u - Content: \n%s\n,id,crimeBuff,payLen); Well, people say the JAP team hid it, but with that (assuming the strings appeared verbatim in the binary), they made sure someone would spot it. They essentially made sure the users would be warned about it while keeping plausible deniability. -- Vincent Penquerc'h
RE: National Emergency?
So how much of the Constitution gets shredded by Bush's declaration of a national emergency right after 9/11, and how long can he maintain that. I mean, I realize the the Constitution/bill of rights is pretty much gone anyway, but ... http://www4.law.cornell.edu/uscode/50/1622.html -- Vincent Penquerc'h
RE: National Emergency?
Funny, I've never heard or read anything about them doing this. An interesting bit in http://www4.law.cornell.edu/uscode/50/1541.html is that the US president can perform an introduction of United States Armed Forces into hostilities without Congress declaring war, if a national emergency is in effect. So the war in Iraq would seem to be essentially legal from a POV of US law. I previously thought that only Congress could do this. National emergency is a very interesting bit of the code to have if you have either a friendly majority in both houses, or if opposing you would be seen as political suicide, as was the case in late 2001... I wonder if the powers conferred include anything like law enacting with Congress bypass (for speed, you know, we don't want Congress delaying this very important new bit of anti terrorist press quashing law...) -- Vincent Penquerc'h
RE: *** GMX Spamverdacht *** Re: paradoxes of randomness
If the output is random,then it will have no mathametical structure,so I shouldn't be able to compress it at all. You could very well end up with all tails. That's a sequence that has the same probability of happening that any other sequence. A compressor will look for redundancy in the input you give it, not in the algorithm you used to generate that input (conceptually, a compressor could deduce the (determinist) algorithm from the output, but if you bring it true randomness, chances are it will not). Thus, a compressor will compress very well a sequence made of all tails, but badly another which exhibits no detectable redundancy. Once you have the sequence, you lost a lot of info about whatever algorithm was used to generate it. A sequence of all tails could have been generated by a simple algorithm which generates all tails. That's an emergement description of this one particular sequence, but one that would not apply to *all* sequences your algorithm can ever produce. That's lost information, and that's why it can be compressed. -- Vincent Penquerc'h
RE: [eff-austin] Antispam Bills: Worse Than Spam?
Nice! I've been thinking I should move there for a while. I also heard that by 2006 London and all the major cities will have seemless wifi coverage. The reason Europe is on the ball with this is the EU We're on the way. We already have seemless camera surveillance coverage. -- Vincent Penquerc'h
RE: [eff-austin] Antispam Bills: Worse Than Spam?
Nice! I've been thinking I should move there for a while. I also heard that by 2006 London and all the major cities will have seemless wifi coverage. The reason Europe is on the ball with this is the EU We're on the way. We already have seemless camera surveillance coverage. -- Vincent Penquerc'h
RE: Sealing wax eKeyboard
To get around keystroke loggers, it would be nice to have some fom of onscreen keyboard, perhaps available over the web. The keyboard would likely work only with the mouse (making it slow to use, of course), and each time the keyboard appears (and at periodic intervals) the keyboard scrambles its keys. The aptly named Tinfoil Hat Linux does this for GPG passphrase input :) -- Vincent Penquerc'h
RE: DNA of relative indicts man, cuckolding ignored
When AAA Insurance meets with Joe Sixpack to discuss his health or life or earthquake insurance, they seek to collect enough information to have a reasonable chance of turning a profit on the deal. Else why would they exist as a business? But there is a necessary asymmetry here. If you could determine with good precision whether someone will be affected by an illness, when, how much, etc, then this wouldn't work, save for superstition on the part of Joe Sixpack. Since the contract is based on a bet on the likelihood of premium/payouts balance, the more you can find out about the future of the insured person's organism future, the closer the premiums will match the payouts, reliably. *IF* you can determine this, of course. So the goal will be for the insurer to get access to as much info as possible to assess how to set the premiums, while preventing the insured from knowing as much, so there is still the uncertainty and the value of peace of mind gotten by the insured, and that's worth something too. The converse is also true. And both raise the problem of assessment of the data - how does the insurer get the data (getting DNA from the would be insured ? with the insured's knowledge or not ? From the contract clause that subordinates the insurance to the supplying of the data by the insured ? Will credit bureaus expand to cover this kind of thing ?) If there is total symmetry, insurance loses its point entirely. Could we see a gradual disappearance of some sorts of insurance for events that cease to be probabilistic ? Just musing. All of it already happens, but I'm curious about the limit of it (in the mathemetical sense) when the precision of the prediction tends towards infinity. -- Vincent Penquerc'h
RE: [NTLK] OT: Dictatorial Powers (fwd)
Nice (offtopic to that list) discussion over on the NewtonTalk mailing list :) [...] http://www.miami.com/mld/miamiherald/news/nation/6007732.htm Heh, when reading After the Sept. 11 attacks, members of the House wrestled with the issue of their own mortality. I actually read: After the Sept. 11 attacks, members of the House wrestled with the issue of their own morality. :) -- Vincent Penquerc'h
RE: An attack on paypal
the lack of buffer overruns in Multics. However, in the Unix/Linux/PC/Mac world, a successor language has not yet appeared. Work on the existing C/C++ language will have a better chance of actually being used earlier. Not that it removes the problem entirely, but it should catches a lot of easy stack smashing bugs. http://gcc.gnu.org/projects/bp/main.html -- Vincent Penquerc'h
RE: 'Peking' vs 'Beijing'
Title: RE: 'Peking' vs 'Beijing' And of course, Beijing is no harder to say that Peking, About that bit, I remember, some years ago (or maybe even tens of years, I seem to tend to remember various stuff happening later than they actually did), the official transcription of chinese has been changed, leading to some name changes. However, a Google search yields nothing, so this may be just my imagination going a bit too overboard ?? -- Vincent Penquerc'h
RE: The name of Jesus, and a novel about the Knights Templars
By the way, a fun novel with crypto scattered throughout it is the new novel The Da Vinci Code, by Dan Brown. It just came out and [...] murdered grandfather. Uncovering the clues related to the Priory of Sion, the Knights Templars, the Holy Grail, and the blood line of Jesus take the reader through France, Italy, and England. Sounds a lot like Umberto Eco's Foucault's Pendulum. I found that a really fun read. The main plot is based on a centuries old conspiracy by templars and the like, and the YHWH based reordering of the name of God is central to part of the book. Looks like someone's trying to get money easily :) Unless it's the same book and the publisher decided it would sell better with an anglo saxon name on it ? :) -- Vincent Penquerc'h
RE: U.S. Drops 'E-Bomb' On Iraqi TV
The suicide bombers will come here entirely on their own for the most part, or perhaps with the help of Al-queda type groups. There will be no country to retaliate against. That alone could easily send us into a But that wouldn't be a good escape for a govt: mind your pawns (er, citizens) or we'll whack you. The US (and a lot of countries I'm sure) would see this as a good opportunity to target countries where bombers come from, whether or not they are govt approved or govt created. If they are, the reaction would be military. If they are not, the reaction would be more covert, with a part of political pressure for laws which follow what the US do at home, and more, due to the absence of the constitution and US negative public opinion. Or do you mean that the CIA will seek to undermine the governments of countries that boycott the US? It might not even be a gov't Undermine, and more. The CIA has a lot of practice with that, changing govts for one more palatable to the US foreign policy. Even without getting there, appropriate pressure on an existing govt can go a long way to make a country's policy more helpful. And, if done well, without the backlash provoked by military intervention. -- Vincent Penquerc'h
RE: U.S. Drops 'E-Bomb' On Iraqi TV
I don't think they will need to fight us, just impose sanctions by the UN, or even just a world boycott of the US. That and a few suicide bombers in the US now and again. How many suicide bombers in airports would it take to finish off the US air industry? The rest of the world is perfectly capable of destroying the US without any real military action. I doubt those govts would be able to hide their traces well enough for the CIA not to have wind of this. Then, the US have two options: either officially yell, and maybe militarily attack (they'd have a huge popular support for this), or let the CIA do the thing, as in Chile, for instance. Leads to a war of civilian bombings ? Official yells would be of course accompanied with sanctions, probably voted at UNSC unanimity (minus a veto if the responsbile country is in UNSC itself, but I doubt that'd change much anyway). Something that could (though not very probable either) avoid these consequences is unofficial actions, by people without any state connection whatsoever (or company, etc). But even then, look at what happened to Afghanistan. Granted, a EU country might be a bit more hard of a target to attack, but it would be easier for the CIA to do the same kind of covert attacks there. I doubt many countries want to get involved into that. -- Vincent Penquerc'h
RE: Trials for those undermining the war effort
It never did. The ultra-religious christers who landed at Plymouth Rock had no compunction against robbing and murdering native americans, or burning I'm surprised that most on this list aren't getting caught by politicians' rethoric, but fall for the religious types' one. It's all the same: a scam made for a group to gain power over the people. Some people believe this, and those who really do believe this usually do it in good faith. Some people up in the hierarchy might even believe some of it, but that's not the norm. Besides, religion has always been used as a lever (by religious types and non religious types) to control the people's actions, often with the complicity and/or active leadership of the hierarchy. And it's a neat propaganda tool, too. -- Vincent Penquerc'h
RE: Quote of the Day, Re: Usenet as solution to Al-Jazeera jammin g problem
Kazaa Inc should encourage this, since it is a Valenti-free Can you say substantial non-infringing use ? :) Some P2P companies would (should) love that... -- Vincent Penquerc'h
RE: U.S. Drops 'E-Bomb' On Iraqi TV
This is from the US, fyi. It also works (and even resolves to the same thing :) from other hosts outside the US) Yup, I get it from the UK, though I didn't get it two and three days ago. URLs are all in English, though this may be normal. BTW, does anyone know about www.aljezeerah.info ? I've been getting my news from there since the start of the war, but I don't know what links it has with, say, www.aljazeera.net, since I never got there before. It's all in English, but I'm not sure about the actual affiliation and editorial line, if anyone can shed some light. -- Vincent Penquerc'h
RE: U.S. Drops 'E-Bomb' On Iraqi TV
Connecting to www.aljazeera.net[216.34.94.186]:80... failed: Attempt to connect timed out without establishing a connection. Retrying. I get it again now, but... Strangely, Opera does reach it fast and all (though I suspect it's hitting a mirror though I explicitely refresh) but wget reached it though it waits indefinitely after the 200 OK. Maybe just overload due to heavy success (or script kiddie activity). I eventually got /index.html, and it's the Dotster page someone spoke of earlier ??? I'm starting to wonder whether Opera is using an IP it had cached earlier, whereas wget resolves anew and hits the new DNS records, which have changed since then... $ wget http://www.aljazeera.net/ --18:47:59-- http://www.aljazeera.net/ = `index.html' Resolving www.aljazeera.net... done. Connecting to www.aljazeera.net[216.34.94.186]:80... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/html] [ = ] 15,01512.45K/s 18:49:57 (12.45 KB/s) - Read error at byte 15015 (Connection reset by peer).Retr ying. --18:49:57-- http://www.aljazeera.net/ (try: 2) = `index.html' Connecting to www.aljazeera.net[216.34.94.186]:80... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/html] [ = ] 29,15330.58K/s 18:49:59 (30.58 KB/s) - `index.html' saved [29153] -- Vincent Penquerc'h
RE: U.S. Drops 'E-Bomb' On Iraqi TV
This is the placeholder for domain aljazeera.info. If you see Yes, try with a h at the end. -- Vincent Penquerc'h
RE: U.S. Drops 'E-Bomb' On Iraqi TV
If anyone sees a different traceroute - one that doesn't go through cw, then you may still be able to get to the site. Otherwise, it's got a single connection, and that's down. Goes through, but beyond, it seems, from the UK. $ tracert www.aljazeera.net Tracing route to www.aljazeera.net [216.34.94.186] over a maximum of 30 hops: 1 10 ms * 10 ms 217.150.100.137 2 10 ms 10 ms 10 ms 217.150.97.4 3 10 ms 10 ms 10 ms 217.150.96.1 4 10 ms15 ms 10 ms har1-serial6-1-0.London.cw.net [166.63.166.33] 5 10 ms 10 ms 10 ms bcr2.London.cw.net [166.63.162.62] 616 ms16 ms31 ms bcr2-so-7-0-0.Thamesside.cw.net [166.63.209.205] 7 391 ms 390 ms 391 ms acr2-loopback.Seattle.cw.net [208.172.82.62] 8 * 391 ms 375 ms bhr2-pos-0-0.Tukwilase2.cw.net [208.172.81.222] 9 375 ms 407 ms * csr11-ve241.Tukwilase2.cw.net [216.34.64.42] 10 391 ms 406 ms 391 ms jerry.exodus.net [216.34.83.66] 11 407 ms * 391 ms redirect.dnsix.com [216.34.94.186] Trace complete. -- Vincent Penquerc'h
RE: U.S. Drops 'E-Bomb' On Iraqi TV
Got an ip for .info? I can't resolve that from here. 207.150.192.12 -- Vincent Penquerc'h
RE: U.S. Drops 'E-Bomb' On Iraqi TV
This is from the US, fyi. It also works (and even resolves to the same thing :) from other hosts outside the US) Yup, I get it from the UK, though I didn't get it two and three days ago. URLs are all in English, though this may be normal. BTW, does anyone know about www.aljezeerah.info ? I've been getting my news from there since the start of the war, but I don't know what links it has with, say, www.aljazeera.net, since I never got there before. It's all in English, but I'm not sure about the actual affiliation and editorial line, if anyone can shed some light. -- Vincent Penquerc'h
RE: U.S. Drops 'E-Bomb' On Iraqi TV
Connecting to www.aljazeera.net[216.34.94.186]:80... failed: Attempt to connect timed out without establishing a connection. Retrying. I get it again now, but... Strangely, Opera does reach it fast and all (though I suspect it's hitting a mirror though I explicitely refresh) but wget reached it though it waits indefinitely after the 200 OK. Maybe just overload due to heavy success (or script kiddie activity). I eventually got /index.html, and it's the Dotster page someone spoke of earlier ??? I'm starting to wonder whether Opera is using an IP it had cached earlier, whereas wget resolves anew and hits the new DNS records, which have changed since then... $ wget http://www.aljazeera.net/ --18:47:59-- http://www.aljazeera.net/ = `index.html' Resolving www.aljazeera.net... done. Connecting to www.aljazeera.net[216.34.94.186]:80... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/html] [ = ] 15,01512.45K/s 18:49:57 (12.45 KB/s) - Read error at byte 15015 (Connection reset by peer).Retr ying. --18:49:57-- http://www.aljazeera.net/ (try: 2) = `index.html' Connecting to www.aljazeera.net[216.34.94.186]:80... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/html] [ = ] 29,15330.58K/s 18:49:59 (30.58 KB/s) - `index.html' saved [29153] -- Vincent Penquerc'h
RE: U.S. Drops 'E-Bomb' On Iraqi TV
If anyone sees a different traceroute - one that doesn't go through cw, then you may still be able to get to the site. Otherwise, it's got a single connection, and that's down. Goes through, but beyond, it seems, from the UK. $ tracert www.aljazeera.net Tracing route to www.aljazeera.net [216.34.94.186] over a maximum of 30 hops: 1 10 ms * 10 ms 217.150.100.137 2 10 ms 10 ms 10 ms 217.150.97.4 3 10 ms 10 ms 10 ms 217.150.96.1 4 10 ms15 ms 10 ms har1-serial6-1-0.London.cw.net [166.63.166.33] 5 10 ms 10 ms 10 ms bcr2.London.cw.net [166.63.162.62] 616 ms16 ms31 ms bcr2-so-7-0-0.Thamesside.cw.net [166.63.209.205] 7 391 ms 390 ms 391 ms acr2-loopback.Seattle.cw.net [208.172.82.62] 8 * 391 ms 375 ms bhr2-pos-0-0.Tukwilase2.cw.net [208.172.81.222] 9 375 ms 407 ms * csr11-ve241.Tukwilase2.cw.net [216.34.64.42] 10 391 ms 406 ms 391 ms jerry.exodus.net [216.34.83.66] 11 407 ms * 391 ms redirect.dnsix.com [216.34.94.186] Trace complete. -- Vincent Penquerc'h
RE: U.S. Drops 'E-Bomb' On Iraqi TV
It's definitly jammed in the US. I get 503 - out of resources error. Maybe you guys can set up a mirror that isn't jammed and the US can see it that way (at least until the feds catch wind of it). Well, too late anyway, it seems... --17:37:47-- http://www.aljazeera.net/ = `www.aljazeera.net/index.html' Resolving www.aljazeera.net... done. Connecting to www.aljazeera.net[216.34.94.186]:80... failed: Attempt to connect timed out without establishing a connection. Retrying. --17:38:10-- http://www.aljazeera.net/ (try: 2) = `www.aljazeera.net/index.html' Connecting to www.aljazeera.net[216.34.94.186]:80... failed: Attempt to connect timed out without establishing a connection. Retrying. --17:38:33-- http://www.aljazeera.net/ (try: 3) = `www.aljazeera.net/index.html' Connecting to www.aljazeera.net[216.34.94.186]:80... failed: Attempt to connect timed out without establishing a connection. Retrying. -- Vincent Penquerc'h
RE: U.S. Drops 'E-Bomb' On Iraqi TV
This is the placeholder for domain aljazeera.info. If you see Yes, try with a h at the end. -- Vincent Penquerc'h
RE: U.S. Drops 'E-Bomb' On Iraqi TV
Is it jammed world wide? You're in COW too. Any one from .nl or .de or .fr who can pick it up still? Still, www.aljazeerah.info is still accessible if you're feeling so inclined. Odd though that the Arabic side is down but this one stays up, if they're aiming for propaganda in their own countries, mostly English speaking but not much Arabic speaking. Unless they fear some kind of Arab community backlash from the images ? Pretty good proof the scum in DC are afraid of propaganda that's not theirs. If there's something they won't like, it's this: http://www.statewatch.org/news/2003/mar/16belg.htm I believe Kissinger is already avoiding France (and probably Spain), it'd be good if he was being chased up in more countries. -- Vincent Penquerc'h
RE: U.S. Drops 'E-Bomb' On Iraqi TV
Got an ip for .info? I can't resolve that from here. 207.150.192.12 -- Vincent Penquerc'h
RE: What shall we do with a bad government...
Tim - I don't think the cowboy (aka Shrubya) knows enough economics to realize that, in the long term, income and expenditure must be in some kind of rough balance. He's always been able to lean on daddy's money. I'm wondering whether the successive US administrations are not increasingly planning to live off the world, by way of their economic debt. Buy with monkey money, never reimburse. Effectively taxing the other economies for their expenses. Though economies might be already too linked together for this to work fine, as damage to one part of the world's economy will reflect on others, including the US. Hmm, I think I'll do some googling now... -- Vincent Penquerc'h
RE: What shall we do with a bad government...
Tim - I don't think the cowboy (aka Shrubya) knows enough economics to realize that, in the long term, income and expenditure must be in some kind of rough balance. He's always been able to lean on daddy's money. I'm wondering whether the successive US administrations are not increasingly planning to live off the world, by way of their economic debt. Buy with monkey money, never reimburse. Effectively taxing the other economies for their expenses. Though economies might be already too linked together for this to work fine, as damage to one part of the world's economy will reflect on others, including the US. Hmm, I think I'll do some googling now... -- Vincent Penquerc'h
RE: FBI discovers missing original copy of the Bill of Rights
A collector recently tried to sell it to a museum, and the FBI ran a sting to seize it using a civil seizure warrant, Now the question is, will they hunt down all originals and burn them, then claim they never existed, and all other copies have been crafted by terrorist friendly freedom hating unamerican civil liberty activists ? :) -- Vincent Penquerc'h
RE: FBI discovers missing original copy of the Bill of Rights
A collector recently tried to sell it to a museum, and the FBI ran a sting to seize it using a civil seizure warrant, Now the question is, will they hunt down all originals and burn them, then claim they never existed, and all other copies have been crafted by terrorist friendly freedom hating unamerican civil liberty activists ? :) -- Vincent Penquerc'h
RE: I for one am glad that...
Force against Iraq is not pre-emptive since it is authorized by the UN Security Council resolutions 678 and 1441. North Korea does not have Interesting. So, if the UN gives Bush the right to attack Iraq, such an attack is no more preemptive ? Why would it be different from Bush giving the US army the right to attack ? Would that still be preemptive ? The fact is, Bush and his followers are lying like mad, and it shows so much I'm surprised they still manage to not laugh hard while saying those. They can claim it's not preemptive for their propaganda, but does it make it so ? No one, including me, has stated that popular support equals moral justification. I was merely pointing out that Bush was not dragging us into war since there was popular support for war. He's certainly dragging the world into war. Repercussions of this war will not be only visible in the US (and of course, Iraq, pity on them). Bush's actions are only going to give some legitimacy to terrorists. We are alone with [...] a list of countries which, for the most part, see either the leash of the master (in some cases with a large US military presence on their soil) or have been guided by the smell of money, or immaterial favors that might or might not be awarded. Good grief. -- Vincent Penquerc'h
RE: Trivial OPT generation method?
1) Get 8 bytes from /dev/urandom. (Just for sure.) Put them into the You probably know this if you use it, but /dev/random is the most random one, as it always uses system entropy, rather than falling back on an algorithm to generate more bits than are available in the pool. Since you only need 8 bytes of random seed (and if you don't need to generate many OTPs at a time...) it might be worth using it instead. Can't help you on the entropy quality though. -- Vincent Penquerc'h
RE: Trivial OPT generation method?
1) Get 8 bytes from /dev/urandom. (Just for sure.) Put them into the You probably know this if you use it, but /dev/random is the most random one, as it always uses system entropy, rather than falling back on an algorithm to generate more bits than are available in the pool. Since you only need 8 bytes of random seed (and if you don't need to generate many OTPs at a time...) it might be worth using it instead. Can't help you on the entropy quality though. -- Vincent Penquerc'h
RE: The burn-off of twenty million useless eaters and minoritie s
Title: RE: The burn-off of twenty million useless eaters and minoritie s Too much capitalism is as bad as too much communism. That's semantically equivalent to saying that too much economics is as bad as too much totalitarianism... Too much liberty is as bad as too much repression? Right. If you think capitalism is liberty, you have a problem. Capitalism would work as freedom catalyst only if it would not lead to the aggregation of power in some places. Once you have power, you use it. Pretending, like some did, that people with power would not use force once they reach the stage where they *can*, is disingenuous. And saying that this has then ceased to be capitalism misses the point: you end up in a society with centralized power, and which only differs from a state by the name. Which is why some capitalism is good, but too much is bad. I do concede that I'd prefer capitalism much better than communism though. My association of both on the same grounds was way overboard and triggered by this evil commie pinko nonsense. Now, I may have left my clue home, so feel free to explain *why* 100% capitalism (eg no state left, no other power) could never end up with power aggregation. -- Vincent Penquerc'h
RE: The burn-off of twenty million useless eaters and minoritie s
Title: RE: The burn-off of twenty million useless eaters and minoritie s Too much capitalism is as bad as too much communism. That's semantically equivalent to saying that too much economics is as bad as too much totalitarianism... Too much liberty is as bad as too much repression? Right. If you think capitalism is liberty, you have a problem. Capitalism would work as freedom catalyst only if it would not lead to the aggregation of power in some places. Once you have power, you use it. Pretending, like some did, that people with power would not use force once they reach the stage where they *can*, is disingenuous. And saying that this has then ceased to be capitalism misses the point: you end up in a society with centralized power, and which only differs from a state by the name. Which is why some capitalism is good, but too much is bad. I do concede that I'd prefer capitalism much better than communism though. My association of both on the same grounds was way overboard and triggered by this evil commie pinko nonsense. Now, I may have left my clue home, so feel free to explain *why* 100% capitalism (eg no state left, no other power) could never end up with power aggregation. -- Vincent Penquerc'h
RE: The burn-off of twenty million useless
But other people might be encline to tag along anyway. A reputation No, because unless someone signs your stuff of their free [...] I'm not looking at this on a crypto POV, but from a human nature POV. my trust level is around zero. If I've been glowingly endorsed by other nyms in good standing (check graph for circlejerk caveat) my reputation is positive. People with really bad mana would tend to This doesn't address the point that what people do with that is not something that crypto can solve. Crypto only solves the authentication bit. My claim about whether a political sytem can work was based on human reactions, not on the relations they have with each other, with or without crypto. But I see your point, it's just that I'm not convinced that it is workable. Cooperation takes work, and time, and can be destroyed by small things. -- Vincent Penquerc'h
RE: The burn-off of twenty million useless
of your interaction history with others. A nym who's lying too much will have accrue negative mana very quickly. But other people might be encline to tag along anyway. A reputation system will identify nyms with bad reputation alright, but how will people *use* this system ? Favorable reputation is nothing per se, it only becomes useful by what others make of it, and reputation is not a single measure. People will have different reactions to the actions of another person. If someone advocates killing blacks, say, his reputation will grow to those who have the same opinions, but go down with those who have the opposite opinion. What I'm coming at is that a reputation system only allows a nym to build up a reputation. People then react to it. overwhelming probability that a group will form around some people, who have charisma, or who can give others something, whether it is power, money (or ability to get stuff), or just about anything people would want. Some of these groups will want power. I don't see how this is relevant to our conversation. Your point, I believe, was that the ability to have knowledge of others' actions would lead to increased cooperation. That goes both ways. Groups of people can cooperate to work against another group of cooperating people. People assess other's reputations on different grounds, so people would be attracted to different groups, based on the subjective assessment they make on the various traits displayed by a person/nym. I'm not sure what you mean by mutually identifyable agents. If you mean that people seeking power by reducing other's freedoms, No, mutually identifyable means exactly that: ability to tell that you've interacted with that agent before. In human agents this means ability to recall some other monkey's biometrics. OK, that was my second possibility. I'm just not sure that it could work so well in a larger scenario. Reputation systems, AFAIK, have only be used in small scenarios: you observe an agent which does one thing, then you extrapolate the probability of this agent's actions based on that knowledge. The observed actions are very narrow, and I'm unsure it would scale well, and unsure it would prevent people fucking other people over for power as happens now. -- Vincent Penquerc'h
RE: The burn-off of twenty million useless
Yeah, and too much freedom is as bad as too much slavery. Right, bub. Capitalism would only work if people weren't ready to fuck others like communism would work too for the same reasons. Like anarchy. Like anything. Depending on the time, I tend to lean either towards anarchy or towards democracy. These days, I'm leaning towards for democracy. Yes, a state, though probably an unattainable chimaera. Flame on. Lack of state would just lead to morons with guns banding together, and that would be what ? A state, without the title of one, but one nonetheless. Point is, too much capitalism seems to lead to another form of power, with the people on top being the same people that are now on top of the state. We'd need to defend against both. BTW, mails used to be deMIMEd. I send in plain text but there's a server which reconverts to HTML along the way... -- Vincent Penquerc'h
RE: The burn-off of twenty million useless
You're assuming a static agent model. Iterative interactions of smart mutually identifyable agents would trend towards increasingly benign cooperation. That in turn assumes that the population is homogeneous. There is overwhelming probability that a group will form around some people, who have charisma, or who can give others something, whether it is power, money (or ability to get stuff), or just about anything people would want. Some of these groups will want power. I'm not sure what you mean by mutually identifyable agents. If you mean that people seeking power by reducing other's freedoms, would be known, and others could react to that, then I'm not so sure it would work. Trouble is, even a very small amount of power grabbing people will fuck it all up. It's very nice to say that those who are ready to relinquish freedom for safety deserve neither, but a life of never ending combat against those who want to grab power is not something I strive for. If you mean, OTOH, that people would recognize honest people, as in a kind of reputation system, then it might have some merit to it, but would require these people to build a structure to be able to react. This structure would be, as I see it, kind of a distributed democracy. Is that what you had in mind ? Or am I completely off :) -- Vincent Penquerc'h
RE: The burn-off of twenty million useless
But other people might be encline to tag along anyway. A reputation No, because unless someone signs your stuff of their free [...] I'm not looking at this on a crypto POV, but from a human nature POV. my trust level is around zero. If I've been glowingly endorsed by other nyms in good standing (check graph for circlejerk caveat) my reputation is positive. People with really bad mana would tend to This doesn't address the point that what people do with that is not something that crypto can solve. Crypto only solves the authentication bit. My claim about whether a political sytem can work was based on human reactions, not on the relations they have with each other, with or without crypto. But I see your point, it's just that I'm not convinced that it is workable. Cooperation takes work, and time, and can be destroyed by small things. -- Vincent Penquerc'h
RE: Forced Oaths to Pieces of Cloth
While I have a lot of problem with the Pledge in any form, I think it would be greatly improved if it were made to the Constitution, rather than the flag. But wouldn't that hint to these children that they may actually have to think ? You don't have to think of a flag, you just react with (preprepared) emotions, but with a constitution... I once went to the US, in a family, for a couple of weeks, and went to high school there. I didn't know about it then, and it really took me by surprise. The whole classroom standing up to the sound the loudspeaker, like some show of warmongering made for TV in some dictatorial country. Eerie. Best of all was, we were a group of french people one day, in the library, and this happened again. We looked at each other, and tacitly decided to continue our stuff, silently, without at all disrupting their ceremony. No more than two minutes after the end of it, we got the head of the library come to us, knowing we were french, and telling us we *had* to do it... That was *years* ago. You bet that after that, some people forget to think altogether and refer back to this thorough brainwashing they had when they were kids. -- Vincent Penquerc'h
RE: Forced Oaths to Pieces of Cloth
While I have a lot of problem with the Pledge in any form, I think it would be greatly improved if it were made to the Constitution, rather than the flag. But wouldn't that hint to these children that they may actually have to think ? You don't have to think of a flag, you just react with (preprepared) emotions, but with a constitution... I once went to the US, in a family, for a couple of weeks, and went to high school there. I didn't know about it then, and it really took me by surprise. The whole classroom standing up to the sound the loudspeaker, like some show of warmongering made for TV in some dictatorial country. Eerie. Best of all was, we were a group of french people one day, in the library, and this happened again. We looked at each other, and tacitly decided to continue our stuff, silently, without at all disrupting their ceremony. No more than two minutes after the end of it, we got the head of the library come to us, knowing we were french, and telling us we *had* to do it... That was *years* ago. You bet that after that, some people forget to think altogether and refer back to this thorough brainwashing they had when they were kids. -- Vincent Penquerc'h
RE: CRYPTO-GRAM, December 15, 2002
Disney doesn't have the power to tell me what I may eat or smoke, except in their parks and on their property. [snip] Now, imagine a Disney owning the whole of the land of the USA, and having armed forces the size of the USA. At least, the govt has a structure that makes it more likely to be less effective at oppression. There is still a judiciary, who, when it's not bought out, can act as a kind of counter power. Yes, it's not much at all, and mostly crooked, but I still prefer that than Disney with the aforementionned assets. Damn, and I find myself arguing for the state *washes mouth* -- Vincent Penquerc'h
It's coming
Anyone from the area and more info ? http://news.bbc.co.uk/1/hi/world/americas/2589317.stm -- Vincent Penquerc'h
RE: Privacy qua privacy (Was: Photographer Arrested For Taking Pictures...)
Title: RE: Privacy qua privacy (Was: Photographer Arrested For Taking Pictures...) anyone who takes serious measures to avoid being profiled having obvious gaps in their profiles to indicate their wish for privacy in some area). Oh yes, so true. I'm always paying in cash, but everytime I do so, I'm wondering what stupid nut will spot that in a database, label me a terrorist, and send probes in other databases, just because I think pretty much everything banks give you is laughable from a security standpoint (I don't care whether they take the cost of fraud or not, it's just laughable - you have a secret code supplied with your card and banks routinely accept payments from a card without the code - and it's a 4 digit code for fuck's sake, it's not like it was a high entropy private key or something!) But some would say I'm a ranting paranoid. Which I probably am. -- Vincent Penquerc'h
RE: CDR: Re: ...(one of them about Completeness)
Title: RE: CDR: Re: ...(one of them about Completeness) Mathametics is incomplete,other wise we would have known every thing about every thing. From our Popping in without the relevant background, I'm afraid, but I'll give my view on this long lasting thread anyway: Mathematics do not have to be incomplete for this reason (note that I only say for this reason). Mathematics are only rules applying on a set of facts (and, arguably, the facts themselves). I would argue that your point would rather imply that other things (eg physics, chemistry) are incomplete. -- Vincent Penquerc'h
RE: Money is about expected future value....nothing more, nothi ng less
Yep. If I owe you 100 quid, and I give you that value of English bank notes, and you sue me in an English court saying I haven't paid, you will lose. Which is fair enough - it is the state's court so why should they help you if you don't like the state's money? If I offer you 100 pounds worth of cowrie shells, then they might take a different view. It all boils down to the ease that you can then trade afterwards with what you've been given as money, and to a lesser extent the ease of keeping it. Ease of trading includes both the amount of people likely to accept it in turn as payment, and the value that they will agree to put on the money you give. Legal money is good on both: people accept it, and they don't bicker over its value to gain a cent on a dollar. -- Vincent Penquerc'h
RE: CDR: Re: ...(one of them about Completeness)
Title: RE: CDR: Re: ...(one of them about Completeness) Mathametics is incomplete,other wise we would have known every thing about every thing. From our Popping in without the relevant background, I'm afraid, but I'll give my view on this long lasting thread anyway: Mathematics do not have to be incomplete for this reason (note that I only say for this reason). Mathematics are only rules applying on a set of facts (and, arguably, the facts themselves). I would argue that your point would rather imply that other things (eg physics, chemistry) are incomplete. -- Vincent Penquerc'h
RE: OPPOSE THE WAR! We are going to ruin Iraq to get the oil. Who 's ne
Israeli tanks aren't the ONLY things that kill someone's kids. The whole region has been at war for 100's of years. If Israel backed You do realize that the whole world has been at war for hundreds of years, do you ? Israel is now the bully in the region, and is conforted in keeping this role by the US support. This does not mean at all that this was always the case. Of course there were other bullies in the past, and possibly now too. This should not mean that this should excuse this particular bully. It is my opinion that, after the fall of the USSR, which I saw as a good thing, the US are now becoming much too dangerous and need to fall, too. Having two nuke crazed countries in the world was dangerous, but at least they were keeping tabs on each other. I am frankly scared of what the US are becoming today. Of their government's covert/overt manipulations, dishonesty, and violence. Of course, I do realize that they are not alone in this game, and that all others are doing the same kind of things. However, the US are now in a position to do this more easily, with more power, and still get away with it, which makes them so much more dangerous. They don't need actual weapons to maim any more. I just hope that Americans see this, and see that what they're going to get from this behavior isn't world domination, but either a genocide of half the planet, or a life in a bared wire world, with no freedom left, in a vain attempt to protect themselves against the rage they've patiently cultivated. -- Vincent Penquerc'h
RE: OPPOSE THE WAR! We are going to ruin Iraq to get the oil. Who 's ne
How can anyone claim that the U.S. or Israel or corporations or rich Americans are morally worse than the likes of Hussein? ...I have to bow to the urge to answer Note that everything that was proposed is bombing. Killing innocents, in an attempt to make them revolt and overthrow their leaders so you don't have to do it. Nothing was attempted (or was said on this) for killing the only person. George W Bush is a criminal. He should be jailed. This doesn't mean I will bomb the hell out of the US until the Americans jail him. The US have a long history of killing other people (note, not just bad/immoral/evil/whatever people, just the ones that happen to stand between the current government of a country and a US client government (which is *not* a democratic government most of the time a you can see from history). Thus, why should I think the US is right attacking Iraq ? I see it as yet another shameless power grab accompanied by lots of PR to make it seem like the US are punishing the nasty villain. Somebody tell Dubya this ain't Hollowood. -- Vincent Penquerc'h
RE: OPPOSE THE WAR! We are going to ruin Iraq to get the oil. Who 's ne
How can anyone claim that the U.S. or Israel or corporations or rich Americans are morally worse than the likes of Hussein? ...I have to bow to the urge to answer Note that everything that was proposed is bombing. Killing innocents, in an attempt to make them revolt and overthrow their leaders so you don't have to do it. Nothing was attempted (or was said on this) for killing the only person. George W Bush is a criminal. He should be jailed. This doesn't mean I will bomb the hell out of the US until the Americans jail him. The US have a long history of killing other people (note, not just bad/immoral/evil/whatever people, just the ones that happen to stand between the current government of a country and a US client government (which is *not* a democratic government most of the time a you can see from history). Thus, why should I think the US is right attacking Iraq ? I see it as yet another shameless power grab accompanied by lots of PR to make it seem like the US are punishing the nasty villain. Somebody tell Dubya this ain't Hollowood. -- Vincent Penquerc'h
Re: Did you *really* zeroize that key?
On Fri, Nov 08, 2002 at 08:35:06AM -0500, Patrick Chkoreff wrote: That's an interesting idea. You'd take the pointer returned by alloca and pass it to memset. How could the optimizer possibly know that the pointer With GCC, it's a builtin, so it will know. I was thinking the only way to really stymie the optimizer might be to have the program flow depend on something read from a file! You could have a file with a single 0 word in it. At the beginning of your program, just one time, you say this: I'm afraid optimizations could remove this too. The point, if I understand it correctly, is that operations on memory have, from the compiler's POV, a zero lifetime, since the block is freed just afterwards. So, whether you write zero or anything else there, this write can be discarded, since it's not used afterwards. Dead write, kind of. However, a compiler could not remove the file read, but it could merely not copy the data to your buffer, if the libc fread you use happens to pre-read into an internal buffer. The read would be done, but the data not forwarded to the buffer you gave. Hence, no overwrite of the key. while (!is_all_memory_zero(ptr)) zero_memory(ptr); This reads the memory afterwards, so compilers might be less careless in removing this code. Sophisticated code flow analysis would still see that nopthing depends on this code, and still remove it. I'm thinking the best way to do this portably is to *not* free the key data. Just zero it, and leave it alone. As a global variable, maybe. That way, its lifetime is infinite (except for purists :)) and the compiler has to zero it. -- Vincent Penquerc'h
Re: Did you *really* zeroize that key?
On Thu, Nov 07, 2002 at 07:36:41PM -0500, Patrick Chkoreff wrote: Everybody probably also knows about the gnupg trick, where they define a recursive routine called burn_stack: [...] Then there's the vararg technique discussed in Michael Welschenbach's book Cryptography in C and C++: How about a simple alloca/memset ? Though it would possibly be more subject to `optimizations'. -- Vincent Penquerc'h
Re: Did you *really* zeroize that key?
On Thu, Nov 07, 2002 at 07:36:41PM -0500, Patrick Chkoreff wrote: Everybody probably also knows about the gnupg trick, where they define a recursive routine called burn_stack: [...] Then there's the vararg technique discussed in Michael Welschenbach's book Cryptography in C and C++: How about a simple alloca/memset ? Though it would possibly be more subject to `optimizations'. -- Vincent Penquerc'h